openshift-kni · openshift-merge-bot · Aug 5, 2025 · Feb 12, 2025 · Feb 18, 2025 · May 12, 2025
diff --git a/Makefile b/Makefile
@@ -12,7 +12,10 @@ lintCheck:
 	yamllint -c .yamllint.yaml telco-core/configuration/reference-crs
 	yamllint -c .yamllint.yaml telco-core/configuration/template-values
 	yamllint -c .yamllint.yaml telco-core/install/
-	yamllint -c .yamllint.yaml telco-hub/
+	yamllint -c .yamllint.yaml telco-hub/configuration/*yaml
+	yamllint -c .yamllint.yaml telco-hub/configuration/reference-crs
+	yamllint -c .yamllint.yaml telco-hub/configuration/example-overlays-config
+	yamllint -c .yamllint.yaml telco-hub/install/
 
 # markdownlint rules, following: https://github.com/openshift/enhancements/blob/master/Makefile
 .PHONY: markdownlint-image
@@ -32,7 +35,7 @@ markdownlint: markdownlint-image  ## run the markdown linter
 		-v $$(pwd):/workdir:Z \
 		$(IMAGE_NAME)-markdownlint:latest
 
-ci-validate: lintCheck check-reference-core check-reference-ran
+ci-validate: lintCheck check-reference-core check-reference-ran check-reference-hub
 
 .PHONY: check-reference-core
 check-reference-core:
@@ -41,3 +44,7 @@ check-reference-core:
 .PHONY: check-reference-ran
 check-reference-ran:
 	$(MAKE) -C ./telco-ran/configuration check
+
+.PHONY: check-reference-hub
+check-reference-hub:
+	$(MAKE) -C ./telco-hub/configuration/reference-crs-kube-compare check
diff --git a/telco-hub/configuration/example-overlays-config/acm/acmMirrorRegistryCM-patch.yaml b/telco-hub/configuration/example-overlays-config/acm/acmMirrorRegistryCM-patch.yaml
@@ -1,3 +1,4 @@
+---
 - op: replace
   path: /data/ca-bundle.crt
   value: |

diff --git a/telco-hub/configuration/reference-crs-kube-compare/Makefile b/telco-hub/configuration/reference-crs-kube-compare/Makefile
@@ -0,0 +1,50 @@
+.PHONY: check
+check: metadata_lint compare
+
+kubectl-cluster_compare:
+	@command -v kubectl-cluster_compare > /dev/null 2>&1 || { \
+		echo "kubectl-cluster_compare tool isn't installed; please download it from https://github.com/openshift/kube-compare"; \
+	}
+
+helm-convert:
+	@command -v helm-convert > /dev/null 2>&1 || { \
+		echo "helm-convert isn't installed; please download and install it"; \
+	}
+
+.PHONY: metadata_lint
+metadata_lint: kubectl-cluster_compare
+	@echo "Running kube-compare to ensure metadata.yaml is sane"
+	@COMPARE_OUTPUT=$$(./kubectl-cluster_compare -r ./metadata.yaml -f /dev/null 2>&1); \
+	if grep -q 'an error occurred while parsing template' <<<"$${COMPARE_OUTPUT}"; then \
+		echo "Template parsing error"; \
+		echo "$${COMPARE_OUTPUT}"; \
+		exit 1; \
+	fi; \
+	echo "Okay"; \
+	exit 0
+
+.PHONY: clean
+clean:
+	rm -rf kubectl-cluster_compare Chartv1 renderedv1 helm
+
+
+.PHONY: convert
+convert: helm-convert helm
+	@echo "Converting reference files to Helm Charts."
+	@rm -rf Chartv1 renderedv1
+	@helm-convert -r ./metadata.yaml -n Chartv1 -v default_value.yaml
+	@echo "Rendering Helm Charts to CR files."
+	@helm template renderedv1 ./Chartv1 --output-dir renderedv1
+
+helm:
+	@command -v helm > /dev/null 2>&1 || { \
+		echo "helm isn't installed; please download and install it"; \
+	}
+
+.PHONY: compare
+compare: convert
+	@./compare.sh "../reference-crs" renderedv1
+
+.PHONY: sync
+sync: convert
+	@./compare.sh --sync "../reference-crs" renderedv1
diff --git a/telco-hub/configuration/reference-crs-kube-compare/ReferenceVersionCheck.yaml b/telco-hub/configuration/reference-crs-kube-compare/ReferenceVersionCheck.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: config.openshift.io/v1
+kind: ClusterVersion
+metadata:
+  name: version
+status:
+  desired:
+    version: {{ template "versionMatch" (list .status.desired.version "4.19") }}
diff --git a/telco-hub/configuration/reference-crs-kube-compare/compare.sh b/telco-hub/configuration/reference-crs-kube-compare/compare.sh
@@ -0,0 +1,175 @@
+#! /bin/bash
+
+trap cleanup EXIT
+
+function cleanup() {
+  rm -rf source_file rendered_file same_file
+}
+
+function read_dir() {
+  local dir=$1
+  local file
+
+  for file in "$dir"/*; do
+    if [ -d "$file" ]; then
+      read_dir "$file"
+    else
+      echo "$file"
+    fi
+  done
+}
+
+function compare_cr {
+  local rendered_dir=$1
+  local source_dir=$2
+  local exclusionfile=$3
+  local status=0
+
+  local DIFF=${DIFF:-colordiff}
+  if ! command -v "$DIFF" >/dev/null; then
+    echo "Warning: Requested diff tool '$DIFF' is not found; falling back to plain old 'diff'"
+    DIFF="diff"
+  fi
+
+  read_dir "$rendered_dir" |grep yaml  > rendered_file
+  read_dir "$source_dir" |grep yaml  > source_file
+
+  # Apply ignore filtering before comparison
+  while IFS= read -r file; do
+    [[ ${file::1} != "#" ]] || continue # Skip any comment lines in the exclusionfile
+    [[ -n ${file} ]] || continue # Skip empty lines
+    sed -i "/${file##*/}/d" source_file
+    sed -i "/${file##*/}/d" rendered_file
+  done < "$exclusionfile"
+
+  local source_cr rendered
+  while IFS= read -r source_cr; do
+    while IFS= read -r rendered; do
+      if [ "${source_cr##*/}" = "${rendered##*/}" ]; then
+        # helm adds a yaml doc header (---) and a leading comment to every source_cr file; so remove those lines
+        tail -n +3 "$rendered" > "$rendered.fixed"
+        mv "$rendered.fixed" "$rendered"
+
+        # Check the differences
+        if ! "$DIFF" -u "$source_cr" "$rendered"; then
+            status=$(( status || 1 ))
+            printf "\n\n**********************************************************************************\n\n"
+        fi
+        # cleanup
+        echo "$source_cr" >> same_file
+      fi
+    done < rendered_file
+  done < source_file
+
+  # Filter out files with a source-cr/reference match from the full list of potentiol source-crs/reference files
+  while IFS= read -r file; do
+    [[ ${file::1} != "#" ]] || continue # Skip any comment lines in the exclusionfile
+    [[ -n ${file} ]] || continue # Skip empty lines
+    sed -i "/${file##*/}/d" source_file
+    sed -i "/${file##*/}/d" rendered_file
+  done < <(cat same_file "$exclusionfile")
+
+  if [[ -s source_file || -s rendered_file ]]; then
+    [ -s source_file ] && printf "\n\nThe following files exist in source-crs only, but not found in reference:\n" && cat source_file
+    [ -s rendered_file ] && printf "\nThe following files exist in reference only, but not found in source-crs:\n" && cat rendered_file
+    status=1
+  fi
+
+  return $status
+}
+
+sync_cr() {
+    local rendered_dir=$1
+    local source_dir=$2
+    local exclusionfile=$3
+    local status=0
+
+    local -a renderedFiles
+    readarray -t renderedFiles < <(read_dir "$rendered_dir" | grep yaml)
+
+    local -a sourceFiles
+    readarray -t sourceFiles < <(read_dir "$source_dir" | grep yaml)
+
+    local -a excludedFiles
+    readarray -t excludedFiles < <(grep -v '^#' "$exclusionfile" | grep -v '^$')
+
+    local source rendered excluded found
+    for rendered in "${renderedFiles[@]}"; do
+        found=0
+        for source in "${sourceFiles[@]}"; do
+            if [ "${source##*/}" = "${rendered##*/}" ]; then
+                # Match found!
+                found=1
+                break
+            fi
+        done
+        if [[ $found == 0 ]]; then
+            source="$source_dir/${rendered##*/}"
+        fi
+
+        # Replace the CR with the rendered copy (minus the helm-rendered heading)
+        tail -n +3 "$rendered" >"$source"
+        git add "$source"
+    done
+
+    for source in "${sourceFiles[@]}"; do
+        found=0
+        for rendered in "${renderedFiles[@]}"; do
+            if [ "${source##*/}" = "${rendered##*/}" ]; then
+                # Match found!
+                found=1
+                break
+            fi
+        done
+        for excluded in "${excludedFiles[@]}"; do
+            if [ "${source##*/}" = "${excluded##*/}" ]; then
+                # Match found!
+                found=1
+                break
+            fi
+        done
+        if [[ $found == 0 ]]; then
+            git rm -f "$source"
+        fi
+    done
+
+    git diff --cached --stat --exit-code
+}
+
+usage() {
+    echo "$(basename "$0") [--sync] sourceDir renderDir"
+    echo
+    echo "Compares the rendered reference-based CRs to the CRs in the compare directory"
+}
+
+DOSYNC=0
+for arg in "$@"; do
+    case "$arg" in
+        -h | --help)
+            usage
+            exit 0
+            ;;
+        --sync)
+            DOSYNC=1
+            shift
+            ;;
+    esac
+done
+SOURCEDIR=$1
+if [[ ! -d $SOURCEDIR ]]; then
+    echo "No such source directory $SOURCEDIR"
+    usage
+    exit 1
+fi
+RENDERDIR=$2
+if [[ ! -d $RENDERDIR ]]; then
+    echo "No such source directory $RENDERDIR"
+    usage
+    exit 1
+fi
+
+if [[ $DOSYNC == 1 ]]; then
+    sync_cr "$RENDERDIR" "$SOURCEDIR" compare_ignore
+else
+    compare_cr "$RENDERDIR" "$SOURCEDIR" compare_ignore
+fi
diff --git a/telco-hub/configuration/reference-crs-kube-compare/compare_ignore b/telco-hub/configuration/reference-crs-kube-compare/compare_ignore
@@ -0,0 +1,63 @@
+# Internal files for cluster-compare, not real CRs
+metadata.yaml
+
+# Used in the reference only for version compliance checks
+ReferenceVersionCheck.yaml
+
+# Not yet published in the RDS:
+optional/quay/quayNS.yaml
+optional/quay/quayOperatorGroup.yaml
+optional/quay/quaySubscription.yaml
+
+# Reference templates not implemented yet:
+optional/logging/clusterLogForwarder.yaml
+optional/logging/clusterLogServiceAccount.yaml
+optional/logging/clusterLogServiceAccountAuditBinding.yaml
+optional/logging/clusterLogServiceAccountInfrastructureBinding.yaml
+required/registry/catalog-source.yaml
+required/registry/idms-operator.yaml
+required/registry/idms-release.yaml
+required/registry/itms-generic.yaml
+required/registry/itms-release.yaml
+required/registry/operator-hub.yaml
+required/gitops/addPluginsPolicy.yaml
+required/gitops/app-project.yaml
+required/gitops/argocd-application.yaml
+required/gitops/argocd-ssh-known-hosts-cm.yaml
+required/gitops/argocd-tls-certs-cm.yaml
+required/gitops/clusterrolebinding.yaml
+required/gitops/clusterrole.yaml
+required/gitops/gitopsNS.yaml
+required/gitops/gitopsOperatorGroup.yaml
+required/gitops/gitopsSubscription.yaml
+required/gitops/kustomization.yaml
+required/gitops/ztp-installation/app-project.yaml
+required/gitops/ztp-installation/clusters-app.yaml
+required/gitops/ztp-installation/gitops-cluster-rolebinding.yaml
+required/gitops/ztp-installation/gitops-policy-rolebinding.yaml
+required/gitops/ztp-installation/kustomization.yaml
+required/gitops/ztp-installation/policies-app-project.yaml
+required/gitops/ztp-installation/policies-app.yaml
+required/gitops/ztp-repo.yaml
+optional/cert-manager/certManagerClusterIssuer.yaml
+optional/cert-manager/certManagerNS.yaml
+optional/cert-manager/certManagerOperatorgroup.yaml
+optional/cert-manager/certManagerSubscription.yaml
+optional/cert-manager/consoleCertificate.yaml
+optional/cert-manager/downloadsCertificate.yaml
+optional/cert-manager/oauthServiceCertificate.yaml
+optional/backup-recovery/backupSchedule.yaml
+optional/backup-recovery/dataProtectionApplication.yaml
+optional/backup-recovery/objectBucketClaim.yaml
+optional/backup-recovery/policy-backup.yaml
+optional/backup-recovery/restore.yaml
+optional/odf-internal/odfReady.yaml
+required/acm/acmPerfSearch.yaml
+required/acm/thanosSecretPolicy.yaml
+
+# ArgoCD files
+kustomization.yaml
+optional/lso/kustomization.yaml
+optional/odf-internal/kustomization.yaml
+required/talm/kustomization.yaml
+required/acm/kustomization.yaml