[WIP] AGENT-1326: Add InternalReleaseImage templates generation during the bootstrap (with RenderContext)

go.mod

@@ -421,6 +421,7 @@ require (
 
 replace (
 	github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20251001123353-fd5b1fb35db1
+	github.com/openshift/api => /home/afasano/go/src/github.com/openshift/api
 
 	k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20251028145634-9e794b89909a
 	k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20251028145634-9e794b89909a

go.sum

@@ -609,8 +609,6 @@ github.com/opencontainers/selinux v1.12.0 h1:6n5JV4Cf+4y0KNXW48TLj5DwfXpvWlxXplU
 github.com/opencontainers/selinux v1.12.0/go.mod h1:BTPX+bjVbWGXw7ZZWUbdENt8w0htPSrlgOOysQaU62U=
 github.com/openshift-eng/openshift-tests-extension v0.0.0-20250916161632-d81c09058835 h1:rkqIIfdYYkasXbF2XKVgh/3f1mhjSQK9By8WtVMgYo8=
 github.com/openshift-eng/openshift-tests-extension v0.0.0-20250916161632-d81c09058835/go.mod h1:6gkP5f2HL0meusT0Aim8icAspcD1cG055xxBZ9yC68M=
-github.com/openshift/api v0.0.0-20251104141128-d13e8c65d30f h1:xiSyW0ZZ0XWBiZ2ko7e/jI6N0m2DuwZqsSO4NHh/4T8=
-github.com/openshift/api v0.0.0-20251104141128-d13e8c65d30f/go.mod h1:d5uzF0YN2nQQFA0jIEWzzOZ+edmo6wzlGLvx5Fhz4uY=
 github.com/openshift/client-go v0.0.0-20251015124057-db0dee36e235 h1:9JBeIXmnHlpXTQPi7LPmu1jdxznBhAE7bb1K+3D8gxY=
 github.com/openshift/client-go v0.0.0-20251015124057-db0dee36e235/go.mod h1:L49W6pfrZkfOE5iC1PqEkuLkXG4W0BX4w8b+L2Bv7fM=
 github.com/openshift/kubernetes v1.30.1-0.20251028145634-9e794b89909a h1:uaeiYAYOVlXChnGxvsziVTkzaSlBV7h8Y2U2Bc81UKM=

pkg/controller/bootstrap/bootstrap.go

@@ -20,7 +20,9 @@ import (
 
 	apicfgv1 "github.com/openshift/api/config/v1"
 	apicfgv1alpha1 "github.com/openshift/api/config/v1alpha1"
+	"github.com/openshift/api/features"
 	mcfgv1 "github.com/openshift/api/machineconfiguration/v1"
+	mcfgv1alpha1 "github.com/openshift/api/machineconfiguration/v1alpha1"
 	apioperatorsv1alpha1 "github.com/openshift/api/operator/v1alpha1"
 	ctrlcommon "github.com/openshift/machine-config-operator/pkg/controller/common"
 	containerruntimeconfig "github.com/openshift/machine-config-operator/pkg/controller/container-runtime-config"
@@ -70,11 +72,12 @@ func (b *Bootstrap) Run(destDir string) error {
 
 	scheme := runtime.NewScheme()
 	mcfgv1.Install(scheme)
+	mcfgv1alpha1.Install(scheme)
 	apioperatorsv1alpha1.Install(scheme)
 	apicfgv1.Install(scheme)
 	apicfgv1alpha1.Install(scheme)
 	codecFactory := serializer.NewCodecFactory(scheme)
-	decoder := codecFactory.UniversalDecoder(mcfgv1.GroupVersion, apioperatorsv1alpha1.GroupVersion, apicfgv1.GroupVersion, apicfgv1alpha1.GroupVersion)
+	decoder := codecFactory.UniversalDecoder(mcfgv1.GroupVersion, mcfgv1alpha1.GroupVersion, apioperatorsv1alpha1.GroupVersion, apicfgv1.GroupVersion, apicfgv1alpha1.GroupVersion)
 
 	var (
 		cconfig              *mcfgv1.ControllerConfig
@@ -91,6 +94,7 @@ func (b *Bootstrap) Run(destDir string) error {
 		imagePolicies        []*apicfgv1.ImagePolicy
 		imgCfg               *apicfgv1.Image
 		apiServer            *apicfgv1.APIServer
+		iri                  *mcfgv1alpha1.InternalReleaseImage
 	)
 	for _, info := range infos {
 		if info.IsDir() {
@@ -154,6 +158,10 @@ func (b *Bootstrap) Run(destDir string) error {
 				if obj.GetName() == ctrlcommon.APIServerInstanceName {
 					apiServer = obj
 				}
+			case *mcfgv1alpha1.InternalReleaseImage:
+				if obj.GetName() == ctrlcommon.InternalReleaseImageInstanceName {
+					iri = obj
+				}
 			default:
 				klog.Infof("skipping %q [%d] manifest because of unhandled %T", file.Name(), idx+1, obji)
 			}
@@ -174,7 +182,12 @@ func (b *Bootstrap) Run(destDir string) error {
 		return fmt.Errorf("error creating feature gates handler: %w", err)
 	}
 
-	iconfigs, err := template.RunBootstrap(b.templatesDir, cconfig, psraw, apiServer)
+	var internalReleaseImage *mcfgv1alpha1.InternalReleaseImage
+	if fgHandler != nil && fgHandler.Enabled(features.FeatureGateNoRegistryClusterOperations) {
+		internalReleaseImage = iri
+	}
+
+	iconfigs, err := template.RunBootstrap(b.templatesDir, cconfig, psraw, apiServer, internalReleaseImage)
 	if err != nil {
 		return err
 	}

pkg/controller/common/constants.go

@@ -60,6 +60,9 @@ const (
 	// APIServerInstanceName is a singleton name for APIServer configuration
 	APIServerInstanceName = "cluster"
 
+	// InternalReleaseImageInstanceName is a singleton name for InternalReleaseImage configuration
+	InternalReleaseImageInstanceName = "cluster"
+
 	// APIServerInstanceName is a singleton name for APIServer configuration
 	APIServerBootstrapFileLocation = "/etc/mcs/bootstrap/api-server/api-server.yaml"
 

pkg/controller/container-runtime-config/container_runtime_config_controller.go

@@ -501,11 +501,15 @@ func (ctrl *Controller) handleImgErr(err error, key string) {
 
 // generateOriginalContainerRuntimeConfigs returns rendered default storage, registries and policy config files
 func generateOriginalContainerRuntimeConfigs(templateDir string, cc *mcfgv1.ControllerConfig, role string) (*ign3types.File, *ign3types.File, *ign3types.File, error) {
-	// Render the default templates
-	rc := &mtmpl.RenderConfig{
-		ControllerConfigSpec: &cc.Spec,
+	rc := &mtmpl.RenderContext{
+		Config: &mtmpl.RenderConfig{
+			ControllerConfigSpec: &cc.Spec,
+		},
+		TemplatesDir: templateDir,
+		Role:         role,
 	}
-	generatedConfigs, err := mtmpl.GenerateMachineConfigsForRole(rc, role, templateDir)
+
+	generatedConfigs, err := mtmpl.GenerateMachineConfigsForRole(rc)
 	if err != nil {
 		return nil, nil, nil, fmt.Errorf("generateMachineConfigsforRole failed with error %w", err)
 	}

pkg/controller/kubelet-config/kubelet_config_controller.go

@@ -451,8 +451,13 @@ func generateOriginalKubeletConfigWithFeatureGates(cc *mcfgv1.ControllerConfig,
 func generateOriginalKubeletConfigIgn(cc *mcfgv1.ControllerConfig, templatesDir, role string, apiServer *osev1.APIServer) (*ign3types.File, error) {
 	// Render the default templates
 	tlsMinVersion, tlsCipherSuites := ctrlcommon.GetSecurityProfileCiphersFromAPIServer(apiServer)
-	rc := &mtmpl.RenderConfig{ControllerConfigSpec: &cc.Spec, TLSMinVersion: tlsMinVersion, TLSCipherSuites: tlsCipherSuites}
-	generatedConfigs, err := mtmpl.GenerateMachineConfigsForRole(rc, role, templatesDir)
+	rc := &mtmpl.RenderContext{
+		Config:       &mtmpl.RenderConfig{ControllerConfigSpec: &cc.Spec, TLSMinVersion: tlsMinVersion, TLSCipherSuites: tlsCipherSuites},
+		TemplatesDir: templatesDir,
+		Role:         role,
+	}
+
+	generatedConfigs, err := mtmpl.GenerateMachineConfigsForRole(rc)
 	if err != nil {
 		return nil, fmt.Errorf("GenerateMachineConfigsforRole failed with error: %w", err)
 	}

pkg/controller/template/kubelet_config_dir_test.go

@@ -62,7 +62,7 @@ func TestKubeletConfigDirParameter(t *testing.T) {
 			controllerConfig, err := controllerConfigFromFile(tc.controllerConfig)
 			require.NoError(t, err, "Failed to load controller config for %s", tc.name)
 
-			cfgs, err := generateTemplateMachineConfigs(&RenderConfig{&controllerConfig.Spec, `{"dummy":"dummy"}`, "dummy", nil, nil}, templateDir)
+			cfgs, err := generateTemplateMachineConfigs(dummyRenderContext(controllerConfig))
 			require.NoError(t, err, "Failed to generate machine configs for %s", tc.name)
 
 			kubeletConfigs := make(map[string]*string)
@@ -127,7 +127,7 @@ func TestKubeletConfigDirParameterSpecific(t *testing.T) {
 	controllerConfig, err := controllerConfigFromFile("./test_data/controller_config_aws.yaml")
 	require.NoError(t, err, "Failed to load AWS controller config")
 
-	cfgs, err := generateTemplateMachineConfigs(&RenderConfig{&controllerConfig.Spec, `{"dummy":"dummy"}`, "dummy", nil, nil}, templateDir)
+	cfgs, err := generateTemplateMachineConfigs(dummyRenderContext(controllerConfig))
 	require.NoError(t, err, "Failed to generate machine configs")
 
 	var kubeletUnit *string

pkg/controller/template/render.go

@@ -63,6 +63,7 @@ const (
 	workerRole          = "worker"
 	arbiterRole         = "arbiter"
 	cloudPlatformAltDNS = "cloud-platform-alt-dns"
+	iri                 = "internalreleaseimage"
 )
 
 // generateTemplateMachineConfigs returns MachineConfig objects from the templateDir and a config object
@@ -78,8 +79,8 @@ const (
 //	                     /01-worker-kubelet/_base/files/random.conf.tmpl
 //	              /master/00-master/_base/units/kubelet.tmpl
 //	                                  /files/hostname.tmpl
-func generateTemplateMachineConfigs(config *RenderConfig, templateDir string) ([]*mcfgv1.MachineConfig, error) {
-	infos, err := ctrlcommon.ReadDir(templateDir)
+func generateTemplateMachineConfigs(rc *RenderContext) ([]*mcfgv1.MachineConfig, error) {
+	infos, err := ctrlcommon.ReadDir(rc.TemplatesDir)
 	if err != nil {
 		return nil, err
 	}
@@ -97,11 +98,12 @@ func generateTemplateMachineConfigs(config *RenderConfig, templateDir string) ([
 		}
 
 		// Avoid creating resources for non arbiter deployments
-		if role == arbiterRole && !hasControlPlaneTopology(config, configv1.HighlyAvailableArbiterMode) {
+		if role == arbiterRole && !hasControlPlaneTopology(rc.Config, configv1.HighlyAvailableArbiterMode) {
 			continue
 		}
 
-		roleConfigs, err := GenerateMachineConfigsForRole(config, role, templateDir)
+		rc.Role = role
+		roleConfigs, err := GenerateMachineConfigsForRole(rc)
 		if err != nil {
 			return nil, fmt.Errorf("failed to create MachineConfig for role %s: %w", role, err)
 		}
@@ -120,16 +122,16 @@ func generateTemplateMachineConfigs(config *RenderConfig, templateDir string) ([
 }
 
 // GenerateMachineConfigsForRole creates MachineConfigs for the role provided
-func GenerateMachineConfigsForRole(config *RenderConfig, role, templateDir string) ([]*mcfgv1.MachineConfig, error) {
-	rolePath := role
+func GenerateMachineConfigsForRole(rc *RenderContext) ([]*mcfgv1.MachineConfig, error) {
+	rolePath := rc.Role
 	//nolint:goconst
-	if role != workerRole && role != masterRole && role != arbiterRole {
+	if rc.Role != workerRole && rc.Role != masterRole && rc.Role != arbiterRole {
 		// custom pools are only allowed to be worker's children
 		// and can reuse the worker templates
 		rolePath = workerRole
 	}
 
-	path := filepath.Join(templateDir, rolePath)
+	path := filepath.Join(rc.TemplatesDir, rolePath)
 	infos, err := ctrlcommon.ReadDir(path)
 	if err != nil {
 		return nil, err
@@ -147,7 +149,7 @@ func GenerateMachineConfigsForRole(config *RenderConfig, role, templateDir strin
 		}
 		name := info.Name()
 		namePath := filepath.Join(path, name)
-		nameConfig, err := generateMachineConfigForName(config, role, name, templateDir, namePath, &commonAdded)
+		nameConfig, err := generateMachineConfigForName(rc, name, namePath, &commonAdded)
 		if err != nil {
 			return nil, err
 		}
@@ -229,15 +231,15 @@ func filterTemplates(toFilter map[string]string, path string, config *RenderConf
 	return filepath.Walk(path, walkFn)
 }
 
-func getPaths(config *RenderConfig, platformString string) []string {
+func getPaths(rc *RenderContext, platformString string) []string {
 	platformBasedPaths := []string{platformBase}
-	if onPremPlatform(config.Infra.Status.PlatformStatus.Type) {
+	if onPremPlatform(rc.Config.Infra.Status.PlatformStatus.Type) {
 		platformBasedPaths = append(platformBasedPaths, platformOnPrem)
 	}
 
 	// If this is a cloud platform with DNSType set to `ClusterHosted` with
 	// LB IPs provided, include path for their CoreDNS files
-	if cloudPlatformLoadBalancerIPState(*config) == availableLBIPState {
+	if cloudPlatformLoadBalancerIPState(*rc.Config) == availableLBIPState {
 		platformBasedPaths = append(platformBasedPaths, cloudPlatformAltDNS)
 	}
 
@@ -246,29 +248,33 @@ func getPaths(config *RenderConfig, platformString string) []string {
 	platformBasedPaths = append(platformBasedPaths, platformString)
 
 	// sno is specific case and it should override even specific platform files
-	if hasControlPlaneTopology(config, configv1.SingleReplicaTopologyMode) {
+	if hasControlPlaneTopology(rc.Config, configv1.SingleReplicaTopologyMode) {
 		platformBasedPaths = append(platformBasedPaths, sno)
 	}
 
-	if hasControlPlaneTopology(config, configv1.DualReplicaTopologyMode) {
+	if hasControlPlaneTopology(rc.Config, configv1.DualReplicaTopologyMode) {
 		platformBasedPaths = append(platformBasedPaths, tnf)
 	}
 
+	if rc.InternalReleaseImage != nil {
+		platformBasedPaths = append(platformBasedPaths, iri)
+	}
+
 	return platformBasedPaths
 }
 
-func generateMachineConfigForName(config *RenderConfig, role, name, templateDir, path string, commonAdded *bool) (*mcfgv1.MachineConfig, error) {
-	platformString, err := platformStringFromControllerConfigSpec(config.ControllerConfigSpec)
+func generateMachineConfigForName(rc *RenderContext, name, path string, commonAdded *bool) (*mcfgv1.MachineConfig, error) {
+	platformString, err := platformStringFromControllerConfigSpec(rc.Config.ControllerConfigSpec)
 	if err != nil {
 		return nil, err
 	}
 
 	platformDirs := []string{}
-	platformBasedPaths := getPaths(config, platformString)
+	platformBasedPaths := getPaths(rc, platformString)
 	if !*commonAdded {
 		// Loop over templates/common which applies everywhere
 		for _, dir := range platformBasedPaths {
-			basePath := filepath.Join(templateDir, "common", dir)
+			basePath := filepath.Join(rc.TemplatesDir, "common", dir)
 			exists, err := existsDir(basePath)
 			if err != nil {
 				return nil, err
@@ -305,7 +311,7 @@ func generateMachineConfigForName(config *RenderConfig, role, name, templateDir,
 			return nil, err
 		}
 		if exists {
-			if err := filterTemplates(files, p, config); err != nil {
+			if err := filterTemplates(files, p, rc.Config); err != nil {
 				return nil, err
 			}
 		}
@@ -316,7 +322,7 @@ func generateMachineConfigForName(config *RenderConfig, role, name, templateDir,
 			return nil, err
 		}
 		if exists {
-			if err := filterTemplates(units, p, config); err != nil {
+			if err := filterTemplates(units, p, rc.Config); err != nil {
 				return nil, err
 			}
 		}
@@ -327,7 +333,7 @@ func generateMachineConfigForName(config *RenderConfig, role, name, templateDir,
 			return nil, err
 		}
 		if exists {
-			if err := filterTemplates(extensions, p, config); err != nil {
+			if err := filterTemplates(extensions, p, rc.Config); err != nil {
 				return nil, err
 			}
 		}
@@ -354,7 +360,7 @@ func generateMachineConfigForName(config *RenderConfig, role, name, templateDir,
 	if err != nil {
 		return nil, fmt.Errorf("error transpiling CoreOS config to Ignition config: %w", err)
 	}
-	mcfg, err := ctrlcommon.MachineConfigFromIgnConfig(role, name, ignCfg)
+	mcfg, err := ctrlcommon.MachineConfigFromIgnConfig(rc.Role, name, ignCfg)
 	if err != nil {
 		return nil, fmt.Errorf("error creating MachineConfig from Ignition config: %w", err)
 	}
@@ -367,7 +373,7 @@ func generateMachineConfigForName(config *RenderConfig, role, name, templateDir,
 	// will keep that last value forever once you upgrade...which is a problen now that we allow OSImageURL overrides
 	// because it will look like an override when it shouldn't be. So don't take this out until you've solved that.
 	// And inject the osimageurl here
-	mcfg.Spec.OSImageURL = ctrlcommon.GetDefaultBaseImageContainer(config.ControllerConfigSpec)
+	mcfg.Spec.OSImageURL = ctrlcommon.GetDefaultBaseImageContainer(rc.Config.ControllerConfigSpec)
 
 	return mcfg, nil
 }

pkg/controller/template/render_test.go

@@ -199,6 +199,13 @@ func TestSkipMissing(t *testing.T) {
 
 const templateDir = "../../../templates"
 
+func dummyRenderContext(cconfig *mcfgv1.ControllerConfig) *RenderContext {
+	return &RenderContext{
+		TemplatesDir: templateDir,
+		Config:       &RenderConfig{&cconfig.Spec, `{"dummy":"dummy"}`, "dummy", nil, nil},
+	}
+}
+
 var (
 	configs = map[string]string{
 		"aws":                    "./test_data/controller_config_aws.yaml",
@@ -239,14 +246,14 @@ func TestInvalidPlatform(t *testing.T) {
 
 	// we must treat unrecognized constants as "none"
 	controllerConfig.Spec.Infra.Status.PlatformStatus.Type = "_bad_"
-	_, err = generateTemplateMachineConfigs(&RenderConfig{&controllerConfig.Spec, `{"dummy":"dummy"}`, "dummy", nil, nil}, templateDir)
+	_, err = generateTemplateMachineConfigs(dummyRenderContext(controllerConfig))
 	if err != nil {
 		t.Errorf("expect nil error, got: %v", err)
 	}
 
 	// explicitly blocked
 	controllerConfig.Spec.Infra.Status.PlatformStatus.Type = "_base"
-	_, err = generateTemplateMachineConfigs(&RenderConfig{&controllerConfig.Spec, `{"dummy":"dummy"}`, "dummy", nil, nil}, templateDir)
+	_, err = generateTemplateMachineConfigs(dummyRenderContext(controllerConfig))
 	expectErr(err, "failed to create MachineConfig for role master: platform _base unsupported")
 }
 
@@ -257,7 +264,7 @@ func TestGenerateMachineConfigs(t *testing.T) {
 			t.Fatalf("failed to get controllerconfig config: %v", err)
 		}
 
-		cfgs, err := generateTemplateMachineConfigs(&RenderConfig{&controllerConfig.Spec, `{"dummy":"dummy"}`, "dummy", nil, nil}, templateDir)
+		cfgs, err := generateTemplateMachineConfigs(dummyRenderContext(controllerConfig))
 		if err != nil {
 			t.Fatalf("failed to generate machine configs: %v", err)
 		}
@@ -438,7 +445,7 @@ func TestGetPaths(t *testing.T) {
 			}
 			c.res = append(c.res, platformBase)
 
-			got := getPaths(&RenderConfig{&config.Spec, `{"dummy":"dummy"}`, "dummy", nil, nil}, config.Spec.Platform)
+			got := getPaths(dummyRenderContext(config), config.Spec.Platform)
 			if reflect.DeepEqual(got, c.res) {
 				t.Fatalf("mismatch got: %s want: %s", got, c.res)
 			}