medik8s · razo7 · Jan 12, 2025 · Jan 12, 2025 · Jan 12, 2025
diff --git a/Makefile b/Makefile
@@ -23,6 +23,8 @@ ENVTEST_K8S_VERSION = 1.28
 # OCP Version: for OKD bundle community
 OCP_VERSION = 4.14
 
+# Run unit tests once unless this parameter is set
+REPEAT_TIMES ?= 1
 # update for major version updates to YQ_VERSION! see https://github.com/mikefarah/yq
 YQ_API_VERSION = v4
 YQ_VERSION = v4.44.2
@@ -196,7 +198,8 @@ test: test-no-verify ## Generate and format code, run tests, generate manifests
 # --vv: If set, emits with maximal verbosity - includes skipped and pending tests.
 test-no-verify: go-verify manifests generate fmt vet fix-imports envtest ginkgo # Generate and format code, and run tests
 	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(ENVTEST_DIR)/$(ENVTEST_VERSION) -p path)" \
-	$(GINKGO) -r --keep-going --randomize-all --require-suite --vv --coverprofile cover.out ./api/... ./pkg/... ./controllers/...
+	$(GINKGO) -r --keep-going --randomize-all --require-suite --vv --coverprofile cover.out --repeat=$(REPEAT_TIMES) \
+	./api/... ./pkg/... ./controllers/...
 
 .PHONY: bundle-run
 bundle-run: operator-sdk create-ns ## Run bundle image. Default NS is "openshift-workload-availability", redefine OPERATOR_NAMESPACE to override it.

diff --git a/README.md b/README.md
@@ -187,6 +187,7 @@ The FAR CR, `FenceAgentsRemediation`, is created by the admin and is used to tri
 The CR includes the following parameters:
 
 * `agent` - fence agent name. File name which is validated (by kubebuilder and Webhook) against a list of supported agents in the FAR pod.
+* `credentialarameters` - credential parameters for accessing the node to be remediated.
 * `sharedparameters` - cluster wide parameters for executing the fence agent.
 * `nodeparameters` - node specific parameters for executing the fence agent.
 * `retrycount` - number of times to retry the fence agent in case of failure. The default is 5.
@@ -209,9 +210,10 @@ spec:
   retrycount: 5
   retryinterval: "5s"
   timeout: "60s"
+  credentialparameters:
+    --password
   sharedparameters:
     --username: "admin"
-    --password: "password"
     --lanplus: ""
     --action: "reboot"
     --ip: "192.168.111.1"
@@ -223,7 +225,7 @@ spec:
       worker-0: "6233"
       worker-1: "6234"
       worker-2: "6235"
-  remediationStrategy: ResourceDeletion
+  remediationStrategy: OutOfServiceTaint
 ```
 
 ## Tests

diff --git a/api/v1alpha1/fenceagentsremediation_types.go b/api/v1alpha1/fenceagentsremediation_types.go
@@ -81,14 +81,20 @@ type FenceAgentsRemediationSpec struct {
 	//+operator-sdk:csv:customresourcedefinitions:type=spec
 	Timeout metav1.Duration `json:"timeout,omitempty"`
 
-	// SharedParameters are passed to the fencing agent regardless of which node is about to be fenced (i.e., they are common for all the nodes)
+	// SharedParameters are passed to the fencing agent regardless of which node is about to be fenced
+	// (i.e., they are common for all the nodes)
 	//+operator-sdk:csv:customresourcedefinitions:type=spec
 	SharedParameters map[ParameterName]string `json:"sharedparameters,omitempty"`
 
 	// NodeParameters are passed to the fencing agent according to the node that is fenced, since they are node specific
 	//+operator-sdk:csv:customresourcedefinitions:type=spec
 	NodeParameters map[ParameterName]map[NodeName]string `json:"nodeparameters,omitempty"`
 
+	// CredentialParameters are passed to the fencing agent according to the node that is fenced, and the parameters
+	// values are fetched from a known secret
+	//+operator-sdk:csv:customresourcedefinitions:type=spec
+	CredentialParameters []ParameterName `json:"credentialparameters,omitempty"`
+
 	// RemediationStrategy is the remediation method for unhealthy nodes.
 	// Currently, it could be either "OutOfServiceTaint" or "ResourceDeletion".
 	// ResourceDeletion will iterate over all pods related to the unhealthy node and delete them.

diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/bundle/manifests/fence-agents-remediation.clusterserviceversion.yaml b/bundle/manifests/fence-agents-remediation.clusterserviceversion.yaml
@@ -80,6 +80,11 @@ spec:
           have a fence_ prefix.
         displayName: Agent
         path: agent
+      - description: CredentialParameters are passed to the fencing agent according
+          to the node that is fenced, and the parameters values are fetched from a
+          known secret
+        displayName: Credential Parameters
+        path: credentialparameters
       - description: NodeParameters are passed to the fencing agent according to the
           node that is fenced, since they are node specific
         displayName: Node Parameters
@@ -136,6 +141,11 @@ spec:
           have a fence_ prefix.
         displayName: Agent
         path: template.spec.agent
+      - description: CredentialParameters are passed to the fencing agent according
+          to the node that is fenced, and the parameters values are fetched from a
+          known secret
+        displayName: Credential Parameters
+        path: template.spec.credentialparameters
       - description: NodeParameters are passed to the fencing agent according to the
           node that is fenced, since they are node specific
         displayName: Node Parameters
@@ -206,6 +216,14 @@ spec:
           - list
           - update
           - watch
+        - apiGroups:
+          - ""
+          resources:
+          - secrets
+          verbs:
+          - get
+          - list
+          - watch
         - apiGroups:
           - ""
           resources:

diff --git a/bundle/manifests/fence-agents-remediation.medik8s.io_fenceagentsremediations.yaml b/bundle/manifests/fence-agents-remediation.medik8s.io_fenceagentsremediations.yaml
@@ -50,6 +50,13 @@ spec:
                   It should have a fence_ prefix.
                 pattern: fence_.+
                 type: string
+              credentialparameters:
+                description: |-
+                  CredentialParameters are passed to the fencing agent according to the node that is fenced, and the parameters
+                  values are fetched from a known secret
+                items:
+                  type: string
+                type: array
               nodeparameters:
                 additionalProperties:
                   additionalProperties:
@@ -84,9 +91,9 @@ spec:
               sharedparameters:
                 additionalProperties:
                   type: string
-                description: SharedParameters are passed to the fencing agent regardless
-                  of which node is about to be fenced (i.e., they are common for all
-                  the nodes)
+                description: |-
+                  SharedParameters are passed to the fencing agent regardless of which node is about to be fenced
+                  (i.e., they are common for all the nodes)
                 type: object
               timeout:
                 default: 60s

diff --git a/bundle/manifests/fence-agents-remediation.medik8s.io_fenceagentsremediationtemplates.yaml b/bundle/manifests/fence-agents-remediation.medik8s.io_fenceagentsremediationtemplates.yaml
@@ -58,6 +58,13 @@ spec:
                           It should have a fence_ prefix.
                         pattern: fence_.+
                         type: string
+                      credentialparameters:
+                        description: |-
+                          CredentialParameters are passed to the fencing agent according to the node that is fenced, and the parameters
+                          values are fetched from a known secret
+                        items:
+                          type: string
+                        type: array
                       nodeparameters:
                         additionalProperties:
                           additionalProperties:
@@ -93,9 +100,9 @@ spec:
                       sharedparameters:
                         additionalProperties:
                           type: string
-                        description: SharedParameters are passed to the fencing agent
-                          regardless of which node is about to be fenced (i.e., they
-                          are common for all the nodes)
+                        description: |-
+                          SharedParameters are passed to the fencing agent regardless of which node is about to be fenced
+                          (i.e., they are common for all the nodes)
                         type: object
                       timeout:
                         default: 60s

diff --git a/config/crd/bases/fence-agents-remediation.medik8s.io_fenceagentsremediations.yaml b/config/crd/bases/fence-agents-remediation.medik8s.io_fenceagentsremediations.yaml
@@ -48,6 +48,13 @@ spec:
                   It should have a fence_ prefix.
                 pattern: fence_.+
                 type: string
+              credentialparameters:
+                description: |-
+                  CredentialParameters are passed to the fencing agent according to the node that is fenced, and the parameters
+                  values are fetched from a known secret
+                items:
+                  type: string
+                type: array
               nodeparameters:
                 additionalProperties:
                   additionalProperties:
@@ -82,9 +89,9 @@ spec:
               sharedparameters:
                 additionalProperties:
                   type: string
-                description: SharedParameters are passed to the fencing agent regardless
-                  of which node is about to be fenced (i.e., they are common for all
-                  the nodes)
+                description: |-
+                  SharedParameters are passed to the fencing agent regardless of which node is about to be fenced
+                  (i.e., they are common for all the nodes)
                 type: object
               timeout:
                 default: 60s

diff --git a/config/crd/bases/fence-agents-remediation.medik8s.io_fenceagentsremediationtemplates.yaml b/config/crd/bases/fence-agents-remediation.medik8s.io_fenceagentsremediationtemplates.yaml
@@ -56,6 +56,13 @@ spec:
                           It should have a fence_ prefix.
                         pattern: fence_.+
                         type: string
+                      credentialparameters:
+                        description: |-
+                          CredentialParameters are passed to the fencing agent according to the node that is fenced, and the parameters
+                          values are fetched from a known secret
+                        items:
+                          type: string
+                        type: array
                       nodeparameters:
                         additionalProperties:
                           additionalProperties:
@@ -91,9 +98,9 @@ spec:
                       sharedparameters:
                         additionalProperties:
                           type: string
-                        description: SharedParameters are passed to the fencing agent
-                          regardless of which node is about to be fenced (i.e., they
-                          are common for all the nodes)
+                        description: |-
+                          SharedParameters are passed to the fencing agent regardless of which node is about to be fenced
+                          (i.e., they are common for all the nodes)
                         type: object
                       timeout:
                         default: 60s

diff --git a/config/manifests/bases/fence-agents-remediation.clusterserviceversion.yaml b/config/manifests/bases/fence-agents-remediation.clusterserviceversion.yaml
@@ -35,6 +35,11 @@ spec:
           have a fence_ prefix.
         displayName: Agent
         path: agent
+      - description: CredentialParameters are passed to the fencing agent according
+          to the node that is fenced, and the parameters values are fetched from a
+          known secret
+        displayName: Credential Parameters
+        path: credentialparameters
       - description: NodeParameters are passed to the fencing agent according to the
           node that is fenced, since they are node specific
         displayName: Node Parameters
@@ -91,6 +96,11 @@ spec:
           have a fence_ prefix.
         displayName: Agent
         path: template.spec.agent
+      - description: CredentialParameters are passed to the fencing agent according
+          to the node that is fenced, and the parameters values are fetched from a
+          known secret
+        displayName: Credential Parameters
+        path: template.spec.credentialparameters
       - description: NodeParameters are passed to the fencing agent according to the
           node that is fenced, since they are node specific
         displayName: Node Parameters

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -22,6 +22,14 @@ rules:
   - list
   - update
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - ""
   resources: