From 370e5f2be3af057727f8a6ffb86f6d88cb50c921 Mon Sep 17 00:00:00 2001 From: Dixit Sathwara Date: Fri, 6 Feb 2026 17:41:19 +0530 Subject: [PATCH 1/3] [patch] add the ingress controlling patching function in ocp.py --- src/mas/devops/ocp.py | 100 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 100 insertions(+) diff --git a/src/mas/devops/ocp.py b/src/mas/devops/ocp.py index f77d01ec..46ca32cc 100644 --- a/src/mas/devops/ocp.py +++ b/src/mas/devops/ocp.py @@ -632,3 +632,103 @@ def updateGlobalPullSecret(dynClient: DynamicClient, registryUrl: str, username: "registry": registryUrl, "changed": True } + + + +def configureIngressForPathBasedRouting(dynClient: DynamicClient, ingressControllerName: str = "default") -> bool: + """ + Configure OpenShift IngressController for path-based routing. + + Sets the namespaceOwnership to InterNamespaceAllowed on the specified IngressController, + which is required for path-based routing mode in MAS. + + Args: + dynClient: OpenShift Dynamic Client + ingressControllerName (optional): Name of the IngressController to configure. Defaults to "default". + + Returns: + bool: True if configuration was successful or already configured, False otherwise + + Raises: + NotFoundError: If the IngressController resource cannot be found + """ + logger.info(f"Configuring IngressController '{ingressControllerName}' for path-based routing") + + try: + ingressControllerAPI = dynClient.resources.get( + api_version="operator.openshift.io/v1", + kind="IngressController" + ) + + try: + ingressController = ingressControllerAPI.get( + name=ingressControllerName, + namespace="openshift-ingress-operator" + ) + except NotFoundError: + logger.error(f"IngressController '{ingressControllerName}' not found in namespace 'openshift-ingress-operator'") + return False + + # Check current namespaceOwnership setting + currentPolicy = None + if hasattr(ingressController, 'spec') and hasattr(ingressController.spec, 'routeAdmission'): + if hasattr(ingressController.spec.routeAdmission, 'namespaceOwnership'): + currentPolicy = ingressController.spec.routeAdmission.namespaceOwnership + + logger.debug(f"Current namespaceOwnership policy: {currentPolicy if currentPolicy else 'Not set'}") + + # Check if already configured + if currentPolicy == "InterNamespaceAllowed": + logger.info(f"IngressController '{ingressControllerName}' is already configured with namespaceOwnership: InterNamespaceAllowed") + return True + + # Patch the IngressController + logger.info(f"Patching IngressController '{ingressControllerName}' to enable InterNamespaceAllowed") + + patch = { + "spec": { + "routeAdmission": { + "namespaceOwnership": "InterNamespaceAllowed" + } + } + } + + ingressControllerAPI.patch( + body=patch, + name=ingressControllerName, + namespace="openshift-ingress-operator", + content_type="application/merge-patch+json" + ) + + # Wait for the change to be applied + maxRetries = 5 + retryDelay = 5 + + for attempt in range(maxRetries): + sleep(retryDelay) + try: + updatedController = ingressControllerAPI.get( + name=ingressControllerName, + namespace="openshift-ingress-operator" + ) + + if (hasattr(updatedController, 'spec') and + hasattr(updatedController.spec, 'routeAdmission') and + hasattr(updatedController.spec.routeAdmission, 'namespaceOwnership') and + updatedController.spec.routeAdmission.namespaceOwnership == "InterNamespaceAllowed"): + + logger.info(f"Successfully configured IngressController '{ingressControllerName}' for path-based routing") + return True + + except NotFoundError: + logger.warning(f"IngressController '{ingressControllerName}' not found during verification (attempt {attempt + 1}/{maxRetries})") + + if attempt < maxRetries - 1: + logger.debug(f"Waiting for IngressController to reconcile (attempt {attempt + 1}/{maxRetries})") + + logger.error(f"Failed to verify IngressController configuration after {maxRetries} attempts") + return False + + except Exception as e: + logger.error(f"Failed to configure IngressController '{ingressControllerName}': {str(e)}") + return False From 119228b2a679d492026c25d79916d8c690df2cc3 Mon Sep 17 00:00:00 2001 From: Dixit Sathwara Date: Fri, 6 Feb 2026 18:10:28 +0530 Subject: [PATCH 2/3] [patch] remove the mas_configure_ingress from the install template --- src/mas/devops/templates/pipelinerun-install.yml.j2 | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/mas/devops/templates/pipelinerun-install.yml.j2 b/src/mas/devops/templates/pipelinerun-install.yml.j2 index b8c04d72..8fc91075 100644 --- a/src/mas/devops/templates/pipelinerun-install.yml.j2 +++ b/src/mas/devops/templates/pipelinerun-install.yml.j2 @@ -539,10 +539,6 @@ spec: - name: mas_ingress_controller_name value: "{{ mas_ingress_controller_name }}" {%- endif %} -{%- if mas_configure_ingress is defined and mas_configure_ingress != "" %} - - name: mas_configure_ingress - value: "{{ mas_configure_ingress }}" -{%- endif %} # MAS Workspace # ------------------------------------------------------------------------- From aa4cab209be0d39378c7eeca6103b6368e0139ea Mon Sep 17 00:00:00 2001 From: Dixit Sathwara Date: Fri, 6 Feb 2026 19:56:23 +0530 Subject: [PATCH 3/3] fix the pre-commit --- src/mas/devops/ocp.py | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) diff --git a/src/mas/devops/ocp.py b/src/mas/devops/ocp.py index 46ca32cc..2cb87671 100644 --- a/src/mas/devops/ocp.py +++ b/src/mas/devops/ocp.py @@ -634,7 +634,6 @@ def updateGlobalPullSecret(dynClient: DynamicClient, registryUrl: str, username: } - def configureIngressForPathBasedRouting(dynClient: DynamicClient, ingressControllerName: str = "default") -> bool: """ Configure OpenShift IngressController for path-based routing. @@ -669,7 +668,6 @@ def configureIngressForPathBasedRouting(dynClient: DynamicClient, ingressControl logger.error(f"IngressController '{ingressControllerName}' not found in namespace 'openshift-ingress-operator'") return False - # Check current namespaceOwnership setting currentPolicy = None if hasattr(ingressController, 'spec') and hasattr(ingressController.spec, 'routeAdmission'): if hasattr(ingressController.spec.routeAdmission, 'namespaceOwnership'): @@ -677,14 +675,12 @@ def configureIngressForPathBasedRouting(dynClient: DynamicClient, ingressControl logger.debug(f"Current namespaceOwnership policy: {currentPolicy if currentPolicy else 'Not set'}") - # Check if already configured if currentPolicy == "InterNamespaceAllowed": logger.info(f"IngressController '{ingressControllerName}' is already configured with namespaceOwnership: InterNamespaceAllowed") return True - # Patch the IngressController logger.info(f"Patching IngressController '{ingressControllerName}' to enable InterNamespaceAllowed") - + patch = { "spec": { "routeAdmission": { @@ -700,10 +696,9 @@ def configureIngressForPathBasedRouting(dynClient: DynamicClient, ingressControl content_type="application/merge-patch+json" ) - # Wait for the change to be applied maxRetries = 5 retryDelay = 5 - + for attempt in range(maxRetries): sleep(retryDelay) try: @@ -711,18 +706,15 @@ def configureIngressForPathBasedRouting(dynClient: DynamicClient, ingressControl name=ingressControllerName, namespace="openshift-ingress-operator" ) - - if (hasattr(updatedController, 'spec') and - hasattr(updatedController.spec, 'routeAdmission') and - hasattr(updatedController.spec.routeAdmission, 'namespaceOwnership') and - updatedController.spec.routeAdmission.namespaceOwnership == "InterNamespaceAllowed"): - + + if (hasattr(updatedController, 'spec') and hasattr(updatedController.spec, 'routeAdmission') and hasattr(updatedController.spec.routeAdmission, 'namespaceOwnership') and updatedController.spec.routeAdmission.namespaceOwnership == "InterNamespaceAllowed"): + logger.info(f"Successfully configured IngressController '{ingressControllerName}' for path-based routing") return True - + except NotFoundError: logger.warning(f"IngressController '{ingressControllerName}' not found during verification (attempt {attempt + 1}/{maxRetries})") - + if attempt < maxRetries - 1: logger.debug(f"Waiting for IngressController to reconcile (attempt {attempt + 1}/{maxRetries})")