openshift
diff --git a/‎controllers/daemonset_reconcile.go‎
Lines changed: 938 additions & 0 deletions b/‎controllers/daemonset_reconcile.go‎
Lines changed: 938 additions & 0 deletions
diff --git a/‎controllers/deployment_mode_handler.go‎
Lines changed: 121 additions & 0 deletions b/‎controllers/deployment_mode_handler.go‎
Lines changed: 121 additions & 0 deletions
diff --git a/‎controllers/fg_handler.go‎
Lines changed: 55 additions & 17 deletions b/‎controllers/fg_handler.go‎
Lines changed: 55 additions & 17 deletions
@@ -0,0 +1,121 @@
+package controllers
+
+import (
+	"context"
+	"fmt"
+
+	k8serrors "k8s.io/apimachinery/pkg/api/errors"
+	meta "k8s.io/apimachinery/pkg/api/meta"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+// Create enum to represent the state of the deployment mode
+type DeploymentMode int
+
+const (
+	MachineConfigMode DeploymentMode = iota
+	DaemonSetMode
+)
+
+// Create enum to represent the configuration of the deployment mode
+type DeploymentModeOption string
+
+const (
+	MachineConfigOption     DeploymentModeOption = "MachineConfig"
+	DaemonSetOption         DeploymentModeOption = "DaemonSet"
+	DaemonSetFallbackOption DeploymentModeOption = "DaemonSetFallback"
+)
+
+const (
+	machineConfigGroup   = "machineconfiguration.openshift.io"
+	machineConfigVersion = "v1"
+	machineConfigKind    = "MachineConfig"
+)
+
+func ParseDeploymentModeOption(s string) (DeploymentModeOption, error) {
+	switch DeploymentModeOption(s) {
+	case MachineConfigOption, DaemonSetOption, DaemonSetFallbackOption:
+		return DeploymentModeOption(s), nil
+	default:
+		return "", fmt.Errorf("invalid DeploymentMode: %q", s)
+	}
+}
+
+func (d DeploymentModeOption) String() string {
+	return string(d)
+}
+
+// Process the DeploymentMode feature gate (FG).
+// This method is invoked by the reconcile loop at its initiation.
+// It examines the current state of the FeatureGate and adjusts the deployment mode (DaemonSet or MachineConfig)
+// based on the selected DeploymentModeOption and the availability of the MachineConfig Add-on.
+//
+// The behavior is as follows:
+//   - If the mode is MachineConfigOption, the deployment mode is set to MachineConfig.
+//   - If the mode is DaemonSetOption, the deployment mode is forcibly set to DaemonSet, regardless of MachineConfig availability.
+//   - If the mode is DaemonSetFallbackOption, the deployment mode is set to DaemonSet only if the MachineConfig Add-on is unavailable.
+//     Otherwise, it defaults to MachineConfig.
+func (r *KataConfigOpenShiftReconciler) handleDeploymentModeFeature(mode DeploymentModeOption) error {
+	r.Log.Info("Feature gate", "featuregate", DeploymentModeConfig, "state", mode)
+
+	machineConfigAvailable, err := r.isMachineConfigAvailable()
+	if err != nil {
+		r.Log.Info("Error checking if MachineConfig is available")
+		return err
+	}
+
+	if mode == MachineConfigOption {
+		if !machineConfigAvailable {
+			return fmt.Errorf("deployment mode is set to MachineConfig, but it's not available")
+		}
+
+		r.Log.Info("Deployment mode will be set to MachineConfig")
+		r.DeploymentMode = MachineConfigMode
+		return nil
+	}
+
+	if mode == DaemonSetOption {
+		r.Log.Info("Deployment mode will be set to DaemonSet")
+		r.DeploymentMode = DaemonSetMode
+		return nil
+	}
+
+	if mode == DaemonSetFallbackOption && !machineConfigAvailable {
+		r.Log.Info("MachineConfig is not available, deployment mode will be set to DaemonSet")
+		r.DeploymentMode = DaemonSetMode
+	} else {
+		r.Log.Info("Deployment mode will be set to MachineConfig")
+		r.DeploymentMode = MachineConfigMode
+	}
+
+	return nil
+}
+
+// isMachineConfigAvailable checks if MachineConfig CRD is available.
+//
+// It returns a boolean indicating availability and an error if any.
+func (r *KataConfigOpenShiftReconciler) isMachineConfigAvailable() (bool, error) {
+	machineConfig := &unstructured.Unstructured{}
+	machineConfig.SetGroupVersionKind(schema.GroupVersionKind{
+		Group:   machineConfigGroup,
+		Version: machineConfigVersion,
+		Kind:    machineConfigKind,
+	})
+
+	// Attempt to GET any MachineConfig to verify if the GVK is known.
+	// If the CRD isn’t installed, it will return a NoMatchError.
+	err := r.Client.Get(context.Background(), client.ObjectKey{Name: "dummy-machine-config"}, machineConfig)
+	if err == nil || k8serrors.IsNotFound(err) {
+		r.Log.Info("MachineConfig CRD is present")
+		return true, nil
+	}
+
+	if meta.IsNoMatchError(err) {
+		r.Log.Info("MachineConfig CRD not found")
+		return false, nil
+	}
+
+	return false, err
+}
@@ -2,6 +2,7 @@ package controllers
 
 import (
 	"context"
+	"strconv"
 
 	corev1 "k8s.io/api/core/v1"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
@@ -12,15 +13,19 @@ const (
 	FgConfigMapName         = "osc-feature-gates"
 	ConfidentialFeatureGate = "confidential"
 	LayeredImageDeployment  = "layeredImageDeployment"
+	DeploymentModeConfig    = "deploymentMode"
 )
 
-var DefaultFeatureGates = map[string]bool{
-	ConfidentialFeatureGate: false,
-	LayeredImageDeployment:  false,
+var DefaultFeatureGates = FeatureGateStatus{
+	Confidential:           false,
+	LayeredImageDeployment: false,
+	DeploymentModeOption:   MachineConfigOption,
 }
 
 type FeatureGateStatus struct {
-	FeatureGates map[string]bool
+	Confidential           bool
+	LayeredImageDeployment bool
+	DeploymentModeOption   DeploymentModeOption
 }
 
 // Create enum to represent the state of the feature gates
@@ -40,22 +45,38 @@ const (
 // Return an error for any other reason, such as an API error.
 func (r *KataConfigOpenShiftReconciler) NewFeatureGateStatus() (*FeatureGateStatus, error) {
 	fgStatus := &FeatureGateStatus{
-		FeatureGates: make(map[string]bool),
+		Confidential:           DefaultFeatureGates.Confidential,
+		LayeredImageDeployment: DefaultFeatureGates.LayeredImageDeployment,
+		DeploymentModeOption:   DefaultFeatureGates.DeploymentModeOption,
 	}
 
 	cfgMap := &corev1.ConfigMap{}
 	err := r.Client.Get(context.TODO(), types.NamespacedName{Name: FgConfigMapName,
 		Namespace: OperatorNamespace}, cfgMap)
 	if err == nil {
-		for feature, value := range cfgMap.Data {
-			fgStatus.FeatureGates[feature] = value == "true"
+		if value, ok := cfgMap.Data[ConfidentialFeatureGate]; ok {
+			confidential, err := strconv.ParseBool(value)
+			if err != nil {
+				r.Log.Info("Couldn't parse confidential status, using default value", "default", DefaultFeatureGates.Confidential, "error", err)
+			} else {
+				fgStatus.Confidential = confidential
+			}
 		}
-	}
-
-	// Add default values for missing feature gates
-	for feature, defaultValue := range DefaultFeatureGates {
-		if _, exists := fgStatus.FeatureGates[feature]; !exists {
-			fgStatus.FeatureGates[feature] = defaultValue
+		if value, ok := cfgMap.Data[LayeredImageDeployment]; ok {
+			layeredImageDeployment, err := strconv.ParseBool(value)
+			if err != nil {
+				r.Log.Info("Couldn't parse layeredImageDeployment status, using default value", "default", DefaultFeatureGates.LayeredImageDeployment, "error", err)
+			} else {
+				fgStatus.LayeredImageDeployment = layeredImageDeployment
+			}
+		}
+		if value, ok := cfgMap.Data[DeploymentModeConfig]; ok {
+			mode, err := ParseDeploymentModeOption(value)
+			if err != nil {
+				r.Log.Info("Couldn't parse deploymentMode status, using default value", "default", DefaultFeatureGates.DeploymentModeOption, "error", err)
+			} else {
+				fgStatus.DeploymentModeOption = mode
+			}
 		}
 	}
 
@@ -66,8 +87,16 @@ func (r *KataConfigOpenShiftReconciler) NewFeatureGateStatus() (*FeatureGateStat
 	}
 }
 
-func IsEnabled(fgStatus *FeatureGateStatus, feature string) bool {
-	return fgStatus.FeatureGates[feature]
+var statusChecker = map[string]func(fgstatus *FeatureGateStatus) bool{
+	ConfidentialFeatureGate: func(fgstatus *FeatureGateStatus) bool { return fgstatus.Confidential },
+	LayeredImageDeployment:  func(fgstatus *FeatureGateStatus) bool { return fgstatus.LayeredImageDeployment },
+}
+
+func (fgstatus *FeatureGateStatus) IsEnabled(key string) bool {
+	if checkStatus, ok := statusChecker[key]; ok {
+		return checkStatus(fgstatus)
+	}
+	return false
 }
 
 // Function to handle the feature gates
@@ -82,7 +111,7 @@ func (r *KataConfigOpenShiftReconciler) processFeatureGates() error {
 	// Check which feature gates are enabled in the FG ConfigMap and
 	// perform the necessary actions
 	if r.kataConfig.Spec.EnablePeerPods {
-		if IsEnabled(fgStatus, ConfidentialFeatureGate) {
+		if fgStatus.IsEnabled(ConfidentialFeatureGate) {
 			r.Log.Info("Feature gate is enabled", "featuregate", ConfidentialFeatureGate)
 			// Perform the necessary actions
 			if err := r.handleFeatureConfidential(Enabled); err != nil {
@@ -97,8 +126,17 @@ func (r *KataConfigOpenShiftReconciler) processFeatureGates() error {
 		}
 	}
 
+	if err := r.handleDeploymentModeFeature(fgStatus.DeploymentModeOption); err != nil {
+		return err
+	}
+
+	if r.DeploymentMode == DaemonSetMode {
+		r.Log.Info("Skipping layered image deployment feature, not using MCO")
+		return nil
+	}
+
 	// Check layered Image deployment FG
-	if IsEnabled(fgStatus, LayeredImageDeployment) {
+	if fgStatus.IsEnabled(LayeredImageDeployment) {
 		r.Log.Info("Feature gate is enabled", "featuregate", LayeredImageDeployment)
 		// Perform the necessary actions
 		return r.handleLayeredImageDeploymentFeature(Enabled)