controllers: Validates kata version aginst the Kata RPM version present in the extension image.

The extension image contains the Kata RPM. Extension images vary with the OCP version, which means the Kata version can change across releases, Kata version specified in the YAML matches the version bundled in the extension image.

Signed-off-by: ANJANA-A-R-K <[email protected]>

Author: ANJANA-A-R-K

bundle/manifests/sandboxed-containers-operator.clusterserviceversion.yaml

@@ -401,31 +401,31 @@ spec:
                 - name: RELATED_IMAGE_KATA_MONITOR
                   value: registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:af10f44b5976fdbf3609323a25e6b9fdc44f6f78e35aad39ed19e0ee6c9a6e34
                 - name: RELATED_IMAGE_CAA
-                  value: registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:408eaaac58d01892aa2087153eda6f451788c02b8b719dca8e710a8916b2e081
+                  value: registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:a4ea3b6bd7c0eef04f416a1cfa95548efc4932c4bbc5d1800ded5be95e4a346e
                 - name: RELATED_IMAGE_PEERPODS_WEBHOOK
-                  value: registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:4a533f77a4f1415b8eed0d3f5a4ba9d62edd329bf304f26f23b0c1d886dddb71
+                  value: registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:d532b83d44f241717736caa944e7709aca7583f3b2378cfd09e85129f32bd19b
                 - name: RELATED_IMAGE_PODVM_BUILDER
-                  value: registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:805b6d79668e5d3ba2d7f7f7e60d67b512d17904bb8b0997d036550ef7ec4c2c
+                  value: registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:1946446e6d9a981545270d1fd7cf5dfcaa43117f04819fbdc2d44959603d39dc
                 - name: RELATED_IMAGE_PODVM_PAYLOAD
-                  value: registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:7317c2d8c0ac8e542e39d695851c4add301593d2b52af80c77fd4f996efbe2b8
+                  value: registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:c02b94e504810e546cb72b0a92a4b5ca3ae3fe14cff55a6d404421e301d73691
                 - name: RELATED_IMAGE_PODVM_OCI
-                  value: registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:0eb5efd518128ac6df93fec2e5d24c4c5662d5407e016d1f66579cc9ce4529ea
+                  value: registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:afe6c9d5ffc936d66bd22b76de5ca949be1dcd003950939e9dde070aa7cff224
                 - name: RELATED_IMAGE_MUST_GATHER
-                  value: registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:0f0aca3dee0e5b5407e039d25dd053cb00b26d965ba49614d441d60603963d94
+                  value: registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:b4aec6c5826edc9d1266b10cb001de0df355f33cd3000404e4c353e91c2fdd6d
                 - name: RELATED_IMAGE_PCCS
-                  value: registry.redhat.io/openshift-sandboxed-containers/osc-pccs@sha256:de64fc7b13aaa7e466e825d62207f77e7c63a4f9da98663c3ab06abc45f2334d
+                  value: registry.redhat.io/openshift-sandboxed-containers/osc-pccs@sha256:494dae8ee05643c76d29d1b99f2315446d7822f09b34ffbb20c872bf3a2e3f8d
                 - name: RELATED_IMAGE_TDX_QGS
-                  value: registry.redhat.io/openshift-sandboxed-containers/osc-tdx-qgs@sha256:86b23461c4eea073f4535a777374a54e934c37ac8c96c6180030f92ebf970524
+                  value: registry.redhat.io/openshift-sandboxed-containers/osc-tdx-qgs@sha256:f1f263b5ae8304a701b8d9b95f6c3decdaf1b97c3f54ee390da67d4aabd0c44f
                 - name: RELATED_IMAGE_STORAGE_HELPER
-                  value: registry.redhat.io/openshift-sandboxed-containers/osc-storage-helper@sha256:c9b31c8acd23c6925d6bf193696817f14a52b0f0fcbd8459023b5d69da93482e
+                  value: registry.redhat.io/openshift-sandboxed-containers/osc-storage-helper@sha256:4cfabc14a2cc00e64c667917b35113f996b12c0afd9ab613a5a7a9aaefa9d19c
                 envFrom:
                 - secretRef:
                     name: peer-pods-secret
                     optional: true
                 - configMapRef:
                     name: peer-pods-cm
                     optional: true
-                image: registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:51666a78b63c90601e2cefda72d6755e2006ad8574d0b29268a66918e918e1a6
+                image: registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:c0072f9fe52a0a36daad9d6235e57ea034ad5dd0aedd74cbf0bb6316e2c62aa4
                 imagePullPolicy: Always
                 name: manager
                 ports:
@@ -498,7 +498,7 @@ spec:
               containers:
               - command:
                 - /metrics-server
-                image: registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:51666a78b63c90601e2cefda72d6755e2006ad8574d0b29268a66918e918e1a6
+                image: registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:c0072f9fe52a0a36daad9d6235e57ea034ad5dd0aedd74cbf0bb6316e2c62aa4
                 name: metrics-server
                 ports:
                 - containerPort: 8091
@@ -566,23 +566,23 @@ spec:
   relatedImages:
   - image: registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:af10f44b5976fdbf3609323a25e6b9fdc44f6f78e35aad39ed19e0ee6c9a6e34
     name: kata-monitor
-  - image: registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:408eaaac58d01892aa2087153eda6f451788c02b8b719dca8e710a8916b2e081
+  - image: registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:a4ea3b6bd7c0eef04f416a1cfa95548efc4932c4bbc5d1800ded5be95e4a346e
     name: caa
-  - image: registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:4a533f77a4f1415b8eed0d3f5a4ba9d62edd329bf304f26f23b0c1d886dddb71
+  - image: registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:d532b83d44f241717736caa944e7709aca7583f3b2378cfd09e85129f32bd19b
     name: peerpods-webhook
-  - image: registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:805b6d79668e5d3ba2d7f7f7e60d67b512d17904bb8b0997d036550ef7ec4c2c
+  - image: registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:1946446e6d9a981545270d1fd7cf5dfcaa43117f04819fbdc2d44959603d39dc
     name: podvm-builder
-  - image: registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:7317c2d8c0ac8e542e39d695851c4add301593d2b52af80c77fd4f996efbe2b8
+  - image: registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:c02b94e504810e546cb72b0a92a4b5ca3ae3fe14cff55a6d404421e301d73691
     name: podvm-payload
-  - image: registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:0eb5efd518128ac6df93fec2e5d24c4c5662d5407e016d1f66579cc9ce4529ea
+  - image: registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:afe6c9d5ffc936d66bd22b76de5ca949be1dcd003950939e9dde070aa7cff224
     name: podvm-oci
-  - image: registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:0f0aca3dee0e5b5407e039d25dd053cb00b26d965ba49614d441d60603963d94
+  - image: registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:b4aec6c5826edc9d1266b10cb001de0df355f33cd3000404e4c353e91c2fdd6d
     name: must-gather
-  - image: registry.redhat.io/openshift-sandboxed-containers/osc-pccs@sha256:de64fc7b13aaa7e466e825d62207f77e7c63a4f9da98663c3ab06abc45f2334d
+  - image: registry.redhat.io/openshift-sandboxed-containers/osc-pccs@sha256:494dae8ee05643c76d29d1b99f2315446d7822f09b34ffbb20c872bf3a2e3f8d
     name: pccs
-  - image: registry.redhat.io/openshift-sandboxed-containers/osc-tdx-qgs@sha256:86b23461c4eea073f4535a777374a54e934c37ac8c96c6180030f92ebf970524
+  - image: registry.redhat.io/openshift-sandboxed-containers/osc-tdx-qgs@sha256:f1f263b5ae8304a701b8d9b95f6c3decdaf1b97c3f54ee390da67d4aabd0c44f
     name: tdx-qgs
-  - image: registry.redhat.io/openshift-sandboxed-containers/osc-storage-helper@sha256:c9b31c8acd23c6925d6bf193696817f14a52b0f0fcbd8459023b5d69da93482e
+  - image: registry.redhat.io/openshift-sandboxed-containers/osc-storage-helper@sha256:4cfabc14a2cc00e64c667917b35113f996b12c0afd9ab613a5a7a9aaefa9d19c
     name: storage-helper
   replaces: sandboxed-containers-operator.v1.11.0
   version: 1.11.1

config/baremetal/kata-addon-artifacts.yaml

@@ -8,3 +8,6 @@ data:
 
   # Path within the container image where kernel is located
   kernelPath: "/artifacts/kernel/vmlinuz"
+
+  # Kata version
+  kataVersion: "3.21.0"

config/manager/manager.yaml

@@ -80,23 +80,23 @@ spec:
             - name: RELATED_IMAGE_KATA_MONITOR
               value: registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:af10f44b5976fdbf3609323a25e6b9fdc44f6f78e35aad39ed19e0ee6c9a6e34
             - name: RELATED_IMAGE_CAA
-              value: registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:408eaaac58d01892aa2087153eda6f451788c02b8b719dca8e710a8916b2e081
+              value: registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:a4ea3b6bd7c0eef04f416a1cfa95548efc4932c4bbc5d1800ded5be95e4a346e
             - name: RELATED_IMAGE_PEERPODS_WEBHOOK
-              value: registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:4a533f77a4f1415b8eed0d3f5a4ba9d62edd329bf304f26f23b0c1d886dddb71
+              value: registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:d532b83d44f241717736caa944e7709aca7583f3b2378cfd09e85129f32bd19b
             - name: RELATED_IMAGE_PODVM_BUILDER
-              value: registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:805b6d79668e5d3ba2d7f7f7e60d67b512d17904bb8b0997d036550ef7ec4c2c
+              value: registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:1946446e6d9a981545270d1fd7cf5dfcaa43117f04819fbdc2d44959603d39dc
             - name: RELATED_IMAGE_PODVM_PAYLOAD
-              value: registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:7317c2d8c0ac8e542e39d695851c4add301593d2b52af80c77fd4f996efbe2b8
+              value: registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:c02b94e504810e546cb72b0a92a4b5ca3ae3fe14cff55a6d404421e301d73691
             - name: RELATED_IMAGE_PODVM_OCI
-              value: registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:0eb5efd518128ac6df93fec2e5d24c4c5662d5407e016d1f66579cc9ce4529ea
+              value: registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:afe6c9d5ffc936d66bd22b76de5ca949be1dcd003950939e9dde070aa7cff224
             - name: RELATED_IMAGE_MUST_GATHER
-              value: registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:0f0aca3dee0e5b5407e039d25dd053cb00b26d965ba49614d441d60603963d94
+              value: registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:b4aec6c5826edc9d1266b10cb001de0df355f33cd3000404e4c353e91c2fdd6d
             - name: RELATED_IMAGE_PCCS
-              value: registry.redhat.io/openshift-sandboxed-containers/osc-pccs@sha256:de64fc7b13aaa7e466e825d62207f77e7c63a4f9da98663c3ab06abc45f2334d
+              value: registry.redhat.io/openshift-sandboxed-containers/osc-pccs@sha256:494dae8ee05643c76d29d1b99f2315446d7822f09b34ffbb20c872bf3a2e3f8d
             - name: RELATED_IMAGE_TDX_QGS
-              value: registry.redhat.io/openshift-sandboxed-containers/osc-tdx-qgs@sha256:86b23461c4eea073f4535a777374a54e934c37ac8c96c6180030f92ebf970524
+              value: registry.redhat.io/openshift-sandboxed-containers/osc-tdx-qgs@sha256:f1f263b5ae8304a701b8d9b95f6c3decdaf1b97c3f54ee390da67d4aabd0c44f
             - name: RELATED_IMAGE_STORAGE_HELPER
-              value: registry.redhat.io/openshift-sandboxed-containers/osc-storage-helper@sha256:c9b31c8acd23c6925d6bf193696817f14a52b0f0fcbd8459023b5d69da93482e
+              value: registry.redhat.io/openshift-sandboxed-containers/osc-storage-helper@sha256:4cfabc14a2cc00e64c667917b35113f996b12c0afd9ab613a5a7a9aaefa9d19c
           imagePullPolicy: Always
           resources:
             limits:

config/peerpods/podvm/Dockerfile.podvm-builder

@@ -1,4 +1,4 @@
-FROM registry.access.redhat.com/ubi9/ubi:9.7-1764578509
+FROM registry.access.redhat.com/ubi9/ubi:9.7-1767674301
 
 # azure-podvm-image-handler.sh script under /scripts/azure-podvm-image-handler.sh
 # aws-podvm-image-handler.sh script under /scripts/aws-podvm-image-handler.sh