Enhance OpenShift deployment instructions and Makefile

ngopalak-redhat · k8s-ci-robot · commit 8b0fe6b6824c · 2025-08-06T02:07:25.000-07:00
diff --git a/Makefile b/Makefile
@@ -681,8 +681,8 @@ endif
 set-openshift-image-params:
 	$(eval DOCKERFILE = Dockerfile.ubi)
 
-.PHONY: push-openshift-dev
-push-openshift-dev: set-openshift-image-params openshift-user image
+.PHONY: _push-image-openshift-dev
+_push-image-openshift-dev:
 	@echo "Exposing the default route to the image registry"
 	@oc patch configs.imageregistry.operator.openshift.io/cluster --patch '{"spec":{"defaultRoute":true}}' --type=merge
 	@echo "Pushing image $(IMAGE) to the image registry"
@@ -698,6 +698,13 @@ else
 
 endif
 
+.PHONY: push-prebuilt-image-openshift-dev
+push-prebuilt-image-openshift-dev: set-openshift-image-params openshift-user _push-image-openshift-dev
+	@echo "Pushed a pre-built image to image registry"
+
+.PHONY: push-openshift-dev
+push-openshift-dev: set-openshift-image-params openshift-user image _push-image-openshift-dev
+	@echo "Built image and pushed to image registry"
 .PHONY: do-deploy-openshift-dev
 do-deploy-openshift-dev: $(BUILD_DIR)/kustomize
 	@echo "Deploying"
@@ -709,6 +716,9 @@ do-deploy-openshift-dev: $(BUILD_DIR)/kustomize
 .PHONY: deploy-openshift-dev
 deploy-openshift-dev: push-openshift-dev do-deploy-openshift-dev
 
+# Deploy pre-built image for development into OpenShift
+.PHONY: deploy-prebuilt-openshift-dev
+deploy-prebuilt-openshift-dev: push-prebuilt-image-openshift-dev do-deploy-openshift-dev
 
 # Deploy the operator into the current kubectl context.
 .PHONY: deploy
diff --git a/hacking.md b/hacking.md
@@ -180,15 +180,24 @@ On a high level, the process is as follows:
     to change the image references to point to your images
 
 ### Distribution specific instructions: OpenShift
+Before you start, you must have the `KUBECONFIG` environment variable set correctly to point to your 
+OpenShift cluster's configuration file, and you need to be successfully logged in using the `oc login` command.
+
 For convenience, the `Makefile` contains a target called `deploy-openshift-dev` which
 deploys SPO in an OpenShift cluster with the appropriate defaults (SELinux is on by default)
-and the appropriate settings (no cert-manager needed).
+and the appropriate settings (no cert-manager needed). It should be noted that `deploy-openshit-dev`
+will not enable eBPF and app-armor capabilities (APPARMOR_ENABLED=0, BPF_ENABLED=0).
 
 If you modify the code and need to push the images to the cluster again, use the
 `push-openshift-dev` Makefile target. Because the targets use the `ImageStream` feature
 of OpenShift, simply pushing the new images will trigger a new rollout of the deployments
 and DaemonSets.
 
+To build the SPO image with eBPF enabled, simply use `BPF_ENABLED=1 make image`, which will compile the image and 
+make it available locally at `localhost/security-profiles-operator:latest`. Once built, you can deploy this pre-built 
+image to OpenShift by running `make deploy-prebuilt-openshift-dev`. Subsequently, if you need to push this locally 
+built image to image registry used by OpenShift, execute `make push-prebuilt-image-openshift-dev`.
+
 ### Tearing down your test environment
 At the moment, there's no teardown target provided. At the same time, some
 custom resources, notably the policies themselves use finalizers which prevent
