From e462d2edcbc01172e725553a67ea96a95eee48e7 Mon Sep 17 00:00:00 2001 From: Tiger Kaovilai Date: Mon, 1 May 2023 16:21:44 -0400 Subject: [PATCH 1/8] Update `config/` so it can generate `bundle/` Signed-off-by: Tiger Kaovilai --- .github/workflows/csv-validate.yml | 7 +- Makefile | 64 ++++- PROJECT | 4 +- bundle.Dockerfile | 2 +- ...nveyor-operator.clusterserviceversion.yaml | 249 +++++++++--------- .../manifests/tackle.konveyor.io_addons.yaml | 17 +- bundle/metadata/annotations.yaml | 2 +- .../crd/bases/tackle.konveyor.io_addons.yaml | 139 ++++++++++ .../crd/bases/tackle.konveyor.io_tackles.yaml | 7 + config/crd/kustomization.yaml | 1 + config/default/kustomization.yaml | 10 +- config/default/manager_auth_proxy_patch.yaml | 41 --- config/default/manager_config_patch.yaml | 20 -- config/manager/kustomization.yaml | 10 +- config/manager/manager.yaml | 76 +++--- ...nveyor-operator.clusterserviceversion.yaml | 114 ++++++++ ...tackle-operator.clusterserviceversion.yaml | 45 ---- config/prometheus/monitor.yaml | 6 +- .../rbac/auth_proxy_client_clusterrole.yaml | 9 - config/rbac/auth_proxy_role.yaml | 17 -- config/rbac/auth_proxy_service.yaml | 15 -- config/rbac/cluster_role.yaml | 36 +++ config/rbac/cluster_role_binding.yaml | 12 + config/rbac/hub_role.yaml | 22 ++ ...ole_binding.yaml => hub_role_binding.yaml} | 6 +- config/rbac/hub_service_account.yaml | 5 + config/rbac/kustomization.yaml | 20 +- config/rbac/leader_election_role.yaml | 37 --- config/rbac/role.yaml | 142 ++++++---- config/rbac/role_binding.yaml | 6 +- config/rbac/service_account.yaml | 2 +- config/rbac/ui_cluster_role.yaml | 7 + ...ding.yaml => ui_cluster_role_binding.yaml} | 6 +- config/rbac/ui_service_account.yaml | 5 + config/samples/kustomization.yaml | 1 + config/samples/tackle_v1alpha1_addon.yaml | 7 + config/samples/tackle_v1alpha1_tackle.yaml | 5 +- config/testing/debug_logs_patch.yaml | 14 - config/testing/kustomization.yaml | 23 -- config/testing/manager_image.yaml | 12 - config/testing/pull_policy/Always.yaml | 12 - config/testing/pull_policy/IfNotPresent.yaml | 12 - config/testing/pull_policy/Never.yaml | 12 - roles/tackle/defaults/main.yml | 4 +- tools/tackle-opdev.sh | 11 +- tools/templates/clusterserviceversion.yaml.j2 | 4 +- 46 files changed, 741 insertions(+), 537 deletions(-) create mode 100644 config/crd/bases/tackle.konveyor.io_addons.yaml delete mode 100644 config/default/manager_auth_proxy_patch.yaml delete mode 100644 config/default/manager_config_patch.yaml create mode 100644 config/manifests/bases/konveyor-operator.clusterserviceversion.yaml delete mode 100644 config/manifests/bases/tackle-operator.clusterserviceversion.yaml delete mode 100644 config/rbac/auth_proxy_client_clusterrole.yaml delete mode 100644 config/rbac/auth_proxy_role.yaml delete mode 100644 config/rbac/auth_proxy_service.yaml create mode 100644 config/rbac/cluster_role.yaml create mode 100644 config/rbac/cluster_role_binding.yaml create mode 100644 config/rbac/hub_role.yaml rename config/rbac/{leader_election_role_binding.yaml => hub_role_binding.yaml} (66%) create mode 100644 config/rbac/hub_service_account.yaml delete mode 100644 config/rbac/leader_election_role.yaml create mode 100644 config/rbac/ui_cluster_role.yaml rename config/rbac/{auth_proxy_role_binding.yaml => ui_cluster_role_binding.yaml} (73%) create mode 100644 config/rbac/ui_service_account.yaml create mode 100644 config/samples/tackle_v1alpha1_addon.yaml delete mode 100644 config/testing/debug_logs_patch.yaml delete mode 100644 config/testing/kustomization.yaml delete mode 100644 config/testing/manager_image.yaml delete mode 100644 config/testing/pull_policy/Always.yaml delete mode 100644 config/testing/pull_policy/IfNotPresent.yaml delete mode 100644 config/testing/pull_policy/Never.yaml diff --git a/.github/workflows/csv-validate.yml b/.github/workflows/csv-validate.yml index d007d4a..89c2585 100644 --- a/.github/workflows/csv-validate.yml +++ b/.github/workflows/csv-validate.yml @@ -9,9 +9,6 @@ on: - 'bundle/**' workflow_dispatch: -env: - OPERATOR_SDK_DL_URL: https://github.com/operator-framework/operator-sdk/releases/download - OPERATOR_SDK_VERSION: v1.16.0 jobs: build: runs-on: ubuntu-latest @@ -25,7 +22,7 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} - name: Get Operator SDK - run: curl -LO ${{ env.OPERATOR_SDK_DL_URL }}/${{ env.OPERATOR_SDK_VERSION }}/operator-sdk_linux_amd64 && chmod +x operator-sdk_* && mv operator-sdk_linux_amd64 operator-sdk + run: make operator-sdk - name: Validate bundle - run: ./operator-sdk bundle validate ./bundle + run: ./bin/operator-sdk bundle validate ./bundle diff --git a/Makefile b/Makefile index b1c7b3c..73b56a5 100644 --- a/Makefile +++ b/Makefile @@ -15,6 +15,7 @@ CONTAINER_RUNTIME ?= docker TARGET_ARCH ?= amd64 # CHANNELS define the bundle channels used in the bundle. +CHANNELS = "development" # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable") # To re-generate a bundle for other specific channels without changing the standard setup, you can: # - use the CHANNELS as arg of the bundle target (e.g make bundle CHANNELS=candidate,fast,stable) @@ -39,7 +40,7 @@ BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL) # # For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both # konveyor.io/tackle-operator-bundle:$VERSION and konveyor.io/tackle-operator-catalog:$VERSION. -IMAGE_TAG_BASE ?= konveyor.io/tackle-operator +IMAGE_TAG_BASE ?= quay.io/konveyor/tackle2-operator # BUNDLE_IMG defines the image:tag used for the bundle. # You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=/:) @@ -57,7 +58,7 @@ ifeq ($(USE_IMAGE_DIGESTS), true) endif # Image URL to use all building/pushing image targets -IMG ?= tackle-operator:latest +IMG ?= quay.io/konveyor/tackle2-operator:latest .PHONY: all all: docker-build @@ -85,9 +86,14 @@ help: ## Display this help. run: ansible-operator ## Run against the configured Kubernetes cluster in ~/.kube/config ANSIBLE_ROLES_PATH="$(ANSIBLE_ROLES_PATH):$(shell pwd)/roles" $(ANSIBLE_OPERATOR) run +TARGET_PLATFORMS ?= linux/${TARGET_ARCH} .PHONY: docker-build docker-build: ## Build docker image with the manager. +ifeq ($(CONTAINER_RUNTIME), podman) $(CONTAINER_RUNTIME) build --arch ${TARGET_ARCH} -t ${IMG} . +else + $(CONTAINER_RUNTIME) build --platform ${TARGET_PLATFORMS} -t ${IMG} . +endif .PHONY: docker-push docker-push: ## Push docker image with the manager. @@ -108,6 +114,26 @@ deploy: kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/c cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} $(KUSTOMIZE) build config/default | kubectl apply -f - +GIT_REV:=$(shell git rev-parse --short HEAD) +## Build current branch operator image, bundle image, push and install via OLM +.PHONY: deploy-olm +deploy-olm: THIS_OPERATOR_IMAGE?=ttl.sh/konveyor-operator-$(GIT_REV):1h # Set target specific variable +deploy-olm: THIS_BUNDLE_IMAGE?=ttl.sh/konveyor-operator-bundle-$(GIT_REV):1h # Set target specific variable +deploy-olm: NAMESPACE?=konveyor-tackle +deploy-olm: DEPLOY_TMP:=$(shell mktemp -d)/ # Set target specific variable +deploy-olm: operator-sdk ## Build current branch operator image, bundle image, push and install via OLM + kubectl auth can-i create ns --all-namespaces # Check if logged in + kubectl create namespace $(NAMESPACE) || true + $(OPERATOR_SDK) cleanup konveyor-operator --namespace $(NAMESPACE) + @echo "DEPLOY_TMP: $(DEPLOY_TMP)" + # build and push operator and bundle image + # use $(OPERATOR_SDK) to install bundle to authenticated cluster + cp -r . $(DEPLOY_TMP) && cd $(DEPLOY_TMP) && \ + IMG=$(THIS_OPERATOR_IMAGE) BUNDLE_IMG=$(THIS_BUNDLE_IMAGE) \ + make docker-build docker-push bundle bundle-build bundle-push; \ + rm -rf $(DEPLOY_TMP) + $(OPERATOR_SDK) run bundle $(THIS_BUNDLE_IMAGE) --namespace $(NAMESPACE) + .PHONY: undeploy undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. $(KUSTOMIZE) build config/default | kubectl delete -f - @@ -117,13 +143,20 @@ ARCH := $(shell uname -m | sed 's/x86_64/amd64/') .PHONY: kustomize KUSTOMIZE = $(shell pwd)/bin/kustomize +KUSTOMIZE_ARCH=$(ARCH) +ifeq ($(OS),darwin) +# Kustomize does not provide a Darwin/arm64 binary for v3.8.7 + KUSTOMIZE_ARCH="amd64" +endif kustomize: ## Download kustomize locally if necessary. ifeq (,$(wildcard $(KUSTOMIZE))) ifeq (,$(shell which kustomize 2>/dev/null)) @{ \ - set -e ;\ - mkdir -p $(dir $(KUSTOMIZE)) ;\ - curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v3.8.7/kustomize_v3.8.7_$(OS)_$(ARCH).tar.gz | \ + set -e &&\ + echo "$(KUSTOMIZE_ARCH)" &&\ + mkdir -p $(dir $(KUSTOMIZE)) &&\ + echo https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v3.8.7/kustomize_v3.8.7_$(OS)_$(KUSTOMIZE_ARCH).tar.gz &&\ + curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v3.8.7/kustomize_v3.8.7_$(OS)_$(KUSTOMIZE_ARCH).tar.gz | \ tar xzf - -C bin/ ;\ } else @@ -147,16 +180,29 @@ ANSIBLE_OPERATOR = $(shell which ansible-operator) endif endif +OPERATOR_SDK = $(shell pwd)/bin/operator-sdk +.PHONY: operator-sdk +operator-sdk: $(OPERATOR_SDK) + +$(OPERATOR_SDK): + mkdir -p $(dir $(OPERATOR_SDK)) && \ + curl -Lo $(OPERATOR_SDK) https://github.com/operator-framework/operator-sdk/releases/download/v1.28.1/operator-sdk_$(shell go env GOOS)_$(shell go env GOARCH) && \ + chmod +x $(OPERATOR_SDK); + .PHONY: bundle -bundle: kustomize ## Generate bundle manifests and metadata, then validate generated files. - operator-sdk generate kustomize manifests -q +bundle: kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files. + $(OPERATOR_SDK) generate kustomize manifests -q cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG) - $(KUSTOMIZE) build config/manifests | operator-sdk generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS) - operator-sdk bundle validate ./bundle + $(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle -q --overwrite --extra-service-accounts tackle-hub,tackle-ui --version $(VERSION) $(BUNDLE_METADATA_OPTS) + $(OPERATOR_SDK) bundle validate ./bundle .PHONY: bundle-build bundle-build: ## Build the bundle image. +ifeq ($(CONTAINER_RUNTIME), podman) $(CONTAINER_RUNTIME) build --arch ${TARGET_ARCH} -f bundle.Dockerfile -t $(BUNDLE_IMG) . +else + $(CONTAINER_RUNTIME) build --platform ${TARGET_PLATFORMS} -f bundle.Dockerfile -t $(BUNDLE_IMG) . +endif .PHONY: bundle-push bundle-push: ## Push the bundle image. diff --git a/PROJECT b/PROJECT index 591a38c..2aa8a10 100644 --- a/PROJECT +++ b/PROJECT @@ -1,10 +1,10 @@ -domain: konveyor.io +domain: quay.io layout: - ansible.sdk.operatorframework.io/v1 plugins: manifests.sdk.operatorframework.io/v2: {} scorecard.sdk.operatorframework.io/v2: {} -projectName: tackle-operator +projectName: konveyor-operator resources: - api: crdVersion: v1 diff --git a/bundle.Dockerfile b/bundle.Dockerfile index 5429fbc..dfc17cd 100644 --- a/bundle.Dockerfile +++ b/bundle.Dockerfile @@ -7,7 +7,7 @@ LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ LABEL operators.operatorframework.io.bundle.package.v1=konveyor-operator LABEL operators.operatorframework.io.bundle.channels.v1=development LABEL operators.operatorframework.io.bundle.channel.default.v1=development -LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.22.0 +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.28.1 LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 LABEL operators.operatorframework.io.metrics.project_layout=ansible.sdk.operatorframework.io/v1 diff --git a/bundle/manifests/konveyor-operator.clusterserviceversion.yaml b/bundle/manifests/konveyor-operator.clusterserviceversion.yaml index 63bdc85..c4f9960 100644 --- a/bundle/manifests/konveyor-operator.clusterserviceversion.yaml +++ b/bundle/manifests/konveyor-operator.clusterserviceversion.yaml @@ -1,44 +1,41 @@ apiVersion: operators.coreos.com/v1alpha1 kind: ClusterServiceVersion metadata: - name: konveyor-operator.v99.0.0 - namespace: konveyor-tackle annotations: - capabilities: Seamless Upgrades - description: >- - Konveyor is an open-source application modernization platform that helps organizations safely and predictably modernize applications to Kubernetes at scale. - categories: 'Modernization & Migration' - support: https://github.com/konveyor/tackle2-operator/issues - repository: https://github.com/konveyor/tackle2-operator - certified: "false" - containerImage: quay.io/konveyor/tackle2-operator:latest - createdAt: 2022-10-03 - olm.skipRange: '>=0.0.0 <99.0.0' alm-examples: |- [ { "apiVersion": "tackle.konveyor.io/v1alpha1", - "kind": "Tackle", + "kind": "Addon", "metadata": { - "name": "tackle", + "name": "move2kube-plan", "namespace": "konveyor-tackle" }, "spec": { - "feature_auth_required": "false" + "image": "quay.io/konveyor/tackle-addon-move2kube-plan:latest" } }, { "apiVersion": "tackle.konveyor.io/v1alpha1", - "kind": "Addon", + "kind": "Tackle", "metadata": { - "name": "move2kube-plan", + "name": "tackle", "namespace": "konveyor-tackle" }, "spec": { - "image": "quay.io/konveyor/tackle-addon-move2kube-plan:latest" + "feature_auth_required": "false" } } ] + capabilities: Seamless Upgrades + categories: Modernization & Migration + certified: "false" + containerImage: quay.io/konveyor/tackle2-operator:latest + createdAt: "2023-05-31T20:22:24Z" + description: Konveyor is an open-source application modernization platform that + helps organizations safely and predictably modernize applications to Kubernetes + at scale. + olm.skipRange: '>=0.0.0 <99.0.0' operatorframework.io/initialization-resource: |- { "apiVersion": "tackle.konveyor.io/v1alpha1", @@ -52,21 +49,27 @@ metadata: } } operatorframework.io/suggested-namespace: konveyor-tackle + operators.operatorframework.io/builder: operator-sdk-v1.28.1 + operators.operatorframework.io/project_layout: ansible.sdk.operatorframework.io/v1 + repository: https://github.com/konveyor/tackle2-operator + support: https://github.com/konveyor/tackle2-operator/issues + name: konveyor-operator.v99.0.0 + namespace: konveyor-tackle spec: apiservicedefinitions: {} customresourcedefinitions: owned: - - name: tackles.tackle.konveyor.io + - description: Tackle Addon + displayName: Addon + kind: Addon + name: addons.tackle.konveyor.io version: v1alpha1 - kind: Tackle + - description: Tackle displayName: Tackle - description: Tackle - - name: addons.tackle.konveyor.io + kind: Tackle + name: tackles.tackle.konveyor.io version: v1alpha1 - kind: Addon - displayName: Addon - description: Tackle Addon - description: |+ + description: | Konveyor is an open-source application modernization platform that helps organizations safely and predictably modernize applications to new technologies, with an initial focus on accelerating the adoption of legacy applications to Kubernetes. See the [Konveyor Unified Experience](https://github.com/konveyor/enhancements/tree/master/enhancements/unified_experience) to understand the vision of the project and the [Konveyor Charter](https://github.com/konveyor/community/blob/main/Charter.md) for more information on the community. @@ -100,14 +103,44 @@ spec: * Raising any issues you find using Konveyor Operator * Fixing issues by opening [Pull Requests](https://github.com/konveyor/tackle2-operator/pulls) * Improving [documentation](https://github.com/konveyor/tackle-documentation) - displayName: Konveyor Operator icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAKsAAACrCAYAAAAZ6GwZAAAACXBIWXMAAAsSAAALEgHS3X78AAALWUlEQVR4nO2dPWwcxxXHR0GgQBICMhAQwI4BXgqnsJOINnZrnly4iALwAgJGUokswgBsRFfpTtSmSiW6MA2zEdkKJnwCLBcpomN9Z+cYWy7swneAYReBYx0QxYibC+bwTh4d583H3pJ7j/f/AQuCvP2YmfefN2/ezB7PDQYDBYAEfgArASlArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjH8cBZMdbCzPq+UWjylxz1a2djtnNKzZooz/1oLCbWplLoyBcXJw9rKxu6evGIXzyyEAZuChaq5MwVlmAoQswIxQKxADBArEAPECsQwE6mrIvjks6+i71J57rK6eOH8NFZHJBBrAHff/1Ddvf9B9HWXLpxXb/3lDxBsQSAMCODhp1/muu7xt9+p7hdfn3Jpzy4QawC/feVXua7TYcALzz9zyqU9uyAMCCD99YJ6580/Tn05zzrwrEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjHMglgbSqn+FJQjL/syi1085waDwVmr0zEOdtYr+j/9TFmxgljZ2G0KKOapMBNiBWcDxKxADKX907aDnfV5pdSmUKl0VjZ2G+N/PNhZX1RK1cop0sQ0VjZ2O9NcwNLCgIOddW3s5VIeXgy/MwVLcbE29pzQ+uhJ6OLKxm53CspipcwwYL7EZxfB4tg9KoKFqqjsUz0JRcwKxACxAjFArEAMECsQQ2mpqyJo/bOn3vv7R1F3unTxR+q1ay+rys8uT2Wd7r7/oXr46ZdR17z4i2fVa795+cTKNC2IFeu//v0f9de3/5br2u4XX6ud7PeFl2lS7j/4WN29/0H0XR5+9pW6dOG8unb1l9NWpUIRGwZo4+gjDxdzXgfKRaxn1YL7859eVe89+Fg9/u//gq/76eUfq2uvTKcH0p7x8bffRYcBP3/u8pn3qkp6zPrC888Mj7PEMPacgfgzD8gGADFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMZYp1CTIBMcCzAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxFCmWPuQCYihTLFWBQv2SCm1bf5hZWO3qZTaL69IE7NPdZhazg0GA7nNC2YKxKxADBArEAPECsQAsQIxQKxADBArEAPECsRw6v8VO0mzeaXUolKqQkdHKfWo3apPdUJ6lkjSTNtn3qiytk+n7CY4lUUBEugqHVccp95TSjXarfreiRcKPEWSZjWyj15ZnHPYZ6/dqjfKaL0nYk3SbMt2QrtVt/49SbPNsd5nst1u1R8Z5205GsCGXs7c5LxtkmZValSTjqsRkzSrkDHG6erOkaTZKnl66+eO+9rKMkS3nevzAJrUxtrT2XjSzpZy1bjrTJtS+bY9TmScnm7LSPtwdHU9261613eiGQbcZM45JtYkzXTlbjDn39INSN5UG3k5sNAmuuEeJGn2ertV37Z8XrWVN0mzlxzDVYWp4yGVc5GpU58+59Aiv2757IjazlrWCJqO67u2shltb3MQh8Z5WznLtkD2ucU4s+g6J2mmy1XjOp/KM8EiD8QJdZ+8yTw1ch6hmtymjhFKk56dB06QcxTDcdSYv8eUm4W81xOBjbHpKBM3kg1HlyTN9ibsRJqbdJ8i0K/md8krW4kSKxmNM8KR0Xh7kcOKixvUQUKYo04SDXnkI+Y66/OpPThRFBnXWUMx3cZMR+JErJ1Jl0Iz22iQh+tcCJmDOfLYtnAsXKzksRqMcfojF07C8nnUHgXrb5DX8G0V3OYqYOFKpDc24bwE19u5TnTPNZzFEuNdyTNxjmKLxH07oAiHxuHjpmf0icVqhxjP2qBYxUaNeuy8Z/jTnutqu1WvtFt1fY2eRFXbrbq+7nWHaOcc3sVGjDc24cR6heksnIhPIpvB1f/6WOjD1XufJjEu+/TJDj8huwwP/btSas3jVAoJe4glWzgQlGclT8V93c+aMSt0xUr7NMO3ehw9kUrSrEnDuO0ew+EmZNZI6Pt1YvKDNDLcY0aGqilCEq/Ng/UDUzvc5IQrW5MmITY7rBqjDze8j7wqZ8cjmuEfay+ymc6YNMg+tnoPBebJlx+S+IeQILnRujoe0nk9a8CEyvQiXK/uuYQ6ghrKlfLgJjM2dAM0cky4OK84/myuLCeZg+TEPQoFfF6V+7zPCdWE7FdzeNio0YyEzbXXsbAixLOyE6p2qz5eOK7XeoU6QjdYkmb7jIeoRQ43CyS+YJFrr5ikWd/S28e9LdepQstX9UxM9sZHEYd3XSAvZZtY9Q2Rs2UOHYEo3NtmMgl58smcLo45mRCxchOqpwrmSDmEDosme4xY8wTxyySKmCxBw/Z8nWg36mILFXoRYceS55sUm5RHHUfX5QFTZputtg3RcxOv2BibS3txcxorNOpxjuSYiPNuZOlEzHaj15QdcU/MKpjJzcgQgvOOw3vQ6lDMdYVBbXPPcj/OqWyr72NsKxHzgCF0fs/2mStPqp2NnpeMDuqMnMCPaSCvWJcoVycJLu4+BnlHmzFGhigjXjUJbXtzOZYTK5db9hElcGLOGFGWHM7Humo4yRbB24G5tegVpYic6jiHEzT+ODYvuUB1tnmPw1gPlRd6ju+1775ZB8dolXfxhrN9Efll656HSfezmurnDMXlKF1wQ0mIEIv6PgLOS24yQ1ds3Kc71i3H4RO+L+3FbnIZxzN0285nV+4K2Eq4z6X0QvezcrnH4WoRJfe7zCxakYFjwgbOEN6GoFypbvx/RDzPdp8uM/O2Tfz6OUKAZkyelSkflzXpMyMDl6fdjJyAcrYsYlRjdRLiWXXSv+ZY7rth9EzOYDdCey+lRbigO0gQ1LvXQs71EOotG0Uur0bAeV9uAsy133Loih9NLrmFB599ejSSuEIYVqxez2ok/VfJs9k8556xyYWtiG4Qz55T19bDXkwKjPaoVifcsNGgOvmyEHkmVpWQDlzwGxQNx76AO0maKc/e3VVPxsPXubuj0YTqbnNKw51ctvg/OGali7lha4GS2B0mraLI4O9S2mJ1FMfqQuvMQpJmXc+MPXrIpEWL3EMTeSevt8i5c/465Ut9R2GQDd9w3O8O2ac2WvnTP+l33WnuuJbTIyeYLk9u7RBREyzaCM2FA8s0RGx6JjhLVOnPkzQbkKFuexLKhxO86jLphMv33FJe8ZiALS5HSmj7vKuU+obs8w397lrA6EfOSXw7yZZto06ebIBrbdgMGYqiH5nQfwryjrkFS43qMu5JLgS4npuLgPX9PDh3+Dtw6WTyPCsVinvInPFCWRETnOGy7qSTFwpPJlnE4Lzn0QnnVk/k3kZ7FCHYtbxxtScsWRhfeMqVZyUxcrHpEm3l0z3j6gTeQQ8RlaJeAabyuOI1F5z3FPsWLrVHdQL76OteKuBN5C1Hp9kyd82d+KvY9LBRnjVkbV83wtYsvo5dxvv6OewzyuG63qytMMu71vpY6m3yJA13al8mbOywqVJFRgF7j4a7DuUr8WUXJWDYZ/QKtznh7Y3sU2JOGd98DeSA77oCYoBYgRggViAGiBWIAWIFYoBYgRggViAGiBWIAWIFYoBYgRggViAGiBWIAWIFYoBYgRggViAGiBWIAWIFMlBK/R87h9mrJ0MSUgAAAABJRU5ErkJggg== - mediatype: "image/png" + - base64data: iVBORw0KGgoAAAANSUhEUgAAAKsAAACrCAYAAAAZ6GwZAAAACXBIWXMAAAsSAAALEgHS3X78AAALWUlEQVR4nO2dPWwcxxXHR0GgQBICMhAQwI4BXgqnsJOINnZrnly4iALwAgJGUokswgBsRFfpTtSmSiW6MA2zEdkKJnwCLBcpomN9Z+cYWy7swneAYReBYx0QxYibC+bwTh4d583H3pJ7j/f/AQuCvP2YmfefN2/ezB7PDQYDBYAEfgArASlArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjH8cBZMdbCzPq+UWjylxz1a2djtnNKzZooz/1oLCbWplLoyBcXJw9rKxu6evGIXzyyEAZuChaq5MwVlmAoQswIxQKxADBArEAPECsQwE6mrIvjks6+i71J57rK6eOH8NFZHJBBrAHff/1Ddvf9B9HWXLpxXb/3lDxBsQSAMCODhp1/muu7xt9+p7hdfn3Jpzy4QawC/feVXua7TYcALzz9zyqU9uyAMCCD99YJ6580/Tn05zzrwrEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjHMglgbSqn+FJQjL/syi1085waDwVmr0zEOdtYr+j/9TFmxgljZ2G0KKOapMBNiBWcDxKxADKX907aDnfV5pdSmUKl0VjZ2G+N/PNhZX1RK1cop0sQ0VjZ2O9NcwNLCgIOddW3s5VIeXgy/MwVLcbE29pzQ+uhJ6OLKxm53CspipcwwYL7EZxfB4tg9KoKFqqjsUz0JRcwKxACxAjFArEAMECsQQ2mpqyJo/bOn3vv7R1F3unTxR+q1ay+rys8uT2Wd7r7/oXr46ZdR17z4i2fVa795+cTKNC2IFeu//v0f9de3/5br2u4XX6ud7PeFl2lS7j/4WN29/0H0XR5+9pW6dOG8unb1l9NWpUIRGwZo4+gjDxdzXgfKRaxn1YL7859eVe89+Fg9/u//gq/76eUfq2uvTKcH0p7x8bffRYcBP3/u8pn3qkp6zPrC888Mj7PEMPacgfgzD8gGADFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMZYp1CTIBMcCzAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxFCmWPuQCYihTLFWBQv2SCm1bf5hZWO3qZTaL69IE7NPdZhazg0GA7nNC2YKxKxADBArEAPECsQAsQIxQKxADBArEAPECsRw6v8VO0mzeaXUolKqQkdHKfWo3apPdUJ6lkjSTNtn3qiytk+n7CY4lUUBEugqHVccp95TSjXarfreiRcKPEWSZjWyj15ZnHPYZ6/dqjfKaL0nYk3SbMt2QrtVt/49SbPNsd5nst1u1R8Z5205GsCGXs7c5LxtkmZValSTjqsRkzSrkDHG6erOkaTZKnl66+eO+9rKMkS3nevzAJrUxtrT2XjSzpZy1bjrTJtS+bY9TmScnm7LSPtwdHU9261613eiGQbcZM45JtYkzXTlbjDn39INSN5UG3k5sNAmuuEeJGn2ertV37Z8XrWVN0mzlxzDVYWp4yGVc5GpU58+59Aiv2757IjazlrWCJqO67u2shltb3MQh8Z5WznLtkD2ucU4s+g6J2mmy1XjOp/KM8EiD8QJdZ+8yTw1ch6hmtymjhFKk56dB06QcxTDcdSYv8eUm4W81xOBjbHpKBM3kg1HlyTN9ibsRJqbdJ8i0K/md8krW4kSKxmNM8KR0Xh7kcOKixvUQUKYo04SDXnkI+Y66/OpPThRFBnXWUMx3cZMR+JErJ1Jl0Iz22iQh+tcCJmDOfLYtnAsXKzksRqMcfojF07C8nnUHgXrb5DX8G0V3OYqYOFKpDc24bwE19u5TnTPNZzFEuNdyTNxjmKLxH07oAiHxuHjpmf0icVqhxjP2qBYxUaNeuy8Z/jTnutqu1WvtFt1fY2eRFXbrbq+7nWHaOcc3sVGjDc24cR6heksnIhPIpvB1f/6WOjD1XufJjEu+/TJDj8huwwP/btSas3jVAoJe4glWzgQlGclT8V93c+aMSt0xUr7NMO3ehw9kUrSrEnDuO0ew+EmZNZI6Pt1YvKDNDLcY0aGqilCEq/Ng/UDUzvc5IQrW5MmITY7rBqjDze8j7wqZ8cjmuEfay+ymc6YNMg+tnoPBebJlx+S+IeQILnRujoe0nk9a8CEyvQiXK/uuYQ6ghrKlfLgJjM2dAM0cky4OK84/myuLCeZg+TEPQoFfF6V+7zPCdWE7FdzeNio0YyEzbXXsbAixLOyE6p2qz5eOK7XeoU6QjdYkmb7jIeoRQ43CyS+YJFrr5ikWd/S28e9LdepQstX9UxM9sZHEYd3XSAvZZtY9Q2Rs2UOHYEo3NtmMgl58smcLo45mRCxchOqpwrmSDmEDosme4xY8wTxyySKmCxBw/Z8nWg36mILFXoRYceS55sUm5RHHUfX5QFTZputtg3RcxOv2BibS3txcxorNOpxjuSYiPNuZOlEzHaj15QdcU/MKpjJzcgQgvOOw3vQ6lDMdYVBbXPPcj/OqWyr72NsKxHzgCF0fs/2mStPqp2NnpeMDuqMnMCPaSCvWJcoVycJLu4+BnlHmzFGhigjXjUJbXtzOZYTK5db9hElcGLOGFGWHM7Humo4yRbB24G5tegVpYic6jiHEzT+ODYvuUB1tnmPw1gPlRd6ju+1775ZB8dolXfxhrN9Efll656HSfezmurnDMXlKF1wQ0mIEIv6PgLOS24yQ1ds3Kc71i3H4RO+L+3FbnIZxzN0285nV+4K2Eq4z6X0QvezcrnH4WoRJfe7zCxakYFjwgbOEN6GoFypbvx/RDzPdp8uM/O2Tfz6OUKAZkyelSkflzXpMyMDl6fdjJyAcrYsYlRjdRLiWXXSv+ZY7rth9EzOYDdCey+lRbigO0gQ1LvXQs71EOotG0Uur0bAeV9uAsy133Loih9NLrmFB599ejSSuEIYVqxez2ok/VfJs9k8556xyYWtiG4Qz55T19bDXkwKjPaoVifcsNGgOvmyEHkmVpWQDlzwGxQNx76AO0maKc/e3VVPxsPXubuj0YTqbnNKw51ctvg/OGali7lha4GS2B0mraLI4O9S2mJ1FMfqQuvMQpJmXc+MPXrIpEWL3EMTeSevt8i5c/465Ut9R2GQDd9w3O8O2ac2WvnTP+l33WnuuJbTIyeYLk9u7RBREyzaCM2FA8s0RGx6JjhLVOnPkzQbkKFuexLKhxO86jLphMv33FJe8ZiALS5HSmj7vKuU+obs8w397lrA6EfOSXw7yZZto06ebIBrbdgMGYqiH5nQfwryjrkFS43qMu5JLgS4npuLgPX9PDh3+Dtw6WTyPCsVinvInPFCWRETnOGy7qSTFwpPJlnE4Lzn0QnnVk/k3kZ7FCHYtbxxtScsWRhfeMqVZyUxcrHpEm3l0z3j6gTeQQ8RlaJeAabyuOI1F5z3FPsWLrVHdQL76OteKuBN5C1Hp9kyd82d+KvY9LBRnjVkbV83wtYsvo5dxvv6OewzyuG63qytMMu71vpY6m3yJA13al8mbOywqVJFRgF7j4a7DuUr8WUXJWDYZ/QKtznh7Y3sU2JOGd98DeSA77oCYoBYgRggViAGiBWIAWIFYoBYgRggViAGiBWIAWIFYoBYgRggViAGiBWIAWIFYoBYgRggViAGiBWIAWIFMlBK/R87h9mrJ0MSUgAAAABJRU5ErkJggg== + mediatype: image/png install: - strategy: deployment spec: + clusterPermissions: + - rules: + - apiGroups: + - operator.openshift.io + resources: + - dnses + verbs: + - list + - get + - apiGroups: + - config.openshift.io + resources: + - clusterversions + - proxies + verbs: + - get + - apiGroups: + - keycloak.org + resources: + - keycloaks + - keycloakrealms + - keycloakclients + - keycloakusers + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + serviceAccountName: tackle-operator deployments: - name: tackle-operator spec: @@ -116,6 +149,7 @@ spec: matchLabels: app: tackle name: tackle-operator + strategy: {} template: metadata: labels: @@ -123,7 +157,6 @@ spec: name: tackle-operator role: tackle-operator spec: - serviceAccountName: tackle-operator containers: - args: - --health-probe-bind-address=:6789 @@ -147,12 +180,10 @@ spec: value: docker.io/openshift/oauth-proxy:latest - name: RELATED_IMAGE_TACKLE_HUB value: quay.io/konveyor/tackle2-hub:latest - - name: RELATED_IMAGE_PATHFINDER_DATABASE + - name: RELATED_IMAGE_TACKLE_POSTGRES value: quay.io/centos7/postgresql-12-centos7:latest - name: RELATED_IMAGE_PATHFINDER value: quay.io/konveyor/tackle-pathfinder:1.3.1-native - - name: RELATED_IMAGE_KEYCLOAK_DATABASE - value: quay.io/centos7/postgresql-12-centos7:latest - name: RELATED_IMAGE_KEYCLOAK_SSO value: quay.io/keycloak/keycloak:18.0.2-legacy - name: RELATED_IMAGE_KEYCLOAK_INIT @@ -163,7 +194,6 @@ spec: value: quay.io/konveyor/tackle2-addon:latest - name: RELATED_IMAGE_ADDON_WINDUP value: quay.io/konveyor/tackle2-addon-windup:latest - name: tackle-operator image: quay.io/konveyor/tackle2-operator:latest imagePullPolicy: Always livenessProbe: @@ -172,6 +202,7 @@ spec: port: 6789 initialDelaySeconds: 15 periodSeconds: 20 + name: tackle-operator readinessProbe: httpGet: path: /readyz @@ -189,9 +220,27 @@ spec: allowPrivilegeEscalation: false securityContext: runAsNonRoot: true + serviceAccountName: tackle-operator permissions: - - serviceAccountName: tackle-operator - rules: + - rules: + - apiGroups: + - "" + - tackle.konveyor.io + - batch + resources: + - '*' + verbs: + - '*' + - apiGroups: + - security.openshift.io + resourceNames: + - anyuid + resources: + - securitycontextconstraints + verbs: + - use + serviceAccountName: tackle-hub + - rules: - apiGroups: - "" resources: @@ -255,21 +304,6 @@ spec: - deployments/finalizers verbs: - update - - apiGroups: - - tackle.konveyor.io - resources: - - tackles - - tackles/status - - tackles/finalizers - - addons - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - coordination.k8s.io resources: @@ -282,58 +316,23 @@ spec: - update - patch - delete - - serviceAccountName: tackle-hub - rules: - apiGroups: - - "" - tackle.konveyor.io - - batch - resources: - - '*' - verbs: - - '*' - - apiGroups: - - security.openshift.io - resourceNames: - - anyuid resources: - - securitycontextconstraints - verbs: - - use - clusterPermissions: - - serviceAccountName: tackle-operator - rules: - - apiGroups: - - operator.openshift.io - resources: - - dnses - verbs: - - list - - get - - apiGroups: - - config.openshift.io - resources: - - clusterversions - - proxies - verbs: - - get - - apiGroups: - - keycloak.org - resources: - - keycloaks - - keycloakrealms - - keycloakclients - - keycloakusers + - tackles + - tackles/status + - tackles/finalizers + - addons verbs: + - create + - delete - get - list - - watch - - create - - update - patch - - delete - - serviceAccountName: tackle-ui - rules: [] + - update + - watch + serviceAccountName: tackle-operator + strategy: deployment installModes: - supported: true type: OwnNamespace @@ -343,35 +342,41 @@ spec: type: MultiNamespace - supported: false type: AllNamespaces - keywords: ['modernization', 'migration', 'konveyor', 'tackle'] - maintainers: - - name: Konveyor Community - email: konveyor-dev@googlegroups.com - maturity: alpha - provider: - name: Konveyor - url: https://www.konveyor.io + keywords: + - modernization + - migration + - konveyor + - tackle links: - name: Documentation url: https://konveyor.github.io/tackle - name: Operator url: https://github.com/konveyor/tackle2-operator + maintainers: + - email: konveyor-dev@googlegroups.com + name: Konveyor Community + maturity: alpha + minKubeVersion: 1.22.0 + provider: + name: Konveyor + url: https://www.konveyor.io relatedImages: - - name: tackle-hub - image: quay.io/konveyor/tackle2-hub:latest - - name: tackle-ui - image: quay.io/konveyor/tackle2-ui:latest - - name: tackle-addon - image: quay.io/konveyor/tackle2-addon:latest - - name: tackle-addon-windup - image: quay.io/konveyor/tackle2-addon-windup:latest - - name: tackle-pathfinder - image: quay.io/konveyor/tackle-pathfinder:1.3.1-native - - name: tackle-keycloak - image: quay.io/keycloak/keycloak:18.0.2-legacy - - name: tackle-keycloak-init - image: quay.io/konveyor/tackle-keycloak-init:latest - - name: tackle-postgres - image: quay.io/centos7/postgresql-12-centos7:latest + - image: docker.io/openshift/oauth-proxy:latest + name: oauth-proxy + - image: quay.io/konveyor/tackle2-hub:latest + name: tackle-hub + - image: quay.io/centos7/postgresql-12-centos7:latest + name: tackle-postgres + - image: quay.io/konveyor/tackle-pathfinder:1.3.1-native + name: pathfinder + - image: quay.io/keycloak/keycloak:18.0.2-legacy + name: keycloak-sso + - image: quay.io/konveyor/tackle-keycloak-init:latest + name: keycloak-init + - image: quay.io/konveyor/tackle2-ui:latest + name: tackle-ui + - image: quay.io/konveyor/tackle2-addon:latest + name: addon-admin + - image: quay.io/konveyor/tackle2-addon-windup:latest + name: addon-windup version: 99.0.0 - minKubeVersion: 1.22.0 diff --git a/bundle/manifests/tackle.konveyor.io_addons.yaml b/bundle/manifests/tackle.konveyor.io_addons.yaml index c15a0ba..aacb0ec 100644 --- a/bundle/manifests/tackle.konveyor.io_addons.yaml +++ b/bundle/manifests/tackle.konveyor.io_addons.yaml @@ -1,4 +1,3 @@ ---- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -27,10 +26,14 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object @@ -58,7 +61,8 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: @@ -67,7 +71,10 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object required: diff --git a/bundle/metadata/annotations.yaml b/bundle/metadata/annotations.yaml index 6ea2d79..6a82fc9 100644 --- a/bundle/metadata/annotations.yaml +++ b/bundle/metadata/annotations.yaml @@ -6,7 +6,7 @@ annotations: operators.operatorframework.io.bundle.package.v1: konveyor-operator operators.operatorframework.io.bundle.channels.v1: development operators.operatorframework.io.bundle.channel.default.v1: development - operators.operatorframework.io.metrics.builder: operator-sdk-v1.22.0 + operators.operatorframework.io.metrics.builder: operator-sdk-v1.28.1 operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 operators.operatorframework.io.metrics.project_layout: ansible.sdk.operatorframework.io/v1 diff --git a/config/crd/bases/tackle.konveyor.io_addons.yaml b/config/crd/bases/tackle.konveyor.io_addons.yaml new file mode 100644 index 0000000..c15a0ba --- /dev/null +++ b/config/crd/bases/tackle.konveyor.io_addons.yaml @@ -0,0 +1,139 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + creationTimestamp: null + name: addons.tackle.konveyor.io +spec: + group: tackle.konveyor.io + names: + kind: Addon + listKind: AddonList + plural: addons + singular: addon + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AddonSpec defines the desired state of Addon + properties: + image: + description: Addon fqin. + type: string + imagePullPolicy: + default: IfNotPresent + description: ImagePullPolicy an optional image pull policy. + enum: + - IfNotPresent + - Always + - Never + type: string + resources: + description: Resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + required: + - image + type: object + status: + description: AddonStatus defines the observed state of Addon + properties: + conditions: + description: Conditions. + properties: + conditions: + description: List of conditions. + items: + description: Condition + properties: + category: + description: The condition category. + type: string + durable: + description: The condition is durable - never un-staged. + type: boolean + items: + description: A list of items referenced in the `Message`. + items: + type: string + type: array + lastTransitionTime: + description: When the last status transition occurred. + format: date-time + type: string + message: + description: The human readable description of the condition. + type: string + reason: + description: The reason for the condition or transition. + type: string + status: + description: The condition status [true,false]. + type: string + type: + description: The condition type. + type: string + required: + - category + - lastTransitionTime + - status + - type + type: object + type: array + type: object + observedGeneration: + description: The most recent generation observed by the controller. + format: int64 + type: integer + required: + - conditions + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/config/crd/bases/tackle.konveyor.io_tackles.yaml b/config/crd/bases/tackle.konveyor.io_tackles.yaml index 36051ee..bf8dba4 100644 --- a/config/crd/bases/tackle.konveyor.io_tackles.yaml +++ b/config/crd/bases/tackle.konveyor.io_tackles.yaml @@ -2,6 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: + creationTimestamp: null name: tackles.tackle.konveyor.io spec: group: tackle.konveyor.io @@ -42,3 +43,9 @@ spec: storage: true subresources: status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index e91ea45..39f896e 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -3,4 +3,5 @@ # It should be run by config/default resources: - bases/tackle.konveyor.io_tackles.yaml +- bases/tackle.konveyor.io_addons.yaml #+kubebuilder:scaffold:crdkustomizeresource diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 07ef76d..9c8eaeb 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -1,12 +1,12 @@ # Adds namespace to all resources. -namespace: tackle-operator-system +namespace: konveyor-tackle # Value of this field is prepended to the # names of all resources, e.g. a deployment named -# "wordpress" becomes "alices-wordpress". +# "wordpress" becomes "konveyor-operator-wordpress". # Note that it should also match with the prefix (text before '-') of the namespace # field above. -namePrefix: tackle-operator- +# namePrefix: konveyor-operator- # no name prefixing # Labels to add to all resources and selectors. #commonLabels: @@ -19,11 +19,11 @@ bases: # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. #- ../prometheus -patchesStrategicMerge: +# patchesStrategicMerge: # Protect the /metrics endpoint by putting it behind auth. # If you want your controller-manager to expose the /metrics # endpoint w/o any authn/z, please comment the following line. -- manager_auth_proxy_patch.yaml +# - manager_auth_proxy_patch.yaml # do not add proxy yet # Mount the controller config file for loading manager configurations # through a ComponentConfig type diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml deleted file mode 100644 index 9cefcf5..0000000 --- a/config/default/manager_auth_proxy_patch.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# This patch inject a sidecar container which is a HTTP proxy for the -# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: kube-rbac-proxy - securityContext: - allowPrivilegeEscalation: false - # TODO(user): uncomment for common cases that do not require escalating privileges - # capabilities: - # drop: - # - "ALL" - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.11.0 - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=0" - ports: - - containerPort: 8443 - protocol: TCP - name: https - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 5m - memory: 64Mi - - name: manager - args: - - "--health-probe-bind-address=:6789" - - "--metrics-bind-address=127.0.0.1:8080" - - "--leader-elect" - - "--leader-election-id=tackle-operator" diff --git a/config/default/manager_config_patch.yaml b/config/default/manager_config_patch.yaml deleted file mode 100644 index 6c40015..0000000 --- a/config/default/manager_config_patch.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager - args: - - "--config=controller_manager_config.yaml" - volumeMounts: - - name: manager-config - mountPath: /controller_manager_config.yaml - subPath: controller_manager_config.yaml - volumes: - - name: manager-config - configMap: - name: manager-config diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 19ffec6..3a16f76 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -4,13 +4,13 @@ resources: generatorOptions: disableNameSuffixHash: true -configMapGenerator: -- files: - - controller_manager_config.yaml - name: manager-config +# configMapGenerator: +# - files: +# - controller_manager_config.yaml +# name: manager-config apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: - name: controller - newName: tackle-operator + newName: quay.io/konveyor/tackle2-operator newTag: latest diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index d2ab636..56777d6 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -2,52 +2,68 @@ apiVersion: v1 kind: Namespace metadata: labels: - control-plane: controller-manager + control-plane: tackle-operator name: system --- apiVersion: apps/v1 kind: Deployment metadata: - name: controller-manager + name: tackle-operator namespace: system - labels: - control-plane: controller-manager spec: + replicas: 1 selector: matchLabels: - control-plane: controller-manager - replicas: 1 + app: tackle + name: tackle-operator template: metadata: - annotations: - kubectl.kubernetes.io/default-container: manager labels: - control-plane: controller-manager + app: tackle + name: tackle-operator + role: tackle-operator spec: - securityContext: - runAsNonRoot: true - # TODO(user): For common cases that do not require escalating privileges - # it is recommended to ensure that all your Pods/Containers are restrictive. - # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted - # Please uncomment the following code if your project does NOT have to work on old Kubernetes - # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ). - # seccompProfile: - # type: RuntimeDefault + serviceAccountName: tackle-operator containers: - args: + - --health-probe-bind-address=:6789 + - --metrics-bind-address=127.0.0.1:8080 - --leader-elect - --leader-election-id=tackle-operator - image: controller:latest - name: manager env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] - name: ANSIBLE_GATHERING value: explicit - securityContext: - allowPrivilegeEscalation: false - # TODO(user): uncomment for common cases that do not require escalating privileges - # capabilities: - # drop: - # - "ALL" + - name: APP_NAME + value: tackle + - name: PROFILE + value: konveyor + - name: VERSION + value: 99.0.0 + - name: RELATED_IMAGE_OAUTH_PROXY + value: docker.io/openshift/oauth-proxy:latest + - name: RELATED_IMAGE_TACKLE_HUB + value: quay.io/konveyor/tackle2-hub:latest + - name: RELATED_IMAGE_TACKLE_POSTGRES + value: quay.io/centos7/postgresql-12-centos7:latest + - name: RELATED_IMAGE_PATHFINDER + value: quay.io/konveyor/tackle-pathfinder:1.3.1-native + - name: RELATED_IMAGE_KEYCLOAK_SSO + value: quay.io/keycloak/keycloak:18.0.2-legacy + - name: RELATED_IMAGE_KEYCLOAK_INIT + value: quay.io/konveyor/tackle-keycloak-init:latest + - name: RELATED_IMAGE_TACKLE_UI + value: quay.io/konveyor/tackle2-ui:latest + - name: RELATED_IMAGE_ADDON_ADMIN + value: quay.io/konveyor/tackle2-addon:latest + - name: RELATED_IMAGE_ADDON_WINDUP + value: quay.io/konveyor/tackle2-addon-windup:latest + name: tackle-operator + image: quay.io/konveyor/tackle2-operator:latest + imagePullPolicy: Always livenessProbe: httpGet: path: /healthz @@ -60,8 +76,6 @@ spec: port: 6789 initialDelaySeconds: 5 periodSeconds: 10 - # TODO(user): Configure the resources accordingly based on the project requirements. - # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ resources: limits: cpu: 500m @@ -69,5 +83,7 @@ spec: requests: cpu: 10m memory: 256Mi - serviceAccountName: controller-manager - terminationGracePeriodSeconds: 10 + securityContext: + allowPrivilegeEscalation: false + securityContext: + runAsNonRoot: true \ No newline at end of file diff --git a/config/manifests/bases/konveyor-operator.clusterserviceversion.yaml b/config/manifests/bases/konveyor-operator.clusterserviceversion.yaml new file mode 100644 index 0000000..9650aa0 --- /dev/null +++ b/config/manifests/bases/konveyor-operator.clusterserviceversion.yaml @@ -0,0 +1,114 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[]' + capabilities: Seamless Upgrades + categories: Modernization & Migration + certified: "false" + containerImage: quay.io/konveyor/tackle2-operator:latest + description: Konveyor is an open-source application modernization platform that + helps organizations safely and predictably modernize applications to Kubernetes + at scale. + olm.skipRange: '>=0.0.0 <99.0.0' + operatorframework.io/initialization-resource: |- + { + "apiVersion": "tackle.konveyor.io/v1alpha1", + "kind": "Tackle", + "metadata": { + "name": "tackle", + "namespace": "konveyor-tackle" + }, + "spec": { + "feature_auth_required": "false" + } + } + operatorframework.io/suggested-namespace: konveyor-tackle + repository: https://github.com/konveyor/tackle2-operator + support: https://github.com/konveyor/tackle2-operator/issues + name: konveyor-operator.v0.0.0 + namespace: konveyor-tackle +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: Tackle + displayName: Tackle + kind: Tackle + name: tackles.tackle.konveyor.io + version: v1alpha1 + - description: Tackle Addon + displayName: Addon + kind: Addon + name: addons.tackle.konveyor.io + version: v1alpha1 + description: | + Konveyor is an open-source application modernization platform that helps organizations safely and predictably modernize applications to new technologies, with an initial focus on accelerating the adoption of legacy applications to Kubernetes. + + See the [Konveyor Unified Experience](https://github.com/konveyor/enhancements/tree/master/enhancements/unified_experience) to understand the vision of the project and the [Konveyor Charter](https://github.com/konveyor/community/blob/main/Charter.md) for more information on the community. + + ### Install + + Once you have successfully installed the Operator, proceed to deploy components by creating the required Tackle CR. + + By default, the Operator installs the following components on a target cluster: + + * Hub, to manage the application inventory and coordinate the migration process. + * UI, the web console to manage the application inventory and drive the migration waves. + * Pathfinder, a service to manage the assessment questionnaires. + + Authentication capabilities may be enabled via the `feature_auth_required` parameter in the Tackle CR. When enabled, the Operator installs the following components: + * Keycloak, to manage authentication, including with 3rd-party providers. + + ### Examples + If you are just getting started using Konveyor, take a look at an [example application analysis here](https://github.com/konveyor/example-applications/tree/main/example-1) + + ### Documentation + Documentation can be found on our [website](https://konveyor.github.io/tackle). + + ### Getting help + If you encounter any issues while using Konveyor operator, you can create an issue on our [Github repo](https://github.com/konveyor/tackle2-operator/issues), for bugs, enhancements or other requests. + Or reach out to us in [#konveyor](https://kubernetes.slack.com/archives/CR85S82A2) on kubernetes.slack.com + + ### Contributing + You can contribute by: + + * Raising any issues you find using Konveyor Operator + * Fixing issues by opening [Pull Requests](https://github.com/konveyor/tackle2-operator/pulls) + * Improving [documentation](https://github.com/konveyor/tackle-documentation) + displayName: Konveyor Operator + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAAKsAAACrCAYAAAAZ6GwZAAAACXBIWXMAAAsSAAALEgHS3X78AAALWUlEQVR4nO2dPWwcxxXHR0GgQBICMhAQwI4BXgqnsJOINnZrnly4iALwAgJGUokswgBsRFfpTtSmSiW6MA2zEdkKJnwCLBcpomN9Z+cYWy7swneAYReBYx0QxYibC+bwTh4d583H3pJ7j/f/AQuCvP2YmfefN2/ezB7PDQYDBYAEfgArASlArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjH8cBZMdbCzPq+UWjylxz1a2djtnNKzZooz/1oLCbWplLoyBcXJw9rKxu6evGIXzyyEAZuChaq5MwVlmAoQswIxQKxADBArEAPECsQwE6mrIvjks6+i71J57rK6eOH8NFZHJBBrAHff/1Ddvf9B9HWXLpxXb/3lDxBsQSAMCODhp1/muu7xt9+p7hdfn3Jpzy4QawC/feVXua7TYcALzz9zyqU9uyAMCCD99YJ6580/Tn05zzrwrEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjHMglgbSqn+FJQjL/syi1085waDwVmr0zEOdtYr+j/9TFmxgljZ2G0KKOapMBNiBWcDxKxADKX907aDnfV5pdSmUKl0VjZ2G+N/PNhZX1RK1cop0sQ0VjZ2O9NcwNLCgIOddW3s5VIeXgy/MwVLcbE29pzQ+uhJ6OLKxm53CspipcwwYL7EZxfB4tg9KoKFqqjsUz0JRcwKxACxAjFArEAMECsQQ2mpqyJo/bOn3vv7R1F3unTxR+q1ay+rys8uT2Wd7r7/oXr46ZdR17z4i2fVa795+cTKNC2IFeu//v0f9de3/5br2u4XX6ud7PeFl2lS7j/4WN29/0H0XR5+9pW6dOG8unb1l9NWpUIRGwZo4+gjDxdzXgfKRaxn1YL7859eVe89+Fg9/u//gq/76eUfq2uvTKcH0p7x8bffRYcBP3/u8pn3qkp6zPrC888Mj7PEMPacgfgzD8gGADFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxACxAjFArEAMZYp1CTIBMcCzAjFArEAMECsQA8QKxACxAjFArEAMECsQA8QKxFCmWPuQCYihTLFWBQv2SCm1bf5hZWO3qZTaL69IE7NPdZhazg0GA7nNC2YKxKxADBArEAPECsQAsQIxQKxADBArEAPECsRw6v8VO0mzeaXUolKqQkdHKfWo3apPdUJ6lkjSTNtn3qiytk+n7CY4lUUBEugqHVccp95TSjXarfreiRcKPEWSZjWyj15ZnHPYZ6/dqjfKaL0nYk3SbMt2QrtVt/49SbPNsd5nst1u1R8Z5205GsCGXs7c5LxtkmZValSTjqsRkzSrkDHG6erOkaTZKnl66+eO+9rKMkS3nevzAJrUxtrT2XjSzpZy1bjrTJtS+bY9TmScnm7LSPtwdHU9261613eiGQbcZM45JtYkzXTlbjDn39INSN5UG3k5sNAmuuEeJGn2ertV37Z8XrWVN0mzlxzDVYWp4yGVc5GpU58+59Aiv2757IjazlrWCJqO67u2shltb3MQh8Z5WznLtkD2ucU4s+g6J2mmy1XjOp/KM8EiD8QJdZ+8yTw1ch6hmtymjhFKk56dB06QcxTDcdSYv8eUm4W81xOBjbHpKBM3kg1HlyTN9ibsRJqbdJ8i0K/md8krW4kSKxmNM8KR0Xh7kcOKixvUQUKYo04SDXnkI+Y66/OpPThRFBnXWUMx3cZMR+JErJ1Jl0Iz22iQh+tcCJmDOfLYtnAsXKzksRqMcfojF07C8nnUHgXrb5DX8G0V3OYqYOFKpDc24bwE19u5TnTPNZzFEuNdyTNxjmKLxH07oAiHxuHjpmf0icVqhxjP2qBYxUaNeuy8Z/jTnutqu1WvtFt1fY2eRFXbrbq+7nWHaOcc3sVGjDc24cR6heksnIhPIpvB1f/6WOjD1XufJjEu+/TJDj8huwwP/btSas3jVAoJe4glWzgQlGclT8V93c+aMSt0xUr7NMO3ehw9kUrSrEnDuO0ew+EmZNZI6Pt1YvKDNDLcY0aGqilCEq/Ng/UDUzvc5IQrW5MmITY7rBqjDze8j7wqZ8cjmuEfay+ymc6YNMg+tnoPBebJlx+S+IeQILnRujoe0nk9a8CEyvQiXK/uuYQ6ghrKlfLgJjM2dAM0cky4OK84/myuLCeZg+TEPQoFfF6V+7zPCdWE7FdzeNio0YyEzbXXsbAixLOyE6p2qz5eOK7XeoU6QjdYkmb7jIeoRQ43CyS+YJFrr5ikWd/S28e9LdepQstX9UxM9sZHEYd3XSAvZZtY9Q2Rs2UOHYEo3NtmMgl58smcLo45mRCxchOqpwrmSDmEDosme4xY8wTxyySKmCxBw/Z8nWg36mILFXoRYceS55sUm5RHHUfX5QFTZputtg3RcxOv2BibS3txcxorNOpxjuSYiPNuZOlEzHaj15QdcU/MKpjJzcgQgvOOw3vQ6lDMdYVBbXPPcj/OqWyr72NsKxHzgCF0fs/2mStPqp2NnpeMDuqMnMCPaSCvWJcoVycJLu4+BnlHmzFGhigjXjUJbXtzOZYTK5db9hElcGLOGFGWHM7Humo4yRbB24G5tegVpYic6jiHEzT+ODYvuUB1tnmPw1gPlRd6ju+1775ZB8dolXfxhrN9Efll656HSfezmurnDMXlKF1wQ0mIEIv6PgLOS24yQ1ds3Kc71i3H4RO+L+3FbnIZxzN0285nV+4K2Eq4z6X0QvezcrnH4WoRJfe7zCxakYFjwgbOEN6GoFypbvx/RDzPdp8uM/O2Tfz6OUKAZkyelSkflzXpMyMDl6fdjJyAcrYsYlRjdRLiWXXSv+ZY7rth9EzOYDdCey+lRbigO0gQ1LvXQs71EOotG0Uur0bAeV9uAsy133Loih9NLrmFB599ejSSuEIYVqxez2ok/VfJs9k8556xyYWtiG4Qz55T19bDXkwKjPaoVifcsNGgOvmyEHkmVpWQDlzwGxQNx76AO0maKc/e3VVPxsPXubuj0YTqbnNKw51ctvg/OGali7lha4GS2B0mraLI4O9S2mJ1FMfqQuvMQpJmXc+MPXrIpEWL3EMTeSevt8i5c/465Ut9R2GQDd9w3O8O2ac2WvnTP+l33WnuuJbTIyeYLk9u7RBREyzaCM2FA8s0RGx6JjhLVOnPkzQbkKFuexLKhxO86jLphMv33FJe8ZiALS5HSmj7vKuU+obs8w397lrA6EfOSXw7yZZto06ebIBrbdgMGYqiH5nQfwryjrkFS43qMu5JLgS4npuLgPX9PDh3+Dtw6WTyPCsVinvInPFCWRETnOGy7qSTFwpPJlnE4Lzn0QnnVk/k3kZ7FCHYtbxxtScsWRhfeMqVZyUxcrHpEm3l0z3j6gTeQQ8RlaJeAabyuOI1F5z3FPsWLrVHdQL76OteKuBN5C1Hp9kyd82d+KvY9LBRnjVkbV83wtYsvo5dxvv6OewzyuG63qytMMu71vpY6m3yJA13al8mbOywqVJFRgF7j4a7DuUr8WUXJWDYZ/QKtznh7Y3sU2JOGd98DeSA77oCYoBYgRggViAGiBWIAWIFYoBYgRggViAGiBWIAWIFYoBYgRggViAGiBWIAWIFYoBYgRggViAGiBWIAWIFMlBK/R87h9mrJ0MSUgAAAABJRU5ErkJggg== + mediatype: image/png + install: + spec: + deployments: [] + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: true + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - modernization + - migration + - konveyor + - tackle + links: + - name: Documentation + url: https://konveyor.github.io/tackle + - name: Operator + url: https://github.com/konveyor/tackle2-operator + maintainers: + - email: konveyor-dev@googlegroups.com + name: Konveyor Community + maturity: alpha + minKubeVersion: 1.22.0 + provider: + name: Konveyor + url: https://www.konveyor.io + version: 0.0.0 diff --git a/config/manifests/bases/tackle-operator.clusterserviceversion.yaml b/config/manifests/bases/tackle-operator.clusterserviceversion.yaml deleted file mode 100644 index d2df129..0000000 --- a/config/manifests/bases/tackle-operator.clusterserviceversion.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: operators.coreos.com/v1alpha1 -kind: ClusterServiceVersion -metadata: - annotations: - alm-examples: '[]' - capabilities: Basic Install - name: tackle-operator.v0.0.0 - namespace: placeholder -spec: - apiservicedefinitions: {} - customresourcedefinitions: {} - description: Tackle contains tools that support the modernization and migration - of applications to Kubernetes and OpenShift - displayName: Tackle Operator - icon: - - base64data: "" - mediatype: "" - install: - spec: - deployments: null - strategy: "" - installModes: - - supported: false - type: OwnNamespace - - supported: false - type: SingleNamespace - - supported: false - type: MultiNamespace - - supported: true - type: AllNamespaces - keywords: - - tackle - - konveyor - - modernization - links: - - name: Tackle Operator - url: https://tackle-operator.domain - maintainers: - - email: tackle-dev@googlegroups.com - name: Tackle by Konveyor Community - maturity: alpha - provider: - name: Konveyor - url: https://www.konveyor.io/ - version: 0.0.0 diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml index d19136a..8255191 100644 --- a/config/prometheus/monitor.yaml +++ b/config/prometheus/monitor.yaml @@ -4,8 +4,8 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: labels: - control-plane: controller-manager - name: controller-manager-metrics-monitor + control-plane: tackle-operator + name: tackle-operator-metrics-monitor namespace: system spec: endpoints: @@ -17,4 +17,4 @@ spec: insecureSkipVerify: true selector: matchLabels: - control-plane: controller-manager + control-plane: tackle-operator diff --git a/config/rbac/auth_proxy_client_clusterrole.yaml b/config/rbac/auth_proxy_client_clusterrole.yaml deleted file mode 100644 index 51a75db..0000000 --- a/config/rbac/auth_proxy_client_clusterrole.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: metrics-reader -rules: -- nonResourceURLs: - - "/metrics" - verbs: - - get diff --git a/config/rbac/auth_proxy_role.yaml b/config/rbac/auth_proxy_role.yaml deleted file mode 100644 index 80e1857..0000000 --- a/config/rbac/auth_proxy_role.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: proxy-role -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create diff --git a/config/rbac/auth_proxy_service.yaml b/config/rbac/auth_proxy_service.yaml deleted file mode 100644 index 71f1797..0000000 --- a/config/rbac/auth_proxy_service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - name: controller-manager-metrics-service - namespace: system -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - selector: - control-plane: controller-manager diff --git a/config/rbac/cluster_role.yaml b/config/rbac/cluster_role.yaml new file mode 100644 index 0000000..902d327 --- /dev/null +++ b/config/rbac/cluster_role.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: manager-role +rules: +- apiGroups: + - operator.openshift.io + resources: + - dnses + verbs: + - list + - get +- apiGroups: + - config.openshift.io + resources: + - clusterversions + - proxies + verbs: + - get +- apiGroups: + - keycloak.org + resources: + - keycloaks + - keycloakrealms + - keycloakclients + - keycloakusers + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +#+kubebuilder:scaffold:rules diff --git a/config/rbac/cluster_role_binding.yaml b/config/rbac/cluster_role_binding.yaml new file mode 100644 index 0000000..e8f6ada --- /dev/null +++ b/config/rbac/cluster_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: manager-role +subjects: +- kind: ServiceAccount + name: tackle-operator + namespace: system diff --git a/config/rbac/hub_role.yaml b/config/rbac/hub_role.yaml new file mode 100644 index 0000000..caf7479 --- /dev/null +++ b/config/rbac/hub_role.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: tackle-hub-role +rules: +- apiGroups: + - "" + - tackle.konveyor.io + - batch + resources: + - '*' + verbs: + - '*' +- apiGroups: + - security.openshift.io + resourceNames: + - anyuid + resources: + - securitycontextconstraints + verbs: + - use \ No newline at end of file diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/hub_role_binding.yaml similarity index 66% rename from config/rbac/leader_election_role_binding.yaml rename to config/rbac/hub_role_binding.yaml index 1d1321e..6976ee6 100644 --- a/config/rbac/leader_election_role_binding.yaml +++ b/config/rbac/hub_role_binding.yaml @@ -1,12 +1,12 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: leader-election-rolebinding + name: tackle-hub-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: leader-election-role + name: tackle-hub-role subjects: - kind: ServiceAccount - name: controller-manager + name: tackle-hub namespace: system diff --git a/config/rbac/hub_service_account.yaml b/config/rbac/hub_service_account.yaml new file mode 100644 index 0000000..5eac8ca --- /dev/null +++ b/config/rbac/hub_service_account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tackle-hub + namespace: system diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index 731832a..01760f4 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -4,15 +4,23 @@ resources: # if your manager will use a service account that exists at # runtime. Be sure to update RoleBinding and ClusterRoleBinding # subjects if changing service account names. +- hub_service_account.yaml +- hub_role.yaml +- hub_role_binding.yaml - service_account.yaml +- ui_service_account.yaml +- ui_cluster_role.yaml +- ui_cluster_role_binding.yaml +- cluster_role.yaml +- cluster_role_binding.yaml - role.yaml - role_binding.yaml -- leader_election_role.yaml -- leader_election_role_binding.yaml +# - leader_election_role.yaml +# - leader_election_role_binding.yaml # Comment the following 4 lines if you want to disable # the auth proxy (https://github.com/brancz/kube-rbac-proxy) # which protects your /metrics endpoint. -- auth_proxy_service.yaml -- auth_proxy_role.yaml -- auth_proxy_role_binding.yaml -- auth_proxy_client_clusterrole.yaml +# - auth_proxy_service.yaml +# - auth_proxy_role.yaml +# - auth_proxy_role_binding.yaml +# - auth_proxy_client_clusterrole.yaml diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml deleted file mode 100644 index 4190ec8..0000000 --- a/config/rbac/leader_election_role.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# permissions to do leader election. -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: leader-election-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 8445600..d0b0535 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -1,57 +1,103 @@ --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: Role metadata: name: manager-role rules: ## ## Base operator rules ## - - apiGroups: - - "" - resources: - - secrets - - pods - - pods/exec - - pods/log - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - ## - ## Rules for tackle.konveyor.io/v1alpha1, Kind: Tackle - ## - - apiGroups: - - tackle.konveyor.io - resources: - - tackles - - tackles/status - - tackles/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch +- apiGroups: + - "" + resources: + - pods + - services + - services/finalizers + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + - serviceaccounts + verbs: + - '*' +- apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - '*' +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - '*' +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apps + resourceNames: + - tackle-operator + resources: + - deployments/finalizers + verbs: + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +## +## Rules for tackle.konveyor.io/v1alpha1, Kind: Tackle +## +- apiGroups: + - tackle.konveyor.io + resources: + - tackles + - tackles/status + - tackles/finalizers + - addons + verbs: + - create + - delete + - get + - list + - patch + - update + - watch #+kubebuilder:scaffold:rules diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml index 2070ede..ab8a0be 100644 --- a/config/rbac/role_binding.yaml +++ b/config/rbac/role_binding.yaml @@ -1,12 +1,12 @@ apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: RoleBinding metadata: name: manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole + kind: Role name: manager-role subjects: - kind: ServiceAccount - name: controller-manager + name: tackle-operator namespace: system diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml index 7cd6025..573841e 100644 --- a/config/rbac/service_account.yaml +++ b/config/rbac/service_account.yaml @@ -1,5 +1,5 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: controller-manager + name: tackle-operator namespace: system diff --git a/config/rbac/ui_cluster_role.yaml b/config/rbac/ui_cluster_role.yaml new file mode 100644 index 0000000..bca2680 --- /dev/null +++ b/config/rbac/ui_cluster_role.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tackle-ui-role +rules: [] # Add clusterRules for tackle-ui SA in CSV if not empty, right now it's empty, so CSV contains no mention of tackle-ui SA +#+kubebuilder:scaffold:rules diff --git a/config/rbac/auth_proxy_role_binding.yaml b/config/rbac/ui_cluster_role_binding.yaml similarity index 73% rename from config/rbac/auth_proxy_role_binding.yaml rename to config/rbac/ui_cluster_role_binding.yaml index ec7acc0..c57c239 100644 --- a/config/rbac/auth_proxy_role_binding.yaml +++ b/config/rbac/ui_cluster_role_binding.yaml @@ -1,12 +1,12 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: proxy-rolebinding + name: tackle-ui-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: proxy-role + name: tackle-ui-role subjects: - kind: ServiceAccount - name: controller-manager + name: tackle-ui namespace: system diff --git a/config/rbac/ui_service_account.yaml b/config/rbac/ui_service_account.yaml new file mode 100644 index 0000000..0323972 --- /dev/null +++ b/config/rbac/ui_service_account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tackle-ui + namespace: system diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml index 9d36d9d..8ff42f5 100644 --- a/config/samples/kustomization.yaml +++ b/config/samples/kustomization.yaml @@ -1,4 +1,5 @@ ## Append samples you want in your CSV to this file as resources ## resources: - tackle_v1alpha1_tackle.yaml +- tackle_v1alpha1_addon.yaml #+kubebuilder:scaffold:manifestskustomizesamples diff --git a/config/samples/tackle_v1alpha1_addon.yaml b/config/samples/tackle_v1alpha1_addon.yaml new file mode 100644 index 0000000..a196d69 --- /dev/null +++ b/config/samples/tackle_v1alpha1_addon.yaml @@ -0,0 +1,7 @@ +apiVersion: tackle.konveyor.io/v1alpha1 +kind: Addon +metadata: + name: move2kube-plan + namespace: konveyor-tackle +spec: + image: 'quay.io/konveyor/tackle-addon-move2kube-plan:latest' diff --git a/config/samples/tackle_v1alpha1_tackle.yaml b/config/samples/tackle_v1alpha1_tackle.yaml index 4e762a0..550c10c 100644 --- a/config/samples/tackle_v1alpha1_tackle.yaml +++ b/config/samples/tackle_v1alpha1_tackle.yaml @@ -1,6 +1,7 @@ apiVersion: tackle.konveyor.io/v1alpha1 kind: Tackle metadata: - name: tackle-sample + name: tackle + namespace: konveyor-tackle spec: - # TODO(user): Add fields here + feature_auth_required: 'false' diff --git a/config/testing/debug_logs_patch.yaml b/config/testing/debug_logs_patch.yaml deleted file mode 100644 index 3fb3d55..0000000 --- a/config/testing/debug_logs_patch.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager - env: - - name: ANSIBLE_DEBUG_LOGS - value: "TRUE" diff --git a/config/testing/kustomization.yaml b/config/testing/kustomization.yaml deleted file mode 100644 index 4109162..0000000 --- a/config/testing/kustomization.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# Adds namespace to all resources. -namespace: osdk-test - -namePrefix: osdk- - -# Labels to add to all resources and selectors. -#commonLabels: -# someName: someValue - -patchesStrategicMerge: -- manager_image.yaml -- debug_logs_patch.yaml -- ../default/manager_auth_proxy_patch.yaml - -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- ../crd -- ../rbac -- ../manager -images: -- name: testing - newName: testing-operator diff --git a/config/testing/manager_image.yaml b/config/testing/manager_image.yaml deleted file mode 100644 index e44f542..0000000 --- a/config/testing/manager_image.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager - image: testing diff --git a/config/testing/pull_policy/Always.yaml b/config/testing/pull_policy/Always.yaml deleted file mode 100644 index 6b0a8e2..0000000 --- a/config/testing/pull_policy/Always.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager - imagePullPolicy: Always diff --git a/config/testing/pull_policy/IfNotPresent.yaml b/config/testing/pull_policy/IfNotPresent.yaml deleted file mode 100644 index 2f52f49..0000000 --- a/config/testing/pull_policy/IfNotPresent.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager - imagePullPolicy: IfNotPresent diff --git a/config/testing/pull_policy/Never.yaml b/config/testing/pull_policy/Never.yaml deleted file mode 100644 index 86f13d8..0000000 --- a/config/testing/pull_policy/Never.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager - imagePullPolicy: Never diff --git a/roles/tackle/defaults/main.yml b/roles/tackle/defaults/main.yml index 76613c4..5bae783 100644 --- a/roles/tackle/defaults/main.yml +++ b/roles/tackle/defaults/main.yml @@ -49,7 +49,7 @@ hub_proto: "{{ 'https' if hub_tls_enabled | bool else 'http' }}" hub_url: "{{ hub_proto }}://{{ hub_service_name }}.{{ app_namespace }}.svc:{{ hub_port }}" hub_log_level: 3 -pathfinder_database_image_fqin: "{{ lookup('env', 'RELATED_IMAGE_PATHFINDER_DATABASE') }}" +pathfinder_database_image_fqin: "{{ lookup('env', 'RELATED_IMAGE_TACKLE_POSTGRES') }}" pathfinder_database_name: "pathfinder" pathfinder_database_component_name: "postgresql" pathfinder_database_service_name: "{{ app_name }}-{{ pathfinder_database_name }}-{{ pathfinder_database_component_name }}" @@ -85,7 +85,7 @@ pathfinder_port: "{{ '8443' if pathfinder_tls_enabled | bool else '8080' }}" pathfinder_proto: "{{ 'https' if pathfinder_tls_enabled | bool else 'http' }}" pathfinder_url: "{{ pathfinder_proto }}://{{ pathfinder_service_name }}.{{ app_namespace }}.svc:{{ pathfinder_port }}" -keycloak_database_image_fqin: "{{ lookup('env', 'RELATED_IMAGE_KEYCLOAK_DATABASE') }}" +keycloak_database_image_fqin: "{{ lookup('env', 'RELATED_IMAGE_TACKLE_POSTGRES') }}" keycloak_database_name: "keycloak" keycloak_database_component_name: "postgresql" keycloak_database_service_name: "{{ app_name }}-{{ keycloak_database_name }}-{{ keycloak_database_component_name }}" diff --git a/tools/tackle-opdev.sh b/tools/tackle-opdev.sh index 2706e0e..92ebf8f 100755 --- a/tools/tackle-opdev.sh +++ b/tools/tackle-opdev.sh @@ -119,16 +119,7 @@ if [ ! -z ${RUN_BUNDLE} ]; then echo "##### Building and pushing Bundle #####" echo # Must patch bundle CSV with target custom operator image first, assumes main branch latest tag - BODY="s|quay.io/konveyor/tackle2-operator:latest|quay.io/${QUAY_NS}/tackle2-operator:${TAG}|" - if [[ "$(uname)" == "Darwin" ]]; then - # sed on MacOS requires an argument for -i to optionally be an extension for the backup file - # we are giving it '' to avoid creating a backup file - # https://stackoverflow.com/questions/5694228/sed-in-place-flag-that-works-both-on-mac-bsd-and-linux - sed -i '' ${BODY} ${CSV_PATH} - else - sed -i ${BODY} ${CSV_PATH} - fi - operator-sdk bundle validate ./bundle && make bundle-build bundle-push BUNDLE_IMG=quay.io/${QUAY_NS}/${BUNDLE_REPO}:${TAG} + make bundle bundle-build bundle-push BUNDLE_IMG=quay.io/${QUAY_NS}/${BUNDLE_REPO}:${TAG} IMG=quay.io/${QUAY_NS}/tackle2-operator:${TAG} fi if [ ! -z ${RUN_INDEX} ]; then diff --git a/tools/templates/clusterserviceversion.yaml.j2 b/tools/templates/clusterserviceversion.yaml.j2 index e2dcba1..60036ae 100644 --- a/tools/templates/clusterserviceversion.yaml.j2 +++ b/tools/templates/clusterserviceversion.yaml.j2 @@ -146,11 +146,11 @@ spec: value: {{ version }} - name: RELATED_IMAGE_TACKLE_HUB value: quay.io/konveyor/tackle2-hub:{{ tag }} - - name: RELATED_IMAGE_PATHFINDER_DATABASE + - name: RELATED_IMAGE_TACKLE_POSTGRES value: quay.io/centos7/postgresql-12-centos7:latest - name: RELATED_IMAGE_PATHFINDER value: quay.io/konveyor/tackle-pathfinder:1.3.1-native - - name: RELATED_IMAGE_KEYCLOAK_DATABASE + - name: RELATED_IMAGE_TACKLE_POSTGRES value: quay.io/centos7/postgresql-12-centos7:latest - name: RELATED_IMAGE_KEYCLOAK_SSO value: quay.io/keycloak/keycloak:18.0.2-legacy From d8e870786307f9e2496253d9ac375c04e6a5e4e2 Mon Sep 17 00:00:00 2001 From: Tiger Kaovilai Date: Tue, 2 May 2023 11:02:13 -0400 Subject: [PATCH 2/8] Remove duplicate RELATED_IMAGE_TACKLE_POSTGRES from csv template. Signed-off-by: Tiger Kaovilai --- tools/templates/clusterserviceversion.yaml.j2 | 2 -- 1 file changed, 2 deletions(-) diff --git a/tools/templates/clusterserviceversion.yaml.j2 b/tools/templates/clusterserviceversion.yaml.j2 index 60036ae..5df31c5 100644 --- a/tools/templates/clusterserviceversion.yaml.j2 +++ b/tools/templates/clusterserviceversion.yaml.j2 @@ -150,8 +150,6 @@ spec: value: quay.io/centos7/postgresql-12-centos7:latest - name: RELATED_IMAGE_PATHFINDER value: quay.io/konveyor/tackle-pathfinder:1.3.1-native - - name: RELATED_IMAGE_TACKLE_POSTGRES - value: quay.io/centos7/postgresql-12-centos7:latest - name: RELATED_IMAGE_KEYCLOAK_SSO value: quay.io/keycloak/keycloak:18.0.2-legacy - name: RELATED_IMAGE_TACKLE_UI From c66bed63910e46590d7aeb81e6939bdbf96d74b7 Mon Sep 17 00:00:00 2001 From: Tiger Kaovilai Date: Tue, 2 May 2023 11:07:26 -0400 Subject: [PATCH 3/8] update relatedImages in tools/templates Signed-off-by: Tiger Kaovilai --- tools/templates/clusterserviceversion.yaml.j2 | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tools/templates/clusterserviceversion.yaml.j2 b/tools/templates/clusterserviceversion.yaml.j2 index 5df31c5..16ddf16 100644 --- a/tools/templates/clusterserviceversion.yaml.j2 +++ b/tools/templates/clusterserviceversion.yaml.j2 @@ -346,14 +346,16 @@ spec: image: quay.io/konveyor/tackle2-hub:{{ tag }} - name: tackle-ui image: quay.io/konveyor/tackle2-ui:{{ tag }} - - name: tackle-addon + - name: addon-admin image: quay.io/konveyor/tackle2-addon:{{ tag }} - - name: tackle-addon-windup + - name: addon-windup image: quay.io/konveyor/tackle2-addon-windup:{{ tag }} - - name: tackle-pathfinder + - name: pathfinder image: quay.io/konveyor/tackle-pathfinder:1.3.1-native - - name: tackle-keycloak + - name: keycloak-sso image: quay.io/keycloak/keycloak:18.0.2-legacy + - image: quay.io/konveyor/tackle-keycloak-init:{{ tag }} + name: keycloak-init - name: tackle-postgres image: quay.io/centos7/postgresql-12-centos7:latest version: {{ version }} From 6b87576265c745fdf5ce1341753c3be0d051f1e0 Mon Sep 17 00:00:00 2001 From: Tiger Kaovilai Date: Tue, 2 May 2023 16:54:40 -0400 Subject: [PATCH 4/8] add config/ to ci Signed-off-by: Tiger Kaovilai --- .github/workflows/csv-validate.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/csv-validate.yml b/.github/workflows/csv-validate.yml index 89c2585..ab494e9 100644 --- a/.github/workflows/csv-validate.yml +++ b/.github/workflows/csv-validate.yml @@ -24,5 +24,16 @@ jobs: - name: Get Operator SDK run: make operator-sdk + - name: Check config/ is in sync with bundle/ + run: | + make bundle + # workaround for https://github.com/operator-framework/operator-sdk/issues/6285 + # ignore createdAt if its the only change. + git diff --quiet -I'^ createdAt: ' bundle + if ((! $?)) ; then + git checkout bundle + fi + git diff --exit-code bundle/ + - name: Validate bundle run: ./bin/operator-sdk bundle validate ./bundle From 0d4ff3e739c09504ba5ac402296e9bb011eef6d3 Mon Sep 17 00:00:00 2001 From: Tiger Kaovilai Date: Tue, 2 May 2023 17:08:39 -0400 Subject: [PATCH 5/8] move createdAt workaround to Makefile Signed-off-by: Tiger Kaovilai --- .github/workflows/csv-validate.yml | 8 +------- Makefile | 6 ++++++ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/csv-validate.yml b/.github/workflows/csv-validate.yml index ab494e9..0c9d069 100644 --- a/.github/workflows/csv-validate.yml +++ b/.github/workflows/csv-validate.yml @@ -26,13 +26,7 @@ jobs: - name: Check config/ is in sync with bundle/ run: | - make bundle - # workaround for https://github.com/operator-framework/operator-sdk/issues/6285 - # ignore createdAt if its the only change. - git diff --quiet -I'^ createdAt: ' bundle - if ((! $?)) ; then - git checkout bundle - fi + make bundle bundle-ignore-createdAt git diff --exit-code bundle/ - name: Validate bundle diff --git a/Makefile b/Makefile index 73b56a5..1b4c0d1 100644 --- a/Makefile +++ b/Makefile @@ -196,6 +196,12 @@ bundle: kustomize operator-sdk ## Generate bundle manifests and metadata, then v $(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle -q --overwrite --extra-service-accounts tackle-hub,tackle-ui --version $(VERSION) $(BUNDLE_METADATA_OPTS) $(OPERATOR_SDK) bundle validate ./bundle +# Workaround to undo createdAt changes in bundle manifests if its the only change. +# https://github.com/operator-framework/operator-sdk/issues/6285#issuecomment-1532150678 +.PHONY: bundle-ignore-createdAt +bundle-ignore-createdAt: + git diff --quiet -I'^ createdAt: ' bundle && git checkout bundle || true + .PHONY: bundle-build bundle-build: ## Build the bundle image. ifeq ($(CONTAINER_RUNTIME), podman) From c871e7274c1c1835683c737d33be49c8915bdaa8 Mon Sep 17 00:00:00 2001 From: Tiger Kaovilai Date: Tue, 2 May 2023 21:11:53 -0400 Subject: [PATCH 6/8] fix `make bundle IMG=somethingelse:tag` override. Signed-off-by: Tiger Kaovilai --- config/manager/manager.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 56777d6..4fc63b4 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -62,7 +62,7 @@ spec: - name: RELATED_IMAGE_ADDON_WINDUP value: quay.io/konveyor/tackle2-addon-windup:latest name: tackle-operator - image: quay.io/konveyor/tackle2-operator:latest + image: controller:latest # this will be replaced with IMG by `make bundle` imagePullPolicy: Always livenessProbe: httpGet: From 2e43d22991a0034b9700bd430e60c1f1b1077bf5 Mon Sep 17 00:00:00 2001 From: Tiger Kaovilai Date: Mon, 8 May 2023 15:14:58 -0400 Subject: [PATCH 7/8] remove ` namespace: system` Signed-off-by: Tiger Kaovilai --- config/manager/manager.yaml | 1 - config/prometheus/monitor.yaml | 1 - config/rbac/cluster_role_binding.yaml | 1 - config/rbac/hub_role_binding.yaml | 1 - config/rbac/hub_service_account.yaml | 1 - config/rbac/role_binding.yaml | 1 - config/rbac/service_account.yaml | 1 - config/rbac/ui_cluster_role_binding.yaml | 1 - config/rbac/ui_service_account.yaml | 1 - 9 files changed, 9 deletions(-) diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 4fc63b4..62fd468 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -9,7 +9,6 @@ apiVersion: apps/v1 kind: Deployment metadata: name: tackle-operator - namespace: system spec: replicas: 1 selector: diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml index 8255191..a262c05 100644 --- a/config/prometheus/monitor.yaml +++ b/config/prometheus/monitor.yaml @@ -6,7 +6,6 @@ metadata: labels: control-plane: tackle-operator name: tackle-operator-metrics-monitor - namespace: system spec: endpoints: - path: /metrics diff --git a/config/rbac/cluster_role_binding.yaml b/config/rbac/cluster_role_binding.yaml index e8f6ada..28d34b0 100644 --- a/config/rbac/cluster_role_binding.yaml +++ b/config/rbac/cluster_role_binding.yaml @@ -9,4 +9,3 @@ roleRef: subjects: - kind: ServiceAccount name: tackle-operator - namespace: system diff --git a/config/rbac/hub_role_binding.yaml b/config/rbac/hub_role_binding.yaml index 6976ee6..ed85d0b 100644 --- a/config/rbac/hub_role_binding.yaml +++ b/config/rbac/hub_role_binding.yaml @@ -9,4 +9,3 @@ roleRef: subjects: - kind: ServiceAccount name: tackle-hub - namespace: system diff --git a/config/rbac/hub_service_account.yaml b/config/rbac/hub_service_account.yaml index 5eac8ca..9b30bcb 100644 --- a/config/rbac/hub_service_account.yaml +++ b/config/rbac/hub_service_account.yaml @@ -2,4 +2,3 @@ apiVersion: v1 kind: ServiceAccount metadata: name: tackle-hub - namespace: system diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml index ab8a0be..6caa99f 100644 --- a/config/rbac/role_binding.yaml +++ b/config/rbac/role_binding.yaml @@ -9,4 +9,3 @@ roleRef: subjects: - kind: ServiceAccount name: tackle-operator - namespace: system diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml index 573841e..3ae8044 100644 --- a/config/rbac/service_account.yaml +++ b/config/rbac/service_account.yaml @@ -2,4 +2,3 @@ apiVersion: v1 kind: ServiceAccount metadata: name: tackle-operator - namespace: system diff --git a/config/rbac/ui_cluster_role_binding.yaml b/config/rbac/ui_cluster_role_binding.yaml index c57c239..08ed13d 100644 --- a/config/rbac/ui_cluster_role_binding.yaml +++ b/config/rbac/ui_cluster_role_binding.yaml @@ -9,4 +9,3 @@ roleRef: subjects: - kind: ServiceAccount name: tackle-ui - namespace: system diff --git a/config/rbac/ui_service_account.yaml b/config/rbac/ui_service_account.yaml index 0323972..a044bde 100644 --- a/config/rbac/ui_service_account.yaml +++ b/config/rbac/ui_service_account.yaml @@ -2,4 +2,3 @@ apiVersion: v1 kind: ServiceAccount metadata: name: tackle-ui - namespace: system From 996634616e1c4dbbf3c9f733014103e91aba2ab3 Mon Sep 17 00:00:00 2001 From: Tiger Kaovilai Date: Thu, 11 May 2023 08:55:35 -0700 Subject: [PATCH 8/8] Dockerfile: Migrate ansible-operator image to v1.28.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Following migration guide from v1.22.0 to v1.28.1 https://sdk.operatorframework.io/docs/upgrading-sdk-version/ - v1.23.0 - Upgrade kustomize versions from v3.8.7 to v4.5.5 - In the `molecule/default`, replace `--load_restrictor none .` with `--load-restrictor LoadRestrictionsNone` - v1.24.0 In Ansible & Helm-based operators, if you need to support arm64, add the following `| sed 's/aarch64/arm64/'` on the following line `ARCH := $(shell uname -m | sed 's/x86_64/amd64/')` The resulting line should look like this `ARCH := $(shell uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/')` - v1.25.0 Add docker-buildx target - v1.26.0 update ansible operator Makefile’s run target - v1.28.0 Upgrade kubernetes.core collection to v2.4.0 Signed-off-by: Tiger Kaovilai --- Dockerfile | 3 ++- Makefile | 39 +++++++++++++++++++++++----------- molecule/default/kustomize.yml | 2 +- requirements.yml | 2 +- 4 files changed, 31 insertions(+), 15 deletions(-) diff --git a/Dockerfile b/Dockerfile index e5ef8f1..1f2614a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,5 @@ -FROM quay.io/operator-framework/ansible-operator:v1.22.0 +ARG OPERATOR_SDK_VERSION=v1.28.1 +FROM quay.io/operator-framework/ansible-operator:$OPERATOR_SDK_VERSION COPY requirements.yml ${HOME}/requirements.yml RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \ diff --git a/Makefile b/Makefile index 1b4c0d1..ef96e8e 100644 --- a/Makefile +++ b/Makefile @@ -83,10 +83,12 @@ help: ## Display this help. ##@ Build .PHONY: run +ANSIBLE_ROLES_PATH?="$(shell pwd)/roles" run: ansible-operator ## Run against the configured Kubernetes cluster in ~/.kube/config - ANSIBLE_ROLES_PATH="$(ANSIBLE_ROLES_PATH):$(shell pwd)/roles" $(ANSIBLE_OPERATOR) run + $(ANSIBLE_OPERATOR) run TARGET_PLATFORMS ?= linux/${TARGET_ARCH} +CONTAINER_BUILDARGS ?= --build-arg OPERATOR_SDK_VERSION=v1.28.1 .PHONY: docker-build docker-build: ## Build docker image with the manager. ifeq ($(CONTAINER_RUNTIME), podman) @@ -95,6 +97,23 @@ else $(CONTAINER_RUNTIME) build --platform ${TARGET_PLATFORMS} -t ${IMG} . endif +# PLATFORMS defines the target platforms for the manager image be build to provide support to multiple +# architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to: +# - able to use docker buildx . More info: https://docs.docker.com/build/buildx/ +# - have enable BuildKit, More info: https://docs.docker.com/develop/develop-images/build_enhancements/ +# - be able to push the image for your registry (i.e. if you do not inform a valid value via IMG=> than the export will fail) +# To properly provided solutions that supports more than one platform you should use this option. +PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le +.PHONY: docker-buildx +docker-buildx: test ## Build and push docker image for the manager for cross-platform support + # copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile + sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross + - docker buildx create --name project-v3-builder + docker buildx use project-v3-builder + - docker buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross + - docker buildx rm project-v3-builder + rm Dockerfile.cross + .PHONY: docker-push docker-push: ## Push docker image with the manager. $(CONTAINER_RUNTIME) push ${IMG} @@ -139,24 +158,19 @@ undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/confi $(KUSTOMIZE) build config/default | kubectl delete -f - OS := $(shell uname -s | tr '[:upper:]' '[:lower:]') -ARCH := $(shell uname -m | sed 's/x86_64/amd64/') +ARCH := $(shell uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/') .PHONY: kustomize KUSTOMIZE = $(shell pwd)/bin/kustomize -KUSTOMIZE_ARCH=$(ARCH) -ifeq ($(OS),darwin) -# Kustomize does not provide a Darwin/arm64 binary for v3.8.7 - KUSTOMIZE_ARCH="amd64" -endif +KUSTOMIZE_VERSION = v4.5.5 kustomize: ## Download kustomize locally if necessary. ifeq (,$(wildcard $(KUSTOMIZE))) ifeq (,$(shell which kustomize 2>/dev/null)) @{ \ set -e &&\ - echo "$(KUSTOMIZE_ARCH)" &&\ mkdir -p $(dir $(KUSTOMIZE)) &&\ - echo https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v3.8.7/kustomize_v3.8.7_$(OS)_$(KUSTOMIZE_ARCH).tar.gz &&\ - curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v3.8.7/kustomize_v3.8.7_$(OS)_$(KUSTOMIZE_ARCH).tar.gz | \ + echo https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/$(KUSTOMIZE_VERSION)/kustomize_$(KUSTOMIZE_VERSION)_$(OS)_$(ARCH).tar.gz &&\ + curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/$(KUSTOMIZE_VERSION)/kustomize_$(KUSTOMIZE_VERSION)_$(OS)_$(ARCH).tar.gz | \ tar xzf - -C bin/ ;\ } else @@ -172,7 +186,7 @@ ifeq (,$(shell which ansible-operator 2>/dev/null)) @{ \ set -e ;\ mkdir -p $(dir $(ANSIBLE_OPERATOR)) ;\ - curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.22.0/ansible-operator_$(OS)_$(ARCH) ;\ + curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/$(OPERATOR_SDK_VERSION)/ansible-operator_$(OS)_$(ARCH) ;\ chmod +x $(ANSIBLE_OPERATOR) ;\ } else @@ -181,12 +195,13 @@ endif endif OPERATOR_SDK = $(shell pwd)/bin/operator-sdk +OPERATOR_SDK_VERSION ?= v1.28.1 .PHONY: operator-sdk operator-sdk: $(OPERATOR_SDK) $(OPERATOR_SDK): mkdir -p $(dir $(OPERATOR_SDK)) && \ - curl -Lo $(OPERATOR_SDK) https://github.com/operator-framework/operator-sdk/releases/download/v1.28.1/operator-sdk_$(shell go env GOOS)_$(shell go env GOARCH) && \ + curl -Lo $(OPERATOR_SDK) https://github.com/operator-framework/operator-sdk/releases/download/$(OPERATOR_SDK_VERSION)/operator-sdk_$(shell go env GOOS)_$(shell go env GOARCH) && \ chmod +x $(OPERATOR_SDK); .PHONY: bundle diff --git a/molecule/default/kustomize.yml b/molecule/default/kustomize.yml index 5871648..0e55350 100644 --- a/molecule/default/kustomize.yml +++ b/molecule/default/kustomize.yml @@ -1,7 +1,7 @@ --- - name: Build kustomize testing overlay # load_restrictor must be set to none so we can load patch files from the default overlay - command: '{{ kustomize }} build --load_restrictor none .' + command: '{{ kustomize }} build --load-restrictor LoadRestrictionsNone' args: chdir: '{{ config_dir }}/testing' register: resources diff --git a/requirements.yml b/requirements.yml index 6fd8849..8e1e6b7 100644 --- a/requirements.yml +++ b/requirements.yml @@ -3,6 +3,6 @@ collections: - name: operator_sdk.util version: "0.4.0" - name: kubernetes.core - version: "2.3.1" + version: "2.4.0" - name: cloud.common version: "2.1.1"