diff --git a/.goreleaser.yml b/.goreleaser.yml index d828849dd..df644a264 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -124,7 +124,7 @@ release: disable: '{{ ne .Env.ENABLE_RELEASE_PIPELINE "true" }}' extra_files: - glob: 'operator-controller.yaml' - - glob: './catalogd/config/base/default/clustercatalogs/default-catalogs.yaml' + - glob: './config/catalogs/clustercatalogs/default-catalogs.yaml' - glob: 'install.sh' header: | ## Installation diff --git a/Makefile b/Makefile index 2de91e63c..a1c4f2865 100644 --- a/Makefile +++ b/Makefile @@ -65,7 +65,6 @@ $(warning Could not find docker or podman in path! This may result in targets re endif KUSTOMIZE_BUILD_DIR := config/overlays/cert-manager -CATALOGD_KUSTOMIZE_BUILD_DIR := catalogd/config/overlays/cert-manager # Disable -j flag for make .NOTPARALLEL: @@ -114,17 +113,19 @@ tidy: #HELP Update dependencies. $(Q)go mod tidy -go=$(GOLANG_VERSION) .PHONY: manifests -KUSTOMIZE_CRDS_DIR := config/base/crd/bases -KUSTOMIZE_RBAC_DIR := config/base/rbac -KUSTOMIZE_WEBHOOKS_DIR := config/base/manager/webhook +KUSTOMIZE_CATD_CRDS_DIR := config/base/catalogd/crd/bases +KUSTOMIZE_CATD_RBAC_DIR := config/base/catalogd/rbac +KUSTOMIZE_CATD_WEBHOOKS_DIR := config/base/catalogd/manager/webhook +KUSTOMIZE_OPCON_CRDS_DIR := config/base/operator-controller/crd/bases +KUSTOMIZE_OPCON_RBAC_DIR := config/base/operator-controller/rbac manifests: $(CONTROLLER_GEN) #EXHELP Generate WebhookConfiguration, ClusterRole, and CustomResourceDefinition objects. # Generate the operator-controller manifests - rm -rf $(KUSTOMIZE_CRDS_DIR) && $(CONTROLLER_GEN) crd paths=./api/... output:crd:artifacts:config=$(KUSTOMIZE_CRDS_DIR) - rm -f $(KUSTOMIZE_RBAC_DIR)/role.yaml && $(CONTROLLER_GEN) rbac:roleName=manager-role paths=./internal/operator-controller/... output:rbac:artifacts:config=$(KUSTOMIZE_RBAC_DIR) + rm -rf $(KUSTOMIZE_OPCON_CRDS_DIR) && $(CONTROLLER_GEN) crd paths=./api/... output:crd:artifacts:config=$(KUSTOMIZE_OPCON_CRDS_DIR) + rm -f $(KUSTOMIZE_OPCON_RBAC_DIR)/role.yaml && $(CONTROLLER_GEN) rbac:roleName=manager-role paths=./internal/operator-controller/... output:rbac:artifacts:config=$(KUSTOMIZE_OPCON_RBAC_DIR) # Generate the catalogd manifests - rm -rf catalogd/$(KUSTOMIZE_CRDS_DIR) && $(CONTROLLER_GEN) crd paths="./catalogd/api/..." output:crd:artifacts:config=catalogd/$(KUSTOMIZE_CRDS_DIR) - rm -f catalogd/$(KUSTOMIZE_RBAC_DIR)/role.yaml && $(CONTROLLER_GEN) rbac:roleName=manager-role paths="./internal/catalogd/..." output:rbac:artifacts:config=catalogd/$(KUSTOMIZE_RBAC_DIR) - rm -f catalogd/$(KUSTOMIZE_WEBHOOKS_DIR)/manifests.yaml && $(CONTROLLER_GEN) webhook paths="./internal/catalogd/..." output:webhook:artifacts:config=catalogd/$(KUSTOMIZE_WEBHOOKS_DIR) + rm -rf $(KUSTOMIZE_CATD_CRDS_DIR) && $(CONTROLLER_GEN) crd paths="./catalogd/api/..." output:crd:artifacts:config=$(KUSTOMIZE_CATD_CRDS_DIR) + rm -f $(KUSTOMIZE_CATD_RBAC_DIR)/role.yaml && $(CONTROLLER_GEN) rbac:roleName=manager-role paths="./internal/catalogd/..." output:rbac:artifacts:config=$(KUSTOMIZE_CATD_RBAC_DIR) + rm -f $(KUSTOMIZE_CATD_WEBHOOKS_DIR)/manifests.yaml && $(CONTROLLER_GEN) webhook paths="./internal/catalogd/..." output:webhook:artifacts:config=$(KUSTOMIZE_CATD_WEBHOOKS_DIR) .PHONY: generate generate: $(CONTROLLER_GEN) #EXHELP Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. @@ -221,7 +222,6 @@ image-registry: ## Build the testdata catalog used for e2e tests and push it to test-e2e: KIND_CLUSTER_NAME := operator-controller-e2e test-e2e: KUSTOMIZE_BUILD_DIR := config/overlays/e2e test-e2e: GO_BUILD_FLAGS := -cover -test-e2e: CATALOGD_KUSTOMIZE_BUILD_DIR := catalogd/config/overlays/e2e test-e2e: run image-registry e2e e2e-coverage kind-clean #HELP Run e2e test suite on local kind cluster .PHONY: extension-developer-e2e @@ -259,9 +259,9 @@ kind-load: $(KIND) #EXHELP Loads the currently constructed images into the KIND .PHONY: kind-deploy kind-deploy: export MANIFEST := ./operator-controller.yaml -kind-deploy: export DEFAULT_CATALOG := ./catalogd/config/base/default/clustercatalogs/default-catalogs.yaml +kind-deploy: export DEFAULT_CATALOG := ./config/catalogs/clustercatalogs/default-catalogs.yaml kind-deploy: manifests $(KUSTOMIZE) - ($(KUSTOMIZE) build $(KUSTOMIZE_BUILD_DIR) && echo "---" && $(KUSTOMIZE) build $(CATALOGD_KUSTOMIZE_BUILD_DIR) | sed "s/cert-git-version/cert-$(VERSION)/g") > $(MANIFEST) + $(KUSTOMIZE) build $(KUSTOMIZE_BUILD_DIR) | sed "s/cert-git-version/cert-$(VERSION)/g" > $(MANIFEST) envsubst '$$DEFAULT_CATALOG,$$CERT_MGR_VERSION,$$INSTALL_DEFAULT_CATALOGS,$$MANIFEST' < scripts/install.tpl.sh | bash -s .PHONY: kind-cluster @@ -347,7 +347,7 @@ release: $(GORELEASER) #EXHELP Runs goreleaser for the operator-controller. By d quickstart: export MANIFEST := https://github.com/operator-framework/operator-controller/releases/download/$(VERSION)/operator-controller.yaml quickstart: export DEFAULT_CATALOG := "https://github.com/operator-framework/operator-controller/releases/download/$(VERSION)/default-catalogs.yaml" quickstart: $(KUSTOMIZE) manifests #EXHELP Generate the unified installation release manifests and scripts. - ($(KUSTOMIZE) build $(KUSTOMIZE_BUILD_DIR) && echo "---" && $(KUSTOMIZE) build catalogd/config/overlays/cert-manager) | sed "s/cert-git-version/cert-$(VERSION)/g" | sed "s/:devel/:$(VERSION)/g" > operator-controller.yaml + $(KUSTOMIZE) build $(KUSTOMIZE_BUILD_DIR) | sed "s/cert-git-version/cert-$(VERSION)/g" | sed "s/:devel/:$(VERSION)/g" > operator-controller.yaml envsubst '$$DEFAULT_CATALOG,$$CERT_MGR_VERSION,$$INSTALL_DEFAULT_CATALOGS,$$MANIFEST' < scripts/install.tpl.sh > install.sh ##@ Docs @@ -367,7 +367,7 @@ crd-ref-docs: $(CRD_REF_DOCS) #EXHELP Generate the API Reference Documents. $(CRD_REF_DOCS) --source-path=$(ROOT_DIR)/catalogd/api \ --config=$(API_REFERENCE_DIR)/crd-ref-docs-gen-config.yaml \ --renderer=markdown --output-path=$(API_REFERENCE_DIR)/$(CATALOGD_API_REFERENCE_FILENAME); - + VENVDIR := $(abspath docs/.venv) .PHONY: build-docs diff --git a/Tiltfile b/Tiltfile index 5682e106c..f5506d30f 100644 --- a/Tiltfile +++ b/Tiltfile @@ -2,7 +2,7 @@ load('.tilt-support', 'deploy_repo') operator_controller = { 'image': 'quay.io/operator-framework/operator-controller', - 'yaml': 'config/overlays/tilt-local-dev', + 'yaml': 'config/overlays/tilt-local-dev/operator-controller', 'binaries': { './cmd/operator-controller': 'operator-controller-controller-manager', }, @@ -13,7 +13,7 @@ deploy_repo('operator-controller', operator_controller, '-tags containers_image_ catalogd = { 'image': 'quay.io/operator-framework/catalogd', - 'yaml': 'catalogd/config/overlays/cert-manager', + 'yaml': 'config/overlays/tilt-local-dev/catalogd', 'binaries': { './catalogd/cmd/catalogd': 'catalogd-controller-manager', }, diff --git a/catalogd/api/v1/clustercatalog_types_test.go b/catalogd/api/v1/clustercatalog_types_test.go index 074acc524..0ddd2f5e3 100644 --- a/catalogd/api/v1/clustercatalog_types_test.go +++ b/catalogd/api/v1/clustercatalog_types_test.go @@ -20,7 +20,7 @@ import ( "sigs.k8s.io/yaml" ) -const crdFilePath = "../../config/base/crd/bases/olm.operatorframework.io_clustercatalogs.yaml" +const crdFilePath = "../../../config/base/catalogd/crd/bases/olm.operatorframework.io_clustercatalogs.yaml" func TestImageSourceCELValidationRules(t *testing.T) { validators := fieldValidatorsFromFile(t, crdFilePath) diff --git a/catalogd/config/base/default/kustomization.yaml b/catalogd/config/base/default/kustomization.yaml deleted file mode 100644 index 93dce3bac..000000000 --- a/catalogd/config/base/default/kustomization.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# Adds namespace to all resources. -namespace: olmv1-system - -# Value of this field is prepended to the -# names of all resources, e.g. a deployment named -# "wordpress" becomes "alices-wordpress". -# Note that it should also match with the prefix (text before '-') of the namespace -# field above. -namePrefix: catalogd- - -# the following config is for teaching kustomize how to do var substitution -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- ../crd -- ../rbac -- ../manager diff --git a/catalogd/config/components/ca/kustomization.yaml b/catalogd/config/components/ca/kustomization.yaml deleted file mode 100644 index 113d2a957..000000000 --- a/catalogd/config/components/ca/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1alpha1 -kind: Component -# No namespace is specified here, otherwise, it will overwrite _all_ the other namespaces! -resources: -- resources/issuers.yaml -patches: -- target: - kind: Deployment - name: controller-manager - path: patches/manager_deployment_cacerts.yaml diff --git a/catalogd/config/components/registries-conf/kustomization.yaml b/catalogd/config/components/registries-conf/kustomization.yaml deleted file mode 100644 index e48262429..000000000 --- a/catalogd/config/components/registries-conf/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1alpha1 -kind: Component -namespace: olmv1-system -resources: -- registries_conf_configmap.yaml -patches: -- path: manager_e2e_registries_conf_patch.yaml diff --git a/catalogd/config/components/registries-conf/manager_e2e_registries_conf_patch.yaml b/catalogd/config/components/registries-conf/manager_e2e_registries_conf_patch.yaml deleted file mode 100644 index 42012d697..000000000 --- a/catalogd/config/components/registries-conf/manager_e2e_registries_conf_patch.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager - volumeMounts: - - name: e2e-registries-conf - mountPath: /etc/containers - volumes: - - name: e2e-registries-conf - configMap: - name: e2e-registries-conf diff --git a/catalogd/config/components/registries-conf/registries_conf_configmap.yaml b/catalogd/config/components/registries-conf/registries_conf_configmap.yaml deleted file mode 100644 index 2604c78f5..000000000 --- a/catalogd/config/components/registries-conf/registries_conf_configmap.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: e2e-registries-conf - namespace: system -data: - registries.conf: | - [[registry]] - prefix = "mirrored-registry.operator-controller-e2e.svc.cluster.local:5000" - location = "docker-registry.operator-controller-e2e.svc.cluster.local:5000" diff --git a/catalogd/config/overlays/cert-manager/kustomization.yaml b/catalogd/config/overlays/cert-manager/kustomization.yaml deleted file mode 100644 index fb27be4f4..000000000 --- a/catalogd/config/overlays/cert-manager/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- ../../base/crd -- ../../base/rbac -- ../../base/manager -components: -- ../../components/tls -- ../../components/ca diff --git a/catalogd/config/overlays/e2e/kustomization.yaml b/catalogd/config/overlays/e2e/kustomization.yaml deleted file mode 100644 index dbfd7d737..000000000 --- a/catalogd/config/overlays/e2e/kustomization.yaml +++ /dev/null @@ -1,12 +0,0 @@ -# kustomization file for all the e2e's -# DO NOT ADD A NAMESPACE HERE -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ../../base/crd - - ../../base/rbac - - ../../base/manager -components: - - ../../components/tls - - ../../components/registries-conf - - ../../components/ca diff --git a/catalogd/config/rbac/role.yaml b/catalogd/config/rbac/role.yaml deleted file mode 100644 index b0cf5a213..000000000 --- a/catalogd/config/rbac/role.yaml +++ /dev/null @@ -1,65 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: manager-role -rules: -- apiGroups: - - olm.operatorframework.io - resources: - - clustercatalogs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - olm.operatorframework.io - resources: - - clustercatalogs/finalizers - verbs: - - update -- apiGroups: - - olm.operatorframework.io - resources: - - clustercatalogs/status - verbs: - - get - - patch - - update -- apiGroups: - - "" - resources: - - pods - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - pods/log - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: manager-role - namespace: system -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get diff --git a/catalogd/config/samples/core_v1_clustercatalog.yaml b/catalogd/config/samples/core_v1_clustercatalog.yaml deleted file mode 100644 index 661bf2a6c..000000000 --- a/catalogd/config/samples/core_v1_clustercatalog.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: olm.operatorframework.io/v1 -kind: ClusterCatalog -metadata: - name: operatorhubio -spec: - priority: 0 - source: - type: Image - image: - pollIntervalMinutes: 1440 - ref: quay.io/operatorhubio/catalog:latest diff --git a/config/README.md b/config/README.md index 1f8011507..449989b23 100644 --- a/config/README.md +++ b/config/README.md @@ -1,52 +1,77 @@ # OPERATOR-CONTROLLER CONFIG -## config/base +## config/overlays/basic-olm -This provides an insecure (i.e. no TLS) basic configuration of operator-controller. - -This configuration specifies a namespace of `olmv1-system`. +This includes basic support for an insecure OLMv1 deployment. This configuration uses: +* config/base/catalogd +* config/base/operator-controller +* config/base/common ## config/overlays/cert-manager -This includes support for a secure (i.e. with TLS) configuration of operator-controller. This configuration uses: -* config/base -* config/components/tls -* config/components/ca +This includes support for a secure (i.e. with TLS) configuration of OLMv1. This configuration uses: +* config/base/catalogd +* config/base/operator-controller +* config/base/common +* config/components/tls/catalogd +* config/components/tls/operator-controller +* config/components/tls/ca This configuration requires cert-manager. ## config/overlays/e2e This provides additional configuration support for end-to-end testing, including code coverage. This configuration uses: -* config/base -* config/components/tls -* config/components/ca +* config/base/catalogd +* config/base/operator-controller +* config/base/common * config/components/coverage +* config/components/tls/catalogd +* config/components/tls/operator-controller +* config/components/tls/ca This configuration requires cert-manager. -## Components +## Base Configuration -Each of the `kustomization.yaml` files specify a `Component`, rather than an overlay. +The base configuration specifies a namespace of `olmv1-system`. -### config/components/tls +### config/base/catalogd -This provides a basic configuration of operator-controller with TLS support for catalogd. +This provides the base configuration of catalogd. + +### config/base/operator-controller + +This provides the base configuration of operator-controller. + +### config/base/common + +This provides common components to both operator-controller and catalogd, i.e. namespace. + +## Components + +Each of the `kustomization.yaml` files specify a `Component`, rather than an overlay, and thus, can be used within the overlays. -This component specifies the `olmv1-system` namespace. +### config/components/tls/catalogd + +This provides a basic configuration of catalogd with TLS support. This component requires cert-manager. -### config/components/coverage +### config/components/tls/operator-controller -Provides configuration for code coverage. +This provides a basic configuration of operator-controller with TLS support for catalogd. -This component specifies the `olmv1-system` namespace. +This component requires cert-manager. -### config/components/ca +### config/components/tls/ca -Procides a CA for operator-controller operation. +Provides a CA for operator-controller/catalogd operation. -This component _does not_ specify a namespace, and must be included last. +This component _does not_ specify a namespace, and _must_ be included last. This component requires cert-manager. + +### config/components/coverage + +Provides configuration for code coverage. diff --git a/config/base/catalogd/crd/bases/olm.operatorframework.io_clustercatalogs.yaml b/config/base/catalogd/crd/bases/olm.operatorframework.io_clustercatalogs.yaml new file mode 100644 index 000000000..cbf023565 --- /dev/null +++ b/config/base/catalogd/crd/bases/olm.operatorframework.io_clustercatalogs.yaml @@ -0,0 +1,441 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.2 + name: clustercatalogs.olm.operatorframework.io +spec: + group: olm.operatorframework.io + names: + kind: ClusterCatalog + listKind: ClusterCatalogList + plural: clustercatalogs + singular: clustercatalog + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.lastUnpacked + name: LastUnpacked + type: date + - jsonPath: .status.conditions[?(@.type=="Serving")].status + name: Serving + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: |- + ClusterCatalog enables users to make File-Based Catalog (FBC) catalog data available to the cluster. + For more information on FBC, see https://olm.operatorframework.io/docs/reference/file-based-catalogs/#docs + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + spec is the desired state of the ClusterCatalog. + spec is required. + The controller will work to ensure that the desired + catalog is unpacked and served over the catalog content HTTP server. + properties: + availabilityMode: + default: Available + description: |- + availabilityMode allows users to define how the ClusterCatalog is made available to clients on the cluster. + availabilityMode is optional. + + Allowed values are "Available" and "Unavailable" and omitted. + + When omitted, the default value is "Available". + + When set to "Available", the catalog contents will be unpacked and served over the catalog content HTTP server. + Setting the availabilityMode to "Available" tells clients that they should consider this ClusterCatalog + and its contents as usable. + + When set to "Unavailable", the catalog contents will no longer be served over the catalog content HTTP server. + When set to this availabilityMode it should be interpreted the same as the ClusterCatalog not existing. + Setting the availabilityMode to "Unavailable" can be useful in scenarios where a user may not want + to delete the ClusterCatalog all together, but would still like it to be treated as if it doesn't exist. + enum: + - Unavailable + - Available + type: string + priority: + default: 0 + description: |- + priority allows the user to define a priority for a ClusterCatalog. + priority is optional. + + A ClusterCatalog's priority is used by clients as a tie-breaker between ClusterCatalogs that meet the client's requirements. + A higher number means higher priority. + + It is up to clients to decide how to handle scenarios where multiple ClusterCatalogs with the same priority meet their requirements. + When deciding how to break the tie in this scenario, it is recommended that clients prompt their users for additional input. + + When omitted, the default priority is 0 because that is the zero value of integers. + + Negative numbers can be used to specify a priority lower than the default. + Positive numbers can be used to specify a priority higher than the default. + + The lowest possible value is -2147483648. + The highest possible value is 2147483647. + format: int32 + type: integer + source: + description: |- + source allows a user to define the source of a catalog. + A "catalog" contains information on content that can be installed on a cluster. + Providing a catalog source makes the contents of the catalog discoverable and usable by + other on-cluster components. + These on-cluster components may do a variety of things with this information, such as + presenting the content in a GUI dashboard or installing content from the catalog on the cluster. + The catalog source must contain catalog metadata in the File-Based Catalog (FBC) format. + For more information on FBC, see https://olm.operatorframework.io/docs/reference/file-based-catalogs/#docs. + source is a required field. + + Below is a minimal example of a ClusterCatalogSpec that sources a catalog from an image: + + source: + type: Image + image: + ref: quay.io/operatorhubio/catalog:latest + properties: + image: + description: |- + image is used to configure how catalog contents are sourced from an OCI image. + This field is required when type is Image, and forbidden otherwise. + properties: + pollIntervalMinutes: + description: |- + pollIntervalMinutes allows the user to set the interval, in minutes, at which the image source should be polled for new content. + pollIntervalMinutes is optional. + pollIntervalMinutes can not be specified when ref is a digest-based reference. + + When omitted, the image will not be polled for new content. + minimum: 1 + type: integer + ref: + description: |- + ref allows users to define the reference to a container image containing Catalog contents. + ref is required. + ref can not be more than 1000 characters. + + A reference can be broken down into 3 parts - the domain, name, and identifier. + + The domain is typically the registry where an image is located. + It must be alphanumeric characters (lowercase and uppercase) separated by the "." character. + Hyphenation is allowed, but the domain must start and end with alphanumeric characters. + Specifying a port to use is also allowed by adding the ":" character followed by numeric values. + The port must be the last value in the domain. + Some examples of valid domain values are "registry.mydomain.io", "quay.io", "my-registry.io:8080". + + The name is typically the repository in the registry where an image is located. + It must contain lowercase alphanumeric characters separated only by the ".", "_", "__", "-" characters. + Multiple names can be concatenated with the "/" character. + The domain and name are combined using the "/" character. + Some examples of valid name values are "operatorhubio/catalog", "catalog", "my-catalog.prod". + An example of the domain and name parts of a reference being combined is "quay.io/operatorhubio/catalog". + + The identifier is typically the tag or digest for an image reference and is present at the end of the reference. + It starts with a separator character used to distinguish the end of the name and beginning of the identifier. + For a digest-based reference, the "@" character is the separator. + For a tag-based reference, the ":" character is the separator. + An identifier is required in the reference. + + Digest-based references must contain an algorithm reference immediately after the "@" separator. + The algorithm reference must be followed by the ":" character and an encoded string. + The algorithm must start with an uppercase or lowercase alpha character followed by alphanumeric characters and may contain the "-", "_", "+", and "." characters. + Some examples of valid algorithm values are "sha256", "sha256+b64u", "multihash+base58". + The encoded string following the algorithm must be hex digits (a-f, A-F, 0-9) and must be a minimum of 32 characters. + + Tag-based references must begin with a word character (alphanumeric + "_") followed by word characters or ".", and "-" characters. + The tag must not be longer than 127 characters. + + An example of a valid digest-based image reference is "quay.io/operatorhubio/catalog@sha256:200d4ddb2a73594b91358fe6397424e975205bfbe44614f5846033cad64b3f05" + An example of a valid tag-based image reference is "quay.io/operatorhubio/catalog:latest" + maxLength: 1000 + type: string + x-kubernetes-validations: + - message: must start with a valid domain. valid domains must + be alphanumeric characters (lowercase and uppercase) separated + by the "." character. + rule: self.matches('^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])((\\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(:[0-9]+)?\\b') + - message: a valid name is required. valid names must contain + lowercase alphanumeric characters separated only by the + ".", "_", "__", "-" characters. + rule: self.find('(\\/[a-z0-9]+((([._]|__|[-]*)[a-z0-9]+)+)?((\\/[a-z0-9]+((([._]|__|[-]*)[a-z0-9]+)+)?)+)?)') + != "" + - message: must end with a digest or a tag + rule: self.find('(@.*:)') != "" || self.find(':.*$') != + "" + - message: tag is invalid. the tag must not be more than 127 + characters + rule: 'self.find(''(@.*:)'') == "" ? (self.find('':.*$'') + != "" ? self.find('':.*$'').substring(1).size() <= 127 + : true) : true' + - message: tag is invalid. valid tags must begin with a word + character (alphanumeric + "_") followed by word characters + or ".", and "-" characters + rule: 'self.find(''(@.*:)'') == "" ? (self.find('':.*$'') + != "" ? self.find('':.*$'').matches('':[\\w][\\w.-]*$'') + : true) : true' + - message: digest algorithm is not valid. valid algorithms + must start with an uppercase or lowercase alpha character + followed by alphanumeric characters and may contain the + "-", "_", "+", and "." characters. + rule: 'self.find(''(@.*:)'') != "" ? self.find(''(@.*:)'').matches(''(@[A-Za-z][A-Za-z0-9]*([-_+.][A-Za-z][A-Za-z0-9]*)*[:])'') + : true' + - message: digest is not valid. the encoded string must be + at least 32 characters + rule: 'self.find(''(@.*:)'') != "" ? self.find('':.*$'').substring(1).size() + >= 32 : true' + - message: digest is not valid. the encoded string must only + contain hex characters (A-F, a-f, 0-9) + rule: 'self.find(''(@.*:)'') != "" ? self.find('':.*$'').matches('':[0-9A-Fa-f]*$'') + : true' + required: + - ref + type: object + x-kubernetes-validations: + - message: cannot specify pollIntervalMinutes while using digest-based + image + rule: 'self.ref.find(''(@.*:)'') != "" ? !has(self.pollIntervalMinutes) + : true' + type: + description: |- + type is a reference to the type of source the catalog is sourced from. + type is required. + + The only allowed value is "Image". + + When set to "Image", the ClusterCatalog content will be sourced from an OCI image. + When using an image source, the image field must be set and must be the only field defined for this type. + enum: + - Image + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: image is required when source type is Image, and forbidden + otherwise + rule: 'has(self.type) && self.type == ''Image'' ? has(self.image) + : !has(self.image)' + required: + - source + type: object + status: + description: |- + status contains information about the state of the ClusterCatalog such as: + - Whether or not the catalog contents are being served via the catalog content HTTP server + - Whether or not the ClusterCatalog is progressing to a new state + - A reference to the source from which the catalog contents were retrieved + properties: + conditions: + description: |- + conditions is a representation of the current state for this ClusterCatalog. + + The current condition types are Serving and Progressing. + + The Serving condition is used to represent whether or not the contents of the catalog is being served via the HTTP(S) web server. + When it has a status of True and a reason of Available, the contents of the catalog are being served. + When it has a status of False and a reason of Unavailable, the contents of the catalog are not being served because the contents are not yet available. + When it has a status of False and a reason of UserSpecifiedUnavailable, the contents of the catalog are not being served because the catalog has been intentionally marked as unavailable. + + The Progressing condition is used to represent whether or not the ClusterCatalog is progressing or is ready to progress towards a new state. + When it has a status of True and a reason of Retrying, there was an error in the progression of the ClusterCatalog that may be resolved on subsequent reconciliation attempts. + When it has a status of True and a reason of Succeeded, the ClusterCatalog has successfully progressed to a new state and is ready to continue progressing. + When it has a status of False and a reason of Blocked, there was an error in the progression of the ClusterCatalog that requires manual intervention for recovery. + + In the case that the Serving condition is True with reason Available and Progressing is True with reason Retrying, the previously fetched + catalog contents are still being served via the HTTP(S) web server while we are progressing towards serving a new version of the catalog + contents. This could occur when we've initially fetched the latest contents from the source for this catalog and when polling for changes + to the contents we identify that there are updates to the contents. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + lastUnpacked: + description: |- + lastUnpacked represents the last time the contents of the + catalog were extracted from their source format. As an example, + when using an Image source, the OCI image will be pulled and the + image layers written to a file-system backed cache. We refer to the + act of this extraction from the source format as "unpacking". + format: date-time + type: string + resolvedSource: + description: resolvedSource contains information about the resolved + source based on the source type. + properties: + image: + description: |- + image is a field containing resolution information for a catalog sourced from an image. + This field must be set when type is Image, and forbidden otherwise. + properties: + ref: + description: |- + ref contains the resolved image digest-based reference. + The digest format is used so users can use other tooling to fetch the exact + OCI manifests that were used to extract the catalog contents. + maxLength: 1000 + type: string + x-kubernetes-validations: + - message: must start with a valid domain. valid domains must + be alphanumeric characters (lowercase and uppercase) separated + by the "." character. + rule: self.matches('^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])((\\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(:[0-9]+)?\\b') + - message: a valid name is required. valid names must contain + lowercase alphanumeric characters separated only by the + ".", "_", "__", "-" characters. + rule: self.find('(\\/[a-z0-9]+((([._]|__|[-]*)[a-z0-9]+)+)?((\\/[a-z0-9]+((([._]|__|[-]*)[a-z0-9]+)+)?)+)?)') + != "" + - message: must end with a digest + rule: self.find('(@.*:)') != "" + - message: digest algorithm is not valid. valid algorithms + must start with an uppercase or lowercase alpha character + followed by alphanumeric characters and may contain the + "-", "_", "+", and "." characters. + rule: 'self.find(''(@.*:)'') != "" ? self.find(''(@.*:)'').matches(''(@[A-Za-z][A-Za-z0-9]*([-_+.][A-Za-z][A-Za-z0-9]*)*[:])'') + : true' + - message: digest is not valid. the encoded string must be + at least 32 characters + rule: 'self.find(''(@.*:)'') != "" ? self.find('':.*$'').substring(1).size() + >= 32 : true' + - message: digest is not valid. the encoded string must only + contain hex characters (A-F, a-f, 0-9) + rule: 'self.find(''(@.*:)'') != "" ? self.find('':.*$'').matches('':[0-9A-Fa-f]*$'') + : true' + required: + - ref + type: object + type: + description: |- + type is a reference to the type of source the catalog is sourced from. + type is required. + + The only allowed value is "Image". + + When set to "Image", information about the resolved image source will be set in the 'image' field. + enum: + - Image + type: string + required: + - image + - type + type: object + x-kubernetes-validations: + - message: image is required when source type is Image, and forbidden + otherwise + rule: 'has(self.type) && self.type == ''Image'' ? has(self.image) + : !has(self.image)' + urls: + description: urls contains the URLs that can be used to access the + catalog. + properties: + base: + description: |- + base is a cluster-internal URL that provides endpoints for + accessing the content of the catalog. + + It is expected that clients append the path for the endpoint they wish + to access. + + Currently, only a single endpoint is served and is accessible at the path + /api/v1. + + The endpoints served for the v1 API are: + - /all - this endpoint returns the entirety of the catalog contents in the FBC format + + As the needs of users and clients of the evolve, new endpoints may be added. + maxLength: 525 + type: string + x-kubernetes-validations: + - message: must be a valid URL + rule: isURL(self) + - message: scheme must be either http or https + rule: 'isURL(self) ? (url(self).getScheme() == "http" || url(self).getScheme() + == "https") : true' + required: + - base + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/catalogd/config/base/crd/kustomization.yaml b/config/base/catalogd/crd/kustomization.yaml similarity index 100% rename from catalogd/config/base/crd/kustomization.yaml rename to config/base/catalogd/crd/kustomization.yaml diff --git a/config/base/catalogd/kustomization.yaml b/config/base/catalogd/kustomization.yaml new file mode 100644 index 000000000..9a6bc2512 --- /dev/null +++ b/config/base/catalogd/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: olmv1-system +namePrefix: catalogd- +resources: +- crd +- rbac +- manager diff --git a/catalogd/config/base/manager/catalogd_service.yaml b/config/base/catalogd/manager/catalogd_service.yaml similarity index 100% rename from catalogd/config/base/manager/catalogd_service.yaml rename to config/base/catalogd/manager/catalogd_service.yaml diff --git a/catalogd/config/base/manager/kustomization.yaml b/config/base/catalogd/manager/kustomization.yaml similarity index 100% rename from catalogd/config/base/manager/kustomization.yaml rename to config/base/catalogd/manager/kustomization.yaml diff --git a/catalogd/config/base/manager/manager.yaml b/config/base/catalogd/manager/manager.yaml similarity index 91% rename from catalogd/config/base/manager/manager.yaml rename to config/base/catalogd/manager/manager.yaml index b394b2800..5c52165ec 100644 --- a/catalogd/config/base/manager/manager.yaml +++ b/config/base/catalogd/manager/manager.yaml @@ -1,12 +1,3 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/part-of: olm - pod-security.kubernetes.io/enforce: baseline - pod-security.kubernetes.io/enforce-version: latest - name: system ---- apiVersion: apps/v1 kind: Deployment metadata: diff --git a/catalogd/config/base/manager/webhook/manifests.yaml b/config/base/catalogd/manager/webhook/manifests.yaml similarity index 100% rename from catalogd/config/base/manager/webhook/manifests.yaml rename to config/base/catalogd/manager/webhook/manifests.yaml diff --git a/catalogd/config/base/manager/webhook/patch.yaml b/config/base/catalogd/manager/webhook/patch.yaml similarity index 100% rename from catalogd/config/base/manager/webhook/patch.yaml rename to config/base/catalogd/manager/webhook/patch.yaml diff --git a/catalogd/config/base/rbac/auth_proxy_client_clusterrole.yaml b/config/base/catalogd/rbac/auth_proxy_client_clusterrole.yaml similarity index 100% rename from catalogd/config/base/rbac/auth_proxy_client_clusterrole.yaml rename to config/base/catalogd/rbac/auth_proxy_client_clusterrole.yaml diff --git a/catalogd/config/base/rbac/auth_proxy_role.yaml b/config/base/catalogd/rbac/auth_proxy_role.yaml similarity index 100% rename from catalogd/config/base/rbac/auth_proxy_role.yaml rename to config/base/catalogd/rbac/auth_proxy_role.yaml diff --git a/catalogd/config/base/rbac/auth_proxy_role_binding.yaml b/config/base/catalogd/rbac/auth_proxy_role_binding.yaml similarity index 100% rename from catalogd/config/base/rbac/auth_proxy_role_binding.yaml rename to config/base/catalogd/rbac/auth_proxy_role_binding.yaml diff --git a/catalogd/config/base/rbac/kustomization.yaml b/config/base/catalogd/rbac/kustomization.yaml similarity index 100% rename from catalogd/config/base/rbac/kustomization.yaml rename to config/base/catalogd/rbac/kustomization.yaml diff --git a/catalogd/config/base/rbac/leader_election_role.yaml b/config/base/catalogd/rbac/leader_election_role.yaml similarity index 100% rename from catalogd/config/base/rbac/leader_election_role.yaml rename to config/base/catalogd/rbac/leader_election_role.yaml diff --git a/catalogd/config/base/rbac/leader_election_role_binding.yaml b/config/base/catalogd/rbac/leader_election_role_binding.yaml similarity index 100% rename from catalogd/config/base/rbac/leader_election_role_binding.yaml rename to config/base/catalogd/rbac/leader_election_role_binding.yaml diff --git a/catalogd/config/base/rbac/role.yaml b/config/base/catalogd/rbac/role.yaml similarity index 100% rename from catalogd/config/base/rbac/role.yaml rename to config/base/catalogd/rbac/role.yaml diff --git a/catalogd/config/base/rbac/role_binding.yaml b/config/base/catalogd/rbac/role_binding.yaml similarity index 100% rename from catalogd/config/base/rbac/role_binding.yaml rename to config/base/catalogd/rbac/role_binding.yaml diff --git a/catalogd/config/base/rbac/service_account.yaml b/config/base/catalogd/rbac/service_account.yaml similarity index 100% rename from catalogd/config/base/rbac/service_account.yaml rename to config/base/catalogd/rbac/service_account.yaml diff --git a/config/base/common/kustomization.yaml b/config/base/common/kustomization.yaml new file mode 100644 index 000000000..c313b5408 --- /dev/null +++ b/config/base/common/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- namespace.yaml diff --git a/config/base/common/namespace.yaml b/config/base/common/namespace.yaml new file mode 100644 index 000000000..012da7574 --- /dev/null +++ b/config/base/common/namespace.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/part-of: olm + pod-security.kubernetes.io/enforce: baseline + pod-security.kubernetes.io/enforce-version: latest + name: system diff --git a/config/base/kustomization.yaml b/config/base/kustomization.yaml deleted file mode 100644 index b475608ee..000000000 --- a/config/base/kustomization.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Adds namespace to all resources. -namespace: olmv1-system - -# Value of this field is prepended to the -# names of all resources, e.g. a deployment named -# "wordpress" becomes "alices-wordpress". -# Note that it should also match with the prefix (text before '-') of the namespace -# field above. -namePrefix: operator-controller- - -# Labels to add to all resources and selectors. -#labels: -#- includeSelectors: true -# pairs: -# someName: someValue - -resources: -- crd -- rbac -- manager - diff --git a/config/base/operator-controller/crd/bases/olm.operatorframework.io_clusterextensions.yaml b/config/base/operator-controller/crd/bases/olm.operatorframework.io_clusterextensions.yaml new file mode 100644 index 000000000..e54b68518 --- /dev/null +++ b/config/base/operator-controller/crd/bases/olm.operatorframework.io_clusterextensions.yaml @@ -0,0 +1,589 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.2 + name: clusterextensions.olm.operatorframework.io +spec: + group: olm.operatorframework.io + names: + kind: ClusterExtension + listKind: ClusterExtensionList + plural: clusterextensions + singular: clusterextension + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.install.bundle.name + name: Installed Bundle + type: string + - jsonPath: .status.install.bundle.version + name: Version + type: string + - jsonPath: .status.conditions[?(@.type=='Installed')].status + name: Installed + type: string + - jsonPath: .status.conditions[?(@.type=='Progressing')].status + name: Progressing + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: ClusterExtension is the Schema for the clusterextensions API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is an optional field that defines the desired state + of the ClusterExtension. + properties: + install: + description: |- + install is an optional field used to configure the installation options + for the ClusterExtension such as the pre-flight check configuration. + properties: + preflight: + description: |- + preflight is an optional field that can be used to configure the checks that are + run before installation or upgrade of the content for the package specified in the packageName field. + + When specified, it replaces the default preflight configuration for install/upgrade actions. + When not specified, the default configuration will be used. + properties: + crdUpgradeSafety: + description: |- + crdUpgradeSafety is used to configure the CRD Upgrade Safety pre-flight + checks that run prior to upgrades of installed content. + + The CRD Upgrade Safety pre-flight check safeguards from unintended + consequences of upgrading a CRD, such as data loss. + properties: + enforcement: + description: |- + enforcement is a required field, used to configure the state of the CRD Upgrade Safety pre-flight check. + + Allowed values are "None" or "Strict". The default value is "Strict". + + When set to "None", the CRD Upgrade Safety pre-flight check will be skipped + when performing an upgrade operation. This should be used with caution as + unintended consequences such as data loss can occur. + + When set to "Strict", the CRD Upgrade Safety pre-flight check will be run when + performing an upgrade operation. + enum: + - None + - Strict + type: string + required: + - enforcement + type: object + required: + - crdUpgradeSafety + type: object + x-kubernetes-validations: + - message: at least one of [crdUpgradeSafety] are required when + preflight is specified + rule: has(self.crdUpgradeSafety) + type: object + x-kubernetes-validations: + - message: at least one of [preflight] are required when install is + specified + rule: has(self.preflight) + namespace: + description: |- + namespace is a reference to a Kubernetes namespace. + This is the namespace in which the provided ServiceAccount must exist. + It also designates the default namespace where namespace-scoped resources + for the extension are applied to the cluster. + Some extensions may contain namespace-scoped resources to be applied in other namespaces. + This namespace must exist. + + namespace is required, immutable, and follows the DNS label standard + as defined in [RFC 1123]. It must contain only lowercase alphanumeric characters or hyphens (-), + start and end with an alphanumeric character, and be no longer than 63 characters + + [RFC 1123]: https://tools.ietf.org/html/rfc1123 + maxLength: 63 + type: string + x-kubernetes-validations: + - message: namespace is immutable + rule: self == oldSelf + - message: namespace must be a valid DNS1123 label + rule: self.matches("^[a-z0-9]([-a-z0-9]*[a-z0-9])?$") + serviceAccount: + description: |- + serviceAccount is a reference to a ServiceAccount used to perform all interactions + with the cluster that are required to manage the extension. + The ServiceAccount must be configured with the necessary permissions to perform these interactions. + The ServiceAccount must exist in the namespace referenced in the spec. + serviceAccount is required. + properties: + name: + description: |- + name is a required, immutable reference to the name of the ServiceAccount + to be used for installation and management of the content for the package + specified in the packageName field. + + This ServiceAccount must exist in the installNamespace. + + name follows the DNS subdomain standard as defined in [RFC 1123]. + It must contain only lowercase alphanumeric characters, + hyphens (-) or periods (.), start and end with an alphanumeric character, + and be no longer than 253 characters. + + Some examples of valid values are: + - some-serviceaccount + - 123-serviceaccount + - 1-serviceaccount-2 + - someserviceaccount + - some.serviceaccount + + Some examples of invalid values are: + - -some-serviceaccount + - some-serviceaccount- + + [RFC 1123]: https://tools.ietf.org/html/rfc1123 + maxLength: 253 + type: string + x-kubernetes-validations: + - message: name is immutable + rule: self == oldSelf + - message: name must be a valid DNS1123 subdomain. It must contain + only lowercase alphanumeric characters, hyphens (-) or periods + (.), start and end with an alphanumeric character, and be + no longer than 253 characters + rule: self.matches("^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$") + required: + - name + type: object + source: + description: |- + source is a required field which selects the installation source of content + for this ClusterExtension. Selection is performed by setting the sourceType. + + Catalog is currently the only implemented sourceType, and setting the + sourcetype to "Catalog" requires the catalog field to also be defined. + + Below is a minimal example of a source definition (in yaml): + + source: + sourceType: Catalog + catalog: + packageName: example-package + properties: + catalog: + description: |- + catalog is used to configure how information is sourced from a catalog. + This field is required when sourceType is "Catalog", and forbidden otherwise. + properties: + channels: + description: |- + channels is an optional reference to a set of channels belonging to + the package specified in the packageName field. + + A "channel" is a package-author-defined stream of updates for an extension. + + Each channel in the list must follow the DNS subdomain standard + as defined in [RFC 1123]. It must contain only lowercase alphanumeric characters, + hyphens (-) or periods (.), start and end with an alphanumeric character, + and be no longer than 253 characters. No more than 256 channels can be specified. + + When specified, it is used to constrain the set of installable bundles and + the automated upgrade path. This constraint is an AND operation with the + version field. For example: + - Given channel is set to "foo" + - Given version is set to ">=1.0.0, <1.5.0" + - Only bundles that exist in channel "foo" AND satisfy the version range comparison will be considered installable + - Automatic upgrades will be constrained to upgrade edges defined by the selected channel + + When unspecified, upgrade edges across all channels will be used to identify valid automatic upgrade paths. + + Some examples of valid values are: + - 1.1.x + - alpha + - stable + - stable-v1 + - v1-stable + - dev-preview + - preview + - community + + Some examples of invalid values are: + - -some-channel + - some-channel- + - thisisareallylongchannelnamethatisgreaterthanthemaximumlength + - original_40 + - --default-channel + + [RFC 1123]: https://tools.ietf.org/html/rfc1123 + items: + maxLength: 253 + type: string + x-kubernetes-validations: + - message: channels entries must be valid DNS1123 subdomains + rule: self.matches("^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$") + maxItems: 256 + type: array + packageName: + description: |- + packageName is a reference to the name of the package to be installed + and is used to filter the content from catalogs. + + packageName is required, immutable, and follows the DNS subdomain standard + as defined in [RFC 1123]. It must contain only lowercase alphanumeric characters, + hyphens (-) or periods (.), start and end with an alphanumeric character, + and be no longer than 253 characters. + + Some examples of valid values are: + - some-package + - 123-package + - 1-package-2 + - somepackage + + Some examples of invalid values are: + - -some-package + - some-package- + - thisisareallylongpackagenamethatisgreaterthanthemaximumlength + - some.package + + [RFC 1123]: https://tools.ietf.org/html/rfc1123 + maxLength: 253 + type: string + x-kubernetes-validations: + - message: packageName is immutable + rule: self == oldSelf + - message: packageName must be a valid DNS1123 subdomain. + It must contain only lowercase alphanumeric characters, + hyphens (-) or periods (.), start and end with an alphanumeric + character, and be no longer than 253 characters + rule: self.matches("^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$") + selector: + description: |- + selector is an optional field that can be used + to filter the set of ClusterCatalogs used in the bundle + selection process. + + When unspecified, all ClusterCatalogs will be used in + the bundle selection process. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + upgradeConstraintPolicy: + default: CatalogProvided + description: |- + upgradeConstraintPolicy is an optional field that controls whether + the upgrade path(s) defined in the catalog are enforced for the package + referenced in the packageName field. + + Allowed values are: "CatalogProvided" or "SelfCertified", or omitted. + + When this field is set to "CatalogProvided", automatic upgrades will only occur + when upgrade constraints specified by the package author are met. + + When this field is set to "SelfCertified", the upgrade constraints specified by + the package author are ignored. This allows for upgrades and downgrades to + any version of the package. This is considered a dangerous operation as it + can lead to unknown and potentially disastrous outcomes, such as data + loss. It is assumed that users have independently verified changes when + using this option. + + When this field is omitted, the default value is "CatalogProvided". + enum: + - CatalogProvided + - SelfCertified + type: string + version: + description: |- + version is an optional semver constraint (a specific version or range of versions). When unspecified, the latest version available will be installed. + + Acceptable version ranges are no longer than 64 characters. + Version ranges are composed of comma- or space-delimited values and one or + more comparison operators, known as comparison strings. Additional + comparison strings can be added using the OR operator (||). + + # Range Comparisons + + To specify a version range, you can use a comparison string like ">=3.0, + <3.6". When specifying a range, automatic updates will occur within that + range. The example comparison string means "install any version greater than + or equal to 3.0.0 but less than 3.6.0.". It also states intent that if any + upgrades are available within the version range after initial installation, + those upgrades should be automatically performed. + + # Pinned Versions + + To specify an exact version to install you can use a version range that + "pins" to a specific version. When pinning to a specific version, no + automatic updates will occur. An example of a pinned version range is + "0.6.0", which means "only install version 0.6.0 and never + upgrade from this version". + + # Basic Comparison Operators + + The basic comparison operators and their meanings are: + - "=", equal (not aliased to an operator) + - "!=", not equal + - "<", less than + - ">", greater than + - ">=", greater than OR equal to + - "<=", less than OR equal to + + # Wildcard Comparisons + + You can use the "x", "X", and "*" characters as wildcard characters in all + comparison operations. Some examples of using the wildcard characters: + - "1.2.x", "1.2.X", and "1.2.*" is equivalent to ">=1.2.0, < 1.3.0" + - ">= 1.2.x", ">= 1.2.X", and ">= 1.2.*" is equivalent to ">= 1.2.0" + - "<= 2.x", "<= 2.X", and "<= 2.*" is equivalent to "< 3" + - "x", "X", and "*" is equivalent to ">= 0.0.0" + + # Patch Release Comparisons + + When you want to specify a minor version up to the next major version you + can use the "~" character to perform patch comparisons. Some examples: + - "~1.2.3" is equivalent to ">=1.2.3, <1.3.0" + - "~1" and "~1.x" is equivalent to ">=1, <2" + - "~2.3" is equivalent to ">=2.3, <2.4" + - "~1.2.x" is equivalent to ">=1.2.0, <1.3.0" + + # Major Release Comparisons + + You can use the "^" character to make major release comparisons after a + stable 1.0.0 version is published. If there is no stable version published, // minor versions define the stability level. Some examples: + - "^1.2.3" is equivalent to ">=1.2.3, <2.0.0" + - "^1.2.x" is equivalent to ">=1.2.0, <2.0.0" + - "^2.3" is equivalent to ">=2.3, <3" + - "^2.x" is equivalent to ">=2.0.0, <3" + - "^0.2.3" is equivalent to ">=0.2.3, <0.3.0" + - "^0.2" is equivalent to ">=0.2.0, <0.3.0" + - "^0.0.3" is equvalent to ">=0.0.3, <0.0.4" + - "^0.0" is equivalent to ">=0.0.0, <0.1.0" + - "^0" is equivalent to ">=0.0.0, <1.0.0" + + # OR Comparisons + You can use the "||" character to represent an OR operation in the version + range. Some examples: + - ">=1.2.3, <2.0.0 || >3.0.0" + - "^0 || ^3 || ^5" + + For more information on semver, please see https://semver.org/ + maxLength: 64 + type: string + x-kubernetes-validations: + - message: invalid version expression + rule: self.matches("^(\\s*(=||!=|>|<|>=|=>|<=|=<|~|~>|\\^)\\s*(v?(0|[1-9]\\d*|[x|X|\\*])(\\.(0|[1-9]\\d*|x|X|\\*]))?(\\.(0|[1-9]\\d*|x|X|\\*))?(-([0-9A-Za-z\\-]+(\\.[0-9A-Za-z\\-]+)*))?(\\+([0-9A-Za-z\\-]+(\\.[0-9A-Za-z\\-]+)*))?)\\s*)((?:\\s+|,\\s*|\\s*\\|\\|\\s*)(=||!=|>|<|>=|=>|<=|=<|~|~>|\\^)\\s*(v?(0|[1-9]\\d*|x|X|\\*])(\\.(0|[1-9]\\d*|x|X|\\*))?(\\.(0|[1-9]\\d*|x|X|\\*]))?(-([0-9A-Za-z\\-]+(\\.[0-9A-Za-z\\-]+)*))?(\\+([0-9A-Za-z\\-]+(\\.[0-9A-Za-z\\-]+)*))?)\\s*)*$") + required: + - packageName + type: object + sourceType: + description: |- + sourceType is a required reference to the type of install source. + + Allowed values are "Catalog" + + When this field is set to "Catalog", information for determining the + appropriate bundle of content to install will be fetched from + ClusterCatalog resources existing on the cluster. + When using the Catalog sourceType, the catalog field must also be set. + enum: + - Catalog + type: string + required: + - sourceType + type: object + x-kubernetes-validations: + - message: catalog is required when sourceType is Catalog, and forbidden + otherwise + rule: 'has(self.sourceType) && self.sourceType == ''Catalog'' ? + has(self.catalog) : !has(self.catalog)' + required: + - namespace + - serviceAccount + - source + type: object + status: + description: status is an optional field that defines the observed state + of the ClusterExtension. + properties: + conditions: + description: |- + The set of condition types which apply to all spec.source variations are Installed and Progressing. + + The Installed condition represents whether or not the bundle has been installed for this ClusterExtension. + When Installed is True and the Reason is Succeeded, the bundle has been successfully installed. + When Installed is False and the Reason is Failed, the bundle has failed to install. + + The Progressing condition represents whether or not the ClusterExtension is advancing towards a new state. + When Progressing is True and the Reason is Succeeded, the ClusterExtension is making progress towards a new state. + When Progressing is True and the Reason is Retrying, the ClusterExtension has encountered an error that could be resolved on subsequent reconciliation attempts. + When Progressing is False and the Reason is Blocked, the ClusterExtension has encountered an error that requires manual intervention for recovery. + + When the ClusterExtension is sourced from a catalog, if may also communicate a deprecation condition. + These are indications from a package owner to guide users away from a particular package, channel, or bundle. + BundleDeprecated is set if the requested bundle version is marked deprecated in the catalog. + ChannelDeprecated is set if the requested channel is marked deprecated in the catalog. + PackageDeprecated is set if the requested package is marked deprecated in the catalog. + Deprecated is a rollup condition that is present when any of the deprecated conditions are present. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + install: + description: install is a representation of the current installation + status for this ClusterExtension. + properties: + bundle: + description: |- + bundle is a required field which represents the identifying attributes of a bundle. + + A "bundle" is a versioned set of content that represents the resources that + need to be applied to a cluster to install a package. + properties: + name: + description: |- + name is required and follows the DNS subdomain standard + as defined in [RFC 1123]. It must contain only lowercase alphanumeric characters, + hyphens (-) or periods (.), start and end with an alphanumeric character, + and be no longer than 253 characters. + type: string + x-kubernetes-validations: + - message: packageName must be a valid DNS1123 subdomain. + It must contain only lowercase alphanumeric characters, + hyphens (-) or periods (.), start and end with an alphanumeric + character, and be no longer than 253 characters + rule: self.matches("^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$") + version: + description: |- + version is a required field and is a reference to the version that this bundle represents + version follows the semantic versioning standard as defined in https://semver.org/. + type: string + x-kubernetes-validations: + - message: version must be well-formed semver + rule: self.matches("^([0-9]+)(\\.[0-9]+)?(\\.[0-9]+)?(-([-0-9A-Za-z]+(\\.[-0-9A-Za-z]+)*))?(\\+([-0-9A-Za-z]+(-\\.[-0-9A-Za-z]+)*))?") + required: + - name + - version + type: object + required: + - bundle + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/base/crd/kustomization.yaml b/config/base/operator-controller/crd/kustomization.yaml similarity index 100% rename from config/base/crd/kustomization.yaml rename to config/base/operator-controller/crd/kustomization.yaml diff --git a/config/base/crd/kustomizeconfig.yaml b/config/base/operator-controller/crd/kustomizeconfig.yaml similarity index 100% rename from config/base/crd/kustomizeconfig.yaml rename to config/base/operator-controller/crd/kustomizeconfig.yaml diff --git a/config/base/operator-controller/kustomization.yaml b/config/base/operator-controller/kustomization.yaml new file mode 100644 index 000000000..1d63fb17f --- /dev/null +++ b/config/base/operator-controller/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: olmv1-system +namePrefix: operator-controller- +resources: +- crd +- rbac +- manager + diff --git a/config/base/manager/kustomization.yaml b/config/base/operator-controller/manager/kustomization.yaml similarity index 100% rename from config/base/manager/kustomization.yaml rename to config/base/operator-controller/manager/kustomization.yaml diff --git a/config/base/manager/manager.yaml b/config/base/operator-controller/manager/manager.yaml similarity index 93% rename from config/base/manager/manager.yaml rename to config/base/operator-controller/manager/manager.yaml index 25ba5598a..db34940c3 100644 --- a/config/base/manager/manager.yaml +++ b/config/base/operator-controller/manager/manager.yaml @@ -1,11 +1,3 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - pod-security.kubernetes.io/enforce: restricted - pod-security.kubernetes.io/enforce-version: latest - name: system ---- apiVersion: apps/v1 kind: Deployment metadata: diff --git a/config/base/manager/service.yaml b/config/base/operator-controller/manager/service.yaml similarity index 100% rename from config/base/manager/service.yaml rename to config/base/operator-controller/manager/service.yaml diff --git a/config/base/rbac/auth_proxy_client_clusterrole.yaml b/config/base/operator-controller/rbac/auth_proxy_client_clusterrole.yaml similarity index 100% rename from config/base/rbac/auth_proxy_client_clusterrole.yaml rename to config/base/operator-controller/rbac/auth_proxy_client_clusterrole.yaml diff --git a/config/base/rbac/auth_proxy_role.yaml b/config/base/operator-controller/rbac/auth_proxy_role.yaml similarity index 100% rename from config/base/rbac/auth_proxy_role.yaml rename to config/base/operator-controller/rbac/auth_proxy_role.yaml diff --git a/config/base/rbac/auth_proxy_role_binding.yaml b/config/base/operator-controller/rbac/auth_proxy_role_binding.yaml similarity index 100% rename from config/base/rbac/auth_proxy_role_binding.yaml rename to config/base/operator-controller/rbac/auth_proxy_role_binding.yaml diff --git a/config/base/rbac/clusterextension_editor_role.yaml b/config/base/operator-controller/rbac/clusterextension_editor_role.yaml similarity index 100% rename from config/base/rbac/clusterextension_editor_role.yaml rename to config/base/operator-controller/rbac/clusterextension_editor_role.yaml diff --git a/config/base/rbac/clusterextension_viewer_role.yaml b/config/base/operator-controller/rbac/clusterextension_viewer_role.yaml similarity index 100% rename from config/base/rbac/clusterextension_viewer_role.yaml rename to config/base/operator-controller/rbac/clusterextension_viewer_role.yaml diff --git a/config/base/rbac/extension_editor_role.yaml b/config/base/operator-controller/rbac/extension_editor_role.yaml similarity index 100% rename from config/base/rbac/extension_editor_role.yaml rename to config/base/operator-controller/rbac/extension_editor_role.yaml diff --git a/config/base/rbac/extension_viewer_role.yaml b/config/base/operator-controller/rbac/extension_viewer_role.yaml similarity index 100% rename from config/base/rbac/extension_viewer_role.yaml rename to config/base/operator-controller/rbac/extension_viewer_role.yaml diff --git a/config/base/rbac/kustomization.yaml b/config/base/operator-controller/rbac/kustomization.yaml similarity index 100% rename from config/base/rbac/kustomization.yaml rename to config/base/operator-controller/rbac/kustomization.yaml diff --git a/config/base/rbac/leader_election_role.yaml b/config/base/operator-controller/rbac/leader_election_role.yaml similarity index 100% rename from config/base/rbac/leader_election_role.yaml rename to config/base/operator-controller/rbac/leader_election_role.yaml diff --git a/config/base/rbac/leader_election_role_binding.yaml b/config/base/operator-controller/rbac/leader_election_role_binding.yaml similarity index 100% rename from config/base/rbac/leader_election_role_binding.yaml rename to config/base/operator-controller/rbac/leader_election_role_binding.yaml diff --git a/config/base/rbac/role.yaml b/config/base/operator-controller/rbac/role.yaml similarity index 100% rename from config/base/rbac/role.yaml rename to config/base/operator-controller/rbac/role.yaml diff --git a/config/base/rbac/role_binding.yaml b/config/base/operator-controller/rbac/role_binding.yaml similarity index 100% rename from config/base/rbac/role_binding.yaml rename to config/base/operator-controller/rbac/role_binding.yaml diff --git a/config/base/rbac/service_account.yaml b/config/base/operator-controller/rbac/service_account.yaml similarity index 100% rename from config/base/rbac/service_account.yaml rename to config/base/operator-controller/rbac/service_account.yaml diff --git a/catalogd/config/base/default/clustercatalogs/default-catalogs.yaml b/config/catalogs/clustercatalogs/default-catalogs.yaml similarity index 100% rename from catalogd/config/base/default/clustercatalogs/default-catalogs.yaml rename to config/catalogs/clustercatalogs/default-catalogs.yaml diff --git a/catalogd/config/base/nginx-ingress/kustomization.yaml b/config/catalogs/nginx-ingress/kustomization.yaml similarity index 100% rename from catalogd/config/base/nginx-ingress/kustomization.yaml rename to config/catalogs/nginx-ingress/kustomization.yaml diff --git a/catalogd/config/base/nginx-ingress/resources/nginx_ingress.yaml b/config/catalogs/nginx-ingress/resources/nginx_ingress.yaml similarity index 100% rename from catalogd/config/base/nginx-ingress/resources/nginx_ingress.yaml rename to config/catalogs/nginx-ingress/resources/nginx_ingress.yaml diff --git a/config/components/ca/issuers.yaml b/config/components/ca/issuers.yaml deleted file mode 100644 index 0dffee04e..000000000 --- a/config/components/ca/issuers.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: self-sign-issuer - namespace: cert-manager -spec: - selfSigned: {} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: olmv1-ca - namespace: cert-manager -spec: - isCA: true - commonName: olmv1-ca - secretName: olmv1-ca - privateKey: - algorithm: ECDSA - size: 256 - issuerRef: - name: self-sign-issuer - kind: Issuer - group: cert-manager.io ---- -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: olmv1-ca -spec: - ca: - secretName: olmv1-ca diff --git a/config/components/coverage/manager_e2e_coverage_patch.yaml b/config/components/coverage/manager_e2e_coverage_patch.yaml index f2be3a19a..171a1607c 100644 --- a/config/components/coverage/manager_e2e_coverage_patch.yaml +++ b/config/components/coverage/manager_e2e_coverage_patch.yaml @@ -1,8 +1,8 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: controller-manager - namespace: system + name: operator-controller-controller-manager + namespace: olmv1-system spec: template: spec: diff --git a/config/components/registries-conf/manager_e2e_registries_conf_patch.yaml b/config/components/registries-conf/manager_e2e_registries_conf_patch.yaml index 42012d697..aa08a3d24 100644 --- a/config/components/registries-conf/manager_e2e_registries_conf_patch.yaml +++ b/config/components/registries-conf/manager_e2e_registries_conf_patch.yaml @@ -1,8 +1,8 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: controller-manager - namespace: system + name: operator-controller-controller-manager + namespace: olmv1-system spec: template: spec: diff --git a/catalogd/config/components/ca/resources/issuers.yaml b/config/components/tls/ca/issuers.yaml similarity index 100% rename from catalogd/config/components/ca/resources/issuers.yaml rename to config/components/tls/ca/issuers.yaml diff --git a/config/components/ca/kustomization.yaml b/config/components/tls/ca/kustomization.yaml similarity index 100% rename from config/components/ca/kustomization.yaml rename to config/components/tls/ca/kustomization.yaml diff --git a/catalogd/config/components/tls/kustomization.yaml b/config/components/tls/catalogd/kustomization.yaml similarity index 64% rename from catalogd/config/components/tls/kustomization.yaml rename to config/components/tls/catalogd/kustomization.yaml index f537d5d14..f603a0099 100644 --- a/catalogd/config/components/tls/kustomization.yaml +++ b/config/components/tls/catalogd/kustomization.yaml @@ -1,18 +1,21 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component namespace: olmv1-system -namePrefix: catalogd- resources: - resources/certificate.yaml patches: - target: kind: Service - name: service + labelSelector: app.kubernetes.io/name=catalogd path: patches/catalogd_service_port.yaml - target: kind: Deployment - name: controller-manager + labelSelector: control-plane=catalogd-controller-manager path: patches/manager_deployment_certs.yaml +- target: + kind: Deployment + labelSelector: control-plane=catalogd-controller-manager + path: patches/manager_deployment_cacerts.yaml - target: group: admissionregistration.k8s.io kind: MutatingWebhookConfiguration diff --git a/catalogd/config/components/tls/patches/catalogd_service_port.yaml b/config/components/tls/catalogd/patches/catalogd_service_port.yaml similarity index 100% rename from catalogd/config/components/tls/patches/catalogd_service_port.yaml rename to config/components/tls/catalogd/patches/catalogd_service_port.yaml diff --git a/catalogd/config/components/tls/patches/catalogd_webhook.yaml b/config/components/tls/catalogd/patches/catalogd_webhook.yaml similarity index 100% rename from catalogd/config/components/tls/patches/catalogd_webhook.yaml rename to config/components/tls/catalogd/patches/catalogd_webhook.yaml diff --git a/catalogd/config/components/ca/patches/manager_deployment_cacerts.yaml b/config/components/tls/catalogd/patches/manager_deployment_cacerts.yaml similarity index 100% rename from catalogd/config/components/ca/patches/manager_deployment_cacerts.yaml rename to config/components/tls/catalogd/patches/manager_deployment_cacerts.yaml diff --git a/catalogd/config/components/tls/patches/manager_deployment_certs.yaml b/config/components/tls/catalogd/patches/manager_deployment_certs.yaml similarity index 100% rename from catalogd/config/components/tls/patches/manager_deployment_certs.yaml rename to config/components/tls/catalogd/patches/manager_deployment_certs.yaml diff --git a/catalogd/config/components/tls/resources/certificate.yaml b/config/components/tls/catalogd/resources/certificate.yaml similarity index 92% rename from catalogd/config/components/tls/resources/certificate.yaml rename to config/components/tls/catalogd/resources/certificate.yaml index be14f8301..cacb0bc9b 100644 --- a/catalogd/config/components/tls/resources/certificate.yaml +++ b/config/components/tls/catalogd/resources/certificate.yaml @@ -1,8 +1,7 @@ ---- apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: service-cert + name: catalogd-service-cert namespace: system spec: secretName: catalogd-service-cert-git-version diff --git a/config/components/tls/kustomization.yaml b/config/components/tls/operator-controller/kustomization.yaml similarity index 76% rename from config/components/tls/kustomization.yaml rename to config/components/tls/operator-controller/kustomization.yaml index 8c1aa94cc..6c4e13975 100644 --- a/config/components/tls/kustomization.yaml +++ b/config/components/tls/operator-controller/kustomization.yaml @@ -7,4 +7,5 @@ patches: - target: kind: Deployment name: controller-manager + labelSelector: control-plane=operator-controller-controller-manager path: patches/manager_deployment_cert.yaml diff --git a/config/components/tls/patches/manager_deployment_cert.yaml b/config/components/tls/operator-controller/patches/manager_deployment_cert.yaml similarity index 100% rename from config/components/tls/patches/manager_deployment_cert.yaml rename to config/components/tls/operator-controller/patches/manager_deployment_cert.yaml diff --git a/config/components/tls/resources/manager_cert.yaml b/config/components/tls/operator-controller/resources/manager_cert.yaml similarity index 100% rename from config/components/tls/resources/manager_cert.yaml rename to config/components/tls/operator-controller/resources/manager_cert.yaml diff --git a/config/overlays/basic-olm/kustomization.yaml b/config/overlays/basic-olm/kustomization.yaml new file mode 100644 index 000000000..5975b3c04 --- /dev/null +++ b/config/overlays/basic-olm/kustomization.yaml @@ -0,0 +1,8 @@ +# kustomization file for based, non-secure OLMv1 +# DO NOT ADD A NAMESPACE HERE +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../../base/catalogd +- ../../base/operator-controller +- ../../base/common diff --git a/config/overlays/cert-manager/kustomization.yaml b/config/overlays/cert-manager/kustomization.yaml index 86746375b..ea113bb9d 100644 --- a/config/overlays/cert-manager/kustomization.yaml +++ b/config/overlays/cert-manager/kustomization.yaml @@ -1,10 +1,13 @@ -# kustomization file for secure operator-controller +# kustomization file for secure OLMv1 # DO NOT ADD A NAMESPACE HERE apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../base +- ../../base/catalogd +- ../../base/operator-controller +- ../../base/common components: -- ../../components/tls -# ca must be last or tls will overwrite the namespaces -- ../../components/ca +- ../../components/tls/catalogd +- ../../components/tls/operator-controller +# ca must be last other components will overwrite the namespaces +- ../../components/tls/ca diff --git a/config/overlays/e2e/kustomization.yaml b/config/overlays/e2e/kustomization.yaml index 4a40576bd..bc83e9fd3 100644 --- a/config/overlays/e2e/kustomization.yaml +++ b/config/overlays/e2e/kustomization.yaml @@ -3,10 +3,13 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../base +- ../../base/catalogd +- ../../base/operator-controller +- ../../base/common components: -- ../../components/tls +- ../../components/tls/catalogd +- ../../components/tls/operator-controller - ../../components/coverage - ../../components/registries-conf -# ca must be last or (tls|coverage) will overwrite the namespaces -- ../../components/ca +# ca must be last or other components will overwrite the namespaces +- ../../components/tls/ca diff --git a/config/overlays/tilt-local-dev/kustomization.yaml b/config/overlays/tilt-local-dev/catalogd/kustomization.yaml similarity index 53% rename from config/overlays/tilt-local-dev/kustomization.yaml rename to config/overlays/tilt-local-dev/catalogd/kustomization.yaml index 81bc3ffdc..846656bb4 100644 --- a/config/overlays/tilt-local-dev/kustomization.yaml +++ b/config/overlays/tilt-local-dev/catalogd/kustomization.yaml @@ -3,14 +3,15 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../base +- ../../../base/catalogd +- ../../../base/common components: -- ../../components/tls -# ca must be last or tls will overwrite the namespaces -- ../../components/ca +- ../../../components/tls/catalogd +# ca must be last or other components will overwrite the namespaces +- ../../../components/tls/ca patches: - target: kind: Deployment - name: controller-manager + name: catalogd-controller-manager path: patches/dev-deployment.yaml diff --git a/config/overlays/tilt-local-dev/catalogd/patches/dev-deployment.yaml b/config/overlays/tilt-local-dev/catalogd/patches/dev-deployment.yaml new file mode 100644 index 000000000..4df906921 --- /dev/null +++ b/config/overlays/tilt-local-dev/catalogd/patches/dev-deployment.yaml @@ -0,0 +1,10 @@ +# remove livenessProbe and readinessProbe so container doesn't restart during breakpoints +- op: replace + path: /spec/template/spec/containers/0/livenessProbe + value: null +- op: replace + path: /spec/template/spec/containers/0/readinessProbe + value: null +- op: remove + # remove --leader-elect so container doesn't restart during breakpoints + path: /spec/template/spec/containers/0/args/0 diff --git a/config/overlays/tilt-local-dev/operator-controller/kustomization.yaml b/config/overlays/tilt-local-dev/operator-controller/kustomization.yaml new file mode 100644 index 000000000..403f2d102 --- /dev/null +++ b/config/overlays/tilt-local-dev/operator-controller/kustomization.yaml @@ -0,0 +1,17 @@ +# kustomization file for secure operator-controller +# DO NOT ADD A NAMESPACE HERE +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../../../base/operator-controller +- ../../../base/common +components: +- ../../../components/tls/operator-controller +# ca must be last or other components will overwrite the namespaces +- ../../../components/tls/ca + +patches: + - target: + kind: Deployment + name: operator-controller-controller-manager + path: patches/dev-deployment.yaml diff --git a/config/overlays/tilt-local-dev/patches/dev-deployment.yaml b/config/overlays/tilt-local-dev/operator-controller/patches/dev-deployment.yaml similarity index 78% rename from config/overlays/tilt-local-dev/patches/dev-deployment.yaml rename to config/overlays/tilt-local-dev/operator-controller/patches/dev-deployment.yaml index 2d7cb9467..b273a0c9b 100644 --- a/config/overlays/tilt-local-dev/patches/dev-deployment.yaml +++ b/config/overlays/tilt-local-dev/operator-controller/patches/dev-deployment.yaml @@ -8,6 +8,3 @@ - op: remove # remove --leader-elect so container doesn't restart during breakpoints path: /spec/template/spec/containers/0/args/2 -- op: add - path: /spec/template/spec/containers/0/args/- - value: --feature-gates=PreflightPermissions=true diff --git a/config/samples/catalogd_operatorcatalog.yaml b/config/samples/catalogd_operatorcatalog.yaml index 4ce96d5b3..5e27729fa 100644 --- a/config/samples/catalogd_operatorcatalog.yaml +++ b/config/samples/catalogd_operatorcatalog.yaml @@ -3,8 +3,9 @@ kind: ClusterCatalog metadata: name: operatorhubio spec: + priority: 0 source: type: Image image: - ref: quay.io/operatorhubio/catalog:latest pollIntervalMinutes: 10 + ref: quay.io/operatorhubio/catalog:latest diff --git a/docs/draft/howto/fetching-catalog-contents.md b/docs/draft/howto/fetching-catalog-contents.md index 8944828a9..1acc129c9 100644 --- a/docs/draft/howto/fetching-catalog-contents.md +++ b/docs/draft/howto/fetching-catalog-contents.md @@ -137,7 +137,7 @@ This section outlines a way of exposing the `Catalogd` Service's endpoints outsi - Install the `Ingress NGINX` Controller by running the below command: ```sh - $ kubectl apply -k https://github.com/operator-framework/operator-controller/tree/main/catalogd/config/base/nginx-ingress + $ kubectl apply -k https://github.com/operator-framework/operator-controller/tree/main/config/catalogs/nginx-ingress ``` By running that above command, the `Ingress` Controller is installed. Along with it, the `Ingress` Resource will be applied automatically as well, thereby creating an `Ingress` Object on the cluster. diff --git a/internal/operator-controller/controllers/suite_test.go b/internal/operator-controller/controllers/suite_test.go index af93bf337..a83f0439c 100644 --- a/internal/operator-controller/controllers/suite_test.go +++ b/internal/operator-controller/controllers/suite_test.go @@ -138,7 +138,7 @@ var ( func TestMain(m *testing.M) { testEnv := &envtest.Environment{ CRDDirectoryPaths: []string{ - filepath.Join("..", "..", "..", "config", "base", "crd", "bases"), + filepath.Join("..", "..", "..", "config", "base", "operator-controller", "crd", "bases"), }, ErrorIfCRDPathMissing: true, }