From 2278c8a97e0bc84fc88aa35bdc18df551a90c448 Mon Sep 17 00:00:00 2001 From: Todd Short Date: Mon, 17 Feb 2025 17:04:04 -0500 Subject: [PATCH] Consolidate configuration This moves all the configuration into the root config directory. The config/README.md file shows the result. Updated Makefile, goreleaser, documentation and some of the unit test code. Kept CRDs in their original locations, but made copies to the new locations to keep the verify-crd-compatibility target working properly. Once this is merged, a followup will remove the CRDs from the original locations and update the verify-crd-compatibility target. It also tries to make catalogd less of a second-class piece of code. I compared the resulting operator-controller.yaml with main, and with the exception of `image` locations, they are identical. Signed-off-by: Todd Short --- .goreleaser.yml | 2 +- Makefile | 28 +- Tiltfile | 4 +- catalogd/api/v1/clustercatalog_types_test.go | 2 +- .../config/base/default/kustomization.yaml | 17 - .../config/components/ca/kustomization.yaml | 10 - .../registries-conf/kustomization.yaml | 7 - .../manager_e2e_registries_conf_patch.yaml | 17 - .../registries_conf_configmap.yaml | 10 - .../overlays/cert-manager/kustomization.yaml | 9 - .../config/overlays/e2e/kustomization.yaml | 12 - catalogd/config/rbac/role.yaml | 65 -- .../samples/core_v1_clustercatalog.yaml | 11 - config/README.md | 69 +- ....operatorframework.io_clustercatalogs.yaml | 441 +++++++++++++ .../base/catalogd}/crd/kustomization.yaml | 0 config/base/catalogd/kustomization.yaml | 8 + .../catalogd}/manager/catalogd_service.yaml | 0 .../base/catalogd}/manager/kustomization.yaml | 0 .../base/catalogd}/manager/manager.yaml | 9 - .../catalogd}/manager/webhook/manifests.yaml | 0 .../base/catalogd}/manager/webhook/patch.yaml | 0 .../rbac/auth_proxy_client_clusterrole.yaml | 0 .../base/catalogd}/rbac/auth_proxy_role.yaml | 0 .../rbac/auth_proxy_role_binding.yaml | 0 .../base/catalogd}/rbac/kustomization.yaml | 0 .../catalogd}/rbac/leader_election_role.yaml | 0 .../rbac/leader_election_role_binding.yaml | 0 .../base/catalogd}/rbac/role.yaml | 0 .../base/catalogd}/rbac/role_binding.yaml | 0 .../base/catalogd}/rbac/service_account.yaml | 0 config/base/common/kustomization.yaml | 4 + config/base/common/namespace.yaml | 8 + config/base/kustomization.yaml | 21 - ...peratorframework.io_clusterextensions.yaml | 589 ++++++++++++++++++ .../crd/kustomization.yaml | 0 .../crd/kustomizeconfig.yaml | 0 .../operator-controller/kustomization.yaml | 9 + .../manager/kustomization.yaml | 0 .../manager/manager.yaml | 8 - .../manager/service.yaml | 0 .../rbac/auth_proxy_client_clusterrole.yaml | 0 .../rbac/auth_proxy_role.yaml | 0 .../rbac/auth_proxy_role_binding.yaml | 0 .../rbac/clusterextension_editor_role.yaml | 0 .../rbac/clusterextension_viewer_role.yaml | 0 .../rbac/extension_editor_role.yaml | 0 .../rbac/extension_viewer_role.yaml | 0 .../rbac/kustomization.yaml | 0 .../rbac/leader_election_role.yaml | 0 .../rbac/leader_election_role_binding.yaml | 0 .../{ => operator-controller}/rbac/role.yaml | 0 .../rbac/role_binding.yaml | 0 .../rbac/service_account.yaml | 0 .../clustercatalogs/default-catalogs.yaml | 0 .../nginx-ingress/kustomization.yaml | 0 .../resources/nginx_ingress.yaml | 0 config/components/ca/issuers.yaml | 32 - .../coverage/manager_e2e_coverage_patch.yaml | 4 +- .../manager_e2e_registries_conf_patch.yaml | 4 +- .../components/tls/ca}/issuers.yaml | 0 .../{ => tls}/ca/kustomization.yaml | 0 .../tls/catalogd}/kustomization.yaml | 9 +- .../patches/catalogd_service_port.yaml | 0 .../catalogd}/patches/catalogd_webhook.yaml | 0 .../patches/manager_deployment_cacerts.yaml | 0 .../patches/manager_deployment_certs.yaml | 0 .../tls/catalogd}/resources/certificate.yaml | 3 +- .../kustomization.yaml | 1 + .../patches/manager_deployment_cert.yaml | 0 .../resources/manager_cert.yaml | 0 config/overlays/basic-olm/kustomization.yaml | 8 + .../overlays/cert-manager/kustomization.yaml | 13 +- config/overlays/e2e/kustomization.yaml | 11 +- .../{ => catalogd}/kustomization.yaml | 11 +- .../catalogd/patches/dev-deployment.yaml | 10 + .../operator-controller/kustomization.yaml | 17 + .../patches/dev-deployment.yaml | 3 - config/samples/catalogd_operatorcatalog.yaml | 3 +- docs/draft/howto/fetching-catalog-contents.md | 2 +- .../controllers/suite_test.go | 2 +- 81 files changed, 1196 insertions(+), 297 deletions(-) delete mode 100644 catalogd/config/base/default/kustomization.yaml delete mode 100644 catalogd/config/components/ca/kustomization.yaml delete mode 100644 catalogd/config/components/registries-conf/kustomization.yaml delete mode 100644 catalogd/config/components/registries-conf/manager_e2e_registries_conf_patch.yaml delete mode 100644 catalogd/config/components/registries-conf/registries_conf_configmap.yaml delete mode 100644 catalogd/config/overlays/cert-manager/kustomization.yaml delete mode 100644 catalogd/config/overlays/e2e/kustomization.yaml delete mode 100644 catalogd/config/rbac/role.yaml delete mode 100644 catalogd/config/samples/core_v1_clustercatalog.yaml create mode 100644 config/base/catalogd/crd/bases/olm.operatorframework.io_clustercatalogs.yaml rename {catalogd/config/base => config/base/catalogd}/crd/kustomization.yaml (100%) create mode 100644 config/base/catalogd/kustomization.yaml rename {catalogd/config/base => config/base/catalogd}/manager/catalogd_service.yaml (100%) rename {catalogd/config/base => config/base/catalogd}/manager/kustomization.yaml (100%) rename {catalogd/config/base => config/base/catalogd}/manager/manager.yaml (91%) rename {catalogd/config/base => config/base/catalogd}/manager/webhook/manifests.yaml (100%) rename {catalogd/config/base => config/base/catalogd}/manager/webhook/patch.yaml (100%) rename {catalogd/config/base => config/base/catalogd}/rbac/auth_proxy_client_clusterrole.yaml (100%) rename {catalogd/config/base => config/base/catalogd}/rbac/auth_proxy_role.yaml (100%) rename {catalogd/config/base => config/base/catalogd}/rbac/auth_proxy_role_binding.yaml (100%) rename {catalogd/config/base => config/base/catalogd}/rbac/kustomization.yaml (100%) rename {catalogd/config/base => config/base/catalogd}/rbac/leader_election_role.yaml (100%) rename {catalogd/config/base => config/base/catalogd}/rbac/leader_election_role_binding.yaml (100%) rename {catalogd/config/base => config/base/catalogd}/rbac/role.yaml (100%) rename {catalogd/config/base => config/base/catalogd}/rbac/role_binding.yaml (100%) rename {catalogd/config/base => config/base/catalogd}/rbac/service_account.yaml (100%) create mode 100644 config/base/common/kustomization.yaml create mode 100644 config/base/common/namespace.yaml delete mode 100644 config/base/kustomization.yaml create mode 100644 config/base/operator-controller/crd/bases/olm.operatorframework.io_clusterextensions.yaml rename config/base/{ => operator-controller}/crd/kustomization.yaml (100%) rename config/base/{ => operator-controller}/crd/kustomizeconfig.yaml (100%) create mode 100644 config/base/operator-controller/kustomization.yaml rename config/base/{ => operator-controller}/manager/kustomization.yaml (100%) rename config/base/{ => operator-controller}/manager/manager.yaml (93%) rename config/base/{ => operator-controller}/manager/service.yaml (100%) rename config/base/{ => operator-controller}/rbac/auth_proxy_client_clusterrole.yaml (100%) rename config/base/{ => operator-controller}/rbac/auth_proxy_role.yaml (100%) rename config/base/{ => operator-controller}/rbac/auth_proxy_role_binding.yaml (100%) rename config/base/{ => operator-controller}/rbac/clusterextension_editor_role.yaml (100%) rename config/base/{ => operator-controller}/rbac/clusterextension_viewer_role.yaml (100%) rename config/base/{ => operator-controller}/rbac/extension_editor_role.yaml (100%) rename config/base/{ => operator-controller}/rbac/extension_viewer_role.yaml (100%) rename config/base/{ => operator-controller}/rbac/kustomization.yaml (100%) rename config/base/{ => operator-controller}/rbac/leader_election_role.yaml (100%) rename config/base/{ => operator-controller}/rbac/leader_election_role_binding.yaml (100%) rename config/base/{ => operator-controller}/rbac/role.yaml (100%) rename config/base/{ => operator-controller}/rbac/role_binding.yaml (100%) rename config/base/{ => operator-controller}/rbac/service_account.yaml (100%) rename {catalogd/config/base/default => config/catalogs}/clustercatalogs/default-catalogs.yaml (100%) rename {catalogd/config/base => config/catalogs}/nginx-ingress/kustomization.yaml (100%) rename {catalogd/config/base => config/catalogs}/nginx-ingress/resources/nginx_ingress.yaml (100%) delete mode 100644 config/components/ca/issuers.yaml rename {catalogd/config/components/ca/resources => config/components/tls/ca}/issuers.yaml (100%) rename config/components/{ => tls}/ca/kustomization.yaml (100%) rename {catalogd/config/components/tls => config/components/tls/catalogd}/kustomization.yaml (64%) rename {catalogd/config/components/tls => config/components/tls/catalogd}/patches/catalogd_service_port.yaml (100%) rename {catalogd/config/components/tls => config/components/tls/catalogd}/patches/catalogd_webhook.yaml (100%) rename {catalogd/config/components/ca => config/components/tls/catalogd}/patches/manager_deployment_cacerts.yaml (100%) rename {catalogd/config/components/tls => config/components/tls/catalogd}/patches/manager_deployment_certs.yaml (100%) rename {catalogd/config/components/tls => config/components/tls/catalogd}/resources/certificate.yaml (92%) rename config/components/tls/{ => operator-controller}/kustomization.yaml (76%) rename config/components/tls/{ => operator-controller}/patches/manager_deployment_cert.yaml (100%) rename config/components/tls/{ => operator-controller}/resources/manager_cert.yaml (100%) create mode 100644 config/overlays/basic-olm/kustomization.yaml rename config/overlays/tilt-local-dev/{ => catalogd}/kustomization.yaml (53%) create mode 100644 config/overlays/tilt-local-dev/catalogd/patches/dev-deployment.yaml create mode 100644 config/overlays/tilt-local-dev/operator-controller/kustomization.yaml rename config/overlays/tilt-local-dev/{ => operator-controller}/patches/dev-deployment.yaml (78%) diff --git a/.goreleaser.yml b/.goreleaser.yml index d828849dd..df644a264 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -124,7 +124,7 @@ release: disable: '{{ ne .Env.ENABLE_RELEASE_PIPELINE "true" }}' extra_files: - glob: 'operator-controller.yaml' - - glob: './catalogd/config/base/default/clustercatalogs/default-catalogs.yaml' + - glob: './config/catalogs/clustercatalogs/default-catalogs.yaml' - glob: 'install.sh' header: | ## Installation diff --git a/Makefile b/Makefile index 2de91e63c..a1c4f2865 100644 --- a/Makefile +++ b/Makefile @@ -65,7 +65,6 @@ $(warning Could not find docker or podman in path! This may result in targets re endif KUSTOMIZE_BUILD_DIR := config/overlays/cert-manager -CATALOGD_KUSTOMIZE_BUILD_DIR := catalogd/config/overlays/cert-manager # Disable -j flag for make .NOTPARALLEL: @@ -114,17 +113,19 @@ tidy: #HELP Update dependencies. $(Q)go mod tidy -go=$(GOLANG_VERSION) .PHONY: manifests -KUSTOMIZE_CRDS_DIR := config/base/crd/bases -KUSTOMIZE_RBAC_DIR := config/base/rbac -KUSTOMIZE_WEBHOOKS_DIR := config/base/manager/webhook +KUSTOMIZE_CATD_CRDS_DIR := config/base/catalogd/crd/bases +KUSTOMIZE_CATD_RBAC_DIR := config/base/catalogd/rbac +KUSTOMIZE_CATD_WEBHOOKS_DIR := config/base/catalogd/manager/webhook +KUSTOMIZE_OPCON_CRDS_DIR := config/base/operator-controller/crd/bases +KUSTOMIZE_OPCON_RBAC_DIR := config/base/operator-controller/rbac manifests: $(CONTROLLER_GEN) #EXHELP Generate WebhookConfiguration, ClusterRole, and CustomResourceDefinition objects. # Generate the operator-controller manifests - rm -rf $(KUSTOMIZE_CRDS_DIR) && $(CONTROLLER_GEN) crd paths=./api/... output:crd:artifacts:config=$(KUSTOMIZE_CRDS_DIR) - rm -f $(KUSTOMIZE_RBAC_DIR)/role.yaml && $(CONTROLLER_GEN) rbac:roleName=manager-role paths=./internal/operator-controller/... output:rbac:artifacts:config=$(KUSTOMIZE_RBAC_DIR) + rm -rf $(KUSTOMIZE_OPCON_CRDS_DIR) && $(CONTROLLER_GEN) crd paths=./api/... output:crd:artifacts:config=$(KUSTOMIZE_OPCON_CRDS_DIR) + rm -f $(KUSTOMIZE_OPCON_RBAC_DIR)/role.yaml && $(CONTROLLER_GEN) rbac:roleName=manager-role paths=./internal/operator-controller/... output:rbac:artifacts:config=$(KUSTOMIZE_OPCON_RBAC_DIR) # Generate the catalogd manifests - rm -rf catalogd/$(KUSTOMIZE_CRDS_DIR) && $(CONTROLLER_GEN) crd paths="./catalogd/api/..." output:crd:artifacts:config=catalogd/$(KUSTOMIZE_CRDS_DIR) - rm -f catalogd/$(KUSTOMIZE_RBAC_DIR)/role.yaml && $(CONTROLLER_GEN) rbac:roleName=manager-role paths="./internal/catalogd/..." output:rbac:artifacts:config=catalogd/$(KUSTOMIZE_RBAC_DIR) - rm -f catalogd/$(KUSTOMIZE_WEBHOOKS_DIR)/manifests.yaml && $(CONTROLLER_GEN) webhook paths="./internal/catalogd/..." output:webhook:artifacts:config=catalogd/$(KUSTOMIZE_WEBHOOKS_DIR) + rm -rf $(KUSTOMIZE_CATD_CRDS_DIR) && $(CONTROLLER_GEN) crd paths="./catalogd/api/..." output:crd:artifacts:config=$(KUSTOMIZE_CATD_CRDS_DIR) + rm -f $(KUSTOMIZE_CATD_RBAC_DIR)/role.yaml && $(CONTROLLER_GEN) rbac:roleName=manager-role paths="./internal/catalogd/..." output:rbac:artifacts:config=$(KUSTOMIZE_CATD_RBAC_DIR) + rm -f $(KUSTOMIZE_CATD_WEBHOOKS_DIR)/manifests.yaml && $(CONTROLLER_GEN) webhook paths="./internal/catalogd/..." output:webhook:artifacts:config=$(KUSTOMIZE_CATD_WEBHOOKS_DIR) .PHONY: generate generate: $(CONTROLLER_GEN) #EXHELP Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. @@ -221,7 +222,6 @@ image-registry: ## Build the testdata catalog used for e2e tests and push it to test-e2e: KIND_CLUSTER_NAME := operator-controller-e2e test-e2e: KUSTOMIZE_BUILD_DIR := config/overlays/e2e test-e2e: GO_BUILD_FLAGS := -cover -test-e2e: CATALOGD_KUSTOMIZE_BUILD_DIR := catalogd/config/overlays/e2e test-e2e: run image-registry e2e e2e-coverage kind-clean #HELP Run e2e test suite on local kind cluster .PHONY: extension-developer-e2e @@ -259,9 +259,9 @@ kind-load: $(KIND) #EXHELP Loads the currently constructed images into the KIND .PHONY: kind-deploy kind-deploy: export MANIFEST := ./operator-controller.yaml -kind-deploy: export DEFAULT_CATALOG := ./catalogd/config/base/default/clustercatalogs/default-catalogs.yaml +kind-deploy: export DEFAULT_CATALOG := ./config/catalogs/clustercatalogs/default-catalogs.yaml kind-deploy: manifests $(KUSTOMIZE) - ($(KUSTOMIZE) build $(KUSTOMIZE_BUILD_DIR) && echo "---" && $(KUSTOMIZE) build $(CATALOGD_KUSTOMIZE_BUILD_DIR) | sed "s/cert-git-version/cert-$(VERSION)/g") > $(MANIFEST) + $(KUSTOMIZE) build $(KUSTOMIZE_BUILD_DIR) | sed "s/cert-git-version/cert-$(VERSION)/g" > $(MANIFEST) envsubst '$$DEFAULT_CATALOG,$$CERT_MGR_VERSION,$$INSTALL_DEFAULT_CATALOGS,$$MANIFEST' < scripts/install.tpl.sh | bash -s .PHONY: kind-cluster @@ -347,7 +347,7 @@ release: $(GORELEASER) #EXHELP Runs goreleaser for the operator-controller. By d quickstart: export MANIFEST := https://github.com/operator-framework/operator-controller/releases/download/$(VERSION)/operator-controller.yaml quickstart: export DEFAULT_CATALOG := "https://github.com/operator-framework/operator-controller/releases/download/$(VERSION)/default-catalogs.yaml" quickstart: $(KUSTOMIZE) manifests #EXHELP Generate the unified installation release manifests and scripts. - ($(KUSTOMIZE) build $(KUSTOMIZE_BUILD_DIR) && echo "---" && $(KUSTOMIZE) build catalogd/config/overlays/cert-manager) | sed "s/cert-git-version/cert-$(VERSION)/g" | sed "s/:devel/:$(VERSION)/g" > operator-controller.yaml + $(KUSTOMIZE) build $(KUSTOMIZE_BUILD_DIR) | sed "s/cert-git-version/cert-$(VERSION)/g" | sed "s/:devel/:$(VERSION)/g" > operator-controller.yaml envsubst '$$DEFAULT_CATALOG,$$CERT_MGR_VERSION,$$INSTALL_DEFAULT_CATALOGS,$$MANIFEST' < scripts/install.tpl.sh > install.sh ##@ Docs @@ -367,7 +367,7 @@ crd-ref-docs: $(CRD_REF_DOCS) #EXHELP Generate the API Reference Documents. $(CRD_REF_DOCS) --source-path=$(ROOT_DIR)/catalogd/api \ --config=$(API_REFERENCE_DIR)/crd-ref-docs-gen-config.yaml \ --renderer=markdown --output-path=$(API_REFERENCE_DIR)/$(CATALOGD_API_REFERENCE_FILENAME); - + VENVDIR := $(abspath docs/.venv) .PHONY: build-docs diff --git a/Tiltfile b/Tiltfile index 5682e106c..f5506d30f 100644 --- a/Tiltfile +++ b/Tiltfile @@ -2,7 +2,7 @@ load('.tilt-support', 'deploy_repo') operator_controller = { 'image': 'quay.io/operator-framework/operator-controller', - 'yaml': 'config/overlays/tilt-local-dev', + 'yaml': 'config/overlays/tilt-local-dev/operator-controller', 'binaries': { './cmd/operator-controller': 'operator-controller-controller-manager', }, @@ -13,7 +13,7 @@ deploy_repo('operator-controller', operator_controller, '-tags containers_image_ catalogd = { 'image': 'quay.io/operator-framework/catalogd', - 'yaml': 'catalogd/config/overlays/cert-manager', + 'yaml': 'config/overlays/tilt-local-dev/catalogd', 'binaries': { './catalogd/cmd/catalogd': 'catalogd-controller-manager', }, diff --git a/catalogd/api/v1/clustercatalog_types_test.go b/catalogd/api/v1/clustercatalog_types_test.go index 074acc524..0ddd2f5e3 100644 --- a/catalogd/api/v1/clustercatalog_types_test.go +++ b/catalogd/api/v1/clustercatalog_types_test.go @@ -20,7 +20,7 @@ import ( "sigs.k8s.io/yaml" ) -const crdFilePath = "../../config/base/crd/bases/olm.operatorframework.io_clustercatalogs.yaml" +const crdFilePath = "../../../config/base/catalogd/crd/bases/olm.operatorframework.io_clustercatalogs.yaml" func TestImageSourceCELValidationRules(t *testing.T) { validators := fieldValidatorsFromFile(t, crdFilePath) diff --git a/catalogd/config/base/default/kustomization.yaml b/catalogd/config/base/default/kustomization.yaml deleted file mode 100644 index 93dce3bac..000000000 --- a/catalogd/config/base/default/kustomization.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# Adds namespace to all resources. -namespace: olmv1-system - -# Value of this field is prepended to the -# names of all resources, e.g. a deployment named -# "wordpress" becomes "alices-wordpress". -# Note that it should also match with the prefix (text before '-') of the namespace -# field above. -namePrefix: catalogd- - -# the following config is for teaching kustomize how to do var substitution -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- ../crd -- ../rbac -- ../manager diff --git a/catalogd/config/components/ca/kustomization.yaml b/catalogd/config/components/ca/kustomization.yaml deleted file mode 100644 index 113d2a957..000000000 --- a/catalogd/config/components/ca/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1alpha1 -kind: Component -# No namespace is specified here, otherwise, it will overwrite _all_ the other namespaces! -resources: -- resources/issuers.yaml -patches: -- target: - kind: Deployment - name: controller-manager - path: patches/manager_deployment_cacerts.yaml diff --git a/catalogd/config/components/registries-conf/kustomization.yaml b/catalogd/config/components/registries-conf/kustomization.yaml deleted file mode 100644 index e48262429..000000000 --- a/catalogd/config/components/registries-conf/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1alpha1 -kind: Component -namespace: olmv1-system -resources: -- registries_conf_configmap.yaml -patches: -- path: manager_e2e_registries_conf_patch.yaml diff --git a/catalogd/config/components/registries-conf/manager_e2e_registries_conf_patch.yaml b/catalogd/config/components/registries-conf/manager_e2e_registries_conf_patch.yaml deleted file mode 100644 index 42012d697..000000000 --- a/catalogd/config/components/registries-conf/manager_e2e_registries_conf_patch.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager - volumeMounts: - - name: e2e-registries-conf - mountPath: /etc/containers - volumes: - - name: e2e-registries-conf - configMap: - name: e2e-registries-conf diff --git a/catalogd/config/components/registries-conf/registries_conf_configmap.yaml b/catalogd/config/components/registries-conf/registries_conf_configmap.yaml deleted file mode 100644 index 2604c78f5..000000000 --- a/catalogd/config/components/registries-conf/registries_conf_configmap.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: e2e-registries-conf - namespace: system -data: - registries.conf: | - [[registry]] - prefix = "mirrored-registry.operator-controller-e2e.svc.cluster.local:5000" - location = "docker-registry.operator-controller-e2e.svc.cluster.local:5000" diff --git a/catalogd/config/overlays/cert-manager/kustomization.yaml b/catalogd/config/overlays/cert-manager/kustomization.yaml deleted file mode 100644 index fb27be4f4..000000000 --- a/catalogd/config/overlays/cert-manager/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- ../../base/crd -- ../../base/rbac -- ../../base/manager -components: -- ../../components/tls -- ../../components/ca diff --git a/catalogd/config/overlays/e2e/kustomization.yaml b/catalogd/config/overlays/e2e/kustomization.yaml deleted file mode 100644 index dbfd7d737..000000000 --- a/catalogd/config/overlays/e2e/kustomization.yaml +++ /dev/null @@ -1,12 +0,0 @@ -# kustomization file for all the e2e's -# DO NOT ADD A NAMESPACE HERE -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ../../base/crd - - ../../base/rbac - - ../../base/manager -components: - - ../../components/tls - - ../../components/registries-conf - - ../../components/ca diff --git a/catalogd/config/rbac/role.yaml b/catalogd/config/rbac/role.yaml deleted file mode 100644 index b0cf5a213..000000000 --- a/catalogd/config/rbac/role.yaml +++ /dev/null @@ -1,65 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: manager-role -rules: -- apiGroups: - - olm.operatorframework.io - resources: - - clustercatalogs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - olm.operatorframework.io - resources: - - clustercatalogs/finalizers - verbs: - - update -- apiGroups: - - olm.operatorframework.io - resources: - - clustercatalogs/status - verbs: - - get - - patch - - update -- apiGroups: - - "" - resources: - - pods - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - pods/log - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: manager-role - namespace: system -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get diff --git a/catalogd/config/samples/core_v1_clustercatalog.yaml b/catalogd/config/samples/core_v1_clustercatalog.yaml deleted file mode 100644 index 661bf2a6c..000000000 --- a/catalogd/config/samples/core_v1_clustercatalog.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: olm.operatorframework.io/v1 -kind: ClusterCatalog -metadata: - name: operatorhubio -spec: - priority: 0 - source: - type: Image - image: - pollIntervalMinutes: 1440 - ref: quay.io/operatorhubio/catalog:latest diff --git a/config/README.md b/config/README.md index 1f8011507..449989b23 100644 --- a/config/README.md +++ b/config/README.md @@ -1,52 +1,77 @@ # OPERATOR-CONTROLLER CONFIG -## config/base +## config/overlays/basic-olm -This provides an insecure (i.e. no TLS) basic configuration of operator-controller. - -This configuration specifies a namespace of `olmv1-system`. +This includes basic support for an insecure OLMv1 deployment. This configuration uses: +* config/base/catalogd +* config/base/operator-controller +* config/base/common ## config/overlays/cert-manager -This includes support for a secure (i.e. with TLS) configuration of operator-controller. This configuration uses: -* config/base -* config/components/tls -* config/components/ca +This includes support for a secure (i.e. with TLS) configuration of OLMv1. This configuration uses: +* config/base/catalogd +* config/base/operator-controller +* config/base/common +* config/components/tls/catalogd +* config/components/tls/operator-controller +* config/components/tls/ca This configuration requires cert-manager. ## config/overlays/e2e This provides additional configuration support for end-to-end testing, including code coverage. This configuration uses: -* config/base -* config/components/tls -* config/components/ca +* config/base/catalogd +* config/base/operator-controller +* config/base/common * config/components/coverage +* config/components/tls/catalogd +* config/components/tls/operator-controller +* config/components/tls/ca This configuration requires cert-manager. -## Components +## Base Configuration -Each of the `kustomization.yaml` files specify a `Component`, rather than an overlay. +The base configuration specifies a namespace of `olmv1-system`. -### config/components/tls +### config/base/catalogd -This provides a basic configuration of operator-controller with TLS support for catalogd. +This provides the base configuration of catalogd. + +### config/base/operator-controller + +This provides the base configuration of operator-controller. + +### config/base/common + +This provides common components to both operator-controller and catalogd, i.e. namespace. + +## Components + +Each of the `kustomization.yaml` files specify a `Component`, rather than an overlay, and thus, can be used within the overlays. -This component specifies the `olmv1-system` namespace. +### config/components/tls/catalogd + +This provides a basic configuration of catalogd with TLS support. This component requires cert-manager. -### config/components/coverage +### config/components/tls/operator-controller -Provides configuration for code coverage. +This provides a basic configuration of operator-controller with TLS support for catalogd. -This component specifies the `olmv1-system` namespace. +This component requires cert-manager. -### config/components/ca +### config/components/tls/ca -Procides a CA for operator-controller operation. +Provides a CA for operator-controller/catalogd operation. -This component _does not_ specify a namespace, and must be included last. +This component _does not_ specify a namespace, and _must_ be included last. This component requires cert-manager. + +### config/components/coverage + +Provides configuration for code coverage. diff --git a/config/base/catalogd/crd/bases/olm.operatorframework.io_clustercatalogs.yaml b/config/base/catalogd/crd/bases/olm.operatorframework.io_clustercatalogs.yaml new file mode 100644 index 000000000..cbf023565 --- /dev/null +++ b/config/base/catalogd/crd/bases/olm.operatorframework.io_clustercatalogs.yaml @@ -0,0 +1,441 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.2 + name: clustercatalogs.olm.operatorframework.io +spec: + group: olm.operatorframework.io + names: + kind: ClusterCatalog + listKind: ClusterCatalogList + plural: clustercatalogs + singular: clustercatalog + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.lastUnpacked + name: LastUnpacked + type: date + - jsonPath: .status.conditions[?(@.type=="Serving")].status + name: Serving + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: |- + ClusterCatalog enables users to make File-Based Catalog (FBC) catalog data available to the cluster. + For more information on FBC, see https://olm.operatorframework.io/docs/reference/file-based-catalogs/#docs + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + spec is the desired state of the ClusterCatalog. + spec is required. + The controller will work to ensure that the desired + catalog is unpacked and served over the catalog content HTTP server. + properties: + availabilityMode: + default: Available + description: |- + availabilityMode allows users to define how the ClusterCatalog is made available to clients on the cluster. + availabilityMode is optional. + + Allowed values are "Available" and "Unavailable" and omitted. + + When omitted, the default value is "Available". + + When set to "Available", the catalog contents will be unpacked and served over the catalog content HTTP server. + Setting the availabilityMode to "Available" tells clients that they should consider this ClusterCatalog + and its contents as usable. + + When set to "Unavailable", the catalog contents will no longer be served over the catalog content HTTP server. + When set to this availabilityMode it should be interpreted the same as the ClusterCatalog not existing. + Setting the availabilityMode to "Unavailable" can be useful in scenarios where a user may not want + to delete the ClusterCatalog all together, but would still like it to be treated as if it doesn't exist. + enum: + - Unavailable + - Available + type: string + priority: + default: 0 + description: |- + priority allows the user to define a priority for a ClusterCatalog. + priority is optional. + + A ClusterCatalog's priority is used by clients as a tie-breaker between ClusterCatalogs that meet the client's requirements. + A higher number means higher priority. + + It is up to clients to decide how to handle scenarios where multiple ClusterCatalogs with the same priority meet their requirements. + When deciding how to break the tie in this scenario, it is recommended that clients prompt their users for additional input. + + When omitted, the default priority is 0 because that is the zero value of integers. + + Negative numbers can be used to specify a priority lower than the default. + Positive numbers can be used to specify a priority higher than the default. + + The lowest possible value is -2147483648. + The highest possible value is 2147483647. + format: int32 + type: integer + source: + description: |- + source allows a user to define the source of a catalog. + A "catalog" contains information on content that can be installed on a cluster. + Providing a catalog source makes the contents of the catalog discoverable and usable by + other on-cluster components. + These on-cluster components may do a variety of things with this information, such as + presenting the content in a GUI dashboard or installing content from the catalog on the cluster. + The catalog source must contain catalog metadata in the File-Based Catalog (FBC) format. + For more information on FBC, see https://olm.operatorframework.io/docs/reference/file-based-catalogs/#docs. + source is a required field. + + Below is a minimal example of a ClusterCatalogSpec that sources a catalog from an image: + + source: + type: Image + image: + ref: quay.io/operatorhubio/catalog:latest + properties: + image: + description: |- + image is used to configure how catalog contents are sourced from an OCI image. + This field is required when type is Image, and forbidden otherwise. + properties: + pollIntervalMinutes: + description: |- + pollIntervalMinutes allows the user to set the interval, in minutes, at which the image source should be polled for new content. + pollIntervalMinutes is optional. + pollIntervalMinutes can not be specified when ref is a digest-based reference. + + When omitted, the image will not be polled for new content. + minimum: 1 + type: integer + ref: + description: |- + ref allows users to define the reference to a container image containing Catalog contents. + ref is required. + ref can not be more than 1000 characters. + + A reference can be broken down into 3 parts - the domain, name, and identifier. + + The domain is typically the registry where an image is located. + It must be alphanumeric characters (lowercase and uppercase) separated by the "." character. + Hyphenation is allowed, but the domain must start and end with alphanumeric characters. + Specifying a port to use is also allowed by adding the ":" character followed by numeric values. + The port must be the last value in the domain. + Some examples of valid domain values are "registry.mydomain.io", "quay.io", "my-registry.io:8080". + + The name is typically the repository in the registry where an image is located. + It must contain lowercase alphanumeric characters separated only by the ".", "_", "__", "-" characters. + Multiple names can be concatenated with the "/" character. + The domain and name are combined using the "/" character. + Some examples of valid name values are "operatorhubio/catalog", "catalog", "my-catalog.prod". + An example of the domain and name parts of a reference being combined is "quay.io/operatorhubio/catalog". + + The identifier is typically the tag or digest for an image reference and is present at the end of the reference. + It starts with a separator character used to distinguish the end of the name and beginning of the identifier. + For a digest-based reference, the "@" character is the separator. + For a tag-based reference, the ":" character is the separator. + An identifier is required in the reference. + + Digest-based references must contain an algorithm reference immediately after the "@" separator. + The algorithm reference must be followed by the ":" character and an encoded string. + The algorithm must start with an uppercase or lowercase alpha character followed by alphanumeric characters and may contain the "-", "_", "+", and "." characters. + Some examples of valid algorithm values are "sha256", "sha256+b64u", "multihash+base58". + The encoded string following the algorithm must be hex digits (a-f, A-F, 0-9) and must be a minimum of 32 characters. + + Tag-based references must begin with a word character (alphanumeric + "_") followed by word characters or ".", and "-" characters. + The tag must not be longer than 127 characters. + + An example of a valid digest-based image reference is "quay.io/operatorhubio/catalog@sha256:200d4ddb2a73594b91358fe6397424e975205bfbe44614f5846033cad64b3f05" + An example of a valid tag-based image reference is "quay.io/operatorhubio/catalog:latest" + maxLength: 1000 + type: string + x-kubernetes-validations: + - message: must start with a valid domain. valid domains must + be alphanumeric characters (lowercase and uppercase) separated + by the "." character. + rule: self.matches('^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])((\\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(:[0-9]+)?\\b') + - message: a valid name is required. valid names must contain + lowercase alphanumeric characters separated only by the + ".", "_", "__", "-" characters. + rule: self.find('(\\/[a-z0-9]+((([._]|__|[-]*)[a-z0-9]+)+)?((\\/[a-z0-9]+((([._]|__|[-]*)[a-z0-9]+)+)?)+)?)') + != "" + - message: must end with a digest or a tag + rule: self.find('(@.*:)') != "" || self.find(':.*$') != + "" + - message: tag is invalid. the tag must not be more than 127 + characters + rule: 'self.find(''(@.*:)'') == "" ? (self.find('':.*$'') + != "" ? self.find('':.*$'').substring(1).size() <= 127 + : true) : true' + - message: tag is invalid. valid tags must begin with a word + character (alphanumeric + "_") followed by word characters + or ".", and "-" characters + rule: 'self.find(''(@.*:)'') == "" ? (self.find('':.*$'') + != "" ? self.find('':.*$'').matches('':[\\w][\\w.-]*$'') + : true) : true' + - message: digest algorithm is not valid. valid algorithms + must start with an uppercase or lowercase alpha character + followed by alphanumeric characters and may contain the + "-", "_", "+", and "." characters. + rule: 'self.find(''(@.*:)'') != "" ? self.find(''(@.*:)'').matches(''(@[A-Za-z][A-Za-z0-9]*([-_+.][A-Za-z][A-Za-z0-9]*)*[:])'') + : true' + - message: digest is not valid. the encoded string must be + at least 32 characters + rule: 'self.find(''(@.*:)'') != "" ? self.find('':.*$'').substring(1).size() + >= 32 : true' + - message: digest is not valid. the encoded string must only + contain hex characters (A-F, a-f, 0-9) + rule: 'self.find(''(@.*:)'') != "" ? self.find('':.*$'').matches('':[0-9A-Fa-f]*$'') + : true' + required: + - ref + type: object + x-kubernetes-validations: + - message: cannot specify pollIntervalMinutes while using digest-based + image + rule: 'self.ref.find(''(@.*:)'') != "" ? !has(self.pollIntervalMinutes) + : true' + type: + description: |- + type is a reference to the type of source the catalog is sourced from. + type is required. + + The only allowed value is "Image". + + When set to "Image", the ClusterCatalog content will be sourced from an OCI image. + When using an image source, the image field must be set and must be the only field defined for this type. + enum: + - Image + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: image is required when source type is Image, and forbidden + otherwise + rule: 'has(self.type) && self.type == ''Image'' ? has(self.image) + : !has(self.image)' + required: + - source + type: object + status: + description: |- + status contains information about the state of the ClusterCatalog such as: + - Whether or not the catalog contents are being served via the catalog content HTTP server + - Whether or not the ClusterCatalog is progressing to a new state + - A reference to the source from which the catalog contents were retrieved + properties: + conditions: + description: |- + conditions is a representation of the current state for this ClusterCatalog. + + The current condition types are Serving and Progressing. + + The Serving condition is used to represent whether or not the contents of the catalog is being served via the HTTP(S) web server. + When it has a status of True and a reason of Available, the contents of the catalog are being served. + When it has a status of False and a reason of Unavailable, the contents of the catalog are not being served because the contents are not yet available. + When it has a status of False and a reason of UserSpecifiedUnavailable, the contents of the catalog are not being served because the catalog has been intentionally marked as unavailable. + + The Progressing condition is used to represent whether or not the ClusterCatalog is progressing or is ready to progress towards a new state. + When it has a status of True and a reason of Retrying, there was an error in the progression of the ClusterCatalog that may be resolved on subsequent reconciliation attempts. + When it has a status of True and a reason of Succeeded, the ClusterCatalog has successfully progressed to a new state and is ready to continue progressing. + When it has a status of False and a reason of Blocked, there was an error in the progression of the ClusterCatalog that requires manual intervention for recovery. + + In the case that the Serving condition is True with reason Available and Progressing is True with reason Retrying, the previously fetched + catalog contents are still being served via the HTTP(S) web server while we are progressing towards serving a new version of the catalog + contents. This could occur when we've initially fetched the latest contents from the source for this catalog and when polling for changes + to the contents we identify that there are updates to the contents. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + lastUnpacked: + description: |- + lastUnpacked represents the last time the contents of the + catalog were extracted from their source format. As an example, + when using an Image source, the OCI image will be pulled and the + image layers written to a file-system backed cache. We refer to the + act of this extraction from the source format as "unpacking". + format: date-time + type: string + resolvedSource: + description: resolvedSource contains information about the resolved + source based on the source type. + properties: + image: + description: |- + image is a field containing resolution information for a catalog sourced from an image. + This field must be set when type is Image, and forbidden otherwise. + properties: + ref: + description: |- + ref contains the resolved image digest-based reference. + The digest format is used so users can use other tooling to fetch the exact + OCI manifests that were used to extract the catalog contents. + maxLength: 1000 + type: string + x-kubernetes-validations: + - message: must start with a valid domain. valid domains must + be alphanumeric characters (lowercase and uppercase) separated + by the "." character. + rule: self.matches('^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])((\\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(:[0-9]+)?\\b') + - message: a valid name is required. valid names must contain + lowercase alphanumeric characters separated only by the + ".", "_", "__", "-" characters. + rule: self.find('(\\/[a-z0-9]+((([._]|__|[-]*)[a-z0-9]+)+)?((\\/[a-z0-9]+((([._]|__|[-]*)[a-z0-9]+)+)?)+)?)') + != "" + - message: must end with a digest + rule: self.find('(@.*:)') != "" + - message: digest algorithm is not valid. valid algorithms + must start with an uppercase or lowercase alpha character + followed by alphanumeric characters and may contain the + "-", "_", "+", and "." characters. + rule: 'self.find(''(@.*:)'') != "" ? self.find(''(@.*:)'').matches(''(@[A-Za-z][A-Za-z0-9]*([-_+.][A-Za-z][A-Za-z0-9]*)*[:])'') + : true' + - message: digest is not valid. the encoded string must be + at least 32 characters + rule: 'self.find(''(@.*:)'') != "" ? self.find('':.*$'').substring(1).size() + >= 32 : true' + - message: digest is not valid. the encoded string must only + contain hex characters (A-F, a-f, 0-9) + rule: 'self.find(''(@.*:)'') != "" ? self.find('':.*$'').matches('':[0-9A-Fa-f]*$'') + : true' + required: + - ref + type: object + type: + description: |- + type is a reference to the type of source the catalog is sourced from. + type is required. + + The only allowed value is "Image". + + When set to "Image", information about the resolved image source will be set in the 'image' field. + enum: + - Image + type: string + required: + - image + - type + type: object + x-kubernetes-validations: + - message: image is required when source type is Image, and forbidden + otherwise + rule: 'has(self.type) && self.type == ''Image'' ? has(self.image) + : !has(self.image)' + urls: + description: urls contains the URLs that can be used to access the + catalog. + properties: + base: + description: |- + base is a cluster-internal URL that provides endpoints for + accessing the content of the catalog. + + It is expected that clients append the path for the endpoint they wish + to access. + + Currently, only a single endpoint is served and is accessible at the path + /api/v1. + + The endpoints served for the v1 API are: + - /all - this endpoint returns the entirety of the catalog contents in the FBC format + + As the needs of users and clients of the evolve, new endpoints may be added. + maxLength: 525 + type: string + x-kubernetes-validations: + - message: must be a valid URL + rule: isURL(self) + - message: scheme must be either http or https + rule: 'isURL(self) ? (url(self).getScheme() == "http" || url(self).getScheme() + == "https") : true' + required: + - base + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/catalogd/config/base/crd/kustomization.yaml b/config/base/catalogd/crd/kustomization.yaml similarity index 100% rename from catalogd/config/base/crd/kustomization.yaml rename to config/base/catalogd/crd/kustomization.yaml diff --git a/config/base/catalogd/kustomization.yaml b/config/base/catalogd/kustomization.yaml new file mode 100644 index 000000000..9a6bc2512 --- /dev/null +++ b/config/base/catalogd/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: olmv1-system +namePrefix: catalogd- +resources: +- crd +- rbac +- manager diff --git a/catalogd/config/base/manager/catalogd_service.yaml b/config/base/catalogd/manager/catalogd_service.yaml similarity index 100% rename from catalogd/config/base/manager/catalogd_service.yaml rename to config/base/catalogd/manager/catalogd_service.yaml diff --git a/catalogd/config/base/manager/kustomization.yaml b/config/base/catalogd/manager/kustomization.yaml similarity index 100% rename from catalogd/config/base/manager/kustomization.yaml rename to config/base/catalogd/manager/kustomization.yaml diff --git a/catalogd/config/base/manager/manager.yaml b/config/base/catalogd/manager/manager.yaml similarity index 91% rename from catalogd/config/base/manager/manager.yaml rename to config/base/catalogd/manager/manager.yaml index b394b2800..5c52165ec 100644 --- a/catalogd/config/base/manager/manager.yaml +++ b/config/base/catalogd/manager/manager.yaml @@ -1,12 +1,3 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/part-of: olm - pod-security.kubernetes.io/enforce: baseline - pod-security.kubernetes.io/enforce-version: latest - name: system ---- apiVersion: apps/v1 kind: Deployment metadata: diff --git a/catalogd/config/base/manager/webhook/manifests.yaml b/config/base/catalogd/manager/webhook/manifests.yaml similarity index 100% rename from catalogd/config/base/manager/webhook/manifests.yaml rename to config/base/catalogd/manager/webhook/manifests.yaml diff --git a/catalogd/config/base/manager/webhook/patch.yaml b/config/base/catalogd/manager/webhook/patch.yaml similarity index 100% rename from catalogd/config/base/manager/webhook/patch.yaml rename to config/base/catalogd/manager/webhook/patch.yaml diff --git a/catalogd/config/base/rbac/auth_proxy_client_clusterrole.yaml b/config/base/catalogd/rbac/auth_proxy_client_clusterrole.yaml similarity index 100% rename from catalogd/config/base/rbac/auth_proxy_client_clusterrole.yaml rename to config/base/catalogd/rbac/auth_proxy_client_clusterrole.yaml diff --git a/catalogd/config/base/rbac/auth_proxy_role.yaml b/config/base/catalogd/rbac/auth_proxy_role.yaml similarity index 100% rename from catalogd/config/base/rbac/auth_proxy_role.yaml rename to config/base/catalogd/rbac/auth_proxy_role.yaml diff --git a/catalogd/config/base/rbac/auth_proxy_role_binding.yaml b/config/base/catalogd/rbac/auth_proxy_role_binding.yaml similarity index 100% rename from catalogd/config/base/rbac/auth_proxy_role_binding.yaml rename to config/base/catalogd/rbac/auth_proxy_role_binding.yaml diff --git a/catalogd/config/base/rbac/kustomization.yaml b/config/base/catalogd/rbac/kustomization.yaml similarity index 100% rename from catalogd/config/base/rbac/kustomization.yaml rename to config/base/catalogd/rbac/kustomization.yaml diff --git a/catalogd/config/base/rbac/leader_election_role.yaml b/config/base/catalogd/rbac/leader_election_role.yaml similarity index 100% rename from catalogd/config/base/rbac/leader_election_role.yaml rename to config/base/catalogd/rbac/leader_election_role.yaml diff --git a/catalogd/config/base/rbac/leader_election_role_binding.yaml b/config/base/catalogd/rbac/leader_election_role_binding.yaml similarity index 100% rename from catalogd/config/base/rbac/leader_election_role_binding.yaml rename to config/base/catalogd/rbac/leader_election_role_binding.yaml diff --git a/catalogd/config/base/rbac/role.yaml b/config/base/catalogd/rbac/role.yaml similarity index 100% rename from catalogd/config/base/rbac/role.yaml rename to config/base/catalogd/rbac/role.yaml diff --git a/catalogd/config/base/rbac/role_binding.yaml b/config/base/catalogd/rbac/role_binding.yaml similarity index 100% rename from catalogd/config/base/rbac/role_binding.yaml rename to config/base/catalogd/rbac/role_binding.yaml diff --git a/catalogd/config/base/rbac/service_account.yaml b/config/base/catalogd/rbac/service_account.yaml similarity index 100% rename from catalogd/config/base/rbac/service_account.yaml rename to config/base/catalogd/rbac/service_account.yaml diff --git a/config/base/common/kustomization.yaml b/config/base/common/kustomization.yaml new file mode 100644 index 000000000..c313b5408 --- /dev/null +++ b/config/base/common/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- namespace.yaml diff --git a/config/base/common/namespace.yaml b/config/base/common/namespace.yaml new file mode 100644 index 000000000..012da7574 --- /dev/null +++ b/config/base/common/namespace.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/part-of: olm + pod-security.kubernetes.io/enforce: baseline + pod-security.kubernetes.io/enforce-version: latest + name: system diff --git a/config/base/kustomization.yaml b/config/base/kustomization.yaml deleted file mode 100644 index b475608ee..000000000 --- a/config/base/kustomization.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Adds namespace to all resources. -namespace: olmv1-system - -# Value of this field is prepended to the -# names of all resources, e.g. a deployment named -# "wordpress" becomes "alices-wordpress". -# Note that it should also match with the prefix (text before '-') of the namespace -# field above. -namePrefix: operator-controller- - -# Labels to add to all resources and selectors. -#labels: -#- includeSelectors: true -# pairs: -# someName: someValue - -resources: -- crd -- rbac -- manager - diff --git a/config/base/operator-controller/crd/bases/olm.operatorframework.io_clusterextensions.yaml b/config/base/operator-controller/crd/bases/olm.operatorframework.io_clusterextensions.yaml new file mode 100644 index 000000000..e54b68518 --- /dev/null +++ b/config/base/operator-controller/crd/bases/olm.operatorframework.io_clusterextensions.yaml @@ -0,0 +1,589 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.2 + name: clusterextensions.olm.operatorframework.io +spec: + group: olm.operatorframework.io + names: + kind: ClusterExtension + listKind: ClusterExtensionList + plural: clusterextensions + singular: clusterextension + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.install.bundle.name + name: Installed Bundle + type: string + - jsonPath: .status.install.bundle.version + name: Version + type: string + - jsonPath: .status.conditions[?(@.type=='Installed')].status + name: Installed + type: string + - jsonPath: .status.conditions[?(@.type=='Progressing')].status + name: Progressing + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: ClusterExtension is the Schema for the clusterextensions API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is an optional field that defines the desired state + of the ClusterExtension. + properties: + install: + description: |- + install is an optional field used to configure the installation options + for the ClusterExtension such as the pre-flight check configuration. + properties: + preflight: + description: |- + preflight is an optional field that can be used to configure the checks that are + run before installation or upgrade of the content for the package specified in the packageName field. + + When specified, it replaces the default preflight configuration for install/upgrade actions. + When not specified, the default configuration will be used. + properties: + crdUpgradeSafety: + description: |- + crdUpgradeSafety is used to configure the CRD Upgrade Safety pre-flight + checks that run prior to upgrades of installed content. + + The CRD Upgrade Safety pre-flight check safeguards from unintended + consequences of upgrading a CRD, such as data loss. + properties: + enforcement: + description: |- + enforcement is a required field, used to configure the state of the CRD Upgrade Safety pre-flight check. + + Allowed values are "None" or "Strict". The default value is "Strict". + + When set to "None", the CRD Upgrade Safety pre-flight check will be skipped + when performing an upgrade operation. This should be used with caution as + unintended consequences such as data loss can occur. + + When set to "Strict", the CRD Upgrade Safety pre-flight check will be run when + performing an upgrade operation. + enum: + - None + - Strict + type: string + required: + - enforcement + type: object + required: + - crdUpgradeSafety + type: object + x-kubernetes-validations: + - message: at least one of [crdUpgradeSafety] are required when + preflight is specified + rule: has(self.crdUpgradeSafety) + type: object + x-kubernetes-validations: + - message: at least one of [preflight] are required when install is + specified + rule: has(self.preflight) + namespace: + description: |- + namespace is a reference to a Kubernetes namespace. + This is the namespace in which the provided ServiceAccount must exist. + It also designates the default namespace where namespace-scoped resources + for the extension are applied to the cluster. + Some extensions may contain namespace-scoped resources to be applied in other namespaces. + This namespace must exist. + + namespace is required, immutable, and follows the DNS label standard + as defined in [RFC 1123]. It must contain only lowercase alphanumeric characters or hyphens (-), + start and end with an alphanumeric character, and be no longer than 63 characters + + [RFC 1123]: https://tools.ietf.org/html/rfc1123 + maxLength: 63 + type: string + x-kubernetes-validations: + - message: namespace is immutable + rule: self == oldSelf + - message: namespace must be a valid DNS1123 label + rule: self.matches("^[a-z0-9]([-a-z0-9]*[a-z0-9])?$") + serviceAccount: + description: |- + serviceAccount is a reference to a ServiceAccount used to perform all interactions + with the cluster that are required to manage the extension. + The ServiceAccount must be configured with the necessary permissions to perform these interactions. + The ServiceAccount must exist in the namespace referenced in the spec. + serviceAccount is required. + properties: + name: + description: |- + name is a required, immutable reference to the name of the ServiceAccount + to be used for installation and management of the content for the package + specified in the packageName field. + + This ServiceAccount must exist in the installNamespace. + + name follows the DNS subdomain standard as defined in [RFC 1123]. + It must contain only lowercase alphanumeric characters, + hyphens (-) or periods (.), start and end with an alphanumeric character, + and be no longer than 253 characters. + + Some examples of valid values are: + - some-serviceaccount + - 123-serviceaccount + - 1-serviceaccount-2 + - someserviceaccount + - some.serviceaccount + + Some examples of invalid values are: + - -some-serviceaccount + - some-serviceaccount- + + [RFC 1123]: https://tools.ietf.org/html/rfc1123 + maxLength: 253 + type: string + x-kubernetes-validations: + - message: name is immutable + rule: self == oldSelf + - message: name must be a valid DNS1123 subdomain. It must contain + only lowercase alphanumeric characters, hyphens (-) or periods + (.), start and end with an alphanumeric character, and be + no longer than 253 characters + rule: self.matches("^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$") + required: + - name + type: object + source: + description: |- + source is a required field which selects the installation source of content + for this ClusterExtension. Selection is performed by setting the sourceType. + + Catalog is currently the only implemented sourceType, and setting the + sourcetype to "Catalog" requires the catalog field to also be defined. + + Below is a minimal example of a source definition (in yaml): + + source: + sourceType: Catalog + catalog: + packageName: example-package + properties: + catalog: + description: |- + catalog is used to configure how information is sourced from a catalog. + This field is required when sourceType is "Catalog", and forbidden otherwise. + properties: + channels: + description: |- + channels is an optional reference to a set of channels belonging to + the package specified in the packageName field. + + A "channel" is a package-author-defined stream of updates for an extension. + + Each channel in the list must follow the DNS subdomain standard + as defined in [RFC 1123]. It must contain only lowercase alphanumeric characters, + hyphens (-) or periods (.), start and end with an alphanumeric character, + and be no longer than 253 characters. No more than 256 channels can be specified. + + When specified, it is used to constrain the set of installable bundles and + the automated upgrade path. This constraint is an AND operation with the + version field. For example: + - Given channel is set to "foo" + - Given version is set to ">=1.0.0, <1.5.0" + - Only bundles that exist in channel "foo" AND satisfy the version range comparison will be considered installable + - Automatic upgrades will be constrained to upgrade edges defined by the selected channel + + When unspecified, upgrade edges across all channels will be used to identify valid automatic upgrade paths. + + Some examples of valid values are: + - 1.1.x + - alpha + - stable + - stable-v1 + - v1-stable + - dev-preview + - preview + - community + + Some examples of invalid values are: + - -some-channel + - some-channel- + - thisisareallylongchannelnamethatisgreaterthanthemaximumlength + - original_40 + - --default-channel + + [RFC 1123]: https://tools.ietf.org/html/rfc1123 + items: + maxLength: 253 + type: string + x-kubernetes-validations: + - message: channels entries must be valid DNS1123 subdomains + rule: self.matches("^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$") + maxItems: 256 + type: array + packageName: + description: |- + packageName is a reference to the name of the package to be installed + and is used to filter the content from catalogs. + + packageName is required, immutable, and follows the DNS subdomain standard + as defined in [RFC 1123]. It must contain only lowercase alphanumeric characters, + hyphens (-) or periods (.), start and end with an alphanumeric character, + and be no longer than 253 characters. + + Some examples of valid values are: + - some-package + - 123-package + - 1-package-2 + - somepackage + + Some examples of invalid values are: + - -some-package + - some-package- + - thisisareallylongpackagenamethatisgreaterthanthemaximumlength + - some.package + + [RFC 1123]: https://tools.ietf.org/html/rfc1123 + maxLength: 253 + type: string + x-kubernetes-validations: + - message: packageName is immutable + rule: self == oldSelf + - message: packageName must be a valid DNS1123 subdomain. + It must contain only lowercase alphanumeric characters, + hyphens (-) or periods (.), start and end with an alphanumeric + character, and be no longer than 253 characters + rule: self.matches("^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$") + selector: + description: |- + selector is an optional field that can be used + to filter the set of ClusterCatalogs used in the bundle + selection process. + + When unspecified, all ClusterCatalogs will be used in + the bundle selection process. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + upgradeConstraintPolicy: + default: CatalogProvided + description: |- + upgradeConstraintPolicy is an optional field that controls whether + the upgrade path(s) defined in the catalog are enforced for the package + referenced in the packageName field. + + Allowed values are: "CatalogProvided" or "SelfCertified", or omitted. + + When this field is set to "CatalogProvided", automatic upgrades will only occur + when upgrade constraints specified by the package author are met. + + When this field is set to "SelfCertified", the upgrade constraints specified by + the package author are ignored. This allows for upgrades and downgrades to + any version of the package. This is considered a dangerous operation as it + can lead to unknown and potentially disastrous outcomes, such as data + loss. It is assumed that users have independently verified changes when + using this option. + + When this field is omitted, the default value is "CatalogProvided". + enum: + - CatalogProvided + - SelfCertified + type: string + version: + description: |- + version is an optional semver constraint (a specific version or range of versions). When unspecified, the latest version available will be installed. + + Acceptable version ranges are no longer than 64 characters. + Version ranges are composed of comma- or space-delimited values and one or + more comparison operators, known as comparison strings. Additional + comparison strings can be added using the OR operator (||). + + # Range Comparisons + + To specify a version range, you can use a comparison string like ">=3.0, + <3.6". When specifying a range, automatic updates will occur within that + range. The example comparison string means "install any version greater than + or equal to 3.0.0 but less than 3.6.0.". It also states intent that if any + upgrades are available within the version range after initial installation, + those upgrades should be automatically performed. + + # Pinned Versions + + To specify an exact version to install you can use a version range that + "pins" to a specific version. When pinning to a specific version, no + automatic updates will occur. An example of a pinned version range is + "0.6.0", which means "only install version 0.6.0 and never + upgrade from this version". + + # Basic Comparison Operators + + The basic comparison operators and their meanings are: + - "=", equal (not aliased to an operator) + - "!=", not equal + - "<", less than + - ">", greater than + - ">=", greater than OR equal to + - "<=", less than OR equal to + + # Wildcard Comparisons + + You can use the "x", "X", and "*" characters as wildcard characters in all + comparison operations. Some examples of using the wildcard characters: + - "1.2.x", "1.2.X", and "1.2.*" is equivalent to ">=1.2.0, < 1.3.0" + - ">= 1.2.x", ">= 1.2.X", and ">= 1.2.*" is equivalent to ">= 1.2.0" + - "<= 2.x", "<= 2.X", and "<= 2.*" is equivalent to "< 3" + - "x", "X", and "*" is equivalent to ">= 0.0.0" + + # Patch Release Comparisons + + When you want to specify a minor version up to the next major version you + can use the "~" character to perform patch comparisons. Some examples: + - "~1.2.3" is equivalent to ">=1.2.3, <1.3.0" + - "~1" and "~1.x" is equivalent to ">=1, <2" + - "~2.3" is equivalent to ">=2.3, <2.4" + - "~1.2.x" is equivalent to ">=1.2.0, <1.3.0" + + # Major Release Comparisons + + You can use the "^" character to make major release comparisons after a + stable 1.0.0 version is published. If there is no stable version published, // minor versions define the stability level. Some examples: + - "^1.2.3" is equivalent to ">=1.2.3, <2.0.0" + - "^1.2.x" is equivalent to ">=1.2.0, <2.0.0" + - "^2.3" is equivalent to ">=2.3, <3" + - "^2.x" is equivalent to ">=2.0.0, <3" + - "^0.2.3" is equivalent to ">=0.2.3, <0.3.0" + - "^0.2" is equivalent to ">=0.2.0, <0.3.0" + - "^0.0.3" is equvalent to ">=0.0.3, <0.0.4" + - "^0.0" is equivalent to ">=0.0.0, <0.1.0" + - "^0" is equivalent to ">=0.0.0, <1.0.0" + + # OR Comparisons + You can use the "||" character to represent an OR operation in the version + range. Some examples: + - ">=1.2.3, <2.0.0 || >3.0.0" + - "^0 || ^3 || ^5" + + For more information on semver, please see https://semver.org/ + maxLength: 64 + type: string + x-kubernetes-validations: + - message: invalid version expression + rule: self.matches("^(\\s*(=||!=|>|<|>=|=>|<=|=<|~|~>|\\^)\\s*(v?(0|[1-9]\\d*|[x|X|\\*])(\\.(0|[1-9]\\d*|x|X|\\*]))?(\\.(0|[1-9]\\d*|x|X|\\*))?(-([0-9A-Za-z\\-]+(\\.[0-9A-Za-z\\-]+)*))?(\\+([0-9A-Za-z\\-]+(\\.[0-9A-Za-z\\-]+)*))?)\\s*)((?:\\s+|,\\s*|\\s*\\|\\|\\s*)(=||!=|>|<|>=|=>|<=|=<|~|~>|\\^)\\s*(v?(0|[1-9]\\d*|x|X|\\*])(\\.(0|[1-9]\\d*|x|X|\\*))?(\\.(0|[1-9]\\d*|x|X|\\*]))?(-([0-9A-Za-z\\-]+(\\.[0-9A-Za-z\\-]+)*))?(\\+([0-9A-Za-z\\-]+(\\.[0-9A-Za-z\\-]+)*))?)\\s*)*$") + required: + - packageName + type: object + sourceType: + description: |- + sourceType is a required reference to the type of install source. + + Allowed values are "Catalog" + + When this field is set to "Catalog", information for determining the + appropriate bundle of content to install will be fetched from + ClusterCatalog resources existing on the cluster. + When using the Catalog sourceType, the catalog field must also be set. + enum: + - Catalog + type: string + required: + - sourceType + type: object + x-kubernetes-validations: + - message: catalog is required when sourceType is Catalog, and forbidden + otherwise + rule: 'has(self.sourceType) && self.sourceType == ''Catalog'' ? + has(self.catalog) : !has(self.catalog)' + required: + - namespace + - serviceAccount + - source + type: object + status: + description: status is an optional field that defines the observed state + of the ClusterExtension. + properties: + conditions: + description: |- + The set of condition types which apply to all spec.source variations are Installed and Progressing. + + The Installed condition represents whether or not the bundle has been installed for this ClusterExtension. + When Installed is True and the Reason is Succeeded, the bundle has been successfully installed. + When Installed is False and the Reason is Failed, the bundle has failed to install. + + The Progressing condition represents whether or not the ClusterExtension is advancing towards a new state. + When Progressing is True and the Reason is Succeeded, the ClusterExtension is making progress towards a new state. + When Progressing is True and the Reason is Retrying, the ClusterExtension has encountered an error that could be resolved on subsequent reconciliation attempts. + When Progressing is False and the Reason is Blocked, the ClusterExtension has encountered an error that requires manual intervention for recovery. + + When the ClusterExtension is sourced from a catalog, if may also communicate a deprecation condition. + These are indications from a package owner to guide users away from a particular package, channel, or bundle. + BundleDeprecated is set if the requested bundle version is marked deprecated in the catalog. + ChannelDeprecated is set if the requested channel is marked deprecated in the catalog. + PackageDeprecated is set if the requested package is marked deprecated in the catalog. + Deprecated is a rollup condition that is present when any of the deprecated conditions are present. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + install: + description: install is a representation of the current installation + status for this ClusterExtension. + properties: + bundle: + description: |- + bundle is a required field which represents the identifying attributes of a bundle. + + A "bundle" is a versioned set of content that represents the resources that + need to be applied to a cluster to install a package. + properties: + name: + description: |- + name is required and follows the DNS subdomain standard + as defined in [RFC 1123]. It must contain only lowercase alphanumeric characters, + hyphens (-) or periods (.), start and end with an alphanumeric character, + and be no longer than 253 characters. + type: string + x-kubernetes-validations: + - message: packageName must be a valid DNS1123 subdomain. + It must contain only lowercase alphanumeric characters, + hyphens (-) or periods (.), start and end with an alphanumeric + character, and be no longer than 253 characters + rule: self.matches("^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$") + version: + description: |- + version is a required field and is a reference to the version that this bundle represents + version follows the semantic versioning standard as defined in https://semver.org/. + type: string + x-kubernetes-validations: + - message: version must be well-formed semver + rule: self.matches("^([0-9]+)(\\.[0-9]+)?(\\.[0-9]+)?(-([-0-9A-Za-z]+(\\.[-0-9A-Za-z]+)*))?(\\+([-0-9A-Za-z]+(-\\.[-0-9A-Za-z]+)*))?") + required: + - name + - version + type: object + required: + - bundle + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/base/crd/kustomization.yaml b/config/base/operator-controller/crd/kustomization.yaml similarity index 100% rename from config/base/crd/kustomization.yaml rename to config/base/operator-controller/crd/kustomization.yaml diff --git a/config/base/crd/kustomizeconfig.yaml b/config/base/operator-controller/crd/kustomizeconfig.yaml similarity index 100% rename from config/base/crd/kustomizeconfig.yaml rename to config/base/operator-controller/crd/kustomizeconfig.yaml diff --git a/config/base/operator-controller/kustomization.yaml b/config/base/operator-controller/kustomization.yaml new file mode 100644 index 000000000..1d63fb17f --- /dev/null +++ b/config/base/operator-controller/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: olmv1-system +namePrefix: operator-controller- +resources: +- crd +- rbac +- manager + diff --git a/config/base/manager/kustomization.yaml b/config/base/operator-controller/manager/kustomization.yaml similarity index 100% rename from config/base/manager/kustomization.yaml rename to config/base/operator-controller/manager/kustomization.yaml diff --git a/config/base/manager/manager.yaml b/config/base/operator-controller/manager/manager.yaml similarity index 93% rename from config/base/manager/manager.yaml rename to config/base/operator-controller/manager/manager.yaml index 25ba5598a..db34940c3 100644 --- a/config/base/manager/manager.yaml +++ b/config/base/operator-controller/manager/manager.yaml @@ -1,11 +1,3 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - pod-security.kubernetes.io/enforce: restricted - pod-security.kubernetes.io/enforce-version: latest - name: system ---- apiVersion: apps/v1 kind: Deployment metadata: diff --git a/config/base/manager/service.yaml b/config/base/operator-controller/manager/service.yaml similarity index 100% rename from config/base/manager/service.yaml rename to config/base/operator-controller/manager/service.yaml diff --git a/config/base/rbac/auth_proxy_client_clusterrole.yaml b/config/base/operator-controller/rbac/auth_proxy_client_clusterrole.yaml similarity index 100% rename from config/base/rbac/auth_proxy_client_clusterrole.yaml rename to config/base/operator-controller/rbac/auth_proxy_client_clusterrole.yaml diff --git a/config/base/rbac/auth_proxy_role.yaml b/config/base/operator-controller/rbac/auth_proxy_role.yaml similarity index 100% rename from config/base/rbac/auth_proxy_role.yaml rename to config/base/operator-controller/rbac/auth_proxy_role.yaml diff --git a/config/base/rbac/auth_proxy_role_binding.yaml b/config/base/operator-controller/rbac/auth_proxy_role_binding.yaml similarity index 100% rename from config/base/rbac/auth_proxy_role_binding.yaml rename to config/base/operator-controller/rbac/auth_proxy_role_binding.yaml diff --git a/config/base/rbac/clusterextension_editor_role.yaml b/config/base/operator-controller/rbac/clusterextension_editor_role.yaml similarity index 100% rename from config/base/rbac/clusterextension_editor_role.yaml rename to config/base/operator-controller/rbac/clusterextension_editor_role.yaml diff --git a/config/base/rbac/clusterextension_viewer_role.yaml b/config/base/operator-controller/rbac/clusterextension_viewer_role.yaml similarity index 100% rename from config/base/rbac/clusterextension_viewer_role.yaml rename to config/base/operator-controller/rbac/clusterextension_viewer_role.yaml diff --git a/config/base/rbac/extension_editor_role.yaml b/config/base/operator-controller/rbac/extension_editor_role.yaml similarity index 100% rename from config/base/rbac/extension_editor_role.yaml rename to config/base/operator-controller/rbac/extension_editor_role.yaml diff --git a/config/base/rbac/extension_viewer_role.yaml b/config/base/operator-controller/rbac/extension_viewer_role.yaml similarity index 100% rename from config/base/rbac/extension_viewer_role.yaml rename to config/base/operator-controller/rbac/extension_viewer_role.yaml diff --git a/config/base/rbac/kustomization.yaml b/config/base/operator-controller/rbac/kustomization.yaml similarity index 100% rename from config/base/rbac/kustomization.yaml rename to config/base/operator-controller/rbac/kustomization.yaml diff --git a/config/base/rbac/leader_election_role.yaml b/config/base/operator-controller/rbac/leader_election_role.yaml similarity index 100% rename from config/base/rbac/leader_election_role.yaml rename to config/base/operator-controller/rbac/leader_election_role.yaml diff --git a/config/base/rbac/leader_election_role_binding.yaml b/config/base/operator-controller/rbac/leader_election_role_binding.yaml similarity index 100% rename from config/base/rbac/leader_election_role_binding.yaml rename to config/base/operator-controller/rbac/leader_election_role_binding.yaml diff --git a/config/base/rbac/role.yaml b/config/base/operator-controller/rbac/role.yaml similarity index 100% rename from config/base/rbac/role.yaml rename to config/base/operator-controller/rbac/role.yaml diff --git a/config/base/rbac/role_binding.yaml b/config/base/operator-controller/rbac/role_binding.yaml similarity index 100% rename from config/base/rbac/role_binding.yaml rename to config/base/operator-controller/rbac/role_binding.yaml diff --git a/config/base/rbac/service_account.yaml b/config/base/operator-controller/rbac/service_account.yaml similarity index 100% rename from config/base/rbac/service_account.yaml rename to config/base/operator-controller/rbac/service_account.yaml diff --git a/catalogd/config/base/default/clustercatalogs/default-catalogs.yaml b/config/catalogs/clustercatalogs/default-catalogs.yaml similarity index 100% rename from catalogd/config/base/default/clustercatalogs/default-catalogs.yaml rename to config/catalogs/clustercatalogs/default-catalogs.yaml diff --git a/catalogd/config/base/nginx-ingress/kustomization.yaml b/config/catalogs/nginx-ingress/kustomization.yaml similarity index 100% rename from catalogd/config/base/nginx-ingress/kustomization.yaml rename to config/catalogs/nginx-ingress/kustomization.yaml diff --git a/catalogd/config/base/nginx-ingress/resources/nginx_ingress.yaml b/config/catalogs/nginx-ingress/resources/nginx_ingress.yaml similarity index 100% rename from catalogd/config/base/nginx-ingress/resources/nginx_ingress.yaml rename to config/catalogs/nginx-ingress/resources/nginx_ingress.yaml diff --git a/config/components/ca/issuers.yaml b/config/components/ca/issuers.yaml deleted file mode 100644 index 0dffee04e..000000000 --- a/config/components/ca/issuers.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: self-sign-issuer - namespace: cert-manager -spec: - selfSigned: {} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: olmv1-ca - namespace: cert-manager -spec: - isCA: true - commonName: olmv1-ca - secretName: olmv1-ca - privateKey: - algorithm: ECDSA - size: 256 - issuerRef: - name: self-sign-issuer - kind: Issuer - group: cert-manager.io ---- -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: olmv1-ca -spec: - ca: - secretName: olmv1-ca diff --git a/config/components/coverage/manager_e2e_coverage_patch.yaml b/config/components/coverage/manager_e2e_coverage_patch.yaml index f2be3a19a..171a1607c 100644 --- a/config/components/coverage/manager_e2e_coverage_patch.yaml +++ b/config/components/coverage/manager_e2e_coverage_patch.yaml @@ -1,8 +1,8 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: controller-manager - namespace: system + name: operator-controller-controller-manager + namespace: olmv1-system spec: template: spec: diff --git a/config/components/registries-conf/manager_e2e_registries_conf_patch.yaml b/config/components/registries-conf/manager_e2e_registries_conf_patch.yaml index 42012d697..aa08a3d24 100644 --- a/config/components/registries-conf/manager_e2e_registries_conf_patch.yaml +++ b/config/components/registries-conf/manager_e2e_registries_conf_patch.yaml @@ -1,8 +1,8 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: controller-manager - namespace: system + name: operator-controller-controller-manager + namespace: olmv1-system spec: template: spec: diff --git a/catalogd/config/components/ca/resources/issuers.yaml b/config/components/tls/ca/issuers.yaml similarity index 100% rename from catalogd/config/components/ca/resources/issuers.yaml rename to config/components/tls/ca/issuers.yaml diff --git a/config/components/ca/kustomization.yaml b/config/components/tls/ca/kustomization.yaml similarity index 100% rename from config/components/ca/kustomization.yaml rename to config/components/tls/ca/kustomization.yaml diff --git a/catalogd/config/components/tls/kustomization.yaml b/config/components/tls/catalogd/kustomization.yaml similarity index 64% rename from catalogd/config/components/tls/kustomization.yaml rename to config/components/tls/catalogd/kustomization.yaml index f537d5d14..f603a0099 100644 --- a/catalogd/config/components/tls/kustomization.yaml +++ b/config/components/tls/catalogd/kustomization.yaml @@ -1,18 +1,21 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component namespace: olmv1-system -namePrefix: catalogd- resources: - resources/certificate.yaml patches: - target: kind: Service - name: service + labelSelector: app.kubernetes.io/name=catalogd path: patches/catalogd_service_port.yaml - target: kind: Deployment - name: controller-manager + labelSelector: control-plane=catalogd-controller-manager path: patches/manager_deployment_certs.yaml +- target: + kind: Deployment + labelSelector: control-plane=catalogd-controller-manager + path: patches/manager_deployment_cacerts.yaml - target: group: admissionregistration.k8s.io kind: MutatingWebhookConfiguration diff --git a/catalogd/config/components/tls/patches/catalogd_service_port.yaml b/config/components/tls/catalogd/patches/catalogd_service_port.yaml similarity index 100% rename from catalogd/config/components/tls/patches/catalogd_service_port.yaml rename to config/components/tls/catalogd/patches/catalogd_service_port.yaml diff --git a/catalogd/config/components/tls/patches/catalogd_webhook.yaml b/config/components/tls/catalogd/patches/catalogd_webhook.yaml similarity index 100% rename from catalogd/config/components/tls/patches/catalogd_webhook.yaml rename to config/components/tls/catalogd/patches/catalogd_webhook.yaml diff --git a/catalogd/config/components/ca/patches/manager_deployment_cacerts.yaml b/config/components/tls/catalogd/patches/manager_deployment_cacerts.yaml similarity index 100% rename from catalogd/config/components/ca/patches/manager_deployment_cacerts.yaml rename to config/components/tls/catalogd/patches/manager_deployment_cacerts.yaml diff --git a/catalogd/config/components/tls/patches/manager_deployment_certs.yaml b/config/components/tls/catalogd/patches/manager_deployment_certs.yaml similarity index 100% rename from catalogd/config/components/tls/patches/manager_deployment_certs.yaml rename to config/components/tls/catalogd/patches/manager_deployment_certs.yaml diff --git a/catalogd/config/components/tls/resources/certificate.yaml b/config/components/tls/catalogd/resources/certificate.yaml similarity index 92% rename from catalogd/config/components/tls/resources/certificate.yaml rename to config/components/tls/catalogd/resources/certificate.yaml index be14f8301..cacb0bc9b 100644 --- a/catalogd/config/components/tls/resources/certificate.yaml +++ b/config/components/tls/catalogd/resources/certificate.yaml @@ -1,8 +1,7 @@ ---- apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: service-cert + name: catalogd-service-cert namespace: system spec: secretName: catalogd-service-cert-git-version diff --git a/config/components/tls/kustomization.yaml b/config/components/tls/operator-controller/kustomization.yaml similarity index 76% rename from config/components/tls/kustomization.yaml rename to config/components/tls/operator-controller/kustomization.yaml index 8c1aa94cc..6c4e13975 100644 --- a/config/components/tls/kustomization.yaml +++ b/config/components/tls/operator-controller/kustomization.yaml @@ -7,4 +7,5 @@ patches: - target: kind: Deployment name: controller-manager + labelSelector: control-plane=operator-controller-controller-manager path: patches/manager_deployment_cert.yaml diff --git a/config/components/tls/patches/manager_deployment_cert.yaml b/config/components/tls/operator-controller/patches/manager_deployment_cert.yaml similarity index 100% rename from config/components/tls/patches/manager_deployment_cert.yaml rename to config/components/tls/operator-controller/patches/manager_deployment_cert.yaml diff --git a/config/components/tls/resources/manager_cert.yaml b/config/components/tls/operator-controller/resources/manager_cert.yaml similarity index 100% rename from config/components/tls/resources/manager_cert.yaml rename to config/components/tls/operator-controller/resources/manager_cert.yaml diff --git a/config/overlays/basic-olm/kustomization.yaml b/config/overlays/basic-olm/kustomization.yaml new file mode 100644 index 000000000..5975b3c04 --- /dev/null +++ b/config/overlays/basic-olm/kustomization.yaml @@ -0,0 +1,8 @@ +# kustomization file for based, non-secure OLMv1 +# DO NOT ADD A NAMESPACE HERE +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../../base/catalogd +- ../../base/operator-controller +- ../../base/common diff --git a/config/overlays/cert-manager/kustomization.yaml b/config/overlays/cert-manager/kustomization.yaml index 86746375b..ea113bb9d 100644 --- a/config/overlays/cert-manager/kustomization.yaml +++ b/config/overlays/cert-manager/kustomization.yaml @@ -1,10 +1,13 @@ -# kustomization file for secure operator-controller +# kustomization file for secure OLMv1 # DO NOT ADD A NAMESPACE HERE apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../base +- ../../base/catalogd +- ../../base/operator-controller +- ../../base/common components: -- ../../components/tls -# ca must be last or tls will overwrite the namespaces -- ../../components/ca +- ../../components/tls/catalogd +- ../../components/tls/operator-controller +# ca must be last other components will overwrite the namespaces +- ../../components/tls/ca diff --git a/config/overlays/e2e/kustomization.yaml b/config/overlays/e2e/kustomization.yaml index 4a40576bd..bc83e9fd3 100644 --- a/config/overlays/e2e/kustomization.yaml +++ b/config/overlays/e2e/kustomization.yaml @@ -3,10 +3,13 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../base +- ../../base/catalogd +- ../../base/operator-controller +- ../../base/common components: -- ../../components/tls +- ../../components/tls/catalogd +- ../../components/tls/operator-controller - ../../components/coverage - ../../components/registries-conf -# ca must be last or (tls|coverage) will overwrite the namespaces -- ../../components/ca +# ca must be last or other components will overwrite the namespaces +- ../../components/tls/ca diff --git a/config/overlays/tilt-local-dev/kustomization.yaml b/config/overlays/tilt-local-dev/catalogd/kustomization.yaml similarity index 53% rename from config/overlays/tilt-local-dev/kustomization.yaml rename to config/overlays/tilt-local-dev/catalogd/kustomization.yaml index 81bc3ffdc..846656bb4 100644 --- a/config/overlays/tilt-local-dev/kustomization.yaml +++ b/config/overlays/tilt-local-dev/catalogd/kustomization.yaml @@ -3,14 +3,15 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../base +- ../../../base/catalogd +- ../../../base/common components: -- ../../components/tls -# ca must be last or tls will overwrite the namespaces -- ../../components/ca +- ../../../components/tls/catalogd +# ca must be last or other components will overwrite the namespaces +- ../../../components/tls/ca patches: - target: kind: Deployment - name: controller-manager + name: catalogd-controller-manager path: patches/dev-deployment.yaml diff --git a/config/overlays/tilt-local-dev/catalogd/patches/dev-deployment.yaml b/config/overlays/tilt-local-dev/catalogd/patches/dev-deployment.yaml new file mode 100644 index 000000000..4df906921 --- /dev/null +++ b/config/overlays/tilt-local-dev/catalogd/patches/dev-deployment.yaml @@ -0,0 +1,10 @@ +# remove livenessProbe and readinessProbe so container doesn't restart during breakpoints +- op: replace + path: /spec/template/spec/containers/0/livenessProbe + value: null +- op: replace + path: /spec/template/spec/containers/0/readinessProbe + value: null +- op: remove + # remove --leader-elect so container doesn't restart during breakpoints + path: /spec/template/spec/containers/0/args/0 diff --git a/config/overlays/tilt-local-dev/operator-controller/kustomization.yaml b/config/overlays/tilt-local-dev/operator-controller/kustomization.yaml new file mode 100644 index 000000000..403f2d102 --- /dev/null +++ b/config/overlays/tilt-local-dev/operator-controller/kustomization.yaml @@ -0,0 +1,17 @@ +# kustomization file for secure operator-controller +# DO NOT ADD A NAMESPACE HERE +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../../../base/operator-controller +- ../../../base/common +components: +- ../../../components/tls/operator-controller +# ca must be last or other components will overwrite the namespaces +- ../../../components/tls/ca + +patches: + - target: + kind: Deployment + name: operator-controller-controller-manager + path: patches/dev-deployment.yaml diff --git a/config/overlays/tilt-local-dev/patches/dev-deployment.yaml b/config/overlays/tilt-local-dev/operator-controller/patches/dev-deployment.yaml similarity index 78% rename from config/overlays/tilt-local-dev/patches/dev-deployment.yaml rename to config/overlays/tilt-local-dev/operator-controller/patches/dev-deployment.yaml index 2d7cb9467..b273a0c9b 100644 --- a/config/overlays/tilt-local-dev/patches/dev-deployment.yaml +++ b/config/overlays/tilt-local-dev/operator-controller/patches/dev-deployment.yaml @@ -8,6 +8,3 @@ - op: remove # remove --leader-elect so container doesn't restart during breakpoints path: /spec/template/spec/containers/0/args/2 -- op: add - path: /spec/template/spec/containers/0/args/- - value: --feature-gates=PreflightPermissions=true diff --git a/config/samples/catalogd_operatorcatalog.yaml b/config/samples/catalogd_operatorcatalog.yaml index 4ce96d5b3..5e27729fa 100644 --- a/config/samples/catalogd_operatorcatalog.yaml +++ b/config/samples/catalogd_operatorcatalog.yaml @@ -3,8 +3,9 @@ kind: ClusterCatalog metadata: name: operatorhubio spec: + priority: 0 source: type: Image image: - ref: quay.io/operatorhubio/catalog:latest pollIntervalMinutes: 10 + ref: quay.io/operatorhubio/catalog:latest diff --git a/docs/draft/howto/fetching-catalog-contents.md b/docs/draft/howto/fetching-catalog-contents.md index 8944828a9..1acc129c9 100644 --- a/docs/draft/howto/fetching-catalog-contents.md +++ b/docs/draft/howto/fetching-catalog-contents.md @@ -137,7 +137,7 @@ This section outlines a way of exposing the `Catalogd` Service's endpoints outsi - Install the `Ingress NGINX` Controller by running the below command: ```sh - $ kubectl apply -k https://github.com/operator-framework/operator-controller/tree/main/catalogd/config/base/nginx-ingress + $ kubectl apply -k https://github.com/operator-framework/operator-controller/tree/main/config/catalogs/nginx-ingress ``` By running that above command, the `Ingress` Controller is installed. Along with it, the `Ingress` Resource will be applied automatically as well, thereby creating an `Ingress` Object on the cluster. diff --git a/internal/operator-controller/controllers/suite_test.go b/internal/operator-controller/controllers/suite_test.go index af93bf337..a83f0439c 100644 --- a/internal/operator-controller/controllers/suite_test.go +++ b/internal/operator-controller/controllers/suite_test.go @@ -138,7 +138,7 @@ var ( func TestMain(m *testing.M) { testEnv := &envtest.Environment{ CRDDirectoryPaths: []string{ - filepath.Join("..", "..", "..", "config", "base", "crd", "bases"), + filepath.Join("..", "..", "..", "config", "base", "operator-controller", "crd", "bases"), }, ErrorIfCRDPathMissing: true, }