From 1a43d9b20b932dbde44972630de39d1ce2170d88 Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy Date: Tue, 2 May 2023 11:01:43 +0200 Subject: [PATCH 1/4] bundle files for opa 23.4 --- .gitignore | 5 +- deploy/olm/23.4.0/manifests/configmap.yaml | 17 + deploy/olm/23.4.0/manifests/opacluster.yaml | 482 ++++++++++++++++++ .../23.4.0/manifests/roles-opa-builder.yaml | 22 + deploy/olm/23.4.0/manifests/roles.yaml | 30 ++ ...le-opa-operator.clusterserviceversion.yaml | 228 +++++++++ deploy/olm/23.4.0/metadata/dependencies.yaml | 10 + deploy/olm/bundle.sh | 33 ++ 8 files changed, 826 insertions(+), 1 deletion(-) create mode 100644 deploy/olm/23.4.0/manifests/configmap.yaml create mode 100644 deploy/olm/23.4.0/manifests/opacluster.yaml create mode 100644 deploy/olm/23.4.0/manifests/roles-opa-builder.yaml create mode 100644 deploy/olm/23.4.0/manifests/roles.yaml create mode 100644 deploy/olm/23.4.0/manifests/stackable-opa-operator.clusterserviceversion.yaml create mode 100644 deploy/olm/23.4.0/metadata/dependencies.yaml create mode 100755 deploy/olm/bundle.sh diff --git a/.gitignore b/.gitignore index 44b2140f..61e9b85b 100644 --- a/.gitignore +++ b/.gitignore @@ -14,4 +14,7 @@ crate-hashes.json result image.tar -tilt_options.json \ No newline at end of file +tilt_options.json + +**/bundle/ +**/bundle.Dockerfile \ No newline at end of file diff --git a/deploy/olm/23.4.0/manifests/configmap.yaml b/deploy/olm/23.4.0/manifests/configmap.yaml new file mode 100644 index 00000000..712f2422 --- /dev/null +++ b/deploy/olm/23.4.0/manifests/configmap.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: v1 +data: + properties.yaml: | + --- + version: 0.1.0 + spec: + units: [] + + properties: [] +kind: ConfigMap +metadata: + name: opa-operator-configmap + labels: + app.kubernetes.io/name: opa-operator + app.kubernetes.io/instance: opa-operator + app.kubernetes.io/version: "23.4.0" diff --git a/deploy/olm/23.4.0/manifests/opacluster.yaml b/deploy/olm/23.4.0/manifests/opacluster.yaml new file mode 100644 index 00000000..67a77440 --- /dev/null +++ b/deploy/olm/23.4.0/manifests/opacluster.yaml @@ -0,0 +1,482 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: opaclusters.opa.stackable.tech + annotations: + helm.sh/resource-policy: keep +spec: + group: opa.stackable.tech + names: + categories: [] + kind: OpaCluster + plural: opaclusters + shortNames: + - opa + singular: opacluster + scope: Namespaced + versions: + - additionalPrinterColumns: [] + name: v1alpha1 + schema: + openAPIV3Schema: + description: Auto-generated derived type for OpaSpec via `CustomResource` + properties: + spec: + properties: + clusterConfig: + default: + listenerClass: cluster-internal + description: Global OPA cluster configuration that applies to all roles and role groups. + properties: + listenerClass: + default: cluster-internal + description: |- + In the future this setting will control, which ListenerClass will be used to expose the service. Currently only a subset of the ListenerClasses are supported by choosing the type of the created Services by looking at the ListenerClass name specified, In a future release support for custom ListenerClasses will be introduced without a breaking change: + + * cluster-internal: Use a ClusterIP service + + * external-unstable: Use a NodePort service + + * external-stable: Use a LoadBalancer service + enum: + - cluster-internal + - external-unstable + - external-stable + type: string + vectorAggregatorConfigMapName: + description: Name of the Vector aggregator discovery ConfigMap. It must contain the key `ADDRESS` with the address of the Vector aggregator. + nullable: true + type: string + type: object + clusterOperation: + default: + stopped: false + reconciliationPaused: false + description: Cluster operations like pause reconciliation or cluster stop. + properties: + reconciliationPaused: + default: false + description: Flag to stop cluster reconciliation by the operator. This means that all changes in the custom resource spec are ignored until this flag is set to false or removed. The operator will however still watch the deployed resources at the time and update the custom resource status field. If applied at the same time with `stopped`, `reconciliationPaused` will take precedence over `stopped` and stop the reconciliation immediately. + type: boolean + stopped: + default: false + description: Flag to stop the cluster. This means all deployed resources (e.g. Services, StatefulSets, ConfigMaps) are kept but all deployed Pods (e.g. replicas from a StatefulSet) are scaled to 0 and therefore stopped and removed. If applied at the same time with `reconciliationPaused`, the latter will pause reconciliation and `stopped` will take no effect until `reconciliationPaused` is set to false or removed. + type: boolean + type: object + image: + anyOf: + - required: + - custom + - productVersion + - required: + - productVersion + - stackableVersion + description: The OPA image to use + properties: + custom: + description: Overwrite the docker image. Specify the full docker image name, e.g. `docker.stackable.tech/stackable/superset:1.4.1-stackable2.1.0` + type: string + productVersion: + description: Version of the product, e.g. `1.4.1`. + type: string + pullPolicy: + default: IfNotPresent + description: '[Pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) used when pulling the Images' + enum: + - IfNotPresent + - Always + - Never + type: string + pullSecrets: + description: '[Image pull secrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod) to pull images from a private registry' + items: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + nullable: true + type: array + repo: + description: Name of the docker repo, e.g. `docker.stackable.tech/stackable` + nullable: true + type: string + stackableVersion: + description: Stackable version of the product, e.g. 2.1.0 + type: string + type: object + servers: + description: OPA server configuration. + properties: + cliOverrides: + additionalProperties: + type: string + default: {} + type: object + config: + default: {} + properties: + logging: + default: + enableVectorAgent: null + containers: {} + properties: + containers: + additionalProperties: + anyOf: + - required: + - custom + - {} + description: Fragment derived from `ContainerLogConfigChoice` + properties: + console: + nullable: true + properties: + level: + description: Log levels + enum: + - TRACE + - DEBUG + - INFO + - WARN + - ERROR + - FATAL + - NONE + nullable: true + type: string + type: object + custom: + description: Custom log configuration provided in a ConfigMap + properties: + configMap: + nullable: true + type: string + type: object + file: + nullable: true + properties: + level: + description: Log levels + enum: + - TRACE + - DEBUG + - INFO + - WARN + - ERROR + - FATAL + - NONE + nullable: true + type: string + type: object + loggers: + additionalProperties: + properties: + level: + description: Log levels + enum: + - TRACE + - DEBUG + - INFO + - WARN + - ERROR + - FATAL + - NONE + nullable: true + type: string + type: object + default: {} + type: object + type: object + type: object + enableVectorAgent: + nullable: true + type: boolean + type: object + resources: + default: + memory: + limit: null + runtimeLimits: {} + cpu: + min: null + max: null + storage: {} + properties: + cpu: + default: + min: null + max: null + properties: + max: + description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n``` ::= \n\n\t(Note that may be empty, from the \"\" case in .)\n\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n\n\t(International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\n ::= m | \"\" | k | M | G | T | P | E\n\n\t(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\n ::= \"e\" | \"E\" ```\n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n\n- No precision is lost - No fractional digits will be emitted - The exponent (or suffix) is as large as possible.\n\nThe sign will be omitted unless the number is negative.\n\nExamples:\n\n- 1.5 will be serialized as \"1500m\" - 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." + nullable: true + type: string + min: + description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n``` ::= \n\n\t(Note that may be empty, from the \"\" case in .)\n\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n\n\t(International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\n ::= m | \"\" | k | M | G | T | P | E\n\n\t(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\n ::= \"e\" | \"E\" ```\n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n\n- No precision is lost - No fractional digits will be emitted - The exponent (or suffix) is as large as possible.\n\nThe sign will be omitted unless the number is negative.\n\nExamples:\n\n- 1.5 will be serialized as \"1500m\" - 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." + nullable: true + type: string + type: object + memory: + properties: + limit: + description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n``` ::= \n\n\t(Note that may be empty, from the \"\" case in .)\n\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n\n\t(International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\n ::= m | \"\" | k | M | G | T | P | E\n\n\t(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\n ::= \"e\" | \"E\" ```\n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n\n- No precision is lost - No fractional digits will be emitted - The exponent (or suffix) is as large as possible.\n\nThe sign will be omitted unless the number is negative.\n\nExamples:\n\n- 1.5 will be serialized as \"1500m\" - 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." + nullable: true + type: string + runtimeLimits: + type: object + type: object + storage: + type: object + type: object + type: object + configOverrides: + additionalProperties: + additionalProperties: + type: string + type: object + default: {} + type: object + envOverrides: + additionalProperties: + type: string + default: {} + type: object + roleGroups: + additionalProperties: + properties: + cliOverrides: + additionalProperties: + type: string + default: {} + type: object + config: + default: {} + properties: + logging: + default: + enableVectorAgent: null + containers: {} + properties: + containers: + additionalProperties: + anyOf: + - required: + - custom + - {} + description: Fragment derived from `ContainerLogConfigChoice` + properties: + console: + nullable: true + properties: + level: + description: Log levels + enum: + - TRACE + - DEBUG + - INFO + - WARN + - ERROR + - FATAL + - NONE + nullable: true + type: string + type: object + custom: + description: Custom log configuration provided in a ConfigMap + properties: + configMap: + nullable: true + type: string + type: object + file: + nullable: true + properties: + level: + description: Log levels + enum: + - TRACE + - DEBUG + - INFO + - WARN + - ERROR + - FATAL + - NONE + nullable: true + type: string + type: object + loggers: + additionalProperties: + properties: + level: + description: Log levels + enum: + - TRACE + - DEBUG + - INFO + - WARN + - ERROR + - FATAL + - NONE + nullable: true + type: string + type: object + default: {} + type: object + type: object + type: object + enableVectorAgent: + nullable: true + type: boolean + type: object + resources: + default: + memory: + limit: null + runtimeLimits: {} + cpu: + min: null + max: null + storage: {} + properties: + cpu: + default: + min: null + max: null + properties: + max: + description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n``` ::= \n\n\t(Note that may be empty, from the \"\" case in .)\n\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n\n\t(International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\n ::= m | \"\" | k | M | G | T | P | E\n\n\t(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\n ::= \"e\" | \"E\" ```\n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n\n- No precision is lost - No fractional digits will be emitted - The exponent (or suffix) is as large as possible.\n\nThe sign will be omitted unless the number is negative.\n\nExamples:\n\n- 1.5 will be serialized as \"1500m\" - 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." + nullable: true + type: string + min: + description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n``` ::= \n\n\t(Note that may be empty, from the \"\" case in .)\n\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n\n\t(International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\n ::= m | \"\" | k | M | G | T | P | E\n\n\t(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\n ::= \"e\" | \"E\" ```\n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n\n- No precision is lost - No fractional digits will be emitted - The exponent (or suffix) is as large as possible.\n\nThe sign will be omitted unless the number is negative.\n\nExamples:\n\n- 1.5 will be serialized as \"1500m\" - 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." + nullable: true + type: string + type: object + memory: + properties: + limit: + description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n``` ::= \n\n\t(Note that may be empty, from the \"\" case in .)\n\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n\n\t(International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\n ::= m | \"\" | k | M | G | T | P | E\n\n\t(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\n ::= \"e\" | \"E\" ```\n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n\n- No precision is lost - No fractional digits will be emitted - The exponent (or suffix) is as large as possible.\n\nThe sign will be omitted unless the number is negative.\n\nExamples:\n\n- 1.5 will be serialized as \"1500m\" - 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." + nullable: true + type: string + runtimeLimits: + type: object + type: object + storage: + type: object + type: object + type: object + configOverrides: + additionalProperties: + additionalProperties: + type: string + type: object + default: {} + type: object + envOverrides: + additionalProperties: + type: string + default: {} + type: object + replicas: + format: uint16 + minimum: 0.0 + nullable: true + type: integer + selector: + description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + type: object + type: object + required: + - roleGroups + type: object + required: + - image + - servers + type: object + status: + nullable: true + properties: + conditions: + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + format: date-time + nullable: true + type: string + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + nullable: true + type: string + message: + description: A human readable message indicating details about the transition. + nullable: true + type: string + reason: + description: The reason for the condition's last transition. + nullable: true + type: string + status: + description: Status of the condition, one of True, False, Unknown. + enum: + - 'True' + - 'False' + - Unknown + type: string + type: + description: Type of deployment condition. + enum: + - Available + - Degraded + - Progressing + - ReconciliationPaused + - Stopped + type: string + required: + - status + - type + type: object + type: array + required: + - conditions + type: object + required: + - spec + title: OpaCluster + type: object + served: true + storage: true + subresources: + status: {} diff --git a/deploy/olm/23.4.0/manifests/roles-opa-builder.yaml b/deploy/olm/23.4.0/manifests/roles-opa-builder.yaml new file mode 100644 index 00000000..274aaa5b --- /dev/null +++ b/deploy/olm/23.4.0/manifests/roles-opa-builder.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: opa-operator-opa-bundle-builder-clusterrole +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + resourceNames: + - stackable-products-scc + verbs: + - use diff --git a/deploy/olm/23.4.0/manifests/roles.yaml b/deploy/olm/23.4.0/manifests/roles.yaml new file mode 100644 index 00000000..31de2d2a --- /dev/null +++ b/deploy/olm/23.4.0/manifests/roles.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: opa-clusterrole +rules: + - apiGroups: + - "" + resources: + - configmaps + - secrets + - serviceaccounts + verbs: + - get + - list + - watch + - apiGroups: + - events.k8s.io + resources: + - events + verbs: + - create + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + resourceNames: + - stackable-products-scc + verbs: + - use diff --git a/deploy/olm/23.4.0/manifests/stackable-opa-operator.clusterserviceversion.yaml b/deploy/olm/23.4.0/manifests/stackable-opa-operator.clusterserviceversion.yaml new file mode 100644 index 00000000..7bbfb6c0 --- /dev/null +++ b/deploy/olm/23.4.0/manifests/stackable-opa-operator.clusterserviceversion.yaml @@ -0,0 +1,228 @@ +--- +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + name: opa-operator.v23.4.0 +spec: + annotations: + support: stackable.tech + olm.properties: '[]' + categories: Storage + capabilities: Full Lifecycle + description: Stackable Operator for Opa (Open Policy Agent) + repository: https://github.com/stackabletech/opa-operator + containerImage: docker.stackable.tech/stackable/opa-operator:23.4.0 + + displayName: Stackable Operator for Opa (Open Policy Agent) + description: |- + This is a Kubernetes operator to manage [Opa](https://www.openpolicyagent.org/) ensembles. The Stackable Opa Operator + is part of the Stackable Data Platform, a curated selection of the best open source data apps like Kafka, Druid, Trino or Spark, all + working together seamlessly. Based on Kubernetes, it runs everywhere – on prem or in the cloud. + + You can install the operator using [stackablectl or helm](https://docs.stackable.tech/opa/stable/getting_started/installation.html). + See it in action in one of our [demos](https://stackable.tech/en/demos/) or follow this + [tutorial](https://docs.stackable.tech/opa/stable/getting_started/first_steps.html). + + N.B. this operator requires the following Stackable internal operators to be installed as well: + + - [Commons Operator](https://github.com/stackabletech/commons-operator) + - [Secret Operator](https://github.com/stackabletech/secret-operator) + keywords: + - opa + maintainers: + - email: info@stackable.tech + name: Stackable GmbH + maturity: stable + provider: + name: Stackable GmbH + url: https://stackable.tech + version: 23.4.0 + minKubeVersion: 1.23.0 + + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + + customresourcedefinitions: + owned: + # a list of CRDs that this operator owns + # name is the metadata.name of the CRD (which is of the form .) + - name: opaclusters.opa.stackable.tech + # version is the spec.versions[].name value defined in the CRD + version: v1alpha1 + # kind is the CamelCased singular value defined in spec.names.kind of the CRD. + kind: OpaCluster + # human-friendly display name of the CRD for rendering in graphical consoles (optional) + displayName: Apache Opa Cluster + # a short description of the CRDs purpose for rendering in graphical consoles (optional) + description: Represents an Opa cluster + + relatedImages: + - name: opa-operator + image: docker.stackable.tech/stackable/hiopave-operator:23.4.0 + install: + # strategy indicates what type of deployment artifacts are used + strategy: deployment + # spec for the deployment strategy is a list of deployment specs and required permissions - similar to a pod template used in a deployment + spec: + permissions: + - serviceAccountName: opa-operator + rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - '*' + # permissions required at the cluster scope + clusterPermissions: + - serviceAccountName: opa-operator + rules: + - apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - pods + - configmaps + - secrets + - services + - endpoints + - serviceaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - daemonsets + verbs: + - get + - create + - delete + - list + - patch + - update + - watch + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - apiGroups: + - events.k8s.io + resources: + - events + verbs: + - create + - apiGroups: + - authentication.stackable.tech + resources: + - authenticationclasses + verbs: + - get + - list + - watch + - apiGroups: + - opa.stackable.tech + resources: + - opaclusters + verbs: + - get + - list + - patch + - watch + - apiGroups: + - opa.stackable.tech + resources: + - opaclusters/status + verbs: + - patch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + verbs: + - bind + resourceNames: + - opa-clusterrole + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + resourceNames: + - hostmount-anyuid + verbs: + - use + + deployments: + - name: opa-operator + spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app.kubernetes.io/name: opa-operator + app.kubernetes.io/instance: opa-operator + template: + metadata: + labels: + app.kubernetes.io/name: opa-operator + app.kubernetes.io/instance: opa-operator + spec: + serviceAccountName: opa-operator + securityContext: {} + containers: + - name: opa-operator + securityContext: {} + image: docker.stackable.tech/stackable/opa-operator:23.4.0 + imagePullPolicy: IfNotPresent + resources: {} + volumeMounts: + - mountPath: /etc/stackable/opa-operator/config-spec + name: config-spec + volumes: + - name: config-spec + configMap: + name: opa-operator-configmap diff --git a/deploy/olm/23.4.0/metadata/dependencies.yaml b/deploy/olm/23.4.0/metadata/dependencies.yaml new file mode 100644 index 00000000..e7214047 --- /dev/null +++ b/deploy/olm/23.4.0/metadata/dependencies.yaml @@ -0,0 +1,10 @@ +--- +dependencies: + - type: olm.package + value: + packageName: commons-operator-package + version: "23.4.0" + - type: olm.package + value: + packageName: secret-operator-package + version: "23.4.0" diff --git a/deploy/olm/bundle.sh b/deploy/olm/bundle.sh new file mode 100755 index 00000000..03e31d4f --- /dev/null +++ b/deploy/olm/bundle.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env bash +# usage: bundle.sh , called from base folder: +# e.g. ./deploy/olm/bundle.sh 23.1.0 + +set -euo pipefail +set -x + +OPERATOR_NAME="opa-operator" + +bundle-clean() { + rm -rf "deploy/olm/${VERSION}/bundle" + rm -rf "deploy/olm/${VERSION}/bundle.Dockerfile" +} + + +build-bundle() { + opm alpha bundle generate --directory manifests --package "${OPERATOR_NAME}-package" --output-dir bundle --channels stable --default stable + cp metadata/*.yaml bundle/metadata/ + docker build -t "docker.stackable.tech/stackable/${OPERATOR_NAME}-bundle:${VERSION}" -f bundle.Dockerfile . + docker push "docker.stackable.tech/stackable/${OPERATOR_NAME}-bundle:${VERSION}" + opm alpha bundle validate --tag "docker.stackable.tech/stackable/${OPERATOR_NAME}-bundle:${VERSION}" --image-builder docker +} + +main() { + VERSION="$1"; + + pushd "deploy/olm/${VERSION}" + bundle-clean + build-bundle + popd +} + +main "$@" \ No newline at end of file From 81bf318b926e8054787840d4cd544e1ba67923f9 Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy Date: Tue, 2 May 2023 11:07:32 +0200 Subject: [PATCH 2/4] updated changelog --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3b524c44..f6beaa74 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file. ## [Unreleased] +### Added + +- Generate OLM bundle for Release 23.4.0 ([#442]). + ### Changed - Operator-rs: `0.40.1` -> `0.41.0` ([#440]). @@ -12,6 +16,7 @@ All notable changes to this project will be documented in this file. [#440]: https://github.com/stackabletech/opa-operator/pull/440 [#441]: https://github.com/stackabletech/opa-operator/pull/441 +[#442]: https://github.com/stackabletech/opa-operator/pull/442 ## [23.4.0] - 2023-04-17 From f0c803d1117fd8adfa6d548f9d5e86818a329390 Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy Date: Tue, 2 May 2023 11:51:16 +0200 Subject: [PATCH 3/4] added deployment --- ...le-opa-operator.clusterserviceversion.yaml | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/deploy/olm/23.4.0/manifests/stackable-opa-operator.clusterserviceversion.yaml b/deploy/olm/23.4.0/manifests/stackable-opa-operator.clusterserviceversion.yaml index 7bbfb6c0..8e8e6dbc 100644 --- a/deploy/olm/23.4.0/manifests/stackable-opa-operator.clusterserviceversion.yaml +++ b/deploy/olm/23.4.0/manifests/stackable-opa-operator.clusterserviceversion.yaml @@ -222,6 +222,42 @@ spec: volumeMounts: - mountPath: /etc/stackable/opa-operator/config-spec name: config-spec + env: + - name: OPA_BUNDLE_BUILDER_CLUSTERROLE + value: opa-operator-opa-bundle-builder-clusterrole + volumes: + - name: config-spec + configMap: + name: opa-operator-configmap + - name: opa-operator-deployment + spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app.kubernetes.io/name: opa-operator + app.kubernetes.io/instance: opa-operator + template: + metadata: + labels: + app.kubernetes.io/name: opa-operator + app.kubernetes.io/instance: opa-operator + spec: + serviceAccountName: opa-operator + securityContext: {} + containers: + - name: opa-operator + securityContext: {} + image: docker.stackable.tech/stackable/opa-operator:23.4.0 + imagePullPolicy: IfNotPresent + resources: {} + volumeMounts: + - mountPath: /etc/stackable/opa-operator/config-spec + name: config-spec + env: + - name: OPA_BUNDLE_BUILDER_CLUSTERROLE + value: opa-operator-opa-bundle-builder-clusterrole volumes: - name: config-spec configMap: From 4928a4cf50b5cd8bebb4fe6ba4778fcfdce3cba1 Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy Date: Tue, 2 May 2023 13:30:19 +0200 Subject: [PATCH 4/4] fixed typo --- .../manifests/stackable-opa-operator.clusterserviceversion.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/olm/23.4.0/manifests/stackable-opa-operator.clusterserviceversion.yaml b/deploy/olm/23.4.0/manifests/stackable-opa-operator.clusterserviceversion.yaml index 8e8e6dbc..7f163269 100644 --- a/deploy/olm/23.4.0/manifests/stackable-opa-operator.clusterserviceversion.yaml +++ b/deploy/olm/23.4.0/manifests/stackable-opa-operator.clusterserviceversion.yaml @@ -65,7 +65,7 @@ spec: relatedImages: - name: opa-operator - image: docker.stackable.tech/stackable/hiopave-operator:23.4.0 + image: docker.stackable.tech/stackable/opa-operator:23.4.0 install: # strategy indicates what type of deployment artifacts are used strategy: deployment