Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Merged by Bors] - opa bundle for 23.4 #442

Closed
wants to merge 4 commits into from
Closed

[Merged by Bors] - opa bundle for 23.4 #442

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
1a43d9b
bundle files for opa 23.4
adwk67 May 2, 2023
81bf318
updated changelog
adwk67 May 2, 2023
f0c803d
added deployment
adwk67 May 2, 2023
4928a4c
fixed typo
adwk67 May 2, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,7 @@ crate-hashes.json
result
image.tar

tilt_options.json
tilt_options.json

**/bundle/
**/bundle.Dockerfile
5 changes: 5 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.

## [Unreleased]

### Added

- Generate OLM bundle for Release 23.4.0 ([#442]).

### Changed

- Operator-rs: `0.40.1` -> `0.41.0` ([#440]).
Expand All @@ -12,6 +16,7 @@ All notable changes to this project will be documented in this file.

[#440]: https://github.com/stackabletech/opa-operator/pull/440
[#441]: https://github.com/stackabletech/opa-operator/pull/441
[#442]: https://github.com/stackabletech/opa-operator/pull/442

## [23.4.0] - 2023-04-17

Expand Down
17 changes: 17 additions & 0 deletions deploy/olm/23.4.0/manifests/configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
---
apiVersion: v1
data:
properties.yaml: |
---
version: 0.1.0
spec:
units: []

properties: []
kind: ConfigMap
metadata:
name: opa-operator-configmap
labels:
app.kubernetes.io/name: opa-operator
app.kubernetes.io/instance: opa-operator
app.kubernetes.io/version: "23.4.0"
482 changes: 482 additions & 0 deletions deploy/olm/23.4.0/manifests/opacluster.yaml
View file
Open in desktop

Large diffs are not rendered by default.

22 changes: 22 additions & 0 deletions deploy/olm/23.4.0/manifests/roles-opa-builder.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: opa-operator-opa-bundle-builder-clusterrole
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- watch
- list
- apiGroups:
- security.openshift.io
resources:
- securitycontextconstraints
resourceNames:
- stackable-products-scc
verbs:
- use
30 changes: 30 additions & 0 deletions deploy/olm/23.4.0/manifests/roles.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: opa-clusterrole
rules:
- apiGroups:
- ""
resources:
- configmaps
- secrets
- serviceaccounts
verbs:
- get
- list
- watch
- apiGroups:
- events.k8s.io
resources:
- events
verbs:
- create
- apiGroups:
- security.openshift.io
resources:
- securitycontextconstraints
resourceNames:
- stackable-products-scc
verbs:
- use
264 changes: 264 additions & 0 deletions deploy/olm/23.4.0/manifests/stackable-opa-operator.clusterserviceversion.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,264 @@
---
apiVersion: operators.coreos.com/v1alpha1
kind: ClusterServiceVersion
metadata:
name: opa-operator.v23.4.0
spec:
annotations:
support: stackable.tech
olm.properties: '[]'
categories: Storage
capabilities: Full Lifecycle
description: Stackable Operator for Opa (Open Policy Agent)
repository: https://github.com/stackabletech/opa-operator
containerImage: docker.stackable.tech/stackable/opa-operator:23.4.0

displayName: Stackable Operator for Opa (Open Policy Agent)
description: |-
This is a Kubernetes operator to manage [Opa](https://www.openpolicyagent.org/) ensembles. The Stackable Opa Operator
is part of the Stackable Data Platform, a curated selection of the best open source data apps like Kafka, Druid, Trino or Spark, all
working together seamlessly. Based on Kubernetes, it runs everywhere – on prem or in the cloud.

You can install the operator using [stackablectl or helm](https://docs.stackable.tech/opa/stable/getting_started/installation.html).
See it in action in one of our [demos](https://stackable.tech/en/demos/) or follow this
[tutorial](https://docs.stackable.tech/opa/stable/getting_started/first_steps.html).

N.B. this operator requires the following Stackable internal operators to be installed as well:

- [Commons Operator](https://github.com/stackabletech/commons-operator)
- [Secret Operator](https://github.com/stackabletech/secret-operator)
keywords:
- opa
maintainers:
- email: [email protected]
name: Stackable GmbH
maturity: stable
provider:
name: Stackable GmbH
url: https://stackable.tech
version: 23.4.0
minKubeVersion: 1.23.0

installModes:
- supported: true
type: OwnNamespace
- supported: true
type: SingleNamespace
- supported: false
type: MultiNamespace
- supported: false
type: AllNamespaces

customresourcedefinitions:
owned:
# a list of CRDs that this operator owns
# name is the metadata.name of the CRD (which is of the form <plural>.<group>)
- name: opaclusters.opa.stackable.tech
# version is the spec.versions[].name value defined in the CRD
version: v1alpha1
# kind is the CamelCased singular value defined in spec.names.kind of the CRD.
kind: OpaCluster
# human-friendly display name of the CRD for rendering in graphical consoles (optional)
displayName: Apache Opa Cluster
# a short description of the CRDs purpose for rendering in graphical consoles (optional)
description: Represents an Opa cluster

relatedImages:
- name: opa-operator
image: docker.stackable.tech/stackable/opa-operator:23.4.0
install:
# strategy indicates what type of deployment artifacts are used
strategy: deployment
# spec for the deployment strategy is a list of deployment specs and required permissions - similar to a pod template used in a deployment
spec:
permissions:
- serviceAccountName: opa-operator
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- '*'
# permissions required at the cluster scope
clusterPermissions:
- serviceAccountName: opa-operator
rules:
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- pods
- configmaps
- secrets
- services
- endpoints
- serviceaccounts
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- daemonsets
verbs:
- get
- create
- delete
- list
- patch
- update
- watch
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- apiGroups:
- events.k8s.io
resources:
- events
verbs:
- create
- apiGroups:
- authentication.stackable.tech
resources:
- authenticationclasses
verbs:
- get
- list
- watch
- apiGroups:
- opa.stackable.tech
resources:
- opaclusters
verbs:
- get
- list
- patch
- watch
- apiGroups:
- opa.stackable.tech
resources:
- opaclusters/status
verbs:
- patch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterroles
verbs:
- bind
resourceNames:
- opa-clusterrole
- apiGroups:
- security.openshift.io
resources:
- securitycontextconstraints
resourceNames:
- hostmount-anyuid
verbs:
- use

deployments:
- name: opa-operator
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: opa-operator
app.kubernetes.io/instance: opa-operator
template:
metadata:
labels:
app.kubernetes.io/name: opa-operator
app.kubernetes.io/instance: opa-operator
spec:
serviceAccountName: opa-operator
securityContext: {}
containers:
- name: opa-operator
securityContext: {}
image: docker.stackable.tech/stackable/opa-operator:23.4.0
imagePullPolicy: IfNotPresent
resources: {}
volumeMounts:
- mountPath: /etc/stackable/opa-operator/config-spec
name: config-spec
env:
- name: OPA_BUNDLE_BUILDER_CLUSTERROLE
value: opa-operator-opa-bundle-builder-clusterrole
volumes:
- name: config-spec
configMap:
name: opa-operator-configmap
- name: opa-operator-deployment
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: opa-operator
app.kubernetes.io/instance: opa-operator
template:
metadata:
labels:
app.kubernetes.io/name: opa-operator
app.kubernetes.io/instance: opa-operator
spec:
serviceAccountName: opa-operator
securityContext: {}
containers:
- name: opa-operator
securityContext: {}
image: docker.stackable.tech/stackable/opa-operator:23.4.0
imagePullPolicy: IfNotPresent
resources: {}
volumeMounts:
- mountPath: /etc/stackable/opa-operator/config-spec
name: config-spec
env:
- name: OPA_BUNDLE_BUILDER_CLUSTERROLE
value: opa-operator-opa-bundle-builder-clusterrole
volumes:
- name: config-spec
configMap:
name: opa-operator-configmap
10 changes: 10 additions & 0 deletions deploy/olm/23.4.0/metadata/dependencies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
---
dependencies:
- type: olm.package
value:
packageName: commons-operator-package
version: "23.4.0"
- type: olm.package
value:
packageName: secret-operator-package
version: "23.4.0"
Loading