build console-plugin assets using jsonnet

assets/console-plugin/config-map.yaml

@@ -1,15 +1,4 @@
----
-# Source: openshift-console-plugin/templates/configmap.yaml
 apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: monitoring-plugin
-  namespace: openshift-monitoring
-  labels:
-    app: monitoring-plugin
-    app.kubernetes.io/name: monitoring-plugin
-    app.kubernetes.io/instance: monitoring-plugin
-    app.kubernetes.io/part-of: openshift-monitoring
 data:
   nginx.conf: |
     error_log /dev/stdout info;
@@ -26,3 +15,12 @@ data:
         root                /usr/share/nginx/html;
       }
     }
+kind: ConfigMap
+metadata:
+  labels:
+    app: monitoring-plugin
+    app.kubernetes.io/instance: monitoring-plugin
+    app.kubernetes.io/name: monitoring-plugin
+    app.kubernetes.io/part-of: openshift-monitoring
+  name: monitoring-plugin
+  namespace: openshift-monitoring

assets/console-plugin/console-plugin.yaml

@@ -1,21 +1,18 @@
----
-# Source: openshift-console-plugin/templates/consoleplugin.yaml
 apiVersion: console.openshift.io/v1
 kind: ConsolePlugin
 metadata:
-  name: monitoring-plugin
   labels:
     app: monitoring-plugin
-    app.kubernetes.io/name: monitoring-plugin
     app.kubernetes.io/instance: monitoring-plugin
+    app.kubernetes.io/name: monitoring-plugin
     app.kubernetes.io/part-of: openshift-monitoring
+  name: monitoring-plugin
 spec:
-  displayName: monitoring-plugin Plugin
   backend:
-    type: Service
     service:
+      basePath: /
       name: monitoring-plugin
       namespace: openshift-monitoring
       port: 9443
-      basePath: /
-
+    type: Service
+  displayName: monitoring-plugin Plugin

assets/console-plugin/deployment.yaml

@@ -1,84 +1,84 @@
----
-# Source: openshift-console-plugin/templates/deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: monitoring-plugin
-  namespace: openshift-monitoring
   labels:
     app: monitoring-plugin
-    app.kubernetes.io/name: monitoring-plugin
     app.kubernetes.io/instance: monitoring-plugin
+    app.kubernetes.io/name: monitoring-plugin
     app.kubernetes.io/part-of: openshift-monitoring
     app.openshift.io/runtime-namespace: openshift-monitoring
+  name: monitoring-plugin
+  namespace: openshift-monitoring
 spec:
   replicas: 2
   selector:
     matchLabels:
       app: monitoring-plugin
-      app.kubernetes.io/name: monitoring-plugin
       app.kubernetes.io/instance: monitoring-plugin
+      app.kubernetes.io/name: monitoring-plugin
       app.kubernetes.io/part-of: openshift-monitoring
   strategy:
-    type: RollingUpdate
     rollingUpdate:
       maxUnavailable: 1
+    type: RollingUpdate
   template:
     metadata:
+      annotations:
+        target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}'
       labels:
         app: monitoring-plugin
-        app.kubernetes.io/name: monitoring-plugin
         app.kubernetes.io/instance: monitoring-plugin
+        app.kubernetes.io/name: monitoring-plugin
         app.kubernetes.io/part-of: openshift-monitoring
     spec:
       affinity:
         podAntiAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
           - labelSelector:
               matchLabels:
-                app.kubernetes.io/name: monitoring-plugin
                 app.kubernetes.io/instance: monitoring-plugin
+                app.kubernetes.io/name: monitoring-plugin
                 app.kubernetes.io/part-of: openshift-monitoring
             namespaces:
             - openshift-monitoring
             topologyKey: kubernetes.io/hostname
       automountServiceAccountToken: false
       containers:
-        - name: console-plugin
-          image: quay.io/anpicker/monitoring-plugin:4-13-test
-          ports:
-            - containerPort: 9443
-              protocol: TCP
-          imagePullPolicy: IfNotPresent
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop:
-              - ALL
-          resources:
-            requests:
-              cpu: 10m
-              memory: 50Mi
-          volumeMounts:
-            - name: monitoring-plugin-cert
-              readOnly: true
-              mountPath: /var/cert
-            - name: nginx-conf
-              readOnly: true
-              mountPath: /etc/nginx/nginx.conf
-              subPath: nginx.conf
-      volumes:
-        - name: monitoring-plugin-cert
-          secret:
-            secretName: monitoring-plugin-cert
-            defaultMode: 420
-        - name: nginx-conf
-          configMap:
-            name: monitoring-plugin
-            defaultMode: 420
-      restartPolicy: Always
+      - image: quay.io/anpicker/monitoring-plugin:4-13-test
+        imagePullPolicy: IfNotPresent
+        name: console-plugin
+        ports:
+        - containerPort: 9443
+          protocol: TCP
+        resources:
+          requests:
+            cpu: 10m
+            memory: 50Mi
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+        volumeMounts:
+        - mountPath: /var/cert
+          name: monitoring-plugin-cert
+          readOnly: true
+        - mountPath: /etc/nginx/nginx.conf
+          name: nginx-conf
+          readOnly: true
+          subPath: nginx.conf
       dnsPolicy: ClusterFirst
+      restartPolicy: Always
       securityContext:
         runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
+      volumes:
+      - name: monitoring-plugin-cert
+        secret:
+          defaultMode: 420
+          secretName: monitoring-plugin-cert
+      - configMap:
+          defaultMode: 420
+          name: monitoring-plugin
+        name: nginx-conf

assets/console-plugin/pod-disruption-budget.yaml

@@ -10,6 +10,6 @@ spec:
   minAvailable: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: monitoring-plugin
       app.kubernetes.io/instance: monitoring-plugin
+      app.kubernetes.io/name: monitoring-plugin
       app.kubernetes.io/part-of: openshift-monitoring

assets/console-plugin/service-account.yaml

@@ -1,13 +1,10 @@
----
-# Source: openshift-console-plugin/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: monitoring-plugin
-  namespace: openshift-monitoring
   labels:
     app: monitoring-plugin
-    app.kubernetes.io/name: monitoring-plugin
     app.kubernetes.io/instance: monitoring-plugin
+    app.kubernetes.io/name: monitoring-plugin
     app.kubernetes.io/part-of: openshift-monitoring
-
+  name: monitoring-plugin
+  namespace: openshift-monitoring

assets/console-plugin/service.yaml

@@ -1,27 +1,25 @@
----
-# Source: openshift-console-plugin/templates/service.yaml
 apiVersion: v1
 kind: Service
 metadata:
   annotations:
     service.alpha.openshift.io/serving-cert-secret-name: monitoring-plugin-cert
-  name: monitoring-plugin
-  namespace: openshift-monitoring
   labels:
     app: monitoring-plugin
-    app.kubernetes.io/name: monitoring-plugin
     app.kubernetes.io/instance: monitoring-plugin
+    app.kubernetes.io/name: monitoring-plugin
     app.kubernetes.io/part-of: openshift-monitoring
+  name: monitoring-plugin
+  namespace: openshift-monitoring
 spec:
   ports:
-    - name: 9443-tcp
-      protocol: TCP
-      port: 9443
-      targetPort: 9443
+  - name: 9443-tcp
+    port: 9443
+    protocol: TCP
+    targetPort: 9443
   selector:
     app: monitoring-plugin
-    app.kubernetes.io/name: monitoring-plugin
     app.kubernetes.io/instance: monitoring-plugin
+    app.kubernetes.io/name: monitoring-plugin
     app.kubernetes.io/part-of: openshift-monitoring
-  type: ClusterIP
   sessionAffinity: None
+  type: ClusterIP

jsonnet/components/cluster-monitoring-operator.libsonnet

@@ -229,6 +229,12 @@ function(params) {
         resources: ['persistentvolumes'],
         verbs: ['get'],
       },
+      // The operator needs to patch operator console to add monitoring console-plugin
+      {
+        apiGroups: ['operator.openshift.io'],
+        resources: ['consoles'],
+        verbs: ['get', 'list', 'update', 'patch'],
+      },
     ],
   },
 
@@ -287,6 +293,12 @@ function(params) {
         resources: ['persistentvolumeclaims'],
         verbs: ['get', 'list', 'watch', 'update', 'delete'],
       },
+      // CMO needs permissions to create and update console plugin
+      {
+        apiGroups: ['console.openshift.io'],
+        resources: ['consoleplugins'],
+        verbs: ['get', 'list', 'watch', 'create', 'update', 'delete'],
+      },
 
     ],
   },

jsonnet/components/console-plugin.libsonnet

@@ -1,9 +1,9 @@
 local cm = (import 'console-plugin/config-map.json');
 local deploy = (import 'console-plugin/deployment.json');
-local cp = ( import 'console-plugin/console-plugin.json' );
-local pdb = ( import 'console-plugin/pod-disruption-budget.json' );
-local sa = ( import 'console-plugin/service-account.json' );
-local svc = ( import 'console-plugin/service.json' );
+local cp = (import 'console-plugin/console-plugin.json');
+local pdb = (import 'console-plugin/pod-disruption-budget.json');
+local sa = (import 'console-plugin/service-account.json');
+local svc = (import 'console-plugin/service.json');
 
 function()
   {
@@ -14,4 +14,3 @@ function()
     serviceAccount: sa,
     service: svc,
   }
-

manifests/0000_50_cluster-monitoring-operator_02-namespaced-cluster-role.yaml

@@ -78,10 +78,13 @@ rules:
   - update
   - delete
 - apiGroups:
-  - console.openshift.io/v1
+  - console.openshift.io
   resources:
   - consoleplugins
   verbs:
-    - get
-    - create
-    - update
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - delete

manifests/0000_50_cluster-monitoring-operator_02-role.yaml

@@ -160,6 +160,15 @@ rules:
   - persistentvolumes
   verbs:
   - get
+- apiGroups:
+  - operator.openshift.io
+  resources:
+  - consoles
+  verbs:
+  - get
+  - list
+  - update
+  - patch
 - apiGroups:
   - authentication.k8s.io
   resources:
@@ -715,10 +724,3 @@ rules:
   - /api/v2/alerts
   verbs:
   - create
-- apiGroups:
-  - operator.openshift.io/v1
-  resources:
-  - consoles
-  verbs:
-    - get
-    - update