Skip to content

Commit

Permalink
Merge pull request #83 from openshift-bot/synchronize-upstream
Browse files Browse the repository at this point in the history 
NO-ISSUE: Synchronize From Upstream Repositories
  • Loading branch information
@openshift-merge-bot
openshift-merge-bot[bot] committed Mar 14, 2024
2 parents 1eacfde + a856711 commit 2f0178f
Show file tree
Hide file tree
Showing 11 changed files with 206 additions and 180 deletions.
2 changes: 1 addition & 1 deletion commitchecker.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
expectedMergeBase: 38da6fc3c70c60d4da570333a3e5fc005192d44f
expectedMergeBase: 8cdb7c32aea04da553811232b790d73c1702c49c
upstreamBranch: main
upstreamOrg: operator-framework
upstreamRepo: operator-controller
8 changes: 0 additions & 8 deletions config/default/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 +26,6 @@ resources:
# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
#- ../prometheus

patches:
# Protect the /metrics endpoint by putting it behind auth.
# If you want your controller-manager to expose the /metrics
# endpoint w/o any authn/z, please comment the following line.
- path: manager_auth_proxy_patch.yaml



# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
# crd/kustomization.yaml
#- manager_webhook_patch.yaml
Expand Down
53 changes: 0 additions & 53 deletions config/default/manager_auth_proxy_patch.yaml
View file

This file was deleted.

61 changes: 40 additions & 21 deletions config/manager/manager.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,26 +28,22 @@ spec:
labels:
control-plane: controller-manager
spec:
# TODO(user): Uncomment the following code to configure the nodeAffinity expression
# according to the platforms which are supported by your solution.
# It is considered best practice to support multiple architectures. You can
# build your manager image using the makefile target docker-buildx.
# affinity:
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: kubernetes.io/arch
# operator: In
# values:
# - amd64
# - arm64
# - ppc64le
# - s390x
# - key: kubernetes.io/os
# operator: In
# values:
# - linux
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
- arm64
- ppc64le
- s390x
- key: kubernetes.io/os
operator: In
values:
- linux
securityContext:
runAsNonRoot: true
seccompProfile:
Expand All @@ -56,7 +52,10 @@ spec:
- command:
- /manager
args:
- --leader-elect
- "--health-probe-bind-address=:8081"
- "--metrics-bind-address=127.0.0.1:8080"
- "--leader-elect"
- "--feature-gates=ForceSemverUpgradeConstraints=true"
image: controller:latest
imagePullPolicy: IfNotPresent
name: manager
Expand Down Expand Up @@ -86,6 +85,26 @@ spec:
requests:
cpu: 10m
memory: 64Mi
- name: kube-rbac-proxy
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1
args:
- "--secure-listen-address=0.0.0.0:8443"
- "--upstream=http://127.0.0.1:8080/"
- "--logtostderr=true"
- "--v=0"
ports:
- containerPort: 8443
protocol: TCP
name: https
resources:
requests:
cpu: 5m
memory: 64Mi
serviceAccountName: controller-manager
terminationGracePeriodSeconds: 10
volumes:
Expand Down
202 changes: 126 additions & 76 deletions docs/Tasks/adding-a-catalog.md
View file
Original file line number Diff line number Diff line change
@@ -1,76 +1,126 @@
Extension authors have the mechanisms to offer their product as part of a curated catalog of extensions, that they can push updates to over-the-air (eg publish new versions, publish patched versions with CVEs, etc). Cluster admins can sign up to receive these updates on clusters, by adding the catalog to the cluster. When a catalog is added to a cluster, the kubernetes extension packages in that catalog become available on cluster for installation and receiving updates.

For example, the [k8s-operatorhub/community-operators](https://github.com/k8s-operatorhub/community-operators) is a catalog of curated extensions that contains a list of extensions being developed by the community. The list of extensions can be viewed in [Operatorhub.io](https://operatorhub.io). This catalog is distributed as an image [quay.io/operatorhubio/catalog](https://quay.io/repository/operatorhubio/catalog?tag=latest&tab=tags) for consumption on clusters.

To consume this catalog on cluster, create a `Catalog` Custom Resource(CR) with the image specified in the `spec.source.image` field:

```bash
$ kubectl apply -f - <<EOF
apiVersion: catalogd.operatorframework.io/v1alpha1
kind: Catalog
metadata:
name: operatorhubio
spec:
source:
type: image
image:
ref: quay.io/operatorhubio/catalog:latest
EOF
```

The packages made available for installation/receiving updates on cluster can then be explored by querying the `Package` and `BundleMetadata` CRs:

```bash
$ kubectl get packages
NAME AGE
operatorhubio-ack-acm-controller 3m12s
operatorhubio-ack-apigatewayv2-controller 3m12s
operatorhubio-ack-applicationautoscaling-controller 3m12s
operatorhubio-ack-cloudtrail-controller 3m12s
operatorhubio-ack-dynamodb-controller 3m12s
operatorhubio-ack-ec2-controller 3m12s
operatorhubio-ack-ecr-controller 3m12s
operatorhubio-ack-eks-controller 3m12s
operatorhubio-ack-elasticache-controller 3m12s
operatorhubio-ack-emrcontainers-controller 3m12s
operatorhubio-ack-eventbridge-controller 3m12s
operatorhubio-ack-iam-controller 3m12s
operatorhubio-ack-kinesis-controller 3m12s
operatorhubio-ack-kms-controller 3m12s
operatorhubio-ack-lambda-controller 3m12s
operatorhubio-ack-memorydb-controller 3m12s
operatorhubio-ack-mq-controller 3m12s
operatorhubio-ack-opensearchservice-controller 3m12s
.
.
.

$ kubectl get bundlemetadata
NAME AGE
operatorhubio-ack-acm-controller.v0.0.1 3m58s
operatorhubio-ack-acm-controller.v0.0.2 3m58s
operatorhubio-ack-acm-controller.v0.0.4 3m58s
operatorhubio-ack-acm-controller.v0.0.5 3m58s
operatorhubio-ack-acm-controller.v0.0.6 3m58s
operatorhubio-ack-apigatewayv2-controller.v0.0.10 3m58s
operatorhubio-ack-apigatewayv2-controller.v0.0.11 3m58s
operatorhubio-ack-apigatewayv2-controller.v0.0.12 3m58s
operatorhubio-ack-apigatewayv2-controller.v0.0.13 3m58s
operatorhubio-ack-apigatewayv2-controller.v0.0.14 3m58s
operatorhubio-ack-apigatewayv2-controller.v0.0.15 3m58s
operatorhubio-ack-apigatewayv2-controller.v0.0.16 3m58s
operatorhubio-ack-apigatewayv2-controller.v0.0.17 3m58s
operatorhubio-ack-apigatewayv2-controller.v0.0.18 3m58s
operatorhubio-ack-apigatewayv2-controller.v0.0.19 3m58s
operatorhubio-ack-apigatewayv2-controller.v0.0.20 3m58s
operatorhubio-ack-apigatewayv2-controller.v0.0.21 3m58s
operatorhubio-ack-apigatewayv2-controller.v0.0.22 3m58s
operatorhubio-ack-apigatewayv2-controller.v0.0.9 3m58s
operatorhubio-ack-apigatewayv2-controller.v0.1.0 3m58s
operatorhubio-ack-apigatewayv2-controller.v0.1.1 3m58s
operatorhubio-ack-apigatewayv2-controller.v0.1.2 3m58s
operatorhubio-ack-apigatewayv2-controller.v0.1.3 3m58s
.
.
.
```
# Adding a catalog of extensions to a cluster

Extension authors can publish their products in catalogs.
Catalogs are curated collections of Kubernetes extensions, such as Operators.
Cluster administrators can add these catalogs to their cluster.
Cluster administrators can enable polling to get over-the-air updates to catalogs when extension authors publish changes such as bug fixes and new features.

For example, the [Kubernetes community Operators catalog](https://github.com/k8s-operatorhub/community-operators) is a catalog of curated extensions that is developed by the Kubernetes community.
You can see the available extensions at [Operatorhub.io](https://operatorhub.io).
This catalog is distributed as an image [quay.io/operatorhubio/catalog](https://quay.io/repository/operatorhubio/catalog?tag=latest&tab=tags) that can be installed on clusters.

## Prerequisites

* Access to a Kubernetes cluster, for example `kind`, using an account with `cluster-admin` permissions
* [Operator Controller installed](https://github.com/operator-framework/operator-controller/releases) on the cluster
* [Catalogd installed](https://github.com/operator-framework/catalogd/releases/) on the cluster
* Kubernetes CLI (`kubectl`) installed on your workstation

## Procedure

1. Create a catalog custom resource (CR):

``` yaml title="catalog_cr.yaml"
apiVersion: catalogd.operatorframework.io/v1alpha1
kind: Catalog
metadata:
name: operatorhubio
spec:
source:
type: image
image:
ref: <catalog_image>
pollInterval: <poll_interval_duration>
```

`catalog_name`
: Specifies the image reference for the catalog you want to install, such as `quay.io/operatorhubio/catalog:latest`.

`poll_interval_duration`
: Specifies the interval for polling the remote registry for newer image digests.
The default value is `24h`.
Valid units include seconds (`s`), minutes (`m`), and hours (`h`).
To disable polling, set a zero value, such as `0s`.

``` yaml title="Example `operatorhubio.yaml` CR"
apiVersion: catalogd.operatorframework.io/v1alpha1
kind: Catalog
metadata:
name: operatorhub
spec:
source:
type: image
image:
ref: quay.io/operatorhubio/catalog:latest
pollInterval: 1h
```
2. Apply the catalog CR:
``` terminal
$ kubectl apply -f <catalog_cr>.yaml
```

``` text title="Example output"
catalog.catalogd.operatorframework.io/redhat-operators created
```

### Verification

* Run the following commands to verify the status of your catalog:

* Check if your catalog is available on the cluster:

``` terminal
$ kubectl get catalog
```

``` terminal title="Example output"
NAME PHASE AGE
operatorhubio 9s
```

* Check the status of your catalog:

``` terminal
$ kubectl describe catalog
```

``` terminal title="Example output"
Name: operatorhubio
Namespace:
Labels: <none>
Annotations: <none>
API Version: catalogd.operatorframework.io/v1alpha1
Kind: Catalog
Metadata:
Creation Timestamp: 2024-03-12T19:34:50Z
Finalizers:
catalogd.operatorframework.io/delete-server-cache
Generation: 2
Resource Version: 6469
UID: 2e2778cb-dda6-4645-96b7-992e8dd37503
Spec:
Source:
Image:
Poll Interval: 15m0s
Ref: quay.io/operatorhubio/catalog:latest
Type: image
Status:
Conditions:
Last Transition Time: 2024-03-12T19:35:34Z
Message:
Reason: UnpackSuccessful
Status: True
Type: Unpacked
Content URL: http://catalogd-catalogserver.catalogd-system.svc/catalogs/operatorhubio/all.json
Observed Generation: 2
Phase: Unpacked
Resolved Source:
Image:
Last Poll Attempt: 2024-03-12T19:35:26Z
Ref: quay.io/operatorhubio/catalog:latest
Resolved Ref: quay.io/operatorhubio/catalog@sha256:dee29aaed76fd1c72b654b9bc8bebc4b48b34fd8d41ece880524dc0c3c1c55ec
Type: image
Events: <none>
```
2 changes: 1 addition & 1 deletion docs/requirements.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ mergedeep==1.3.4
mkdocs==1.5.3
mkdocs-material==9.5.13
mkdocs-material-extensions==1.3.1
packaging==23.2
packaging==24.0
paginate==0.5.6
pathspec==0.12.1
platformdirs==4.2.0
Expand Down
12 changes: 12 additions & 0 deletions mkdocs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,3 +14,15 @@ nav:
- Explore extensions available for installation: 'Tasks/explore-available-packages.md'
- Installing an extension: 'Tasks/installing-an-extension.md'
- Deleting an extension: 'Tasks/uninstall-an-extension.md'

markdown_extensions:
- pymdownx.highlight:
anchor_linenums: true
line_spans: __span
pygments_lang_class: true
- pymdownx.inlinehilite
- pymdownx.snippets
- pymdownx.superfences
- def_list
- pymdownx.tasklist:
custom_checkbox: true
4 changes: 4 additions & 0 deletions netlify.toml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# netlify.toml
[build]
command = "mkdocs build"
publish = "site"

0 comments on commit 2f0178f

Please sign in to comment.