Skip to content

[Merged by Bors] - Generate olm bundles for openshift #149

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
adwk67 wants to merge 9 commits into from
Closed

[Merged by Bors] - Generate olm bundles for openshift #149

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
649b9b5
added initial opm bundle for openshift
adwk67 Feb 16, 2023
e5156c3
add make regenerate bundle
adwk67 Feb 16, 2023
c635008
changed to stackable repo
adwk67 Feb 16, 2023
8be3373
removed readme
adwk67 Feb 17, 2023
4b2cbec
linting fix
adwk67 Feb 17, 2023
df9f51c
move generate bundle from makefile to script
adwk67 Feb 17, 2023
6ed615c
updated changelog
adwk67 Feb 17, 2023
498590d
moved changelog entry to added
adwk67 Feb 17, 2023
021c810
make script version-agnostic
adwk67 Feb 17, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.

## [Unreleased]

### Added

- Generate OLM bundle ([#149])

[#149]: https://github.com/stackabletech/commons-operator/pull/149

### Changed

- Specified security context settings needed for OpenShift ([#136]).
Expand Down
4 changes: 4 additions & 0 deletions deploy/olm/23.1.0/.gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
bundle
bundle.Dockerfile
catalog.Dockerfile
catalog
185 changes: 185 additions & 0 deletions deploy/olm/23.1.0/manifests/authclass.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,185 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: authenticationclasses.authentication.stackable.tech
annotations:
helm.sh/resource-policy: keep
spec:
group: authentication.stackable.tech
names:
categories: []
kind: AuthenticationClass
plural: authenticationclasses
shortNames: []
singular: authenticationclass
scope: Cluster
versions:
- additionalPrinterColumns: []
name: v1alpha1
schema:
openAPIV3Schema:
description: Auto-generated derived type for AuthenticationClassSpec via `CustomResource`
properties:
spec:
properties:
provider:
description: Provider used for authentication like LDAP or Kerberos
oneOf:
- required:
- ldap
- required:
- tls
- required:
- static
properties:
ldap:
properties:
bindCredentials:
description: In case you need a special account for searching the LDAP server you can specify it here
nullable: true
properties:
scope:
description: '[Scope](https://docs.stackable.tech/secret-operator/scope.html) of the [SecretClass](https://docs.stackable.tech/secret-operator/secretclass.html)'
nullable: true
properties:
node:
default: false
type: boolean
pod:
default: false
type: boolean
services:
default: []
items:
type: string
type: array
type: object
secretClass:
description: '[SecretClass](https://docs.stackable.tech/secret-operator/secretclass.html) containing the LDAP bind credentials'
type: string
required:
- secretClass
type: object
hostname:
description: Hostname of the LDAP server
type: string
ldapFieldNames:
default:
uid: uid
group: memberof
givenName: givenName
surname: sn
email: mail
description: The name of the LDAP object fields
properties:
email:
default: mail
description: The name of the email field
type: string
givenName:
default: givenName
description: The name of the firstname field
type: string
group:
default: memberof
description: The name of the group field
type: string
surname:
default: sn
description: The name of the lastname field
type: string
uid:
default: uid
description: The name of the username field
type: string
type: object
port:
description: Port of the LDAP server. If TLS is used defaults to 636 otherwise to 389
format: uint16
minimum: 0.0
nullable: true
type: integer
searchBase:
default: ''
description: LDAP search base
type: string
searchFilter:
default: ''
description: LDAP query to filter users
type: string
tls:
description: Use a TLS connection. If not specified no TLS will be used
nullable: true
properties:
verification:
description: The verification method used to verify the certificates of the server and/or the client
oneOf:
- required:
- none
- required:
- server
properties:
none:
description: Use TLS but don't verify certificates
type: object
server:
description: Use TLS and ca certificate to verify the server
properties:
caCert:
description: Ca cert to verify the server
oneOf:
- required:
- webPki
- required:
- secretClass
properties:
secretClass:
description: Name of the SecretClass which will provide the ca cert. Note that a SecretClass does not need to have a key but can also work with just a ca cert. So if you got provided with a ca cert but don't have access to the key you can still use this method.
type: string
webPki:
description: Use TLS and the ca certificates trusted by the common web browsers to verify the server. This can be useful when you e.g. use public AWS S3 or other public available services.
type: object
type: object
required:
- caCert
type: object
type: object
required:
- verification
type: object
required:
- hostname
type: object
static:
properties:
userCredentialsSecret:
description: Secret providing the usernames and password. The secret must contain an entry for every user, with the key being the username and the value the password in plain text. It must be located in the same namespace as the product using it.
properties:
name:
description: Name of the secret
type: string
required:
- name
type: object
required:
- userCredentialsSecret
type: object
tls:
properties:
clientCertSecretClass:
description: See `<https://docs.stackable.tech/home/contributor/adr/ADR016-tls-authentication.html>`. If `client_cert_secret_class` is not set, the TLS settings may also be used for client authentication. If `client_cert_secret_class` is set, the [SecretClass](https://docs.stackable.tech/secret-operator/secretclass.html) will be used to provision client certificates.
nullable: true
type: string
type: object
type: object
required:
- provider
type: object
required:
- spec
title: AuthenticationClass
type: object
served: true
storage: true
subresources: {}
169 changes: 169 additions & 0 deletions deploy/olm/23.1.0/manifests/csv.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,169 @@
---
apiVersion: operators.coreos.com/v1alpha1
kind: ClusterServiceVersion
metadata:
name: commons-operator.v23.1.0
spec:
annotations:
support: stackable.tech
olm.properties: '[]'

# The following affect how the package is indexed at OperatorHub.io:
# https://operatorhub.io/?category=Database
# https://sdk.operatorframework.io/docs/advanced-topics/operator-capabilities/operator-capabilities/
categories: Storage
capabilities: Full Lifecycle
description: Stackable Commons Operator


description: Stackable Commons Operator
displayName: Stackable Commons Operator
keywords:
- commons
maintainers:
- email: info@stackable.tech
name: Stackable GmbH
maturity: stable
provider:
name: Stackable GmbH
url: https://stackable.tech
version: 23.1.0
minKubeVersion: 1.20.0

installModes:
- supported: true
type: OwnNamespace
- supported: true
type: SingleNamespace
- supported: false
type: MultiNamespace
- supported: false
type: AllNamespaces

customresourcedefinitions:
owned:
# a list of CRDs that this operator owns
# name is the metadata.name of the CRD (which is of the form <plural>.<group>)
- name: s3buckets.s3.stackable.tech
# version is the spec.versions[].name value defined in the CRD
version: v1alpha1
# kind is the CamelCased singular value defined in spec.names.kind of the CRD.
kind: S3Bucket
# human-friendly display name of the CRD for rendering in graphical consoles (optional)
displayName: S3Bucket
# a short description of the CRDs purpose for rendering in graphical consoles (optional)
description: Represents an S3 bucket
- name: s3connections.s3.stackable.tech
# version is the spec.versions[].name value defined in the CRD
version: v1alpha1
# kind is the CamelCased singular value defined in spec.names.kind of the CRD.
kind: S3Connection
# human-friendly display name of the CRD for rendering in graphical consoles (optional)
displayName: S3Connection
# a short description of the CRDs purpose for rendering in graphical consoles (optional)
description: Represents an S3Connection
- name: authenticationclasses.authentication.stackable.tech
# version is the spec.versions[].name value defined in the CRD
version: v1alpha1
# kind is the CamelCased singular value defined in spec.names.kind of the CRD.
kind: AuthenticationClass
# human-friendly display name of the CRD for rendering in graphical consoles (optional)
displayName: AuthenticationClass
# a short description of the CRDs purpose for rendering in graphical consoles (optional)
description: Represents an AuthenticationClass


install:
# strategy indicates what type of deployment artifacts are used
strategy: deployment
# spec for the deployment strategy is a list of deployment specs and required permissions - similar to a pod template used in a deployment
spec:
permissions:
- serviceAccountName: commons-operator
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- '*'
# permissions required at the cluster scope
clusterPermissions:
- serviceAccountName: commons-operator
rules:
- apiGroups:
- ""
resources:
- pods
- configmaps
- secrets
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- get
- list
- watch
- patch
- apiGroups:
- events.k8s.io
resources:
- events
verbs:
- create
- apiGroups:
- s3.stackable.tech
resources:
- s3buckets
- s3connections
verbs:
- get
- list
- patch
- watch
- apiGroups:
- authentication.stackable.tech
resources:
- authenticationclasses
verbs:
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- pods/eviction
verbs:
- create

deployments:
- name: commons-operator
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: commons-operator
app.kubernetes.io/instance: commons-operator
template:
metadata:
labels:
app.kubernetes.io/name: commons-operator
app.kubernetes.io/instance: commons-operator
spec:
serviceAccountName: commons-operator
securityContext: {}
containers:
- name: commons-operator
securityContext: {}
image: "docker.stackable.tech/stackable/commons-operator:23.1.0"
imagePullPolicy: IfNotPresent
resources: {}
Loading