Skip to content

listener 25.11.0 manifests (wip) #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

listener 25.11.0 manifests (wip) #21

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
345 changes: 345 additions & 0 deletions operators/stackable-listener-operator/25.11.0/manifests/listener-operator-manifests.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,345 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: listener-operator-deployer-manifests
data:
listener-scc.yaml: |
---
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
name: stackable-listener-operator-scc
labels:
stackable.tech/vendor: Stackable
annotations:
kubernetes.io/description:
The stackable-listener-operator-scc includes the minimum required privileges to run the listener-operator.
allowHostDirVolumePlugin: true
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegeEscalation: false
allowPrivilegedContainer: false
allowedCapabilities: []
defaultAddCapabilities: null
fsGroup:
type: MustRunAs
groups: []
priority: null
readOnlyRootFilesystem: true
requiredDropCapabilities:
- ALL
runAsUser:
type: MustRunAs
uid: 0
seLinuxContext:
# Permit access to the resources in all namespaces
type: RunAsAny
seccompProfiles:
- runtime/default
supplementalGroups:
type: RunAsAny
users: []
volumes:
- emptyDir
- hostPath
- projected

csidriver.yaml: |
---
# Source: listener-operator/templates/csidriver.yaml
apiVersion: storage.k8s.io/v1
kind: CSIDriver
metadata:
name: listeners.stackable.tech
spec:
attachRequired: false
podInfoOnMount: true
fsGroupPolicy: File
volumeLifecycleModes:
- Ephemeral
- Persistent

csi-provisioner-deployment.yaml: |
---
# Source: listener-operator/templates/csi-provisioner-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: listener-operator-csi-provisioner
labels:
app.kubernetes.io/name: listener-operator
app.kubernetes.io/instance: listener-operator
stackable.tech/vendor: Stackable
app.kubernetes.io/version: "0.0.0-pr344"
spec:
selector:
matchLabels:
app.kubernetes.io/role: provisioner
app.kubernetes.io/name: listener-operator
app.kubernetes.io/instance: listener-operator
stackable.tech/vendor: Stackable
template:
metadata:
annotations:
internal.stackable.tech/image: "oci.stackable.tech/sdp/listener-operator:0.0.0-pr344"
labels:
app.kubernetes.io/role: provisioner
app.kubernetes.io/name: listener-operator
app.kubernetes.io/instance: listener-operator
stackable.tech/vendor: Stackable
spec:
serviceAccountName: listener-operator-serviceaccount
securityContext: {}
containers:
- name: csi-controller-service
securityContext:
runAsUser: 0
seLinuxOptions:
type: spc_t
image: "oci.stackable.tech/sdp/listener-operator:0.0.0-pr344"
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
args:
- run
- controller
env:
# The following env vars are passed as clap (think CLI) arguments to the operator.
# They are picked up by clap using the structs defied in the operator.
# (which is turn pulls in https://github.com/stackabletech/operator-rs/blob/main/crates/stackable-operator/src/cli.rs)
# You can read there about the expected values and purposes.
- name: CSI_ENDPOINT
value: /csi/csi.sock
# Sometimes products need to know the operator image, e.g. the opa-bundle-builder OPA
# sidecar uses the operator image.
- name: OPERATOR_IMAGE
# Tilt can use annotations as image paths, but not env variables
valueFrom:
fieldRef:
fieldPath: metadata.annotations['internal.stackable.tech/image']
# Namespace the operator Pod is running in, e.g. used to construct the conversion
# webhook endpoint.
- name: OPERATOR_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
# The name of the Kubernetes Service that point to the operator Pod, e.g. used to
# construct the conversion webhook endpoint.
- name: OPERATOR_SERVICE_NAME
value: listener-operator
# Operators need to know the node name they are running on, to e.g. discover the
# Kubernetes domain name from the kubelet API.
- name: KUBERNETES_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: csi
mountPath: /csi
- name: external-provisioner
image: "oci.stackable.tech/sdp/sig-storage/csi-provisioner:v5.3.0"
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
args:
- --csi-address=/csi/csi.sock
- --feature-gates=Topology=true
- --extra-create-metadata
volumeMounts:
- name: csi
mountPath: /csi
volumes:
- name: csi
emptyDir: {}

csi-node-driver-daemonset.yaml: |
---
# Source: listener-operator/templates/csi-node-driver-daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: listener-operator-csi-node-driver
labels:
app.kubernetes.io/name: listener-operator
app.kubernetes.io/instance: listener-operator
stackable.tech/vendor: Stackable
app.kubernetes.io/version: "0.0.0-pr344"
spec:
selector:
matchLabels:
app.kubernetes.io/role: node-driver
app.kubernetes.io/name: listener-operator
app.kubernetes.io/instance: listener-operator
stackable.tech/vendor: Stackable
template:
metadata:
labels:
app.kubernetes.io/role: node-driver
app.kubernetes.io/name: listener-operator
app.kubernetes.io/instance: listener-operator
stackable.tech/vendor: Stackable
spec:
serviceAccountName: listener-operator-serviceaccount
securityContext: {}
containers:
- name: csi-node-service
securityContext:
runAsUser: 0
seLinuxOptions:
type: spc_t
image: "oci.stackable.tech/sdp/listener-operator:0.0.0-pr344"
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
args:
- run
- node
env:
# The following env vars are passed as clap (think CLI) arguments to the operator.
# They are picked up by clap using the structs defied in the operator.
# (which is turn pulls in https://github.com/stackabletech/operator-rs/blob/main/crates/stackable-operator/src/cli.rs)
# You can read there about the expected values and purposes.
- name: CSI_ENDPOINT
value: /csi/csi.sock
# Sometimes products need to know the operator image, e.g. the opa-bundle-builder OPA
# sidecar uses the operator image.
- name: OPERATOR_IMAGE
# Tilt can use annotations as image paths, but not env variables
valueFrom:
fieldRef:
fieldPath: metadata.annotations['internal.stackable.tech/image']
# Namespace the operator Pod is running in, e.g. used to construct the conversion
# webhook endpoint.
- name: OPERATOR_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
# The name of the Kubernetes Service that point to the operator Pod, e.g. used to
# construct the conversion webhook endpoint.
- name: OPERATOR_SERVICE_NAME
value: listener-operator
# Operators need to know the node name they are running on, to e.g. discover the
# Kubernetes domain name from the kubelet API.
- name: KUBERNETES_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: csi
mountPath: /csi
- name: mountpoint
mountPath: /var/lib/kubelet/pods
- name: node-driver-registrar
image: "oci.stackable.tech/sdp/sig-storage/csi-node-driver-registrar:v2.15.0"
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
args:
- --csi-address=/csi/csi.sock
- --kubelet-registration-path=/var/lib/kubelet/plugins/listeners.stackable.tech/csi.sock
volumeMounts:
- name: registration-sock
mountPath: /registration
- name: csi
mountPath: /csi
volumes:
- name: registration-sock
hostPath:
# node-driver-registrar appends a driver-unique filename to this path to avoid conflicts
# see https://github.com/stackabletech/secret-operator/issues/229 for why this path should not be too long
path: /var/lib/kubelet/plugins_registry
- name: csi
hostPath:
path: /var/lib/kubelet/plugins/listeners.stackable.tech/
- name: mountpoint
hostPath:
path: /var/lib/kubelet/pods/

service.yaml: |
---
# Source: listener-operator/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
# Note(@sbernauer): We could also call the Service something like
# "product-operator-conversion-webhook". However, in the future we will have more webhooks, and
# it seems like an overkill to have a dedicated Service per webhook.
name: listener-operator
labels:
app.kubernetes.io/name: listener-operator
app.kubernetes.io/instance: listener-operator
stackable.tech/vendor: Stackable
app.kubernetes.io/version: "0.0.0-pr344"
spec:
selector:
app.kubernetes.io/name: listener-operator
app.kubernetes.io/instance: listener-operator
stackable.tech/vendor: Stackable
ports:
- name: conversion-webhook
protocol: TCP
port: 8443
targetPort: 8443

listener-classes-external-unstable.yaml: |
---
# Source: listener-operator/templates/listener-classes.yaml
apiVersion: listeners.stackable.tech/v1alpha1
kind: ListenerClass
metadata:
name: external-unstable
spec:
serviceType: NodePort
pinnedNodePorts: false

listener-classes-external-stable.yaml: |
---
# Source: listener-operator/templates/listener-classes.yaml
apiVersion: listeners.stackable.tech/v1alpha1
kind: ListenerClass
metadata:
name: external-stable
spec:
serviceType: LoadBalancer

listener-classes-cluster-internal.yaml: |
---
# Source: listener-operator/templates/listener-classes.yaml
apiVersion: listeners.stackable.tech/v1alpha1
kind: ListenerClass
metadata:
name: cluster-internal
spec:
serviceType: ClusterIP
storageclass.yaml: |
---
# Source: listener-operator/templates/storageclass.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: listeners.stackable.tech
provisioner: listeners.stackable.tech
volumeBindingMode: WaitForFirstConsumer
Loading