- go v1.11+
- dep v0.5.x
- operator-sdk v0.7.0
makee.g.
docker push quay.io/kiegroup/kie-cloud-operator:<version>To install this operator on OpenShift 4 for end-to-end testing, make sure you have access to a quay.io account to create an application repository. Follow the authentication instructions for Operator Courier to obtain an account token. This token is in the form of "basic XXXXXXXXX" and both words are required for the command.
Push the operator bundle to your quay application repository as follows:
operator-courier push deploy/catalog_resources/courier/bundle_dir/1.2.1 kiegroup kiecloud-operator 1.2.1 "basic XXXXXXXXX"
# operator-courier push deploy/catalog_resources/courier/bundle_dir/1.2.0 kiegroup kiecloud-operator 1.2.0 "basic XXXXXXXXX"If pushing to another quay repository, replace kiegroup with your username or other namespace. Also note that the push command does not overwrite an existing repository, and it needs to be deleted before a new version can be built and uploaded. Once the bundle has been uploaded, create an Operator Source to load your operator bundle in OpenShift.
oc create -f deploy/catalog_resources/courier/kiecloud-operatorsource.yamlRemember to replace registryNamespace with your quay namespace. The name, display name and publisher of the operator are the only other attributes that may be modified.
It will take a few minutes for the operator to become visible under the OperatorHub section of the OpenShift console Catalog. It can be easily found by filtering the provider type to Custom.
Use the OLM console to subscribe to the Kie Cloud Operator Catalog Source within your namespace. Once subscribed, use the console to Create KieApp or create one manually as seen below.
$ oc create -f deploy/crs/kieapp_rhpam_trial.yaml
kieapp.app.kiegroup.org/rhpam-trial createdoc delete kieapp rhpam-trialChange log level at runtime w/ the DEBUG environment variable. e.g. -
make dep
make clean
DEBUG="true" operator-sdk up local --namespace=<namespace>Also at runtime, change registry for rhpam ImageStreamTags -
INSECURE=true REGISTRY=<registry url> operator-sdk up local --namespace=<namespace>Before submitting PR, please be sure to generate, vet, format, and test your code. This all can be done with one command.
make testIt is possible to configure RHPAM authentication with an external Identity Provider such as RH-SSO or LDAP.
In order to integrate RHPAM authentication with an existing instance of RH-SSO an auth element must be provided with a valid sso configuration. If the hostnameHTTPS is not provided for some client it will be retrieved from the generated route hostname. It is important to say that the URL and Realm parameters are mandatory.
spec:
environment: rhpam-authoring
auth:
sso:
url: https://rh-sso.example.com
realm: rhpam
adminUser: admin
adminPassword: secret
objects:
console:
ssoClient:
name: rhpam-console
secret: somePwd
servers:
- name: kieserver-one
deployments: 2
ssoClient:
name: kieserver-one
secret: otherPwd
hostnameHTTPS: kieserver-one.example.com
- name: kieserver-two
ssoClient:
name: kieserver-two
secret: yetOtherPwdThe LDAP configuration allows RHPAM to authenticate and retrieve the user's groups from an existing LDAP instance. Only the URL parameter is mandatory
spec:
environment: rhpam-production
auth:
ldap:
url: ldaps://myldap.example.com
bindDN: uid=admin,ou=users,ou=exmample,ou=com
bindCredential: s3cret
baseCtxDN: ou=users,ou=example,ou=comFinally, it is also possible to provide a properties file including how the roles returned by the external IdP are going to be mapped into application roles.
spec:
environment: rhpam-production
auth:
ldap:
url: ldaps://myldap.example.com
bindDN: uid=admin,ou=users,ou=exmample,ou=com
bindCredential: s3cret
baseCtxDN: ou=users,ou=example,ou=com
roleMapper:
rolesProperties: /conf/roleMapper.properties
replaceRole: trueRequires cekit v3.1+ and rhpkg -
# local build
make rhel
# scratch build
make rhel-scratch
# release candidate
make rhel-release