Skip to content

Commit

Permalink
Merge pull request #236 from IBM/fix/add-doc-bundle
Browse files Browse the repository at this point in the history
Fixed bundle generation step - handle empty index,  crds issue with plural
  • Loading branch information
yuji-watanabe-jp authored Jan 5, 2021
2 parents 326a5f3 + e116c19 commit ec33fe2
Show file tree
Hide file tree
Showing 7 changed files with 366 additions and 328 deletions.
18 changes: 15 additions & 3 deletions build/build_bundle.sh
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,6 @@ if [ -z "$ISHIELD_REPO_ROOT" ]; then
exit 1
fi

#source $ISHIELD_REPO_ROOT/ishield-build.conf

cd $ISHIELD_REPO_ROOT/integrity-shield-operator


Expand All @@ -41,6 +39,15 @@ echo -----------------------------
echo [1/4] Building bundle
make bundle IMG=${ISHIELD_OPERATOR_IMAGE_NAME_AND_VERSION} VERSION=${VERSION}

# Temporary workarround for dealing with CRD generation issue

tmpcrd="${SHIELD_OP_DIR}/config/crd/bases/apis.integrityshield.io_integrityshieldren.yaml"
targetcrd="${SHIELD_OP_DIR}/config/crd/bases/apis.integrityshield.io_integrityshields.yaml"

if [ -f $tmpcrd ]; then
sed -i 's/integrityshieldren/integrityshields/g' $tmpcrd
mv $tmpcrd $targetcrd
fi

csvfile="bundle/manifests/integrity-shield-operator.clusterserviceversion.yaml"
cat $csvfile | yq r - -j > tmp.json
Expand All @@ -53,6 +60,12 @@ change=$(cat tmp.json | jq '.spec.installModes |=map (select(.type == "AllNamesp
cat tmp.json | yq r - -P > $csvfile
rm tmp.json

docker pull ${ISHIELD_OPERATOR_INDEX_IMAGE_NAME_AND_PREVIOUS_VERSION} | grep "Image is up to date" && pull_status="pulled" || pull_status="failed"

if [ "$pull_status" = "failed" ]; then
sed -i '/ replaces: /d' ${SHIELD_OP_DIR}/bundle/manifests/*.clusterserviceversion.yaml
fi

make bundle-build BUNDLE_IMG=${ISHIELD_OPERATOR_BUNDLE_IMAGE_NAME_AND_VERSION}

# Push ishield-operator bundle
Expand All @@ -65,7 +78,6 @@ echo -----------------------------
echo [3/4] Adding bundle to index


docker pull ${ISHIELD_OPERATOR_INDEX_IMAGE_NAME_AND_PREVIOUS_VERSION} | grep "Image is up to date" && pull_status="pulled" || pull_status="failed"

if [ "$pull_status" = "failed" ]; then
sudo /usr/local/bin/opm index add -c docker --generate --bundles ${ISHIELD_OPERATOR_BUNDLE_IMAGE_NAME_AND_VERSION} \
Expand Down
14 changes: 12 additions & 2 deletions build/build_bundle_ocm.sh
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,13 @@ echo -----------------------------
echo [1/4] Building bundle
make bundle IMG=${ISHIELD_OPERATOR_IMAGE_NAME_AND_VERSION}${COMPONENT_TAG_EXTENSION} VERSION=${VERSION}

tmpcrd="${SHIELD_OP_DIR}/config/crd/bases/apis.integrityshield.io_integrityshieldren.yaml"
targetcrd="${SHIELD_OP_DIR}/config/crd/bases/apis.integrityshield.io_integrityshields.yaml"

if [ -f $tmpcrd ]; then
sed -i 's/integrityshieldren/integrityshields/g' $tmpcrd
mv $tmpcrd $targetcrd
fi

csvfile="bundle/manifests/integrity-shield-operator.clusterserviceversion.yaml"
cat $csvfile | yq r - -j > tmp.json
Expand All @@ -56,6 +63,11 @@ change=$(cat tmp.json | jq '.spec.installModes |=map (select(.type == "AllNamesp
cat tmp.json | yq r - -P > $csvfile
rm tmp.json

docker pull ${ISHIELD_OPERATOR_INDEX_IMAGE_NAME_AND_PREVIOUS_VERSION} | grep "Image is up to date" && pull_status="pulled" || pull_status="failed"
if [ "$pull_status" = "failed" ]; then
sed -i '/ replaces: /d' ${SHIELD_OP_DIR}/bundle/manifests/*.clusterserviceversion.yaml
fi

make bundle-build BUNDLE_IMG=${ISHIELD_OPERATOR_BUNDLE_IMAGE_NAME_AND_VERSION}${COMPONENT_TAG_EXTENSION}

# Push ishield-operator bundle
Expand All @@ -78,8 +90,6 @@ make docker-push IMG=$DOCKER_IMAGE_AND_TAG
echo -----------------------------
echo [3/4] Adding bundle to index

docker pull ${ISHIELD_OPERATOR_INDEX_IMAGE_NAME_AND_PREVIOUS_VERSION}${COMPONENT_TAG_EXTENSION} | grep "Image is up to date" && pull_status="pulled" || pull_status="failed"

if [ "$pull_status" = "failed" ]; then
sudo /usr/local/bin/opm index add -c docker --generate --bundles ${ISHIELD_OPERATOR_BUNDLE_IMAGE_NAME_AND_VERSION}${COMPONENT_TAG_EXTENSION} \
--tag ${ISHIELD_OPERATOR_INDEX_IMAGE_NAME_AND_VERSION}${COMPONENT_TAG_EXTENSION} --out-dockerfile tmp.Dockerfile
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1114,99 +1114,6 @@ spec:
format: int32
type: integer
type: object
signerConfig:
properties:
breakGlass:
items:
properties:
namespaces:
items:
type: string
type: array
scope:
type: string
type: object
type: array
description:
type: string
policies:
items:
properties:
excludeNamespaces:
items:
type: string
type: array
namespaces:
items:
type: string
type: array
scope:
type: string
signers:
items:
type: string
type: array
type: object
type: array
signers:
items:
properties:
name:
type: string
secret:
type: string
subjects:
items:
properties:
commonName:
type: string
country:
type: string
email:
type: string
locality:
type: string
organization:
type: string
organizationalUnit:
type: string
postalCode:
type: string
province:
type: string
serialNumber:
type: string
streetAddress:
type: string
uid:
type: string
type: object
type: array
type: object
type: array
type: object
tolerations:
items:
description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
properties:
effect:
description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
shieldConfig:
properties:
allow:
Expand Down Expand Up @@ -1554,6 +1461,55 @@ spec:
type: object
type: array
type: object
iShieldAdminUserGroup:
type: string
iShieldAdminUserName:
type: string
iShieldResource:
type: string
iShieldResourceCondition:
properties:
operatorResources:
items:
properties:
apiVersion:
type: string
kind:
type: string
name:
type: string
namespace:
type: string
required:
- apiVersion
- kind
- name
- namespace
type: object
type: array
operatorServiceAccount:
type: string
serverResources:
items:
properties:
apiVersion:
type: string
kind:
type: string
name:
type: string
namespace:
type: string
required:
- apiVersion
- kind
- name
- namespace
type: object
type: array
type: object
iShieldServerUserName:
type: string
ignore:
items:
properties:
Expand Down Expand Up @@ -1617,55 +1573,6 @@ spec:
type: object
type: object
type: object
iShieldAdminUserGroup:
type: string
iShieldAdminUserName:
type: string
iShieldResource:
type: string
iShieldResourceCondition:
properties:
operatorResources:
items:
properties:
apiVersion:
type: string
kind:
type: string
name:
type: string
namespace:
type: string
required:
- apiVersion
- kind
- name
- namespace
type: object
type: array
operatorServiceAccount:
type: string
serverResources:
items:
properties:
apiVersion:
type: string
kind:
type: string
name:
type: string
namespace:
type: string
required:
- apiVersion
- kind
- name
- namespace
type: object
type: array
type: object
iShieldServerUserName:
type: string
keyPathList:
items:
type: string
Expand Down Expand Up @@ -1821,6 +1728,99 @@ spec:
type: object
shieldConfigCrName:
type: string
signerConfig:
properties:
breakGlass:
items:
properties:
namespaces:
items:
type: string
type: array
scope:
type: string
type: object
type: array
description:
type: string
policies:
items:
properties:
excludeNamespaces:
items:
type: string
type: array
namespaces:
items:
type: string
type: array
scope:
type: string
signers:
items:
type: string
type: array
type: object
type: array
signers:
items:
properties:
name:
type: string
secret:
type: string
subjects:
items:
properties:
commonName:
type: string
country:
type: string
email:
type: string
locality:
type: string
organization:
type: string
organizationalUnit:
type: string
postalCode:
type: string
province:
type: string
serialNumber:
type: string
streetAddress:
type: string
uid:
type: string
type: object
type: array
type: object
type: array
type: object
tolerations:
items:
description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
properties:
effect:
description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
webhookClusterResource:
description: Rule is a tuple of APIGroups, APIVersion, and Resources.It is recommended to make sure that all the tuple expansions are valid.
properties:
Expand Down
Loading

0 comments on commit ec33fe2

Please sign in to comment.