From 61caba5b20cdba5ac982d61ad94a4ac5e1bf6a92 Mon Sep 17 00:00:00 2001 From: Aleksandr Rybolovlev Date: Tue, 18 Feb 2025 09:29:32 +0100 Subject: [PATCH] Add Red Hat OpenShift Operator Bundle (#513) --- .gitignore | 4 + Dockerfile | 6 +- Makefile | 26 ++- PROJECT | 1 - api/v1alpha2/agentpool_types.go | 6 +- api/v1alpha2/module_types.go | 3 +- api/v1alpha2/project_types.go | 4 +- api/v1alpha2/workspace_types.go | 4 +- .../crds/app.terraform.io_agentpools.yaml | 7 +- .../crds/app.terraform.io_modules.yaml | 3 +- .../crds/app.terraform.io_projects.yaml | 5 +- .../crds/app.terraform.io_workspaces.yaml | 5 +- .../bases/app.terraform.io_agentpools.yaml | 7 +- .../crd/bases/app.terraform.io_modules.yaml | 3 +- .../crd/bases/app.terraform.io_projects.yaml | 5 +- .../bases/app.terraform.io_workspaces.yaml | 5 +- config/crd/kustomization.yaml | 8 +- config/default/kustomization.yaml | 150 +++++++++++++----- config/default/manager_auth_proxy_patch.yaml | 9 +- config/default/manager_config_patch.yaml | 10 -- config/manager/controller_manager_config.yaml | 21 --- config/manager/kustomization.yaml | 12 +- config/manager/manager.yaml | 45 +++++- ...raform-operator.clusterserviceversion.yaml | 97 +++++++++++ config/manifests/kustomization.yaml | 7 +- config/prometheus/monitor.yaml | 2 +- config/rbac/agentpool_editor_role.yaml | 5 +- config/rbac/agentpool_viewer_role.yaml | 5 +- .../rbac/auth_proxy_client_clusterrole.yaml | 2 + config/rbac/auth_proxy_role_binding.yaml | 2 + config/rbac/auth_proxy_service.yaml | 1 + config/rbac/kustomization.yaml | 22 ++- config/rbac/leader_election_role.yaml | 4 +- config/rbac/leader_election_role_binding.yaml | 8 +- config/rbac/project_editor_role.yaml | 5 +- config/rbac/project_viewer_role.yaml | 5 +- config/rbac/role.yaml | 4 +- config/rbac/role_binding.yaml | 8 +- config/rbac/service_account.yaml | 4 +- config/samples/app_v1alpha2_agentpool.yaml | 17 +- config/samples/app_v1alpha2_module.yaml | 13 +- config/samples/app_v1alpha2_project.yaml | 15 +- config/samples/app_v1alpha2_workspace.yaml | 9 +- config/samples/kustomization.yaml | 2 +- config/scorecard/kustomization.yaml | 4 +- config/scorecard/patches/basic.config.yaml | 2 +- config/scorecard/patches/olm.config.yaml | 10 +- docs/api-reference.md | 17 +- hack/add-bundle-annotations.sh | 22 +++ 49 files changed, 456 insertions(+), 185 deletions(-) delete mode 100644 config/manager/controller_manager_config.yaml create mode 100644 config/manifests/bases/hcp-terraform-operator.clusterserviceversion.yaml create mode 100755 hack/add-bundle-annotations.sh diff --git a/.gitignore b/.gitignore index c6d71a10..e59c4ec2 100644 --- a/.gitignore +++ b/.gitignore @@ -25,3 +25,7 @@ terraform.tfstate* # Dependency directories (remove the comment below to include it) # vendor/ + +# OLM Bundle +bundle.Dockerfile +bundle/ diff --git a/Dockerfile b/Dockerfile index 3cab8d07..1b6a5f9d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -103,10 +103,10 @@ ENV BIN_NAME=$BIN_NAME LABEL name="HCP Terraform Operator" LABEL vendor="HashiCorp" LABEL release=$PRODUCT_REVISION -LABEL summary="HCP Terraform Operator for Kubernetes allows managing HCP Terraform / Terraform Enterprise resources via Kubernetes Custom Resources" -LABEL description="HCP Terraform Operator for Kubernetes allows managing HCP Terraform / Terraform Enterprise resources via Kubernetes Custom Resources" +LABEL summary="HCP Terraform Operator for Kubernetes allows managing HCP Terraform / Terraform Enterprise resources via Kubernetes Custom Resources." +LABEL description="HCP Terraform Operator for Kubernetes allows managing HCP Terraform / Terraform Enterprise resources via Kubernetes Custom Resources." -LABEL maintainer="Terraform Ecosystem - Hybrid Cloud Team " +LABEL maintainer="HashiCorp " LABEL version=$PRODUCT_VERSION LABEL revision=$PRODUCT_REVISION diff --git a/Makefile b/Makefile index d0447ff4..92336bb5 100644 --- a/Makefile +++ b/Makefile @@ -29,7 +29,7 @@ BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL) # # For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both # hashicorp/hcp-terraform-operator-bundle:$VERSION and hashicorp/hcp-terraform-operator-catalog:$VERSION. -IMAGE_TAG_BASE ?= hashicorp/hcp-terraform-operator +IMAGE_TAG_BASE ?= registry.connect.redhat.com/hashicorp/hcp-terraform-operator # BUNDLE_IMG defines the image:tag used for the bundle. # You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=/:) @@ -41,7 +41,7 @@ BUNDLE_GEN_FLAGS ?= -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS) # USE_IMAGE_DIGESTS defines if images are resolved via tags or digests # You can enable this value if you would like to use SHA Based Digests # To enable set flag to true -USE_IMAGE_DIGESTS ?= false +USE_IMAGE_DIGESTS ?= true ifeq ($(USE_IMAGE_DIGESTS), true) BUNDLE_GEN_FLAGS += --use-image-digests endif @@ -112,9 +112,9 @@ helm-test: test-helm ## Run Helm chart tests. This is an alias for the test-helm .PHONY: manifests manifests: controller-gen docs ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. - $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." \ + $(CONTROLLER_GEN) crd paths="./..." \ output:crd:artifacts:config=config/crd/bases - $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." \ + $(CONTROLLER_GEN) crd paths="./..." \ output:crd:artifacts:config=charts/hcp-terraform-operator/crds $(MAKE) copywrite @@ -243,6 +243,7 @@ CRD_REF_DOCS ?= $(LOCALBIN)/crd-ref-docs-$(CRD_REF_DOCS_VERSION) HELM_DOCS ?= $(LOCALBIN)/helm-docs-$(HELM_DOCS_VERSION) HASHICORP_COPYWRITE ?= $(LOCALBIN)/copywrite-$(HASHICORP_COPYWRITE_VERSION) GOLANGCI_LINT = $(LOCALBIN)/golangci-lint-$(GOLANGCI_LINT_VERSION) +YQ = $(LOCALBIN)/yq-$(YQ_VERSION) ## Tool Versions KUSTOMIZE_VERSION ?= v5.3.0 @@ -252,6 +253,7 @@ CRD_REF_DOCS_VERSION ?= v0.1.0 HELM_DOCS_VERSION ?= v1.14.2 HASHICORP_COPYWRITE_VERSION ?= v0.19.0 GOLANGCI_LINT_VERSION ?= v1.61.0 +YQ_VERSION ?= v4.44.3 .PHONY: kustomize kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. @@ -271,7 +273,7 @@ $(ENVTEST): $(LOCALBIN) .PHONY: golangci-lint golangci-lint: $(GOLANGCI_LINT) ## Download golangci-lint locally if necessary. $(GOLANGCI_LINT): $(LOCALBIN) - $(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/golangci-lint,${GOLANGCI_LINT_VERSION}) + $(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/golangci-lint,$(GOLANGCI_LINT_VERSION)) .PHONY: crd-ref-docs crd-ref-docs: $(CRD_REF_DOCS) ## Download crd-ref-docs locally if necessary. @@ -288,6 +290,12 @@ install-copywrite: $(HASHICORP_COPYWRITE) ## Download HashiCorp copywrite locall $(HASHICORP_COPYWRITE): $(LOCALBIN) $(call go-install-tool,$(HASHICORP_COPYWRITE),github.com/hashicorp/copywrite,$(HASHICORP_COPYWRITE_VERSION)) +.PHONY: yq +yq: $(YQ) ## Download yq locally if necessary. +$(YQ): $(LOCALBIN) + $(call go-install-tool,$(YQ),github.com/mikefarah/yq/v4,$(YQ_VERSION)) + ln -s $(YQ) $(LOCALBIN)/yq + # go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist # $1 - target path with name of binary (ideally with version) # $2 - package url which can be installed @@ -320,10 +328,11 @@ endif endif .PHONY: bundle -bundle: manifests kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files. +bundle: manifests kustomize operator-sdk yq ## Generate bundle manifests and metadata, then validate generated files. $(OPERATOR_SDK) generate kustomize manifests -q cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG) $(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle $(BUNDLE_GEN_FLAGS) + ./hack/add-bundle-annotations.sh $(OPERATOR_SDK) bundle validate ./bundle .PHONY: bundle-build @@ -334,6 +343,11 @@ bundle-build: ## Build the bundle image. bundle-push: ## Push the bundle image. $(MAKE) docker-push IMG=$(BUNDLE_IMG) +.PHONY: bundle-clean +bundle-clean: ## Clean the bundle artifacts. + @rm -fr bundle/ + @rm -f bundle.Dockerfile + .PHONY: opm OPM = $(LOCALBIN)/opm opm: ## Download opm locally if necessary. diff --git a/PROJECT b/PROJECT index 4796c6d5..2f023277 100644 --- a/PROJECT +++ b/PROJECT @@ -2,7 +2,6 @@ # This file is used to track the info used to scaffold your project # and allow the plugins properly work. # More info: https://book.kubebuilder.io/reference/project-config.html -componentConfig: true domain: terraform.io layout: - go.kubebuilder.io/v4 diff --git a/api/v1alpha2/agentpool_types.go b/api/v1alpha2/agentpool_types.go index b8d5c9a1..5e9db8ef 100644 --- a/api/v1alpha2/agentpool_types.go +++ b/api/v1alpha2/agentpool_types.go @@ -168,7 +168,11 @@ type AgentPoolStatus struct { //+kubebuilder:object:root=true //+kubebuilder:subresource:status -// AgentPool is the Schema for the agentpools API. +// AgentPool manages HCP Terraform Agent Pools, HCP Terraform Agent Tokens and can perform HCP Terraform Agent scaling. +// More infromation: +// - https://developer.hashicorp.com/terraform/cloud-docs/agents/agent-pools +// - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/api-tokens#agent-api-tokens +// - https://developer.hashicorp.com/terraform/cloud-docs/agents type AgentPool struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/api/v1alpha2/module_types.go b/api/v1alpha2/module_types.go index 0c29e463..9aed6fd9 100644 --- a/api/v1alpha2/module_types.go +++ b/api/v1alpha2/module_types.go @@ -152,8 +152,7 @@ type ModuleStatus struct { //+kubebuilder:printcolumn:name="CV Status",type=string,JSONPath=`.status.configurationVersion.status` //+kubebuilder:printcolumn:name="Run Status",type=string,JSONPath=`.status.run.status` -// Module is the Schema for the modules API -// Module implements the API-driven Run Workflow +// Module implements API-driven Run Workflows. // More information: // - https://developer.hashicorp.com/terraform/cloud-docs/run/api type Module struct { diff --git a/api/v1alpha2/project_types.go b/api/v1alpha2/project_types.go index fed7f64b..5093d760 100644 --- a/api/v1alpha2/project_types.go +++ b/api/v1alpha2/project_types.go @@ -167,7 +167,9 @@ type ProjectStatus struct { //+kubebuilder:printcolumn:name="Project Name",type=string,JSONPath=`.status.name` //+kubebuilder:printcolumn:name="Project ID",type=string,JSONPath=`.status.id` -// Project is the Schema for the projects API +// Project manages HCP Terraform Projects. +// More information: +// - https://developer.hashicorp.com/terraform/cloud-docs/projects/manage type Project struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/api/v1alpha2/workspace_types.go b/api/v1alpha2/workspace_types.go index 822aafec..8bb8dbe0 100644 --- a/api/v1alpha2/workspace_types.go +++ b/api/v1alpha2/workspace_types.go @@ -697,7 +697,9 @@ type WorkspaceStatus struct { //+kubebuilder:subresource:status //+kubebuilder:printcolumn:name="Workspace ID",type=string,JSONPath=`.status.workspaceID` -// Workspace is the Schema for the workspaces API +// Workspace manages HCP Terraform Workspaces. +// More information: +// - https://developer.hashicorp.com/terraform/cloud-docs/workspaces type Workspace struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/charts/hcp-terraform-operator/crds/app.terraform.io_agentpools.yaml b/charts/hcp-terraform-operator/crds/app.terraform.io_agentpools.yaml index 30d0b398..6845ff1f 100644 --- a/charts/hcp-terraform-operator/crds/app.terraform.io_agentpools.yaml +++ b/charts/hcp-terraform-operator/crds/app.terraform.io_agentpools.yaml @@ -20,7 +20,12 @@ spec: - name: v1alpha2 schema: openAPIV3Schema: - description: AgentPool is the Schema for the agentpools API. + description: |- + AgentPool manages HCP Terraform Agent Pools, HCP Terraform Agent Tokens and can perform HCP Terraform Agent scaling. + More infromation: + - https://developer.hashicorp.com/terraform/cloud-docs/agents/agent-pools + - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/api-tokens#agent-api-tokens + - https://developer.hashicorp.com/terraform/cloud-docs/agents properties: apiVersion: description: |- diff --git a/charts/hcp-terraform-operator/crds/app.terraform.io_modules.yaml b/charts/hcp-terraform-operator/crds/app.terraform.io_modules.yaml index 90c29a66..e52e1f8f 100644 --- a/charts/hcp-terraform-operator/crds/app.terraform.io_modules.yaml +++ b/charts/hcp-terraform-operator/crds/app.terraform.io_modules.yaml @@ -28,8 +28,7 @@ spec: schema: openAPIV3Schema: description: |- - Module is the Schema for the modules API - Module implements the API-driven Run Workflow + Module implements API-driven Run Workflows. More information: - https://developer.hashicorp.com/terraform/cloud-docs/run/api properties: diff --git a/charts/hcp-terraform-operator/crds/app.terraform.io_projects.yaml b/charts/hcp-terraform-operator/crds/app.terraform.io_projects.yaml index 9f532a1e..2a8ad395 100644 --- a/charts/hcp-terraform-operator/crds/app.terraform.io_projects.yaml +++ b/charts/hcp-terraform-operator/crds/app.terraform.io_projects.yaml @@ -27,7 +27,10 @@ spec: name: v1alpha2 schema: openAPIV3Schema: - description: Project is the Schema for the projects API + description: |- + Project manages HCP Terraform Projects. + More information: + - https://developer.hashicorp.com/terraform/cloud-docs/projects/manage properties: apiVersion: description: |- diff --git a/charts/hcp-terraform-operator/crds/app.terraform.io_workspaces.yaml b/charts/hcp-terraform-operator/crds/app.terraform.io_workspaces.yaml index 74624514..5ee6aa15 100644 --- a/charts/hcp-terraform-operator/crds/app.terraform.io_workspaces.yaml +++ b/charts/hcp-terraform-operator/crds/app.terraform.io_workspaces.yaml @@ -24,7 +24,10 @@ spec: name: v1alpha2 schema: openAPIV3Schema: - description: Workspace is the Schema for the workspaces API + description: |- + Workspace manages HCP Terraform Workspaces. + More information: + - https://developer.hashicorp.com/terraform/cloud-docs/workspaces properties: apiVersion: description: |- diff --git a/config/crd/bases/app.terraform.io_agentpools.yaml b/config/crd/bases/app.terraform.io_agentpools.yaml index eca536c5..1ac5de7f 100644 --- a/config/crd/bases/app.terraform.io_agentpools.yaml +++ b/config/crd/bases/app.terraform.io_agentpools.yaml @@ -17,7 +17,12 @@ spec: - name: v1alpha2 schema: openAPIV3Schema: - description: AgentPool is the Schema for the agentpools API. + description: |- + AgentPool manages HCP Terraform Agent Pools, HCP Terraform Agent Tokens and can perform HCP Terraform Agent scaling. + More infromation: + - https://developer.hashicorp.com/terraform/cloud-docs/agents/agent-pools + - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/api-tokens#agent-api-tokens + - https://developer.hashicorp.com/terraform/cloud-docs/agents properties: apiVersion: description: |- diff --git a/config/crd/bases/app.terraform.io_modules.yaml b/config/crd/bases/app.terraform.io_modules.yaml index 1cfd38e5..65a91908 100644 --- a/config/crd/bases/app.terraform.io_modules.yaml +++ b/config/crd/bases/app.terraform.io_modules.yaml @@ -25,8 +25,7 @@ spec: schema: openAPIV3Schema: description: |- - Module is the Schema for the modules API - Module implements the API-driven Run Workflow + Module implements API-driven Run Workflows. More information: - https://developer.hashicorp.com/terraform/cloud-docs/run/api properties: diff --git a/config/crd/bases/app.terraform.io_projects.yaml b/config/crd/bases/app.terraform.io_projects.yaml index b50bce2c..066afbae 100644 --- a/config/crd/bases/app.terraform.io_projects.yaml +++ b/config/crd/bases/app.terraform.io_projects.yaml @@ -24,7 +24,10 @@ spec: name: v1alpha2 schema: openAPIV3Schema: - description: Project is the Schema for the projects API + description: |- + Project manages HCP Terraform Projects. + More information: + - https://developer.hashicorp.com/terraform/cloud-docs/projects/manage properties: apiVersion: description: |- diff --git a/config/crd/bases/app.terraform.io_workspaces.yaml b/config/crd/bases/app.terraform.io_workspaces.yaml index 8e1454a5..9a9577de 100644 --- a/config/crd/bases/app.terraform.io_workspaces.yaml +++ b/config/crd/bases/app.terraform.io_workspaces.yaml @@ -21,7 +21,10 @@ spec: name: v1alpha2 schema: openAPIV3Schema: - description: Workspace is the Schema for the workspaces API + description: |- + Workspace manages HCP Terraform Workspaces. + More information: + - https://developer.hashicorp.com/terraform/cloud-docs/workspaces properties: apiVersion: description: |- diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index 109858bd..7ffb30c2 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -8,7 +8,7 @@ resources: - bases/app.terraform.io_projects.yaml #+kubebuilder:scaffold:crdkustomizeresource -patchesStrategicMerge: +patches: # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. # patches here are for enabling the conversion webhook for each CRD #- patches/webhook_in_workspaces.yaml @@ -25,6 +25,8 @@ patchesStrategicMerge: #- patches/cainjection_in_projects.yaml #+kubebuilder:scaffold:crdkustomizecainjectionpatch +# [WEBHOOK] To enable webhook, uncomment the following section # the following config is for teaching kustomize how to do kustomization for CRDs. -configurations: -- kustomizeconfig.yaml + +#configurations: +#- kustomizeconfig.yaml diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 0a4da326..f83fb22f 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -1,18 +1,20 @@ # Adds namespace to all resources. -namespace: terraform-cloud-operator-system +namespace: hcp-terraform-operator-system # Value of this field is prepended to the # names of all resources, e.g. a deployment named # "wordpress" becomes "alices-wordpress". # Note that it should also match with the prefix (text before '-') of the namespace # field above. -namePrefix: terraform-cloud-operator- +namePrefix: hcp-terraform-operator- # Labels to add to all resources and selectors. -#commonLabels: -# someName: someValue +#labels: +#- includeSelectors: true +# pairs: +# someName: someValue -bases: +resources: - ../crd - ../rbac - ../manager @@ -24,51 +26,117 @@ bases: # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. #- ../prometheus -patchesStrategicMerge: +patches: # Protect the /metrics endpoint by putting it behind auth. # If you want your controller-manager to expose the /metrics # endpoint w/o any authn/z, please comment the following line. -- manager_auth_proxy_patch.yaml - -# Mount the controller config file for loading manager configurations -# through a ComponentConfig type -- manager_config_patch.yaml +- path: manager_auth_proxy_patch.yaml # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml -#- manager_webhook_patch.yaml +#- path: manager_webhook_patch.yaml # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. # Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. # 'CERTMANAGER' needs to be enabled to use ca injection -#- webhookcainjection_patch.yaml +#- path: webhookcainjection_patch.yaml -# the following config is for teaching kustomize how to do var substitution -vars: # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. -#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -# fieldref: -# fieldpath: metadata.namespace -#- name: CERTIFICATE_NAME -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -#- name: SERVICE_NAMESPACE # namespace of the service -# objref: -# kind: Service -# version: v1 -# name: webhook-service -# fieldref: -# fieldpath: metadata.namespace -#- name: SERVICE_NAME -# objref: -# kind: Service -# version: v1 -# name: webhook-service +# Uncomment the following replacements to add the cert-manager CA injection annotations +#replacements: +# - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: serving-cert # this name should match the one in certificate.yaml +# fieldPath: .metadata.namespace # namespace of the certificate CR +# targets: +# - select: +# kind: ValidatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 0 +# create: true +# - select: +# kind: MutatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 0 +# create: true +# - select: +# kind: CustomResourceDefinition +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 0 +# create: true +# - source: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: serving-cert # this name should match the one in certificate.yaml +# fieldPath: .metadata.name +# targets: +# - select: +# kind: ValidatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 1 +# create: true +# - select: +# kind: MutatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 1 +# create: true +# - select: +# kind: CustomResourceDefinition +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 1 +# create: true +# - source: # Add cert-manager annotation to the webhook Service +# kind: Service +# version: v1 +# name: webhook-service +# fieldPath: .metadata.name # namespace of the service +# targets: +# - select: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# fieldPaths: +# - .spec.dnsNames.0 +# - .spec.dnsNames.1 +# options: +# delimiter: '.' +# index: 0 +# create: true +# - source: +# kind: Service +# version: v1 +# name: webhook-service +# fieldPath: .metadata.namespace # namespace of the service +# targets: +# - select: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# fieldPaths: +# - .spec.dnsNames.0 +# - .spec.dnsNames.1 +# options: +# delimiter: '.' +# index: 1 +# create: true diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml index 47b0d38d..a08d290b 100644 --- a/config/default/manager_auth_proxy_patch.yaml +++ b/config/default/manager_auth_proxy_patch.yaml @@ -12,11 +12,10 @@ spec: - name: kube-rbac-proxy securityContext: allowPrivilegeEscalation: false - # TODO(user): uncomment for common cases that do not require escalating privileges - # capabilities: - # drop: - # - "ALL" - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.11.0 + capabilities: + drop: + - "ALL" + image: registry.redhat.io/openshift4/ose-kube-rbac-proxy:v4.15 args: - "--secure-listen-address=0.0.0.0:8443" - "--upstream=http://127.0.0.1:8080/" diff --git a/config/default/manager_config_patch.yaml b/config/default/manager_config_patch.yaml index 6c400155..f6f58916 100644 --- a/config/default/manager_config_patch.yaml +++ b/config/default/manager_config_patch.yaml @@ -8,13 +8,3 @@ spec: spec: containers: - name: manager - args: - - "--config=controller_manager_config.yaml" - volumeMounts: - - name: manager-config - mountPath: /controller_manager_config.yaml - subPath: controller_manager_config.yaml - volumes: - - name: manager-config - configMap: - name: manager-config diff --git a/config/manager/controller_manager_config.yaml b/config/manager/controller_manager_config.yaml deleted file mode 100644 index 51bf51e6..00000000 --- a/config/manager/controller_manager_config.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 -kind: ControllerManagerConfig -health: - healthProbeBindAddress: :8081 -metrics: - bindAddress: 127.0.0.1:8080 -webhook: - port: 9443 -leaderElection: - leaderElect: true - resourceName: 17e835b5.terraform.io -# leaderElectionReleaseOnCancel defines if the leader should step down volume -# when the Manager ends. This requires the binary to immediately end when the -# Manager is stopped, otherwise, this setting is unsafe. Setting this significantly -# speeds up voluntary leader transitions as the new leader don't have to wait -# LeaseDuration time first. -# In the default scaffold provided, the program ends immediately after -# the manager stops, so would be fine to enable this option. However, -# if you are doing or is intended to do any operation such as perform cleanups -# after the manager stops then its usage might be unsafe. -# leaderElectionReleaseOnCancel: true diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 5e793dd1..9e4541fe 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -1,16 +1,8 @@ resources: - manager.yaml - -generatorOptions: - disableNameSuffixHash: true - -configMapGenerator: -- files: - - controller_manager_config.yaml - name: manager-config apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: - name: controller - newName: controller - newTag: latest + newName: registry.connect.redhat.com/hashicorp/hcp-terraform-operator + newTag: 2.8.0 diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 2ef007ad..bceed6e4 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -3,6 +3,7 @@ kind: Namespace metadata: labels: control-plane: controller-manager + app.kubernetes.io/name: hcp-terraform-operator name: system --- apiVersion: apps/v1 @@ -12,6 +13,7 @@ metadata: namespace: system labels: control-plane: controller-manager + app.kubernetes.io/name: hcp-terraform-operator spec: selector: matchLabels: @@ -24,6 +26,26 @@ spec: labels: control-plane: controller-manager spec: + # TODO(user): Uncomment the following code to configure the nodeAffinity expression + # according to the platforms which are supported by your solution. + # It is considered best practice to support multiple architectures. You can + # build your manager image using the makefile target docker-buildx. + # affinity: + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/arch + # operator: In + # values: + # - amd64 + # - arm64 + # - ppc64le + # - s390x + # - key: kubernetes.io/os + # operator: In + # values: + # - linux securityContext: runAsNonRoot: true # TODO(user): For common cases that do not require escalating privileges @@ -36,14 +58,25 @@ spec: containers: - command: - /manager + args: + - --sync-period=5m + - --agent-pool-workers=1 + - --agent-pool-sync-period=30s + - --module-workers=1 + - --module-sync-period=5m + - --project-workers=1 + - --project-sync-period=5m + - --workspace-workers=1 + - --workspace-sync-period=5m image: controller:latest name: manager securityContext: allowPrivilegeEscalation: false - # TODO(user): uncomment for common cases that do not require escalating privileges - # capabilities: - # drop: - # - "ALL" + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault livenessProbe: httpGet: path: /healthz @@ -63,7 +96,7 @@ spec: cpu: 500m memory: 128Mi requests: - cpu: 10m + cpu: 50m memory: 64Mi - serviceAccountName: controller-manager + serviceAccountName: hcp-terraform-operator-manager terminationGracePeriodSeconds: 10 diff --git a/config/manifests/bases/hcp-terraform-operator.clusterserviceversion.yaml b/config/manifests/bases/hcp-terraform-operator.clusterserviceversion.yaml new file mode 100644 index 00000000..3321a6fb --- /dev/null +++ b/config/manifests/bases/hcp-terraform-operator.clusterserviceversion.yaml @@ -0,0 +1,97 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[]' + capabilities: Basic Install + categories: Integration & Delivery + containerImage: registry.connect.redhat.com/hashicorp/hcp-terraform-operator + description: HCP Terraform Operator for Kubernetes allows managing HCP Terraform + / Terraform Enterprise resources via Kubernetes Custom Resources. + features.operators.openshift.io/cnf: "false" + features.operators.openshift.io/cni: "false" + features.operators.openshift.io/csi: "false" + features.operators.openshift.io/disconnected: "true" + features.operators.openshift.io/fips-compliant: "false" + features.operators.openshift.io/proxy-aware: "false" + features.operators.openshift.io/tls-profiles: "false" + features.operators.openshift.io/token-auth-aws: "false" + features.operators.openshift.io/token-auth-azure: "false" + features.operators.openshift.io/token-auth-gcp: "false" + operators.openshift.io/valid-subscription: Valid HCP Terraform / Terraform Enterprise + subscription is required + repository: https://github.com/hashicorp/hcp-terraform-operator + support: HashiCorp + name: hcp-terraform-operator.v0.0.0 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: |- + AgentPool manages HCP Terraform Agent Pools, HCP Terraform Agent Tokens and can perform HCP Terraform Agent scaling. + More infromation: + - https://developer.hashicorp.com/terraform/cloud-docs/agents/agent-pools + - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/api-tokens#agent-api-tokens + - https://developer.hashicorp.com/terraform/cloud-docs/agents + displayName: Agent Pool + kind: AgentPool + name: agentpools.app.terraform.io + version: v1alpha2 + - description: |- + Module implements API-driven Run Workflows. + More information: + - https://developer.hashicorp.com/terraform/cloud-docs/run/api + displayName: Module + kind: Module + name: modules.app.terraform.io + version: v1alpha2 + - description: |- + Project manages HCP Terraform Projects. + More information: + - https://developer.hashicorp.com/terraform/cloud-docs/projects/manage + displayName: Project + kind: Project + name: projects.app.terraform.io + version: v1alpha2 + - description: |- + Workspace manages HCP Terraform Workspaces. + More information: + - https://developer.hashicorp.com/terraform/cloud-docs/workspaces + displayName: Workspace + kind: Workspace + name: workspaces.app.terraform.io + version: v1alpha2 + description: HCP Terraform Operator for Kubernetes allows managing HCP Terraform + / Terraform Enterprise resources via Kubernetes Custom Resources. + displayName: HCP Terraform Operator + icon: + - base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHN2ZyBpZD0iTG9nb3MiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgdmlld0JveD0iMCAwIDY1Ljk3IDY1Ljk3Ij4KICA8ZGVmcz4KICAgIDxzdHlsZT4KICAgICAgLmNscy0xLCAuY2xzLTIgewogICAgICAgIGZpbGw6ICM3YjQyYmM7CiAgICAgICAgc3Ryb2tlLXdpZHRoOiAwcHg7CiAgICAgIH0KCiAgICAgIC5jbHMtMiB7CiAgICAgICAgZmlsbC1ydWxlOiBldmVub2RkOwogICAgICB9CiAgICA8L3N0eWxlPgogIDwvZGVmcz4KICA8cGF0aCBjbGFzcz0iY2xzLTIiIGQ9Ik0yNy42MSwxOS45MWwxMC43LDYuMnYxMi40bC0xMC43LTYuMnYtMTIuNFoiLz4KICA8cGF0aCBjbGFzcz0iY2xzLTIiIGQ9Ik0zOS41MSwyNi4xMXYxMi40bDEwLjctNi4ydi0xMi40bC0xMC43LDYuMloiLz4KICA8cGF0aCBjbGFzcz0iY2xzLTIiIGQ9Ik0xNS44MSwxMy4wMXYxMi40bDEwLjcsNi4ydi0xMi40bC0xMC43LTYuMloiLz4KICA8cGF0aCBjbGFzcz0iY2xzLTIiIGQ9Ik0yNy42MSw0Ni4wMWwxMC43LDYuMnYtMTIuNGwtMTAuNy02LjJ2MTIuNFoiLz4KICA8cGF0aCBjbGFzcz0iY2xzLTEiIGQ9Ik01Ny4xNyw2NS45N0g4LjhjLTEuNTYsMC0yLjcsMC0zLjYxLS4wNy0uOTYtLjA4LTEuNjItLjI0LTIuMTgtLjUyLTEuMDQtLjUzLTEuODctMS4zNi0yLjQtMi40LS4yOS0uNTctLjQ1LTEuMjItLjUyLTIuMTgtLjA3LS45Mi0uMDctMi4wNS0uMDctMy42MVY4LjhjMC0xLjU2LDAtMi42OS4wNy0zLjYxLjA4LS45Ni4yNC0xLjYyLjUyLTIuMThDMS4xMywxLjk2LDEuOTYsMS4xMywzLC42Yy41Ny0uMjksMS4yMi0uNDUsMi4xOC0uNTIuOTItLjA3LDIuMDUtLjA3LDMuNjEtLjA3aDQ4LjM4YzEuNTYsMCwyLjY5LDAsMy42MS4wNy45Ni4wOCwxLjYyLjI0LDIuMTguNTIsMS4wNC41MywxLjg3LDEuMzYsMi40LDIuNC4yOS41Ny40NSwxLjIyLjUyLDIuMTguMDcuOTIuMDcsMi4wNS4wNywzLjYxdjQ4LjM4YzAsMS41NiwwLDIuNy0uMDcsMy42MS0uMDguOTctLjI0LDEuNjItLjUyLDIuMTgtLjUzLDEuMDQtMS4zNiwxLjg3LTIuNCwyLjQtLjU3LjI5LTEuMjIuNDUtMi4xOC41Mi0uOTIuMDctMi4wNS4wNy0zLjYxLjA3Wk04LjgsMi43NWMtMS41LDAtMi41OCwwLTMuMzkuMDctLjU2LjA1LS45NC4xMi0xLjE2LjIzLS41Mi4yNy0uOTQuNjgtMS4yLDEuMi0uMTEuMjItLjE5LjYtLjIzLDEuMTYtLjA3LjgxLS4wNywxLjg5LS4wNywzLjM5djQ4LjM4YzAsMS40NCwwLDIuNTguMDcsMy4zOS4wNS41Ni4xMi45NC4yMywxLjE2LjI3LjUyLjY4Ljk0LDEuMiwxLjIuMjIuMTEuNi4xOSwxLjE2LjIzLjguMDcsMS44OS4wNywzLjM5LjA3aDQ4LjM4YzEuNSwwLDIuNTgsMCwzLjM5LS4wNy41Ni0uMDUuOTQtLjEyLDEuMTYtLjIzLjUyLS4yNy45NC0uNjgsMS4yLTEuMi4xMS0uMjIuMTktLjYuMjMtMS4xNi4wNy0uOC4wNy0xLjg5LjA3LTMuMzlWOC44YzAtMS41LDAtMi41OC0uMDctMy4zOS0uMDUtLjU2LS4xMi0uOTQtLjIzLTEuMTYtLjI3LS41Mi0uNjgtLjk0LTEuMi0xLjItLjIyLS4xMS0uNi0uMTktMS4xNi0uMjMtLjgxLS4wNy0xLjk0LS4wNy0zLjM5LS4wN0g4LjhaIi8+Cjwvc3ZnPg== + mediatype: image/svg+xml + install: + spec: + deployments: null + strategy: "" + installModes: + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - terraform + links: + - name: HCP Terraform Operator + url: https://github.com/hashicorp/hcp-terraform-operator + maintainers: + - email: hcp-tf-operator@hashicorp.com + name: HashiCorp + maturity: alpha + minKubeVersion: 1.24.0 + provider: + name: HashiCorp + url: https://www.hashicorp.com/ + version: 0.0.0 diff --git a/config/manifests/kustomization.yaml b/config/manifests/kustomization.yaml index a2590673..30877116 100644 --- a/config/manifests/kustomization.yaml +++ b/config/manifests/kustomization.yaml @@ -1,7 +1,7 @@ # These resources constitute the fully configured set of manifests # used to generate the 'manifests/' directory in a bundle. resources: -- bases/terraform-cloud-operator.clusterserviceversion.yaml +- bases/hcp-terraform-operator.clusterserviceversion.yaml - ../default - ../samples - ../scorecard @@ -9,7 +9,7 @@ resources: # [WEBHOOK] To enable webhooks, uncomment all the sections with [WEBHOOK] prefix. # Do NOT uncomment sections with prefix [CERTMANAGER], as OLM does not support cert-manager. # These patches remove the unnecessary "cert" volume and its manager container volumeMount. -#patchesJson6902: +#patches: #- target: # group: apps # version: v1 @@ -20,7 +20,8 @@ resources: # # Remove the manager container's "cert" volumeMount, since OLM will create and mount a set of certs. # # Update the indices in this path if adding or removing containers/volumeMounts in the manager's Deployment. # - op: remove -# path: /spec/template/spec/containers/1/volumeMounts/0 + +# path: /spec/template/spec/containers/0/volumeMounts/0 # # Remove the "cert" volume, since OLM will create and mount a set of certs. # # Update the indices in this path if adding or removing volumes in the manager's Deployment. # - op: remove diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml index d19136ae..d2018acf 100644 --- a/config/prometheus/monitor.yaml +++ b/config/prometheus/monitor.yaml @@ -1,10 +1,10 @@ - # Prometheus Monitor Service (Metrics) apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: labels: control-plane: controller-manager + app.kubernetes.io/name: hcp-terraform-operator name: controller-manager-metrics-monitor namespace: system spec: diff --git a/config/rbac/agentpool_editor_role.yaml b/config/rbac/agentpool_editor_role.yaml index 3df5d058..2f3350a7 100644 --- a/config/rbac/agentpool_editor_role.yaml +++ b/config/rbac/agentpool_editor_role.yaml @@ -6,9 +6,8 @@ metadata: app.kubernetes.io/name: clusterrole app.kubernetes.io/instance: agentpool-editor-role app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: terraform-cloud-operator - app.kubernetes.io/part-of: terraform-cloud-operator - app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/created-by: hcp-terraform-operator + app.kubernetes.io/part-of: hcp-terraform-operator name: agentpool-editor-role rules: - apiGroups: diff --git a/config/rbac/agentpool_viewer_role.yaml b/config/rbac/agentpool_viewer_role.yaml index 00bcfd3b..ab3208db 100644 --- a/config/rbac/agentpool_viewer_role.yaml +++ b/config/rbac/agentpool_viewer_role.yaml @@ -6,9 +6,8 @@ metadata: app.kubernetes.io/name: clusterrole app.kubernetes.io/instance: agentpool-viewer-role app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: terraform-cloud-operator - app.kubernetes.io/part-of: terraform-cloud-operator - app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/created-by: hcp-terraform-operator + app.kubernetes.io/part-of: hcp-terraform-operator name: agentpool-viewer-role rules: - apiGroups: diff --git a/config/rbac/auth_proxy_client_clusterrole.yaml b/config/rbac/auth_proxy_client_clusterrole.yaml index 51a75db4..5e565f8c 100644 --- a/config/rbac/auth_proxy_client_clusterrole.yaml +++ b/config/rbac/auth_proxy_client_clusterrole.yaml @@ -1,6 +1,8 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + app.kubernetes.io/name: hcp-terraform-operator name: metrics-reader rules: - nonResourceURLs: diff --git a/config/rbac/auth_proxy_role_binding.yaml b/config/rbac/auth_proxy_role_binding.yaml index ec7acc0a..56b34055 100644 --- a/config/rbac/auth_proxy_role_binding.yaml +++ b/config/rbac/auth_proxy_role_binding.yaml @@ -1,6 +1,8 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: + labels: + app.kubernetes.io/name: hcp-terraform-operator name: proxy-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/config/rbac/auth_proxy_service.yaml b/config/rbac/auth_proxy_service.yaml index 71f17972..b75f642a 100644 --- a/config/rbac/auth_proxy_service.yaml +++ b/config/rbac/auth_proxy_service.yaml @@ -3,6 +3,7 @@ kind: Service metadata: labels: control-plane: controller-manager + app.kubernetes.io/name: hcp-terraform-operator name: controller-manager-metrics-service namespace: system spec: diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index 731832a6..98227558 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -4,7 +4,7 @@ resources: # if your manager will use a service account that exists at # runtime. Be sure to update RoleBinding and ClusterRoleBinding # subjects if changing service account names. -- service_account.yaml +# - service_account.yaml - role.yaml - role_binding.yaml - leader_election_role.yaml @@ -12,7 +12,19 @@ resources: # Comment the following 4 lines if you want to disable # the auth proxy (https://github.com/brancz/kube-rbac-proxy) # which protects your /metrics endpoint. -- auth_proxy_service.yaml -- auth_proxy_role.yaml -- auth_proxy_role_binding.yaml -- auth_proxy_client_clusterrole.yaml +# - auth_proxy_service.yaml +# - auth_proxy_role.yaml +# - auth_proxy_role_binding.yaml +# - auth_proxy_client_clusterrole.yaml +# For each CRD, "Editor" and "Viewer" roles are scaffolded by +# default, aiding admins in cluster management. Those roles are +# not used by the Project itself. You can comment the following lines +# if you do not want those helpers be installed with your Project. +# - agentpool_editor_role.yaml +# - agentpool_viewer_role.yaml +# - module_editor_role.yaml +# - module_viewer_role.yaml +# - project_editor_role.yaml +# - project_viewer_role.yaml +# - workspace_editor_role.yaml +# - workspace_viewer_role.yaml diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml index 4190ec80..71a83a36 100644 --- a/config/rbac/leader_election_role.yaml +++ b/config/rbac/leader_election_role.yaml @@ -2,7 +2,9 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: leader-election-role + labels: + app.kubernetes.io/name: hcp-terraform-operator + name: leader-election rules: - apiGroups: - "" diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml index 1d1321ed..6356f980 100644 --- a/config/rbac/leader_election_role_binding.yaml +++ b/config/rbac/leader_election_role_binding.yaml @@ -1,12 +1,14 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: leader-election-rolebinding + labels: + app.kubernetes.io/name: hcp-terraform-operator + name: leader-election roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: leader-election-role + name: hcp-terraform-operator-leader-election subjects: - kind: ServiceAccount - name: controller-manager + name: hcp-terraform-operator-manager namespace: system diff --git a/config/rbac/project_editor_role.yaml b/config/rbac/project_editor_role.yaml index 810f74ee..d3322846 100644 --- a/config/rbac/project_editor_role.yaml +++ b/config/rbac/project_editor_role.yaml @@ -6,9 +6,8 @@ metadata: app.kubernetes.io/name: clusterrole app.kubernetes.io/instance: project-editor-role app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: terraform-cloud-operator - app.kubernetes.io/part-of: terraform-cloud-operator - app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/created-by: hcp-terraform-operator + app.kubernetes.io/part-of: hcp-terraform-operator name: project-editor-role rules: - apiGroups: diff --git a/config/rbac/project_viewer_role.yaml b/config/rbac/project_viewer_role.yaml index b796827e..26b4acef 100644 --- a/config/rbac/project_viewer_role.yaml +++ b/config/rbac/project_viewer_role.yaml @@ -6,9 +6,8 @@ metadata: app.kubernetes.io/name: clusterrole app.kubernetes.io/instance: project-viewer-role app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: terraform-cloud-operator - app.kubernetes.io/part-of: terraform-cloud-operator - app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/created-by: hcp-terraform-operator + app.kubernetes.io/part-of: hcp-terraform-operator name: project-viewer-role rules: - apiGroups: diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 5643c7b3..61aeb607 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -2,7 +2,9 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: manager-role + labels: + app.kubernetes.io/name: hcp-terraform-operator + name: manager rules: - apiGroups: - "" diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml index 2070ede4..bbfc0d23 100644 --- a/config/rbac/role_binding.yaml +++ b/config/rbac/role_binding.yaml @@ -1,12 +1,14 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: manager-rolebinding + labels: + app.kubernetes.io/name: hcp-terraform-operator + name: manager roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: manager-role + name: hcp-terraform-operator-manager subjects: - kind: ServiceAccount - name: controller-manager + name: hcp-terraform-operator-manager namespace: system diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml index 7cd6025b..f6d43987 100644 --- a/config/rbac/service_account.yaml +++ b/config/rbac/service_account.yaml @@ -1,5 +1,7 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: controller-manager + labels: + app.kubernetes.io/name: hcp-terraform-operator + name: manager namespace: system diff --git a/config/samples/app_v1alpha2_agentpool.yaml b/config/samples/app_v1alpha2_agentpool.yaml index e594ae75..a0865e46 100644 --- a/config/samples/app_v1alpha2_agentpool.yaml +++ b/config/samples/app_v1alpha2_agentpool.yaml @@ -1,12 +1,13 @@ apiVersion: app.terraform.io/v1alpha2 kind: AgentPool metadata: - labels: - app.kubernetes.io/name: agentpool - app.kubernetes.io/instance: agentpool-sample - app.kubernetes.io/part-of: terraform-cloud-operator - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/created-by: terraform-cloud-operator - name: agentpool-sample + name: spec: - # TODO(user): Add fields here + organization: + token: + secretKeyRef: + name: + key: + name: + agentTokens: + - name: token diff --git a/config/samples/app_v1alpha2_module.yaml b/config/samples/app_v1alpha2_module.yaml index 4b1a6217..9bb431e0 100644 --- a/config/samples/app_v1alpha2_module.yaml +++ b/config/samples/app_v1alpha2_module.yaml @@ -1,6 +1,15 @@ apiVersion: app.terraform.io/v1alpha2 kind: Module metadata: - name: module-sample + name: spec: - # TODO(user): Add fields here + organization: + token: + secretKeyRef: + name: + key: + module: + source: redeux/terraform-cloud-agent/kubernetes + version: 1.0.1 + workspace: + id: diff --git a/config/samples/app_v1alpha2_project.yaml b/config/samples/app_v1alpha2_project.yaml index 6d0c755d..7f4cea13 100644 --- a/config/samples/app_v1alpha2_project.yaml +++ b/config/samples/app_v1alpha2_project.yaml @@ -1,12 +1,11 @@ apiVersion: app.terraform.io/v1alpha2 kind: Project metadata: - labels: - app.kubernetes.io/name: project - app.kubernetes.io/instance: project-sample - app.kubernetes.io/part-of: terraform-cloud-operator - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/created-by: terraform-cloud-operator - name: project-sample + name: spec: - # TODO(user): Add fields here + organization: + token: + secretKeyRef: + name: + key: + name: diff --git a/config/samples/app_v1alpha2_workspace.yaml b/config/samples/app_v1alpha2_workspace.yaml index 40603188..219c8df1 100644 --- a/config/samples/app_v1alpha2_workspace.yaml +++ b/config/samples/app_v1alpha2_workspace.yaml @@ -1,6 +1,11 @@ apiVersion: app.terraform.io/v1alpha2 kind: Workspace metadata: - name: workspace-sample + name: spec: - # TODO(user): Add fields here + organization: + token: + secretKeyRef: + name: + key: + name: diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml index be7a2494..416a6e4d 100644 --- a/config/samples/kustomization.yaml +++ b/config/samples/kustomization.yaml @@ -1,4 +1,4 @@ -## Append samples you want in your CSV to this file as resources ## +## Append samples of your project ## resources: - app_v1alpha2_workspace.yaml - app_v1alpha2_module.yaml diff --git a/config/scorecard/kustomization.yaml b/config/scorecard/kustomization.yaml index 50cd2d08..a9a84a85 100644 --- a/config/scorecard/kustomization.yaml +++ b/config/scorecard/kustomization.yaml @@ -1,6 +1,6 @@ resources: - bases/config.yaml -patchesJson6902: +patches: - path: patches/basic.config.yaml target: group: scorecard.operatorframework.io @@ -13,4 +13,4 @@ patchesJson6902: version: v1alpha3 kind: Configuration name: config -#+kubebuilder:scaffold:patchesJson6902 +#+kubebuilder:scaffold:patches diff --git a/config/scorecard/patches/basic.config.yaml b/config/scorecard/patches/basic.config.yaml index 721b95f8..fd6200ae 100644 --- a/config/scorecard/patches/basic.config.yaml +++ b/config/scorecard/patches/basic.config.yaml @@ -4,7 +4,7 @@ entrypoint: - scorecard-test - basic-check-spec - image: quay.io/operator-framework/scorecard-test:v1.22.0 + image: quay.io/operator-framework/scorecard-test:v1.37.0 labels: suite: basic test: basic-check-spec-test diff --git a/config/scorecard/patches/olm.config.yaml b/config/scorecard/patches/olm.config.yaml index be12e2c8..a547ce21 100644 --- a/config/scorecard/patches/olm.config.yaml +++ b/config/scorecard/patches/olm.config.yaml @@ -4,7 +4,7 @@ entrypoint: - scorecard-test - olm-bundle-validation - image: quay.io/operator-framework/scorecard-test:v1.22.0 + image: quay.io/operator-framework/scorecard-test:v1.37.0 labels: suite: olm test: olm-bundle-validation-test @@ -14,7 +14,7 @@ entrypoint: - scorecard-test - olm-crds-have-validation - image: quay.io/operator-framework/scorecard-test:v1.22.0 + image: quay.io/operator-framework/scorecard-test:v1.37.0 labels: suite: olm test: olm-crds-have-validation-test @@ -24,7 +24,7 @@ entrypoint: - scorecard-test - olm-crds-have-resources - image: quay.io/operator-framework/scorecard-test:v1.22.0 + image: quay.io/operator-framework/scorecard-test:v1.37.0 labels: suite: olm test: olm-crds-have-resources-test @@ -34,7 +34,7 @@ entrypoint: - scorecard-test - olm-spec-descriptors - image: quay.io/operator-framework/scorecard-test:v1.22.0 + image: quay.io/operator-framework/scorecard-test:v1.37.0 labels: suite: olm test: olm-spec-descriptors-test @@ -44,7 +44,7 @@ entrypoint: - scorecard-test - olm-status-descriptors - image: quay.io/operator-framework/scorecard-test:v1.22.0 + image: quay.io/operator-framework/scorecard-test:v1.37.0 labels: suite: olm test: olm-status-descriptors-test diff --git a/docs/api-reference.md b/docs/api-reference.md index ab8c9e47..5e1fc7ed 100644 --- a/docs/api-reference.md +++ b/docs/api-reference.md @@ -86,7 +86,11 @@ _Appears in:_ -AgentPool is the Schema for the agentpools API. +AgentPool manages HCP Terraform Agent Pools, HCP Terraform Agent Tokens and can perform HCP Terraform Agent scaling. +More infromation: + - https://developer.hashicorp.com/terraform/cloud-docs/agents/agent-pools + - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/api-tokens#agent-api-tokens + - https://developer.hashicorp.com/terraform/cloud-docs/agents @@ -248,8 +252,7 @@ _Appears in:_ -Module is the Schema for the modules API -Module implements the API-driven Run Workflow +Module implements API-driven Run Workflows. More information: - https://developer.hashicorp.com/terraform/cloud-docs/run/api @@ -419,7 +422,9 @@ _Appears in:_ -Project is the Schema for the projects API +Project manages HCP Terraform Projects. +More information: + - https://developer.hashicorp.com/terraform/cloud-docs/projects/manage @@ -732,7 +737,9 @@ _Appears in:_ -Workspace is the Schema for the workspaces API +Workspace manages HCP Terraform Workspaces. +More information: + - https://developer.hashicorp.com/terraform/cloud-docs/workspaces diff --git a/hack/add-bundle-annotations.sh b/hack/add-bundle-annotations.sh new file mode 100755 index 00000000..6babb6ac --- /dev/null +++ b/hack/add-bundle-annotations.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + +# Ensure that 'yq' is installed in the bin directory by running 'make yq' +YQ="$ROOT/bin/yq" +CSV_FILE="bundle/manifests/hcp-terraform-operator.clusterserviceversion.yaml" + +##### Add 'com.redhat.openshift.versions' annotation. +echo "Add 'com.redhat.openshift.versions' annotation." +OPENSHIFT_VERSIONS="\"v4.12\"" +{ + echo "" + echo " # OpenShift specific annotations" + echo " com.redhat.openshift.versions: $OPENSHIFT_VERSIONS" +} >> bundle/metadata/annotations.yaml + +##### Add 'containerImage' annotation. +echo "Add 'containerImage' annotation." +IMAGE=$(yq '.spec.install.spec.deployments[] | select(.name == "hcp-terraform-operator-controller-manager") | .spec.template.spec.containers[] | select(.name == "manager") | .image' $CSV_FILE) +echo $IMAGE +yq -i ".metadata.annotations.containerImage = \"$IMAGE\"" $CSV_FILE