-
Notifications
You must be signed in to change notification settings - Fork 598
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
operator [N] ack-acmpca-controller (0.0.1)
- Loading branch information
Showing
8 changed files
with
876 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
FROM scratch | ||
|
||
# Core bundle labels. | ||
LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 | ||
LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ | ||
LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ | ||
LABEL operators.operatorframework.io.bundle.package.v1=ack-acmpca-controller | ||
LABEL operators.operatorframework.io.bundle.channels.v1=alpha | ||
LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha | ||
LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.28.0 | ||
LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 | ||
LABEL operators.operatorframework.io.metrics.project_layout=unknown | ||
|
||
# Labels for testing. | ||
LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 | ||
LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ | ||
|
||
# Copy files to locations specified by labels. | ||
COPY bundle/manifests /manifests/ | ||
COPY bundle/metadata /metadata/ | ||
COPY bundle/tests/scorecard /tests/scorecard/ |
269 changes: 269 additions & 0 deletions
269
...rs/ack-acmpca-controller/0.0.1/manifests/ack-acmpca-controller.clusterserviceversion.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,269 @@ | ||
apiVersion: operators.coreos.com/v1alpha1 | ||
kind: ClusterServiceVersion | ||
metadata: | ||
annotations: | ||
alm-examples: |- | ||
[ | ||
{ | ||
"apiVersion": "acmpca.services.k8s.aws/v1alpha1", | ||
"kind": "CertificateAuthority", | ||
"metadata": { | ||
"name": "example" | ||
}, | ||
"spec": {} | ||
} | ||
] | ||
capabilities: Basic Install | ||
categories: Cloud Provider | ||
certified: "false" | ||
containerImage: public.ecr.aws/aws-controllers-k8s/acmpca-controller:0.0.1 | ||
createdAt: "2023-12-11T19:24:07Z" | ||
description: AWS ACM PCA controller is a service controller for managing ACM PCA | ||
resources in Kubernetes | ||
operatorframework.io/suggested-namespace: ack-system | ||
operators.operatorframework.io/builder: operator-sdk-v1.28.0 | ||
operators.operatorframework.io/project_layout: unknown | ||
repository: https://github.com/aws-controllers-k8s | ||
support: Community | ||
name: ack-acmpca-controller.v0.0.1 | ||
namespace: placeholder | ||
spec: | ||
apiservicedefinitions: {} | ||
customresourcedefinitions: | ||
owned: | ||
- description: CertificateAuthority represents the state of an AWS acmpca CertificateAuthority | ||
resource. | ||
displayName: CertificateAuthority | ||
kind: CertificateAuthority | ||
name: certificateauthorities.acmpca.services.k8s.aws | ||
version: v1alpha1 | ||
description: |- | ||
Manage Amazon ACM PCA resources in AWS from within your Kubernetes cluster. | ||
**About Amazon ACM PCA** | ||
AWS Private CA enables creation of private certificate authority (CA) hierarchies, including root and subordinate CAs, without the investment and maintenance costs of operating an on-premises CA. Your private CAs can issue end-entity X.509 certificates useful in scenarios including: | ||
- Creating encrypted TLS communication channels | ||
- Authenticating users, computers, API endpoints, and IoT devices | ||
- Cryptographically signing code | ||
- Implementing Online Certificate Status Protocol (OCSP) for obtaining certificate revocation status | ||
**About the AWS Controllers for Kubernetes** | ||
This controller is a component of the [AWS Controller for Kubernetes](https://github.com/aws/aws-controllers-k8s) project. This project is currently in **developer preview**. | ||
**Pre-Installation Steps** | ||
Please follow the following link: [Red Hat OpenShift](https://aws-controllers-k8s.github.io/community/docs/user-docs/openshift/) | ||
displayName: AWS Controllers for Kubernetes - Amazon ACM PCA | ||
icon: | ||
- base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDE5LjAuMSwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IiB2aWV3Qm94PSIwIDAgMzA0IDE4MiIgc3R5bGU9ImVuYWJsZS1iYWNrZ3JvdW5kOm5ldyAwIDAgMzA0IDE4MjsiIHhtbDpzcGFjZT0icHJlc2VydmUiPgo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgoJLnN0MHtmaWxsOiMyNTJGM0U7fQoJLnN0MXtmaWxsLXJ1bGU6ZXZlbm9kZDtjbGlwLXJ1bGU6ZXZlbm9kZDtmaWxsOiNGRjk5MDA7fQo8L3N0eWxlPgo8Zz4KCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04Ni40LDY2LjRjMCwzLjcsMC40LDYuNywxLjEsOC45YzAuOCwyLjIsMS44LDQuNiwzLjIsNy4yYzAuNSwwLjgsMC43LDEuNiwwLjcsMi4zYzAsMS0wLjYsMi0xLjksM2wtNi4zLDQuMiAgIGMtMC45LDAuNi0xLjgsMC45LTIuNiwwLjljLTEsMC0yLTAuNS0zLTEuNEM3Ni4yLDkwLDc1LDg4LjQsNzQsODYuOGMtMS0xLjctMi0zLjYtMy4xLTUuOWMtNy44LDkuMi0xNy42LDEzLjgtMjkuNCwxMy44ICAgYy04LjQsMC0xNS4xLTIuNC0yMC03LjJjLTQuOS00LjgtNy40LTExLjItNy40LTE5LjJjMC04LjUsMy0xNS40LDkuMS0yMC42YzYuMS01LjIsMTQuMi03LjgsMjQuNS03LjhjMy40LDAsNi45LDAuMywxMC42LDAuOCAgIGMzLjcsMC41LDcuNSwxLjMsMTEuNSwyLjJ2LTcuM2MwLTcuNi0xLjYtMTIuOS00LjctMTZjLTMuMi0zLjEtOC42LTQuNi0xNi4zLTQuNmMtMy41LDAtNy4xLDAuNC0xMC44LDEuM2MtMy43LDAuOS03LjMsMi0xMC44LDMuNCAgIGMtMS42LDAuNy0yLjgsMS4xLTMuNSwxLjNjLTAuNywwLjItMS4yLDAuMy0xLjYsMC4zYy0xLjQsMC0yLjEtMS0yLjEtMy4xdi00LjljMC0xLjYsMC4yLTIuOCwwLjctMy41YzAuNS0wLjcsMS40LTEuNCwyLjgtMi4xICAgYzMuNS0xLjgsNy43LTMuMywxMi42LTQuNWM0LjktMS4zLDEwLjEtMS45LDE1LjYtMS45YzExLjksMCwyMC42LDIuNywyNi4yLDguMWM1LjUsNS40LDguMywxMy42LDguMywyNC42VjY2LjR6IE00NS44LDgxLjYgICBjMy4zLDAsNi43LTAuNiwxMC4zLTEuOGMzLjYtMS4yLDYuOC0zLjQsOS41LTYuNGMxLjYtMS45LDIuOC00LDMuNC02LjRjMC42LTIuNCwxLTUuMywxLTguN3YtNC4yYy0yLjktMC43LTYtMS4zLTkuMi0xLjcgICBjLTMuMi0wLjQtNi4zLTAuNi05LjQtMC42Yy02LjcsMC0xMS42LDEuMy0xNC45LDRjLTMuMywyLjctNC45LDYuNS00LjksMTEuNWMwLDQuNywxLjIsOC4yLDMuNywxMC42ICAgQzM3LjcsODAuNCw0MS4yLDgxLjYsNDUuOCw4MS42eiBNMTI2LjEsOTIuNGMtMS44LDAtMy0wLjMtMy44LTFjLTAuOC0wLjYtMS41LTItMi4xLTMuOUw5Ni43LDEwLjJjLTAuNi0yLTAuOS0zLjMtMC45LTQgICBjMC0xLjYsMC44LTIuNSwyLjQtMi41aDkuOGMxLjksMCwzLjIsMC4zLDMuOSwxYzAuOCwwLjYsMS40LDIsMiwzLjlsMTYuOCw2Ni4ybDE1LjYtNjYuMmMwLjUtMiwxLjEtMy4zLDEuOS0zLjljMC44LTAuNiwyLjItMSw0LTEgICBoOGMxLjksMCwzLjIsMC4zLDQsMWMwLjgsMC42LDEuNSwyLDEuOSwzLjlsMTUuOCw2N2wxNy4zLTY3YzAuNi0yLDEuMy0zLjMsMi0zLjljMC44LTAuNiwyLjEtMSwzLjktMWg5LjNjMS42LDAsMi41LDAuOCwyLjUsMi41ICAgYzAsMC41LTAuMSwxLTAuMiwxLjZjLTAuMSwwLjYtMC4zLDEuNC0wLjcsMi41bC0yNC4xLDc3LjNjLTAuNiwyLTEuMywzLjMtMi4xLDMuOWMtMC44LDAuNi0yLjEsMS0zLjgsMWgtOC42Yy0xLjksMC0zLjItMC4zLTQtMSAgIGMtMC44LTAuNy0xLjUtMi0xLjktNEwxNTYsMjNsLTE1LjQsNjQuNGMtMC41LDItMS4xLDMuMy0xLjksNGMtMC44LDAuNy0yLjIsMS00LDFIMTI2LjF6IE0yNTQuNiw5NS4xYy01LjIsMC0xMC40LTAuNi0xNS40LTEuOCAgIGMtNS0xLjItOC45LTIuNS0xMS41LTRjLTEuNi0wLjktMi43LTEuOS0zLjEtMi44Yy0wLjQtMC45LTAuNi0xLjktMC42LTIuOHYtNS4xYzAtMi4xLDAuOC0zLjEsMi4zLTMuMWMwLjYsMCwxLjIsMC4xLDEuOCwwLjMgICBjMC42LDAuMiwxLjUsMC42LDIuNSwxYzMuNCwxLjUsNy4xLDIuNywxMSwzLjVjNCwwLjgsNy45LDEuMiwxMS45LDEuMmM2LjMsMCwxMS4yLTEuMSwxNC42LTMuM2MzLjQtMi4yLDUuMi01LjQsNS4yLTkuNSAgIGMwLTIuOC0wLjktNS4xLTIuNy03Yy0xLjgtMS45LTUuMi0zLjYtMTAuMS01LjJMMjQ2LDUyYy03LjMtMi4zLTEyLjctNS43LTE2LTEwLjJjLTMuMy00LjQtNS05LjMtNS0xNC41YzAtNC4yLDAuOS03LjksMi43LTExLjEgICBjMS44LTMuMiw0LjItNiw3LjItOC4yYzMtMi4zLDYuNC00LDEwLjQtNS4yYzQtMS4yLDguMi0xLjcsMTIuNi0xLjdjMi4yLDAsNC41LDAuMSw2LjcsMC40YzIuMywwLjMsNC40LDAuNyw2LjUsMS4xICAgYzIsMC41LDMuOSwxLDUuNywxLjZjMS44LDAuNiwzLjIsMS4yLDQuMiwxLjhjMS40LDAuOCwyLjQsMS42LDMsMi41YzAuNiwwLjgsMC45LDEuOSwwLjksMy4zdjQuN2MwLDIuMS0wLjgsMy4yLTIuMywzLjIgICBjLTAuOCwwLTIuMS0wLjQtMy44LTEuMmMtNS43LTIuNi0xMi4xLTMuOS0xOS4yLTMuOWMtNS43LDAtMTAuMiwwLjktMTMuMywyLjhjLTMuMSwxLjktNC43LDQuOC00LjcsOC45YzAsMi44LDEsNS4yLDMsNy4xICAgYzIsMS45LDUuNywzLjgsMTEsNS41bDE0LjIsNC41YzcuMiwyLjMsMTIuNCw1LjUsMTUuNSw5LjZjMy4xLDQuMSw0LjYsOC44LDQuNiwxNGMwLDQuMy0wLjksOC4yLTIuNiwxMS42ICAgYy0xLjgsMy40LTQuMiw2LjQtNy4zLDguOGMtMy4xLDIuNS02LjgsNC4zLTExLjEsNS42QzI2NC40LDk0LjQsMjU5LjcsOTUuMSwyNTQuNiw5NS4xeiIvPgoJPGc+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI3My41LDE0My43Yy0zMi45LDI0LjMtODAuNywzNy4yLTEyMS44LDM3LjJjLTU3LjYsMC0xMDkuNS0yMS4zLTE0OC43LTU2LjdjLTMuMS0yLjgtMC4zLTYuNiwzLjQtNC40ICAgIGM0Mi40LDI0LjYsOTQuNywzOS41LDE0OC44LDM5LjVjMzYuNSwwLDc2LjYtNy42LDExMy41LTIzLjJDMjc0LjIsMTMzLjYsMjc4LjksMTM5LjcsMjczLjUsMTQzLjd6Ii8+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI4Ny4yLDEyOC4xYy00LjItNS40LTI3LjgtMi42LTM4LjUtMS4zYy0zLjIsMC40LTMuNy0yLjQtMC44LTQuNWMxOC44LTEzLjIsNDkuNy05LjQsNTMuMy01ICAgIGMzLjYsNC41LTEsMzUuNC0xOC42LDUwLjJjLTIuNywyLjMtNS4zLDEuMS00LjEtMS45QzI4Mi41LDE1NS43LDI5MS40LDEzMy40LDI4Ny4yLDEyOC4xeiIvPgoJPC9nPgo8L2c+Cjwvc3ZnPg== | ||
mediatype: image/svg+xml | ||
install: | ||
spec: | ||
clusterPermissions: | ||
- rules: | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- configmaps | ||
verbs: | ||
- get | ||
- list | ||
- patch | ||
- watch | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- namespaces | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- secrets | ||
verbs: | ||
- get | ||
- list | ||
- patch | ||
- watch | ||
- apiGroups: | ||
- acmpca.services.k8s.aws | ||
resources: | ||
- certificateauthorities | ||
verbs: | ||
- create | ||
- delete | ||
- get | ||
- list | ||
- patch | ||
- update | ||
- watch | ||
- apiGroups: | ||
- acmpca.services.k8s.aws | ||
resources: | ||
- certificateauthorities/status | ||
verbs: | ||
- get | ||
- patch | ||
- update | ||
- apiGroups: | ||
- services.k8s.aws | ||
resources: | ||
- adoptedresources | ||
verbs: | ||
- create | ||
- delete | ||
- get | ||
- list | ||
- patch | ||
- update | ||
- watch | ||
- apiGroups: | ||
- services.k8s.aws | ||
resources: | ||
- adoptedresources/status | ||
verbs: | ||
- get | ||
- patch | ||
- update | ||
- apiGroups: | ||
- services.k8s.aws | ||
resources: | ||
- fieldexports | ||
verbs: | ||
- create | ||
- delete | ||
- get | ||
- list | ||
- patch | ||
- update | ||
- watch | ||
- apiGroups: | ||
- services.k8s.aws | ||
resources: | ||
- fieldexports/status | ||
verbs: | ||
- get | ||
- patch | ||
- update | ||
serviceAccountName: ack-acmpca-controller | ||
deployments: | ||
- label: | ||
app.kubernetes.io/name: ack-acmpca-controller | ||
app.kubernetes.io/part-of: ack-system | ||
name: ack-acmpca-controller | ||
spec: | ||
replicas: 1 | ||
selector: | ||
matchLabels: | ||
app.kubernetes.io/name: ack-acmpca-controller | ||
strategy: {} | ||
template: | ||
metadata: | ||
labels: | ||
app.kubernetes.io/name: ack-acmpca-controller | ||
spec: | ||
containers: | ||
- args: | ||
- --aws-region | ||
- $(AWS_REGION) | ||
- --aws-endpoint-url | ||
- $(AWS_ENDPOINT_URL) | ||
- --enable-development-logging=$(ACK_ENABLE_DEVELOPMENT_LOGGING) | ||
- --log-level | ||
- $(ACK_LOG_LEVEL) | ||
- --resource-tags | ||
- $(ACK_RESOURCE_TAGS) | ||
- --watch-namespace | ||
- $(ACK_WATCH_NAMESPACE) | ||
- --enable-leader-election=$(ENABLE_LEADER_ELECTION) | ||
- --leader-election-namespace | ||
- $(LEADER_ELECTION_NAMESPACE) | ||
command: | ||
- ./bin/controller | ||
env: | ||
- name: ACK_SYSTEM_NAMESPACE | ||
valueFrom: | ||
fieldRef: | ||
fieldPath: metadata.namespace | ||
envFrom: | ||
- configMapRef: | ||
name: ack-acmpca-user-config | ||
optional: false | ||
- secretRef: | ||
name: ack-acmpca-user-secrets | ||
optional: true | ||
image: public.ecr.aws/aws-controllers-k8s/acmpca-controller:0.0.1 | ||
name: controller | ||
ports: | ||
- containerPort: 8080 | ||
name: http | ||
resources: | ||
limits: | ||
cpu: 100m | ||
memory: 300Mi | ||
requests: | ||
cpu: 100m | ||
memory: 200Mi | ||
securityContext: | ||
allowPrivilegeEscalation: false | ||
capabilities: | ||
drop: | ||
- ALL | ||
privileged: false | ||
runAsNonRoot: true | ||
dnsPolicy: ClusterFirst | ||
securityContext: | ||
seccompProfile: | ||
type: RuntimeDefault | ||
serviceAccountName: ack-acmpca-controller | ||
terminationGracePeriodSeconds: 10 | ||
permissions: | ||
- rules: | ||
- apiGroups: | ||
- coordination.k8s.io | ||
resources: | ||
- leases | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
- create | ||
- update | ||
- patch | ||
- delete | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- events | ||
verbs: | ||
- create | ||
- patch | ||
serviceAccountName: ack-acmpca-controller | ||
strategy: deployment | ||
installModes: | ||
- supported: true | ||
type: AllNamespaces | ||
keywords: | ||
- acmpca | ||
- aws | ||
- amazon | ||
- ack | ||
links: | ||
- name: AWS Controllers for Kubernetes | ||
url: https://github.com/aws-controllers-k8s/community | ||
- name: Documentation | ||
url: https://aws-controllers-k8s.github.io/community/ | ||
- name: Amazon ACM PCA Developer Resources | ||
url: https://aws.amazon.com/private-ca/resources | ||
maintainers: | ||
- email: [email protected] | ||
name: acmpca maintainer team | ||
maturity: alpha | ||
provider: | ||
name: Amazon, Inc. | ||
url: https://aws.amazon.com | ||
version: 0.0.1 |
16 changes: 16 additions & 0 deletions
16
operators/ack-acmpca-controller/0.0.1/manifests/ack-acmpca-metrics-service_v1_service.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
creationTimestamp: null | ||
name: ack-acmpca-metrics-service | ||
spec: | ||
ports: | ||
- name: metricsport | ||
port: 8080 | ||
protocol: TCP | ||
targetPort: http | ||
selector: | ||
app.kubernetes.io/name: ack-acmpca-controller | ||
type: NodePort | ||
status: | ||
loadBalancer: {} |
14 changes: 14 additions & 0 deletions
14
...cmpca-controller/0.0.1/manifests/ack-acmpca-reader_rbac.authorization.k8s.io_v1_role.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: Role | ||
metadata: | ||
creationTimestamp: null | ||
name: ack-acmpca-reader | ||
rules: | ||
- apiGroups: | ||
- acmpca.services.k8s.aws | ||
resources: | ||
- certificateauthorities | ||
verbs: | ||
- get | ||
- list | ||
- watch |
26 changes: 26 additions & 0 deletions
26
...cmpca-controller/0.0.1/manifests/ack-acmpca-writer_rbac.authorization.k8s.io_v1_role.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: Role | ||
metadata: | ||
creationTimestamp: null | ||
name: ack-acmpca-writer | ||
rules: | ||
- apiGroups: | ||
- acmpca.services.k8s.aws | ||
resources: | ||
- certificateauthorities | ||
verbs: | ||
- create | ||
- delete | ||
- get | ||
- list | ||
- patch | ||
- update | ||
- watch | ||
- apiGroups: | ||
- acmpca.services.k8s.aws | ||
resources: | ||
- certificateauthorities | ||
verbs: | ||
- get | ||
- patch | ||
- update |
Oops, something went wrong.