-
Notifications
You must be signed in to change notification settings - Fork 598
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
operator ibm-security-verify-access-operator (24.12.0)
- Loading branch information
1 parent
7b551c8
commit 9186bce
Showing
8 changed files
with
3,470 additions
and
0 deletions.
There are no files selected for viewing
276 changes: 276 additions & 0 deletions
276
...operator/24.12.0/manifests/ibm-security-verify-access-operator.clusterserviceversion.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,276 @@ | ||
apiVersion: operators.coreos.com/v1alpha1 | ||
kind: ClusterServiceVersion | ||
metadata: | ||
annotations: | ||
alm-examples: |- | ||
[ | ||
{ | ||
"apiVersion": "ibm.com/v1", | ||
"kind": "IBMSecurityVerifyAccess", | ||
"metadata": { | ||
"name": "ivia-sample" | ||
}, | ||
"spec": { | ||
"image": "icr.io/ivia/ivia-wrp:11.0.0.0", | ||
"instance": "default" | ||
} | ||
} | ||
] | ||
capabilities: Seamless Upgrades | ||
categories: Security | ||
certified: "false" | ||
containerImage: icr.io/isva/verify-access-operator:24.12.0 | ||
createdAt: "2024-12-19T23:41:49Z" | ||
description: The IBM Verify Identity Access Operator manages the lifecycle of | ||
IBM Verify Identity Access worker containers. | ||
operators.operatorframework.io/builder: operator-sdk-v1.38.0 | ||
operators.operatorframework.io/project_layout: go.kubebuilder.io/v4 | ||
repository: https://github.com/IBM-Security/verify-access-operator | ||
support: IBM | ||
name: ibm-security-verify-access-operator.v24.12.0 | ||
namespace: placeholder | ||
spec: | ||
apiservicedefinitions: {} | ||
customresourcedefinitions: | ||
owned: | ||
- description: IBMSecurityVerifyAccess is the Schema for the ibmsecurityverifyaccesses | ||
API. | ||
displayName: IBMSecurity Verify Access | ||
kind: IBMSecurityVerifyAccess | ||
name: ibmsecurityverifyaccesses.ibm.com | ||
resources: | ||
- kind: Deployment | ||
name: "" | ||
version: v1 | ||
specDescriptors: | ||
- description: The name of the IBM Security Verify Access image to be used. | ||
displayName: Image | ||
path: image | ||
x-descriptors: | ||
- urn:alm:descriptor:com.tectonic.ui:text | ||
- description: The name of the Verify Access instance which is being deployed. This | ||
value is only used for WRP and DSC deployments and is ignored for Runtime | ||
deployments. | ||
displayName: Instance | ||
path: instance | ||
x-descriptors: | ||
- urn:alm:descriptor:com.tectonic.ui:text | ||
- description: The number of pods which will be started for the deployment. | ||
displayName: Replicas | ||
path: replicas | ||
x-descriptors: | ||
- urn:alm:descriptor:com.tectonic.ui:number | ||
- description: A boolean flag which indicates whether the deployment should | ||
be automatically restarted when a new snapshot is published. | ||
displayName: Auto Restart | ||
path: autoRestart | ||
x-descriptors: | ||
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch | ||
statusDescriptors: | ||
- description: The list of status conditions associated with the custom resource. | ||
displayName: Conditions | ||
path: conditions | ||
x-descriptors: | ||
- urn:alm:descriptor:io.kubernetes.conditions | ||
version: v1 | ||
description: |+ | ||
In a world of highly fragmented access management environments, [IBM Verify Identity Access](https://www.ibm.com/au-en/products/verify-access) helps you simplify your users' access while more securely adopting web, mobile and cloud technologies. This solution helps you strike a balance between usability and security through the use of risk-based access, single sign-on, integrated access management control, identity federation and its mobile multi-factor authentication capability, IBM Verify. Take back control of your access management with IBM Verify Identity Access. | ||
The IBM Verify Identity Access operator provides lifecycle management of the lightweight containers which are used to protect an environment, namely: | ||
* [Web Reverse Proxy](https://www.ibm.com/docs/en/sva/latest?topic=support-docker-image-verify-access-web-reverse-proxy) | ||
* [Runtime](https://www.ibm.com/docs/en/sva/latest?topic=support-docker-image-verify-access-runtime) | ||
* [Distributed Session Cache](https://www.ibm.com/docs/en/sva/latest?topic=support-docker-image-verify-access-distributed-session-cache) | ||
The operator will manage the deployment of these lightweight IBM Verify Identity Access worker containers, and also control the rolling restart of these containers when a configuration snapshot is updated. | ||
See the project [Readme](https://github.com/IBM-Security/verify-access-operator/blob/master/README.md) for further information and details. | ||
displayName: IBM Verify Identity Access Operator | ||
icon: | ||
- base64data: iVBORw0KGgoAAAANSUhEUgAAAKAAAACgCAQAAAAhxq+mAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAAAmJLR0QA/4ePzL8AAAAHdElNRQfkAQYXFCksf3+UAAAMEElEQVR42u2ce3RUxRnAf7shT5JAwjvySIKCEKyICgkqCLYKiGBQq6eCini0qBWOeny02sfpMaBWlP6DQm2PwPFUK68KBDiAFTShPJUQIDwEEkASCQnkzSbZ/pHL7N27d3fv3t3sTZf5zT+TzHxzZ76dO49vvjsgkUgkEolEIpFIJBKJRCKRSCQSiUQikUgkEolEIpFIJBKJJNKwWfz8KNK4iQySucw5DnCI+pBLRCx2sphPEVU046SVek6zhgdICqFEBBPDDA7SilMTLvER6SGSiGA68QI/eaiiLbSwlmtDIBHRPEi5F2U4cdLKMlKDlggLUZaoL533GaTEmyliFRspJobu2AGwMYhS9gQlEdHMoVnpORfJI4NoIJoM8rgo+lQBPYOSiGAS2ao0uZk84lUp8eQJRVVzfxASEc0NnFKa/B2ZmrRMvhM96k9BSIQNe/gfST8SlVgBZZq0MgpV+eJMS4QNKxSYQCclVolDk+bgvE6+wCXChhUKrKdZiXUjWpMWTXedfIFLhA0rFFhGrRIbTT9NWj9yRPw0jaYlwoYVCjzBcSU2jKc0c+pTDFPiF9kXhESE476qywx4HWhEIkxYY85K53NuVeLNFFPIebqTQ5aYBBqZw+KgJCKchwLe2QYuEdH4tq2sC9gas+5qs8Z4t+7VsJiMEElEOHaG8TYHqKJFZV9+0KdFOlCJdsf6M5FrVCccRYbORAKVkEgkEkk7Eb5JxE5vrmWn3+2+jWhSyaAv3UkiFmiihp84w0kqceD0Ix/HSI5xjtbwNCs89rNEbmACU9jIDp/5ujGUUdzGYLqSSJwwXTlooI5qSihgBwep9FFGK5OYwJfkU0RNeJTYnnSiPzNZwY84ucAkr/miyGQuGznvY7vWFirZyFwyfZwnTuICTs6xkifpH34Ta+hIZBzzKaJBafpWr7vVTF7nAJf9Ku9KuEwxv/W6+0gVR1ANHOAdxv//uX7EcB1Ps45zqkY386Ju3iRmsFMYq4yHZnYyw4tqXnQrr5x8nmEQsVarxRjJ3MNCDuHQNPgkWTq5M/iQmoCV59oFf6jbD7M4qcnpoIS/MoEulu+9fBBDFs+zxcs4tsTjxMzGKL4y0ffc++FXjPJQShxLvIyfW3mBYR2vL9rpxmSWcIQWLw3VO/S+i6KglHclFHGXR9n3U+3V9HWUvzFFOIVYTjTDeZntKtO6XviWbhq5sRSHRH1OnBQzVlN6Nwp8SlziG15hBDFWqs5OH6axjB90XsNGDrKCCvH3axrZEewLmfqcONnHCM0TXhNp5azgII06ffEEy3mAtGD6otlVUiw/YyITudHtjAzASTUFrCOf0UxQ/lfKJk2uLqxhDf52FUaxAV00/9vEs8oRaGdWUMAkJjGarqrx0k466UyjiPXksz9cR6J2BvAIn1Om2+++ZwFjSAESWC7+v9xDze1PvOr5y0gAUhjDAr7X6YvNlPEvfkV6+46LNhLJYR67dKtQziqeIEP8wsM5raTV8nDY1QfwMLVKDU5zo2hDBk+wknKdn7+JPbzNaJLaY6ljI5OZrNJ9cCO7mEc2iW4PfkPk3E1vSxTYm93i5/2dW1sSyfbSEVqoYA2zGBi6vmgjhbG876Xrl/IZjzDA43FpbBe5fm/RgsHOH0QdttHHI3UAj/AZpR5LfidN7Gch40gNti/aSedZ1lGlcxZWTyFvcouXRekU6pR8ZSrflXCTQ5lSizqm6OaI5RbepJB6j/a1Uk0+z5Fh/ufvz6vs1+13x1lKLn28Fh3N30XuLyyYQK4QzwpRj489/LquYCeNXC/LsSaKeI0BgT86msls1ynwItt4ieFeK9PGMH4QFZhumfoAptOk1OS47l5c3WJvG4JmtjPZT4s1JPKyhyNFC0dYzGS6GejSL4lx5Tszv14IGSAcgB1erEFq2raki3W2pOW8LLxk/ZLMW2IB0BbOs5nnyTK48enJFiE5z6IPKa4QxXxRl830MCTTZhTZrDGK1PIWyZ6ZPWeZOF7hdZXlpJzVrGQHlwxX+h6+UH6tcn7JNlVKPNO5JmT7Dz1snGE5Dar/jOFzegFQywMeOyLvJJNDLlNVS7AG8viL//3K41wQWnewjnEBOm5H8aGQX0tnt7SeHA7Bvtd3OKzxEuzMWpG2KMD3IY47WauylF9ghj+RG1U2kno+MLEEHsIhof4nNWm9KW13BZZ61HmWmAwPcX3A7enFe2JJ5qSIG3xlTuAjVe9719RZwmxR3SKu06T14Wy7K/Csx5J5kLA7OphtokWJzBNzuZNFvpZldwoPvFb+qfJ+N05XNohHLfSYr61RYBQLRWo+XU20KpWlYitR4WF7VD3I1f9KxPY7MMaJEfQC4z1SrVEg3KWq1Z2m2jWUA6o+qOoY6j5yHXcosVY+Yb+Jx9iZSooS38VeU1VtD/awS4mlMNXU1uwg/6BFiY9Re8OqCxvBQCV2jNWYWWwMFL2uhTVUW6cxDdX8WzR/vMfXdsb4ksOilSrrt0uBnRguFsqFHDX1kNsZosSO8R+rtKXLVxxTYkO53VQJx/lWicVyk2s55FJgPEOV2GV2enyRZoQEcsURwdeUWKowLSV8rcQ6kUuCiRJaVI5RQ1wluM5EYumrxOo5ZKqSN4svOWpZJV4ZNbW8R5KpwcEoNmrEZ2HuzV/No8qyfiQj+MZE2YeoVzYV/Yj1dFzqLb7JrRAvYiDYyRPz1JYO+O14T+Ex4+QtUxPJQOGqctK1WHcVZBMGm1aaTBTfj4lKrJl8KqzWlwcV5Iu3YoJ42wKhSfgcRrtsCC4FOoXa7KbGiNvFGFrGBouVpc8GSpVYFreZkI8X2mpyDUMuBTqE22IMaQEXHkeumMM72gRyhcPCMhRLrolv2/uIFqo++3YpsEn8Pgl+bLd6DGekEqtntak5vP1xsFp8U5JtYqeVJd7MUtcg51JgPcVKLJqRAf4+dn4hPoTeK1b9HY+d4ovifvw8wBO3GEaJA7Ri18c9LgW2sk/8O0eMZ8bozVQl1sImzlqtJ6+cZZOYCKYGaKobLMbNOvbpu7Cnqy4QmR/QRP9rcXZ3huFWa8knN3FGqWkDzwQgZ+OPwh6zz9s5j413hQJPMcZw4dezV8gttfAQ0wgJLBN13c1gw3LZHBdy76hffvdx4FZWihXSZmaJacUXXVggLM+VPMZ6H3mTeDoMO5HFPj9vuJelwtn9Y17iooFS01jMvUq8jGns9pYxhnfEgV4Ly3Usa1qSyRNe+E4+8bOCtMoeqKazqg82kGfA6t6DJcLK3sLbvs8mB7JDFO/gC4b4nKvSWKhyiijhFj9V6QgKhFs5KnLX84HPVa+NgSxXGfQLhcnPK/epGtnKXmZ4uC62EcdENqocc6qZ6Xfi6RgKtDNL5UHtYBMTvYzciTxEocov6Cz3+VMfRPOc6mDTySXWM5PBpCiWmyiSyWQan6oceJ3U8aaBtWPHUCDE8UfVSZuTCj5lGpkkK3a+KLpwLY+ymipVrkpmezp46L2gsczmDTencAdnOMApqoAk+pJFhptXVh0LeNfAl2l92GOgecHxIzfzo99cSbzKXLdT6yZOUMxpLgFd6M8w+ruNdpX8mUVcNlaJWB7jmOHf/DRzDPqNdJQeCJDIXOFD6z8cZUZgX5fYyWaljtecNjSwmbsNn/d3JAVCJ+5mi477njbUsYJRZiyIqTzBFrexwj00UsBv6BnAntIazwTv2OjFCxSqZlltqGULj/u60sdf43uRzQRy6EUy8dgAJ43U8BO7WU8BZwhkWdyTbQGs/s1xhDsCMufa6MttTORmepBEHDaglQZqOEchG9jhuzQjvSeKVAaTTk86A/Wc5xQlnDdhtLLCO8sY0fRgEOl0Jx4ndVRwkhKqdE92JBKJRCKRSCQSSbBYdQnIOMZCyPYkNmAbWy1qiyWMUJ3khSJ43pkQ8YxVuW0HG4q9e85HMuPZHxL16d0bc1XQfjcXXUVksKgd7s66qkhiOv/VubfAf9/zfnvbVUdGSO8PvCqJIpM5bAjJDZZhpWMNv6kMJZvRDCaFzsRr7lCt4oiBO1TDTMdSYFuN2m7xvYYemlt8T3DBwC2+EolEIpFIJBKJRCKRSCQSiUQikUgkEolEIpFIJBKJRCKRSCRB8j/lg3vQkTaFgwAAACV0RVh0ZGF0ZTpjcmVhdGUAMjAyMC0wMS0wNlQyMzoyMDo0MS0wNTowME+diI0AAAAldEVYdGRhdGU6bW9kaWZ5ADIwMjAtMDEtMDZUMjM6MjA6NDEtMDU6MDA+wDAxAAAAAElFTkSuQmCC | ||
mediatype: image/png | ||
install: | ||
spec: | ||
clusterPermissions: | ||
- rules: | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- pods | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- secrets | ||
verbs: | ||
- create | ||
- delete | ||
- get | ||
- list | ||
- patch | ||
- update | ||
- watch | ||
- apiGroups: | ||
- apps | ||
resources: | ||
- deployments | ||
verbs: | ||
- create | ||
- delete | ||
- get | ||
- list | ||
- patch | ||
- update | ||
- watch | ||
- apiGroups: | ||
- ibm.com | ||
resources: | ||
- ibmsecurityverifyaccesses | ||
verbs: | ||
- create | ||
- delete | ||
- get | ||
- list | ||
- patch | ||
- update | ||
- watch | ||
- apiGroups: | ||
- ibm.com | ||
resources: | ||
- ibmsecurityverifyaccesses/finalizers | ||
verbs: | ||
- update | ||
- apiGroups: | ||
- ibm.com | ||
resources: | ||
- ibmsecurityverifyaccesses/status | ||
verbs: | ||
- get | ||
- patch | ||
- update | ||
- apiGroups: | ||
- authentication.k8s.io | ||
resources: | ||
- tokenreviews | ||
verbs: | ||
- create | ||
- apiGroups: | ||
- authorization.k8s.io | ||
resources: | ||
- subjectaccessreviews | ||
verbs: | ||
- create | ||
serviceAccountName: verify-access-operator-controller-manager | ||
deployments: | ||
- label: | ||
control-plane: controller-manager | ||
name: verify-access-operator-controller-manager | ||
spec: | ||
replicas: 1 | ||
selector: | ||
matchLabels: | ||
control-plane: controller-manager | ||
strategy: {} | ||
template: | ||
metadata: | ||
labels: | ||
control-plane: controller-manager | ||
spec: | ||
containers: | ||
- args: | ||
- --metrics-bind-address=:8443 | ||
- --leader-elect | ||
command: | ||
- /manager | ||
image: icr.io/isva/verify-access-operator:24.12.0 | ||
livenessProbe: | ||
httpGet: | ||
path: /healthz | ||
port: 8081 | ||
initialDelaySeconds: 15 | ||
periodSeconds: 20 | ||
name: manager | ||
readinessProbe: | ||
httpGet: | ||
path: /readyz | ||
port: 8081 | ||
initialDelaySeconds: 5 | ||
periodSeconds: 10 | ||
resources: | ||
limits: | ||
cpu: 200m | ||
memory: 500Mi | ||
requests: | ||
cpu: 100m | ||
memory: 20Mi | ||
securityContext: | ||
allowPrivilegeEscalation: false | ||
securityContext: | ||
runAsNonRoot: true | ||
serviceAccountName: verify-access-operator-controller-manager | ||
terminationGracePeriodSeconds: 10 | ||
permissions: | ||
- rules: | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- configmaps | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
- create | ||
- update | ||
- patch | ||
- delete | ||
- apiGroups: | ||
- coordination.k8s.io | ||
resources: | ||
- leases | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
- create | ||
- update | ||
- patch | ||
- delete | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- events | ||
verbs: | ||
- create | ||
- patch | ||
serviceAccountName: verify-access-operator-controller-manager | ||
strategy: deployment | ||
installModes: | ||
- supported: false | ||
type: OwnNamespace | ||
- supported: false | ||
type: SingleNamespace | ||
- supported: false | ||
type: MultiNamespace | ||
- supported: true | ||
type: AllNamespaces | ||
keywords: | ||
- identity and access | ||
- security | ||
links: | ||
- name: Verify Identity Access Product Information | ||
url: https://www.ibm.com/au-en/products/verify-access | ||
- name: Verify Identity Access Documentation | ||
url: https://www.ibm.com/docs/en/sva | ||
maintainers: | ||
- email: [email protected] | ||
name: Verify Identity Access Development Team | ||
maturity: stable | ||
minKubeVersion: 1.17.0 | ||
provider: | ||
name: IBM | ||
url: https://www.ibm.com | ||
version: 24.12.0 | ||
replaces: ibm-security-verify-access-operator.v24.4.0 |
Oops, something went wrong.