diff --git a/operators/ibm-application-gateway-operator/23.11.0/manifests/ibm-application-gateway-operator-ctrl-mgr-metrics-service_v1_service.yaml b/operators/ibm-application-gateway-operator/23.11.0/manifests/ibm-application-gateway-operator-ctrl-mgr-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..e45cce5aa5a --- /dev/null +++ b/operators/ibm-application-gateway-operator/23.11.0/manifests/ibm-application-gateway-operator-ctrl-mgr-metrics-service_v1_service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + control-plane: controller-manager + name: ibm-application-gateway-operator-ctrl-mgr-metrics-service +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/ibm-application-gateway-operator/23.11.0/manifests/ibm-application-gateway-operator-manager-config_v1_configmap.yaml b/operators/ibm-application-gateway-operator/23.11.0/manifests/ibm-application-gateway-operator-manager-config_v1_configmap.yaml new file mode 100644 index 00000000000..483aaa23dea --- /dev/null +++ b/operators/ibm-application-gateway-operator/23.11.0/manifests/ibm-application-gateway-operator-manager-config_v1_configmap.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +data: + controller_manager_config.yaml: | + # Copyright contributors to the IBM Application Gateway Operator project + + apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 + kind: ControllerManagerConfig + health: + healthProbeBindAddress: :8081 + metrics: + bindAddress: 127.0.0.1:8080 + webhook: + port: 9443 + leaderElection: + leaderElect: true + resourceName: ibm-application-gateway-operator-lock +kind: ConfigMap +metadata: + name: ibm-application-gateway-operator-manager-config diff --git a/operators/ibm-application-gateway-operator/23.11.0/manifests/ibm-application-gateway-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/ibm-application-gateway-operator/23.11.0/manifests/ibm-application-gateway-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..7c95bcaedbf --- /dev/null +++ b/operators/ibm-application-gateway-operator/23.11.0/manifests/ibm-application-gateway-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,10 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: ibm-application-gateway-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operators/ibm-application-gateway-operator/23.11.0/manifests/ibm-application-gateway-operator-webhook-service_v1_service.yaml b/operators/ibm-application-gateway-operator/23.11.0/manifests/ibm-application-gateway-operator-webhook-service_v1_service.yaml new file mode 100644 index 00000000000..3b84c61cf31 --- /dev/null +++ b/operators/ibm-application-gateway-operator/23.11.0/manifests/ibm-application-gateway-operator-webhook-service_v1_service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + name: ibm-application-gateway-operator-webhook-service +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/ibm-application-gateway-operator/23.11.0/manifests/ibm-application-gateway-operator.clusterserviceversion.yaml b/operators/ibm-application-gateway-operator/23.11.0/manifests/ibm-application-gateway-operator.clusterserviceversion.yaml new file mode 100644 index 00000000000..ec24f49d2a0 --- /dev/null +++ b/operators/ibm-application-gateway-operator/23.11.0/manifests/ibm-application-gateway-operator.clusterserviceversion.yaml @@ -0,0 +1,403 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "ibm.com/v1", + "kind": "IBMApplicationGateway", + "metadata": { + "name": "iag-instance" + }, + "spec": { + "configuration": [ + { + "dataKey": "config", + "name": "test-config", + "type": "configmap" + }, + { + "discoveryEndpoint": "https://isam.mmfa.ibm.com/mga/sps/oauth/oauth20/metadata/test", + "postData": [ + { + "name": "redirect_uris", + "values": [ + "https://isam.mmfa.ibm.com/pkmsoidc" + ] + }, + { + "name": "client_name", + "value": "OperatorTest" + }, + { + "name": "enforce_pkce", + "value": "false" + }, + { + "name": "all_users_entitled", + "value": "true" + }, + { + "name": "consent_action", + "value": "never_prompt" + } + ], + "secret": "oidc-client", + "type": "oidc_registration" + }, + { + "headers": [ + { + "name": "Authorization", + "secretKey": "value", + "type": "secret", + "value": "githubsecret" + } + ], + "type": "web", + "url": "https://raw.github.com/ibm-security/iag-config/master/test/sample1.yaml" + }, + { + "type": "literal", + "value": "version: \"22.07\"\n\nserver:\n local_applications:\n cred_viewer:\n path_segment: creds\n enable_html: true\n\nidentity:\n oidc:\n discovery_endpoint: \"https://iag-dev.ibmcloudsecurity.com/oidc/endpoint/default/.well-known/openid-configuration\"\n client_id: 1cbfe647-9e5f-4d99-8e05-8ed1c862eb47\n client_secret: uPP8rM7N0e\n" + } + ], + "deployment": { + "image": "icr.io/ibmappgateway/ibm-application-gateway:22.07", + "imagePullPolicy": "Always", + "imagePullSecrets": [ + { + "name": "regcred" + } + ], + "lang": "C", + "livenessProbe": { + "failureThreshold": 6, + "initialDelaySeconds": 8, + "periodSeconds": 9, + "successThreshold": 7, + "timeoutSeconds": 1 + }, + "readinessProbe": { + "failureThreshold": 2, + "initialDelaySeconds": 7, + "periodSeconds": 8, + "successThreshold": 4, + "timeoutSeconds": 5 + }, + "serviceAccountName": "iag" + }, + "replicas": 1 + } + } + ] + capabilities: Seamless Upgrades + categories: Security + certified: "false" + containerImage: icr.io/ibmappgateway/ibm-application-gateway-operator:23.11.0 + createdAt: "2023-11-09T03:36:09Z" + description: The IBM Application Gateway operator manages the lifecycle of IBM + Application Gateway containers. + operators.operatorframework.io/builder: operator-sdk-v1.32.0 + operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 + repository: https://github.com/IBM-Security/ibm-application-gateway-operator + support: IBM + name: ibm-application-gateway-operator.v23.11.0 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: IBMApplicationGateway is the Schema for the ibmapplicationgateways + API + displayName: IBMApplication Gateway + kind: IBMApplicationGateway + name: ibmapplicationgateways.ibm.com + resources: + - kind: IBMApplicationGateway + name: "" + version: v1 + specDescriptors: + - description: Replicas is the number of desired replicas. Defaults to 1. + displayName: Replicas + path: replicas + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: Specification of the desired behavior of the Deployment. + displayName: Deployment + path: deployment + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: The configuration information associated with the deployed container. + displayName: Configuration + path: configuration + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + statusDescriptors: + - description: A boolean which is used to signify whether the resource has been + successfully created. + displayName: Status + path: status + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + version: v1 + description: "The [IBM Application Gateway (IAG)](https://ibm.biz/ibm-app-gateway) + image provides a containerized secure Web Reverse proxy which is designed to sit + in front of your application, seamlessly adding authentication and authorization + protection to your application.\n\nAn IAG instance deployed on Kubernetes can + be a complex deployment. In particular the configuration can be defined externally + in one or more locations, and changes to this configuration may require all instances + to be reloaded for the changes to take effect. \n\nThe internal Kubernetes deployment + controller does not have any knowledge of how an IBM Application Gateway instance + should behave when the configuration changes. As such this IBM Application Gateway + specific Kubernetes operator is available to be deployed. Once deployed the operator + can manage the lifecycle of the IBM Application Gateway instances.\n\nSee the + project [Readme](https://github.com/IBM-Security/ibm-application-gateway-operator/blob/master/README.md) + for further information and details.\n\n" + displayName: IBM Application Gateway Operator + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAAAAXNSR0IArs4c6QAAAFBlWElmTU0AKgAAAAgAAgESAAMAAAABAAEAAIdpAAQAAAABAAAAJgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAAAQKADAAQAAAABAAAAQAAAAABUjGyuAAABWWlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNi4wLjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyI+CiAgICAgICAgIDx0aWZmOk9yaWVudGF0aW9uPjE8L3RpZmY6T3JpZW50YXRpb24+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgoZXuEHAAALrUlEQVR4AdVbCWwVxxme2X2HbYQxjQi0DRTaFEFSwqGm0FwURREpl+1ADAZjsDE4RCRp0iZtFLVCadSoVSNaRBvc+MAHBZ7riyt1UUIhBJE2JYDC0aoNaghpgCSYw372e293+v3rXb/1vmv3+eFHRnqe2X9m/uPbf/45dsxZGlJNS0uOFJByGRM/6BXPf6N61LaS/PyOwVaHD6bAhoa92cLd8xDj0iohxAOQPUSX38k5P8iEWsWD3n1FRXOuDpZegwKAYbhgvAyGkeFZMQzsAv0gZ6JysIC4oQA4MNyKx6ABcUMA8Pl8w3qEezbjHK7O7ovxxq+B/lfd8u8hH6qXzVkX5+wQE6LKy4PtBQUFV8yVqSinFADDcMEYXJ2T4ZlRlKTxvQ8xoKp7iOsA1Wd0hmYiBqxC8SH8solmSX4EzENQtjLVQKQEACeGw9DKrkzpYPn8+eTmfali166sLL/6AIChODFoQAwIgFQY3oeAXhhsIJICgOZxV4B9H1G9FHrfi19MV4/1xq2GW5/tA8HexqxRHfKw15NZRzgCIGy4NsbvgdIZVsXxfAXAtJNS/iz5LaurR2kfl0RAZHYp9xPY4DkbjYdF6dCNGHEYxlQ6BcIWAE4MlzgCFes5hIiNwJW6hOGW2cO896mClaUSiLgAQKinW/XmMq4+hqge940nY/j+/ftd584FvMXFszvtQuUECCakzRlSTxteRiAW/7gA1Pl2jWFCeQOdb4/CQHP1ZAw3eFVvax3t4uxFJok3Ayy4p6yg4HOjLlFuE4h/My4/WFww/8NY/FyxKoiuKCFJlri1zWVUtSO4VWcM0NXhyjI8axYTfJmHeQ/X7mipDPLgXjtA6ENsH4A4REMD0ycFZIoRw/EzkotsMB6i5VbjorUx0z6Dsms6st17npwzp8dckXQZKKCvG0FsJmd8hkd4jyQDxMa9ew/mXA3OZVz8AfxusatPXHSiMLkmu0P/SJnxkQK8OhCVAKIZQBRV+nxfimwWSSGdSDfU0BLbdnIKAAsEMOpTlTJYBzzqL2BnPQfoB0Sdr2V5bXNzwreajG6OAUiV7cSHFi6KP/spnA8sxED4I0jWIKgBAZBe4yGpBUCstAOEEx3TCoAGQsms7uKCBW8q/mGrMN0+gjjQEBUIwe4HEBWpBiLtABhvq0QD4pEDl4e6y+IA4YGnpBQIp7OAoe8Ny/UAewBR/UjO9e4ZXMhlgok5EGgOhr1AMD6dh3gphkY11hE7PbIqlBBmVgfppgPA0N0pEB7uKQ2FxD5EaMQN++mmBcAwwQxE9rXgdJmppdgYzUO9eVbQPALxg5brjmaptMaAiooKN50bGsbGywmIlYtzD+JEaA1XWT7WT7Vo/5mlD/m/I5scNbYIG/CjO3vkKNUdqKjb0ba62ucbYYchbWyWF+a9lQAIO6y0NmkFQNsLCPZdrP5+72KeVgKirrn5VjvapwqItAKgGdq7F3BhesP4Fb9jIWlnva9ljVMgujoursYGrRQ8P7UDoNEm/QAYmvTmbgAxXQi+ySkQ5eXlQUkOHQeb6/1Zxn9KKwBuxUtL3534Wd9aUkB84fYC9A0wgweeRVTPxTK3CkPgkuV99QOidntreY1vzyhLmwE9ptUDSHM9mB3G0dXjXOV5OByoBPmixSoNCHwl2iSLAMWItakCIu0AGIYaQHR3XHicqWwBPIIONqxAYOHG70aM2JgqIG66lSAFMxj+DhZJRzOzR1bj+2IpTnnyQDNPjzoQbKrMAiXwiBrhEk2ycL4XuGk8wPAEIycgigvz3vFf+WSdHY+gWQPHf2XoH+1bhcE2Ir/pPMCqYQyPWIB25mBI64jpNDxA/+LsBei7A5354UQ3odJmj5CERDHiVRj7iQUw8uiEvMx90joEulnmKK/wVNb72p7Ytq3tK2bFYpUJiKIlC/4+emT2k3GAiNU9gp5WAOjMHhcopkGrDUFJ3QUg1tkFYtasWaFUAJFWALTX0bsXgB58GobChqAsdgOIp2p9u74a8bqiEAwgsI54AtUroyymovQKk9IPQFgXKlEwmwogXsEnOUdAYB2hKKr4J4C0/Z2RBDoFQHbJUspmDjVLwoEG90GP/5EypiQjkk1xCoSum6NDwbgA4OhJgVIhk2IeJcQdnbmZ+kYUV+XmXht9a/YLOPicB2M3ocGAgNB185gEhXQbTKT+xbgAZAjZj0nF/Kkpk8kipz+LgT3RGF6+ZP7RMSNznjaAwH7gYwvXfh5R62t7hr4sW9owXbfwbRXortkQ0TBMiOvOLpe/U2GeS/T1Uk9ZkmCRgo3aAeQEBLofxZ2BEx9duF6jslAxDjgWgWYOhhoQuDY3ySWzFQCiVlFEY2lh3jkSrenGw5cwMYwukQ1UFyslXDTU7WilBQcuSBhJvFS8OP+nxtONyrFIkjuZe5KkspVRgDDEKvDQk3DzWpi/g6vKWjy/YFQi31y8OG+t6TmiGHcIUGvOxQlkJifgd9O9nQhOKSZQVC8pyD+WKQV/qHBBMeK3EHHeIkaGZndxIX7FhfI6tC001QtddxMpspgQAKHwo+hGlyKMNDmrM/hN4+FG57aBYGwSdo1fN+lzWdfdRIosJgRAydDm1lOmrqPwNfdh03PSRXz+8tLhJ95uwqFoBQJCN+Cnjf3oCvBTvbpHrzWoCQHQ7961Gx0oh7qL6puavmymJVO+xe8fxYJSTX1j24+3NjV9zQkQdJSGN4wvRPwVyI4GRLude4MJASDDFK7u7jc1CTaFKa6FyRht7qMfYt6BcfyyEpT31Ptan3UCxIqluSc+OP3ec+i/1cyXdCWdzbRYZVsAjB2R8z4X3MzQhbe1tnZ78/hYjB3TObsTb7MPiJptLWPteMS4CXfdDlnzzfJIV9LZTItVtgUAzdFCUqv6eQFjd3AmP5fiGUHCNKYBgdtpe+t9O39S59s5LhYQJJt06O3TayLpSLrq64pYdvfRbQFArc+eOv4usi34QYaeuFiKq+6r1q9fb5uP0ZXyIXLwU3z7xxzOPsQvzLd3jzIRpJfwbzQYGpFAkEySjci/lHjpiXhs0XU1aHHzhNHX3Luhqek2EZK3Q8q9Ybq4BCbrigryGrFgMRsRbhKnRIaMHT9toiSLYqzwFuNtjkFzq14qaLTTq8fCZPsHp47+9xsTJy+CsE2g9X1URae3uUtZUrRw4UdxRParsgrqVxntoWFby4OKxOvQse8EB4p8DJWfOXvqWCMMImUdJ9tACHaa/osEMudCyG2GINIBF0SKiwrz3zBodnLHANB4bGhsXY3s1xAwNCxEXMLpzs/xXyBVA7khbhOIsNje0jU434+KHs17zakXOh67JMDLglsoYkO2P6wJH4G6X2Z2qhsHMjuQB61cuuAkprfnJYnNQWT4BWT8Bz+85KgJOvCXSSenxhM3xx5gqFBTsz9Dzrr6NPR6HjSTJ2iKnoGnvKpKnsaSgrnWk1uDha2cFlyIO7TBKcfPunvFVh1TZ1f2BrplZouhpVHSABAfOtbuFt4ViOTrzTFBlxEC7ThWjX9SmPhzINP1L7tDg6Y3jz80Xmb8YQTGR2HkJPB063y1jMY87gStz+A9tVgmB8x1TsoDAoAE0ZgdN3HqTDB6Ed5wD0jWYUWuexGB6zi84m/Yor0vKewcl1mHyiRtCElMzRQKy1FlNho7u2/Blb+DeDIZ/ehzmFVHBFl+GEx/dvb0ewdoyKBN0snKPGlGdJyNi+mPwRtKwcR8iGHlSQcfXdpPsB6tkmtX22iLTT+rm2tN9D/n8darXSrbXFiYaz01MrezXU4ZACSRDjG6mHuKLDiusuGbf+9UOVAZ5EFwd9aGc4HqLBY8RjtDkpeKNFDlouqg/SvMhcsTmCRht4Z/YhCClrd009PuiS0MFJ9j0XMSfdqZqu4ePXL4GbvL26hKxSDeEADMsrZu3T1ccQfu5EKagXH9bRg1AcbREBmGnxHYgihfAUjnAdYZxIt3BVePyEHPyWXL5l0280t1+f+5FIAxQDyRDAAAAABJRU5ErkJggg== + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ibm.com + resources: + - ibmapplicationgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ibm.com + resources: + - ibmapplicationgateways/finalizers + verbs: + - update + - apiGroups: + - ibm.com + resources: + - ibmapplicationgateways/status + verbs: + - get + - patch + - update + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + serviceAccountName: ibm-application-gateway-operator-controller-manager + deployments: + - label: + control-plane: controller-manager + name: ibm-application-gateway-operator-controller-manager + spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + strategy: {} + template: + metadata: + labels: + control-plane: controller-manager + spec: + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 250m + memory: 256Mi + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + command: + - /manager + image: icr.io/ibmappgateway/ibm-application-gateway-operator:23.11.0 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 250m + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + serviceAccountName: ibm-application-gateway-operator-controller-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: ibm-application-gateway-operator-controller-manager + strategy: deployment + installModes: + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - IBM + - Security + - Identity and Access + links: + - name: IBM Application Gateway product documentation + url: https://ibm.biz/ibm-app-gateway + maintainers: + - email: isamdev@au1.ibm.com + name: IBM Application Gateway Development Team + replaces: ibm-application-gateway-operator.v22.11.0 + maturity: stable + minKubeVersion: 1.19.0 + provider: + name: IBM + url: https://www.ibm.com + version: 23.11.0 + webhookdefinitions: + - admissionReviewVersions: + - v1 + containerPort: 443 + conversionCRDs: + - ibmapplicationgateways.ibm.com + deploymentName: ibm-application-gateway-operator-controller-manager + generateName: cibmapplicationgateways.kb.io + sideEffects: None + targetPort: 9443 + type: ConversionWebhook + webhookPath: /convert + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: ibm-application-gateway-operator-controller-manager + failurePolicy: Fail + generateName: iag.kb.io + rules: + - apiGroups: + - apps + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - deployments + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-v1-iag diff --git a/operators/ibm-application-gateway-operator/23.11.0/manifests/ibm.com_ibmapplicationgateways.yaml b/operators/ibm-application-gateway-operator/23.11.0/manifests/ibm.com_ibmapplicationgateways.yaml new file mode 100644 index 00000000000..4e98f802f95 --- /dev/null +++ b/operators/ibm-application-gateway-operator/23.11.0/manifests/ibm.com_ibmapplicationgateways.yaml @@ -0,0 +1,300 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: ibm-application-gateway-operator-system/ibm-application-gateway-operator-iag-serving-cert + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: null + name: ibmapplicationgateways.ibm.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: ibm-application-gateway-operator-webhook-service + namespace: ibm-application-gateway-operator-system + path: /convert + conversionReviewVersions: + - v1 + group: ibm.com + names: + kind: IBMApplicationGateway + listKind: IBMApplicationGatewayList + plural: ibmapplicationgateways + singular: ibmapplicationgateway + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: IBMApplicationGateway is the Schema for the ibmapplicationgateways + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IBMApplicationGatewaySpec defines the desired state of IBMApplicationGateway + properties: + configuration: + description: The configuration information associated with the deployed + container. + items: + properties: + dataKey: + description: The name of the ConfigMap key which contains the + configuration data. Used when the type is configmap. + type: string + discoveryEndpoint: + description: The OIDC discovery endpoint. Used when type is + oidc_registration. + type: string + headers: + description: Any headers which are associated with the request + which is sent to retrieve configuration data. Used when type + is web. + items: + properties: + name: + description: The name of the header which is being generated. + type: string + secretKey: + description: The name of the field within the secret which + contains the value of the header. + type: string + type: + description: The type of data which is provided for the + header. Valid values are either secret or literal. + type: string + value: + description: The value of the header which is being added. If + a literal header type is provided this field contains + the actual value of the header. If a secret header + type is provided this field contains the name of the + secret. + type: string + required: + - name + - type + - value + type: object + type: array + name: + description: The name of the configuration map to be used, when + the type is configmap. + type: string + postData: + description: The POST data which is submitted as a part of the + OIDC registration flow. Used when type is oidc_registration. + items: + properties: + name: + description: The name of the post data. + type: string + value: + description: The value of the post data. + type: string + values: + description: An array of strings which will be used as + the value of the post data. + items: + type: string + type: array + required: + - name + type: object + type: array + secret: + description: The name of the secret which contains the credential + information. Used when type is oidc_registration. + type: string + type: + description: 'The type of configuration data which is being + provided. Valid types include: configmap, oidc_registration, + web, literal.' + type: string + url: + description: The URL which is used to retrieve the configuration + data. Used when the type is web. + type: string + value: + description: The literal configuration data. Used when type + is literal. + type: string + required: + - type + type: object + type: array + deployment: + description: Specification of the desired behavior of the Deployment. + properties: + generatedConfigmapSuffix: + description: A suffix which will be appended to the ConfigMap's + which are created by the operator. + type: string + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references + to secrets in the same namespace to use for pulling any of the + images used by this PodSpec. If specified, these secrets will + be passed to individual puller implementations for them to use. + For example, in the case of docker, only DockerConfig type secrets + are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + lang: + default: C + description: The language in which log messages from the container + will be generated. + type: string + livenessProbe: + description: Periodic probe of container liveness. Container will + be restarted if the probe fails. Cannot be updated. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command is + simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is unhealthy. + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. + format: int32 + type: integer + type: object + readinessProbe: + description: Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command is + simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is unhealthy. + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. + format: int32 + type: integer + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + required: + - image + type: object + replicas: + description: Replicas is the number of desired replicas. This is a + pointer to distinguish between explicit zero and unspecified. Defaults + to 1. + format: int32 + type: integer + required: + - configuration + - deployment + type: object + status: + description: IBMApplicationGatewayStatus defines the observed state of + IBMApplicationGateway + properties: + status: + default: true + description: A boolean which is used to signify whether the resource + has been successfully created. + type: boolean + required: + - status + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ibm-application-gateway-operator/23.11.0/metadata/annotations.yaml b/operators/ibm-application-gateway-operator/23.11.0/metadata/annotations.yaml new file mode 100644 index 00000000000..2323286cb9e --- /dev/null +++ b/operators/ibm-application-gateway-operator/23.11.0/metadata/annotations.yaml @@ -0,0 +1,16 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: ibm-application-gateway-operator + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.metrics.builder: operator-sdk-v1.32.0 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ + com.redhat.openshift.versions: "v4.6" diff --git a/operators/ibm-application-gateway-operator/23.11.0/tests/scorecard/config.yaml b/operators/ibm-application-gateway-operator/23.11.0/tests/scorecard/config.yaml new file mode 100644 index 00000000000..14c9f7c3919 --- /dev/null +++ b/operators/ibm-application-gateway-operator/23.11.0/tests/scorecard/config.yaml @@ -0,0 +1,70 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.15.0 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.15.0 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.15.0 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.15.0 + labels: + suite: olm + test: olm-crds-have-resources-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.15.0 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.15.0 + labels: + suite: olm + test: olm-status-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {}