From f89ea037c2d3dfc60362b241e3d277a5d40353a0 Mon Sep 17 00:00:00 2001 From: Varad Ahirwadkar Date: Mon, 4 Nov 2024 13:05:56 +0530 Subject: [PATCH] Adding RSCT Operator 0.0.1 Signed-off-by: Varad Ahirwadkar --- operators/rsct-operator/0.0.1/Dockerfile | 15 + ...er-manager-metrics-service_v1_service.yaml | 23 ++ ...-operator-manager-config_v1_configmap.yaml | 17 ++ ...c.authorization.k8s.io_v1_clusterrole.yaml | 17 ++ ...rization.k8s.io_v1_clusterrolebinding.yaml | 13 + .../rsct-operator.clusterserviceversion.yaml | 284 ++++++++++++++++++ .../0.0.1/manifests/rsct.ibm.com_rscts.yaml | 65 ++++ .../0.0.1/metadata/annotations.yaml | 10 + operators/rsct-operator/ci.yaml | 5 + 9 files changed, 449 insertions(+) create mode 100644 operators/rsct-operator/0.0.1/Dockerfile create mode 100644 operators/rsct-operator/0.0.1/manifests/rsct-operator-controller-manager-metrics-service_v1_service.yaml create mode 100644 operators/rsct-operator/0.0.1/manifests/rsct-operator-manager-config_v1_configmap.yaml create mode 100644 operators/rsct-operator/0.0.1/manifests/rsct-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml create mode 100644 operators/rsct-operator/0.0.1/manifests/rsct-operator-privileged_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml create mode 100644 operators/rsct-operator/0.0.1/manifests/rsct-operator.clusterserviceversion.yaml create mode 100644 operators/rsct-operator/0.0.1/manifests/rsct.ibm.com_rscts.yaml create mode 100644 operators/rsct-operator/0.0.1/metadata/annotations.yaml create mode 100644 operators/rsct-operator/ci.yaml diff --git a/operators/rsct-operator/0.0.1/Dockerfile b/operators/rsct-operator/0.0.1/Dockerfile new file mode 100644 index 00000000000..15318fe2305 --- /dev/null +++ b/operators/rsct-operator/0.0.1/Dockerfile @@ -0,0 +1,15 @@ +FROM scratch + +# Core bundle labels. +LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 +LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ +LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ +LABEL operators.operatorframework.io.bundle.package.v1=rsct-operator +LABEL operators.operatorframework.io.bundle.channels.v1=alpha +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.34.1 +LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 +LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v4 + +# Copy files to locations specified by labels. +COPY bundle/manifests /manifests/ +COPY bundle/metadata /metadata/ diff --git a/operators/rsct-operator/0.0.1/manifests/rsct-operator-controller-manager-metrics-service_v1_service.yaml b/operators/rsct-operator/0.0.1/manifests/rsct-operator-controller-manager-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..631ecbccc8c --- /dev/null +++ b/operators/rsct-operator/0.0.1/manifests/rsct-operator-controller-manager-metrics-service_v1_service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: rsct-operator + app.kubernetes.io/instance: controller-manager-metrics-service + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: service + app.kubernetes.io/part-of: rsct-operator + control-plane: controller-manager + name: rsct-operator-controller-manager-metrics-service +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/rsct-operator/0.0.1/manifests/rsct-operator-manager-config_v1_configmap.yaml b/operators/rsct-operator/0.0.1/manifests/rsct-operator-manager-config_v1_configmap.yaml new file mode 100644 index 00000000000..457215cb6fa --- /dev/null +++ b/operators/rsct-operator/0.0.1/manifests/rsct-operator-manager-config_v1_configmap.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +data: + controller_manager_config.yaml: | + apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 + kind: ControllerManagerConfig + health: + healthProbeBindAddress: :8081 + metrics: + bindAddress: 127.0.0.1:8080 + webhook: + port: 9443 + leaderElection: + leaderElect: true + resourceName: e9c9f994.ibm.com +kind: ConfigMap +metadata: + name: rsct-operator-manager-config diff --git a/operators/rsct-operator/0.0.1/manifests/rsct-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/rsct-operator/0.0.1/manifests/rsct-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..a75d282a49e --- /dev/null +++ b/operators/rsct-operator/0.0.1/manifests/rsct-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: rsct-operator + app.kubernetes.io/instance: metrics-reader + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrole + app.kubernetes.io/part-of: rsct-operator + name: rsct-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operators/rsct-operator/0.0.1/manifests/rsct-operator-privileged_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml b/operators/rsct-operator/0.0.1/manifests/rsct-operator-privileged_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml new file mode 100644 index 00000000000..b1c6178be92 --- /dev/null +++ b/operators/rsct-operator/0.0.1/manifests/rsct-operator-privileged_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + name: rsct-operator-privileged +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:openshift:scc:privileged +subjects: +- kind: ServiceAccount + name: rsct + namespace: rsct-operator-system diff --git a/operators/rsct-operator/0.0.1/manifests/rsct-operator.clusterserviceversion.yaml b/operators/rsct-operator/0.0.1/manifests/rsct-operator.clusterserviceversion.yaml new file mode 100644 index 00000000000..5abed253715 --- /dev/null +++ b/operators/rsct-operator/0.0.1/manifests/rsct-operator.clusterserviceversion.yaml @@ -0,0 +1,284 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "rsct.ibm.com/v1alpha1", + "kind": "RSCT", + "metadata": { + "labels": { + "app.kubernetes.io/created-by": "rsct-operator", + "app.kubernetes.io/instance": "rsct", + "app.kubernetes.io/managed-by": "kustomize", + "app.kubernetes.io/name": "rsct", + "app.kubernetes.io/part-of": "rsct-operator" + }, + "name": "rsct", + "namespace": "rsct-operator-system" + }, + "spec": {} + } + ] + capabilities: Basic Install + categories: OpenShift Optional + containerImage: ghcr.io/ocp-power-automation/rsct-operator:latest + createdAt: "2024-11-18T09:20:10Z" + description: Deploys RSCT daemonset on all nodes of an OpenShift cluster + operators.operatorframework.io/builder: operator-sdk-v1.34.1 + operators.operatorframework.io/project_layout: go.kubebuilder.io/v4 + repository: https://github.com/ocp-power-automation/rsct-operator + support: IBM + labels: + operatorframework.io/arch.amd64: supported + operatorframework.io/arch.ppc64le: supported + name: rsct-operator.v0.0.1 + namespace: rsct-operator-system +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: RSCT is the Schema for the rscts API + displayName: RSCT + kind: RSCT + name: rscts.rsct.ibm.com + version: v1alpha1 + description: Deploys custom resource RSCT on all nodes of an OpenShift cluster. + displayName: RSCT Operator for IBM Power Virtual Server + icon: + - base64data: PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyNTguNTEgMjU4LjUxIj48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2QxZDFkMTt9LmNscy0ye2ZpbGw6IzhkOGQ4Zjt9PC9zdHlsZT48L2RlZnM+PHRpdGxlPkFzc2V0IDQ8L3RpdGxlPjxnIGlkPSJMYXllcl8yIiBkYXRhLW5hbWU9IkxheWVyIDIiPjxnIGlkPSJMYXllcl8xLTIiIGRhdGEtbmFtZT0iTGF5ZXIgMSI+PHBhdGggY2xhc3M9ImNscy0xIiBkPSJNMTI5LjI1LDIwQTEwOS4xLDEwOS4xLDAsMCwxLDIwNi40LDIwNi40LDEwOS4xLDEwOS4xLDAsMSwxLDUyLjExLDUyLjExLDEwOC40NSwxMDguNDUsMCwwLDEsMTI5LjI1LDIwbTAtMjBoMEM1OC4xNiwwLDAsNTguMTYsMCwxMjkuMjVIMGMwLDcxLjA5LDU4LjE2LDEyOS4yNiwxMjkuMjUsMTI5LjI2aDBjNzEuMDksMCwxMjkuMjYtNTguMTcsMTI5LjI2LTEyOS4yNmgwQzI1OC41MSw1OC4xNiwyMDAuMzQsMCwxMjkuMjUsMFoiLz48cGF0aCBjbGFzcz0iY2xzLTIiIGQ9Ik0xNzcuNTQsMTAzLjQxSDE0MS42NkwxNTQuOSw2NS43NmMxLjI1LTQuNC0yLjMzLTguNzYtNy4yMS04Ljc2SDEwMi45M2E3LjMyLDcuMzIsMCwwLDAtNy40LDZsLTEwLDY5LjYxYy0uNTksNC4xNywyLjg5LDcuODksNy40LDcuODloMzYuOUwxMTUuNTUsMTk3Yy0xLjEyLDQuNDEsMi40OCw4LjU1LDcuMjQsOC41NWE3LjU4LDcuNTgsMCwwLDAsNi40Ny0zLjQ4TDE4NCwxMTMuODVDMTg2Ljg2LDEwOS4yNCwxODMuMjksMTAzLjQxLDE3Ny41NCwxMDMuNDFaIi8+PC9nPjwvZz48L3N2Zz4= + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - daemonsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rsct.ibm.com + resources: + - rscts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rsct.ibm.com + resources: + - rscts/finalizers + verbs: + - update + - apiGroups: + - rsct.ibm.com + resources: + - rscts/status + verbs: + - get + - patch + - update + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + serviceAccountName: rsct-operator-controller-manager + deployments: + - label: + app.kubernetes.io/component: manager + app.kubernetes.io/created-by: rsct-operator + app.kubernetes.io/instance: controller-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: deployment + app.kubernetes.io/part-of: rsct-operator + control-plane: controller-manager + name: rsct-operator-controller-manager + spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + strategy: {} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - ppc64le + - amd64 + - key: kubernetes.io/os + operator: In + values: + - linux + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + command: + - /manager + image: ghcr.io/ocp-power-automation/rsct-operator:latest + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + securityContext: + runAsNonRoot: true + serviceAccountName: rsct-operator-controller-manager + terminationGracePeriodSeconds: 10 + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: rsct-operator-controller-manager + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - rsct + - powervs + - ibm + - rmc + - power + links: + - name: RSCT Operator + url: https://github.com/ocp-power-automation/rsct-operator + maintainers: + - email: mjturek@us.ibm.com + name: Michael Turek + maturity: alpha + minKubeVersion: 1.25.0 + provider: + name: IBM + version: 0.0.1 diff --git a/operators/rsct-operator/0.0.1/manifests/rsct.ibm.com_rscts.yaml b/operators/rsct-operator/0.0.1/manifests/rsct.ibm.com_rscts.yaml new file mode 100644 index 00000000000..c15c7f8ae63 --- /dev/null +++ b/operators/rsct-operator/0.0.1/manifests/rsct.ibm.com_rscts.yaml @@ -0,0 +1,65 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: rscts.rsct.ibm.com +spec: + group: rsct.ibm.com + names: + kind: RSCT + listKind: RSCTList + plural: rscts + singular: rsct + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: RSCT is the Schema for the rscts API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RSCTSpec defines the desired state of RSCT + properties: + image: + default: quay.io/powercloud/rsct-ppc64le:latest + description: Image is an RSCT image + type: string + type: object + status: + description: RSCTStatus defines the observed state of RSCT + properties: + state: + description: |- + state reflects current observed state of RSCT resource + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/rsct-operator/0.0.1/metadata/annotations.yaml b/operators/rsct-operator/0.0.1/metadata/annotations.yaml new file mode 100644 index 00000000000..30fa94b9702 --- /dev/null +++ b/operators/rsct-operator/0.0.1/metadata/annotations.yaml @@ -0,0 +1,10 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: rsct-operator + operators.operatorframework.io.bundle.channels.v1: alpha + operators.operatorframework.io.metrics.builder: operator-sdk-v1.34.1 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v4 diff --git a/operators/rsct-operator/ci.yaml b/operators/rsct-operator/ci.yaml new file mode 100644 index 00000000000..eae0feea4bb --- /dev/null +++ b/operators/rsct-operator/ci.yaml @@ -0,0 +1,5 @@ +--- +# Use `replaces-mode` or `semver-mode`. Once you switch to `semver-mode`, there is no easy way back. +updateGraph: replaces-mode +reviewers: + - varad-ahirwadkar