Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

operator ibm-security-verify-access-operator (24.12.0) #5464

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,276 @@
apiVersion: operators.coreos.com/v1alpha1
kind: ClusterServiceVersion
metadata:
annotations:
alm-examples: |-
[
{
"apiVersion": "ibm.com/v1",
"kind": "IBMSecurityVerifyAccess",
"metadata": {
"name": "ivia-sample"
},
"spec": {
"image": "icr.io/ivia/ivia-wrp:11.0.0.0",
"instance": "default"
}
}
]
capabilities: Seamless Upgrades
categories: Security
certified: "false"
containerImage: icr.io/isva/verify-access-operator:24.12.0
createdAt: "2024-12-19T23:41:49Z"
description: The IBM Verify Identity Access Operator manages the lifecycle of
IBM Verify Identity Access worker containers.
operators.operatorframework.io/builder: operator-sdk-v1.38.0
operators.operatorframework.io/project_layout: go.kubebuilder.io/v4
repository: https://github.com/IBM-Security/verify-access-operator
support: IBM
name: ibm-security-verify-access-operator.v24.12.0
namespace: placeholder
spec:
apiservicedefinitions: {}
customresourcedefinitions:
owned:
- description: IBMSecurityVerifyAccess is the Schema for the ibmsecurityverifyaccesses
API.
displayName: IBMSecurity Verify Access
kind: IBMSecurityVerifyAccess
name: ibmsecurityverifyaccesses.ibm.com
resources:
- kind: Deployment
name: ""
version: v1
specDescriptors:
- description: The name of the IBM Security Verify Access image to be used.
displayName: Image
path: image
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- description: The name of the Verify Access instance which is being deployed. This
value is only used for WRP and DSC deployments and is ignored for Runtime
deployments.
displayName: Instance
path: instance
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- description: The number of pods which will be started for the deployment.
displayName: Replicas
path: replicas
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:number
- description: A boolean flag which indicates whether the deployment should
be automatically restarted when a new snapshot is published.
displayName: Auto Restart
path: autoRestart
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
statusDescriptors:
- description: The list of status conditions associated with the custom resource.
displayName: Conditions
path: conditions
x-descriptors:
- urn:alm:descriptor:io.kubernetes.conditions
version: v1
description: |+
In a world of highly fragmented access management environments, [IBM Verify Identity Access](https://www.ibm.com/au-en/products/verify-access) helps you simplify your users' access while more securely adopting web, mobile and cloud technologies. This solution helps you strike a balance between usability and security through the use of risk-based access, single sign-on, integrated access management control, identity federation and its mobile multi-factor authentication capability, IBM Verify. Take back control of your access management with IBM Verify Identity Access.

The IBM Verify Identity Access operator provides lifecycle management of the lightweight containers which are used to protect an environment, namely:
* [Web Reverse Proxy](https://www.ibm.com/docs/en/sva/latest?topic=support-docker-image-verify-access-web-reverse-proxy)
* [Runtime](https://www.ibm.com/docs/en/sva/latest?topic=support-docker-image-verify-access-runtime)
* [Distributed Session Cache](https://www.ibm.com/docs/en/sva/latest?topic=support-docker-image-verify-access-distributed-session-cache)

The operator will manage the deployment of these lightweight IBM Verify Identity Access worker containers, and also control the rolling restart of these containers when a configuration snapshot is updated.

See the project [Readme](https://github.com/IBM-Security/verify-access-operator/blob/master/README.md) for further information and details.

displayName: IBM Verify Identity Access Operator
icon:
- base64data: iVBORw0KGgoAAAANSUhEUgAAAKAAAACgCAQAAAAhxq+mAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAAAmJLR0QA/4ePzL8AAAAHdElNRQfkAQYXFCksf3+UAAAMEElEQVR42u2ce3RUxRnAf7shT5JAwjvySIKCEKyICgkqCLYKiGBQq6eCini0qBWOeny02sfpMaBWlP6DQm2PwPFUK68KBDiAFTShPJUQIDwEEkASCQnkzSbZ/pHL7N27d3fv3t3sTZf5zT+TzHxzZ76dO49vvjsgkUgkEolEIpFIJBKJRCKRSCQSiUQikUgkEolEIpFIJBKJJNKwWfz8KNK4iQySucw5DnCI+pBLRCx2sphPEVU046SVek6zhgdICqFEBBPDDA7SilMTLvER6SGSiGA68QI/eaiiLbSwlmtDIBHRPEi5F2U4cdLKMlKDlggLUZaoL533GaTEmyliFRspJobu2AGwMYhS9gQlEdHMoVnpORfJI4NoIJoM8rgo+lQBPYOSiGAS2ao0uZk84lUp8eQJRVVzfxASEc0NnFKa/B2ZmrRMvhM96k9BSIQNe/gfST8SlVgBZZq0MgpV+eJMS4QNKxSYQCclVolDk+bgvE6+wCXChhUKrKdZiXUjWpMWTXedfIFLhA0rFFhGrRIbTT9NWj9yRPw0jaYlwoYVCjzBcSU2jKc0c+pTDFPiF9kXhESE476qywx4HWhEIkxYY85K53NuVeLNFFPIebqTQ5aYBBqZw+KgJCKchwLe2QYuEdH4tq2sC9gas+5qs8Z4t+7VsJiMEElEOHaG8TYHqKJFZV9+0KdFOlCJdsf6M5FrVCccRYbORAKVkEgkEkk7Eb5JxE5vrmWn3+2+jWhSyaAv3UkiFmiihp84w0kqceD0Ix/HSI5xjtbwNCs89rNEbmACU9jIDp/5ujGUUdzGYLqSSJwwXTlooI5qSihgBwep9FFGK5OYwJfkU0RNeJTYnnSiPzNZwY84ucAkr/miyGQuGznvY7vWFirZyFwyfZwnTuICTs6xkifpH34Ta+hIZBzzKaJBafpWr7vVTF7nAJf9Ku9KuEwxv/W6+0gVR1ANHOAdxv//uX7EcB1Ps45zqkY386Ju3iRmsFMYq4yHZnYyw4tqXnQrr5x8nmEQsVarxRjJ3MNCDuHQNPgkWTq5M/iQmoCV59oFf6jbD7M4qcnpoIS/MoEulu+9fBBDFs+zxcs4tsTjxMzGKL4y0ffc++FXjPJQShxLvIyfW3mBYR2vL9rpxmSWcIQWLw3VO/S+i6KglHclFHGXR9n3U+3V9HWUvzFFOIVYTjTDeZntKtO6XviWbhq5sRSHRH1OnBQzVlN6Nwp8SlziG15hBDFWqs5OH6axjB90XsNGDrKCCvH3axrZEewLmfqcONnHCM0TXhNp5azgII06ffEEy3mAtGD6otlVUiw/YyITudHtjAzASTUFrCOf0UxQ/lfKJk2uLqxhDf52FUaxAV00/9vEs8oRaGdWUMAkJjGarqrx0k466UyjiPXksz9cR6J2BvAIn1Om2+++ZwFjSAESWC7+v9xDze1PvOr5y0gAUhjDAr7X6YvNlPEvfkV6+46LNhLJYR67dKtQziqeIEP8wsM5raTV8nDY1QfwMLVKDU5zo2hDBk+wknKdn7+JPbzNaJLaY6ljI5OZrNJ9cCO7mEc2iW4PfkPk3E1vSxTYm93i5/2dW1sSyfbSEVqoYA2zGBi6vmgjhbG876Xrl/IZjzDA43FpbBe5fm/RgsHOH0QdttHHI3UAj/AZpR5LfidN7Gch40gNti/aSedZ1lGlcxZWTyFvcouXRekU6pR8ZSrflXCTQ5lSizqm6OaI5RbepJB6j/a1Uk0+z5Fh/ufvz6vs1+13x1lKLn28Fh3N30XuLyyYQK4QzwpRj489/LquYCeNXC/LsSaKeI0BgT86msls1ynwItt4ieFeK9PGMH4QFZhumfoAptOk1OS47l5c3WJvG4JmtjPZT4s1JPKyhyNFC0dYzGS6GejSL4lx5Tszv14IGSAcgB1erEFq2raki3W2pOW8LLxk/ZLMW2IB0BbOs5nnyTK48enJFiE5z6IPKa4QxXxRl830MCTTZhTZrDGK1PIWyZ6ZPWeZOF7hdZXlpJzVrGQHlwxX+h6+UH6tcn7JNlVKPNO5JmT7Dz1snGE5Dar/jOFzegFQywMeOyLvJJNDLlNVS7AG8viL//3K41wQWnewjnEBOm5H8aGQX0tnt7SeHA7Bvtd3OKzxEuzMWpG2KMD3IY47WauylF9ghj+RG1U2kno+MLEEHsIhof4nNWm9KW13BZZ61HmWmAwPcX3A7enFe2JJ5qSIG3xlTuAjVe9719RZwmxR3SKu06T14Wy7K/Csx5J5kLA7OphtokWJzBNzuZNFvpZldwoPvFb+qfJ+N05XNohHLfSYr61RYBQLRWo+XU20KpWlYitR4WF7VD3I1f9KxPY7MMaJEfQC4z1SrVEg3KWq1Z2m2jWUA6o+qOoY6j5yHXcosVY+Yb+Jx9iZSooS38VeU1VtD/awS4mlMNXU1uwg/6BFiY9Re8OqCxvBQCV2jNWYWWwMFL2uhTVUW6cxDdX8WzR/vMfXdsb4ksOilSrrt0uBnRguFsqFHDX1kNsZosSO8R+rtKXLVxxTYkO53VQJx/lWicVyk2s55FJgPEOV2GV2enyRZoQEcsURwdeUWKowLSV8rcQ6kUuCiRJaVI5RQ1wluM5EYumrxOo5ZKqSN4svOWpZJV4ZNbW8R5KpwcEoNmrEZ2HuzV/No8qyfiQj+MZE2YeoVzYV/Yj1dFzqLb7JrRAvYiDYyRPz1JYO+O14T+Ex4+QtUxPJQOGqctK1WHcVZBMGm1aaTBTfj4lKrJl8KqzWlwcV5Iu3YoJ42wKhSfgcRrtsCC4FOoXa7KbGiNvFGFrGBouVpc8GSpVYFreZkI8X2mpyDUMuBTqE22IMaQEXHkeumMM72gRyhcPCMhRLrolv2/uIFqo++3YpsEn8Pgl+bLd6DGekEqtntak5vP1xsFp8U5JtYqeVJd7MUtcg51JgPcVKLJqRAf4+dn4hPoTeK1b9HY+d4ovifvw8wBO3GEaJA7Ri18c9LgW2sk/8O0eMZ8bozVQl1sImzlqtJ6+cZZOYCKYGaKobLMbNOvbpu7Cnqy4QmR/QRP9rcXZ3huFWa8knN3FGqWkDzwQgZ+OPwh6zz9s5j413hQJPMcZw4dezV8gttfAQ0wgJLBN13c1gw3LZHBdy76hffvdx4FZWihXSZmaJacUXXVggLM+VPMZ6H3mTeDoMO5HFPj9vuJelwtn9Y17iooFS01jMvUq8jGns9pYxhnfEgV4Ly3Usa1qSyRNe+E4+8bOCtMoeqKazqg82kGfA6t6DJcLK3sLbvs8mB7JDFO/gC4b4nKvSWKhyiijhFj9V6QgKhFs5KnLX84HPVa+NgSxXGfQLhcnPK/epGtnKXmZ4uC62EcdENqocc6qZ6Xfi6RgKtDNL5UHtYBMTvYzciTxEocov6Cz3+VMfRPOc6mDTySXWM5PBpCiWmyiSyWQan6oceJ3U8aaBtWPHUCDE8UfVSZuTCj5lGpkkK3a+KLpwLY+ymipVrkpmezp46L2gsczmDTencAdnOMApqoAk+pJFhptXVh0LeNfAl2l92GOgecHxIzfzo99cSbzKXLdT6yZOUMxpLgFd6M8w+ruNdpX8mUVcNlaJWB7jmOHf/DRzDPqNdJQeCJDIXOFD6z8cZUZgX5fYyWaljtecNjSwmbsNn/d3JAVCJ+5mi477njbUsYJRZiyIqTzBFrexwj00UsBv6BnAntIazwTv2OjFCxSqZlltqGULj/u60sdf43uRzQRy6EUy8dgAJ43U8BO7WU8BZwhkWdyTbQGs/s1xhDsCMufa6MttTORmepBEHDaglQZqOEchG9jhuzQjvSeKVAaTTk86A/Wc5xQlnDdhtLLCO8sY0fRgEOl0Jx4ndVRwkhKqdE92JBKJRCKRSCQSSbBYdQnIOMZCyPYkNmAbWy1qiyWMUJ3khSJ43pkQ8YxVuW0HG4q9e85HMuPZHxL16d0bc1XQfjcXXUVksKgd7s66qkhiOv/VubfAf9/zfnvbVUdGSO8PvCqJIpM5bAjJDZZhpWMNv6kMJZvRDCaFzsRr7lCt4oiBO1TDTMdSYFuN2m7xvYYemlt8T3DBwC2+EolEIpFIJBKJRCKRSCQSiUQikUgkEolEIpFIJBKJRCKRSCRB8j/lg3vQkTaFgwAAACV0RVh0ZGF0ZTpjcmVhdGUAMjAyMC0wMS0wNlQyMzoyMDo0MS0wNTowME+diI0AAAAldEVYdGRhdGU6bW9kaWZ5ADIwMjAtMDEtMDZUMjM6MjA6NDEtMDU6MDA+wDAxAAAAAElFTkSuQmCC
mediatype: image/png
install:
spec:
clusterPermissions:
- rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ibm.com
resources:
- ibmsecurityverifyaccesses
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ibm.com
resources:
- ibmsecurityverifyaccesses/finalizers
verbs:
- update
- apiGroups:
- ibm.com
resources:
- ibmsecurityverifyaccesses/status
verbs:
- get
- patch
- update
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
serviceAccountName: verify-access-operator-controller-manager
deployments:
- label:
control-plane: controller-manager
name: verify-access-operator-controller-manager
spec:
replicas: 1
selector:
matchLabels:
control-plane: controller-manager
strategy: {}
template:
metadata:
labels:
control-plane: controller-manager
spec:
containers:
- args:
- --metrics-bind-address=:8443
- --leader-elect
command:
- /manager
image: icr.io/isva/verify-access-operator:24.12.0
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
name: manager
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 200m
memory: 500Mi
requests:
cpu: 100m
memory: 20Mi
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true
serviceAccountName: verify-access-operator-controller-manager
terminationGracePeriodSeconds: 10
permissions:
- rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
serviceAccountName: verify-access-operator-controller-manager
strategy: deployment
installModes:
- supported: false
type: OwnNamespace
- supported: false
type: SingleNamespace
- supported: false
type: MultiNamespace
- supported: true
type: AllNamespaces
keywords:
- identity and access
- security
links:
- name: Verify Identity Access Product Information
url: https://www.ibm.com/au-en/products/verify-access
- name: Verify Identity Access Documentation
url: https://www.ibm.com/docs/en/sva
maintainers:
- email: [email protected]
name: Verify Identity Access Development Team
maturity: stable
minKubeVersion: 1.17.0
provider:
name: IBM
url: https://www.ibm.com
version: 24.12.0
replaces: ibm-security-verify-access-operator.v24.12.0
Loading
Loading