diff --git a/bundle/manifests/authorino-operator.clusterserviceversion.yaml b/bundle/manifests/authorino-operator.clusterserviceversion.yaml index 4eeb2fe5..4e717c4e 100644 --- a/bundle/manifests/authorino-operator.clusterserviceversion.yaml +++ b/bundle/manifests/authorino-operator.clusterserviceversion.yaml @@ -83,7 +83,7 @@ metadata: capabilities: Basic Install categories: Integration & Delivery containerImage: quay.io/kuadrant/authorino-operator:latest - createdAt: "2024-09-25T08:04:12Z" + createdAt: "2024-09-25T08:34:20Z" operators.operatorframework.io/builder: operator-sdk-v1.32.0 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: https://github.com/Kuadrant/authorino-operator diff --git a/charts/authorino-operator/templates/manifests.yaml b/charts/authorino-operator/templates/manifests.yaml index 4e2c1c4d..a704d70a 100644 --- a/charts/authorino-operator/templates/manifests.yaml +++ b/charts/authorino-operator/templates/manifests.yaml @@ -1,15 +1,8 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - control-plane: authorino-operator - name: authorino-operator ---- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cert-manager.io/inject-ca-from: authorino-operator/authorino-webhook-server-cert + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/authorino-webhook-server-cert' controller-gen.kubebuilder.io/version: v0.15.0 name: authconfigs.authorino.kuadrant.io spec: @@ -19,7 +12,7 @@ spec: clientConfig: service: name: authorino-webhooks - namespace: authorino-operator + namespace: '{{ .Release.Namespace }}' path: /convert conversionReviewVersions: - v1beta1 @@ -5251,13 +5244,13 @@ apiVersion: v1 kind: ServiceAccount metadata: name: authorino-operator - namespace: authorino-operator + namespace: '{{ .Release.Namespace }}' --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: authorino-operator-leader-election - namespace: authorino-operator + namespace: '{{ .Release.Namespace }}' rules: - apiGroups: - "" @@ -5628,7 +5621,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: authorino-operator-leader-election - namespace: authorino-operator + namespace: '{{ .Release.Namespace }}' roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -5636,7 +5629,7 @@ roleRef: subjects: - kind: ServiceAccount name: authorino-operator - namespace: authorino-operator + namespace: '{{ .Release.Namespace }}' --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -5645,7 +5638,7 @@ metadata: app: authorino authorino-component: authorino-webhooks name: authorino-webhooks-manager - namespace: authorino-operator + namespace: '{{ .Release.Namespace }}' roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -5653,7 +5646,7 @@ roleRef: subjects: - kind: ServiceAccount name: default - namespace: authorino-operator + namespace: '{{ .Release.Namespace }}' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -5666,7 +5659,7 @@ roleRef: subjects: - kind: ServiceAccount name: authorino-operator - namespace: authorino-operator + namespace: '{{ .Release.Namespace }}' --- apiVersion: v1 data: @@ -5685,7 +5678,7 @@ data: kind: ConfigMap metadata: name: manager-config - namespace: authorino-operator + namespace: '{{ .Release.Namespace }}' --- apiVersion: v1 kind: Service @@ -5693,7 +5686,7 @@ metadata: labels: control-plane: authorino-operator name: authorino-operator-metrics - namespace: authorino-operator + namespace: '{{ .Release.Namespace }}' spec: ports: - name: metrics @@ -5709,7 +5702,7 @@ metadata: app: authorino authorino-component: authorino-webhooks name: authorino-webhooks - namespace: authorino-operator + namespace: '{{ .Release.Namespace }}' spec: ports: - port: 443 @@ -5725,7 +5718,7 @@ metadata: labels: control-plane: authorino-operator name: authorino-operator - namespace: authorino-operator + namespace: '{{ .Release.Namespace }}' spec: replicas: 1 selector: @@ -5785,7 +5778,7 @@ metadata: app: authorino authorino-component: authorino-webhooks name: authorino-webhooks - namespace: authorino-operator + namespace: '{{ .Release.Namespace }}' spec: selector: matchLabels: @@ -5828,11 +5821,11 @@ metadata: app: authorino authorino-component: authorino-webhooks name: authorino-webhook-server-cert - namespace: authorino-operator + namespace: '{{ .Release.Namespace }}' spec: dnsNames: - - authorino-webhooks.authorino-operator.svc - - authorino-webhooks.authorino-operator.svc.cluster.local + - authorino-webhooks.{{ .Release.Namespace }}.svc + - authorino-webhooks.{{ .Release.Namespace }}.svc.cluster.local issuerRef: kind: Issuer name: authorino-webhooks-ca @@ -5845,6 +5838,6 @@ metadata: app: authorino authorino-component: authorino-webhooks name: authorino-webhooks-ca - namespace: authorino-operator + namespace: '{{ .Release.Namespace }}' spec: selfSigned: {} diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index d0c24e74..f64df915 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -1,69 +1,7 @@ -# Adds namespace to all resources. +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization namespace: authorino-operator - -# Value of this field is prepended to the -# names of all resources, e.g. a deployment named -# "wordpress" becomes "alices-wordpress". -# Note that it should also match with the prefix (text before '-') of the namespace -# field above. -#namePrefix: authorino-operator- - -# Labels to add to all resources and selectors. -#commonLabels: -# someName: someValue - -bases: +resources: - ../crd - ../rbac - ../manager -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- ../webhook -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. -#- ../certmanager -# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. -#- ../prometheus - -patchesStrategicMerge: -# Mount the controller config file for loading manager configurations -# through a ComponentConfig type -#- manager_config_patch.yaml - -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- manager_webhook_patch.yaml - -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. -# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. -# 'CERTMANAGER' needs to be enabled to use ca injection -#- webhookcainjection_patch.yaml - -# the following config is for teaching kustomize how to do var substitution -vars: -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. -#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -# fieldref: -# fieldpath: metadata.namespace -#- name: CERTIFICATE_NAME -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -#- name: SERVICE_NAMESPACE # namespace of the service -# objref: -# kind: Service -# version: v1 -# name: webhook-service -# fieldref: -# fieldpath: metadata.namespace -#- name: SERVICE_NAME -# objref: -# kind: Service -# version: v1 -# name: webhook-service diff --git a/config/deploy/kustomization.yaml b/config/deploy/kustomization.yaml index e46bfb22..27e49116 100644 --- a/config/deploy/kustomization.yaml +++ b/config/deploy/kustomization.yaml @@ -1,3 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: authorino-operator resources: + - namespace.yaml - ../authorino - ../default diff --git a/config/deploy/namespace.yaml b/config/deploy/namespace.yaml new file mode 100644 index 00000000..02306111 --- /dev/null +++ b/config/deploy/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: authorino-operator + name: system diff --git a/config/helm/kustomization.yaml b/config/helm/kustomization.yaml index e46bfb22..13f0acb6 100644 --- a/config/helm/kustomization.yaml +++ b/config/helm/kustomization.yaml @@ -1,3 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: authorino-operator resources: - - ../authorino - - ../default +- ../authorino +- ../default diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 6ae3166e..1dc87779 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -1,10 +1,3 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - control-plane: authorino-operator - name: system ---- apiVersion: apps/v1 kind: Deployment metadata: diff --git a/make/helm.mk b/make/helm.mk index 2b189b7a..2c119d67 100644 --- a/make/helm.mk +++ b/make/helm.mk @@ -3,12 +3,16 @@ .PHONY: helm-build helm-build: $(YQ) kustomize manifests ## Build the helm chart from kustomize manifests # Replace the controller image + cd config/helm && $(KUSTOMIZE) edit set namespace "{{ .Release.Namespace }}" + cd config/authorino/webhook && $(KUSTOMIZE) edit set namespace "{{ .Release.Namespace }}" cd config/manager && $(KUSTOMIZE) edit set image controller=$(OPERATOR_IMAGE) # Build the helm chart templates from kustomize manifests $(KUSTOMIZE) build config/helm > charts/authorino-operator/templates/manifests.yaml V="$(BUNDLE_VERSION)" $(YQ) -i e '.version = strenv(V)' charts/authorino-operator/Chart.yaml # Roll back edit cd config/manager && $(KUSTOMIZE) edit set image controller=${DEFAULT_OPERATOR_IMAGE} + cd config/helm && $(KUSTOMIZE) edit set namespace authorino-operator + cd config/authorino/webhook && $(KUSTOMIZE) edit set namespace authorino-operator .PHONY: helm-install helm-install: $(HELM) ## Install the helm chart