From fd02c24c8a531cbe8c7a75ef71fa12245eec305f Mon Sep 17 00:00:00 2001 From: Waleed Malik Date: Thu, 20 May 2021 09:34:21 +0500 Subject: [PATCH] Update generated deployment config --- config/certmanager/certificate.yaml | 7 +- ...iraservicedesk.stakater.com_customers.yaml | 270 +++++++------- ...jiraservicedesk.stakater.com_projects.yaml | 343 +++++++++--------- config/crd/kustomization.yaml | 16 +- config/crd/kustomizeconfig.yaml | 6 +- .../crd/patches/cainjection_in_customers.yaml | 3 +- .../crd/patches/cainjection_in_projects.yaml | 3 +- config/crd/patches/webhook_in_customers.yaml | 21 +- config/crd/patches/webhook_in_projects.yaml | 21 +- config/default/kustomization.yaml | 94 ++--- config/default/manager_auth_proxy_patch.yaml | 10 +- config/default/manager_config_patch.yaml | 20 + config/default/webhookcainjection_patch.yaml | 4 +- config/manager/controller_manager_config.yaml | 11 + config/manager/kustomization.yaml | 14 +- config/manager/manager.yaml | 26 +- ...e-desk-operator.clusterserviceversion.yaml | 60 --- config/manifests/kustomization.yaml | 23 ++ config/prometheus/monitor.yaml | 4 + .../rbac/auth_proxy_client_clusterrole.yaml | 8 +- config/rbac/auth_proxy_role.yaml | 12 +- config/rbac/auth_proxy_role_binding.yaml | 2 +- config/rbac/kustomization.yaml | 6 + config/rbac/leader_election_role.yaml | 8 +- config/rbac/leader_election_role_binding.yaml | 2 +- config/rbac/role.yaml | 19 +- config/rbac/role_binding.yaml | 2 +- config/rbac/service_account.yaml | 5 + .../jiraservicedesk_v1alpha1_customer.yaml | 10 +- .../jiraservicedesk_v1alpha1_project.yaml | 12 +- config/samples/kustomization.yaml | 4 +- config/scorecard/kustomization.yaml | 2 +- config/scorecard/patches/basic.config.yaml | 2 +- config/scorecard/patches/olm.config.yaml | 10 +- config/webhook/manifests.yaml | 88 ----- 35 files changed, 538 insertions(+), 610 deletions(-) create mode 100644 config/default/manager_config_patch.yaml create mode 100644 config/manager/controller_manager_config.yaml delete mode 100644 config/manifests/bases/jira-service-desk-operator.clusterserviceversion.yaml create mode 100644 config/rbac/service_account.yaml delete mode 100644 config/webhook/manifests.yaml diff --git a/config/certmanager/certificate.yaml b/config/certmanager/certificate.yaml index 58db114..52d8661 100644 --- a/config/certmanager/certificate.yaml +++ b/config/certmanager/certificate.yaml @@ -1,8 +1,7 @@ # The following manifests contain a self-signed issuer CR and a certificate CR. # More document can be found at https://docs.cert-manager.io -# WARNING: Targets CertManager 0.11 check https://docs.cert-manager.io/en/latest/tasks/upgrading/index.html for -# breaking changes -apiVersion: cert-manager.io/v1alpha2 +# WARNING: Targets CertManager v1.0. Check https://cert-manager.io/docs/installation/upgrading/ for breaking changes. +apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: selfsigned-issuer @@ -10,7 +9,7 @@ metadata: spec: selfSigned: {} --- -apiVersion: cert-manager.io/v1alpha2 +apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml diff --git a/config/crd/bases/jiraservicedesk.stakater.com_customers.yaml b/config/crd/bases/jiraservicedesk.stakater.com_customers.yaml index 4380f54..5d442ee 100644 --- a/config/crd/bases/jiraservicedesk.stakater.com_customers.yaml +++ b/config/crd/bases/jiraservicedesk.stakater.com_customers.yaml @@ -1,10 +1,10 @@ --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.3.0 + controller-gen.kubebuilder.io/version: v0.4.1 creationTimestamp: null name: customers.jiraservicedesk.stakater.com spec: @@ -15,143 +15,143 @@ spec: plural: customers singular: customer scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Customer is the Schema for the customers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CustomerSpec defines the desired state of Customer - properties: - email: - description: Email of the customer - pattern: \S+@\S+\.\S+ - type: string - legacyCustomer: - description: LegacyCustomer is a boolean flag that represents whether - a customer is created using legacy API or not In case of a legacy - Customer, a signup link is sent to the customer email which he can - than use to signup In case of a normal Customer, no signup link is - sent to the customer. The customer than has to signup manually using - the portal If not given, default behaviour is false i.e. normal customer - type: boolean - name: - description: Name of the customer - type: string - projects: - description: List of ProjectKeys in which customer will be added - items: - type: string - minItems: 1 - type: array - required: - - email - - name - - projects - type: object - status: - description: CustomerStatus defines the observed state of Customer - properties: - associatedProjects: - description: List of ProjectKeys in which customer has bee added - items: - type: string - type: array - conditions: - description: Status conditions - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a foo's - current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // - +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating details - about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers of - specific condition types may define expected values and meanings - for this field, and whether the values are considered a guaranteed - API. The value should be a CamelCase string. This field may - not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - customerId: - description: Jira Service Desk Customer Account Id - type: string - required: - - customerId - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: Customer is the Schema for the customers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CustomerSpec defines the desired state of Customer + properties: + email: + description: Email of the customer + pattern: \S+@\S+\.\S+ + type: string + legacyCustomer: + description: LegacyCustomer is a boolean flag that represents whether + a customer is created using legacy API or not In case of a legacy + Customer, a signup link is sent to the customer email which he can + than use to signup In case of a normal Customer, no signup link + is sent to the customer. The customer than has to signup manually + using the portal If not given, default behaviour is false i.e. normal + customer + type: boolean + name: + description: Name of the customer + type: string + projects: + description: List of ProjectKeys in which customer will be added + items: + type: string + minItems: 1 + type: array + required: + - email + - name + - projects + type: object + status: + description: CustomerStatus defines the observed state of Customer + properties: + associatedProjects: + description: List of ProjectKeys in which customer has bee added + items: + type: string + type: array + conditions: + description: Status conditions + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + customerId: + description: Jira Service Desk Customer Account Id + type: string + required: + - customerId + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/config/crd/bases/jiraservicedesk.stakater.com_projects.yaml b/config/crd/bases/jiraservicedesk.stakater.com_projects.yaml index c883c4b..b62f7c4 100644 --- a/config/crd/bases/jiraservicedesk.stakater.com_projects.yaml +++ b/config/crd/bases/jiraservicedesk.stakater.com_projects.yaml @@ -1,10 +1,10 @@ --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.3.0 + controller-gen.kubebuilder.io/version: v0.4.1 creationTimestamp: null name: projects.jiraservicedesk.stakater.com spec: @@ -15,180 +15,179 @@ spec: plural: projects singular: project scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Project is the Schema for the projects API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ProjectSpec defines the desired state of Project - properties: - assigneeType: - description: Task assignee type - enum: - - PROJECT_LEAD - - UNASSIGNED - type: string - avatarId: - description: An integer value for the project's avatar. - type: integer - categoryId: - description: The ID of the project's category - type: integer - description: - description: Description for project - type: string - issueSecurityScheme: - description: The ID of the issue security scheme for the project, which - enables you to control who can and cannot view issues - type: integer - key: - description: The project key is used as the prefix of your project's - issue keys - maxLength: 10 - pattern: ^[A-Z][A-Z0-9]+$ - type: string - leadAccountId: - description: ID of project lead - maxLength: 128 - type: string - name: - description: Name of the project - type: string - notificationScheme: - description: The ID of the notification scheme for the project - type: integer - openAccess: - description: The Open Access status, which dictates who can access the - project. If set to true all customers can access the project. If false, - only customers added to project can access the project. - type: boolean - permissionScheme: - description: The ID of the permission scheme for the project - type: integer - projectTemplateKey: - description: A prebuilt configuration for a project - type: string - projectTypeKey: - description: The project type, which dictates the application-specific - feature set - enum: - - business - - service_desk - - software - type: string - url: - description: A link to information about this project, such as project - documentation - pattern: (http|ftp|https)://([a-zA-Z0-9~!@#$%^&*()_=+/?.:;',-]*)? - type: string - required: - - assigneeType - - description - - key - - leadAccountId - - name - - projectTemplateKey - - projectTypeKey - type: object - status: - description: ProjectStatus defines the observed state of Project - properties: - conditions: - description: Status conditions - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a foo's - current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // - +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating details - about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers of - specific condition types may define expected values and meanings - for this field, and whether the values are considered a guaranteed - API. The value should be a CamelCase string. This field may - not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - id: - description: Jira service desk project ID - type: string - required: - - id - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: Project is the Schema for the projects API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ProjectSpec defines the desired state of Project + properties: + assigneeType: + description: Task assignee type + enum: + - PROJECT_LEAD + - UNASSIGNED + type: string + avatarId: + description: An integer value for the project's avatar. + type: integer + categoryId: + description: The ID of the project's category + type: integer + description: + description: Description for project + type: string + issueSecurityScheme: + description: The ID of the issue security scheme for the project, + which enables you to control who can and cannot view issues + type: integer + key: + description: The project key is used as the prefix of your project's + issue keys + maxLength: 10 + pattern: ^[A-Z][A-Z0-9]+$ + type: string + leadAccountId: + description: ID of project lead + maxLength: 128 + type: string + name: + description: Name of the project + type: string + notificationScheme: + description: The ID of the notification scheme for the project + type: integer + openAccess: + description: The Open Access status, which dictates who can access + the project. If set to true all customers can access the project. + If false, only customers added to project can access the project. + type: boolean + permissionScheme: + description: The ID of the permission scheme for the project + type: integer + projectTemplateKey: + description: A prebuilt configuration for a project + type: string + projectTypeKey: + description: The project type, which dictates the application-specific + feature set + enum: + - business + - service_desk + - software + type: string + url: + description: A link to information about this project, such as project + documentation + pattern: (http|ftp|https)://([a-zA-Z0-9~!@#$%^&*()_=+/?.:;',-]*)? + type: string + required: + - assigneeType + - description + - key + - leadAccountId + - name + - projectTemplateKey + - projectTypeKey + type: object + status: + description: ProjectStatus defines the observed state of Project + properties: + conditions: + description: Status conditions + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + id: + description: Jira service desk project ID + type: string + required: + - id + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index b83afd4..bc54546 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -2,22 +2,22 @@ # since it depends on service name and namespace that are out of this kustomize package. # It should be run by config/default resources: -- bases/jiraservicedesk.stakater.com_projects.yaml - bases/jiraservicedesk.stakater.com_customers.yaml -# +kubebuilder:scaffold:crdkustomizeresource +- bases/jiraservicedesk.stakater.com_projects.yaml +#+kubebuilder:scaffold:crdkustomizeresource patchesStrategicMerge: # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. # patches here are for enabling the conversion webhook for each CRD -- patches/webhook_in_projects.yaml -- patches/webhook_in_customers.yaml -# +kubebuilder:scaffold:crdkustomizewebhookpatch +#- patches/webhook_in_customers.yaml +#- patches/webhook_in_projects.yaml +#+kubebuilder:scaffold:crdkustomizewebhookpatch # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix. # patches here are for enabling the CA injection for each CRD -- patches/cainjection_in_projects.yaml -- patches/cainjection_in_customers.yaml -# +kubebuilder:scaffold:crdkustomizecainjectionpatch +#- patches/cainjection_in_customers.yaml +#- patches/cainjection_in_projects.yaml +#+kubebuilder:scaffold:crdkustomizecainjectionpatch # the following config is for teaching kustomize how to do kustomization for CRDs. configurations: diff --git a/config/crd/kustomizeconfig.yaml b/config/crd/kustomizeconfig.yaml index 6f83d9a..ec5c150 100644 --- a/config/crd/kustomizeconfig.yaml +++ b/config/crd/kustomizeconfig.yaml @@ -4,13 +4,15 @@ nameReference: version: v1 fieldSpecs: - kind: CustomResourceDefinition + version: v1 group: apiextensions.k8s.io - path: spec/conversion/webhookClientConfig/service/name + path: spec/conversion/webhook/clientConfig/service/name namespace: - kind: CustomResourceDefinition + version: v1 group: apiextensions.k8s.io - path: spec/conversion/webhookClientConfig/service/namespace + path: spec/conversion/webhook/clientConfig/service/namespace create: false varReference: diff --git a/config/crd/patches/cainjection_in_customers.yaml b/config/crd/patches/cainjection_in_customers.yaml index 0f1c9bb..a590f57 100644 --- a/config/crd/patches/cainjection_in_customers.yaml +++ b/config/crd/patches/cainjection_in_customers.yaml @@ -1,6 +1,5 @@ # The following patch adds a directive for certmanager to inject CA into the CRD -# CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: diff --git a/config/crd/patches/cainjection_in_projects.yaml b/config/crd/patches/cainjection_in_projects.yaml index b3d6a2b..adaa44d 100644 --- a/config/crd/patches/cainjection_in_projects.yaml +++ b/config/crd/patches/cainjection_in_projects.yaml @@ -1,6 +1,5 @@ # The following patch adds a directive for certmanager to inject CA into the CRD -# CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: diff --git a/config/crd/patches/webhook_in_customers.yaml b/config/crd/patches/webhook_in_customers.yaml index 8676ba3..7768df8 100644 --- a/config/crd/patches/webhook_in_customers.yaml +++ b/config/crd/patches/webhook_in_customers.yaml @@ -1,19 +1,14 @@ -# The following patch enables conversion webhook for CRD -# CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +# The following patch enables a conversion webhook for the CRD +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: customers.jiraservicedesk.stakater.com spec: - preserveUnknownFields: false conversion: strategy: Webhook - webhookClientConfig: - # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, - # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) - caBundle: Cg== - service: - namespace: system - name: webhook-service - path: /convert - port: 443 + webhook: + clientConfig: + service: + namespace: system + name: webhook-service + path: /convert diff --git a/config/crd/patches/webhook_in_projects.yaml b/config/crd/patches/webhook_in_projects.yaml index a08b193..a1bf412 100644 --- a/config/crd/patches/webhook_in_projects.yaml +++ b/config/crd/patches/webhook_in_projects.yaml @@ -1,19 +1,14 @@ -# The following patch enables conversion webhook for CRD -# CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +# The following patch enables a conversion webhook for the CRD +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: projects.jiraservicedesk.stakater.com spec: - preserveUnknownFields: false conversion: strategy: Webhook - webhookClientConfig: - # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, - # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) - caBundle: Cg== - service: - namespace: system - name: webhook-service - path: /convert - port: 443 + webhook: + clientConfig: + service: + namespace: system + name: webhook-service + path: /convert diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index e0c26a9..1ec357d 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -12,63 +12,63 @@ namePrefix: jira-service-desk-operator- #commonLabels: # someName: someValue -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in +bases: +- ../crd +- ../rbac +- ../manager +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml +#- ../webhook # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. -# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. +#- ../certmanager +# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. #- ../prometheus - # Protect the /metrics endpoint by putting it behind auth. - # If you want your controller-manager to expose the /metrics - # endpoint w/o any authn/z, please comment the following line. +patchesStrategicMerge: +# Protect the /metrics endpoint by putting it behind auth. +# If you want your controller-manager to expose the /metrics +# endpoint w/o any authn/z, please comment the following line. +- manager_auth_proxy_patch.yaml + +# Mount the controller config file for loading manager configurations +# through a ComponentConfig type +#- manager_config_patch.yaml - # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml +#- manager_webhook_patch.yaml # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. # Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. # 'CERTMANAGER' needs to be enabled to use ca injection -patchesStrategicMerge: -- manager_auth_proxy_patch.yaml -- manager_webhook_patch.yaml -- webhookcainjection_patch.yaml +#- webhookcainjection_patch.yaml # the following config is for teaching kustomize how to do var substitution -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. vars: -- fieldref: - fieldPath: metadata.namespace - name: CERTIFICATE_NAMESPACE - objref: - group: cert-manager.io - kind: Certificate - name: serving-cert - version: v1alpha2 -- fieldref: {} - name: CERTIFICATE_NAME - objref: - group: cert-manager.io - kind: Certificate - name: serving-cert - version: v1alpha2 -- fieldref: - fieldPath: metadata.namespace - name: SERVICE_NAMESPACE - objref: - kind: Service - name: webhook-service - version: v1 -- fieldref: {} - name: SERVICE_NAME - objref: - kind: Service - name: webhook-service - version: v1 -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- ../crd -- ../rbac -- ../manager -- ../webhook -- ../certmanager +# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. +#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR +# objref: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: serving-cert # this name should match the one in certificate.yaml +# fieldref: +# fieldpath: metadata.namespace +#- name: CERTIFICATE_NAME +# objref: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: serving-cert # this name should match the one in certificate.yaml +#- name: SERVICE_NAMESPACE # namespace of the service +# objref: +# kind: Service +# version: v1 +# name: webhook-service +# fieldref: +# fieldpath: metadata.namespace +#- name: SERVICE_NAME +# objref: +# kind: Service +# version: v1 +# name: webhook-service diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml index 0071419..a224be1 100644 --- a/config/default/manager_auth_proxy_patch.yaml +++ b/config/default/manager_auth_proxy_patch.yaml @@ -1,4 +1,4 @@ -# This patch inject a sidecar container which is a HTTP proxy for the +# This patch inject a sidecar container which is a HTTP proxy for the # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. apiVersion: apps/v1 kind: Deployment @@ -10,8 +10,7 @@ spec: spec: containers: - name: kube-rbac-proxy - # Issue: https://github.com/operator-framework/operator-sdk/issues/4813 - image: registry.redhat.io/openshift4/ose-kube-rbac-proxy:v4.7.0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 args: - "--secure-listen-address=0.0.0.0:8443" - "--upstream=http://127.0.0.1:8080/" @@ -22,5 +21,6 @@ spec: name: https - name: manager args: - - "--metrics-addr=127.0.0.1:8080" - - "--enable-leader-election" + - "--health-probe-bind-address=:8081" + - "--metrics-bind-address=127.0.0.1:8080" + - "--leader-elect" diff --git a/config/default/manager_config_patch.yaml b/config/default/manager_config_patch.yaml new file mode 100644 index 0000000..6c40015 --- /dev/null +++ b/config/default/manager_config_patch.yaml @@ -0,0 +1,20 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + args: + - "--config=controller_manager_config.yaml" + volumeMounts: + - name: manager-config + mountPath: /controller_manager_config.yaml + subPath: controller_manager_config.yaml + volumes: + - name: manager-config + configMap: + name: manager-config diff --git a/config/default/webhookcainjection_patch.yaml b/config/default/webhookcainjection_patch.yaml index 7e79bf9..02ab515 100644 --- a/config/default/webhookcainjection_patch.yaml +++ b/config/default/webhookcainjection_patch.yaml @@ -1,13 +1,13 @@ # This patch add annotation to admission webhook config and # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: name: mutating-webhook-configuration annotations: cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) --- -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: validating-webhook-configuration diff --git a/config/manager/controller_manager_config.yaml b/config/manager/controller_manager_config.yaml new file mode 100644 index 0000000..04a6f00 --- /dev/null +++ b/config/manager/controller_manager_config.yaml @@ -0,0 +1,11 @@ +apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 +kind: ControllerManagerConfig +health: + healthProbeBindAddress: :8081 +metrics: + bindAddress: 127.0.0.1:8080 +webhook: + port: 9443 +leaderElection: + leaderElect: true + resourceName: 48610e2b.stakater.com diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 28b8f5c..2bcd3ee 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -1,8 +1,10 @@ resources: - manager.yaml -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -images: -- name: controller - newName: stakater/jira-service-desk-operator - newTag: v0.0.42 + +generatorOptions: + disableNameSuffixHash: true + +configMapGenerator: +- name: manager-config + files: + - controller_manager_config.yaml diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 15e88de..79adfe7 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -22,13 +22,29 @@ spec: labels: control-plane: controller-manager spec: + securityContext: + runAsNonRoot: true containers: - command: - /manager args: - - --enable-leader-election + - --leader-elect image: controller:latest name: manager + securityContext: + allowPrivilegeEscalation: false + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 resources: limits: cpu: 100m @@ -36,11 +52,5 @@ spec: requests: cpu: 100m memory: 20Mi - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_SECRET_NAME - value: jira-service-desk-config + serviceAccountName: controller-manager terminationGracePeriodSeconds: 10 diff --git a/config/manifests/bases/jira-service-desk-operator.clusterserviceversion.yaml b/config/manifests/bases/jira-service-desk-operator.clusterserviceversion.yaml deleted file mode 100644 index 701e7e1..0000000 --- a/config/manifests/bases/jira-service-desk-operator.clusterserviceversion.yaml +++ /dev/null @@ -1,60 +0,0 @@ -apiVersion: operators.coreos.com/v1alpha1 -kind: ClusterServiceVersion -metadata: - annotations: - alm-examples: '[]' - capabilities: Basic Install - operators.operatorframework.io/builder: operator-sdk-v1.2.0 - operators.operatorframework.io/project_layout: go.kubebuilder.io/v2 - name: jira-service-desk-operator.vX.Y.Z - namespace: jira-service-desk-operator-system -spec: - apiservicedefinitions: {} - customresourcedefinitions: - owned: - - description: Project is the Schema for the projects API - displayName: Project - kind: Project - name: projects.jiraservicedesk.stakater.com - version: v1alpha1 - - description: Customer is the Schema for the customers API - displayName: Customer - kind: Customer - name: customers.jiraservicedesk.stakater.com - version: v1alpha1 - description: Kubernetes operator for Jira Service Desk - displayName: jira-service-desk-operator - icon: - - base64data: "" - mediatype: "" - install: - spec: - deployments: null - strategy: "" - installModes: - - supported: true - type: OwnNamespace - - supported: true - type: SingleNamespace - - supported: false - type: MultiNamespace - - supported: true - type: AllNamespaces - keywords: - - jira - - service - - desk - - operator - - kubernetes - - openshift - links: - - name: Jira Service Desk Operator - url: https://jira-service-desk-operator.domain - maintainers: - - email: hello@stakater.com - name: Stakater - maturity: alpha - provider: - name: stakater - url: https://stakater.com - version: 0.0.0 diff --git a/config/manifests/kustomization.yaml b/config/manifests/kustomization.yaml index 63ca74d..88dc53f 100644 --- a/config/manifests/kustomization.yaml +++ b/config/manifests/kustomization.yaml @@ -1,4 +1,27 @@ +# These resources constitute the fully configured set of manifests +# used to generate the 'manifests/' directory in a bundle. resources: +- bases/jira-service-desk-operator.clusterserviceversion.yaml - ../default - ../samples - ../scorecard + +# [WEBHOOK] To enable webhooks, uncomment all the sections with [WEBHOOK] prefix. +# Do NOT uncomment sections with prefix [CERTMANAGER], as OLM does not support cert-manager. +# These patches remove the unnecessary "cert" volume and its manager container volumeMount. +#patchesJson6902: +#- target: +# group: apps +# version: v1 +# kind: Deployment +# name: controller-manager +# namespace: system +# patch: |- +# # Remove the manager container's "cert" volumeMount, since OLM will create and mount a set of certs. +# # Update the indices in this path if adding or removing containers/volumeMounts in the manager's Deployment. +# - op: remove +# path: /spec/template/spec/containers/1/volumeMounts/0 +# # Remove the "cert" volume, since OLM will create and mount a set of certs. +# # Update the indices in this path if adding or removing volumes in the manager's Deployment. +# - op: remove +# path: /spec/template/spec/volumes/0 diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml index 9b8047b..d19136a 100644 --- a/config/prometheus/monitor.yaml +++ b/config/prometheus/monitor.yaml @@ -11,6 +11,10 @@ spec: endpoints: - path: /metrics port: https + scheme: https + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + tlsConfig: + insecureSkipVerify: true selector: matchLabels: control-plane: controller-manager diff --git a/config/rbac/auth_proxy_client_clusterrole.yaml b/config/rbac/auth_proxy_client_clusterrole.yaml index 7d62534..51a75db 100644 --- a/config/rbac/auth_proxy_client_clusterrole.yaml +++ b/config/rbac/auth_proxy_client_clusterrole.yaml @@ -1,7 +1,9 @@ -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: metrics-reader rules: -- nonResourceURLs: ["/metrics"] - verbs: ["get"] +- nonResourceURLs: + - "/metrics" + verbs: + - get diff --git a/config/rbac/auth_proxy_role.yaml b/config/rbac/auth_proxy_role.yaml index 618f5e4..80e1857 100644 --- a/config/rbac/auth_proxy_role.yaml +++ b/config/rbac/auth_proxy_role.yaml @@ -3,11 +3,15 @@ kind: ClusterRole metadata: name: proxy-role rules: -- apiGroups: ["authentication.k8s.io"] +- apiGroups: + - authentication.k8s.io resources: - tokenreviews - verbs: ["create"] -- apiGroups: ["authorization.k8s.io"] + verbs: + - create +- apiGroups: + - authorization.k8s.io resources: - subjectaccessreviews - verbs: ["create"] + verbs: + - create diff --git a/config/rbac/auth_proxy_role_binding.yaml b/config/rbac/auth_proxy_role_binding.yaml index 48ed1e4..ec7acc0 100644 --- a/config/rbac/auth_proxy_role_binding.yaml +++ b/config/rbac/auth_proxy_role_binding.yaml @@ -8,5 +8,5 @@ roleRef: name: proxy-role subjects: - kind: ServiceAccount - name: default + name: controller-manager namespace: system diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index 66c2833..731832a 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -1,4 +1,10 @@ resources: +# All RBAC will be applied under this service account in +# the deployment namespace. You may comment out this resource +# if your manager will use a service account that exists at +# runtime. Be sure to update RoleBinding and ClusterRoleBinding +# subjects if changing service account names. +- service_account.yaml - role.yaml - role_binding.yaml - leader_election_role.yaml diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml index 7dc16c4..4190ec8 100644 --- a/config/rbac/leader_election_role.yaml +++ b/config/rbac/leader_election_role.yaml @@ -17,13 +17,17 @@ rules: - patch - delete - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps/status + - leases verbs: - get + - list + - watch + - create - update - patch + - delete - apiGroups: - "" resources: diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml index eed1690..1d1321e 100644 --- a/config/rbac/leader_election_role_binding.yaml +++ b/config/rbac/leader_election_role_binding.yaml @@ -8,5 +8,5 @@ roleRef: name: leader-election-role subjects: - kind: ServiceAccount - name: default + name: controller-manager namespace: system diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 4b1e765..e666611 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -6,13 +6,6 @@ metadata: creationTimestamp: null name: manager-role rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - apiGroups: - jiraservicedesk.stakater.com resources: @@ -25,6 +18,12 @@ rules: - patch - update - watch +- apiGroups: + - jiraservicedesk.stakater.com + resources: + - customers/finalizers + verbs: + - update - apiGroups: - jiraservicedesk.stakater.com resources: @@ -45,6 +44,12 @@ rules: - patch - update - watch +- apiGroups: + - jiraservicedesk.stakater.com + resources: + - projects/finalizers + verbs: + - update - apiGroups: - jiraservicedesk.stakater.com resources: diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml index 8f26587..2070ede 100644 --- a/config/rbac/role_binding.yaml +++ b/config/rbac/role_binding.yaml @@ -8,5 +8,5 @@ roleRef: name: manager-role subjects: - kind: ServiceAccount - name: default + name: controller-manager namespace: system diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml new file mode 100644 index 0000000..7cd6025 --- /dev/null +++ b/config/rbac/service_account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller-manager + namespace: system diff --git a/config/samples/jiraservicedesk_v1alpha1_customer.yaml b/config/samples/jiraservicedesk_v1alpha1_customer.yaml index 8554fa0..2b95af8 100644 --- a/config/samples/jiraservicedesk_v1alpha1_customer.yaml +++ b/config/samples/jiraservicedesk_v1alpha1_customer.yaml @@ -1,11 +1,7 @@ apiVersion: jiraservicedesk.stakater.com/v1alpha1 kind: Customer metadata: - name: customer + name: customer-sample spec: - name: testCustomer - email: testCustomer@test.com - projects: - - KEY1 - - KEY2 - - KEY3 \ No newline at end of file + # Add fields here + foo: bar diff --git a/config/samples/jiraservicedesk_v1alpha1_project.yaml b/config/samples/jiraservicedesk_v1alpha1_project.yaml index cce4a5d..067f7c0 100644 --- a/config/samples/jiraservicedesk_v1alpha1_project.yaml +++ b/config/samples/jiraservicedesk_v1alpha1_project.yaml @@ -1,13 +1,7 @@ apiVersion: jiraservicedesk.stakater.com/v1alpha1 kind: Project metadata: - name: stakater + name: project-sample spec: - name: stakater - key: STK - projectTypeKey: service_desk - projectTemplateKey: com.atlassian.servicedesk:itil-v2-service-desk-project - description: "Sample project for jira-service-desk-operator" - assigneeType: PROJECT_LEAD - leadAccountId: 5ebfbc3ead226b0ba46c3590 - url: https://stakater.com \ No newline at end of file + # Add fields here + foo: bar diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml index 366c875..b9b94a8 100644 --- a/config/samples/kustomization.yaml +++ b/config/samples/kustomization.yaml @@ -1,3 +1,5 @@ -## This file is auto-generated, do not modify ## +## Append samples you want in your CSV to this file as resources ## resources: +- jiraservicedesk_v1alpha1_customer.yaml - jiraservicedesk_v1alpha1_project.yaml +#+kubebuilder:scaffold:manifestskustomizesamples diff --git a/config/scorecard/kustomization.yaml b/config/scorecard/kustomization.yaml index d73509e..50cd2d0 100644 --- a/config/scorecard/kustomization.yaml +++ b/config/scorecard/kustomization.yaml @@ -13,4 +13,4 @@ patchesJson6902: version: v1alpha3 kind: Configuration name: config -# +kubebuilder:scaffold:patchesJson6902 +#+kubebuilder:scaffold:patchesJson6902 diff --git a/config/scorecard/patches/basic.config.yaml b/config/scorecard/patches/basic.config.yaml index e7fa305..2d4e0a9 100644 --- a/config/scorecard/patches/basic.config.yaml +++ b/config/scorecard/patches/basic.config.yaml @@ -4,7 +4,7 @@ entrypoint: - scorecard-test - basic-check-spec - image: quay.io/operator-framework/scorecard-test:master + image: quay.io/operator-framework/scorecard-test:v1.7.2 labels: suite: basic test: basic-check-spec-test diff --git a/config/scorecard/patches/olm.config.yaml b/config/scorecard/patches/olm.config.yaml index e564c42..59c5576 100644 --- a/config/scorecard/patches/olm.config.yaml +++ b/config/scorecard/patches/olm.config.yaml @@ -4,7 +4,7 @@ entrypoint: - scorecard-test - olm-bundle-validation - image: quay.io/operator-framework/scorecard-test:master + image: quay.io/operator-framework/scorecard-test:v1.7.2 labels: suite: olm test: olm-bundle-validation-test @@ -14,7 +14,7 @@ entrypoint: - scorecard-test - olm-crds-have-validation - image: quay.io/operator-framework/scorecard-test:master + image: quay.io/operator-framework/scorecard-test:v1.7.2 labels: suite: olm test: olm-crds-have-validation-test @@ -24,7 +24,7 @@ entrypoint: - scorecard-test - olm-crds-have-resources - image: quay.io/operator-framework/scorecard-test:master + image: quay.io/operator-framework/scorecard-test:v1.7.2 labels: suite: olm test: olm-crds-have-resources-test @@ -34,7 +34,7 @@ entrypoint: - scorecard-test - olm-spec-descriptors - image: quay.io/operator-framework/scorecard-test:master + image: quay.io/operator-framework/scorecard-test:v1.7.2 labels: suite: olm test: olm-spec-descriptors-test @@ -44,7 +44,7 @@ entrypoint: - scorecard-test - olm-status-descriptors - image: quay.io/operator-framework/scorecard-test:master + image: quay.io/operator-framework/scorecard-test:v1.7.2 labels: suite: olm test: olm-status-descriptors-test diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml deleted file mode 100644 index 1339360..0000000 --- a/config/webhook/manifests.yaml +++ /dev/null @@ -1,88 +0,0 @@ - ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - creationTimestamp: null - name: mutating-webhook-configuration -webhooks: -- clientConfig: - caBundle: Cg== - service: - name: webhook-service - namespace: system - path: /mutate-jiraservicedesk-stakater-com-v1alpha1-customer - failurePolicy: Fail - name: mcustomer.kb.io - rules: - - apiGroups: - - jiraservicedesk.stakater.com - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - customers -- clientConfig: - caBundle: Cg== - service: - name: webhook-service - namespace: system - path: /mutate-jiraservicedesk-stakater-com-v1alpha1-project - failurePolicy: Fail - name: mproject.kb.io - rules: - - apiGroups: - - jiraservicedesk.stakater.com - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - projects - ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - creationTimestamp: null - name: validating-webhook-configuration -webhooks: -- clientConfig: - caBundle: Cg== - service: - name: webhook-service - namespace: system - path: /validate-jiraservicedesk-stakater-com-v1alpha1-customer - failurePolicy: Fail - name: vcustomer.kb.io - rules: - - apiGroups: - - jiraservicedesk.stakater.com - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - customers -- clientConfig: - caBundle: Cg== - service: - name: webhook-service - namespace: system - path: /validate-jiraservicedesk-stakater-com-v1alpha1-project - failurePolicy: Fail - name: vproject.kb.io - rules: - - apiGroups: - - jiraservicedesk.stakater.com - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - projects