From cbe68045ed6773d119c61e70758837f097ec6c5b Mon Sep 17 00:00:00 2001 From: Varad Ahirwadkar Date: Mon, 4 Nov 2024 13:05:56 +0530 Subject: [PATCH] Adding RSCT Operator 0.0.1 Signed-off-by: Varad Ahirwadkar --- operators/rsct-operator/0.0.1/Dockerfile | 33 +++ ...er-manager-metrics-service_v1_service.yaml | 23 ++ ...-operator-manager-config_v1_configmap.yaml | 17 ++ ...c.authorization.k8s.io_v1_clusterrole.yaml | 17 ++ ...rization.k8s.io_v1_clusterrolebinding.yaml | 13 + .../rsct-operator.clusterserviceversion.yaml | 266 ++++++++++++++++++ .../0.0.1/manifests/rsct.ibm.com_rscts.yaml | 60 ++++ .../0.0.1/metadata/annotations.yaml | 14 + operators/rsct-operator/ci.yaml | 5 + 9 files changed, 448 insertions(+) create mode 100644 operators/rsct-operator/0.0.1/Dockerfile create mode 100644 operators/rsct-operator/0.0.1/manifests/rsct-operator-controller-manager-metrics-service_v1_service.yaml create mode 100644 operators/rsct-operator/0.0.1/manifests/rsct-operator-manager-config_v1_configmap.yaml create mode 100644 operators/rsct-operator/0.0.1/manifests/rsct-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml create mode 100644 operators/rsct-operator/0.0.1/manifests/rsct-operator-privileged_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml create mode 100644 operators/rsct-operator/0.0.1/manifests/rsct-operator.clusterserviceversion.yaml create mode 100644 operators/rsct-operator/0.0.1/manifests/rsct.ibm.com_rscts.yaml create mode 100644 operators/rsct-operator/0.0.1/metadata/annotations.yaml create mode 100644 operators/rsct-operator/ci.yaml diff --git a/operators/rsct-operator/0.0.1/Dockerfile b/operators/rsct-operator/0.0.1/Dockerfile new file mode 100644 index 00000000000..1c2cec40f32 --- /dev/null +++ b/operators/rsct-operator/0.0.1/Dockerfile @@ -0,0 +1,33 @@ +# Build the manager binary +FROM golang:1.22 AS builder +ARG TARGETOS=linux +ARG TARGETARCH=ppc64le + +WORKDIR /workspace +# Copy the Go Modules manifests +COPY go.mod go.mod +COPY go.sum go.sum +# cache deps before building and copying source so that we don't need to re-download as much +# and so that source changes don't invalidate our downloaded layer +RUN go mod download + +# Copy the go source +COPY cmd/main.go cmd/main.go +COPY api/ api/ +COPY internal/controller/ internal/controller/ + +# Build +# the GOARCH has not a default value to allow the binary be built according to the host where the command +# was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO +# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore, +# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform. +RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -a -o manager cmd/main.go + +FROM registry.access.redhat.com/ubi9/ubi-minimal:latest +WORKDIR / +RUN mkdir /licenses +COPY LICENSE /licenses +COPY --from=builder /workspace/manager . +USER 65532:65532 + +ENTRYPOINT ["/manager"] diff --git a/operators/rsct-operator/0.0.1/manifests/rsct-operator-controller-manager-metrics-service_v1_service.yaml b/operators/rsct-operator/0.0.1/manifests/rsct-operator-controller-manager-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..631ecbccc8c --- /dev/null +++ b/operators/rsct-operator/0.0.1/manifests/rsct-operator-controller-manager-metrics-service_v1_service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: rsct-operator + app.kubernetes.io/instance: controller-manager-metrics-service + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: service + app.kubernetes.io/part-of: rsct-operator + control-plane: controller-manager + name: rsct-operator-controller-manager-metrics-service +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/rsct-operator/0.0.1/manifests/rsct-operator-manager-config_v1_configmap.yaml b/operators/rsct-operator/0.0.1/manifests/rsct-operator-manager-config_v1_configmap.yaml new file mode 100644 index 00000000000..457215cb6fa --- /dev/null +++ b/operators/rsct-operator/0.0.1/manifests/rsct-operator-manager-config_v1_configmap.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +data: + controller_manager_config.yaml: | + apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 + kind: ControllerManagerConfig + health: + healthProbeBindAddress: :8081 + metrics: + bindAddress: 127.0.0.1:8080 + webhook: + port: 9443 + leaderElection: + leaderElect: true + resourceName: e9c9f994.ibm.com +kind: ConfigMap +metadata: + name: rsct-operator-manager-config diff --git a/operators/rsct-operator/0.0.1/manifests/rsct-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/rsct-operator/0.0.1/manifests/rsct-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..a75d282a49e --- /dev/null +++ b/operators/rsct-operator/0.0.1/manifests/rsct-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: rsct-operator + app.kubernetes.io/instance: metrics-reader + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrole + app.kubernetes.io/part-of: rsct-operator + name: rsct-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operators/rsct-operator/0.0.1/manifests/rsct-operator-privileged_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml b/operators/rsct-operator/0.0.1/manifests/rsct-operator-privileged_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml new file mode 100644 index 00000000000..b1c6178be92 --- /dev/null +++ b/operators/rsct-operator/0.0.1/manifests/rsct-operator-privileged_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + name: rsct-operator-privileged +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:openshift:scc:privileged +subjects: +- kind: ServiceAccount + name: rsct + namespace: rsct-operator-system diff --git a/operators/rsct-operator/0.0.1/manifests/rsct-operator.clusterserviceversion.yaml b/operators/rsct-operator/0.0.1/manifests/rsct-operator.clusterserviceversion.yaml new file mode 100644 index 00000000000..233c78d33a7 --- /dev/null +++ b/operators/rsct-operator/0.0.1/manifests/rsct-operator.clusterserviceversion.yaml @@ -0,0 +1,266 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "rsct.ibm.com/v1alpha1", + "kind": "RSCT", + "metadata": { + "labels": { + "app.kubernetes.io/created-by": "rsct-operator", + "app.kubernetes.io/instance": "rsct", + "app.kubernetes.io/managed-by": "kustomize", + "app.kubernetes.io/name": "rsct", + "app.kubernetes.io/part-of": "rsct-operator" + }, + "name": "rsct", + "namespace": "rsct-operator-system" + } + } + ] + capabilities: Basic Install + createdAt: "2024-07-10T12:35:54Z" + operators.operatorframework.io/builder: operator-sdk-v1.34.1 + operators.operatorframework.io/project_layout: go.kubebuilder.io/v4 + name: rsct-operator.v0.0.1 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: RSCT is the Schema for the rscts API + displayName: RSCT + kind: RSCT + name: rscts.rsct.ibm.com + version: v1alpha1 + description: Deploys RSCT on all nodes of an OpenShift cluster. + displayName: RSCT Operator for IBM Power Virtual Server + icon: + - base64data: "PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyNTguNTEgMjU4LjUxIj48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2QxZDFkMTt9LmNscy0ye2ZpbGw6IzhkOGQ4Zjt9PC9zdHlsZT48L2RlZnM+PHRpdGxlPkFzc2V0IDQ8L3RpdGxlPjxnIGlkPSJMYXllcl8yIiBkYXRhLW5hbWU9IkxheWVyIDIiPjxnIGlkPSJMYXllcl8xLTIiIGRhdGEtbmFtZT0iTGF5ZXIgMSI+PHBhdGggY2xhc3M9ImNscy0xIiBkPSJNMTI5LjI1LDIwQTEwOS4xLDEwOS4xLDAsMCwxLDIwNi40LDIwNi40LDEwOS4xLDEwOS4xLDAsMSwxLDUyLjExLDUyLjExLDEwOC40NSwxMDguNDUsMCwwLDEsMTI5LjI1LDIwbTAtMjBoMEM1OC4xNiwwLDAsNTguMTYsMCwxMjkuMjVIMGMwLDcxLjA5LDU4LjE2LDEyOS4yNiwxMjkuMjUsMTI5LjI2aDBjNzEuMDksMCwxMjkuMjYtNTguMTcsMTI5LjI2LTEyOS4yNmgwQzI1OC41MSw1OC4xNiwyMDAuMzQsMCwxMjkuMjUsMFoiLz48cGF0aCBjbGFzcz0iY2xzLTIiIGQ9Ik0xNzcuNTQsMTAzLjQxSDE0MS42NkwxNTQuOSw2NS43NmMxLjI1LTQuNC0yLjMzLTguNzYtNy4yMS04Ljc2SDEwMi45M2E3LjMyLDcuMzIsMCwwLDAtNy40LDZsLTEwLDY5LjYxYy0uNTksNC4xNywyLjg5LDcuODksNy40LDcuODloMzYuOUwxMTUuNTUsMTk3Yy0xLjEyLDQuNDEsMi40OCw4LjU1LDcuMjQsOC41NWE3LjU4LDcuNTgsMCwwLDAsNi40Ny0zLjQ4TDE4NCwxMTMuODVDMTg2Ljg2LDEwOS4yNCwxODMuMjksMTAzLjQxLDE3Ny41NCwxMDMuNDFaIi8+PC9nPjwvZz48L3N2Zz4=" + mediatype: "image/svg+xml" + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - daemonsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rsct.ibm.com + resources: + - rscts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rsct.ibm.com + resources: + - rscts/finalizers + verbs: + - update + - apiGroups: + - rsct.ibm.com + resources: + - rscts/status + verbs: + - get + - patch + - update + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + serviceAccountName: rsct-operator-controller-manager + deployments: + - label: + app.kubernetes.io/component: manager + app.kubernetes.io/created-by: rsct-operator + app.kubernetes.io/instance: controller-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: deployment + app.kubernetes.io/part-of: rsct-operator + control-plane: controller-manager + name: rsct-operator-controller-manager + spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + strategy: {} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - ppc64le + - key: kubernetes.io/os + operator: In + values: + - linux + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + command: + - /manager + image: ghcr.io/ocp-power-automation/rsct-operator:latest + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + securityContext: + runAsNonRoot: true + serviceAccountName: rsct-operator-controller-manager + terminationGracePeriodSeconds: 10 + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: rsct-operator-controller-manager + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - rsct + - powervs + - ibm + - rmc + - power + links: + - name: Rsct Operator + url: https://rsct-operator.domain + maintainers: + - email: mjturek@us.ibm.com + name: Michael Turek + maturity: alpha + minKubeVersion: 1.25.0 + provider: + name: IBM + version: 0.0.1 diff --git a/operators/rsct-operator/0.0.1/manifests/rsct.ibm.com_rscts.yaml b/operators/rsct-operator/0.0.1/manifests/rsct.ibm.com_rscts.yaml new file mode 100644 index 00000000000..26d1b6374b2 --- /dev/null +++ b/operators/rsct-operator/0.0.1/manifests/rsct.ibm.com_rscts.yaml @@ -0,0 +1,60 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: rscts.rsct.ibm.com +spec: + group: rsct.ibm.com + names: + kind: RSCT + listKind: RSCTList + plural: rscts + singular: rsct + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: RSCT is the Schema for the rscts API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RSCTSpec defines the desired state of RSCT + properties: + image: + default: quay.io/powercloud/rsct-ppc64le:latest + description: Image is an RSCT image + type: string + type: object + status: + description: RSCTStatus defines the observed state of RSCT + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/rsct-operator/0.0.1/metadata/annotations.yaml b/operators/rsct-operator/0.0.1/metadata/annotations.yaml new file mode 100644 index 00000000000..1a3174bf98b --- /dev/null +++ b/operators/rsct-operator/0.0.1/metadata/annotations.yaml @@ -0,0 +1,14 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: rsct-operator + operators.operatorframework.io.bundle.channels.v1: alpha + operators.operatorframework.io.metrics.builder: operator-sdk-v1.34.1 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v4 + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ diff --git a/operators/rsct-operator/ci.yaml b/operators/rsct-operator/ci.yaml new file mode 100644 index 00000000000..eae0feea4bb --- /dev/null +++ b/operators/rsct-operator/ci.yaml @@ -0,0 +1,5 @@ +--- +# Use `replaces-mode` or `semver-mode`. Once you switch to `semver-mode`, there is no easy way back. +updateGraph: replaces-mode +reviewers: + - varad-ahirwadkar