Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: remove trusty RBAC, fix indentatin for serving in "init-resource", trustcabundle updates #220

Merged
merged 1 commit into from
Mar 15, 2024
Merged

chore: remove trusty RBAC, fix indentatin for serving in "init-resource", trustcabundle updates #220

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 18 additions & 18 deletions bundle/manifests/datasciencecluster.opendatahub.io_datascienceclusters.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,12 +62,12 @@ spec:
description: 'sourcePath is the subpath within contextDir
where kustomize builds start. Examples include
any sub-folder or path: `base`, `overlays/dev`,
`default`, `odh` etc'
`default`, `odh` etc.'
type: string
uri:
default: ""
description: uri is the URI point to a git repo
with tag/branch. e.g https://github.com/org/repo/tarball/<tag/branch>
with tag/branch. e.g. https://github.com/org/repo/tarball/<tag/branch>
type: string
type: object
type: array
Expand Down Expand Up @@ -105,12 +105,12 @@ spec:
description: 'sourcePath is the subpath within contextDir
where kustomize builds start. Examples include
any sub-folder or path: `base`, `overlays/dev`,
`default`, `odh` etc'
`default`, `odh` etc.'
type: string
uri:
default: ""
description: uri is the URI point to a git repo
with tag/branch. e.g https://github.com/org/repo/tarball/<tag/branch>
with tag/branch. e.g. https://github.com/org/repo/tarball/<tag/branch>
type: string
type: object
type: array
Expand Down Expand Up @@ -149,12 +149,12 @@ spec:
description: 'sourcePath is the subpath within contextDir
where kustomize builds start. Examples include
any sub-folder or path: `base`, `overlays/dev`,
`default`, `odh` etc'
`default`, `odh` etc.'
type: string
uri:
default: ""
description: uri is the URI point to a git repo
with tag/branch. e.g https://github.com/org/repo/tarball/<tag/branch>
with tag/branch. e.g. https://github.com/org/repo/tarball/<tag/branch>
type: string
type: object
type: array
Expand Down Expand Up @@ -207,12 +207,12 @@ spec:
description: 'sourcePath is the subpath within contextDir
where kustomize builds start. Examples include
any sub-folder or path: `base`, `overlays/dev`,
`default`, `odh` etc'
`default`, `odh` etc.'
type: string
uri:
default: ""
description: uri is the URI point to a git repo
with tag/branch. e.g https://github.com/org/repo/tarball/<tag/branch>
with tag/branch. e.g. https://github.com/org/repo/tarball/<tag/branch>
type: string
type: object
type: array
Expand Down Expand Up @@ -310,12 +310,12 @@ spec:
description: 'sourcePath is the subpath within contextDir
where kustomize builds start. Examples include
any sub-folder or path: `base`, `overlays/dev`,
`default`, `odh` etc'
`default`, `odh` etc.'
type: string
uri:
default: ""
description: uri is the URI point to a git repo
with tag/branch. e.g https://github.com/org/repo/tarball/<tag/branch>
with tag/branch. e.g. https://github.com/org/repo/tarball/<tag/branch>
type: string
type: object
type: array
Expand Down Expand Up @@ -354,12 +354,12 @@ spec:
description: 'sourcePath is the subpath within contextDir
where kustomize builds start. Examples include
any sub-folder or path: `base`, `overlays/dev`,
`default`, `odh` etc'
`default`, `odh` etc.'
type: string
uri:
default: ""
description: uri is the URI point to a git repo
with tag/branch. e.g https://github.com/org/repo/tarball/<tag/branch>
with tag/branch. e.g. https://github.com/org/repo/tarball/<tag/branch>
type: string
type: object
type: array
Expand Down Expand Up @@ -397,12 +397,12 @@ spec:
description: 'sourcePath is the subpath within contextDir
where kustomize builds start. Examples include
any sub-folder or path: `base`, `overlays/dev`,
`default`, `odh` etc'
`default`, `odh` etc.'
type: string
uri:
default: ""
description: uri is the URI point to a git repo
with tag/branch. e.g https://github.com/org/repo/tarball/<tag/branch>
with tag/branch. e.g. https://github.com/org/repo/tarball/<tag/branch>
type: string
type: object
type: array
Expand Down Expand Up @@ -440,12 +440,12 @@ spec:
description: 'sourcePath is the subpath within contextDir
where kustomize builds start. Examples include
any sub-folder or path: `base`, `overlays/dev`,
`default`, `odh` etc'
`default`, `odh` etc.'
type: string
uri:
default: ""
description: uri is the URI point to a git repo
with tag/branch. e.g https://github.com/org/repo/tarball/<tag/branch>
with tag/branch. e.g. https://github.com/org/repo/tarball/<tag/branch>
type: string
type: object
type: array
Expand Down Expand Up @@ -483,12 +483,12 @@ spec:
description: 'sourcePath is the subpath within contextDir
where kustomize builds start. Examples include
any sub-folder or path: `base`, `overlays/dev`,
`default`, `odh` etc'
`default`, `odh` etc.'
type: string
uri:
default: ""
description: uri is the URI point to a git repo
with tag/branch. e.g https://github.com/org/repo/tarball/<tag/branch>
with tag/branch. e.g. https://github.com/org/repo/tarball/<tag/branch>
type: string
type: object
type: array
Expand Down
2 changes: 2 additions & 0 deletions bundle/manifests/dscinitialization.opendatahub.io_dscinitializations.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,7 @@ spec:
field.
properties:
customCABundle:
default: ""
description: A custom CA bundle that will be available for all components
in the Data Science Cluster(DSC). This bundle will be stored
in odh-trusted-ca-bundle ConfigMap .data.odh-ca-bundle.crt .
Expand All @@ -146,6 +147,7 @@ spec:
pattern: ^(Managed|Unmanaged|Force|Removed)$
type: string
required:
- customCABundle
- managementState
type: object
required:
Expand Down
78 changes: 5 additions & 73 deletions bundle/manifests/rhods-operator.clusterserviceversion.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1646,32 +1646,6 @@ spec:
- templates
verbs:
- '*'
- apiGroups:
- trustyai.opendatahub.io
resources:
- trustyaiservices
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- trustyai.opendatahub.io
resources:
- trustyaiservices/finalizers
verbs:
- update
- apiGroups:
- trustyai.opendatahub.io
resources:
- trustyaiservices/status
verbs:
- get
- patch
- update
- apiGroups:
- user.openshift.io
resources:
Expand Down Expand Up @@ -1744,18 +1718,6 @@ spec:
- patch
- update
- watch
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
serviceAccountName: redhat-ods-operator-controller-manager
deployments:
- label:
Expand Down Expand Up @@ -1803,44 +1765,15 @@ spec:
requests:
cpu: 500m
memory: 256Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
securityContext:
runAsNonRoot: true
serviceAccountName: redhat-ods-operator-controller-manager
terminationGracePeriodSeconds: 10
permissions:
- rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
serviceAccountName: redhat-ods-operator-controller-manager
strategy: deployment
installModes:
- supported: false
Expand All @@ -1861,7 +1794,6 @@ spec:
- training
- kserve
- distributed-workloads
- trustyai
links:
- name: Red Hat OpenShift AI
url: https://www.redhat.com/en/technologies/cloud-computing/openshift/openshift-ai
Expand Down
2 changes: 2 additions & 0 deletions config/crd/bases/dscinitialization.opendatahub.io_dscinitializations.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,7 @@ spec:
field.
properties:
customCABundle:
default: ""
description: A custom CA bundle that will be available for all components
in the Data Science Cluster(DSC). This bundle will be stored
in odh-trusted-ca-bundle ConfigMap .data.odh-ca-bundle.crt .
Expand All @@ -147,6 +148,7 @@ spec:
pattern: ^(Managed|Unmanaged|Force|Removed)$
type: string
required:
- customCABundle
- managementState
type: object
required:
Expand Down
24 changes: 15 additions & 9 deletions config/manifests/bases/rhods-operator.clusterserviceversion.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,15 +36,15 @@ metadata:
},
"kserve": {
"managementState": "Managed",
"serving": {
"ingressGateway": {
"certificate": {
"type": "SelfSigned"
}
},
"managementState": "Managed",
"name": "knative-serving"
}
"serving": {
"ingressGateway": {
"certificate": {
"type": "SelfSigned"
}
},
"managementState": "Managed",
"name": "knative-serving"
}
},
"kueue": {
"managementState": "Removed"
Expand Down Expand Up @@ -97,6 +97,12 @@ spec:
e.g. it provides unified authentication giving a Single Sign On experience.
displayName: Service Mesh
path: serviceMesh
- description: When set to `Managed`, adds odh-trusted-ca-bundle Configmap to
all namespaces that includes cluster-wide Trusted CA Bundle in .data["ca-bundle.crt"].
Additionally, this fields allows admins to add custom CA bundles to the
configmap using the .CustomCABundle field.
displayName: Trusted CABundle
path: trustedCABundle
- description: Internal development useful field to test customizations. This
is not recommended to be used in production environment.
displayName: Dev Flags
Expand Down
26 changes: 0 additions & 26 deletions config/rbac/role.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1404,32 +1404,6 @@ rules:
- templates
verbs:
- '*'
- apiGroups:
- trustyai.opendatahub.io
resources:
- trustyaiservices
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- trustyai.opendatahub.io
resources:
- trustyaiservices/finalizers
verbs:
- update
- apiGroups:
- trustyai.opendatahub.io
resources:
- trustyaiservices/status
verbs:
- get
- patch
- update
- apiGroups:
- user.openshift.io
resources:
Expand Down
4 changes: 0 additions & 4 deletions controllers/datasciencecluster/kubebuilder_rbac.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,10 +114,6 @@ package datasciencecluster
// +kubebuilder:rbac:groups="monitoring.coreos.com",resources=probes,verbs=get;create;patch;delete;deletecollection
// +kubebuilder:rbac:groups="monitoring.coreos.com",resources=prometheusrules,verbs=get;create;patch;delete;deletecollection

//+kubebuilder:rbac:groups=trustyai.opendatahub.io,resources=trustyaiservices,verbs=get;list;watch;create;update;patch;delete
//+kubebuilder:rbac:groups=trustyai.opendatahub.io,resources=trustyaiservices/status,verbs=get;update;patch
//+kubebuilder:rbac:groups=trustyai.opendatahub.io,resources=trustyaiservices/finalizers,verbs=update

// +kubebuilder:rbac:groups="monitoring.coreos.com",resources=prometheuses/finalizers,verbs=get;create;patch;delete;deletecollection
// +kubebuilder:rbac:groups="monitoring.coreos.com",resources=prometheuses/status,verbs=get;create;patch;delete;deletecollection

Expand Down
Loading