Skip to content

Commit aedc342

Browse files
raffaelespazzolisabre1041
raffaelespazzoli
authored and
sabre1041
committed
added olm integration (#7)
* added olm integration fixed permissions fixed deployment * delete unused files * added more description
1 parent dd37286 commit aedc342

7 files changed

+320
-5
lines changed

deploy/operator.yaml

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -16,15 +16,13 @@ spec:
1616
containers:
1717
- name: namespace-configuration-operator
1818
# Replace this with the built image name
19-
image: REPLACE_IMAGE
19+
image: quay.io/redhat-cop/namespace-configuration-operator:latest
2020
command:
2121
- namespace-configuration-operator
2222
imagePullPolicy: Always
2323
env:
2424
- name: WATCH_NAMESPACE
25-
valueFrom:
26-
fieldRef:
27-
fieldPath: metadata.namespace
25+
value: ""
2826
- name: POD_NAME
2927
valueFrom:
3028
fieldRef:

deploy/role.yaml

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,16 @@
1+
kind: ClusterRole
2+
apiVersion: rbac.authorization.k8s.io/v1
3+
metadata:
4+
name: namespace-configuration-operator
5+
rules:
6+
# Operator Business Logic
7+
- apiGroups:
8+
- "*"
9+
resources:
10+
- "*"
11+
verbs:
12+
- "*"
13+
---
114
kind: Role
215
apiVersion: rbac.authorization.k8s.io/v1
316
metadata:
@@ -41,6 +54,6 @@ rules:
4154
resources:
4255
- deployments/finalizers
4356
resourceNames:
44-
- cert-utils-operator
57+
- namespace-configuration-operator
4558
verbs:
4659
- "update"

olm/README.md

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
# instructions on how to manually test the olm integration
2+
3+
Get the quay token
4+
5+
```shell
6+
AUTH_TOKEN=$(curl -sH "Content-Type: application/json" -XPOST https://quay.io/cnr/api/v1/users/login -d '
7+
{
8+
"user": {
9+
"username": "'"${QUAY_USERNAME}"'",
10+
"password": "'"${QUAY_PASSWORD}"'"
11+
}
12+
}' | jq -r '.token')
13+
```
14+
15+
validate the olm CSV
16+
17+
```shell
18+
operator-courier verify olm/olm-catalog/
19+
operator-courier verify olm/olm-catalog/ --ui_validate_io
20+
```
21+
22+
go to this [site](https://operatorhub.io/preview) to visually validate the result
23+
24+
push the catalog to the quay application registry
25+
26+
```shell
27+
operator-courier push olm/olm-catalog/ <your-quay-repo> namespace-configuration-operator 0.0.1 "${AUTH_TOKEN}"
28+
```
29+
30+
deploy the operator source
31+
32+
```shell
33+
oc apply -f ./olm/operator-source.yaml
34+
```
35+
36+
to delete a wrong bundle run:
37+
```shell
38+
helm registry login -p <quay-password> -u <quay-username> quay.io/<your-quay-repo>/namespace-configuration-operator
39+
helm registry delete-package quay.io/<your-quay-repo>/[email protected]
40+
```

olm/olm-catalog/namespace-configuration-operator.package.yaml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
#! package-manifest: deploy/chart/catalog_resources/rh-operators/vaultoperator.v0.4.10.clusterserviceversion.yaml
2+
packageName: namespace-configuration-operator
3+
channels:
4+
- name: alpha
5+
currentCSV: namespace-configuration-operator.v0.0.1

olm/olm-catalog/namespace-configuration-operator.v0.0.1.clusterserviceversion.yaml

Lines changed: 192 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,192 @@
1+
apiVersion: operators.coreos.com/v1alpha1
2+
kind: ClusterServiceVersion
3+
metadata:
4+
annotations:
5+
capabilities: Full Lifecycle
6+
categories: Security
7+
certified: "false"
8+
description: This operator provides a facility to define and enforce namespace configurations
9+
containerImage: quay.io/redhat-cop/namespace-configuration-operator:latest
10+
createdAt: 5/28/2019
11+
support: Best Effort
12+
repository: https://github.com/redhat-cop/namespace-configuration-operator
13+
alm-examples: |
14+
[
15+
{
16+
"apiVersion": "redhatcop.redhat.io/v1alpha1",
17+
"kind": "NamespaceConfig",
18+
"metadata": {
19+
"name": "small-size"
20+
},
21+
"spec": {
22+
"selector": {
23+
"matchLabels": {
24+
"size": "small"
25+
}
26+
},
27+
"resources": [
28+
{
29+
"apiVersion": "v1",
30+
"kind": "ResourceQuota",
31+
"metadata": {
32+
"name": "small-size"
33+
},
34+
"spec": {
35+
"hard": {
36+
"requests.cpu": "4",
37+
"requests.memory": "2Gi"
38+
}
39+
}
40+
}
41+
]
42+
}
43+
}
44+
]
45+
name: namespace-configuration-operator.v0.0.1
46+
namespace: namespace-configuration-operator
47+
spec:
48+
icon:
49+
- base64data: iVBORw0KGgoAAAANSUhEUgAAAOoAAADYCAMAAADS+I/aAAAAgVBMVEX///8AAAD29vb8/Pz5+fnz8/Pq6urf3994eHjIyMi8vLzU1NTQ0NB8fHzx8fGrq6szMzOQkJBtbW2enp5BQUGxsbGkpKRJSUlfX1/d3d1mZmaEhITAwMA5OTkVFRXl5eVTU1MmJiYfHx+WlpZaWloODg6Li4suLi4ZGRk9PT1HR0fjV/a/AAAPPUlEQVR4nM1daUPqOhBVQHZEQJBVWhHw+v9/4LWt0LQ9k8xkaT2fru9BkiHbmTUPD0HxvNlPZ5P559vh5QeH72g9709mq+lw1GuF7blGHPen7eFRi8P2NDw2PU43dIe7b72QKr4vw27TI7ZCdzl/54t5w0d/+Nz0yGUYzWK5mDccTpumx8/FeGIv5g27UdNSmLHZucuZ4dJrWhYdWtMXX4ImOEw7TUtEoNf3KWeGyV+c2oHgWpHgbdC0ZCUM4zCCJvgYNi2dguVXOEETvC+blvAX+zisoAn+xMyODfzWFw7jhgXtrusRNMFnowx5Vp+gCWaNCTo41yvpD5q5eVrb2gX9wbwBAjVsQtAE+5oF7dhM6dt2t1gth4PxDwbD5eo0Wb9aNNOvVdKxbHCH/mpAGVTavf1iHouae6+RGF/4wzrPpxxFuzNaSdbJKriIGZ7Yq249FRnHequI2/I2lHAFjJij6Q/a8sY7+zmv9Y8a+MSKNZK5wwW45y3l4FcsR/1+WVrMp4rONGZ0E3jDvplHMPdiARsxpnbioyMCT1dj9xdvZtyu2SD36auvCo7Gvk9eaVvLqE28+uxOQc/U8cw7P+2YbvBrEEpsumT6TyF6fTZcPh8B/HgGSb+DkbWNnrG8e/+FDZIGtXMta5V1o+1tG1iJ7GhX8YfX3vVnbw0a5EDX/9WRsah41nUU1eLgb+vsdd/+utH5hBfeujFAt2O9cYl/mk5q9IMeY3oYnjiiho3+qzc6RbOIvXD/E93+3Ef7nsbiQafb063Xtk1Zo3HW1bt02414jOgL/sO16ZhsuiF3UZd0KTjam2ia0ljAzdMHNSSno4m+yxqMUeiQK83h56c3aqMRgW1K1nf7NkkvccOxj+S8Wt9+5C3WeIRNi6KqlpoHaWD5A0Fx5NayU+io5Vu31w+Cul+tljBlxucf6a3jcTPaHI9dj/rkHRRvsiCIlI7K1SGK7oi3i3fGscDjO8tbIrSIiPftJxBXOfMc1EzQm4u0HcJZfGauRezwmPjV+Qhfg/QmjJ2aaeFve1YRiGM4krUyxa1wbaCkqH5dSkToiehkauM2+Cc5HdPu1d+Nt2ssaQLzpC9BC7QbbScURwus0QkM8B08SBFLGpNmRp/XDnY6CC4c7P+SnuLExff4Imzn5+raflGd49XDpjl4UuUGjRaxiqUcOjXtX4mLCi9hbtPYg2tD8rHLUBhOdjs4sJ0ME8Qps234ZUtVELoMJQ20P+9fw5c6jHVi7lbM862JDriiBfpuV7UkwXnFuiaPq8Cj88QfnXks/Mug6IHDxwXcJKyzDy9+Fz2sQmrYV2t5gcFz+AkOmHO0QKbuZMiv0MSI+cUK53qDH4MHPYOVYa8xVyqICi1nWvaqBw5e+Zhxm+MG4E/k5p2pbgnOdmhVVd4D8VF4O5rHDH8h7k5dHFAcZfXcYCjpyGFBqZBwWo2UBx5K3KSP9BR5KQsLBmJWe5EuSvMCyGRNBxO0szDv1JvqFxXvP6DQmRk/8NRrDhpoCDOoxnApcNXpXM1QlwEyY5ov+OqRpNVCYeyuvgfoj+Iaa1Sh7sbiNsqCNO+I6gLWuorhvaG3RiBCGfEELWlE0ZFukRPxWf7RDVYU1I2WtsP1yzfVFNnH5OdmaxOx0mYWXDJZmq4OGMOl+wKySwk8eeWZuFDa+WMklNTMfZDeqnO5oLgdCX2gJKvCwPhLkv4zd43MYbofCA1KYpMX5Bppl3BJ0neGfw0eTOn/aXeej73RaLRRJUFGqUggqcb+W4Xmsi67FlhxOkj3vF6L5//2HkKAFoEs0leQu0trlLmkryempO3uwJxCkeBmYEOlHYSBxXxRCY1MXVs/3GWz3hlW72Y6iQQ5w9nUIUshNR4KkhxIHO+ZS8qxfJBnPIkRNUxxLJAk/RydkPkgGF13LMoXpD4KtFXloUCSmgJVPpNLyrFvxnJJM0qEyJVYUlYyGSmrTFJmVmQJiWUL/Gcrvxk7C/WxbP7O9ylHUn3uBIlXrA3bhe1JykupsuZzyrri7CY1MYcjA4Rl1J42geIHqsk/14aFkkoutgLwqWQn6YM2HjtZKyovu8kqlVQTqqzFB+T6DJpNob2i6cuiaCXLZM1XApOgcTPBy9jCgBG3yIXufjXrr6PXKjsd/9DlOP8ztfbfNUAuFbUVdQmXPtd3Z5Z6syxY0xK9RrGUqbKySbc20YlGjLUgryFkLdUKmFB45QLOZRWoF2S4txZHTAs9x4/lrtLH81Px75usEkXKqgTS8AEbC/1KWrgJ0/xEhURmsop2DHbB6ZH68oCOQPlI7KHYa9P8ROXUtwjykR9MUfo9YIQPkKGvEKlUN1fmuQZZf02CgGZ5jab6hbLBUmtw36k7oay/9gygfDlEBdBQeFSq97vJaixroOJ2oQDdy9u1WoByKHiQlc6mquCuu4Bg5UBR+hpZxXHLP+dwzJQ0/x3BN0KlvSnRHFHyt9u8QutfFVH+BeAxC5ZlMi2NwFFWTtUi1WcJ1ny41CHPsjJsAaqRF4gasFKVImt5v9qoU0RUeo6CjQH8/5B14T3LarB7FA9Y8IEgBWhuUGRN6zooFMamUqH2gi2ZyMAnwtYHUGRNeZMiq02Y6jOt05W3f52z2km3hiLrvxL3t5G1TZXwqVh46zyWvrNyOoqsh0RWRX9d2zSLHQvVwAtB9Jcr3m6lgxRZ03pYCjm10qpQTE9cDaUDFCJQ6nzGbtI1rPCmtB6Wwk6lPsAUwDABdmFc/VQYYnibunR7KLKef4TvKGsrXg164tOiEqKONiGg+54KQI4K3d0XabZEVePHERnzDtG6f1kMN8yQzpKskPAB0uylDNjwvXCD331XtwWqyjrSFfr8XrAoTcFGhqktOL58FGnZFluqSFr0eSz1kSN9zk3fvV/QO2IlAIOLe0X01s1l8KuI3levWvhKPUu2Bu8sK9OitT9Ndgt6+wEzmnNWYis/ZVKyByUVhTt5sXcB35lrzbGOytXmiqTlW13ikLUiF0UgPcixyWJQxvxOhqr8RfKGk7usSA1y4/tUoAByZUqe/XEu0Y60ICeLCxVShH0GkqrlzjcDaNPpYhVJWuD6RrgavYC+53LcEe5P2hEvCIyxqHNRAPhZrSj3L4hQBc03BE8rOBYiQO5Kh+aIClyaQbZ5wZ8p3PRLFM1uq8Y9Lcgp0pyfgnBitxsHRQjYeW2etVeHRlZBfI7btIIGraih6RUCjWOGrjtXPjTdCKKncEpzPBzN2YkyI4+TzkOvdPPay/ngKUiWyqwpgA7cxq6m7LcZFYim0wpG1FBKTDqsU5QeJlRy7qtA5elOHlF0AAqL+NOlIwugG0DXgLItO/mB51bPCNU8FtmCCwyJllpzrqMY3+IHbreYmzkTkQjJdaPeFYdnMoQq0jQBUiXKeyh7WFHXCAMoIE3ADVVJU3MgPqE+tLa/6uerBtLhP3djBBoZewWrkqb3MSb8Z71tt7KJ/MeJpUBOD+4ZrIbBZd4l+JqwQdKq3hqoijYiK8ziQ2oZ0Gx00FkUmwwblQ0eIk7sgQhQZOnBaiHbjOSm5qJxyWT1arTRV37tULXR0UHC6ktRZDJJE+p1LUXCcgzL1dsmUJgCDJ9g+IgUeTJJV7cpvJ/qy2dWldfqbfMVxvcJV7A51FBR2jJJk2WYXlP5KcwdAlB0w2xXaMwyfUmxDWarPaF3UfKP9p0ysUMzoaExxENpsOCjoSMlUrUkqWL0ZntKCfXcf2gnVBgNBrr8/sxcpsP7v3INWGCmpizC3l9Cgi4F7U+aT0OU/p1Lqgxa4CcgrS6xZy8+TB/UTut9zWfZ48u7zIo5QqRc0pnGns8naOrTscP7BZXO3OouqX2YL23o98sncCVazZ14s5qlrOqEJBVbMunMZr9BN7ALzdK5UblkJyVrNjNcKJJaPEdIrmG/gee4G1qXu7vwVsNEA8ve91ITamwGcSQ8OH5jAbGBUqOiFz53TndsOU3KAhtkZPX9hg4OTaB7Kehd6ewrt8yXvTu6MyxJu/Me9Ei4Tkj9S/18upeUxef6DGF3MN31+/P+brEPwvpxFAZ90Cs65qBYl+IcMlA8w3G1282mtmkGRAohHQikLNjBSAkTNFlXPOB2/l0ttzERSEQfMLjAiP8HQ8t4jvPe7JIVibrlNBWAj+kY7UjOKNok7YoAEH5DmvarWfK3nkM8eFJAp5Swb0cbUfXBR12SUbtswI3shi9BZdtYRb4Qz8W8a2aqeAnW8AhilSnbbVeCmOkaUxWFIKmvRaAr0WrPUAqyTh/r3JzRhxqeBoTGTbvYLaoKi97u0R0sl4PwvIHKDLO8XGNC1oYecyyCyAuzzDYgKzc1/CBeAmp72Q6NDL4OmOzJA/kknnWLVAhHDdRWC/JRR4tU9V+Qz5mHJ7c60LGIDkyUjCv7aFBWWlInozhppqxBESUA2PYvIqd2qUC4x8bOYU1GrqMipclrbuTBTvL48DAeOpaziSewNdVbPbjqNOk+NXD6IjQ1EZwzUhJo0gc8ZDJJoEk8ivz0ENM9xDUSpydNGoPowT9dH3QXNW5YbZELb9e85tirxdyQQJs153FtaetynWu4dTbaOGOvnkh9iZRAsXE59Emfnn9qvaxnTwn4RN/kS5gpvJsKDKVv1sE4cdeQFxjgVzaVN54FsXB3TAnLQcw/xpL6/kPG2tqKygkCHYnGMuFnvyFjbfP7AcFKmplT1s4rb8u4ZZzRx/eAXA08U1fBxUv/R0ai/cEyyoIJTpp05Hwo7jnZZl7f0kbg1R/eORCYDa9KRA0aJOGjKyOeWUm7mcW89oOSlhuOzME8nid7kbnnaT/h1kq91qU8Cl5sOFz2rFF19xfBgy1eTA484JBLEuuTpjJUuzc8SR6GeazZqNUVFDa44W17WSz349Gm1zv2NqPxYLm4mGoOIXzXbYI2JZQHQ4iMBQOOvLK8nvHdjBfQWL7VP7ynKnDRsnw8xxbz4DFfGowYpNgXDo14ThRoHB1ecW7AbVKB/FU6CzRw7iJ0zJqlIxbBwxXZMBtGXPBHZvSOKRGA6YprY/eLBgPJU3hMrP9EPBjA0erdIBJfp8YDpHQYeGMV/b86oTnaQ0lJQgLzQC+R+MeAbU4AOO9qMab4Q28q1LczrKd/IFjTAr1pX1Cv79q3Tgz6G2iNpxOjZhvtpqOw9uv68DwaTmeT+fbz7fUlwb/vt8/5fHJZTIfjXt2s7z9MqsTdLqoFFgAAAABJRU5ErkJggg==
50+
mediatype: image/png
51+
links:
52+
- name: repository
53+
url: https://github.com/redhat-cop/namespace-configuration-operator
54+
- name: conatinerImage
55+
url: https://quay.io/redhat-cop/namespace-configuration-operator:latest
56+
- name: blog
57+
url: https://blog.openshift.com/controlling-namespace-configurations
58+
installModes:
59+
- supported: true
60+
type: OwnNamespace
61+
- supported: true
62+
type: SingleNamespace
63+
- supported: false
64+
type: MultiNamespace
65+
- supported: false
66+
type: AllNamespaces
67+
maturity: alpha
68+
version: 0.0.1
69+
keywords: ['namespace', 'configuration', 'policy', 'management']
70+
maintainers:
71+
- name: Raffaele Spazzoli
72+
email: [email protected]
73+
provider:
74+
name: Containers & PaaS CoP
75+
apiservicedefinitions: {}
76+
description: |
77+
The namespace configuration operator helps keeping a namespace's configuration aligned with one of more policies specified as a CRs.
78+
79+
The `NamespaceConfig` CR allows specifying one or more objects that will be created in the selected namespaces.
80+
81+
For example using this operator an administrator can enforce a specific ResourceQuota or LimitRange on a set of namespaces. For example with the following snippet:
82+
83+
```
84+
apiVersion: redhatcop.redhat.io/v1alpha1
85+
kind: NamespaceConfig
86+
metadata:
87+
name: small-size
88+
spec:
89+
selector:
90+
matchLabels:
91+
size: small
92+
resources:
93+
- apiVersion: v1
94+
kind: ResourceQuota
95+
metadata:
96+
name: small-size
97+
spec:
98+
hard:
99+
requests.cpu: "4"
100+
requests.memory: "2Gi"
101+
```
102+
103+
we are enforcing that all the namespaces with label: `size=small` receive the specified resource quota.
104+
customresourcedefinitions:
105+
owned:
106+
- kind: NamespaceConfig
107+
name: namespaceconfigs.redhatcop.redhat.io
108+
version: v1alpha1
109+
displayName: Namespace Configuration
110+
description: Represent the desired configuration for a set of namespaces selected via labels
111+
displayName: Namespace Configuration Operator
112+
install:
113+
spec:
114+
clusterPermissions:
115+
- rules:
116+
- apiGroups:
117+
- "*"
118+
resources:
119+
- "*"
120+
verbs:
121+
- '*'
122+
serviceAccountName: namespace-configuration-operator
123+
deployments:
124+
- name: namespace-configuration-operator
125+
spec:
126+
replicas: 1
127+
selector:
128+
matchLabels:
129+
name: namespace-configuration-operator
130+
strategy: {}
131+
template:
132+
metadata:
133+
labels:
134+
name: namespace-configuration-operator
135+
spec:
136+
containers:
137+
- command:
138+
- namespace-configuration-operator
139+
env:
140+
- name: WATCH_NAMESPACE
141+
value: ""
142+
- name: POD_NAME
143+
valueFrom:
144+
fieldRef:
145+
fieldPath: metadata.name
146+
- name: OPERATOR_NAME
147+
value: namespace-configuration-operator
148+
image: quay.io/redhat-cop/namespace-configuration-operator:latest
149+
imagePullPolicy: Always
150+
name: namespace-configuration-operator
151+
resources: {}
152+
serviceAccountName: namespace-configuration-operator
153+
permissions:
154+
- rules:
155+
- apiGroups:
156+
- ""
157+
resources:
158+
- configmaps
159+
- pods
160+
verbs:
161+
- '*'
162+
- apiGroups:
163+
- ""
164+
resources:
165+
- services
166+
verbs:
167+
- '*'
168+
- apiGroups:
169+
- apps
170+
resources:
171+
- replicasets
172+
- deployments
173+
verbs:
174+
- get
175+
- list
176+
- apiGroups:
177+
- monitoring.coreos.com
178+
resources:
179+
- servicemonitors
180+
verbs:
181+
- get
182+
- create
183+
- apiGroups:
184+
- apps
185+
resourceNames:
186+
- namespace-configuration-operator
187+
resources:
188+
- deployments/finalizers
189+
verbs:
190+
- update
191+
serviceAccountName: namespace-configuration-operator
192+
strategy: deployment

olm/olm-catalog/redhatcop_v1alpha1_namespaceconfig_crd.yaml

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
apiVersion: apiextensions.k8s.io/v1beta1
2+
kind: CustomResourceDefinition
3+
metadata:
4+
name: namespaceconfigs.redhatcop.redhat.io
5+
spec:
6+
group: redhatcop.redhat.io
7+
names:
8+
kind: NamespaceConfig
9+
listKind: NamespaceConfigList
10+
plural: namespaceconfigs
11+
singular: namespaceconfig
12+
scope: Namespaced
13+
subresources:
14+
status: {}
15+
validation:
16+
openAPIV3Schema:
17+
properties:
18+
apiVersion:
19+
description: 'APIVersion defines the versioned schema of this representation
20+
of an object. Servers should convert recognized schemas to the latest
21+
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
22+
type: string
23+
kind:
24+
description: 'Kind is a string value representing the REST resource this
25+
object represents. Servers may infer this from the endpoint the client
26+
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
27+
type: string
28+
metadata:
29+
type: object
30+
spec:
31+
properties:
32+
resources:
33+
items:
34+
type: object
35+
type: array
36+
selector:
37+
type: object
38+
type: object
39+
status:
40+
properties:
41+
lastUpdate:
42+
format: date-time
43+
type: string
44+
reason:
45+
type: string
46+
status:
47+
enum:
48+
- Success
49+
- Failure
50+
type: string
51+
type: object
52+
version: v1alpha1
53+
versions:
54+
- name: v1alpha1
55+
served: true
56+
storage: true

olm/operator-source.yaml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
apiVersion: operators.coreos.com/v1
2+
kind: OperatorSource
3+
metadata:
4+
name: namespace-configuration-operator
5+
namespace: openshift-marketplace
6+
spec:
7+
type: appregistry
8+
endpoint: https://quay.io/cnr
9+
registryNamespace: <your-quay-repo>
10+
displayName: "namespace-configuration-operator"
11+
publisher: "CoP"

0 commit comments

Comments
 (0)