Merge branch 'probe-defaults' of github.com:application-stacks/runtim…

…e-component-operator into probe-defaults

.one-pipeline-archive.yaml

@@ -23,14 +23,24 @@ setup:
         curl -X POST -H 'Content-type: application/json' --data '{"text":"<'$user'>  Archive operation failure see below "}' $(get_env slack_web_hook_url)
         echo " "
       done
-      pipeline_url="https://cloud.ibm.com/devops/pipelines/tekton/${PIPELINE_ID}/runs/${PIPELINE_RUN_ID}"
+      pipeline_url="https://cloud.ibm.com/devops/pipelines/tekton/${PIPELINE_ID}/runs/${PIPELINE_RUN_ID}?env_id=ibm:yp:us-south"
       curl -X POST -H 'Content-type: application/json' --data '{"text":"The archive operation for '$REPO' has failed."}' $(get_env slack_web_hook_url) </dev/null
       curl -X POST -H 'Content-type: application/json' --data '{"text":"Failing pipeline: '$pipeline_url'"}' $(get_env slack_web_hook_url) </dev/null
       curl -X POST -H 'Content-type: application/json' --data '{"text":"Destination repository: '$ARCHIVE_DESTINATION_REPO'"}' $(get_env slack_web_hook_url) </dev/null
     else
       echo "${REPO} has been archived successfully to ${ARCHIVE_DESTINATION_REPO}"
     fi
     
+detect-secrets:
+  image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3.12
+  abort_on_failure: false
+  image_pull_policy: IfNotPresent
+  skip: true
+  script: |
+    #!/usr/bin/env bash
+    echo "Skip detect-secrets"
+    exit 0
+    
 test:
   dind: true
   abort_on_failure: false

.one-pipeline-cd.yaml

@@ -81,7 +81,7 @@ deploy:
     done
 
 sign-artifact:
-  image: docker-eu-public.artifactory.swg-devops.com/wcp-compliance-automation-team-docker-local/csso-image-sign:6.0.0@sha256:3499f75eb669416536f0d680104e7e9e37147c168459152d716a1fbf9b1af5a2
+  image: icr.io/continuous-delivery/toolchains/devsecops/csso-image-sign:7.0.0@sha256:e818a62c54f328752a94fd37f73b133e6586d9eb0271afb97ffc6a3faf77fede
   script: |
     #!/usr/bin/env bash
     echo "sign-artifact stage"
@@ -96,7 +96,7 @@ sign-artifact:
     cat rco.pub
 
 acceptance-test:
-  image: docker-eu-public.artifactory.swg-devops.com/wcp-compliance-automation-team-docker-local/csso-image-sign:6.0.0@sha256:3499f75eb669416536f0d680104e7e9e37147c168459152d716a1fbf9b1af5a2
+  image: icr.io/continuous-delivery/toolchains/devsecops/csso-image-sign:7.0.0@sha256:e818a62c54f328752a94fd37f73b133e6586d9eb0271afb97ffc6a3faf77fede
   script: |
     #!/usr/bin/env bash
     echo "acceptance-test stage"

Dockerfile

@@ -26,7 +26,7 @@ FROM registry.access.redhat.com/ubi8/ubi-minimal:latest
 ARG USER_ID=65532
 ARG GROUP_ID=65532
 
-ARG VERSION_LABEL=1.2.1
+ARG VERSION_LABEL=1.2.2
 ARG RELEASE_LABEL=XX
 ARG VCS_REF=0123456789012345678901234567890123456789
 ARG VCS_URL="https://github.com/application-stacks/runtime-component-operator"

Makefile

@@ -3,7 +3,7 @@
 # To re-generate a bundle for another specific version without changing the standard setup, you can:
 # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
 # - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
-VERSION ?= 1.2.1
+VERSION ?= 1.2.2
 OPERATOR_SDK_RELEASE_VERSION ?= v1.24.0
 
 # CHANNELS define the bundle channels used in the bundle.
@@ -189,6 +189,8 @@ manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and Cust
 .PHONY: bundle
 bundle: manifests setup kustomize ## Generate bundle manifests and metadata, then validate generated files.
 	scripts/update-sample.sh
+
+	sed -i.bak "s,OPERATOR_IMAGE,${IMG},g" config/manager/manager.yaml
 	sed -i.bak "s,IMAGE,${IMG},g;s,CREATEDAT,${CREATEDAT},g" config/manifests/patches/csvAnnotations.yaml
 	operator-sdk generate kustomize manifests -q
 	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
@@ -200,9 +202,6 @@ bundle: manifests setup kustomize ## Generate bundle manifests and metadata, the
 	$(KUSTOMIZE) build config/kustomize/operator -o internal/deploy/kustomize/daily/base/runtime-component-operator.yaml
 	sed -i.bak "s,${IMG},${KUSTOMIZE_IMG},g;s,serviceAccountName: controller-manager,serviceAccountName: rco-controller-manager,g" internal/deploy/kustomize/daily/base/runtime-component-operator.yaml
 	$(KUSTOMIZE) build config/kustomize/roles -o internal/deploy/kustomize/daily/base/runtime-component-roles.yaml
-
-	mv config/manifests/patches/csvAnnotations.yaml.bak config/manifests/patches/csvAnnotations.yaml
-	rm internal/deploy/kustomize/daily/base/runtime-component-operator.yaml.bak
 
 	$(KUSTOMIZE) build config/kubectl/crd -o internal/deploy/kubectl/runtime-component-crd.yaml
 	$(KUSTOMIZE) build config/kubectl/operator -o internal/deploy/kubectl/runtime-component-operator.yaml
@@ -212,6 +211,10 @@ bundle: manifests setup kustomize ## Generate bundle manifests and metadata, the
 	$(KUSTOMIZE) build config/kustomize/watch-all -o internal/deploy/kustomize/daily/overlays/watch-all-namespaces/cluster-roles.yaml
 	$(KUSTOMIZE) build config/kustomize/watch-another -o internal/deploy/kustomize/daily/overlays/watch-another-namespace/rco-watched-ns/watched-roles.yaml
 
+	mv config/manager/manager.yaml.bak config/manager/manager.yaml
+	mv config/manifests/patches/csvAnnotations.yaml.bak config/manifests/patches/csvAnnotations.yaml
+	rm internal/deploy/kustomize/daily/base/runtime-component-operator.yaml.bak
+
 	operator-sdk bundle validate ./bundle
 
 .PHONY: fmt

bundle/manifests/runtime-component.clusterserviceversion.yaml

@@ -11,7 +11,7 @@ metadata:
             "name": "runtimecomponent-sample"
           },
           "spec": {
-            "applicationImage": "icr.io/appcafe/open-liberty/samples/getting-started@sha256:d3c67c4a15c97b0fb82f9ef4a2ccf474232b878787e9eea39af75a3ac78469e3",
+            "applicationImage": "icr.io/appcafe/open-liberty/samples/getting-started@sha256:6bf52d536e94d6aa6eaa3ca9639e0fe9f5e71dbd891c50362939dd6aca519d02",
             "expose": true,
             "manageTLS": true,
             "replicas": 1,
@@ -41,7 +41,7 @@ metadata:
             "name": "runtimecomponent-sample"
           },
           "spec": {
-            "applicationImage": "icr.io/appcafe/open-liberty/samples/getting-started@sha256:d3c67c4a15c97b0fb82f9ef4a2ccf474232b878787e9eea39af75a3ac78469e3",
+            "applicationImage": "icr.io/appcafe/open-liberty/samples/getting-started@sha256:6bf52d536e94d6aa6eaa3ca9639e0fe9f5e71dbd891c50362939dd6aca519d02",
             "expose": true,
             "replicas": 1,
             "service": {
@@ -70,7 +70,7 @@ metadata:
     containerImage: icr.io/appcafe/runtime-component-operator:daily
     createdAt: "2023-10-05T15:42:54Z"
     description: Deploys any runtime component with dynamic and auto-tuning configuration
-    olm.skipRange: '>=0.8.0 <1.2.1'
+    olm.skipRange: '>=0.8.0 <1.2.2'
     operators.openshift.io/infrastructure-features: '["disconnected"]'
     operators.operatorframework.io/builder: operator-sdk-v1.24.0
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
@@ -81,7 +81,7 @@ metadata:
     operatorframework.io/arch.ppc64le: supported
     operatorframework.io/arch.s390x: supported
     operatorframework.io/os.linux: supported
-  name: runtime-component.v1.2.1
+  name: runtime-component.v1.2.2
   namespace: placeholder
 spec:
   apiservicedefinitions: {}
@@ -976,7 +976,9 @@ spec:
                     fieldRef:
                       fieldPath: metadata.annotations['olm.targetNamespaces']
                 - name: RELATED_IMAGE_LIBERTY_SAMPLE_APP
-                  value: icr.io/appcafe/open-liberty/samples/getting-started@sha256:d3c67c4a15c97b0fb82f9ef4a2ccf474232b878787e9eea39af75a3ac78469e3
+                  value: icr.io/appcafe/open-liberty/samples/getting-started@sha256:6bf52d536e94d6aa6eaa3ca9639e0fe9f5e71dbd891c50362939dd6aca519d02
+                - name: RELATED_IMAGE_RUNTIME_COMPONENT_OPERATOR
+                  value: icr.io/appcafe/runtime-component-operator:daily
                 image: icr.io/appcafe/runtime-component-operator:daily
                 livenessProbe:
                   failureThreshold: 3
@@ -1257,6 +1259,8 @@ spec:
   provider:
     name: Community
   relatedImages:
-  - image: icr.io/appcafe/open-liberty/samples/getting-started@sha256:d3c67c4a15c97b0fb82f9ef4a2ccf474232b878787e9eea39af75a3ac78469e3
+  - image: icr.io/appcafe/open-liberty/samples/getting-started@sha256:6bf52d536e94d6aa6eaa3ca9639e0fe9f5e71dbd891c50362939dd6aca519d02
     name: liberty-sample-app
-  version: 1.2.1
+  - image: icr.io/appcafe/runtime-component-operator:daily
+    name: runtime-component-operator
+  version: 1.2.2

bundle/tests/scorecard/kuttl/basic/00-assert.yaml

@@ -13,4 +13,4 @@ metadata:
   name: example-runtime-component
 status:
   versions:
-    reconciled: 1.2.1
+    reconciled: 1.2.2

bundle/tests/scorecard/kuttl/day2operation/01-assert.yaml

@@ -12,4 +12,4 @@ status:
      - status: 'True'
        type: Completed
   versions:
-    reconciled: 1.2.1
+    reconciled: 1.2.2

config/manager/manager.yaml

@@ -67,7 +67,9 @@ spec:
               fieldRef:
                 fieldPath: metadata.annotations['olm.targetNamespaces']
           - name: RELATED_IMAGE_LIBERTY_SAMPLE_APP
-            value: icr.io/appcafe/open-liberty/samples/getting-started@sha256:d3c67c4a15c97b0fb82f9ef4a2ccf474232b878787e9eea39af75a3ac78469e3
+            value: icr.io/appcafe/open-liberty/samples/getting-started@sha256:6bf52d536e94d6aa6eaa3ca9639e0fe9f5e71dbd891c50362939dd6aca519d02
+          - name: RELATED_IMAGE_RUNTIME_COMPONENT_OPERATOR
+            value: OPERATOR_IMAGE
         securityContext:
           allowPrivilegeEscalation: false
           privileged: false

config/manifests/bases/runtime-component.clusterserviceversion.yaml

@@ -9,7 +9,7 @@ metadata:
     containerImage: icr.io/appcafe/runtime-component-operator:daily
     createdAt: "2022-02-25T09:00:00Z"
     description: Deploys any runtime component with dynamic and auto-tuning configuration
-    olm.skipRange: '>=0.8.0 <1.2.1'
+    olm.skipRange: '>=0.8.0 <1.2.2'
     operators.openshift.io/infrastructure-features: '["disconnected"]'
     repository: https://github.com/application-stacks/runtime-component-operator
     support: Community

config/samples/rc.app.stacks_v1_runtimecomponent.yaml

@@ -3,7 +3,7 @@ kind: RuntimeComponent
 metadata:
   name: runtimecomponent-sample
 spec:
-  applicationImage: icr.io/appcafe/open-liberty/samples/getting-started@sha256:d3c67c4a15c97b0fb82f9ef4a2ccf474232b878787e9eea39af75a3ac78469e3
+  applicationImage: icr.io/appcafe/open-liberty/samples/getting-started@sha256:6bf52d536e94d6aa6eaa3ca9639e0fe9f5e71dbd891c50362939dd6aca519d02
   expose: true
   manageTLS: true
   replicas: 1

config/samples/rc.app.stacks_v1beta2_runtimecomponent.yaml

@@ -4,7 +4,7 @@ metadata:
   name: runtimecomponent-sample
 spec:
   # Add fields here
-  applicationImage: icr.io/appcafe/open-liberty/samples/getting-started@sha256:d3c67c4a15c97b0fb82f9ef4a2ccf474232b878787e9eea39af75a3ac78469e3
+  applicationImage: icr.io/appcafe/open-liberty/samples/getting-started@sha256:6bf52d536e94d6aa6eaa3ca9639e0fe9f5e71dbd891c50362939dd6aca519d02
   expose: true
   replicas: 1
   service:

deploy/releases/1.2.2/kubectl/readme.adoc

@@ -0,0 +1,70 @@
+
+== Installation
+
+The Runtime Component Operator 1.2.2 can be installed to:
+
+* watch own namespace
+* watch another namespace
+* watch all namespaces in the cluster
+
+Appropriate roles and bindings are required to watch another namespace or watch all namespaces.
+
+---
+
+. Install Custom Resource Definition (CRD) resources for `RuntimeComponent` and `RuntimeOperation` for day-2 operation. This needs to be done only ONCE per cluster:
++
+[source,sh]
+----
+kubectl create -f https://raw.githubusercontent.com/application-stacks/runtime-component-operator/main/deploy/releases/1.2.2/kubectl/runtime-component-crd.yaml
+----
+
+. Install the Runtime Component Operator:
+
+.. Set operator namespace and the namespace to watch:
++
+NOTE: Ensure that you replace  `<SPECIFY_OPERATOR_NAMESPACE_HERE>` and `<SPECIFY_WATCH_NAMESPACE_HERE>` with proper values. The namespaces must already exist. The commands below will not create the namespaces.
++
+    * To watch all namespaces in the cluster, set `WATCH_NAMESPACE='""'`
++
+
+[source,sh]
+----
+    OPERATOR_NAMESPACE=<SPECIFY_OPERATOR_NAMESPACE_HERE>
+    WATCH_NAMESPACE=<SPECIFY_WATCH_NAMESPACE_HERE>
+----
+
+.. _Optional_: Install roles and bindings to watch another namespace or all namespaces.  This step can be skipped if the operator is only watching own namespace.
+
+... To watch all namespaces, install cluster-level role-based access:
++
+[source,sh]
+----
+curl -L https://raw.githubusercontent.com/application-stacks/runtime-component-operator/main/deploy/releases/1.2.2/kubectl/runtime-component-rbac-watch-all.yaml \
+      | sed -e "s/RUNTIME_COMPONENT_OPERATOR_NAMESPACE/${OPERATOR_NAMESPACE}/" \
+      | kubectl apply -f -
+----
+
+... To watch another namespace, install role with access to another namespace:
++
+[source,sh]
+----
+curl -L https://raw.githubusercontent.com/application-stacks/runtime-component-operator/main/deploy/releases/1.2.2/kubectl/runtime-component-rbac-watch-another.yaml \
+      | sed -e "s/RUNTIME_COMPONENT_OPERATOR_NAMESPACE/${OPERATOR_NAMESPACE}/" \
+      | sed -e "s/RUNTIME_COMPONENT_WATCH_NAMESPACE/${WATCH_NAMESPACE}/" \
+      | kubectl apply -f -
+----
+
+.. Install the operator:
++
+[source,sh]
+----
+curl -L https://raw.githubusercontent.com/application-stacks/runtime-component-operator/main/deploy/releases/1.2.2/kubectl/runtime-component-operator.yaml \
+      | sed -e "s/RUNTIME_COMPONENT_WATCH_NAMESPACE/${WATCH_NAMESPACE}/" \
+      | kubectl apply -n ${OPERATOR_NAMESPACE} -f -
+----
+
+== Uninstallation
+
+To uninstall the operator, run commands from Step 2c first and then Step 2b (if applicable), but after replacing `kubectl apply` with `kubectl delete`.
+
+Optionally you can delete the CRD resources, but note that deleting the CRD also deletes all instances of the RuntimeComponent and RuntimeOperation custom resources in the cluster. Skip this step if you are planning to install the Runtime Component Operator again and want the existing instances of these custom resources to be managed by the new instance of the Operator. To delete the CRD, run command from Step 1, but after replacing `kubectl create` with `kubectl delete`.