From f793657bfd300e3d99c0c572b6cb4e3c1fb6973a Mon Sep 17 00:00:00 2001 From: Logan McNaughton <848146+loganmc10@users.noreply.github.com> Date: Tue, 19 Sep 2023 16:26:09 -0600 Subject: [PATCH] operator cluster-relocation-operator (0.9.9) --- ...er-manager-metrics-service_v1_service.yaml | 23 + ...c.authorization.k8s.io_v1_clusterrole.yaml | 17 + ...cation-operator.clusterserviceversion.yaml | 653 ++++++++++++++++++ ...rhsyseng.github.io_clusterrelocations.yaml | 488 +++++++++++++ .../0.9.9/metadata/annotations.yaml | 18 + .../0.9.9/tests/scorecard/config.yaml | 70 ++ 6 files changed, 1269 insertions(+) create mode 100644 operators/cluster-relocation-operator/0.9.9/manifests/cluster-relocation-operator-controller-manager-metrics-service_v1_service.yaml create mode 100644 operators/cluster-relocation-operator/0.9.9/manifests/cluster-relocation-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml create mode 100644 operators/cluster-relocation-operator/0.9.9/manifests/cluster-relocation-operator.clusterserviceversion.yaml create mode 100644 operators/cluster-relocation-operator/0.9.9/manifests/rhsyseng.github.io_clusterrelocations.yaml create mode 100644 operators/cluster-relocation-operator/0.9.9/metadata/annotations.yaml create mode 100644 operators/cluster-relocation-operator/0.9.9/tests/scorecard/config.yaml diff --git a/operators/cluster-relocation-operator/0.9.9/manifests/cluster-relocation-operator-controller-manager-metrics-service_v1_service.yaml b/operators/cluster-relocation-operator/0.9.9/manifests/cluster-relocation-operator-controller-manager-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..a962d9f8947 --- /dev/null +++ b/operators/cluster-relocation-operator/0.9.9/manifests/cluster-relocation-operator-controller-manager-metrics-service_v1_service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: cluster-relocation-operator + app.kubernetes.io/instance: controller-manager-metrics-service + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: service + app.kubernetes.io/part-of: cluster-relocation-operator + control-plane: controller-manager + name: cluster-relocation-operator-controller-manager-metrics-service +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/cluster-relocation-operator/0.9.9/manifests/cluster-relocation-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/cluster-relocation-operator/0.9.9/manifests/cluster-relocation-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..c826b1636a5 --- /dev/null +++ b/operators/cluster-relocation-operator/0.9.9/manifests/cluster-relocation-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: cluster-relocation-operator + app.kubernetes.io/instance: metrics-reader + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrole + app.kubernetes.io/part-of: cluster-relocation-operator + name: cluster-relocation-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operators/cluster-relocation-operator/0.9.9/manifests/cluster-relocation-operator.clusterserviceversion.yaml b/operators/cluster-relocation-operator/0.9.9/manifests/cluster-relocation-operator.clusterserviceversion.yaml new file mode 100644 index 00000000000..996c765f22e --- /dev/null +++ b/operators/cluster-relocation-operator/0.9.9/manifests/cluster-relocation-operator.clusterserviceversion.yaml @@ -0,0 +1,653 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "rhsyseng.github.io/v1beta1", + "kind": "ClusterRelocation", + "metadata": { + "name": "cluster" + }, + "spec": { + "acmRegistration": { + "acmSecret": { + "name": "acm-secret", + "namespace": "openshift-config" + }, + "clusterName": "sample", + "klusterletAddonConfig": { + "applicationManager": { + "enabled": true + }, + "certPolicyController": { + "enabled": true + }, + "iamPolicyController": { + "enabled": true + }, + "policyController": { + "enabled": true + }, + "searchCollector": { + "enabled": true + } + }, + "url": "https://api.hub.example.com:6443" + }, + "catalogSources": [ + { + "image": "\u003cmirror_url\u003e:\u003cmirror_port\u003e/redhat/redhat-operator-index:v4.12", + "name": "new-catalog-source" + } + ], + "domain": "sample.new.domain.com", + "imageDigestMirrors": [ + { + "mirrors": [ + "\u003cmirror_url\u003e:\u003cmirror_port\u003e/lvms4" + ], + "source": "registry.redhat.io/lvms4" + } + ], + "pullSecretRef": { + "name": "my-new-pull-secret", + "namespace": "my-namespace" + }, + "registryCert": { + "certificate": "\u003cnew_registry_cert\u003e", + "registryHostname": "\u003cmirror_url\u003e", + "registryPort": 8443 + }, + "sshKeys": [ + "\u003cnew_ssh_key\u003e" + ] + } + } + ] + capabilities: Full Lifecycle + categories: Integration & Delivery + createdAt: "2023-09-19T13:14:45Z" + operators.openshift.io/infrastructure-features: '["disconnected"]' + operators.operatorframework.io/builder: operator-sdk-v1.28.0-ocp + operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 + repository: https://github.com/RHsyseng/cluster-relocation-operator + support: RHsyseng + containerImage: quay.io/rhsysdeseng/operators/cluster-relocation-operator@sha256:734570f5aaa3bf5ee9e032c9d8eb22f0f21acab02f626dd36ba2cf2808b59dc3 + name: cluster-relocation-operator.v0.9.9 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: ClusterRelocation is the Schema for the clusterrelocations API + displayName: Cluster Relocation + kind: ClusterRelocation + name: clusterrelocations.rhsyseng.github.io + resources: + - kind: Secret + name: generated-api-secret + version: v1 + - kind: Secret + name: generated-ingress-secret + version: v1 + specDescriptors: + - description: ACMRegistration allows you to register this cluster to a remote ACM cluster. + displayName: ACMRegistration + path: acmRegistration + - description: AddInternalDNSEntries deploys a MachineConfig which adds api and *.apps entries for the new domain to dnsmasq on SNO clusters. Setting this to true will cause a reboot. If you don't enable this option, you need to make sure that the cluster can resolve the new domain address via some other method. + displayName: Add Internal DNSEntries + path: addInternalDNSEntries + - description: APICertRef is a reference to a TLS secret that will be used for the API server. If it is omitted, a certificate will be generated and signed by loadbalancer-serving-signer. The type of the secret must be kubernetes.io/tls. + displayName: APICert Ref + path: apiCertRef + - description: CatalogSources define new CatalogSources to install on the cluster. + displayName: Catalog Sources + path: catalogSources + - description: Domain defines the new base domain for the cluster. + displayName: Domain + path: domain + - description: ImageDigestMirrors is used to configured a mirror registry on the cluster. + displayName: Image Digest Mirrors + path: imageDigestMirrors + - description: IngressCertRef is a reference to a TLS secret that will be used for the Ingress Controller. If it is omitted, a certificate will be generated and signed by loadbalancer-serving-signer. The type of the secret must be kubernetes.io/tls. + displayName: Ingress Cert Ref + path: ingressCertRef + - description: PullSecretRef is a reference to new cluster-wide pull secret. If defined, it will replace the secret located at openshift-config/pull-secret. The type of the secret must be kubernetes.io/dockerconfigjson. + displayName: Pull Secret Ref + path: pullSecretRef + - description: RegistryCert is a new trusted CA certificate. It will be added to image.config.openshift.io/cluster (additionalTrustedCA). + displayName: Registry Cert + path: registryCert + - description: SSHKeys defines a list of authorized SSH keys for the 'core' user. If defined, it will be appended to the existing authorized SSH key(s). + displayName: SSHKeys + path: sshKeys + statusDescriptors: + - description: Conditions represent the latest available observations of an object's state + displayName: Conditions + path: conditions + version: v1beta1 + description: Reconfigures a cluster after it has been moved to a new location + displayName: Cluster Relocation Operator + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAADIAAAAyCAYAAAAeP4ixAAAACXBIWXMAAAsTAAALEwEAmpwYAAABM0lEQVR4nO3YP0oDQRQH4E8NFkKsLCxS2FhYWVl5AL2AloJNrmBt5xVs7QQPoIV/MAQLsbSxsbGzMqAiYiILL2AhKiERZ5wPHmyyGzK/Zfft7FAURVEURfHvHeMK86mfiV5UB+syCNKL2sWkBPWiNvAY25eYk2iQygKu4/M9ViUapFLHfnzXxQ4mJBikr4mX2HeCWYkGqSzhNvbfYVmiQSozOIxjXrGFsUH/rP1Jmxx2fWUc23iLYw8wPUiQUYc4/+E4VqKbVb+5weKgQf6Cxocr5DmaQpJBKrVoy90Y1x6mJBikbw0PMbYzmQQ5TTFILYdLqzGMm31U1fqt9tvK5YGYzRRllLKfNDZTn8bXc3ixWsjhVXcTT7HdjudFUrJbDuqkvkB3hIsclkyLoiiKoih87x2cD+ALQSWjjwAAAABJRU5ErkJggg== + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - list + - update + - watch + - apiGroups: + - "" + resources: + - configmaps + - secrets + - serviceaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - delete + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - apiGroups: + - "" + - events.k8s.io + resources: + - events + verbs: + - create + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - config.openshift.io + resources: + - apiservers + verbs: + - get + - list + - patch + - watch + - apiGroups: + - config.openshift.io + resources: + - clusteroperators + verbs: + - get + - list + - watch + - apiGroups: + - config.openshift.io + resources: + - clusterversions + verbs: + - get + - list + - watch + - apiGroups: + - config.openshift.io + resources: + - dnses + verbs: + - get + - list + - watch + - apiGroups: + - config.openshift.io + resources: + - imagedigestmirrorsets + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - config.openshift.io + resources: + - images + verbs: + - get + - list + - patch + - watch + - apiGroups: + - config.openshift.io + resources: + - ingresses + verbs: + - get + - list + - patch + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - machineconfiguration.openshift.io + resources: + - machineconfigpools + verbs: + - get + - list + - watch + - apiGroups: + - machineconfiguration.openshift.io + resources: + - machineconfigs + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - operator.open-cluster-management.io + resources: + - klusterlets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - operator.open-cluster-management.io + resources: + - klusterlets/status + verbs: + - patch + - update + - apiGroups: + - operator.openshift.io + resources: + - imagecontentsourcepolicies + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - operator.openshift.io + resources: + - ingresscontrollers + verbs: + - get + - list + - patch + - watch + - apiGroups: + - operators.coreos.com + resources: + - catalogsources + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + verbs: + - delete + - apiGroups: + - operators.coreos.com + resources: + - subscriptions + verbs: + - delete + - get + - list + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + verbs: + - create + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - rolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + verbs: + - create + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - roles + verbs: + - bind + - create + - delete + - escalate + - get + - list + - patch + - update + - watch + - apiGroups: + - rhsyseng.github.io + resources: + - clusterrelocations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rhsyseng.github.io + resources: + - clusterrelocations/finalizers + verbs: + - update + - apiGroups: + - rhsyseng.github.io + resources: + - clusterrelocations/status + verbs: + - get + - patch + - update + - apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - delete + - list + - watch + - apiGroups: + - work.open-cluster-management.io + resources: + - appliedmanifestworks + verbs: + - list + - patch + - update + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + serviceAccountName: cluster-relocation-operator-controller-manager + deployments: + - label: + app.kubernetes.io/component: manager + app.kubernetes.io/created-by: cluster-relocation-operator + app.kubernetes.io/instance: controller-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: deployment + app.kubernetes.io/part-of: cluster-relocation-operator + control-plane: controller-manager + name: cluster-relocation-operator-controller-manager + spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + strategy: {} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + - ppc64le + - s390x + - key: kubernetes.io/os + operator: In + values: + - linux + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: registry.redhat.io/openshift4/ose-kube-rbac-proxy@sha256:0848d89e9f94be04f17beeee75807d7fd11102737e6483ee674f2cf3ae28f213 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + command: + - /manager + image: quay.io/rhsysdeseng/operators/cluster-relocation-operator@sha256:734570f5aaa3bf5ee9e032c9d8eb22f0f21acab02f626dd36ba2cf2808b59dc3 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + securityContext: + runAsNonRoot: true + serviceAccountName: cluster-relocation-operator-controller-manager + terminationGracePeriodSeconds: 10 + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: cluster-relocation-operator-controller-manager + strategy: deployment + installModes: + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - relocation + links: + - name: Cluster Relocation Operator + url: https://github.com/RHsyseng/cluster-relocation-operator + maintainers: + - email: lmcnaugh@redhat.com + name: Logan McNaughton + - email: dchavero@redhat.com + name: Daniel Chavero + maturity: beta + minKubeVersion: 1.25.0 + provider: + name: RHsyseng + relatedImages: + - image: quay.io/rhsysdeseng/operators/cluster-relocation-operator@sha256:734570f5aaa3bf5ee9e032c9d8eb22f0f21acab02f626dd36ba2cf2808b59dc3 + name: manager + - image: registry.redhat.io/openshift4/ose-kube-rbac-proxy@sha256:0848d89e9f94be04f17beeee75807d7fd11102737e6483ee674f2cf3ae28f213 + name: kube-rbac-proxy + version: 0.9.9 diff --git a/operators/cluster-relocation-operator/0.9.9/manifests/rhsyseng.github.io_clusterrelocations.yaml b/operators/cluster-relocation-operator/0.9.9/manifests/rhsyseng.github.io_clusterrelocations.yaml new file mode 100644 index 00000000000..0456906b244 --- /dev/null +++ b/operators/cluster-relocation-operator/0.9.9/manifests/rhsyseng.github.io_clusterrelocations.yaml @@ -0,0 +1,488 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: clusterrelocations.rhsyseng.github.io +spec: + group: rhsyseng.github.io + names: + kind: ClusterRelocation + listKind: ClusterRelocationList + plural: clusterrelocations + singular: clusterrelocation + scope: Cluster + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: ClusterRelocation is the Schema for the clusterrelocations API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterRelocationSpec defines the desired state of ClusterRelocation + properties: + acmRegistration: + description: ACMRegistration allows you to register this cluster to + a remote ACM cluster. + properties: + acmSecret: + description: acmSecret is a secret reference with credentials + for the ACM cluster. It must have a 'token' field. Optionally, + it can have a 'ca.crt' field which provides the CA bundle for + the ACM cluster. The secret is deleted once ACM registration + succeeds. The type of the secret must be Opaque. + properties: + name: + description: name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: namespace defines the space within which the + secret name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + clusterName: + description: ClusterName will be the name of the ManagedCluster + in ACM. + type: string + klusterletAddonConfig: + description: KlusterletAddonConfig is the klusterlet add-on configuration. + properties: + applicationManager: + description: ApplicationManagerConfig defines the configurations + of ApplicationManager addon agent. + properties: + enabled: + description: Enabled is the flag to enable/disable the + addon. default is false. + type: boolean + proxyPolicy: + description: ProxyPolicy defines the policy to set proxy + for each addon agent. default is Disabled. Disabled + means that the addon agent pods do not configure the + proxy env variables. OCPGlobalProxy means that the addon + agent pods use the cluster-wide proxy config of OCP + cluster provisioned by ACM. CustomProxy means that the + addon agent pods use the ProxyConfig specified in KlusterletAddonConfig. + enum: + - Disabled + - OCPGlobalProxy + - CustomProxy + type: string + type: object + certPolicyController: + description: CertPolicyControllerConfig defines the configurations + of CertPolicyController addon agent. + properties: + enabled: + description: Enabled is the flag to enable/disable the + addon. default is false. + type: boolean + proxyPolicy: + description: ProxyPolicy defines the policy to set proxy + for each addon agent. default is Disabled. Disabled + means that the addon agent pods do not configure the + proxy env variables. OCPGlobalProxy means that the addon + agent pods use the cluster-wide proxy config of OCP + cluster provisioned by ACM. CustomProxy means that the + addon agent pods use the ProxyConfig specified in KlusterletAddonConfig. + enum: + - Disabled + - OCPGlobalProxy + - CustomProxy + type: string + type: object + clusterLabels: + additionalProperties: + type: string + description: DEPRECATED in release 2.4 and will be removed + in the future since not used anymore. + type: object + clusterName: + description: DEPRECATED in release 2.4 and will be removed + in the future since not used anymore. + minLength: 1 + type: string + clusterNamespace: + description: DEPRECATED in release 2.4 and will be removed + in the future since not used anymore. + minLength: 1 + type: string + iamPolicyController: + description: IAMPolicyControllerConfig defines the configurations + of IamPolicyController addon agent. + properties: + enabled: + description: Enabled is the flag to enable/disable the + addon. default is false. + type: boolean + proxyPolicy: + description: ProxyPolicy defines the policy to set proxy + for each addon agent. default is Disabled. Disabled + means that the addon agent pods do not configure the + proxy env variables. OCPGlobalProxy means that the addon + agent pods use the cluster-wide proxy config of OCP + cluster provisioned by ACM. CustomProxy means that the + addon agent pods use the ProxyConfig specified in KlusterletAddonConfig. + enum: + - Disabled + - OCPGlobalProxy + - CustomProxy + type: string + type: object + policyController: + description: PolicyController defines the configurations of + PolicyController addon agent. + properties: + enabled: + description: Enabled is the flag to enable/disable the + addon. default is false. + type: boolean + proxyPolicy: + description: ProxyPolicy defines the policy to set proxy + for each addon agent. default is Disabled. Disabled + means that the addon agent pods do not configure the + proxy env variables. OCPGlobalProxy means that the addon + agent pods use the cluster-wide proxy config of OCP + cluster provisioned by ACM. CustomProxy means that the + addon agent pods use the ProxyConfig specified in KlusterletAddonConfig. + enum: + - Disabled + - OCPGlobalProxy + - CustomProxy + type: string + type: object + proxyConfig: + description: ProxyConfig defines the cluster-wide proxy configuration + of the OCP managed cluster. + properties: + httpProxy: + description: HTTPProxy is the URL of the proxy for HTTP + requests. Empty means unset and will not result in + an env var. + type: string + httpsProxy: + description: HTTPSProxy is the URL of the proxy for HTTPS + requests. Empty means unset and will not result in + an env var. + type: string + noProxy: + description: NoProxy is a comma-separated list of hostnames + and/or CIDRs for which the proxy should not be used. + Empty means unset and will not result in an env var. + The API Server of Hub cluster should be added here. + And If you scale up workers that are not included in + the network defined by the networking.machineNetwork[].cidr + field from the installation configuration, you must + add them to this list to prevent connection issues. + type: string + type: object + searchCollector: + description: SearchCollectorConfig defines the configurations + of SearchCollector addon agent. + properties: + enabled: + description: Enabled is the flag to enable/disable the + addon. default is false. + type: boolean + proxyPolicy: + description: ProxyPolicy defines the policy to set proxy + for each addon agent. default is Disabled. Disabled + means that the addon agent pods do not configure the + proxy env variables. OCPGlobalProxy means that the addon + agent pods use the cluster-wide proxy config of OCP + cluster provisioned by ACM. CustomProxy means that the + addon agent pods use the ProxyConfig specified in KlusterletAddonConfig. + enum: + - Disabled + - OCPGlobalProxy + - CustomProxy + type: string + type: object + version: + description: DEPRECATED in release 2.4 and will be removed + in the future since not used anymore. + type: string + required: + - applicationManager + - certPolicyController + - iamPolicyController + - policyController + - searchCollector + type: object + managedClusterSet: + description: ManagedClusterSet is the ManagedClusterSet that the + ManagedCluster will join. Defaults to 'default'. + type: string + url: + description: URL is the API URL of the ACM cluster. + type: string + required: + - acmSecret + - clusterName + - url + type: object + addInternalDNSEntries: + description: AddInternalDNSEntries deploys a MachineConfig which adds + api and *.apps entries for the new domain to dnsmasq on SNO clusters. + Setting this to true will cause a reboot. If you don't enable this + option, you need to make sure that the cluster can resolve the new + domain address via some other method. + type: boolean + apiCertRef: + description: APICertRef is a reference to a TLS secret that will be + used for the API server. If it is omitted, a certificate will be + generated and signed by loadbalancer-serving-signer. The type of + the secret must be kubernetes.io/tls. + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + catalogSources: + description: CatalogSources define new CatalogSources to install on + the cluster. + items: + properties: + image: + description: Image is an operator-registry container image to + instantiate a registry-server with. + type: string + name: + description: Name is the name of the CatalogSource. + type: string + required: + - image + - name + type: object + type: array + domain: + description: Domain defines the new base domain for the cluster. + type: string + imageDigestMirrors: + description: ImageDigestMirrors is used to configured a mirror registry + on the cluster. + items: + description: ImageDigestMirrors holds cluster-wide information about + how to handle mirrors in the registries config. + properties: + mirrorSourcePolicy: + description: mirrorSourcePolicy defines the fallback policy + if fails to pull image from the mirrors. If unset, the image + will continue to be pulled from the the repository in the + pull spec. sourcePolicy is valid configuration only when one + or more mirrors are in the mirror list. + enum: + - NeverContactSource + - AllowContactingSource + type: string + mirrors: + description: 'mirrors is zero or more locations that may also + contain the same images. No mirror will be configured if not + specified. Images can be pulled from these mirrors only if + they are referenced by their digests. The mirrored location + is obtained by replacing the part of the input reference that + matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo + reference, a (source, mirror) pair *.redhat.io, mirror.local/redhat + causes a mirror.local/redhat/product/repo repository to be + used. The order of mirrors in this list is treated as the + user''s desired priority, while source is by default considered + lower priority than all mirrors. If no mirror is specified + or all image pulls from the mirror list fail, the image will + continue to be pulled from the repository in the pull spec + unless explicitly prohibited by "mirrorSourcePolicy" Other + cluster configuration, including (but not limited to) other + imageDigestMirrors objects, may impact the exact order mirrors + are contacted in, or some mirrors may be contacted in parallel, + so this should be considered a preference rather than a guarantee + of ordering. "mirrors" uses one of the following formats: + host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo + for more information about the format, see the document about + the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table' + items: + pattern: ^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$ + type: string + type: array + x-kubernetes-list-type: set + source: + description: 'source matches the repository that users refer + to, e.g. in image pull specifications. Setting source to a + registry hostname e.g. docker.io. quay.io, or registry.redhat.io, + will match the image pull specification of corressponding + registry. "source" uses one of the following formats: host[:port] + host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo + [*.]host for more information about the format, see the document + about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table' + pattern: ^\*(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$ + type: string + required: + - source + type: object + type: array + ingressCertRef: + description: IngressCertRef is a reference to a TLS secret that will + be used for the Ingress Controller. If it is omitted, a certificate + will be generated and signed by loadbalancer-serving-signer. The + type of the secret must be kubernetes.io/tls. + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + pullSecretRef: + description: PullSecretRef is a reference to new cluster-wide pull + secret. If defined, it will replace the secret located at openshift-config/pull-secret. + The type of the secret must be kubernetes.io/dockerconfigjson. + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + registryCert: + description: RegistryCert is a new trusted CA certificate. It will + be added to image.config.openshift.io/cluster (additionalTrustedCA). + properties: + certificate: + description: Certificate is the certificate for the trusted certificate + authority associated with the registry. + type: string + registryHostname: + description: RegistryHostname is the hostname of the new registry. + type: string + registryPort: + description: RegistryPort is the port number that the registry + is served on. + type: integer + required: + - certificate + - registryHostname + type: object + sshKeys: + description: SSHKeys defines a list of authorized SSH keys for the + 'core' user. If defined, it will be appended to the existing authorized + SSH key(s). + items: + type: string + type: array + required: + - domain + type: object + status: + description: ClusterRelocationStatus defines the observed state of ClusterRelocation + properties: + conditions: + description: Conditions represent the latest available observations + of an object's state + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/cluster-relocation-operator/0.9.9/metadata/annotations.yaml b/operators/cluster-relocation-operator/0.9.9/metadata/annotations.yaml new file mode 100644 index 00000000000..e1c9725da81 --- /dev/null +++ b/operators/cluster-relocation-operator/0.9.9/metadata/annotations.yaml @@ -0,0 +1,18 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: cluster-relocation-operator + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.metrics.builder: operator-sdk-v1.28.0-ocp + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ + + # Annotations for catalog + com.redhat.openshift.versions: "v4.12-v4.14" diff --git a/operators/cluster-relocation-operator/0.9.9/tests/scorecard/config.yaml b/operators/cluster-relocation-operator/0.9.9/tests/scorecard/config.yaml new file mode 100644 index 00000000000..c0ffb5abfff --- /dev/null +++ b/operators/cluster-relocation-operator/0.9.9/tests/scorecard/config.yaml @@ -0,0 +1,70 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.28.0 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.28.0 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.28.0 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.28.0 + labels: + suite: olm + test: olm-crds-have-resources-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.28.0 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.28.0 + labels: + suite: olm + test: olm-status-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {}