diff --git a/.gitignore b/.gitignore index 4e10aec6..146fe5c6 100644 --- a/.gitignore +++ b/.gitignore @@ -28,4 +28,3 @@ y.output .DS_Store .coverage -cmd/cyphernetes/manifests/*.yaml diff --git a/cmd/cyphernetes/manifests/operator-1.yaml b/cmd/cyphernetes/manifests/operator-1.yaml new file mode 100644 index 00000000..1877c511 --- /dev/null +++ b/cmd/cyphernetes/manifests/operator-1.yaml @@ -0,0 +1,101 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: dynamicoperators.cyphernetes-operator.cyphernet.es +spec: + group: cyphernetes-operator.cyphernet.es + names: + kind: DynamicOperator + listKind: DynamicOperatorList + plural: dynamicoperators + singular: dynamicoperator + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.resourceKind + name: ResourceKind + type: string + - jsonPath: .spec.namespace + name: Namespace + type: string + - jsonPath: .status.activeWatchers + name: ActiveWatchers + type: integer + name: v1 + schema: + openAPIV3Schema: + description: DynamicOperator is the Schema for the dynamicoperators API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DynamicOperatorSpec defines the desired state of DynamicOperator + properties: + namespace: + description: Namespace specifies the namespace to watch. If empty, + it watches all namespaces + type: string + onCreate: + description: OnCreate is the Cyphernetes query to execute when a resource + is created + type: string + onDelete: + description: OnDelete is the Cyphernetes query to execute when a resource + is deleted + type: string + onUpdate: + description: OnUpdate is the Cyphernetes query to execute when a resource + is updated + type: string + resourceKind: + description: ResourceKind specifies the Kubernetes resource kind to + watch + type: string + required: + - resourceKind + type: object + x-kubernetes-validations: + - message: At least one of onCreate, onUpdate, or onDelete must be specified + rule: self.onCreate != "" || self.onUpdate != "" || self.onDelete != + "" + status: + description: DynamicOperatorStatus defines the observed state of DynamicOperator + properties: + activeWatchers: + description: ActiveWatchers is the number of active watchers for this + DynamicOperator + type: integer + lastExecutedQuery: + description: LastExecutedQuery is the last Cyphernetes query that + was executed + type: string + lastExecutionTime: + description: LastExecutionTime is the timestamp of the last query + execution + format: date-time + type: string + required: + - activeWatchers + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/cmd/cyphernetes/manifests/operator-10.yaml b/cmd/cyphernetes/manifests/operator-10.yaml new file mode 100644 index 00000000..70fbb375 --- /dev/null +++ b/cmd/cyphernetes/manifests/operator-10.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: cyphernetes-operator + name: cyphernetes-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cyphernetes-operator-manager-role +subjects: +- kind: ServiceAccount + name: cyphernetes-operator-controller-manager + namespace: cyphernetes-system diff --git a/cmd/cyphernetes/manifests/operator-11.yaml b/cmd/cyphernetes/manifests/operator-11.yaml new file mode 100644 index 00000000..1f0c2e56 --- /dev/null +++ b/cmd/cyphernetes/manifests/operator-11.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cyphernetes-operator-metrics-auth-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cyphernetes-operator-metrics-auth-role +subjects: +- kind: ServiceAccount + name: cyphernetes-operator-controller-manager + namespace: cyphernetes-system diff --git a/cmd/cyphernetes/manifests/operator-12.yaml b/cmd/cyphernetes/manifests/operator-12.yaml new file mode 100644 index 00000000..39bdb2e5 --- /dev/null +++ b/cmd/cyphernetes/manifests/operator-12.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: cyphernetes-operator + control-plane: controller-manager + name: cyphernetes-operator-controller-manager-metrics-service + namespace: cyphernetes-system +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: 8443 + selector: + control-plane: controller-manager diff --git a/cmd/cyphernetes/manifests/operator-13.yaml b/cmd/cyphernetes/manifests/operator-13.yaml new file mode 100644 index 00000000..6d38bb6e --- /dev/null +++ b/cmd/cyphernetes/manifests/operator-13.yaml @@ -0,0 +1,58 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: cyphernetes-operator + control-plane: controller-manager + name: cyphernetes-operator-controller-manager + namespace: cyphernetes-system +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + containers: + - args: + - --metrics-bind-address=:8443 + - --leader-elect + - --health-probe-bind-address=:8081 + command: + - /manager + image: fatliverfreddy/cyphernetes-operator:latest + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + securityContext: + runAsNonRoot: true + serviceAccountName: cyphernetes-operator-controller-manager + terminationGracePeriodSeconds: 10 diff --git a/cmd/cyphernetes/manifests/operator-2.yaml b/cmd/cyphernetes/manifests/operator-2.yaml new file mode 100644 index 00000000..05d7a162 --- /dev/null +++ b/cmd/cyphernetes/manifests/operator-2.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: cyphernetes-operator + name: cyphernetes-operator-controller-manager + namespace: cyphernetes-system diff --git a/cmd/cyphernetes/manifests/operator-3.yaml b/cmd/cyphernetes/manifests/operator-3.yaml new file mode 100644 index 00000000..a47840d3 --- /dev/null +++ b/cmd/cyphernetes/manifests/operator-3.yaml @@ -0,0 +1,40 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: cyphernetes-operator + name: cyphernetes-operator-leader-election-role + namespace: cyphernetes-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/cmd/cyphernetes/manifests/operator-4.yaml b/cmd/cyphernetes/manifests/operator-4.yaml new file mode 100644 index 00000000..fbc94743 --- /dev/null +++ b/cmd/cyphernetes/manifests/operator-4.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: cyphernetes-operator + name: cyphernetes-operator-dynamicoperator-editor-role +rules: +- apiGroups: + - cyphernetes-operator.cyphernet.es + resources: + - dynamicoperators + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cyphernetes-operator.cyphernet.es + resources: + - dynamicoperators/status + verbs: + - get diff --git a/cmd/cyphernetes/manifests/operator-5.yaml b/cmd/cyphernetes/manifests/operator-5.yaml new file mode 100644 index 00000000..2f1b46e4 --- /dev/null +++ b/cmd/cyphernetes/manifests/operator-5.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: cyphernetes-operator + name: cyphernetes-operator-dynamicoperator-viewer-role +rules: +- apiGroups: + - cyphernetes-operator.cyphernet.es + resources: + - dynamicoperators + verbs: + - get + - list + - watch +- apiGroups: + - cyphernetes-operator.cyphernet.es + resources: + - dynamicoperators/status + verbs: + - get diff --git a/cmd/cyphernetes/manifests/operator-6.yaml b/cmd/cyphernetes/manifests/operator-6.yaml new file mode 100644 index 00000000..ea7b0ed8 --- /dev/null +++ b/cmd/cyphernetes/manifests/operator-6.yaml @@ -0,0 +1,31 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cyphernetes-operator-manager-role +rules: +- apiGroups: + - cyphernetes-operator.cyphernet.es + resources: + - dynamicoperators + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cyphernetes-operator.cyphernet.es + resources: + - dynamicoperators/finalizers + verbs: + - update +- apiGroups: + - cyphernetes-operator.cyphernet.es + resources: + - dynamicoperators/status + verbs: + - get + - patch + - update diff --git a/cmd/cyphernetes/manifests/operator-7.yaml b/cmd/cyphernetes/manifests/operator-7.yaml new file mode 100644 index 00000000..89470690 --- /dev/null +++ b/cmd/cyphernetes/manifests/operator-7.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cyphernetes-operator-metrics-auth-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create diff --git a/cmd/cyphernetes/manifests/operator-8.yaml b/cmd/cyphernetes/manifests/operator-8.yaml new file mode 100644 index 00000000..74261d7b --- /dev/null +++ b/cmd/cyphernetes/manifests/operator-8.yaml @@ -0,0 +1,9 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cyphernetes-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/cmd/cyphernetes/manifests/operator-9.yaml b/cmd/cyphernetes/manifests/operator-9.yaml new file mode 100644 index 00000000..96786271 --- /dev/null +++ b/cmd/cyphernetes/manifests/operator-9.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: cyphernetes-operator + name: cyphernetes-operator-leader-election-rolebinding + namespace: cyphernetes-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cyphernetes-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: cyphernetes-operator-controller-manager + namespace: cyphernetes-system