diff --git a/.github/workflows/build-push.yaml b/.github/workflows/build-push.yaml index d9139af6e..42c82b8f0 100644 --- a/.github/workflows/build-push.yaml +++ b/.github/workflows/build-push.yaml @@ -1,6 +1,7 @@ --- name: Publish container images in quay.io +# yamllint disable-line rule:truthy on: push: branches: diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index 6590c2c63..5af67acd1 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml @@ -19,7 +19,7 @@ jobs: skip: .git,go.mod,go.sum,vendor # kubebuilder latest release has a label with name kuberentes # TODO: remove this in next kubebuilder update as this is fixed - # in kubebuilder master + # in kubebuilder master # https://github.com/kubernetes-sigs/kubebuilder/pull/2964 ignore_words_list: kuberentes check_filenames: true diff --git a/.github/workflows/golangci-lint.yaml b/.github/workflows/golangci-lint.yaml index a04811e3e..3d5439ae8 100644 --- a/.github/workflows/golangci-lint.yaml +++ b/.github/workflows/golangci-lint.yaml @@ -1,5 +1,6 @@ --- name: golangci-lint +# yamllint disable-line rule:truthy on: push: branches: diff --git a/.github/workflows/kind-deploy.yaml b/.github/workflows/kind-deploy.yaml index 60867fdf9..2e928c6bd 100644 --- a/.github/workflows/kind-deploy.yaml +++ b/.github/workflows/kind-deploy.yaml @@ -1,6 +1,7 @@ --- name: Test deploying controller +# yamllint disable-line rule:truthy on: pull_request: branches: @@ -33,14 +34,27 @@ jobs: tags: quay.io/csiaddons/k8s-controller:${{ env.TAG }} - name: push image to kind cluster - run: kind load docker-image quay.io/csiaddons/k8s-controller:${{ env.TAG }} --name=chart-testing + run: > + kind + load docker-image quay.io/csiaddons/k8s-controller:${{ env.TAG }} + --name=chart-testing - name: Deploy the controller and CRDs run: make deploy TAG=${{ env.TAG }} - name: Wait for running controller pod - run: kubectl -n csi-addons-system wait pods -l app.kubernetes.io/name=csi-addons --for=condition=Ready=True + run: > + kubectl + -n csi-addons-system + wait pods + -l app.kubernetes.io/name=csi-addons + --for=condition=Ready=True - name: Log the status of the failed controller pod if: ${{ failure() }} - run: kubectl -n csi-addons-system describe pods -l app.kubernetes.io/name=csi-addons ; false + run: > + kubectl + -n csi-addons-system + describe pods + -l app.kubernetes.io/name=csi-addons + ; false diff --git a/.github/workflows/tag-release.yaml b/.github/workflows/tag-release.yaml index 9ce7487a4..37dc4b353 100644 --- a/.github/workflows/tag-release.yaml +++ b/.github/workflows/tag-release.yaml @@ -1,13 +1,17 @@ --- name: Build and release versioned container images +# yamllint disable-line rule:truthy on: create jobs: tag_bundle: name: Build and release the bundle container-image - if: github.repository == 'csi-addons/kubernetes-csi-addons' && github.ref_type == 'tag' + if: > + github.repository == 'csi-addons/kubernetes-csi-addons' + && + github.ref_type == 'tag' runs-on: ubuntu-latest steps: - name: Check out the repo @@ -41,7 +45,10 @@ jobs: tag_controller: name: Build and release the controller container-image - if: github.repository == 'csi-addons/kubernetes-csi-addons' && github.ref_type == 'tag' + if: > + github.repository == 'csi-addons/kubernetes-csi-addons' + && + github.ref_type == 'tag' runs-on: ubuntu-latest steps: - name: Check out the repo @@ -71,7 +78,10 @@ jobs: tag_sidecar: name: Build and release the sidecar container-image - if: github.repository == 'csi-addons/kubernetes-csi-addons' && github.ref_type == 'tag' + if: > + github.repository == 'csi-addons/kubernetes-csi-addons' + && + github.ref_type == 'tag' runs-on: ubuntu-latest steps: - name: Check out the repo @@ -101,7 +111,10 @@ jobs: publish_release: name: Publish a release based on the tag - if: github.repository == 'csi-addons/kubernetes-csi-addons' && github.ref_type == 'tag' + if: > + github.repository == 'csi-addons/kubernetes-csi-addons' + && + github.ref_type == 'tag' runs-on: ubuntu-latest permissions: contents: write diff --git a/.github/workflows/test-build.yaml b/.github/workflows/test-build.yaml index 28d9072f3..7e0de1648 100644 --- a/.github/workflows/test-build.yaml +++ b/.github/workflows/test-build.yaml @@ -1,6 +1,7 @@ --- name: Test building container images +# yamllint disable-line rule:truthy on: pull_request: branches: diff --git a/.github/workflows/test-golang.yaml b/.github/workflows/test-golang.yaml index 0aa4fc2d6..d9b61391c 100644 --- a/.github/workflows/test-golang.yaml +++ b/.github/workflows/test-golang.yaml @@ -1,6 +1,7 @@ --- name: Run Golang tests +# yamllint disable-line rule:truthy on: pull_request: branches: diff --git a/.github/workflows/yamllint.yaml b/.github/workflows/yamllint.yaml new file mode 100644 index 000000000..18165e4f9 --- /dev/null +++ b/.github/workflows/yamllint.yaml @@ -0,0 +1,16 @@ +--- +name: Yaml Lint +# yamllint disable-line rule:truthy +on: + push: + pull_request: + +jobs: + yamllint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: yaml-lint + uses: ibiqlik/action-yamllint@v3 + with: + config_file: .yamllint.yaml diff --git a/.yamllint.yaml b/.yamllint.yaml new file mode 100644 index 000000000..934f3b24d --- /dev/null +++ b/.yamllint.yaml @@ -0,0 +1,23 @@ +--- +extends: default + +ignore: + - .git/ + # bundle/ contains generated contents + - bundle/ + # vendor/ are maintained elsewhere + - vendor/ + +rules: + document-start: + ignore: + - config/manager/ + - deploy/ + indentation: + ignore: + - config/ + - deploy/ + line-length: + ignore: + - config/ + - deploy/ diff --git a/config/certmanager/certificate.yaml b/config/certmanager/certificate.yaml index 52d866183..5550d6154 100644 --- a/config/certmanager/certificate.yaml +++ b/config/certmanager/certificate.yaml @@ -1,3 +1,4 @@ +--- # The following manifests contain a self-signed issuer CR and a certificate CR. # More document can be found at https://docs.cert-manager.io # WARNING: Targets CertManager v1.0. Check https://cert-manager.io/docs/installation/upgrading/ for breaking changes. @@ -12,14 +13,16 @@ spec: apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml + # this name should match the one appeared in kustomizeconfig.yaml + name: serving-cert namespace: system spec: # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize dnsNames: - - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc - - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local + - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc + - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local issuerRef: kind: Issuer name: selfsigned-issuer - secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize + # this secret will not be prefixed, since it's not managed by kustomize + secretName: webhook-server-cert diff --git a/config/certmanager/kustomization.yaml b/config/certmanager/kustomization.yaml index 364a11505..b08880f76 100644 --- a/config/certmanager/kustomization.yaml +++ b/config/certmanager/kustomization.yaml @@ -1,3 +1,4 @@ +--- # Adds namespace to all resources. namespace: csi-addons-system @@ -9,7 +10,7 @@ namespace: csi-addons-system namePrefix: csi-addons- resources: -- certificate.yaml + - certificate.yaml configurations: -- kustomizeconfig.yaml + - kustomizeconfig.yaml diff --git a/config/certmanager/kustomizeconfig.yaml b/config/certmanager/kustomizeconfig.yaml index 90d7c313c..80bde9289 100644 --- a/config/certmanager/kustomizeconfig.yaml +++ b/config/certmanager/kustomizeconfig.yaml @@ -1,16 +1,17 @@ -# This configuration is for teaching kustomize how to update name ref and var substitution +--- +# This configuration is for teaching kustomize how to update name ref and var substitution nameReference: -- kind: Issuer - group: cert-manager.io - fieldSpecs: - - kind: Certificate + - kind: Issuer group: cert-manager.io - path: spec/issuerRef/name + fieldSpecs: + - kind: Certificate + group: cert-manager.io + path: spec/issuerRef/name varReference: -- kind: Certificate - group: cert-manager.io - path: spec/commonName -- kind: Certificate - group: cert-manager.io - path: spec/dnsNames + - kind: Certificate + group: cert-manager.io + path: spec/commonName + - kind: Certificate + group: cert-manager.io + path: spec/dnsNames diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index ebc0b321e..7a1e069a0 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -1,32 +1,36 @@ +--- +# yamllint disable rule:comments rule:comments-indentation +# # This kustomization.yaml is not intended to be run by itself, # since it depends on service name and namespace that are out of this kustomize package. # It should be run by config/default resources: -- bases/csiaddons.openshift.io_csiaddonsnodes.yaml -- bases/csiaddons.openshift.io_reclaimspacecronjobs.yaml -- bases/csiaddons.openshift.io_reclaimspacejobs.yaml -- bases/csiaddons.openshift.io_networkfences.yaml -- bases/replication.storage.openshift.io_volumereplications.yaml -- bases/replication.storage.openshift.io_volumereplicationclasses.yaml + - bases/csiaddons.openshift.io_csiaddonsnodes.yaml + - bases/csiaddons.openshift.io_reclaimspacecronjobs.yaml + - bases/csiaddons.openshift.io_reclaimspacejobs.yaml + - bases/csiaddons.openshift.io_networkfences.yaml + - bases/replication.storage.openshift.io_volumereplications.yaml + - bases/replication.storage.openshift.io_volumereplicationclasses.yaml +# yamllint disable-line rule:comments #+kubebuilder:scaffold:crdkustomizeresource patchesStrategicMerge: -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. -# patches here are for enabling the conversion webhook for each CRD -#- patches/webhook_in_csiaddonsnodes.yaml -#- patches/webhook_in_reclaimspacejobs.yaml -#- patches/webhook_in_volumereplications.yaml -#- patches/webhook_in_volumereplicationclasses.yaml + # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. + # patches here are for enabling the conversion webhook for each CRD + #- patches/webhook_in_csiaddonsnodes.yaml + #- patches/webhook_in_reclaimspacejobs.yaml + #- patches/webhook_in_volumereplications.yaml + #- patches/webhook_in_volumereplicationclasses.yaml #+kubebuilder:scaffold:crdkustomizewebhookpatch -# [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. -# patches here are for enabling the CA injection for each CRD -#- patches/cainjection_in_csiaddonsnodes.yaml -#- patches/cainjection_in_reclaimspacejobs.yaml -#- patches/cainjection_in_volumereplications.yaml -#- patches/cainjection_in_volumereplicationclasses.yaml + # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. + # patches here are for enabling the CA injection for each CRD + #- patches/cainjection_in_csiaddonsnodes.yaml + #- patches/cainjection_in_reclaimspacejobs.yaml + #- patches/cainjection_in_volumereplications.yaml + #- patches/cainjection_in_volumereplicationclasses.yaml #+kubebuilder:scaffold:crdkustomizecainjectionpatch # the following config is for teaching kustomize how to do kustomization for CRDs. configurations: -- kustomizeconfig.yaml + - kustomizeconfig.yaml diff --git a/config/crd/kustomizeconfig.yaml b/config/crd/kustomizeconfig.yaml index ec5c150a9..7d75f65da 100644 --- a/config/crd/kustomizeconfig.yaml +++ b/config/crd/kustomizeconfig.yaml @@ -1,19 +1,20 @@ +--- # This file is for teaching kustomize how to substitute name and namespace reference in CRD nameReference: -- kind: Service - version: v1 - fieldSpecs: - - kind: CustomResourceDefinition + - kind: Service version: v1 - group: apiextensions.k8s.io - path: spec/conversion/webhook/clientConfig/service/name + fieldSpecs: + - kind: CustomResourceDefinition + version: v1 + group: apiextensions.k8s.io + path: spec/conversion/webhook/clientConfig/service/name namespace: -- kind: CustomResourceDefinition - version: v1 - group: apiextensions.k8s.io - path: spec/conversion/webhook/clientConfig/service/namespace - create: false + - kind: CustomResourceDefinition + version: v1 + group: apiextensions.k8s.io + path: spec/conversion/webhook/clientConfig/service/namespace + create: false varReference: -- path: metadata/annotations + - path: metadata/annotations diff --git a/config/crd/patches/cainjection_in_csiaddonsnodes.yaml b/config/crd/patches/cainjection_in_csiaddonsnodes.yaml index 6c4c0d958..d29dd90ad 100644 --- a/config/crd/patches/cainjection_in_csiaddonsnodes.yaml +++ b/config/crd/patches/cainjection_in_csiaddonsnodes.yaml @@ -1,3 +1,4 @@ +--- # The following patch adds a directive for certmanager to inject CA into the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition diff --git a/config/crd/patches/cainjection_in_networkfences.yaml b/config/crd/patches/cainjection_in_networkfences.yaml index c7d1b2748..6c0e38e5d 100644 --- a/config/crd/patches/cainjection_in_networkfences.yaml +++ b/config/crd/patches/cainjection_in_networkfences.yaml @@ -1,3 +1,4 @@ +--- # The following patch adds a directive for certmanager to inject CA into the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition diff --git a/config/crd/patches/cainjection_in_reclaimspacejobs.yaml b/config/crd/patches/cainjection_in_reclaimspacejobs.yaml index 0ec09c316..45d3d1651 100644 --- a/config/crd/patches/cainjection_in_reclaimspacejobs.yaml +++ b/config/crd/patches/cainjection_in_reclaimspacejobs.yaml @@ -1,3 +1,4 @@ +--- # The following patch adds a directive for certmanager to inject CA into the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition diff --git a/config/crd/patches/cainjection_in_volumereplicationclasses.yaml b/config/crd/patches/cainjection_in_volumereplicationclasses.yaml index 0ce8b85e8..8a2f0b693 100644 --- a/config/crd/patches/cainjection_in_volumereplicationclasses.yaml +++ b/config/crd/patches/cainjection_in_volumereplicationclasses.yaml @@ -1,3 +1,4 @@ +--- # The following patch adds a directive for certmanager to inject CA into the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition diff --git a/config/crd/patches/cainjection_in_volumereplications.yaml b/config/crd/patches/cainjection_in_volumereplications.yaml index 8c43a523f..c744f42cc 100644 --- a/config/crd/patches/cainjection_in_volumereplications.yaml +++ b/config/crd/patches/cainjection_in_volumereplications.yaml @@ -1,3 +1,4 @@ +--- # The following patch adds a directive for certmanager to inject CA into the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition diff --git a/config/crd/patches/webhook_in_csiaddonsnodes.yaml b/config/crd/patches/webhook_in_csiaddonsnodes.yaml index 16bec1955..44af8f9ff 100644 --- a/config/crd/patches/webhook_in_csiaddonsnodes.yaml +++ b/config/crd/patches/webhook_in_csiaddonsnodes.yaml @@ -1,3 +1,4 @@ +--- # The following patch enables a conversion webhook for the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -13,4 +14,4 @@ spec: name: webhook-service path: /convert conversionReviewVersions: - - v1 + - v1 diff --git a/config/crd/patches/webhook_in_networkfences.yaml b/config/crd/patches/webhook_in_networkfences.yaml index 4ef655304..36e16a08d 100644 --- a/config/crd/patches/webhook_in_networkfences.yaml +++ b/config/crd/patches/webhook_in_networkfences.yaml @@ -1,3 +1,4 @@ +--- # The following patch enables a conversion webhook for the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -13,4 +14,4 @@ spec: name: webhook-service path: /convert conversionReviewVersions: - - v1 + - v1 diff --git a/config/crd/patches/webhook_in_reclaimspacejobs.yaml b/config/crd/patches/webhook_in_reclaimspacejobs.yaml index 79679817b..69f79efca 100644 --- a/config/crd/patches/webhook_in_reclaimspacejobs.yaml +++ b/config/crd/patches/webhook_in_reclaimspacejobs.yaml @@ -1,3 +1,4 @@ +--- # The following patch enables a conversion webhook for the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -13,4 +14,4 @@ spec: name: webhook-service path: /convert conversionReviewVersions: - - v1 + - v1 diff --git a/config/crd/patches/webhook_in_volumereplicationclasses.yaml b/config/crd/patches/webhook_in_volumereplicationclasses.yaml index 4dba64ee9..55c7680c8 100644 --- a/config/crd/patches/webhook_in_volumereplicationclasses.yaml +++ b/config/crd/patches/webhook_in_volumereplicationclasses.yaml @@ -1,3 +1,4 @@ +--- # The following patch enables a conversion webhook for the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -13,4 +14,4 @@ spec: name: webhook-service path: /convert conversionReviewVersions: - - v1 + - v1 diff --git a/config/crd/patches/webhook_in_volumereplications.yaml b/config/crd/patches/webhook_in_volumereplications.yaml index 5ec9ad145..df8d294da 100644 --- a/config/crd/patches/webhook_in_volumereplications.yaml +++ b/config/crd/patches/webhook_in_volumereplications.yaml @@ -1,3 +1,4 @@ +--- # The following patch enables a conversion webhook for the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -13,4 +14,4 @@ spec: name: webhook-service path: /convert conversionReviewVersions: - - v1 + - v1 diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 8ef06557d..a955dd89f 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -1,3 +1,6 @@ +--- +# yamllint disable rule:comments rule:comments-indentation +# # Labels to add to all resources and selectors. #commonLabels: # someName: someValue @@ -12,54 +15,54 @@ #- ../prometheus patchesStrategicMerge: -# Mount the controller config file for loading manager configurations -# through a ComponentConfig type -#- manager_config_patch.yaml + # Mount the controller config file for loading manager configurations + # through a ComponentConfig type + #- manager_config_patch.yaml -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -- manager_webhook_patch.yaml + # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in + # crd/kustomization.yaml + - manager_webhook_patch.yaml -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. -# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. -# 'CERTMANAGER' needs to be enabled to use ca injection -- webhookcainjection_patch.yaml + # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. + # Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. + # 'CERTMANAGER' needs to be enabled to use ca injection + - webhookcainjection_patch.yaml # the following config is for teaching kustomize how to do var substitution vars: -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. -- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR - objref: - kind: Certificate - group: cert-manager.io - version: v1 - name: serving-cert # this name should match the one in certificate.yaml - fieldref: - fieldpath: metadata.namespace -- name: CERTIFICATE_NAME - objref: - kind: Certificate - group: cert-manager.io - version: v1 - name: serving-cert # this name should match the one in certificate.yaml -- name: SERVICE_NAMESPACE # namespace of the service - objref: - kind: Service - version: v1 - name: webhook-service - fieldref: - fieldpath: metadata.namespace -- name: SERVICE_NAME - objref: - kind: Service - version: v1 - name: webhook-service + # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. + - name: CERTIFICATE_NAMESPACE # namespace of the certificate CR + objref: + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldref: + fieldpath: metadata.namespace + - name: CERTIFICATE_NAME + objref: + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + - name: SERVICE_NAMESPACE # namespace of the service + objref: + kind: Service + version: v1 + name: webhook-service + fieldref: + fieldpath: metadata.namespace + - name: SERVICE_NAME + objref: + kind: Service + version: v1 + name: webhook-service apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../crd -- ../rbac -- ../manager -- ../webhook -- ../certmanager + - ../crd + - ../rbac + - ../manager + - ../webhook + - ../certmanager diff --git a/config/default/manager_config_patch.yaml b/config/default/manager_config_patch.yaml index 6c400155c..d1e952e9b 100644 --- a/config/default/manager_config_patch.yaml +++ b/config/default/manager_config_patch.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -7,14 +8,14 @@ spec: template: spec: containers: - - name: manager - args: - - "--config=controller_manager_config.yaml" - volumeMounts: - - name: manager-config - mountPath: /controller_manager_config.yaml - subPath: controller_manager_config.yaml + - name: manager + args: + - "--config=controller_manager_config.yaml" + volumeMounts: + - name: manager-config + mountPath: /controller_manager_config.yaml + subPath: controller_manager_config.yaml volumes: - - name: manager-config - configMap: - name: manager-config + - name: manager-config + configMap: + name: manager-config diff --git a/config/default/manager_webhook_patch.yaml b/config/default/manager_webhook_patch.yaml index 738de350b..4aaf150d2 100644 --- a/config/default/manager_webhook_patch.yaml +++ b/config/default/manager_webhook_patch.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -7,17 +8,17 @@ spec: template: spec: containers: - - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true + - name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true volumes: - - name: cert - secret: - defaultMode: 420 - secretName: webhook-server-cert + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert diff --git a/config/default/webhookcainjection_patch.yaml b/config/default/webhookcainjection_patch.yaml index f5e23673e..a6a4b2160 100644 --- a/config/default/webhookcainjection_patch.yaml +++ b/config/default/webhookcainjection_patch.yaml @@ -1,3 +1,4 @@ +--- # This patch add annotation to admission webhook config and # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. --- diff --git a/config/manager/controller_manager_config.yaml b/config/manager/controller_manager_config.yaml index 6eeb57532..fc6133790 100644 --- a/config/manager/controller_manager_config.yaml +++ b/config/manager/controller_manager_config.yaml @@ -1,3 +1,4 @@ +--- apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 kind: ControllerManagerConfig health: diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index e3849261e..8f3fa4a4a 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -20,39 +21,39 @@ spec: securityContext: runAsNonRoot: true containers: - - command: - - /manager - args: - - --leader-elect - image: controller:latest - name: manager - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - securityContext: - allowPrivilegeEscalation: false - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - # TODO(user): Configure the resources accordingly based on the project requirements. - # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - resources: - limits: - cpu: 1000m - memory: 512Mi - requests: - cpu: 10m - memory: 64Mi + - command: + - /manager + args: + - --leader-elect + image: controller:latest + name: manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + securityContext: + allowPrivilegeEscalation: false + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + # TODO(user): Configure the resources accordingly based on the project requirements. + # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 10m + memory: 64Mi serviceAccountName: csi-addons-controller-manager terminationGracePeriodSeconds: 10 diff --git a/config/manager/manager_auth_proxy_patch.yaml b/config/manager/manager_auth_proxy_patch.yaml index b3c3e0d09..8f4abf76f 100644 --- a/config/manager/manager_auth_proxy_patch.yaml +++ b/config/manager/manager_auth_proxy_patch.yaml @@ -1,3 +1,4 @@ +--- # This patch inject a sidecar container which is a HTTP proxy for the # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. apiVersion: apps/v1 @@ -9,30 +10,30 @@ spec: template: spec: containers: - - name: kube-rbac-proxy - image: rbac-proxy - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=10" - ports: - - containerPort: 8443 - protocol: TCP - name: https - # TODO(user): Configure the resources accordingly based on the project requirements. - # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 10m - memory: 64Mi - - name: manager - args: - - "--namespace=$(POD_NAMESPACE)" - - "--health-probe-bind-address=:8081" - - "--metrics-bind-address=127.0.0.1:8080" - - "--leader-elect" - - "--enable-admission-webhooks=true" + - name: kube-rbac-proxy + image: rbac-proxy + args: + - "--secure-listen-address=0.0.0.0:8443" + - "--upstream=http://127.0.0.1:8080/" + - "--logtostderr=true" + - "--v=10" + ports: + - containerPort: 8443 + protocol: TCP + name: https + # TODO(user): Configure the resources accordingly based on the project requirements. + # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + - name: manager + args: + - "--namespace=$(POD_NAMESPACE)" + - "--health-probe-bind-address=:8081" + - "--metrics-bind-address=127.0.0.1:8080" + - "--leader-elect" + - "--enable-admission-webhooks=true" diff --git a/config/manifests/kustomization.yaml b/config/manifests/kustomization.yaml index 196e70621..5920ff456 100644 --- a/config/manifests/kustomization.yaml +++ b/config/manifests/kustomization.yaml @@ -1,25 +1,26 @@ +--- # These resources constitute the fully configured set of manifests # used to generate the 'manifests/' directory in a bundle. resources: -- ../default -- ../scorecard + - ../default + - ../scorecard # [WEBHOOK] To enable webhooks, uncomment all the sections with [WEBHOOK] prefix. # Do NOT uncomment sections with prefix [CERTMANAGER], as OLM does not support cert-manager. # These patches remove the unnecessary "cert" volume and its manager container volumeMount. patchesJson6902: -- target: - group: apps - version: v1 - kind: Deployment - name: controller-manager - namespace: system - patch: |- - # Remove the manager container's "cert" volumeMount, since OLM will create and mount a set of certs. - # Update the indices in this path if adding or removing containers/volumeMounts in the manager's Deployment. - - op: remove - path: /spec/template/spec/containers/0/volumeMounts/0 - # Remove the "cert" volume, since OLM will create and mount a set of certs. - # Update the indices in this path if adding or removing volumes in the manager's Deployment. - - op: remove - path: /spec/template/spec/volumes/0 + - target: + group: apps + version: v1 + kind: Deployment + name: controller-manager + namespace: system + patch: |- + # Remove the manager container's "cert" volumeMount, since OLM will create and mount a set of certs. + # Update the indices in this path if adding or removing containers/volumeMounts in the manager's Deployment. + - op: remove + path: /spec/template/spec/containers/0/volumeMounts/0 + # Remove the "cert" volume, since OLM will create and mount a set of certs. + # Update the indices in this path if adding or removing volumes in the manager's Deployment. + - op: remove + path: /spec/template/spec/volumes/0 diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml index ed137168a..c4aaaee08 100644 --- a/config/prometheus/kustomization.yaml +++ b/config/prometheus/kustomization.yaml @@ -1,2 +1,3 @@ +--- resources: -- monitor.yaml + - monitor.yaml diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml index 2c461e5fb..b73cfa40c 100644 --- a/config/prometheus/monitor.yaml +++ b/config/prometheus/monitor.yaml @@ -1,3 +1,4 @@ +--- # Prometheus Monitor Service (Metrics) apiVersion: monitoring.coreos.com/v1 diff --git a/config/rbac/auth_proxy_client_clusterrole.yaml b/config/rbac/auth_proxy_client_clusterrole.yaml index 51a75db47..8e6154f36 100644 --- a/config/rbac/auth_proxy_client_clusterrole.yaml +++ b/config/rbac/auth_proxy_client_clusterrole.yaml @@ -1,9 +1,10 @@ +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: metrics-reader rules: -- nonResourceURLs: - - "/metrics" - verbs: - - get + - nonResourceURLs: + - "/metrics" + verbs: + - get diff --git a/config/rbac/auth_proxy_role.yaml b/config/rbac/auth_proxy_role.yaml index 80e1857c5..449cb4bfb 100644 --- a/config/rbac/auth_proxy_role.yaml +++ b/config/rbac/auth_proxy_role.yaml @@ -1,17 +1,18 @@ +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: proxy-role rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create diff --git a/config/rbac/auth_proxy_role_binding.yaml b/config/rbac/auth_proxy_role_binding.yaml index ec7acc0a1..08cb903f7 100644 --- a/config/rbac/auth_proxy_role_binding.yaml +++ b/config/rbac/auth_proxy_role_binding.yaml @@ -1,3 +1,4 @@ +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -7,6 +8,6 @@ roleRef: kind: ClusterRole name: proxy-role subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system + - kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/config/rbac/auth_proxy_service.yaml b/config/rbac/auth_proxy_service.yaml index 92e28d0e7..6d93adb22 100644 --- a/config/rbac/auth_proxy_service.yaml +++ b/config/rbac/auth_proxy_service.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: Service metadata: @@ -7,9 +8,9 @@ metadata: namespace: system spec: ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https + - name: https + port: 8443 + protocol: TCP + targetPort: https selector: app.kubernetes.io/name: csi-addons diff --git a/config/rbac/csiaddonsnode_editor_role.yaml b/config/rbac/csiaddonsnode_editor_role.yaml index 70a0ddf97..3d94395fa 100644 --- a/config/rbac/csiaddonsnode_editor_role.yaml +++ b/config/rbac/csiaddonsnode_editor_role.yaml @@ -1,24 +1,25 @@ +--- # permissions for end users to edit csiaddonsnodes. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: csiaddonsnode-editor-role rules: -- apiGroups: - - csiaddons.openshift.io - resources: - - csiaddonsnodes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - csiaddons.openshift.io - resources: - - csiaddonsnodes/status - verbs: - - get + - apiGroups: + - csiaddons.openshift.io + resources: + - csiaddonsnodes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - csiaddons.openshift.io + resources: + - csiaddonsnodes/status + verbs: + - get diff --git a/config/rbac/csiaddonsnode_viewer_role.yaml b/config/rbac/csiaddonsnode_viewer_role.yaml index 1e4ac751d..1c59a3616 100644 --- a/config/rbac/csiaddonsnode_viewer_role.yaml +++ b/config/rbac/csiaddonsnode_viewer_role.yaml @@ -1,20 +1,21 @@ +--- # permissions for end users to view csiaddonsnodes. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: csiaddonsnode-viewer-role rules: -- apiGroups: - - csiaddons.openshift.io - resources: - - csiaddonsnodes - verbs: - - get - - list - - watch -- apiGroups: - - csiaddons.openshift.io - resources: - - csiaddonsnodes/status - verbs: - - get + - apiGroups: + - csiaddons.openshift.io + resources: + - csiaddonsnodes + verbs: + - get + - list + - watch + - apiGroups: + - csiaddons.openshift.io + resources: + - csiaddonsnodes/status + verbs: + - get diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index d60ac367d..8b12668ea 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -1,3 +1,4 @@ +--- # Adds namespace to all resources. namespace: csi-addons-system @@ -9,21 +10,21 @@ namespace: csi-addons-system namePrefix: csi-addons- resources: -# All RBAC will be applied under this service account in -# the deployment namespace. You may comment out this resource -# if your manager will use a service account that exists at -# runtime. Be sure to update RoleBinding and ClusterRoleBinding -# subjects if changing service account names. -- namespace.yaml -- service_account.yaml -- role.yaml -- role_binding.yaml -- leader_election_role.yaml -- leader_election_role_binding.yaml -# Comment the following 4 lines if you want to disable -# the auth proxy (https://github.com/brancz/kube-rbac-proxy) -# which protects your /metrics endpoint. -- auth_proxy_service.yaml -- auth_proxy_role.yaml -- auth_proxy_role_binding.yaml -- auth_proxy_client_clusterrole.yaml + # All RBAC will be applied under this service account in + # the deployment namespace. You may comment out this resource + # if your manager will use a service account that exists at + # runtime. Be sure to update RoleBinding and ClusterRoleBinding + # subjects if changing service account names. + - namespace.yaml + - service_account.yaml + - role.yaml + - role_binding.yaml + - leader_election_role.yaml + - leader_election_role_binding.yaml + # Comment the following 4 lines if you want to disable + # the auth proxy (https://github.com/brancz/kube-rbac-proxy) + # which protects your /metrics endpoint. + - auth_proxy_service.yaml + - auth_proxy_role.yaml + - auth_proxy_role_binding.yaml + - auth_proxy_client_clusterrole.yaml diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml index 4190ec805..19d177622 100644 --- a/config/rbac/leader_election_role.yaml +++ b/config/rbac/leader_election_role.yaml @@ -1,37 +1,38 @@ +--- # permissions to do leader election. apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: leader-election-role rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml index 1d1321ed4..c536feb4f 100644 --- a/config/rbac/leader_election_role_binding.yaml +++ b/config/rbac/leader_election_role_binding.yaml @@ -1,3 +1,4 @@ +--- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: @@ -7,6 +8,6 @@ roleRef: kind: Role name: leader-election-role subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system + - kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/config/rbac/namespace.yaml b/config/rbac/namespace.yaml index 483f85620..9fbd5fd0c 100644 --- a/config/rbac/namespace.yaml +++ b/config/rbac/namespace.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: Namespace metadata: diff --git a/config/rbac/networkfence_editor_role.yaml b/config/rbac/networkfence_editor_role.yaml index e949486d2..abb0a0cbe 100644 --- a/config/rbac/networkfence_editor_role.yaml +++ b/config/rbac/networkfence_editor_role.yaml @@ -1,24 +1,25 @@ +--- # permissions for end users to edit networkfences. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: networkfence-editor-role rules: -- apiGroups: - - csiaddons.openshift.io - resources: - - networkfences - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - csiaddons.openshift.io - resources: - - networkfences/status - verbs: - - get + - apiGroups: + - csiaddons.openshift.io + resources: + - networkfences + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - csiaddons.openshift.io + resources: + - networkfences/status + verbs: + - get diff --git a/config/rbac/networkfence_viewer_role.yaml b/config/rbac/networkfence_viewer_role.yaml index 4a8c7e346..923fb145a 100644 --- a/config/rbac/networkfence_viewer_role.yaml +++ b/config/rbac/networkfence_viewer_role.yaml @@ -1,20 +1,21 @@ +--- # permissions for end users to view networkfences. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: networkfence-viewer-role rules: -- apiGroups: - - csiaddons.openshift.io - resources: - - networkfences - verbs: - - get - - list - - watch -- apiGroups: - - csiaddons.openshift.io - resources: - - networkfences/status - verbs: - - get + - apiGroups: + - csiaddons.openshift.io + resources: + - networkfences + verbs: + - get + - list + - watch + - apiGroups: + - csiaddons.openshift.io + resources: + - networkfences/status + verbs: + - get diff --git a/config/rbac/reclaimspacejob_editor_role.yaml b/config/rbac/reclaimspacejob_editor_role.yaml index 2a8637edf..26493d0e5 100644 --- a/config/rbac/reclaimspacejob_editor_role.yaml +++ b/config/rbac/reclaimspacejob_editor_role.yaml @@ -1,24 +1,25 @@ +--- # permissions for end users to edit reclaimspacejobs. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: reclaimspacejob-editor-role rules: -- apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacejobs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacejobs/status - verbs: - - get + - apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacejobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacejobs/status + verbs: + - get diff --git a/config/rbac/reclaimspacejob_viewer_role.yaml b/config/rbac/reclaimspacejob_viewer_role.yaml index 3ab6d4c9d..e6c70176e 100644 --- a/config/rbac/reclaimspacejob_viewer_role.yaml +++ b/config/rbac/reclaimspacejob_viewer_role.yaml @@ -1,20 +1,21 @@ +--- # permissions for end users to view reclaimspacejobs. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: reclaimspacejob-viewer-role rules: -- apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacejobs - verbs: - - get - - list - - watch -- apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacejobs/status - verbs: - - get + - apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacejobs + verbs: + - get + - list + - watch + - apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacejobs/status + verbs: + - get diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml index 2070ede44..41a6b3289 100644 --- a/config/rbac/role_binding.yaml +++ b/config/rbac/role_binding.yaml @@ -1,3 +1,4 @@ +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -7,6 +8,6 @@ roleRef: kind: ClusterRole name: manager-role subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system + - kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml index 7cd6025bf..a1ae812dc 100644 --- a/config/rbac/service_account.yaml +++ b/config/rbac/service_account.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: ServiceAccount metadata: diff --git a/config/rbac/volumereplication_editor_role.yaml b/config/rbac/volumereplication_editor_role.yaml index fe2e89633..8d7eb0c3f 100644 --- a/config/rbac/volumereplication_editor_role.yaml +++ b/config/rbac/volumereplication_editor_role.yaml @@ -1,24 +1,25 @@ +--- # permissions for end users to edit volumereplications. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: volumereplication-editor-role rules: -- apiGroups: - - replication.storage.openshift.io - resources: - - volumereplications - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - replication.storage.openshift.io - resources: - - volumereplications/status - verbs: - - get + - apiGroups: + - replication.storage.openshift.io + resources: + - volumereplications + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - replication.storage.openshift.io + resources: + - volumereplications/status + verbs: + - get diff --git a/config/rbac/volumereplication_viewer_role.yaml b/config/rbac/volumereplication_viewer_role.yaml index 9f15adde6..69da2887f 100644 --- a/config/rbac/volumereplication_viewer_role.yaml +++ b/config/rbac/volumereplication_viewer_role.yaml @@ -1,20 +1,21 @@ +--- # permissions for end users to view volumereplications. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: volumereplication-viewer-role rules: -- apiGroups: - - replication.storage.openshift.io - resources: - - volumereplications - verbs: - - get - - list - - watch -- apiGroups: - - replication.storage.openshift.io - resources: - - volumereplications/status - verbs: - - get + - apiGroups: + - replication.storage.openshift.io + resources: + - volumereplications + verbs: + - get + - list + - watch + - apiGroups: + - replication.storage.openshift.io + resources: + - volumereplications/status + verbs: + - get diff --git a/config/rbac/volumereplicationclass_editor_role.yaml b/config/rbac/volumereplicationclass_editor_role.yaml index 98415046a..897d5483f 100644 --- a/config/rbac/volumereplicationclass_editor_role.yaml +++ b/config/rbac/volumereplicationclass_editor_role.yaml @@ -1,24 +1,25 @@ +--- # permissions for end users to edit volumereplicationclasses. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: volumereplicationclass-editor-role rules: -- apiGroups: - - replication.storage.openshift.io - resources: - - volumereplicationclasses - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - replication.storage.openshift.io - resources: - - volumereplicationclasses/status - verbs: - - get + - apiGroups: + - replication.storage.openshift.io + resources: + - volumereplicationclasses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - replication.storage.openshift.io + resources: + - volumereplicationclasses/status + verbs: + - get diff --git a/config/rbac/volumereplicationclass_viewer_role.yaml b/config/rbac/volumereplicationclass_viewer_role.yaml index 4a9f4ddb7..be4f751d1 100644 --- a/config/rbac/volumereplicationclass_viewer_role.yaml +++ b/config/rbac/volumereplicationclass_viewer_role.yaml @@ -1,20 +1,21 @@ +--- # permissions for end users to view volumereplicationclasses. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: volumereplicationclass-viewer-role rules: -- apiGroups: - - replication.storage.openshift.io - resources: - - volumereplicationclasses - verbs: - - get - - list - - watch -- apiGroups: - - replication.storage.openshift.io - resources: - - volumereplicationclasses/status - verbs: - - get + - apiGroups: + - replication.storage.openshift.io + resources: + - volumereplicationclasses + verbs: + - get + - list + - watch + - apiGroups: + - replication.storage.openshift.io + resources: + - volumereplicationclasses/status + verbs: + - get diff --git a/config/samples/csiaddons_v1alpha1_csiaddonsnode.yaml b/config/samples/csiaddons_v1alpha1_csiaddonsnode.yaml index cbf8e68f3..3c691a9b8 100644 --- a/config/samples/csiaddons_v1alpha1_csiaddonsnode.yaml +++ b/config/samples/csiaddons_v1alpha1_csiaddonsnode.yaml @@ -1,3 +1,5 @@ +--- +# yamllint disable rule:comments-indentation apiVersion: csiaddons.openshift.io/v1alpha1 kind: CSIAddonsNode metadata: diff --git a/config/samples/csiaddons_v1alpha1_networkfence.yaml b/config/samples/csiaddons_v1alpha1_networkfence.yaml index 890e722bf..120775db6 100644 --- a/config/samples/csiaddons_v1alpha1_networkfence.yaml +++ b/config/samples/csiaddons_v1alpha1_networkfence.yaml @@ -1,3 +1,5 @@ +--- +# yamllint disable rule:comments-indentation apiVersion: csiaddons.openshift.io/v1alpha1 kind: NetworkFence metadata: diff --git a/config/samples/csiaddons_v1alpha1_reclaimspacejob.yaml b/config/samples/csiaddons_v1alpha1_reclaimspacejob.yaml index 24f7f4ea5..8380631e3 100644 --- a/config/samples/csiaddons_v1alpha1_reclaimspacejob.yaml +++ b/config/samples/csiaddons_v1alpha1_reclaimspacejob.yaml @@ -1,3 +1,5 @@ +--- +# yamllint disable rule:comments-indentation apiVersion: csiaddons.openshift.io/v1alpha1 kind: ReclaimSpaceJob metadata: diff --git a/config/samples/replication.storage_v1alpha1_volumereplication.yaml b/config/samples/replication.storage_v1alpha1_volumereplication.yaml index 67a7f044b..46cce3ef3 100644 --- a/config/samples/replication.storage_v1alpha1_volumereplication.yaml +++ b/config/samples/replication.storage_v1alpha1_volumereplication.yaml @@ -1,3 +1,5 @@ +--- +# yamllint disable rule:comments-indentation apiVersion: replication.storage.openshift.io/v1alpha1 kind: VolumeReplication metadata: diff --git a/config/samples/replication.storage_v1alpha1_volumereplicationclass.yaml b/config/samples/replication.storage_v1alpha1_volumereplicationclass.yaml index f7658c603..8157c65ee 100644 --- a/config/samples/replication.storage_v1alpha1_volumereplicationclass.yaml +++ b/config/samples/replication.storage_v1alpha1_volumereplicationclass.yaml @@ -1,3 +1,5 @@ +--- +# yamllint disable rule:comments-indentation apiVersion: replication.storage.openshift.io/v1alpha1 kind: VolumeReplicationClass metadata: diff --git a/config/scorecard/bases/config.yaml b/config/scorecard/bases/config.yaml index c77047841..0907f0f71 100644 --- a/config/scorecard/bases/config.yaml +++ b/config/scorecard/bases/config.yaml @@ -1,7 +1,8 @@ +--- apiVersion: scorecard.operatorframework.io/v1alpha3 kind: Configuration metadata: name: config stages: -- parallel: true - tests: [] + - parallel: true + tests: [] diff --git a/config/scorecard/kustomization.yaml b/config/scorecard/kustomization.yaml index 50cd2d084..09df549de 100644 --- a/config/scorecard/kustomization.yaml +++ b/config/scorecard/kustomization.yaml @@ -1,16 +1,18 @@ +--- resources: -- bases/config.yaml + - bases/config.yaml patchesJson6902: -- path: patches/basic.config.yaml - target: - group: scorecard.operatorframework.io - version: v1alpha3 - kind: Configuration - name: config -- path: patches/olm.config.yaml - target: - group: scorecard.operatorframework.io - version: v1alpha3 - kind: Configuration - name: config + - path: patches/basic.config.yaml + target: + group: scorecard.operatorframework.io + version: v1alpha3 + kind: Configuration + name: config + - path: patches/olm.config.yaml + target: + group: scorecard.operatorframework.io + version: v1alpha3 + kind: Configuration + name: config +# yamllint disable-line rule:comments #+kubebuilder:scaffold:patchesJson6902 diff --git a/config/scorecard/patches/basic.config.yaml b/config/scorecard/patches/basic.config.yaml index 3435b5060..9c4059fb7 100644 --- a/config/scorecard/patches/basic.config.yaml +++ b/config/scorecard/patches/basic.config.yaml @@ -1,9 +1,10 @@ +--- - op: add path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - basic-check-spec + - scorecard-test + - basic-check-spec image: quay.io/operator-framework/scorecard-test:latest labels: suite: basic diff --git a/config/scorecard/patches/olm.config.yaml b/config/scorecard/patches/olm.config.yaml index edd2814f7..621769662 100644 --- a/config/scorecard/patches/olm.config.yaml +++ b/config/scorecard/patches/olm.config.yaml @@ -1,9 +1,10 @@ +--- - op: add path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - olm-bundle-validation + - scorecard-test + - olm-bundle-validation image: quay.io/operator-framework/scorecard-test:latest labels: suite: olm @@ -12,8 +13,8 @@ path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - olm-crds-have-validation + - scorecard-test + - olm-crds-have-validation image: quay.io/operator-framework/scorecard-test:latest labels: suite: olm @@ -22,8 +23,8 @@ path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - olm-crds-have-resources + - scorecard-test + - olm-crds-have-resources image: quay.io/operator-framework/scorecard-test:latest labels: suite: olm @@ -32,8 +33,8 @@ path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - olm-spec-descriptors + - scorecard-test + - olm-spec-descriptors image: quay.io/operator-framework/scorecard-test:latest labels: suite: olm @@ -42,8 +43,8 @@ path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - olm-status-descriptors + - scorecard-test + - olm-status-descriptors image: quay.io/operator-framework/scorecard-test:latest labels: suite: olm diff --git a/config/webhook/kustomization.yaml b/config/webhook/kustomization.yaml index d06ccd2d7..54d4b52e9 100644 --- a/config/webhook/kustomization.yaml +++ b/config/webhook/kustomization.yaml @@ -1,3 +1,4 @@ +--- # Adds namespace to all resources. namespace: csi-addons-system @@ -9,8 +10,8 @@ namespace: csi-addons-system namePrefix: csi-addons- resources: -- manifests.yaml -- service.yaml + - manifests.yaml + - service.yaml configurations: -- kustomizeconfig.yaml + - kustomizeconfig.yaml diff --git a/config/webhook/kustomizeconfig.yaml b/config/webhook/kustomizeconfig.yaml index e809f7820..d45f3553b 100644 --- a/config/webhook/kustomizeconfig.yaml +++ b/config/webhook/kustomizeconfig.yaml @@ -1,18 +1,19 @@ +--- # the following config is for teaching kustomize where to look at when substituting vars. # It requires kustomize v2.1.0 or newer to work properly. nameReference: -- kind: Service - version: v1 - fieldSpecs: - - kind: ValidatingWebhookConfiguration - group: admissionregistration.k8s.io - path: webhooks/clientConfig/service/name + - kind: Service + version: v1 + fieldSpecs: + - kind: ValidatingWebhookConfiguration + group: admissionregistration.k8s.io + path: webhooks/clientConfig/service/name namespace: -- kind: ValidatingWebhookConfiguration - group: admissionregistration.k8s.io - path: webhooks/clientConfig/service/namespace - create: true + - kind: ValidatingWebhookConfiguration + group: admissionregistration.k8s.io + path: webhooks/clientConfig/service/namespace + create: true varReference: -- path: metadata/annotations + - path: metadata/annotations diff --git a/config/webhook/service.yaml b/config/webhook/service.yaml index 1099766ae..80ea703d7 100644 --- a/config/webhook/service.yaml +++ b/config/webhook/service.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: Service diff --git a/deploy/controller/csi-addons-config.yaml b/deploy/controller/csi-addons-config.yaml index 1950b3bd4..85246e346 100644 --- a/deploy/controller/csi-addons-config.yaml +++ b/deploy/controller/csi-addons-config.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: ConfigMap metadata: diff --git a/deploy/controller/install-all-in-one.yaml b/deploy/controller/install-all-in-one.yaml index aac749b0f..0d42f8341 100644 --- a/deploy/controller/install-all-in-one.yaml +++ b/deploy/controller/install-all-in-one.yaml @@ -1276,6 +1276,7 @@ subjects: apiVersion: v1 data: controller_manager_config.yaml: | + --- apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 kind: ControllerManagerConfig health: diff --git a/deploy/controller/setup-controller.yaml b/deploy/controller/setup-controller.yaml index 41c00e533..b15c955e2 100644 --- a/deploy/controller/setup-controller.yaml +++ b/deploy/controller/setup-controller.yaml @@ -1,6 +1,7 @@ apiVersion: v1 data: controller_manager_config.yaml: | + --- apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 kind: ControllerManagerConfig health: