forked from opendatahub-io/opendatahub-operator
-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: embed templates into operator plugin #5
Merged
Merged
Changes from 13 commits
Commits
Show all changes
19 commits
Select commit
Hold shift + click to select a range
612a7d4
initial add templates to operator
cam-garrison 49c8e1a
change template loading logic to use embedded files
cam-garrison 69d5fd9
fix some log statements, try move smm to first
cam-garrison a9da373
rename auth smm, remove some logs
cam-garrison 4e87b99
re add empty line, remove prints
cam-garrison 3c5183e
preserve template's path in tmp dir
cam-garrison 1ce2892
add err, use consts
cam-garrison 6d85393
no longer pass embedded FS
cam-garrison b0251b0
consts not vars
cam-garrison 62cf16e
Update pkg/kfapp/ossm/ossm_manifests.go
cam-garrison e789b6d
Update pkg/kfapp/ossm/types.go
cam-garrison b38c75e
remove extra }, rename outputDir const
cam-garrison c356f9e
use manifest struct to store templateDir
cam-garrison 22c5bd0
copy files first, use orig processing
cam-garrison 285b7a1
Update pkg/kfapp/ossm/ossm_manifests.go
cam-garrison 1a1dff3
Update pkg/kfapp/ossm/types.go
cam-garrison aae3e9b
Update pkg/kfapp/ossm/types.go
cam-garrison 2532888
Update pkg/kfapp/ossm/types.go
cam-garrison 14fe43c
Update pkg/kfapp/ossm/types.go
cam-garrison File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| apiVersion: maistra.io/v1 | ||
| kind: ServiceMeshMember | ||
| metadata: | ||
| name: default | ||
| namespace: {{ .Auth.Namespace }} | ||
| spec: | ||
| controlPlaneRef: | ||
| namespace: {{ .Mesh.Namespace }} | ||
| name: {{ .Mesh.Name }} | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| apiVersion: authorino.kuadrant.io/v1beta1 | ||
| kind: AuthConfig | ||
| metadata: | ||
| name: odh-dashboard-protection | ||
| namespace: {{ .AppNamespace }} | ||
| labels: | ||
| {{ ReplaceChar .Auth.Authorino.Label "=" ": " }} | ||
| spec: | ||
| hosts: | ||
| - {{.AppNamespace}}.{{ .Domain }} | ||
| identity: | ||
| - name: kubernetes-users | ||
| kubernetes: | ||
| audiences: | ||
| - "https://kubernetes.default.svc" | ||
| authorization: | ||
| - name: k8s-rbac-only-service-viewers | ||
| kubernetes: | ||
| user: | ||
| valueFrom: { authJSON: auth.identity.username } | ||
| resourceAttributes: | ||
| namespace: | ||
| value: {{ .AppNamespace }} | ||
| group: | ||
| value: "" | ||
| resource: | ||
| value: services | ||
| name: | ||
| value: odh-dashboard | ||
| verb: | ||
| value: get | ||
| response: | ||
| - name: x-auth-data | ||
| json: | ||
| properties: | ||
| - name: username | ||
| valueFrom: { authJSON: auth.identity.username } | ||
| denyWith: | ||
| unauthenticated: | ||
| message: | ||
| value: "Access denied" | ||
| unauthorized: | ||
| message: | ||
| value: "Unauthorized" |
15 changes: 15 additions & 0 deletions
15
pkg/kfapp/ossm/templates/authorino/base/operator-cluster-wide-no-tls.tmpl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| apiVersion: operator.authorino.kuadrant.io/v1beta1 | ||
| kind: Authorino | ||
| metadata: | ||
| name: {{ .Auth.Authorino.Name }} | ||
| namespace: {{ .Auth.Namespace }} | ||
| spec: | ||
| image: {{ .Auth.Authorino.Image }} | ||
| authConfigLabelSelectors: {{ .Auth.Authorino.Label }} | ||
| clusterWide: true | ||
| listener: | ||
| tls: | ||
| enabled: false | ||
| oidcServer: | ||
| tls: | ||
| enabled: false |
13 changes: 13 additions & 0 deletions
13
pkg/kfapp/ossm/templates/authorino/mesh-authz-ext-provider.patch.tmpl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| apiVersion: maistra.io/v2 | ||
| kind: ServiceMeshControlPlane | ||
| metadata: | ||
| name: {{ .Mesh.Name }} | ||
| namespace: {{ .Mesh.Namespace }} | ||
| spec: | ||
| techPreview: | ||
| meshConfig: | ||
| extensionProviders: | ||
| - name: {{ .AppNamespace }}-odh-auth-provider | ||
| envoyExtAuthzGrpc: | ||
| service: {{ .Auth.Authorino.Name }}-authorino-authorization.{{ .Auth.Namespace }}.svc.cluster.local | ||
| port: 50051 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| apiVersion: v1 | ||
| kind: Namespace | ||
| metadata: | ||
| name: {{ .Auth.Namespace }} | ||
| labels: | ||
| control-plane: authorino-operator |
13 changes: 13 additions & 0 deletions
13
pkg/kfapp/ossm/templates/authorino/rbac/cluster-monitoring-role-binding.tmpl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| kind: ClusterRoleBinding | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| metadata: | ||
| name: auth-service-monitoring | ||
| namespace: {{ .Auth.Namespace }} | ||
| subjects: | ||
| - kind: ServiceAccount | ||
| name: auth-service | ||
| namespace: {{ .Auth.Namespace }} | ||
| roleRef: | ||
| apiGroup: rbac.authorization.k8s.io | ||
| kind: ClusterRole | ||
| name: cluster-monitoring-view |
13 changes: 13 additions & 0 deletions
13
pkg/kfapp/ossm/templates/authorino/rbac/cluster-role-binding.tmpl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| kind: ClusterRoleBinding | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| metadata: | ||
| name: auth-service | ||
| namespace: {{ .Auth.Namespace }} | ||
| subjects: | ||
| - kind: ServiceAccount | ||
| name: auth-service | ||
| namespace: {{ .Auth.Namespace }} | ||
| roleRef: | ||
| apiGroup: rbac.authorization.k8s.io | ||
| kind: ClusterRole | ||
| name: auth-service |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would move them next to
//go:embed, otherwise they're local per func invocation.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
moved it with the const
baseOutputDirin types.go 22c5bd0