Skip to content

Commit

Permalink
Merge pull request #416 from vyzigold/fix_lokistack_deployment
Browse files Browse the repository at this point in the history
Apply CCO CRD as a workaround for logging job
  • Loading branch information
openshift-merge-bot[bot] authored Jun 19, 2024
2 parents eaf89f7 + 29594c8 commit b0eca76
Show file tree
Hide file tree
Showing 2 changed files with 190 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,182 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
capability.openshift.io/name: CloudCredential
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
name: credentialsrequests.cloudcredential.openshift.io
spec:
group: cloudcredential.openshift.io
names:
kind: CredentialsRequest
listKind: CredentialsRequestList
plural: credentialsrequests
singular: credentialsrequest
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: CredentialsRequest is the Schema for the credentialsrequests
API
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: CredentialsRequestSpec defines the desired state of CredentialsRequest
type: object
required:
- secretRef
properties:
cloudTokenPath:
description: "cloudTokenPath is the path where the Kubernetes ServiceAccount
token (JSON Web Token) is mounted on the deployment for the workload
requesting a credentials secret. The presence of this field in combination
with fields such as spec.providerSpec.stsIAMRoleARN indicate that
CCO should broker creation of a credentials secret containing fields
necessary for token based authentication methods such as with the
AWS Secure Token Service (STS). \n cloudTokenPath may also be used
to specify the azure_federated_token_file path used in Azure configuration
secrets generated by ccoctl. Defaults to \"/var/run/secrets/openshift/serviceaccount/token\"."
type: string
providerSpec:
description: ProviderSpec contains the cloud provider specific credentials
specification.
type: object
x-kubernetes-preserve-unknown-fields: true
secretRef:
description: SecretRef points to the secret where the credentials
should be stored once generated.
type: object
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object instead of
an entire object, this string should contain a valid JSON/Go
field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within
a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]"
(container with index 2 in this pod). This syntax is chosen
only to have some well-defined way of referencing a part of
an object. TODO: this design is not final and this field is
subject to change in the future.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this reference
is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
serviceAccountNames:
description: ServiceAccountNames contains a list of ServiceAccounts
that will use permissions associated with this CredentialsRequest.
This is not used by CCO, but the information is needed for being
able to properly set up access control in the cloud provider when
the ServiceAccounts are used as part of the cloud credentials flow.
type: array
items:
type: string
status:
description: CredentialsRequestStatus defines the observed state of CredentialsRequest
type: object
required:
- lastSyncGeneration
- provisioned
properties:
conditions:
description: Conditions includes detailed status for the CredentialsRequest
type: array
items:
description: CredentialsRequestCondition contains details for any
of the conditions on a CredentialsRequest object
type: object
required:
- status
- type
properties:
lastProbeTime:
description: LastProbeTime is the last time we probed the condition
type: string
format: date-time
lastTransitionTime:
description: LastTransitionTime is the last time the condition
transitioned from one status to another.
type: string
format: date-time
message:
description: Message is a human-readable message indicating
details about the last transition
type: string
reason:
description: Reason is a unique, one-word, CamelCase reason
for the condition's last transition
type: string
status:
description: Status is the status of the condition
type: string
type:
description: Type is the specific type of the condition
type: string
lastSyncCloudCredsSecretResourceVersion:
description: LastSyncCloudCredsSecretResourceVersion is the resource
version of the cloud credentials secret resource when the credentials
request resource was last synced. Used to determine if the cloud
credentials have been updated since the last sync.
type: string
lastSyncGeneration:
description: LastSyncGeneration is the generation of the credentials
request resource that was last synced. Used to determine if the
object has changed and requires a sync.
type: integer
format: int64
lastSyncTimestamp:
description: LastSyncTimestamp is the time that the credentials were
last synced.
type: string
format: date-time
providerStatus:
description: ProviderStatus contains cloud provider specific status.
type: object
x-kubernetes-preserve-unknown-fields: true
provisioned:
description: Provisioned is true once the credentials have been initially
provisioned.
type: boolean
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
8 changes: 8 additions & 0 deletions ci/deploy-logging-dependencies/tasks/deploy-operators.yml
Original file line number Diff line number Diff line change
@@ -1,3 +1,11 @@
# WORKAROUND: Loki-operator is missing cluster credential operator in CRC
# we can just apply the CRD to work around the issue. For proper fix
# see: LOG-5431
- name: WORKAROUND - Apply CCO CRD
ansible.builtin.shell:
cmd: |
oc apply -f {{ role_path }}/files/0000_03_cloud-credential-operator_01_crd.yaml
- name: Create the CLO subscription and loki-operator subscriptions
ansible.builtin.shell:
cmd: |
Expand Down

0 comments on commit b0eca76

Please sign in to comment.