From 5c3dd08420bcfc661ed7201947132590fd91100e Mon Sep 17 00:00:00 2001 From: Bryce Palmer Date: Fri, 7 Apr 2023 15:38:53 -0400 Subject: [PATCH 1/2] fix manifests as follow up to #16 Signed-off-by: Bryce Palmer --- config/manager/manager.yaml | 24 ++---------------------- 1 file changed, 2 insertions(+), 22 deletions(-) diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index bda5270a..771d2ced 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -36,26 +36,6 @@ spec: labels: control-plane: controller-manager spec: - # TODO(user): Uncomment the following code to configure the nodeAffinity expression - # according to the platforms which are supported by your solution. - # It is considered best practice to support multiple architectures. You can - # build your manager image using the makefile target docker-buildx. - # affinity: - # nodeAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # nodeSelectorTerms: - # - matchExpressions: - # - key: kubernetes.io/arch - # operator: In - # values: - # - amd64 - # - arm64 - # - ppc64le - # - s390x - # - key: kubernetes.io/os - # operator: In - # values: - # - linux securityContext: runAsNonRoot: true # TODO(user): For common cases that do not require escalating privileges @@ -63,8 +43,8 @@ spec: # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted # Please uncomment the following code if your project does NOT have to work on old Kubernetes # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ). - # seccompProfile: - # type: RuntimeDefault + seccompProfile: + type: RuntimeDefault containers: - command: - "./manager" From 20e65cf2ce1ab169b6f8c4c584495cc1bb568e14 Mon Sep 17 00:00:00 2001 From: Bryce Palmer Date: Mon, 10 Apr 2023 10:45:50 -0400 Subject: [PATCH 2/2] cleanup TODOs and old CRDs Signed-off-by: Bryce Palmer --- .../core.catalogd.io_bundlemetadata.yaml | 98 ------------- .../core.catalogd.io_catalogsources.yaml | 130 ------------------ .../crd/bases/core.catalogd.io_packages.yaml | 109 --------------- config/manager/manager.yaml | 7 - 4 files changed, 344 deletions(-) delete mode 100644 config/crd/bases/core.catalogd.io_bundlemetadata.yaml delete mode 100644 config/crd/bases/core.catalogd.io_catalogsources.yaml delete mode 100644 config/crd/bases/core.catalogd.io_packages.yaml diff --git a/config/crd/bases/core.catalogd.io_bundlemetadata.yaml b/config/crd/bases/core.catalogd.io_bundlemetadata.yaml deleted file mode 100644 index 6db88b9b..00000000 --- a/config/crd/bases/core.catalogd.io_bundlemetadata.yaml +++ /dev/null @@ -1,98 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.0 - creationTimestamp: null - name: bundlemetadata.core.catalogd.io -spec: - group: core.catalogd.io - names: - kind: BundleMetadata - listKind: BundleMetadataList - plural: bundlemetadata - singular: bundlemetadata - scope: Cluster - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: BundleMetadata - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BundleMetadataSpec defines the desired state of BundleMetadata - properties: - catalogSource: - description: CatalogSource is the name of the CatalogSource that provides - this bundle - type: string - image: - description: Image is a reference to the image that provides the bundle - contents - type: string - package: - description: Package is the name of the package that provides this - bundle - type: string - properties: - description: Properties is a string of references to property objects - that are part of the bundle - items: - description: 'TODO: In the future we should remove this in favor - of using `property.Property` from https://pkg.go.dev/github.com/operator-framework/operator-registry@v1.26.3/alpha/property#Property - This will likely require some changes to the `property.Property` - type to make it suitable for usage within the Spec for a CustomResource' - properties: - type: - type: string - value: - format: byte - type: string - required: - - type - - value - type: object - type: array - relatedImages: - description: RelatedImages are the RelatedImages in the bundle - items: - description: 'TODO: In the future we should remove this in favor - of using `model.RelatedImage` (or similar) from https://pkg.go.dev/github.com/operator-framework/operator-registry@v1.26.3/alpha/model#RelatedImage - This will likely require some changes to the `model.RelatedImage` - type to make it suitable for usage within the Spec for a CustomResource' - properties: - image: - type: string - name: - type: string - required: - - image - - name - type: object - type: array - required: - - catalogSource - - image - - package - - properties - - relatedImages - type: object - status: - description: BundleMetadataStatus defines the observed state of BundleMetadata - type: object - type: object - served: true - storage: true diff --git a/config/crd/bases/core.catalogd.io_catalogsources.yaml b/config/crd/bases/core.catalogd.io_catalogsources.yaml deleted file mode 100644 index 51858786..00000000 --- a/config/crd/bases/core.catalogd.io_catalogsources.yaml +++ /dev/null @@ -1,130 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.0 - creationTimestamp: null - name: catalogsources.core.catalogd.io -spec: - group: core.catalogd.io - names: - kind: CatalogSource - listKind: CatalogSourceList - plural: catalogsources - singular: catalogsource - scope: Cluster - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: CatalogSource - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CatalogSourceSpec defines the desired state of CatalogSource - properties: - image: - description: Image is the Catalog image that contains Operators' metadata - in the FBC format https://olm.operatorframework.io/docs/reference/file-based-catalogs/#docs - type: string - pollingInterval: - description: PollingInterval is used to determine the time interval - between checks of the latest index image version. The image is polled - to see if a new version of the image is available. If available, - the latest image is pulled and the cache is updated to contain the - new content. - type: string - required: - - image - type: object - status: - description: CatalogSourceStatus defines the observed state of CatalogSource - properties: - conditions: - description: Conditions store the status conditions of the CatalogSource - instances - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/config/crd/bases/core.catalogd.io_packages.yaml b/config/crd/bases/core.catalogd.io_packages.yaml deleted file mode 100644 index f56c7fb5..00000000 --- a/config/crd/bases/core.catalogd.io_packages.yaml +++ /dev/null @@ -1,109 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.0 - creationTimestamp: null - name: packages.core.catalogd.io -spec: - group: core.catalogd.io - names: - kind: Package - listKind: PackageList - plural: packages - singular: package - scope: Cluster - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: Package - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PackageSpec defines the desired state of Package - properties: - catalogSource: - description: CatalogSource is the name of the CatalogSource this package - belongs to - type: string - catalogSourceDisplayName: - type: string - catalogSourcePublisher: - type: string - channels: - description: Channels are the declared channels for the package, ala - `stable` or `alpha`. - items: - description: PackageChannel defines a single channel under a package, - pointing to a version of that package. - properties: - entries: - description: Entries is all the channel entries within a channel - items: - properties: - name: - type: string - replaces: - type: string - skipRange: - type: string - skips: - items: - type: string - type: array - required: - - name - type: object - type: array - name: - description: Name is the name of the channel, e.g. `alpha` or - `stable` - type: string - required: - - entries - - name - type: object - type: array - defaultChannel: - description: DefaultChannel is, if specified, the name of the default - channel for the package. The default channel will be installed if - no other channel is explicitly given. If the package has a single - channel, then that channel is implicitly the default. - type: string - description: - description: Description is the description of the package - type: string - icon: - description: Icon is the Base64data image of the package for console - display - properties: - base64data: - type: string - mediatype: - type: string - type: object - required: - - catalogSource - - channels - - defaultChannel - - description - type: object - status: - description: PackageStatus defines the observed state of Package - type: object - type: object - served: true - storage: true diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 771d2ced..bd3f7181 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -38,11 +38,6 @@ spec: spec: securityContext: runAsNonRoot: true - # TODO(user): For common cases that do not require escalating privileges - # it is recommended to ensure that all your Pods/Containers are restrictive. - # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted - # Please uncomment the following code if your project does NOT have to work on old Kubernetes - # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ). seccompProfile: type: RuntimeDefault containers: @@ -69,8 +64,6 @@ spec: port: 8081 initialDelaySeconds: 5 periodSeconds: 10 - # TODO(user): Configure the resources accordingly based on the project requirements. - # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ resources: limits: cpu: 1000m