From 6c7c241a167f1e425298be13258815b34fc6f8d2 Mon Sep 17 00:00:00 2001 From: Jordi Gil Date: Wed, 28 Aug 2024 17:05:24 -0400 Subject: [PATCH] Documentation for 1.2 Signed-off-by: Jordi Gil --- .gitignore | 30 +- .tekton/operator-bundle-pull-request.yaml | 422 ------ .tekton/operator-bundle-push.yaml | 419 ----- .tekton/operator-controller-pull-request.yaml | 450 ------ .tekton/operator-controller-push.yaml | 448 ------ Dockerfile | 31 - LICENSE | 201 --- Makefile | 228 --- PROJECT | 20 - README.md | 242 ++- bundle.Dockerfile | 20 - bundle.konflux.Dockerfile | 66 - ...c.authorization.k8s.io_v1_clusterrole.yaml | 17 - ...chestrator-metrics-service_v1_service.yaml | 23 - ...trator-operator.clusterserviceversion.yaml | 525 ------- ...rchestrator.parodos.dev_orchestrators.yaml | 518 ------- bundle/metadata/annotations.yaml | 14 - bundle/tests/scorecard/config.yaml | 70 - ...rchestrator.parodos.dev_orchestrators.yaml | 468 ------ config/crd/kustomization.yaml | 6 - config/default/kustomization.yaml | 30 - config/default/manager_auth_proxy_patch.yaml | 40 - config/default/manager_config_patch.yaml | 10 - config/manager/kustomization.yaml | 8 - config/manager/manager.yaml | 101 -- ...trator-operator.clusterserviceversion.yaml | 83 - config/manifests/kustomization.yaml | 9 - config/prometheus/kustomization.yaml | 2 - config/prometheus/monitor.yaml | 26 - .../rbac/auth_proxy_client_clusterrole.yaml | 16 - config/rbac/auth_proxy_role.yaml | 24 - config/rbac/auth_proxy_role_binding.yaml | 19 - config/rbac/auth_proxy_service.yaml | 21 - config/rbac/kustomization.yaml | 18 - config/rbac/leader_election_role.yaml | 44 - config/rbac/leader_election_role_binding.yaml | 19 - config/rbac/orchestrator_editor_role.yaml | 31 - config/rbac/orchestrator_viewer_role.yaml | 27 - config/rbac/role.yaml | 226 --- config/rbac/role_binding.yaml | 19 - config/rbac/service_account.yaml | 12 - config/samples/kustomization.yaml | 4 - .../orchestrator_v1alpha1_orchestrator.yaml | 105 -- config/scorecard/bases/config.yaml | 7 - config/scorecard/kustomization.yaml | 16 - config/scorecard/patches/basic.config.yaml | 10 - config/scorecard/patches/olm.config.yaml | 50 - gitops/README.md | 152 ++ gitops/resources/argocd-example.yaml | 65 + helm-charts/orchestrator/Chart.yaml | 28 - helm-charts/orchestrator/README.md | 92 -- helm-charts/orchestrator/templates/NOTES.txt | 132 -- .../templates/_cr_lifecycle_helper.tpl | 143 -- .../orchestrator/templates/_helpers.tpl | 140 -- .../templates/argocd-project.yaml | 14 - .../templates/network-policies.yaml | 21 - .../templates/openshift-serverless.yaml | 86 -- .../templates/release-candidate.yaml | 104 -- .../orchestrator/templates/rhdh-operator.yaml | 331 ---- .../templates/sonataflow-operator.yaml | 32 - .../orchestrator/templates/sonataflows.yaml | 72 - .../templates/tekton-pipeline.yaml | 164 -- .../orchestrator/templates/tekton-tasks.yaml | 246 --- helm-charts/orchestrator/values-rc.yaml | 40 - .../orchestrator/values-rh-postgres.yaml | 8 - helm-charts/orchestrator/values.schema.json | 1349 ----------------- helm-charts/orchestrator/values.yaml | 110 -- postgresql/README.md | 72 + watches.yaml | 7 - 69 files changed, 485 insertions(+), 8118 deletions(-) delete mode 100644 .tekton/operator-bundle-pull-request.yaml delete mode 100644 .tekton/operator-bundle-push.yaml delete mode 100644 .tekton/operator-controller-pull-request.yaml delete mode 100644 .tekton/operator-controller-push.yaml delete mode 100644 Dockerfile delete mode 100644 LICENSE delete mode 100644 Makefile delete mode 100644 PROJECT delete mode 100644 bundle.Dockerfile delete mode 100644 bundle.konflux.Dockerfile delete mode 100644 bundle/manifests/orchestrator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml delete mode 100644 bundle/manifests/orchestrator-metrics-service_v1_service.yaml delete mode 100644 bundle/manifests/orchestrator-operator.clusterserviceversion.yaml delete mode 100644 bundle/manifests/orchestrator.parodos.dev_orchestrators.yaml delete mode 100644 bundle/metadata/annotations.yaml delete mode 100644 bundle/tests/scorecard/config.yaml delete mode 100644 config/crd/bases/orchestrator.parodos.dev_orchestrators.yaml delete mode 100644 config/crd/kustomization.yaml delete mode 100644 config/default/kustomization.yaml delete mode 100644 config/default/manager_auth_proxy_patch.yaml delete mode 100644 config/default/manager_config_patch.yaml delete mode 100644 config/manager/kustomization.yaml delete mode 100644 config/manager/manager.yaml delete mode 100644 config/manifests/bases/orchestrator-operator.clusterserviceversion.yaml delete mode 100644 config/manifests/kustomization.yaml delete mode 100644 config/prometheus/kustomization.yaml delete mode 100644 config/prometheus/monitor.yaml delete mode 100644 config/rbac/auth_proxy_client_clusterrole.yaml delete mode 100644 config/rbac/auth_proxy_role.yaml delete mode 100644 config/rbac/auth_proxy_role_binding.yaml delete mode 100644 config/rbac/auth_proxy_service.yaml delete mode 100644 config/rbac/kustomization.yaml delete mode 100644 config/rbac/leader_election_role.yaml delete mode 100644 config/rbac/leader_election_role_binding.yaml delete mode 100644 config/rbac/orchestrator_editor_role.yaml delete mode 100644 config/rbac/orchestrator_viewer_role.yaml delete mode 100644 config/rbac/role.yaml delete mode 100644 config/rbac/role_binding.yaml delete mode 100644 config/rbac/service_account.yaml delete mode 100644 config/samples/kustomization.yaml delete mode 100644 config/samples/orchestrator_v1alpha1_orchestrator.yaml delete mode 100644 config/scorecard/bases/config.yaml delete mode 100644 config/scorecard/kustomization.yaml delete mode 100644 config/scorecard/patches/basic.config.yaml delete mode 100644 config/scorecard/patches/olm.config.yaml create mode 100644 gitops/README.md create mode 100644 gitops/resources/argocd-example.yaml delete mode 100644 helm-charts/orchestrator/Chart.yaml delete mode 100644 helm-charts/orchestrator/README.md delete mode 100644 helm-charts/orchestrator/templates/NOTES.txt delete mode 100644 helm-charts/orchestrator/templates/_cr_lifecycle_helper.tpl delete mode 100644 helm-charts/orchestrator/templates/_helpers.tpl delete mode 100644 helm-charts/orchestrator/templates/argocd-project.yaml delete mode 100644 helm-charts/orchestrator/templates/network-policies.yaml delete mode 100644 helm-charts/orchestrator/templates/openshift-serverless.yaml delete mode 100644 helm-charts/orchestrator/templates/release-candidate.yaml delete mode 100644 helm-charts/orchestrator/templates/rhdh-operator.yaml delete mode 100644 helm-charts/orchestrator/templates/sonataflow-operator.yaml delete mode 100644 helm-charts/orchestrator/templates/sonataflows.yaml delete mode 100644 helm-charts/orchestrator/templates/tekton-pipeline.yaml delete mode 100644 helm-charts/orchestrator/templates/tekton-tasks.yaml delete mode 100644 helm-charts/orchestrator/values-rc.yaml delete mode 100644 helm-charts/orchestrator/values-rh-postgres.yaml delete mode 100644 helm-charts/orchestrator/values.schema.json delete mode 100644 helm-charts/orchestrator/values.yaml create mode 100644 postgresql/README.md delete mode 100644 watches.yaml diff --git a/.gitignore b/.gitignore index de170c38..0eac709f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,28 +1,6 @@ - -# Binaries for programs and plugins -*.exe -*.exe~ -*.dll -*.so -*.dylib - -# Test binary, built with `go test -c` -*.test - -# Output of the go coverage tool, specifically when used with LiteIDE -*.out - -# Dependency directories (remove the comment below to include it) -# vendor/ - -# Go workspace file -go.work +### macOS ### .DS_Store - -bin - -# editor and IDE paraphernalia +.AppleDouble +.LSOverride .idea -*.swp -*.swo -*~ \ No newline at end of file + diff --git a/.tekton/operator-bundle-pull-request.yaml b/.tekton/operator-bundle-pull-request.yaml deleted file mode 100644 index cb9a5aa9..00000000 --- a/.tekton/operator-bundle-pull-request.yaml +++ /dev/null @@ -1,422 +0,0 @@ -apiVersion: tekton.dev/v1 -kind: PipelineRun -metadata: - annotations: - build.appstudio.openshift.io/repo: https://github.com/parodos-dev/orchestrator-helm-operator?rev={{revision}} - build.appstudio.redhat.com/commit_sha: '{{revision}}' - build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' - build.appstudio.redhat.com/target_branch: '{{target_branch}}' - pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "main" && ( "bundle/***".pathChanged() || ".tekton/operator-bundle-pull-request.yaml".pathChanged() || "bundle.konflux.Dockerfile".pathChanged() ) - creationTimestamp: null - labels: - appstudio.openshift.io/application: helm-operator - appstudio.openshift.io/component: operator-bundle - pipelines.appstudio.openshift.io/type: build - name: operator-bundle-on-pull-request - namespace: orchestrator-releng-tenant -spec: - params: - - name: git-url - value: '{{source_url}}' - - name: revision - value: '{{revision}}' - - name: output-image - value: quay.io/redhat-user-workloads/orchestrator-releng-tenant/helm-operator/operator-bundle:on-pr-{{revision}} - - name: image-expires-after - value: 5d - - name: dockerfile - value: bundle.konflux.Dockerfile - pipelineSpec: - finally: - - name: show-sbom - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - taskRef: - params: - - name: name - value: show-sbom - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:9bfc6b99ef038800fe131d7b45ff3cd4da3a415dd536f7c657b3527b01c4a13b - - name: kind - value: task - resolver: bundles - - name: show-summary - params: - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: git-url - value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) - - name: image-url - value: $(params.output-image) - - name: build-task-status - value: $(tasks.build-container.status) - taskRef: - params: - - name: name - value: summary - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:d97c04ab42f277b1103eb6f3a053b247849f4f5b3237ea302a8ecada3b24e15b - - name: kind - value: task - resolver: bundles - workspaces: - - name: workspace - workspace: workspace - params: - - description: Source Repository URL - name: git-url - type: string - - default: "" - description: Revision of the Source Repository - name: revision - type: string - - description: Fully Qualified Output Image - name: output-image - type: string - - default: . - description: Path to the source code of an application's component from where to build image. - name: path-context - type: string - - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter path-context - name: dockerfile - type: string - - default: "false" - description: Force rebuild image - name: rebuild - type: string - - default: "false" - description: Skip checks against built image - name: skip-checks - type: string - - default: "false" - description: Execute the build with network isolation - name: hermetic - type: string - - default: "" - description: Build dependencies to be prefetched by Cachi2 - name: prefetch-input - type: string - - default: "false" - description: Java build - name: java - type: string - - default: "" - description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. - name: image-expires-after - - default: "true" - description: Build a source image. - name: build-source-image - type: string - - default: [] - description: Array of --build-arg values ("arg=value" strings) for buildah - name: build-args - type: array - - default: "" - description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file - name: build-args-file - type: string - results: - - description: "" - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - description: "" - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - - description: "" - name: CHAINS-GIT_URL - value: $(tasks.clone-repository.results.url) - - description: "" - name: CHAINS-GIT_COMMIT - value: $(tasks.clone-repository.results.commit) - - description: "" - name: JAVA_COMMUNITY_DEPENDENCIES - value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) - tasks: - - name: init - params: - - name: image-url - value: $(params.output-image) - - name: rebuild - value: $(params.rebuild) - - name: skip-checks - value: $(params.skip-checks) - taskRef: - params: - - name: name - value: init - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:092c113b614f6551113f17605ae9cb7e822aa704d07f0e37ed209da23ce392cc - - name: kind - value: task - resolver: bundles - - name: clone-repository - params: - - name: url - value: $(params.git-url) - - name: revision - value: $(params.revision) - runAfter: - - init - taskRef: - params: - - name: name - value: git-clone - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:0bb1be8363557e8e07ec34a3c5daaaaa23c9d533f0bb12f00dc604d00de50814 - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: output - workspace: workspace - - name: basic-auth - workspace: git-auth - - name: prefetch-dependencies - params: - - name: input - value: $(params.prefetch-input) - runAfter: - - clone-repository - taskRef: - params: - - name: name - value: prefetch-dependencies - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:058a59f72997c9cf1be20978eb6a145d8d4d436c6098f2460bd96766bb363b20 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.prefetch-input) - operator: notin - values: - - "" - workspaces: - - name: source - workspace: workspace - - name: git-basic-auth - workspace: git-auth - - name: build-container - params: - - name: IMAGE - value: $(params.output-image) - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: HERMETIC - value: $(params.hermetic) - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - name: IMAGE_EXPIRES_AFTER - value: $(params.image-expires-after) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - - name: BUILD_ARGS - value: - - $(params.build-args[*]) - - name: BUILD_ARGS_FILE - value: $(params.build-args-file) - runAfter: - - prefetch-dependencies - taskRef: - params: - - name: name - value: buildah - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.2@sha256:83db74702b5f0d714b3aae066faa5037d3f096f9fa108d18c0e78317fa35f1fd - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: source - workspace: workspace - - name: build-source-image - params: - - name: BINARY_IMAGE - value: $(params.output-image) - runAfter: - - build-container - taskRef: - params: - - name: name - value: source-build - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:21cb5ebaff7a9216903cf78933dc4ec4dd6283a52636b16590a5f52ceb278269 - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - - input: $(params.build-source-image) - operator: in - values: - - "true" - workspaces: - - name: workspace - workspace: workspace - - name: deprecated-base-image-check - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - runAfter: - - build-container - taskRef: - params: - - name: name - value: deprecated-image-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:d98fa9daf5ee12dfbf00880b83d092d01ce9994d79836548d2f82748bb0c64a2 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: clair-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: clair-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1@sha256:baea4be429cf8d91f7c758378cea42819fe324f25a7f957bf9805409cab6d123 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sast-snyk-check - runAfter: - - build-container - taskRef: - params: - - name: name - value: sast-snyk-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2@sha256:82c42d27c9c59db6cf6c235e89f7b37f5cdfc75d0d361ca0ee91ae703ba72301 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: workspace - workspace: workspace - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - - name: clamav-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: clamav-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:7bb17b937c9342f305468e8a6d0a22493e3ecde58977bd2ffc8b50e2fa234d58 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sbom-json-check - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - runAfter: - - build-container - taskRef: - params: - - name: name - value: sbom-json-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.2@sha256:d4eee0cfef2069273752f6d27088b147ae6eac5f5db45e481efb4ae1a07883f6 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: apply-tags - params: - - name: IMAGE - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: apply-tags - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:e6beb161ed59d7be26317da03e172137b31b26648d3e139558e9a457bc56caff - - name: kind - value: task - resolver: bundles - workspaces: - - name: workspace - - name: git-auth - optional: true - taskRunTemplate: {} - workspaces: - - name: workspace - volumeClaimTemplate: - metadata: - creationTimestamp: null - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - status: {} - - name: git-auth - secret: - secretName: '{{ git_auth_secret }}' -status: {} diff --git a/.tekton/operator-bundle-push.yaml b/.tekton/operator-bundle-push.yaml deleted file mode 100644 index 675549fd..00000000 --- a/.tekton/operator-bundle-push.yaml +++ /dev/null @@ -1,419 +0,0 @@ -apiVersion: tekton.dev/v1 -kind: PipelineRun -metadata: - annotations: - build.appstudio.openshift.io/repo: https://github.com/parodos-dev/orchestrator-helm-operator?rev={{revision}} - build.appstudio.redhat.com/commit_sha: '{{revision}}' - build.appstudio.redhat.com/target_branch: '{{target_branch}}' - pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "main" && ( "bundle/***".pathChanged() || ".tekton/operator-bundle-push.yaml".pathChanged() || "bundle.konflux.Dockerfile".pathChanged() ) - creationTimestamp: null - labels: - appstudio.openshift.io/application: helm-operator - appstudio.openshift.io/component: operator-bundle - pipelines.appstudio.openshift.io/type: build - name: operator-bundle-on-push - namespace: orchestrator-releng-tenant -spec: - params: - - name: git-url - value: '{{source_url}}' - - name: revision - value: '{{revision}}' - - name: output-image - value: quay.io/redhat-user-workloads/orchestrator-releng-tenant/helm-operator/operator-bundle:{{revision}} - - name: dockerfile - value: bundle.konflux.Dockerfile - pipelineSpec: - finally: - - name: show-sbom - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - taskRef: - params: - - name: name - value: show-sbom - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:9bfc6b99ef038800fe131d7b45ff3cd4da3a415dd536f7c657b3527b01c4a13b - - name: kind - value: task - resolver: bundles - - name: show-summary - params: - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: git-url - value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) - - name: image-url - value: $(params.output-image) - - name: build-task-status - value: $(tasks.build-container.status) - taskRef: - params: - - name: name - value: summary - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:d97c04ab42f277b1103eb6f3a053b247849f4f5b3237ea302a8ecada3b24e15b - - name: kind - value: task - resolver: bundles - workspaces: - - name: workspace - workspace: workspace - params: - - description: Source Repository URL - name: git-url - type: string - - default: "" - description: Revision of the Source Repository - name: revision - type: string - - description: Fully Qualified Output Image - name: output-image - type: string - - default: . - description: Path to the source code of an application's component from where to build image. - name: path-context - type: string - - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter path-context - name: dockerfile - type: string - - default: "false" - description: Force rebuild image - name: rebuild - type: string - - default: "false" - description: Skip checks against built image - name: skip-checks - type: string - - default: "false" - description: Execute the build with network isolation - name: hermetic - type: string - - default: "" - description: Build dependencies to be prefetched by Cachi2 - name: prefetch-input - type: string - - default: "false" - description: Java build - name: java - type: string - - default: "" - description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. - name: image-expires-after - - default: "true" - description: Build a source image. - name: build-source-image - type: string - - default: [] - description: Array of --build-arg values ("arg=value" strings) for buildah - name: build-args - type: array - - default: "" - description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file - name: build-args-file - type: string - results: - - description: "" - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - description: "" - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - - description: "" - name: CHAINS-GIT_URL - value: $(tasks.clone-repository.results.url) - - description: "" - name: CHAINS-GIT_COMMIT - value: $(tasks.clone-repository.results.commit) - - description: "" - name: JAVA_COMMUNITY_DEPENDENCIES - value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) - tasks: - - name: init - params: - - name: image-url - value: $(params.output-image) - - name: rebuild - value: $(params.rebuild) - - name: skip-checks - value: $(params.skip-checks) - taskRef: - params: - - name: name - value: init - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:092c113b614f6551113f17605ae9cb7e822aa704d07f0e37ed209da23ce392cc - - name: kind - value: task - resolver: bundles - - name: clone-repository - params: - - name: url - value: $(params.git-url) - - name: revision - value: $(params.revision) - runAfter: - - init - taskRef: - params: - - name: name - value: git-clone - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:0bb1be8363557e8e07ec34a3c5daaaaa23c9d533f0bb12f00dc604d00de50814 - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: output - workspace: workspace - - name: basic-auth - workspace: git-auth - - name: prefetch-dependencies - params: - - name: input - value: $(params.prefetch-input) - runAfter: - - clone-repository - taskRef: - params: - - name: name - value: prefetch-dependencies - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:058a59f72997c9cf1be20978eb6a145d8d4d436c6098f2460bd96766bb363b20 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.prefetch-input) - operator: notin - values: - - "" - workspaces: - - name: source - workspace: workspace - - name: git-basic-auth - workspace: git-auth - - name: build-container - params: - - name: IMAGE - value: $(params.output-image) - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: HERMETIC - value: $(params.hermetic) - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - name: IMAGE_EXPIRES_AFTER - value: $(params.image-expires-after) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - - name: BUILD_ARGS - value: - - $(params.build-args[*]) - - name: BUILD_ARGS_FILE - value: $(params.build-args-file) - runAfter: - - prefetch-dependencies - taskRef: - params: - - name: name - value: buildah - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.2@sha256:83db74702b5f0d714b3aae066faa5037d3f096f9fa108d18c0e78317fa35f1fd - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: source - workspace: workspace - - name: build-source-image - params: - - name: BINARY_IMAGE - value: $(params.output-image) - runAfter: - - build-container - taskRef: - params: - - name: name - value: source-build - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:21cb5ebaff7a9216903cf78933dc4ec4dd6283a52636b16590a5f52ceb278269 - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - - input: $(params.build-source-image) - operator: in - values: - - "true" - workspaces: - - name: workspace - workspace: workspace - - name: deprecated-base-image-check - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - runAfter: - - build-container - taskRef: - params: - - name: name - value: deprecated-image-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:d98fa9daf5ee12dfbf00880b83d092d01ce9994d79836548d2f82748bb0c64a2 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: clair-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: clair-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1@sha256:baea4be429cf8d91f7c758378cea42819fe324f25a7f957bf9805409cab6d123 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sast-snyk-check - runAfter: - - build-container - taskRef: - params: - - name: name - value: sast-snyk-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2@sha256:82c42d27c9c59db6cf6c235e89f7b37f5cdfc75d0d361ca0ee91ae703ba72301 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: workspace - workspace: workspace - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - - name: clamav-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: clamav-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:7bb17b937c9342f305468e8a6d0a22493e3ecde58977bd2ffc8b50e2fa234d58 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sbom-json-check - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - runAfter: - - build-container - taskRef: - params: - - name: name - value: sbom-json-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.2@sha256:d4eee0cfef2069273752f6d27088b147ae6eac5f5db45e481efb4ae1a07883f6 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: apply-tags - params: - - name: IMAGE - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: apply-tags - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:e6beb161ed59d7be26317da03e172137b31b26648d3e139558e9a457bc56caff - - name: kind - value: task - resolver: bundles - workspaces: - - name: workspace - - name: git-auth - optional: true - taskRunTemplate: {} - workspaces: - - name: workspace - volumeClaimTemplate: - metadata: - creationTimestamp: null - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - status: {} - - name: git-auth - secret: - secretName: '{{ git_auth_secret }}' -status: {} diff --git a/.tekton/operator-controller-pull-request.yaml b/.tekton/operator-controller-pull-request.yaml deleted file mode 100644 index ef6e3095..00000000 --- a/.tekton/operator-controller-pull-request.yaml +++ /dev/null @@ -1,450 +0,0 @@ -apiVersion: tekton.dev/v1 -kind: PipelineRun -metadata: - annotations: - build.appstudio.openshift.io/repo: https://github.com/parodos-dev/orchestrator-helm-operator?rev={{revision}} - build.appstudio.redhat.com/commit_sha: '{{revision}}' - build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' - build.appstudio.redhat.com/target_branch: '{{target_branch}}' - pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "main" && ("Makefile".pathChanged() || "Dockerfile".pathChanged() || "config/***".pathChanged() || "helm-charts/***".pathChanged() || ".tekton/operator-controller-pull-request.yaml".pathChanged()) - creationTimestamp: null - labels: - appstudio.openshift.io/application: helm-operator - appstudio.openshift.io/component: operator-controller - pipelines.appstudio.openshift.io/type: build - name: operator-controller-on-pull-request - namespace: orchestrator-releng-tenant -spec: - params: - - name: git-url - value: '{{source_url}}' - - name: revision - value: '{{revision}}' - - name: output-image - value: quay.io/redhat-user-workloads/orchestrator-releng-tenant/helm-operator/operator-controller:on-pr-{{revision}} - - name: image-expires-after - value: 5d - - name: dockerfile - value: Dockerfile - pipelineSpec: - finally: - - name: show-sbom - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - taskRef: - params: - - name: name - value: show-sbom - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:9bfc6b99ef038800fe131d7b45ff3cd4da3a415dd536f7c657b3527b01c4a13b - - name: kind - value: task - resolver: bundles - - name: show-summary - params: - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: git-url - value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) - - name: image-url - value: $(params.output-image) - - name: build-task-status - value: $(tasks.build-container.status) - taskRef: - params: - - name: name - value: summary - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:d97c04ab42f277b1103eb6f3a053b247849f4f5b3237ea302a8ecada3b24e15b - - name: kind - value: task - resolver: bundles - workspaces: - - name: workspace - workspace: workspace - params: - - description: Source Repository URL - name: git-url - type: string - - default: "" - description: Revision of the Source Repository - name: revision - type: string - - description: Fully Qualified Output Image - name: output-image - type: string - - default: . - description: Path to the source code of an application's component from where to build image. - name: path-context - type: string - - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter path-context - name: dockerfile - type: string - - default: "false" - description: Force rebuild image - name: rebuild - type: string - - default: "false" - description: Skip checks against built image - name: skip-checks - type: string - - default: "false" - description: Execute the build with network isolation - name: hermetic - type: string - - default: "" - description: Build dependencies to be prefetched by Cachi2 - name: prefetch-input - type: string - - default: "false" - description: Java build - name: java - type: string - - default: "" - description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. - name: image-expires-after - - default: "true" - description: Build a source image. - name: build-source-image - type: string - - default: [] - description: Array of --build-arg values ("arg=value" strings) for buildah - name: build-args - type: array - - default: "" - description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file - name: build-args-file - type: string - results: - - description: "" - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - description: "" - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - - description: "" - name: CHAINS-GIT_URL - value: $(tasks.clone-repository.results.url) - - description: "" - name: CHAINS-GIT_COMMIT - value: $(tasks.clone-repository.results.commit) - - description: "" - name: JAVA_COMMUNITY_DEPENDENCIES - value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) - tasks: - - name: init - params: - - name: image-url - value: $(params.output-image) - - name: rebuild - value: $(params.rebuild) - - name: skip-checks - value: $(params.skip-checks) - taskRef: - params: - - name: name - value: init - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:092c113b614f6551113f17605ae9cb7e822aa704d07f0e37ed209da23ce392cc - - name: kind - value: task - resolver: bundles - - name: clone-repository - params: - - name: url - value: $(params.git-url) - - name: revision - value: $(params.revision) - runAfter: - - init - taskRef: - params: - - name: name - value: git-clone - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:0bb1be8363557e8e07ec34a3c5daaaaa23c9d533f0bb12f00dc604d00de50814 - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: output - workspace: workspace - - name: basic-auth - workspace: git-auth - - name: prefetch-dependencies - params: - - name: input - value: $(params.prefetch-input) - runAfter: - - clone-repository - taskRef: - params: - - name: name - value: prefetch-dependencies - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:058a59f72997c9cf1be20978eb6a145d8d4d436c6098f2460bd96766bb363b20 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.prefetch-input) - operator: notin - values: - - "" - workspaces: - - name: source - workspace: workspace - - name: git-basic-auth - workspace: git-auth - - name: netrc - workspace: netrc - - name: build-container - params: - - name: IMAGE - value: $(params.output-image) - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: HERMETIC - value: $(params.hermetic) - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - name: IMAGE_EXPIRES_AFTER - value: $(params.image-expires-after) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - - name: BUILD_ARGS - value: - - $(params.build-args[*]) - - name: BUILD_ARGS_FILE - value: $(params.build-args-file) - runAfter: - - prefetch-dependencies - taskRef: - params: - - name: name - value: buildah - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.2@sha256:83db74702b5f0d714b3aae066faa5037d3f096f9fa108d18c0e78317fa35f1fd - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: source - workspace: workspace - - name: build-source-image - params: - - name: BINARY_IMAGE - value: $(params.output-image) - runAfter: - - build-container - taskRef: - params: - - name: name - value: source-build - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:21cb5ebaff7a9216903cf78933dc4ec4dd6283a52636b16590a5f52ceb278269 - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - - input: $(params.build-source-image) - operator: in - values: - - "true" - workspaces: - - name: workspace - workspace: workspace - - name: deprecated-base-image-check - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - runAfter: - - build-container - taskRef: - params: - - name: name - value: deprecated-image-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:d98fa9daf5ee12dfbf00880b83d092d01ce9994d79836548d2f82748bb0c64a2 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: clair-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: clair-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1@sha256:baea4be429cf8d91f7c758378cea42819fe324f25a7f957bf9805409cab6d123 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sast-snyk-check - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: sast-snyk-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2@sha256:82c42d27c9c59db6cf6c235e89f7b37f5cdfc75d0d361ca0ee91ae703ba72301 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: workspace - workspace: workspace - - name: clamav-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: clamav-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:7bb17b937c9342f305468e8a6d0a22493e3ecde58977bd2ffc8b50e2fa234d58 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sbom-json-check - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - runAfter: - - build-container - taskRef: - params: - - name: name - value: sbom-json-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.2@sha256:d4eee0cfef2069273752f6d27088b147ae6eac5f5db45e481efb4ae1a07883f6 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: apply-tags - params: - - name: IMAGE - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: apply-tags - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:e6beb161ed59d7be26317da03e172137b31b26648d3e139558e9a457bc56caff - - name: kind - value: task - resolver: bundles - - name: push-dockerfile - params: - - name: IMAGE - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - runAfter: - - build-container - taskRef: - params: - - name: name - value: push-dockerfile - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:92d63edd09636f97961ca18fac14b67935179d2c14b4a4d5f8087c614e8c2bd9 - - name: kind - value: task - resolver: bundles - workspaces: - - name: workspace - workspace: workspace - workspaces: - - name: workspace - - name: git-auth - optional: true - - name: netrc - optional: true - taskRunTemplate: {} - workspaces: - - name: workspace - volumeClaimTemplate: - metadata: - creationTimestamp: null - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - status: {} - - name: git-auth - secret: - secretName: '{{ git_auth_secret }}' -status: {} diff --git a/.tekton/operator-controller-push.yaml b/.tekton/operator-controller-push.yaml deleted file mode 100644 index 9098bc06..00000000 --- a/.tekton/operator-controller-push.yaml +++ /dev/null @@ -1,448 +0,0 @@ -apiVersion: tekton.dev/v1 -kind: PipelineRun -metadata: - annotations: - build.appstudio.openshift.io/repo: https://github.com/parodos-dev/orchestrator-helm-operator?rev={{revision}} - build.appstudio.redhat.com/commit_sha: '{{revision}}' - build.appstudio.redhat.com/target_branch: '{{target_branch}}' - pipelinesascode.tekton.dev/max-keep-runs: "3" - build.appstudio.openshift.io/build-nudge-files: bundle.konflux.Dockerfile, .*.yaml - pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "main" && ("Makefile".pathChanged() || "Dockerfile".pathChanged() || "config/***".pathChanged() || "helm-charts/***".pathChanged() || ".tekton/operator-controller-push.yaml".pathChanged()) - creationTimestamp: null - labels: - appstudio.openshift.io/application: helm-operator - appstudio.openshift.io/component: operator-controller - pipelines.appstudio.openshift.io/type: build - name: operator-controller-on-push - namespace: orchestrator-releng-tenant -spec: - params: - - name: git-url - value: '{{source_url}}' - - name: revision - value: '{{revision}}' - - name: output-image - value: quay.io/redhat-user-workloads/orchestrator-releng-tenant/helm-operator/operator-controller:{{revision}} - - name: dockerfile - value: Dockerfile - pipelineSpec: - finally: - - name: show-sbom - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - taskRef: - params: - - name: name - value: show-sbom - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:9bfc6b99ef038800fe131d7b45ff3cd4da3a415dd536f7c657b3527b01c4a13b - - name: kind - value: task - resolver: bundles - - name: show-summary - params: - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: git-url - value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) - - name: image-url - value: $(params.output-image) - - name: build-task-status - value: $(tasks.build-container.status) - taskRef: - params: - - name: name - value: summary - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:d97c04ab42f277b1103eb6f3a053b247849f4f5b3237ea302a8ecada3b24e15b - - name: kind - value: task - resolver: bundles - workspaces: - - name: workspace - workspace: workspace - params: - - description: Source Repository URL - name: git-url - type: string - - default: "" - description: Revision of the Source Repository - name: revision - type: string - - description: Fully Qualified Output Image - name: output-image - type: string - - default: . - description: Path to the source code of an application's component from where to build image. - name: path-context - type: string - - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter path-context - name: dockerfile - type: string - - default: "false" - description: Force rebuild image - name: rebuild - type: string - - default: "false" - description: Skip checks against built image - name: skip-checks - type: string - - default: "false" - description: Execute the build with network isolation - name: hermetic - type: string - - default: "" - description: Build dependencies to be prefetched by Cachi2 - name: prefetch-input - type: string - - default: "false" - description: Java build - name: java - type: string - - default: "" - description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. - name: image-expires-after - - default: "true" - description: Build a source image. - name: build-source-image - type: string - - default: [] - description: Array of --build-arg values ("arg=value" strings) for buildah - name: build-args - type: array - - default: "" - description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file - name: build-args-file - type: string - results: - - description: "" - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - description: "" - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - - description: "" - name: CHAINS-GIT_URL - value: $(tasks.clone-repository.results.url) - - description: "" - name: CHAINS-GIT_COMMIT - value: $(tasks.clone-repository.results.commit) - - description: "" - name: JAVA_COMMUNITY_DEPENDENCIES - value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) - tasks: - - name: init - params: - - name: image-url - value: $(params.output-image) - - name: rebuild - value: $(params.rebuild) - - name: skip-checks - value: $(params.skip-checks) - taskRef: - params: - - name: name - value: init - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:092c113b614f6551113f17605ae9cb7e822aa704d07f0e37ed209da23ce392cc - - name: kind - value: task - resolver: bundles - - name: clone-repository - params: - - name: url - value: $(params.git-url) - - name: revision - value: $(params.revision) - runAfter: - - init - taskRef: - params: - - name: name - value: git-clone - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:0bb1be8363557e8e07ec34a3c5daaaaa23c9d533f0bb12f00dc604d00de50814 - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: output - workspace: workspace - - name: basic-auth - workspace: git-auth - - name: prefetch-dependencies - params: - - name: input - value: $(params.prefetch-input) - runAfter: - - clone-repository - taskRef: - params: - - name: name - value: prefetch-dependencies - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:058a59f72997c9cf1be20978eb6a145d8d4d436c6098f2460bd96766bb363b20 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.prefetch-input) - operator: notin - values: - - "" - workspaces: - - name: source - workspace: workspace - - name: git-basic-auth - workspace: git-auth - - name: netrc - workspace: netrc - - name: build-container - params: - - name: IMAGE - value: $(params.output-image) - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: HERMETIC - value: $(params.hermetic) - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - name: IMAGE_EXPIRES_AFTER - value: $(params.image-expires-after) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - - name: BUILD_ARGS - value: - - $(params.build-args[*]) - - name: BUILD_ARGS_FILE - value: $(params.build-args-file) - runAfter: - - prefetch-dependencies - taskRef: - params: - - name: name - value: buildah - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.2@sha256:83db74702b5f0d714b3aae066faa5037d3f096f9fa108d18c0e78317fa35f1fd - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: source - workspace: workspace - - name: build-source-image - params: - - name: BINARY_IMAGE - value: $(params.output-image) - runAfter: - - build-container - taskRef: - params: - - name: name - value: source-build - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:21cb5ebaff7a9216903cf78933dc4ec4dd6283a52636b16590a5f52ceb278269 - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - - input: $(params.build-source-image) - operator: in - values: - - "true" - workspaces: - - name: workspace - workspace: workspace - - name: deprecated-base-image-check - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - runAfter: - - build-container - taskRef: - params: - - name: name - value: deprecated-image-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:d98fa9daf5ee12dfbf00880b83d092d01ce9994d79836548d2f82748bb0c64a2 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: clair-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: clair-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1@sha256:baea4be429cf8d91f7c758378cea42819fe324f25a7f957bf9805409cab6d123 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sast-snyk-check - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: sast-snyk-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2@sha256:82c42d27c9c59db6cf6c235e89f7b37f5cdfc75d0d361ca0ee91ae703ba72301 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: workspace - workspace: workspace - - name: clamav-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: clamav-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:7bb17b937c9342f305468e8a6d0a22493e3ecde58977bd2ffc8b50e2fa234d58 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sbom-json-check - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - runAfter: - - build-container - taskRef: - params: - - name: name - value: sbom-json-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.2@sha256:d4eee0cfef2069273752f6d27088b147ae6eac5f5db45e481efb4ae1a07883f6 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: apply-tags - params: - - name: IMAGE - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: apply-tags - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:e6beb161ed59d7be26317da03e172137b31b26648d3e139558e9a457bc56caff - - name: kind - value: task - resolver: bundles - - name: push-dockerfile - params: - - name: IMAGE - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - runAfter: - - build-container - taskRef: - params: - - name: name - value: push-dockerfile - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:92d63edd09636f97961ca18fac14b67935179d2c14b4a4d5f8087c614e8c2bd9 - - name: kind - value: task - resolver: bundles - workspaces: - - name: workspace - workspace: workspace - workspaces: - - name: workspace - - name: git-auth - optional: true - - name: netrc - optional: true - taskRunTemplate: {} - workspaces: - - name: workspace - volumeClaimTemplate: - metadata: - creationTimestamp: null - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - status: {} - - name: git-auth - secret: - secretName: '{{ git_auth_secret }}' -status: {} diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 6aa4617c..00000000 --- a/Dockerfile +++ /dev/null @@ -1,31 +0,0 @@ -# Build the manager binary -FROM quay.io/orchestrator/helm-operator:v1.35.0-cve-fixes - - -LABEL com.redhat.component="RHDH Orchestrator Helm Operator" -LABEL distribution-scope="public" -LABEL name="rhdh-orchestrator-helm-operator-bundle" -LABEL release="1.2.0" -LABEL version="1.2.0" -LABEL maintainer="Red Hat jgil@redhat.com" -LABEL url="https://github.com/parodos-dev/orchestrator-helm-operator" -LABEL vendor="Red Hat, Inc." -LABEL description="RHDH Orchestrator introduces serverless asynchronous workflows to Backstage, \ - with a focus on facilitating the transition of applications to the cloud, \ - onboarding developers, and enabling users to create workflows for backstage \ - actions or external systems." -LABEL io.k8s.description="RHDH Orchestrator introduces serverless asynchronous workflows to Backstage, \ - with a focus on facilitating the transition of applications to the cloud, \ - onboarding developers, and enabling users to create workflows for backstage \ - actions or external systems." -LABEL summary="RHDH Orchestrator introduces serverless asynchronous workflows to Backstage, \ - with a focus on facilitating the transition of applications to the cloud, \ - onboarding developers, and enabling users to create workflows for backstage \ - actions or external systems." -LABEL io.k8s.display-name="RHDH Orchestrator Helm Operator" -LABEL io.openshift.tags="openshift,operator,rhdh,orchestrator" - -ENV HOME=/opt/helm -COPY watches.yaml ${HOME}/watches.yaml -COPY helm-charts ${HOME}/helm-charts -WORKDIR ${HOME} diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 261eeb9e..00000000 --- a/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/Makefile b/Makefile deleted file mode 100644 index e97200e5..00000000 --- a/Makefile +++ /dev/null @@ -1,228 +0,0 @@ -# VERSION defines the project version for the bundle. -# Update this value when you upgrade the version of your project. -# To re-generate a bundle for another specific version without changing the standard setup, you can: -# - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) -# - use environment variables to overwrite this value (e.g export VERSION=0.0.2) -VERSION ?= 1.2.0-rc10 - -# CHANNELS define the bundle channels used in the bundle. -# Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable") -# To re-generate a bundle for other specific channels without changing the standard setup, you can: -# - use the CHANNELS as arg of the bundle target (e.g make bundle CHANNELS=candidate,fast,stable) -# - use environment variables to overwrite this value (e.g export CHANNELS="candidate,fast,stable") -ifneq ($(origin CHANNELS), undefined) -BUNDLE_CHANNELS := --channels=$(CHANNELS) -endif - -# DEFAULT_CHANNEL defines the default channel used in the bundle. -# Add a new line here if you would like to change its default config. (E.g DEFAULT_CHANNEL = "stable") -# To re-generate a bundle for any other default channel without changing the default setup, you can: -# - use the DEFAULT_CHANNEL as arg of the bundle target (e.g make bundle DEFAULT_CHANNEL=stable) -# - use environment variables to overwrite this value (e.g export DEFAULT_CHANNEL="stable") -ifneq ($(origin DEFAULT_CHANNEL), undefined) -BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL) -endif -BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL) - -# IMAGE_TAG_BASE defines the docker.io namespace and part of the image name for remote images. -# This variable is used to construct full image tags for bundle and catalog images. -# -IMAGE_TAG_BASE ?= quay.io/orchestrator/orchestrator-operator - -# BUNDLE_IMG defines the image:tag used for the bundle. -# You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=/:) -BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION) - -# BUNDLE_GEN_FLAGS are the flags passed to the operator-sdk generate bundle command -BUNDLE_GEN_FLAGS ?= -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS) - -# USE_IMAGE_DIGESTS defines if images are resolved via tags or digests -# You can enable this value if you would like to use SHA Based Digests -# To enable set flag to true -USE_IMAGE_DIGESTS ?= false -ifeq ($(USE_IMAGE_DIGESTS), true) - BUNDLE_GEN_FLAGS += --use-image-digests -endif - -# Set the Operator SDK version to use. By default, what is installed on the system is used. -# This is useful for CI or a project to utilize a specific version of the operator-sdk toolkit. -OPERATOR_SDK_VERSION ?= v1.35.0 - -# Image URL to use all building/pushing image targets -IMG ?= $(IMAGE_TAG_BASE):$(VERSION) - -.PHONY: all -all: docker-build - -##@ General - -# The help target prints out all targets with their descriptions organized -# beneath their categories. The categories are represented by '##@' and the -# target descriptions by '##'. The awk commands is responsible for reading the -# entire set of makefiles included in this invocation, looking for lines of the -# file as xyz: ## something, and then pretty-format the target and help. Then, -# if there's a line with ##@ something, that gets pretty-printed as a category. -# More info on the usage of ANSI control characters for terminal formatting: -# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters -# More info on the awk command: -# http://linuxcommand.org/lc3_adv_awk.php - -.PHONY: help -help: ## Display this help. - @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) - -##@ Build - -.PHONY: run -run: helm-operator ## Run against the configured Kubernetes cluster in ~/.kube/config - $(HELM_OPERATOR) run - -.PHONY: docker-build -docker-build: ## Build docker image with the manager. - docker build -t ${IMG} . - -.PHONY: docker-push -docker-push: ## Push docker image with the manager. - docker push ${IMG} - -# PLATFORMS defines the target platforms for the manager image be build to provide support to multiple -# architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to: -# - able to use docker buildx . More info: https://docs.docker.com/build/buildx/ -# - have enable BuildKit, More info: https://docs.docker.com/develop/develop-images/build_enhancements/ -# - be able to push the image for your registry (i.e. if you do not inform a valid value via IMG=> than the export will fail) -# To properly provided solutions that supports more than one platform you should use this option. -PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le -.PHONY: docker-buildx -docker-buildx: test ## Build and push docker image for the manager for cross-platform support - # copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile - sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross - - docker buildx create --name project-v3-builder - docker buildx use project-v3-builder - - docker buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross . - - docker buildx rm project-v3-builder - rm Dockerfile.cross - -##@ Deployment - -.PHONY: install -install: kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. - $(KUSTOMIZE) build config/crd | kubectl apply -f - - -.PHONY: uninstall -uninstall: kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. - $(KUSTOMIZE) build config/crd | kubectl delete -f - - -.PHONY: deploy -deploy: kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. - cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} - $(KUSTOMIZE) build config/default | kubectl apply -f - - -.PHONY: undeploy -undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. - $(KUSTOMIZE) build config/default | kubectl delete -f - - -OS := $(shell uname -s | tr '[:upper:]' '[:lower:]') -ARCH := $(shell uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/') - -.PHONY: kustomize -KUSTOMIZE = $(shell pwd)/bin/kustomize -kustomize: ## Download kustomize locally if necessary. -ifeq (,$(wildcard $(KUSTOMIZE))) -ifeq (,$(shell which kustomize 2>/dev/null)) - @{ \ - set -e ;\ - mkdir -p $(dir $(KUSTOMIZE)) ;\ - curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v5.0.1/kustomize_v5.0.1_$(OS)_$(ARCH).tar.gz | \ - tar xzf - -C bin/ ;\ - } -else -KUSTOMIZE = $(shell which kustomize) -endif -endif - -.PHONY: helm-operator -HELM_OPERATOR = $(shell pwd)/bin/helm-operator -helm-operator: ## Download helm-operator locally if necessary, preferring the $(pwd)/bin path over global if both exist. -ifeq (,$(wildcard $(HELM_OPERATOR))) -ifeq (,$(shell which helm-operator 2>/dev/null)) - @{ \ - set -e ;\ - mkdir -p $(dir $(HELM_OPERATOR)) ;\ - curl -sSLo $(HELM_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.33.0/helm-operator_$(OS)_$(ARCH) ;\ - chmod +x $(HELM_OPERATOR) ;\ - } -else -HELM_OPERATOR = $(shell which helm-operator) -endif -endif - -.PHONY: operator-sdk -OPERATOR_SDK ?= ./bin/operator-sdk -operator-sdk: ## Download operator-sdk locally if necessary. -ifeq (,$(wildcard $(OPERATOR_SDK))) -ifeq (, $(shell which operator-sdk 2>/dev/null)) - @{ \ - set -e ;\ - mkdir -p $(dir $(OPERATOR_SDK)) ;\ - curl -sSLo $(OPERATOR_SDK) https://github.com/operator-framework/operator-sdk/releases/download/$(OPERATOR_SDK_VERSION)/operator-sdk_$(OS)_$(ARCH) ;\ - chmod +x $(OPERATOR_SDK) ;\ - } -else -OPERATOR_SDK = $(shell which operator-sdk) -endif -endif - -.PHONY: bundle -bundle: kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files. - $(OPERATOR_SDK) generate kustomize manifests -q - cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG) - $(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle $(BUNDLE_GEN_FLAGS) - $(OPERATOR_SDK) bundle validate ./bundle - -.PHONY: bundle-build -bundle-build: ## Build the bundle image. - docker build -f bundle.Dockerfile -t $(BUNDLE_IMG) . - -.PHONY: bundle-push -bundle-push: ## Push the bundle image. - $(MAKE) docker-push IMG=$(BUNDLE_IMG) - -.PHONY: opm -OPM = ./bin/opm -opm: ## Download opm locally if necessary. -ifeq (,$(wildcard $(OPM))) -ifeq (,$(shell which opm 2>/dev/null)) - @{ \ - set -e ;\ - mkdir -p $(dir $(OPM)) ;\ - curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.23.0/$(OS)-$(ARCH)-opm ;\ - chmod +x $(OPM) ;\ - } -else -OPM = $(shell which opm) -endif -endif - -# A comma-separated list of bundle images (e.g. make catalog-build BUNDLE_IMGS=example.com/operator-bundle:v0.1.0,example.com/operator-bundle:v0.2.0). -# These images MUST exist in a registry and be pull-able. -BUNDLE_IMGS ?= $(BUNDLE_IMG) - -# The image tag given to the resulting catalog image (e.g. make catalog-build CATALOG_IMG=example.com/operator-catalog:v0.2.0). -CATALOG_IMG ?= $(IMAGE_TAG_BASE)-catalog:v$(VERSION) - -# Set CATALOG_BASE_IMG to an existing catalog image tag to add $BUNDLE_IMGS to that image. -ifneq ($(origin CATALOG_BASE_IMG), undefined) -FROM_INDEX_OPT := --from-index $(CATALOG_BASE_IMG) -endif - -# Build a catalog image by adding bundle images to an empty catalog using the operator package manager tool, 'opm'. -# This recipe invokes 'opm' in 'semver' bundle add mode. For more information on add modes, see: -# https://github.com/operator-framework/community-operators/blob/7f1438c/docs/packaging-operator.md#updating-your-existing-operator -.PHONY: catalog-build -catalog-build: opm ## Build a catalog image. - $(OPM) index add --container-tool docker --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT) - -# Push the catalog image. -.PHONY: catalog-push -catalog-push: ## Push a catalog image. - $(MAKE) docker-push IMG=$(CATALOG_IMG) diff --git a/PROJECT b/PROJECT deleted file mode 100644 index ea9d436e..00000000 --- a/PROJECT +++ /dev/null @@ -1,20 +0,0 @@ -# Code generated by tool. DO NOT EDIT. -# This file is used to track the info used to scaffold your project -# and allow the plugins properly work. -# More info: https://book.kubebuilder.io/reference/project-config.html -domain: parodos.dev -layout: -- helm.sdk.operatorframework.io/v1 -plugins: - manifests.sdk.operatorframework.io/v2: {} - scorecard.sdk.operatorframework.io/v2: {} -projectName: orchestrator-operator -resources: -- api: - crdVersion: v1 - namespaced: true - domain: parodos.dev - group: orchestrator - kind: Orchestrator - version: v1alpha1 -version: "3" diff --git a/README.md b/README.md index ac8fe3b7..77707963 100644 --- a/README.md +++ b/README.md @@ -1,54 +1,196 @@ -# orchestrator-helm-operator -Meta Operator for deploying the Orchestrator helm charts - -# Pre-install requirements -This operator is a helm operator using the helm charts from the orchestrator repository. As such, you need to fulfill the pre-install requirements defined in the [README.md](https://github.com/parodos-dev/orchestrator-helm-chart/blob/gh-pages/README.md) prior to deploying the operator in a cluster. - -## Release - -Follow these steps to release a new version of the operator: - -1. Pull a fresh copy of the repository. Alternatively pull the latest from main on your existing repository and ensure that the HEAD matches the upstream's HEAD commit hash. -2. Create a new branch, example `release/1.2.0-rc7`. -3. Delete the contents of `helm-charts`. Deleting the contents ensures that any file removed in the latest version of the helm chart will no longer exist in the operator's copy of the helm charts. -4. Copy the contents of the `charts/orchestrator` directory from `orchestrator-helm-chart` to `helm-charts`. -5. Check the changes for each file in the `helm-charts` directory. It's important to keep the CSV's spec section aligned with the field and default values specified in the `values.yaml` file so that the user has a better experience when using the UI when creating a new CR. Most of the time the changes are in the template files. These changes don't require adjustments to the CSV. - 1. Changes to the `values.yaml` or the `values.schema.json` need to be propagated to the file in `config/crd/bases/orchestrator.parodos.dev_orchestrators.yaml` file, such as new fields that need to be added to the csv's `spec.schema.openAPIV3Schema` section with default value as specified in the `values.yaml` file. The `config/samples/orchestrator_v1alpha1_orchestrator.yaml` file is used as the example embedded in the CSV. - 2. Update the spec in the `config/samples/orchestrator_v1alpha1_orchestrator.yaml` file with the contents of the `values.yaml`, unless specified otherwise for that PR (e.g. changes applicable to the `values.yaml` for development purposes but not applicable for the operator as an example). -6. Validate any remaining changes to any other file. It's good to double check for changes introduced that are not required (an empty space, a tab, etc... nothing functional). -7. Commit the changes with message: `Bump helm chart to version X.Y.Z`. The new version of the chart can be found in `helm-charts/orchestrator/Chart.yaml`. Example commit: https://github.com/parodos-dev/orchestrator-helm-operator/commit/9d7c14be0de064a0530d6bfbedcd10cf7b3c1474 -8. Update the Makefile to increment the z-stream value by 1 and commit the change to the Makefile as `Release 1.2.0-rc8"`. Example commit: https://github.com/parodos-dev/orchestrator-helm-operator/commit/0bcedf59d03dd0ace380c342ebdb0187d82ad8d6 -9. Push the 2 commits. -10. Create a new PR against main, unless the changes are targeting a specific release. -11. Get the PR reviewed by the owner of the changes to the chart or by another team member. Two more pair of eyes are always welcome for these kind of things. -12. Merge the PR. -13. Switch to the main branch and pull the changes so that your fork and upstream are in sync and contain the new additions. -14. Run the following commands in an AMD64 environment. These commands will build the controller image, push it to the `quay.io/orchestrator/orchestrator-operator` [repository](https://quay.io/repository/orchestrator/orchestrator-operator?tab=tags), build the bundle (update the contents of `/bundle` based on the information in `/config`), build the bundle image and push it to the [repository](https://quay.io/repository/orchestrator/orchestrator-operator-bundle?tab=tags), and finally build the catalog container image and push it to it's [repository](https://quay.io/repository/orchestrator/orchestrator-operator-catalog?tab=tags). - -```shell -make docker-build docker-push bundle bundle-build bundle-push catalog-build catalog-push +# Orchestrator Documentation + +For comprehensive documentation on the Orchestrator, please visit [https://www.parodos.dev](https://www.parodos.dev). + +## Installing the Orchestrator Helm Operator + +Deploy the Orchestrator solution suite in an OCP cluster using the Orchestrator operator.\ +The chart installs the following components onto the target OpenShift cluster: + +- RHDH (Red Hat Developer Hub) Backstage +- OpenShift Serverless Logic Operator (with Data-Index and Job Service) +- OpenShift Serverless Operator + - Knative Eventing + - Knative Serving +- (Optional) An ArgoCD project named `orchestrator`. Requires an pre-installed ArgoCD/OpenShift GitOps instance in the cluster. Disabled by default +- (Optional) Tekton tasks and build pipeline. Requires an pre-installed Tekton/OpenShift Pipelines instance in the cluster. Disabled by default + +## Important Note for ARM64 Architecture Users + +Note that as of November 6, 2023, OpenShift Serverless Operator is based on RHEL 8 images which are not supported on the ARM64 architecture. Consequently, deployment of this helm chart on an [OpenShift Local](https://www.redhat.com/sysadmin/install-openshift-local) cluster on MacBook laptops with M1/M2 chips is not supported. + +## Prerequisites + +- Logged in to a Red Hat OpenShift Container Platform (version 4.13+) cluster as a cluster administrator. +- [OpenShift CLI (oc)](https://docs.openshift.com/container-platform/4.13/cli_reference/openshift_cli/getting-started-cli.html) is installed. +- [Operator Lifecycle Manager (OLM)](https://olm.operatorframework.io/docs/getting-started/) has been installed in your cluster. +- Your cluster has a [default storage class](https://docs.openshift.com/container-platform/4.13/storage/container_storage_interface/persistent-storage-csi-sc-manage.html) provisioned. +- [Helm](https://helm.sh/docs/intro/install/) v3.9+ is installed. +- A GitHub API Token - to import items into the catalog, ensure you have a `GITHUB_TOKEN` with the necessary permissions as detailed [here](https://backstage.io/docs/integrations/github/locations/). + - For classic token, include the following permissions: + - repo (all) + - admin:org (read:org) + - user (read:user, user:email) + - workflow (all) - required for using the software templates for creating workflows in GitHub + - For Fine grained token: + - Repository permissions: **Read** access to metadata, **Read** and **Write** access to actions, actions variables, administration, code, codespaces, commit statuses, environments, issues, pull requests, repository hooks, secrets, security events, and workflows. + - Organization permissions: **Read** access to members, **Read** and **Write** access to organization administration, organization hooks, organization projects, and organization secrets. + +### Deployment with GitOps + + If you plan to deploy in a GitOps environment, make sure you have installed the `ArgoCD/Red Hat OpenShift GitOps` and the `Tekton/Red Hat Openshift Pipelines Install` operators following these [instructions](https://github.com/parodos-dev/orchestrator-helm-operator/blob/gh-pages/gitops/README.md). + The Orchestrator installs RHDH and imports software templates designed for bootstrapping workflow development. These templates are crafted to ease the development lifecycle, including a Tekton pipeline to build workflow images and generate workflow K8s custom resources. Furthermore, ArgoCD is utilized to monitor any changes made to the workflow repository and to automatically trigger the Tekton pipelines as needed. + +- `ArgoCD/OpenShift GitOps` operator + - Ensure at least one instance of `ArgoCD` exists in the designated namespace (referenced by `ARGOCD_NAMESPACE` environment variable). Example [here](https://raw.githubusercontent.com/parodos-dev/orchestrator-helm-operator/gh-pages/gitops/resources/argocd-example.yaml) + - Validated API is `argoproj.io/v1alpha1/AppProject` +- `Tekton/OpenShift Pipelines` operator + - Validated APIs are `tekton.dev/v1beta1/Task` and `tekton.dev/v1/Pipeline` + - Requires ArgoCD installed since the manifests are deployed in the same namespace as the ArgoCD instance. + + Remember to enable [argocd](https://github.com/parodos-dev/orchestrator-helm-operator/blob/af6be52072bff3d15587430df5919e4d46ab59ab/config/crd/bases/orchestrator.parodos.dev_orchestrators.yaml#L451) and [tekton](https://github.com/parodos-dev/orchestrator-helm-operator/blob/af6be52072bff3d15587430df5919e4d46ab59ab/config/crd/bases/orchestrator.parodos.dev_orchestrators.yaml#L443) in your CR instance. + +## Installation + +1. Deploy the PostgreSQL reference implementation for persistence support in SonataFlow following these [instructions](https://github.com/parodos-dev/orchestrator-helm-operator/blob/gh-pages/postgresql/README.md) + +1. Create a namespace for the Orchestrator solution: + + ```console + oc new-project orchestrator + ``` + +1. Create a namespace for the Red Hat Developer Hub Operator (RHDH Operator): + + ```console + oc new-project rhdh-operator + ``` + +1. Download the setup script from the github repository and run it to create the RHDH secret and label the GitOps namespaces: + + ```console + wget https://raw.githubusercontent.com/parodos-dev/orchestrator-helm-operator/main/hack/setup.sh -O /tmp/setup.sh && chmod u+x /tmp/setup.sh + ``` + + Run the script: + ```console + /tmp/setup.sh --use-default + ``` + **NOTE:** If you don't want to use the default values, omit the `--use-default` and the script will prompt you for input. + + The contents will vary depending on the configuration in the cluster. The following list details all the keys that can appear in the secret: + + > - `BACKEND_SECRET`: Value is randomly generated at script execution. This is the only mandatory key required to be in the secret for the RHDH Operator to start. + > - `K8S_CLUSTER_URL`: The URL of the Kubernetes cluster is obtained dynamically using `oc whoami --show-server`. + > - `K8S_CLUSTER_TOKEN`: The value is obtained dynamically based on the provided namespace and service account. + > - `GITHUB_TOKEN`: This value is prompted from the user during script execution and is not predefined. + > - `GITHUB_CLIENT_ID` and `GITHUB_CLIENT_SECRET`: The value for both these fields are used to authenticate against GitHub. For more information open this [link](https://backstage.io/docs/auth/github/provider/). + > - `ARGOCD_URL`: This value is dynamically obtained based on the first ArgoCD instance available. + > - `ARGOCD_USERNAME`: Default value is set to `admin`. + > - `ARGOCD_PASSWORD`: This value is dynamically obtained based on the first ArgoCD instance available. + + Keys will not be added to the secret if they have no values associated. So for instance, when deploying in a cluster without the GitOps operators, the `ARGOCD_URL`, `ARGOCD_USERNAME` and `ARGOCD_PASSWORD` keys will be omited in the secret. + + Sample of a secret created in a GitOps environment: + + ```console + $> oc get secret -n rhdh-operator -o yaml backstage-backend-auth-secret + apiVersion: v1 + data: + ARGOCD_PASSWORD: ... + ARGOCD_URL: ... + ARGOCD_USERNAME: ... + BACKEND_SECRET: ... + GITHUB_TOKEN: ... + K8S_CLUSTER_TOKEN: ... + K8S_CLUSTER_URL: ... + kind: Secret + metadata: + creationTimestamp: "2024-05-07T22:22:59Z" + name: backstage-backend-auth-secret + namespace: rhdh-operator + resourceVersion: "4402773" + uid: 2042e741-346e-4f0e-9d15-1b5492bb9916 + type: Opaque + ``` +1. Use the following manifest to install the operator in an OCP cluster: + + ```yaml + apiVersion: operators.coreos.com/v1alpha1 + kind: Subscription + metadata: + name: orchestrator-operator + namespace: openshift-operators + spec: + channel: alpha + installPlanApproval: Automatic + name: orchestrator-operator + source: redhat-operators + sourceNamespace: openshift-marketplace + ``` + +1. Run the following commands to determine when the installation is completed: + + ```console + wget https://raw.githubusercontent.com/parodos-dev/orchestrator-helm-operator/main/hack/wait_for_operator_installed.sh -O /tmp/wait_for_operator_installed.sh && chmod u+x /tmp/wait_for_operator_installed.sh + ``` + + During the installation process, Kubernetes cronjobs are created by the chart to monitor the lifecycle of the CRs managed by the chart: rhdh operator, serverless operator and sonataflow operator. When deleting one of the previously mentioned CRs, a job is triggered that ensures the CR is removed before the operator is. + In case of any failure at this stage, these jobs remain active, facilitating administrators in retrieving detailed diagnostic information to identify and address the cause of the failure. + + > **Note:** that every minute on the clock a job is triggered to reconcile the CRs with the chart values. These cronjobs are deleted when their respective features (e.g. `rhdhOperator.enabled=false`) are removed or when the chart is removed. This is required because the CRs are not managed by helm due to the CRD dependency pre availability to the deployment of the CR. + + +## Additional information + +### GitOps environment + +See the dedicated [document](https://github.com/parodos-dev/orchestrator-helm-operator/blob/gh-pages/gitops/README.md) + +### Deploying PostgreSQL reference implementation + +See [here](https://github.com/parodos-dev/orchestrator-helm-operator/blob/gh-pages/postgresql/README.md) + +### ArgoCD and workflow namespace + +If you manually created the workflow namespaces (e.g., `$WORKFLOW_NAMESPACE`), run this command to add the required label that allows ArgoCD deploying instances there: + +```console +oc label ns $WORKFLOW_NAMESPACE argocd.argoproj.io/managed-by=$ARGOCD_NAMESPACE ``` +### Workflow installation -15. Navigate to the [catalog repository](https://quay.io/repository/orchestrator/orchestrator-operator-catalog?tab=tags) and locate the latest build image. The last modified value should give it away but worth checking just in case the push failed (e.g. podman could not authenticate against quay.io because credentials have expired). -16. Retrieve the SHA256 digest (e.g. `sha256:0aff5f6dfdd0eb25ca81f6b6aceee98bff8737b507632733e2d44f1821518e1e` ) and create a new catalog source manifest that points to that new image: -```yaml -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: orchestrator-operator - namespace: openshift-marketplace -spec: - displayName: Orchestrator Operator - publisher: Red Hat - sourceType: grpc - grpcPodConfig: - securityContextConfig: restricted - image: quay.io/orchestrator/orchestrator-operator-catalog@sha256:0aff5f6dfdd0eb25ca81f6b6aceee98bff8737b507632733e2d44f1821518e1e - updateStrategy: - registryPoll: - interval: 10m +Follow [Workflows Installation](https://www.parodos.dev/serverless-workflows-config/) + +## Cleanup + +**\/!\\ Before removing the orchestrator, make sure you first removed installed workflows. Otherwise the deletion may hung in termination state** + +To remove the operator from the cluster, delete the subscription: + +```console +oc delete subscriptions.operators.coreos.com orchestrator-operator -n openshift-operators +``` + +Note that the CRDs created during the installation process will remain in the cluster. + +To clean the rest of the resources, run: +```console +oc get crd -o name | grep -e sonataflow -e rhdh | xargs oc delete +oc delete namespace orchestrator sonataflow-infra rhdh-operator ``` -17. Deploy the catalogsource in your cluster and ensure that the latest version in the OLM menu for the orchestrator operator matches with the new version of the operator. -18. Install the operator and create a sample CR. Validate the CR deploys successfully by checking its status. You can take it further a notch and validate that the related objects also successfully deploy. -19. Share the new manfiest in the development channel to announce the new release. Tag the QE team so that they are aware and can take action as soon as they are able. \ No newline at end of file + +If you want to remove *knative* related resources, you may also run: +```console +oc get crd -o name | grep -e knative | xargs oc delete +``` + +## Troubleshooting + +### Timeout or errors during `oc wait` commands + +If you encounter errors or timeouts while executing `oc wait` commands, follow these steps to troubleshoot and resolve the issue: + +1. **Check Deployment Status**: Review the output of the `oc wait` commands to identify which deployments met the condition and which ones encountered errors or timeouts. + For example, if you see `error: timed out waiting for the condition on deployments/sonataflow-platform-data-index-service`, investigate further using `oc describe deployment sonataflow-platform-data-index-service -n sonataflow-infra` and `oc logs sonataflow-platform-data-index-service -n sonataflow-infra ` diff --git a/bundle.Dockerfile b/bundle.Dockerfile deleted file mode 100644 index f7659c9b..00000000 --- a/bundle.Dockerfile +++ /dev/null @@ -1,20 +0,0 @@ -FROM scratch - -# Core bundle labels. -LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 -LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ -LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ -LABEL operators.operatorframework.io.bundle.package.v1=orchestrator-operator -LABEL operators.operatorframework.io.bundle.channels.v1=alpha -LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.35.0 -LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 -LABEL operators.operatorframework.io.metrics.project_layout=helm.sdk.operatorframework.io/v1 - -# Labels for testing. -LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 -LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ - -# Copy files to locations specified by labels. -COPY bundle/manifests /manifests/ -COPY bundle/metadata /metadata/ -COPY bundle/tests/scorecard /tests/scorecard/ diff --git a/bundle.konflux.Dockerfile b/bundle.konflux.Dockerfile deleted file mode 100644 index 21a9dae1..00000000 --- a/bundle.konflux.Dockerfile +++ /dev/null @@ -1,66 +0,0 @@ -FROM registry.access.redhat.com/ubi9:latest as builder -ARG IMG=quay.io/redhat-user-workloads/orchestrator-releng-tenant/helm-operator/operator-controller@sha256:1a8e9c632770447bba6267e1e7d986b990cec16bb18c9c894518d6113b361889 -WORKDIR /operator -COPY . . -RUN dnf install make -y && make bundle IMG=${IMG} - -FROM scratch - -USER 1001 -# Expose controller's container image with digest so that we can retrieve it with skopeo when creating the FBC catalog -LABEL controller="quay.io/redhat-user-workloads/orchestrator-releng-tenant/helm-operator/operator-controller@sha256:1a8e9c632770447bba6267e1e7d986b990cec16bb18c9c894518d6113b361889" - -# Required labels -LABEL com.redhat.component="RHDH Orchestrator Helm Operator" -LABEL distribution-scope="public" -LABEL name="rhdh-orchestrator-helm-operator-bundle" -LABEL release="1.2.0" -LABEL version="1.2.0" -LABEL maintainer="Red Hat jgil@redhat.com" -LABEL url="https://github.com/parodos-dev/orchestrator-helm-operator" -LABEL vendor="Red Hat, Inc." -LABEL description="RHDH Orchestrator introduces serverless asynchronous workflows to Backstage, \ - with a focus on facilitating the transition of applications to the cloud, \ - onboarding developers, and enabling users to create workflows for backstage \ - actions or external systems." -LABEL io.k8s.description="RHDH Orchestrator introduces serverless asynchronous workflows to Backstage, \ - with a focus on facilitating the transition of applications to the cloud, \ - onboarding developers, and enabling users to create workflows for backstage \ - actions or external systems." -LABEL summary="RHDH Orchestrator introduces serverless asynchronous workflows to Backstage, \ - with a focus on facilitating the transition of applications to the cloud, \ - onboarding developers, and enabling users to create workflows for backstage \ - actions or external systems." -LABEL io.k8s.display-name="RHDH Orchestrator Helm Operator" -LABEL io.openshift.tags="openshift,operator,rhdh,orchestrator" - -# Core bundle labels. -LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 -LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ -LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ -LABEL operators.operatorframework.io.bundle.package.v1=orchestrator-operator -LABEL operators.operatorframework.io.bundle.channels.v1=alpha -LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.35.0 -LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 -LABEL operators.operatorframework.io.metrics.project_layout=helm.sdk.operatorframework.io/v1 - - -# Labels for operator certification https://redhat-connect.gitbook.io/certified-operator-guide/ocp-deployment/operator-metadata/bundle-directory -LABEL com.redhat.delivery.operator.bundle=true - -# This sets the earliest version of OCP where our operator build would show up in the official Red Hat operator catalog. -# vX means "X or later": https://redhat-connect.gitbook.io/certified-operator-guide/ocp-deployment/operator-metadata/bundle-directory/managing-openshift-versions -# -# See EOL schedule: https://docs.engineering.redhat.com/display/SP/Shipping+Operators+to+EOL+OCP+versions -# -LABEL com.redhat.openshift.versions="v4.13" - -# Labels for testing. -LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 -LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ - -# Copy files to locations specified by labels. -COPY --from=builder /operator/bundle/manifests /manifests/ -COPY --from=builder /operator/bundle/metadata /metadata/ -COPY --from=builder /operator/bundle/tests/scorecard /tests/scorecard/ -COPY --from=builder /operator/LICENSE /license/ diff --git a/bundle/manifests/orchestrator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/orchestrator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml deleted file mode 100644 index 55b5ea01..00000000 --- a/bundle/manifests/orchestrator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: orchestrator-operator - app.kubernetes.io/instance: metrics-reader - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: clusterrole - app.kubernetes.io/part-of: orchestrator-operator - name: orchestrator-metrics-reader -rules: -- nonResourceURLs: - - /metrics - verbs: - - get diff --git a/bundle/manifests/orchestrator-metrics-service_v1_service.yaml b/bundle/manifests/orchestrator-metrics-service_v1_service.yaml deleted file mode 100644 index fad87cbb..00000000 --- a/bundle/manifests/orchestrator-metrics-service_v1_service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: orchestrator-operator - app.kubernetes.io/instance: orchestrator-operator-metrics-service - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: service - app.kubernetes.io/part-of: orchestrator-operator - control-plane: orchestrator-operator - name: orchestrator-metrics-service -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - selector: - control-plane: orchestrator-operator -status: - loadBalancer: {} diff --git a/bundle/manifests/orchestrator-operator.clusterserviceversion.yaml b/bundle/manifests/orchestrator-operator.clusterserviceversion.yaml deleted file mode 100644 index 02417885..00000000 --- a/bundle/manifests/orchestrator-operator.clusterserviceversion.yaml +++ /dev/null @@ -1,525 +0,0 @@ -apiVersion: operators.coreos.com/v1alpha1 -kind: ClusterServiceVersion -metadata: - annotations: - alm-examples: |- - [ - { - "apiVersion": "orchestrator.parodos.dev/v1alpha1", - "kind": "Orchestrator", - "metadata": { - "name": "orchestrator-sample" - }, - "spec": { - "argocd": { - "enabled": false, - "namespace": "" - }, - "orchestrator": { - "namespace": "sonataflow-infra", - "sonataflowPlatform": { - "resources": { - "limits": { - "cpu": "500m", - "memory": "1Gi" - }, - "requests": { - "cpu": "250m", - "memory": "64Mi" - } - } - } - }, - "postgres": { - "authSecret": { - "name": "sonataflow-psql-postgresql", - "passwordKey": "postgres-password", - "userKey": "postgres-username" - }, - "database": "sonataflow", - "serviceName": "sonataflow-psql-postgresql", - "serviceNamespace": "sonataflow-infra" - }, - "rhdhOperator": { - "enabled": true, - "secretRef": { - "argocd": { - "password": "ARGOCD_PASSWORD", - "url": "ARGOCD_URL", - "username": "ARGOCD_USERNAME" - }, - "backstage": { - "backendSecret": "BACKEND_SECRET" - }, - "github": { - "clientId": "GITHUB_CLIENT_ID", - "clientSecret": "GITHUB_CLIENT_SECRET", - "token": "GITHUB_TOKEN" - }, - "k8s": { - "clusterToken": "K8S_CLUSTER_TOKEN", - "clusterUrl": "K8S_CLUSTER_URL" - }, - "name": "backstage-backend-auth-secret" - }, - "subscription": { - "channel": "fast", - "installPlanApproval": "Automatic", - "name": "rhdh", - "namespace": "rhdh-operator" - } - }, - "rhdhPlugins": { - "notifications": { - "integrity": "sha512-BQ7ujmrbv2MLelNGyleC4Z8fVVywYBMYZTwmRC534WCT38QHQ0cWJbebOgeIYszFA98STW4F5tdKbVot/2gWMg==", - "package": "plugin-notifications@1.2.5" - }, - "notificationsBackend": { - "integrity": "sha512-5zluThJwFVKX0Wlh4E15vDKUFGu/qJ0UsxHYWoISJ+ing1R38gskvN3kukylNTgOp8B78OmUglPfNlydcYEHvA==", - "package": "plugin-notifications-backend-dynamic@1.4.11" - }, - "npmRegistry": "", - "orchestrator": { - "integrity": "sha512-qSXQ2O7/eLBEF186PzaRfzLfutFYUq9MdiiIZbHejz+KML9rVInPJkc1tine3R3JQVuw1QBIQ2vhPNbGbHXWZg==", - "package": "backstage-plugin-orchestrator@1.10.6" - }, - "orchestratorBackend": { - "integrity": "sha512-wVZE7Dak10edxh1ZEckzYKrE13GrqhzSVelURhxjZcgXEHdGPWYUFHNMEpte7hzIBE85350Ka7fpy7C4BNPvEw==", - "package": "backstage-plugin-orchestrator-backend-dynamic@1.8.0" - }, - "scope": "@janus-idp" - }, - "serverlessOperator": { - "enabled": true, - "subscription": { - "channel": "stable", - "installPlanApproval": "Automatic", - "name": "serverless-operator", - "namespace": "openshift-serverless" - } - }, - "sonataFlowOperator": { - "enabled": true, - "subscription": { - "channel": "alpha", - "installPlanApproval": "Automatic", - "name": "logicoperator-rhel8", - "namespace": "openshift-serverless-logic" - } - }, - "tekton": { - "enabled": false - } - } - } - ] - capabilities: Basic Install - categories: Developer Tools - console.openshift.io/disable-operand-delete: "true" - createdAt: "2024-07-11T19:22:12Z" - features.operators.openshift.io/cnf: "false" - features.operators.openshift.io/cni: "false" - features.operators.openshift.io/csi: "false" - features.operators.openshift.io/disconnected: "false" - features.operators.openshift.io/fips-compliant: "false" - features.operators.openshift.io/proxy-aware: "false" - features.operators.openshift.io/tls-profiles: "false" - features.operators.openshift.io/token-auth-aws: "false" - features.operators.openshift.io/token-auth-azure: "false" - features.operators.openshift.io/token-auth-gcp: "false" - operator.openshift.io/uninstall-message: This action won't automatically delete - managed resources (operands). To prevent data loss or disruption, you'll need - to manually delete them. - operators.openshift.io/valid-subscription: '["Red Hat Developer Hub"]' - operators.operatorframework.io/builder: operator-sdk-v1.35.0 - operators.operatorframework.io/project_layout: helm.sdk.operatorframework.io/v1 - repository: https://github.com/parodos-dev/orchestrator-helm-operator - labels: - operatorframework.io/arch.amd64: supported - operatorframework.io/arch.arm64: unsupported - operatorframework.io/arch.ppc64le: unsupported - operatorframework.io/arch.s390x: unsupported - operatorframework.io/suggested-namespace: orchestrator - name: orchestrator-operator.v1.2.0-rc5 - namespace: placeholder -spec: - apiservicedefinitions: {} - customresourcedefinitions: - owned: - - description: Parodos introduces serverless asynchronous workflows to Backstage, - with a focus on facilitating the transition of applications to the cloud, - onboarding developers, and enabling users to create workflows for backstage - actions or external systems. - displayName: Orchestrator - kind: Orchestrator - name: orchestrators.orchestrator.parodos.dev - version: v1alpha1 - description: | - Red Hat Developer Hub Orchestrator is a plugin that enables serverless asynchronous workflows to Backstage. - - ## More Information - - * [Red Hat Developer Hub Product Page](https://www.redhat.com/en/technologies/cloud-computing/developer-hub) - * [Product Documentation](https://parodos.dev) - displayName: Orchestrator Operator - icon: - - base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c3ZnIGlkPSJ1dWlkLWEwYWY5ZDg4LTU3MGItNGQ0Ny04OWQ4LThjYWU0YmE5MjdhMiIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2aWV3Qm94PSIwIDAgMzggMzgiPjx0aXRsZT5vcmNoZXN0cmF0b3IgaWNvbjwvdGl0bGU+CjxkZXNjPkNsb3VkPC9kZXNjPgo8bWV0YWRhdGE+PD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4KPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgOC4wLWMwMDEgMS4wMDAwMDAsIDAwMDAvMDAvMDAtMDA6MDA6MDAgICAgICAgICI+CiAgIDxyZGY6UkRGIHhtbG5zOnJkZj0iaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyI+CiAgICAgIDxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PSIiCiAgICAgICAgICAgIHhtbG5zOnhtcD0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wLyIKICAgICAgICAgICAgeG1sbnM6dGlmZj0iaHR0cDovL25zLmFkb2JlLmNvbS90aWZmLzEuMC8iCiAgICAgICAgICAgIHhtbG5zOmRjPSJodHRwOi8vcHVybC5vcmcvZGMvZWxlbWVudHMvMS4xLyIKICAgICAgICAgICAgeG1sbnM6eG1wUmlnaHRzPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvcmlnaHRzLyI+CiAgICAgICAgIDx4bXA6cmhjYy1lZmZlY3RpdmUtb24+MjAyNC0wNy0wOFQyMDo1Nzo1OS44NjVaPC94bXA6cmhjYy1lZmZlY3RpdmUtb24+CiAgICAgICAgIDx4bXA6cmhjYy1yaWdodHMtcmVzdHJpY3RlZD5ubzwveG1wOnJoY2MtcmlnaHRzLXJlc3RyaWN0ZWQ+CiAgICAgICAgIDx4bXA6YnJhbmQtY29udGVudC1zdWJ0eXBlPlRlY2hub2xvZ3kgaWNvbjwveG1wOmJyYW5kLWNvbnRlbnQtc3VidHlwZT4KICAgICAgICAgPHhtcDpyaGNjLW1ldGFkYXRhLWNvbXBsZXRlLW1vZGVyYXRvcj5wZW5kaW5nPC94bXA6cmhjYy1tZXRhZGF0YS1jb21wbGV0ZS1tb2RlcmF0b3I+CiAgICAgICAgIDx4bXA6cmhjYy10cmFuc2xhdGlvbi1pZD5UUkE4Nzk4MDVkOC0zZGZiLTRlMzgtOTc1NS1jNWNlOTY3MjI5OGY8L3htcDpyaGNjLXRyYW5zbGF0aW9uLWlkPgogICAgICAgICA8eG1wOmJyYW5kLWNvbnRlbnQtdHlwZT5JY29uPC94bXA6YnJhbmQtY29udGVudC10eXBlPgogICAgICAgICA8eG1wOkNyZWF0ZURhdGU+MjAyNC0wNy0wOFQyMDo1Nzo1OS44NjVaPC94bXA6Q3JlYXRlRGF0ZT4KICAgICAgICAgPHhtcDpyaGNjLWRlcml2YXRpdmUtaWQ+REVSODc5ODA1ZDgtM2RmYi00ZTM4LTk3NTUtYzVjZTk2NzIyOThmPC94bXA6cmhjYy1kZXJpdmF0aXZlLWlkPgogICAgICAgICA8eG1wOnJoY2MtZWZmZWN0aXZlLW9uLXNldC1vbi11cGxvYWQ+dHJ1ZTwveG1wOnJoY2MtZWZmZWN0aXZlLW9uLXNldC1vbi11cGxvYWQ+CiAgICAgICAgIDx4bXA6YnJhbmQtbG9nby1jb2xvcj5TdGFuZGFyZDwveG1wOmJyYW5kLWxvZ28tY29sb3I+CiAgICAgICAgIDx4bXA6cmhjYy1tZXRhZGF0YS1jb21wbGV0ZS11cGxvYWRlcj5wZW5kaW5nPC94bXA6cmhjYy1tZXRhZGF0YS1jb21wbGV0ZS11cGxvYWRlcj4KICAgICAgICAgPHhtcDpyaGNjLWZpbGUtbGFzdC1tb2RpZmllZD4yMDI0LTA3LTA4VDIwOjU4OjA5LjkzOFo8L3htcDpyaGNjLWZpbGUtbGFzdC1tb2RpZmllZD4KICAgICAgICAgPHhtcDpyaGNjLWF1ZGllbmNlPnJoY2MtYXVkaWVuY2U6aW50ZXJuYWw8L3htcDpyaGNjLWF1ZGllbmNlPgogICAgICAgICA8eG1wOnJoY2Mtbm90aWZ5LXBvcnRhbC1zdWJzY3JpYmVycy1vbi1jaGFuZ2U+eWVzPC94bXA6cmhjYy1ub3RpZnktcG9ydGFsLXN1YnNjcmliZXJzLW9uLWNoYW5nZT4KICAgICAgICAgPHhtcDpyaGNjLXByb2R1Y3Q+CiAgICAgICAgICAgIDxyZGY6QmFnPgogICAgICAgICAgICAgICA8cmRmOmxpPnJoY2MtcHJvZHVjdDpyZWQtaGF0LWRldmVsb3Blci1odWI8L3JkZjpsaT4KICAgICAgICAgICAgPC9yZGY6QmFnPgogICAgICAgICA8L3htcDpyaGNjLXByb2R1Y3Q+CiAgICAgICAgIDx0aWZmOkltYWdlTGVuZ3RoPjM4PC90aWZmOkltYWdlTGVuZ3RoPgogICAgICAgICA8dGlmZjpJbWFnZVdpZHRoPjM4PC90aWZmOkltYWdlV2lkdGg+CiAgICAgICAgIDxkYzpmb3JtYXQ+aW1hZ2Uvc3ZnK3htbDwvZGM6Zm9ybWF0PgogICAgICAgICA8ZGM6bW9kaWZpZWQ+MjAyNC0wNy0wOFQyMDo1OToyMi44ODlaPC9kYzptb2RpZmllZD4KICAgICAgICAgPGRjOmRlc2NyaXB0aW9uPgogICAgICAgICAgICA8cmRmOkFsdD4KICAgICAgICAgICAgICAgPHJkZjpsaSB4bWw6bGFuZz0ieC1kZWZhdWx0Ij5DbG91ZDwvcmRmOmxpPgogICAgICAgICAgICA8L3JkZjpBbHQ+CiAgICAgICAgIDwvZGM6ZGVzY3JpcHRpb24+CiAgICAgICAgIDxkYzp0aXRsZT4KICAgICAgICAgICAgPHJkZjpBbHQ+CiAgICAgICAgICAgICAgIDxyZGY6bGkgeG1sOmxhbmc9IngtZGVmYXVsdCI+b3JjaGVzdHJhdG9yIGljb248L3JkZjpsaT4KICAgICAgICAgICAgPC9yZGY6QWx0PgogICAgICAgICA8L2RjOnRpdGxlPgogICAgICAgICA8eG1wUmlnaHRzOlVzYWdlVGVybXM+CiAgICAgICAgICAgIDxyZGY6QWx0PgogICAgICAgICAgICAgICA8cmRmOmxpIHhtbDpsYW5nPSJ4LWRlZmF1bHQiPlVzZSB0ZWNobm9sb2d5IGljb25zIHRvIHJlcHJlc2VudCBSZWQgSGF0IHByb2R1Y3RzIGFuZCBjb21wb25lbnRzLiBEbyBub3QgcmVtb3ZlIHRoZSBpY29uIGZyb20gdGhlIGJvdW5kaW5nIHNoYXBlLjwvcmRmOmxpPgogICAgICAgICAgICA8L3JkZjpBbHQ+CiAgICAgICAgIDwveG1wUmlnaHRzOlVzYWdlVGVybXM+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAKPD94cGFja2V0IGVuZD0idyI/PjwvbWV0YWRhdGE+CjxkZWZzPjxzdHlsZT4udXVpZC1jMTkzZTg1NC1kOTU4LTRhZGYtYjNiZS03ZmVhMjNjNmZiMWZ7ZmlsbDojZTBlMGUwO30udXVpZC1jMTkzZTg1NC1kOTU4LTRhZGYtYjNiZS03ZmVhMjNjNmZiMWYsLnV1aWQtMzU4MjVlODEtMTdiMy00YWQ1LThhZTUtOGYxODU4OGIzNjg5LC51dWlkLWQ3MzhjOTFjLTkxYjUtNDg1OC04MWRhLTEyZjA2MmNkNTkwNCwudXVpZC0wMmVjZTY4MC1kOTVjLTQ1Y2QtYjg0Ny0xZjQwZGZlYTg5MTF7c3Ryb2tlLXdpZHRoOjBweDt9LnV1aWQtMzU4MjVlODEtMTdiMy00YWQ1LThhZTUtOGYxODU4OGIzNjg5e2ZpbGw6IzAwMDt9LnV1aWQtZDczOGM5MWMtOTFiNS00ODU4LTgxZGEtMTJmMDYyY2Q1OTA0e2ZpbGw6I2UwMDt9LnV1aWQtMDJlY2U2ODAtZDk1Yy00NWNkLWI4NDctMWY0MGRmZWE4OTExe2ZpbGw6I2ZmZjt9PC9zdHlsZT48L2RlZnM+PHJlY3QgY2xhc3M9InV1aWQtMDJlY2U2ODAtZDk1Yy00NWNkLWI4NDctMWY0MGRmZWE4OTExIiB4PSIxIiB5PSIxIiB3aWR0aD0iMzYiIGhlaWdodD0iMzYiIHJ4PSI5IiByeT0iOSIvPjxwYXRoIGNsYXNzPSJ1dWlkLWMxOTNlODU0LWQ5NTgtNGFkZi1iM2JlLTdmZWEyM2M2ZmIxZiIgZD0iTTI4LDIuMjVjNC4yNzM0LDAsNy43NSwzLjQ3NjYsNy43NSw3Ljc1djE4YzAsNC4yNzM0LTMuNDc2Niw3Ljc1LTcuNzUsNy43NUgxMGMtNC4yNzM0LDAtNy43NS0zLjQ3NjYtNy43NS03Ljc1VjEwYzAtNC4yNzM0LDMuNDc2Ni03Ljc1LDcuNzUtNy43NWgxOE0yOCwxSDEwQzUuMDI5NCwxLDEsNS4wMjk0LDEsMTB2MThjMCw0Ljk3MDYsNC4wMjk0LDksOSw5aDE4YzQuOTcwNiwwLDktNC4wMjk0LDktOVYxMGMwLTQuOTcwNi00LjAyOTQtOS05LTloMFoiLz48cGF0aCBjbGFzcz0idXVpZC1kNzM4YzkxYy05MWI1LTQ4NTgtODFkYS0xMmYwNjJjZDU5MDQiIGQ9Ik0xNCw5LjM3NWgtNGMtLjM0NDcsMC0uNjI1LjI3OTgtLjYyNS42MjV2NGMwLC4zNDUyLjI4MDMuNjI1LjYyNS42MjVoNGMuMzQ0NywwLC42MjUtLjI3OTguNjI1LS42MjV2LTRjMC0uMzQ1Mi0uMjgwMy0uNjI1LS42MjUtLjYyNVpNMTMuMzc1LDEzLjM3NWgtMi43NXYtMi43NWgyLjc1djIuNzVaIi8+PHBhdGggY2xhc3M9InV1aWQtZDczOGM5MWMtOTFiNS00ODU4LTgxZGEtMTJmMDYyY2Q1OTA0IiBkPSJNMjcsMjIuNjE5NmMuMTY5OSwwLC4zMzAxLS4wNTk2LjQzOTUtLjE3OTcuMTIwMS0uMTEwNC4xOTA0LS4yODAzLjE5MDQtLjQzOTksMC0uMDgwMS0uMDIwNS0uMTYwMi0uMDQ5OC0uMjQwMi0uMDMwMy0uMDY5OC0uMDgwMS0uMTQwMS0uMTQwNi0uMTk5Ny0uMjI5NS0uMjMwNS0uNjQ5NC0uMjMwNS0uODc5OSwwLS4xMjAxLjEwOTktLjE3OTcuMjY5NS0uMTc5Ny40Mzk5LDAsLjE2OTkuMDU5Ni4zMjk2LjE3OTcuNDM5OS4xMjAxLjEyMDEuMjgwMy4xNzk3LjQ0MDQuMTc5N1oiLz48cGF0aCBjbGFzcz0idXVpZC1kNzM4YzkxYy05MWI1LTQ4NTgtODFkYS0xMmYwNjJjZDU5MDQiIGQ9Ik0yNSwyMi42MTk2Yy4xNjk5LDAsLjMzMDEtLjA1OTYuNDM5NS0uMTc5Ny4xMjAxLS4xMTA0LjE5MDQtLjI4MDMuMTkwNC0uNDM5OSwwLS4wODAxLS4wMjA1LS4xNjAyLS4wNDk4LS4yNDAyLS4wMzAzLS4wNjk4LS4wODAxLS4xNDAxLS4xNDA2LS4xOTk3LS4wNDk4LS4wNjAxLS4xMjk5LS4xMTA0LS4xOTkyLS4xNDAxLS4yMzA1LS4wOTAzLS41MTA3LS4wNC0uNjgwNy4xNDAxLS4wNTk2LjA1OTYtLjEwOTQuMTI5OS0uMTM5Ni4xOTk3LS4wMzAzLjA4MDEtLjA0OTguMTYwMi0uMDQ5OC4yNDAyLDAsLjE1OTcuMDY5My4zMjk2LjE4OTUuNDM5OS4xMTA0LjEyMDEuMjgwMy4xNzk3LjQ0MDQuMTc5N1oiLz48cGF0aCBjbGFzcz0idXVpZC1kNzM4YzkxYy05MWI1LTQ4NTgtODFkYS0xMmYwNjJjZDU5MDQiIGQ9Ik0yOSwxOS4zNzVoLThjLS4zNDQ3LDAtLjYyNS4yNzk4LS42MjUuNjI1djhjMCwuMzQ1Mi4yODAzLjYyNS42MjUuNjI1aDhjLjM0NDcsMCwuNjI1LS4yNzk4LjYyNS0uNjI1di04YzAtLjM0NTItLjI4MDMtLjYyNS0uNjI1LS42MjVaTTI4LjM3NSwyNy4zNzVoLTYuNzV2LTYuNzVoNi43NXY2Ljc1WiIvPjxwYXRoIGNsYXNzPSJ1dWlkLTM1ODI1ZTgxLTE3YjMtNGFkNS04YWU1LThmMTg1ODhiMzY4OSIgZD0iTTIxLjUsMTEuMzc1aC01LjVjLS4zNDQ3LDAtLjYyNS4yNzk4LS42MjUuNjI1cy4yODAzLjYyNS42MjUuNjI1aDUuNWMxLjAzNDIsMCwxLjg3NS44NDEzLDEuODc1LDEuODc1cy0uODQwOCwxLjg3NS0xLjg3NSwxLjg3NWgtMi44NzV2LS4zNzVjMC0uMjUyOS0uMTUyMy0uNDgwNS0uMzg1Ny0uNTc3Ni0uMjMxNC0uMDk1Mi0uNTAyLS4wNDM5LS42ODE2LjEzNTdsLTEsMWMtLjAxMjkuMDEyOS0uMDE3NS4wMy0uMDI4OS4wNDM4LS4wNDEyLjA0ODgtLjA4MDYuMDk5NC0uMTA1NC4xNTkyLS4wMjc2LjA2Ny0uMDM5LjEzODItLjA0MjQuMjA5Ni0uMDAwNS4wMTAzLS4wMDU5LjAxODktLjAwNTkuMDI5MywwLC4wMTA0LjAwNTUuMDE5Mi4wMDYuMDI5NS4wMDM0LjA3MTMuMDE0Ny4xNDIzLjA0MjMuMjA5NC4wMjQ5LjA2MDEuMDY0NC4xMTEuMTA1OC4xNi4wMTE0LjAxMzUuMDE1OC4wMzA0LjAyODUuMDQzMWwxLDFjLjEyMDEuMTE5Ni4yODAzLjE4MzEuNDQyNC4xODMxLjA4MTEsMCwuMTYyMS0uMDE1Ni4yMzkzLS4wNDc0LjIzMzQtLjA5NzIuMzg1Ny0uMzI0Ny4zODU3LS41Nzc2di0uMzc1aDIuODc1YzEuNzIyNywwLDMuMTI1LTEuNDAxOSwzLjEyNS0zLjEyNXMtMS40MDIzLTMuMTI1LTMuMTI1LTMuMTI1WiIvPjxwYXRoIGNsYXNzPSJ1dWlkLTM1ODI1ZTgxLTE3YjMtNGFkNS04YWU1LThmMTg1ODhiMzY4OSIgZD0iTTE3LjQ0MjQsMjAuNTU4MWMtLjI0NDEtLjI0NDEtLjY0MDYtLjI0NDEtLjg4NDgsMC0uMjQzMi4yNDQxLS4yNDMyLjYzOTYsMCwuODgzOGwuOTMzNC45MzMxaC0zLjQ5MWMtMS4zMDk2LDAtMi4zNzUtMS4wNjU0LTIuMzc1LTIuMzc1czEuMDY1NC0yLjM3NSwyLjM3NS0yLjM3NWgxYy4zNDQ3LDAsLjYyNS0uMjc5OC42MjUtLjYyNXMtLjI4MDMtLjYyNS0uNjI1LS42MjVoLTFjLTEuOTk5LDAtMy42MjUsMS42MjYtMy42MjUsMy42MjVzMS42MjYsMy42MjUsMy42MjUsMy42MjVoMy40OTFsLS45MzM0LjkzMzFjLS4yNDMyLjI0NDEtLjI0MzIuNjM5NiwwLC44ODM4LjEyMjEuMTIyMS4yODIyLjE4MzEuNDQyNC4xODMxcy4zMjAzLS4wNjEuNDQyNC0uMTgzMWwyLTJjLjI0MzItLjI0NDEuMjQzMi0uNjM5NiwwLS44ODM4bC0yLTJaIi8+PC9zdmc+ - mediatype: image/svg+xml - install: - spec: - clusterPermissions: - - rules: - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - "" - resources: - - namespaces - - secrets - - pods - - services - - services/finalizers - - events - - configmaps - - serviceaccounts - verbs: - - list - - get - - delete - - update - - create - - patch - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - apiGroups: - - operators.coreos.com - resources: - - operatorgroups - - subscriptions - - catalogsources - verbs: - - list - - get - - delete - - update - - create - - patch - - watch - - apiGroups: - - config.openshift.io - resources: - - ingresses - verbs: - - get - - list - - apiGroups: - - operator.knative.dev - resources: - - knativeeventings - - knativeservings - verbs: - - get - - create - - delete - - list - - watch - - patch - - update - - apiGroups: - - serving.knative.dev - resources: - - services - verbs: - - list - - get - - apiGroups: - - rhdh.redhat.com - resources: - - backstages - verbs: - - get - - create - - delete - - list - - watch - - patch - - update - - apiGroups: - - sonataflow.org - resources: - - sonataflows - - sonataflowclusterplatforms - - sonataflowplatforms - verbs: - - get - - list - - create - - delete - - watch - - patch - - update - - apiGroups: - - apps.openshift.io - resources: - - deploymentconfigs - verbs: - - get - - list - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - list - - get - - apiGroups: - - route.openshift.io - resources: - - routes - verbs: - - list - - get - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles - - clusterrolebindings - verbs: - - delete - - create - - get - - list - - watch - - apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - delete - - create - - list - - watch - - get - - patch - - apiGroups: - - orchestrator.parodos.dev - resources: - - orchestrators - - orchestrators/status - - orchestrators/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - argoproj.io - resources: - - appprojects - verbs: - - get - - create - - list - - update - - create - - delete - - watch - - patch - - apiGroups: - - tekton.dev - resources: - - pipelines - - tasks - verbs: - - get - - create - - list - - update - - create - - delete - - watch - - patch - serviceAccountName: orchestrator-operator - deployments: - - label: - app.kubernetes.io/component: manager - app.kubernetes.io/created-by: orchestrator-operator - app.kubernetes.io/instance: orchestrator-operator - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: deployment - app.kubernetes.io/part-of: orchestrator-operator - control-plane: orchestrator-operator - name: orchestrator-operator - spec: - replicas: 1 - selector: - matchLabels: - control-plane: orchestrator-operator - strategy: {} - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: manager - labels: - control-plane: orchestrator-operator - spec: - containers: - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=0 - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.4@sha256:fcca9269424da38cfd216f4731de9fe5dea9f98e32c00da767b8e6e1ce9613cb - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: https - protocol: TCP - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 5m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - - args: - - --health-probe-bind-address=:8081 - - --metrics-bind-address=127.0.0.1:8080 - - --leader-elect - - --leader-election-id=orchestrator-operator - image: quay.io/orchestrator/orchestrator-operator:1.2.0-rc5 - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 10m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - securityContext: - runAsNonRoot: true - serviceAccountName: orchestrator-operator - terminationGracePeriodSeconds: 10 - permissions: - - rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - serviceAccountName: orchestrator-operator - strategy: deployment - installModes: - - supported: false - type: OwnNamespace - - supported: false - type: SingleNamespace - - supported: false - type: MultiNamespace - - supported: true - type: AllNamespaces - keywords: - - Orchestrator - - RHDH - - Backstage - links: - - name: Orchestrator Operator - url: https://github.com/parodos-dev/orchestrator-helm-operator - maintainers: - - email: jgil@redhat.com - name: Jordi Gil - maturity: alpha - minKubeVersion: 1.26.0 - provider: - name: Red Hat - url: https://www.redhat.com - version: 1.2.0-rc5 diff --git a/bundle/manifests/orchestrator.parodos.dev_orchestrators.yaml b/bundle/manifests/orchestrator.parodos.dev_orchestrators.yaml deleted file mode 100644 index f8c448a3..00000000 --- a/bundle/manifests/orchestrator.parodos.dev_orchestrators.yaml +++ /dev/null @@ -1,518 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: orchestrators.orchestrator.parodos.dev -spec: - group: orchestrator.parodos.dev - names: - kind: Orchestrator - listKind: OrchestratorList - plural: orchestrators - singular: orchestrator - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[-1:].status - name: Ready - type: string - - jsonPath: .status.conditions[-1:].reason - name: Reason - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: Orchestrator is the Schema for the orchestrators API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec defines the desired state of Orchestrator - properties: - argocd: - description: ArgoCD contains the fields for the ArgoCD configuration - properties: - enabled: - default: false - description: Enabled determines whether to install the ArgoCD - plugin and create the orchestrator AppProject - type: boolean - namespace: - default: orchestrator-gitops - description: Namespace defines the namespace where ther ArgoCD - operator is deployed and is watching for argoapp CR instances - type: string - type: object - orchestrator: - description: Orchestrator contains the fields for the orchestrator - configuration - properties: - namespace: - default: sonataflow-infra - description: Namespace where sonataflow's workflows run. The value - is captured when running the setup.sh script and stored as a - label in the target namespace. User can override the value by - populating this field. Defaults to `sonataflow-infra`. This - field takes precendence over the value in the label. - type: string - sonataflowPlatform: - description: SonataflowPlatform contains the pod resource configuration - to be used for the data index and job services - properties: - dataIndexImage: - description: This field contains the location of a custom - DataIndex service container image to be used instead of - the provided one by SonataFlow - type: string - jobServiceImage: - description: This field contains the location of a custom - Job Service container image to be used instead of the provided - one by SonataFlow - type: string - resources: - description: Resources contains the requests and limit of - CPU and memory resources for the pod instance - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - properties: - cpu: - default: 500m - description: CPU defines the CPU resource limits - type: string - memory: - default: 1Gi - description: Memory defines the memory resource limits - type: string - type: object - requests: - description: | - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. - Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - properties: - cpu: - default: 250m - description: CPU defines the CPU resource limits - type: string - memory: - default: 64Mi - description: Memory defines the memory resource limits - type: string - type: object - type: object - type: object - type: object - postgres: - description: Sonataflow operator PostgreSQL configuration details - properties: - authSecret: - description: PostgreSQL connection credentials details - properties: - name: - default: sonataflow-psql-postgresql - description: Name of existing secret to use for PostgreSQL - credentials. - type: string - passwordKey: - default: postgres-password - description: name of key in existing secret to use for PostgreSQL - credentials. - type: string - userKey: - default: postgres-username - description: Name of key in existing secret to use for PostgreSQL - credentials. - type: string - type: object - database: - default: sonataflow - description: Existing database instance used by data index and - job service - type: string - serviceName: - default: sonataflow-psql-postgresql - description: The name of the Postgres DB service to be used by - platform services. Cannot be empty. - type: string - serviceNamespace: - default: sonataflow-infra - description: The namespace of the Postgres DB service to be used - by platform services. - type: string - type: object - rhdhOperator: - description: RHDH Operator contains the configuration fields for the - Red Hat Developer Hub operator - properties: - enableGuestProvider: - default: false - description: EnableGuestProvider captures whether to enable the - guest provider in RHDH - type: boolean - enabled: - default: true - description: Enabled determines whether the operator should be - deployed by the chart. Defaults to true - type: boolean - isReleaseCandidate: - default: false - description: Indicates RC builds should be used by the chart to - install the Serverless Operator - type: boolean - secretRef: - description: Backstage secret reference information - properties: - argocd: - description: ArgoCD specific configuration fields that are - injected to the backstage instance to allow the plugin to - communicate with ArgoCD. Note that ArgoCD must be deployed - beforehand and the argocd.enabled field must be set to true - as well. - properties: - password: - default: ARGOCD_PASSWORD - description: Key in the secret with name defined in the - 'name' field that contains the value of the password - to authenticate to ArgoCD. Defaults to 'ARGOCD_PASSWORD', - empty for not available. - type: string - url: - default: ARGOCD_URL - description: Key in the secret with name defined in the - 'name' field that contains the value of the URL of the - ArgoCD API server. Defaults to 'ARGOCD_URL', empty for - not available. - type: string - username: - default: ARGOCD_USERNAME - description: Key in the secret with name defined in the - 'name' field that contains the value of the username - to login to ArgoCD. Defaults to 'ARGOCD_USERNAME', empty - for not available. - type: string - type: object - backstage: - description: Backstage specific configuration fields that - contain the Backstate confidential keys. - properties: - backendSecret: - default: BACKEND_SECRET - description: Key in the secret with name defined in the - 'name' field that contains the value of the Backstage - backend secret. Defaults to 'BACKEND_SECRET'. It's required. - type: string - type: object - github: - description: GitHub specific configuration fields that are - injected to the backstage instance to allow the plugin to - communicate with GitHub. - properties: - clientId: - default: GITHUB_CLIENT_ID - description: Key in the secret with name defined in the - 'name' field that contains the value of the client ID - that you generated on GitHub, for GitHub authentication - (requires GitHub App). Defaults to 'GITHUB_CLIENT_ID', - empty for not available. - type: string - clientSecret: - default: GITHUB_CLIENT_SECRET - description: Key in the secret with name defined in the - 'name' field that contains the value of the client secret - tied to the generated client ID. Defaults to 'GITHUB_CLIENT_SECRET', - empty for not available. - type: string - token: - default: GITHUB_TOKEN - description: Key in the secret with name defined in the - 'name' field that contains the value of the authentication - token as expected by GitHub. Required for importing - resource to the catalog, launching software templates - and more. Defaults to 'GITHUB_TOKEN', empty for not - available. - type: string - type: object - k8s: - description: Kubernetes specific configuration fields that - are injected to the backstage instance to allow the plugin - to communicate with the Kubernetes API Server. - properties: - clusterToken: - default: K8S_CLUSTER_TOKEN - description: Key in the secret with name defined in the - 'name' field that contains the value of the API URL - of the kubernetes cluster. Defaults to 'K8S_CLUSTER_TOKEN', - empty for not available. - type: string - clusterUrl: - default: K8S_CLUSTER_URL - description: Key in the secret with name defined in the - 'name' field that contains the value of the Kubernetes - API bearer token used for authentication. Defaults to - 'K8S_CLUSTER_URL', empty for not available. - type: string - type: object - name: - default: backstage-backend-auth-secret - description: Name of the secret that contains the credentials - for the plugin to establish a communication channel with - the Kubernetes API, ArgoCD and GitHub servers. - type: string - type: object - subscription: - description: Subscription specifies the subscription attributes - to use to deploy the operator. - properties: - channel: - default: fast - description: Channel defines the channel of the operator package - to subscribe to - type: string - installPlanApproval: - default: Automatic - description: InstallPlanApproval specifies the approval policy - for an InstallPlan. It must be one of "Automatic" or "Manual". - Defaults to Automatic. - type: string - name: - default: rhdh - description: Name defines the name of the operator package - type: string - namespace: - default: rhdh-operator - description: Namespace determines the namespace where the - operator should be deployed. Defaults to rhdh-operator - type: string - sourceName: - default: redhat-operators - description: SourceName captures the name of the catalog source - type: string - startingCSV: - default: "" - description: The initial version of the operator - type: string - targetNamespace: - default: rhdh-operator - description: The target namespace for the backstage CR in which - RHDH instance is created - type: string - type: object - type: object - rhdhPlugins: - description: Backstage plugins - properties: - notifications: - description: Notification plugin information - properties: - integrity: - default: sha512-wmISWN02G4OiBF7y8Jpl5KCbDfhzl70s+r0h2tdVh1IIwYmojH5pqXFQAhDd3FTlqYc8yqDG8gEAQ8v66qbU1g== - description: Package SHA integrity - type: string - package: - default: plugin-notifications-dynamic@0.2.0-rc.0-0 - description: Package name - type: string - type: object - notificationsBackend: - description: Notification backend plugin information - properties: - integrity: - default: sha512-2Eqi1SWIy1vIWcR0hjSCfRP2w9z+qFdpKsB3dmbssv4Pg98AFj41LYlrTLscHri7am6cd4xe1fEb7gJGqbNQiQ== - description: Package SHA integrity - type: string - package: - default: plugin-notifications-backend-dynamic@0.2.0-rc.0-0 - description: Package name - type: string - type: object - notifications_email: - description: Notification email plugin information - properties: - integrity: - default: sha512-TikxFBxBHKJYZy8go+Mw+7yjfSJILgXjr4K0C0+tnKyMOn+OqIX6K8c1fq7IdXto3fftQ+mmCrBqJem25JjVnA== - description: Package SHA integrity - type: string - package: - default: plugin-notifications-backend-module-email-dynamic@0.0.0-rc.0-0 - description: Package name - type: string - type: object - npmRegistry: - default: https://npm.stage.registry.redhat.com - description: NPM Registry - type: string - orchestrator: - description: Orchestrator plugin information - properties: - integrity: - default: sha512-uxkNFS/4nkVM6FRq0Uvnznvxcm/3MNdh11R6sRsbmKCP4KF4N9T2GF4lgfD7J+p7EuGMD4UFnjKjaR77v0NGaQ== - description: Package SHA integrity - type: string - package: - default: backstage-plugin-orchestrator@1.1.0-rc.0-0 - description: Package name - type: string - type: object - orchestratorBackend: - description: Orchestrator backend plugin information - properties: - integrity: - default: sha512-NIIGpwH/uJaMknTdORdnqsHfPeI/OrAl2biqELal1e9tK2r6PrVWfIWr9XoH5AfOjtQjbeAe7joiLwhM+uyVAw== - description: Package SHA integrity - type: string - package: - default: backstage-plugin-orchestrator-backend-dynamic@1.1.0-rc.0-0 - description: Package name - type: string - type: object - scope: - default: '@redhat' - description: Scope of the plugins - type: string - signals: - description: Signals plugin information - properties: - integrity: - default: sha512-5Iwp9gF6VPiMLJ5NUw5s5Z17AuJ5XYS97wghNTfcmah/OFxTmgZHWxvhcRoXDRQvyj4nc/gOZes74kp6kZ9XDg== - description: Package SHA integrity - type: string - package: - default: plugin-signals-dynamic@0.0.5-rc.0-0 - description: Package name - type: string - type: object - signalsBackend: - description: Signals backend plugin information - properties: - integrity: - default: sha512-LlkM2Mf2QTndsS6eBzyXDhJmRTHLpAku3hhlvWhtQChSLTFCtNGRTIQA5WHG7NqLH0QqBz+UcEjX7Vca82QKKg== - description: Package SHA integrity - type: string - package: - default: plugin-signals-backend-dynamic@0.1.3-rc.0-0 - description: Package name - type: string - type: object - type: object - serverlessOperator: - properties: - enabled: - default: true - description: Enabled determines whether the operator should be - deployed by the chart. Defaults to true. - type: boolean - subscription: - description: Subscription specifies the subscription attributes - to use to deploy the operator. - properties: - channel: - default: stable - description: Channel defines the channel of the operator package - to subscribe to - type: string - installPlanApproval: - default: Automatic - description: InstallPlanApproval specifies the approval policy - for an InstallPlan. It must be one of "Automatic" or "Manual". - Defaults to Automatic. - type: string - name: - default: serverless-operator - description: Name defines the name of the operator package - type: string - namespace: - default: openshift-serverless - description: Namespace determines the namespace where the - operator should be deployed. Defaults to openshift-serverless - type: string - sourceName: - default: redhat-operators - description: SourceName captures the name of the catalog source - type: string - type: object - type: object - sonataFlowOperator: - description: SonatafFlowOperator contains the configuration fields - for the SonataFlow Operator - properties: - enabled: - default: true - description: Enabled determines whether to deploy the SonataFlow - Operator operator or not. Defaults to true. - type: boolean - isReleaseCandidate: - default: false - description: Indicates RC builds should be used by the chart to - install Sonataflow - type: boolean - subscription: - description: Subscription specifies the subscription attributes - to use to deploy the operator. - properties: - channel: - default: alpha - description: Channel defines the channel of the operator package - to subscribe to - type: string - installPlanApproval: - default: Automatic - description: InstallPlanApproval specifies the approval policy - for an InstallPlan. It must be one of "Automatic" or "Manual". - Defaults to Automatic. - type: string - name: - default: logic-operator-rhel8 - description: Name defines the name of the operator package - type: string - namespace: - default: openshift-serverless-logic - description: Namespace determines the namespace where the - operator should be deployed. Defaults to openshift-serverless-logic - type: string - sourceName: - default: redhat-operators - description: SourceName captures the name of the catalog source - type: string - startingCSV: - default: "" - description: The initial version of the operator - type: string - type: object - type: object - tekton: - description: Contains the tekton configuration fields - properties: - enabled: - default: false - description: Enabled determines whether to create the Tekton pipeline - resources. Defaults to false. - type: boolean - type: object - type: object - status: - description: Status defines the observed state of Orchestrator - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/bundle/metadata/annotations.yaml b/bundle/metadata/annotations.yaml deleted file mode 100644 index ce025220..00000000 --- a/bundle/metadata/annotations.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - # Core bundle annotations. - operators.operatorframework.io.bundle.mediatype.v1: registry+v1 - operators.operatorframework.io.bundle.manifests.v1: manifests/ - operators.operatorframework.io.bundle.metadata.v1: metadata/ - operators.operatorframework.io.bundle.package.v1: orchestrator-operator - operators.operatorframework.io.bundle.channels.v1: alpha - operators.operatorframework.io.metrics.builder: operator-sdk-v1.35.0 - operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 - operators.operatorframework.io.metrics.project_layout: helm.sdk.operatorframework.io/v1 - - # Annotations for testing. - operators.operatorframework.io.test.mediatype.v1: scorecard+v1 - operators.operatorframework.io.test.config.v1: tests/scorecard/ diff --git a/bundle/tests/scorecard/config.yaml b/bundle/tests/scorecard/config.yaml deleted file mode 100644 index d5b4b3e4..00000000 --- a/bundle/tests/scorecard/config.yaml +++ /dev/null @@ -1,70 +0,0 @@ -apiVersion: scorecard.operatorframework.io/v1alpha3 -kind: Configuration -metadata: - name: config -stages: -- parallel: true - tests: - - entrypoint: - - scorecard-test - - basic-check-spec - image: quay.io/operator-framework/scorecard-test:v1.33.0 - labels: - suite: basic - test: basic-check-spec-test - storage: - spec: - mountPath: {} - - entrypoint: - - scorecard-test - - olm-bundle-validation - image: quay.io/operator-framework/scorecard-test:v1.33.0 - labels: - suite: olm - test: olm-bundle-validation-test - storage: - spec: - mountPath: {} - - entrypoint: - - scorecard-test - - olm-crds-have-validation - image: quay.io/operator-framework/scorecard-test:v1.33.0 - labels: - suite: olm - test: olm-crds-have-validation-test - storage: - spec: - mountPath: {} - - entrypoint: - - scorecard-test - - olm-crds-have-resources - image: quay.io/operator-framework/scorecard-test:v1.33.0 - labels: - suite: olm - test: olm-crds-have-resources-test - storage: - spec: - mountPath: {} - - entrypoint: - - scorecard-test - - olm-spec-descriptors - image: quay.io/operator-framework/scorecard-test:v1.33.0 - labels: - suite: olm - test: olm-spec-descriptors-test - storage: - spec: - mountPath: {} - - entrypoint: - - scorecard-test - - olm-status-descriptors - image: quay.io/operator-framework/scorecard-test:v1.33.0 - labels: - suite: olm - test: olm-status-descriptors-test - storage: - spec: - mountPath: {} -storage: - spec: - mountPath: {} diff --git a/config/crd/bases/orchestrator.parodos.dev_orchestrators.yaml b/config/crd/bases/orchestrator.parodos.dev_orchestrators.yaml deleted file mode 100644 index 7a7d58d5..00000000 --- a/config/crd/bases/orchestrator.parodos.dev_orchestrators.yaml +++ /dev/null @@ -1,468 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: orchestrators.orchestrator.parodos.dev -spec: - group: orchestrator.parodos.dev - names: - kind: Orchestrator - listKind: OrchestratorList - plural: orchestrators - singular: orchestrator - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[-1:].status - name: Ready - type: string - - jsonPath: .status.conditions[-1:].reason - name: Reason - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: Orchestrator is the Schema for the orchestrators API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec defines the desired state of Orchestrator - type: object - properties: - sonataFlowOperator: - description: SonatafFlowOperator contains the configuration fields for the SonataFlow Operator - properties: - isReleaseCandidate: - default: false - description: Indicates RC builds should be used by the chart to install Sonataflow - type: boolean - enabled: - default: true - description: Enabled determines whether to deploy the SonataFlow Operator operator or not. Defaults to true. - type: boolean - subscription: - description: Subscription specifies the subscription attributes to use to deploy the operator. - properties: - channel: - default: alpha - description: Channel defines the channel of the operator package to subscribe to - type: string - installPlanApproval: - default: Automatic - description: InstallPlanApproval specifies the approval policy for an InstallPlan. It must be one of "Automatic" or "Manual". Defaults to Automatic. - type: string - name: - default: logic-operator-rhel8 - description: Name defines the name of the operator package - type: string - namespace: - default: openshift-serverless-logic - description: Namespace determines the namespace where the operator should be deployed. Defaults to openshift-serverless-logic - type: string - sourceName: - default: "redhat-operators" - description: SourceName captures the name of the catalog source - type: string - startingCSV: - default: "logic-operator-rhel8.v1.33.0" - description: The initial version of the operator - type: string - type: object - type: object - serverlessOperator: - description: - properties: - enabled: - description: Enabled determines whether the operator should be deployed by the chart. Defaults to true. - default: true - type: boolean - subscription: - description: Subscription specifies the subscription attributes to use to deploy the operator. - properties: - channel: - description: Channel defines the channel of the operator package to subscribe to - default: stable - type: string - installPlanApproval: - description: InstallPlanApproval specifies the approval policy for an InstallPlan. It must be one of "Automatic" or "Manual". Defaults to Automatic. - default: Automatic - type: string - name: - description: Name defines the name of the operator package - default: serverless-operator - type: string - namespace: - description: Namespace determines the namespace where the operator should be deployed. Defaults to openshift-serverless - default: openshift-serverless - type: string - sourceName: - description: SourceName captures the name of the catalog source - default: "redhat-operators" - type: string - type: object - type: object - rhdhOperator: - description: RHDH Operator contains the configuration fields for the Red Hat Developer Hub operator - properties: - isReleaseCandidate: - default: false - description: Indicates RC builds should be used by the chart to install the Serverless Operator - type: boolean - enabled: - default: true - description: Enabled determines whether the operator should be deployed by the chart. Defaults to true - type: boolean - enableGuestProvider: - default: false - description: EnableGuestProvider captures whether to enable the guest provider in RHDH. Defaults to false. - type: boolean - catalogBranch: - default: "v1.2.x" - description: CatalogBranch captures the catalog branch value. Defaults to "v1.2.x". - type: string - secretRef: - description: Backstage secret reference information - properties: - name: - description: Name of the secret that contains the credentials for the plugin to establish a communication channel with the Kubernetes API, ArgoCD, GitHub servers and SMTP mail server. - default: backstage-backend-auth-secret - type: string - backstage: - description: Backstage specific configuration fields that contain the Backstate confidential keys. - properties: - backendSecret: - default: BACKEND_SECRET - description: Key in the secret with name defined in the 'name' field that contains the value of the Backstage backend secret. Defaults to 'BACKEND_SECRET'. It's required. - type: string - type: object - github: - description: GitHub specific configuration fields that are injected to the backstage instance to allow the plugin to communicate with GitHub. - properties: - token: - description: Key in the secret with name defined in the 'name' field that contains the value of the authentication token as expected by GitHub. Required for importing resource to the catalog, launching software templates and more. Defaults to 'GITHUB_TOKEN', empty for not available. - default: GITHUB_TOKEN - type: string - clientId: - description: Key in the secret with name defined in the 'name' field that contains the value of the client ID that you generated on GitHub, for GitHub authentication (requires GitHub App). Defaults to 'GITHUB_CLIENT_ID', empty for not available. - default: GITHUB_CLIENT_ID - type: string - clientSecret: - description: Key in the secret with name defined in the 'name' field that contains the value of the client secret tied to the generated client ID. Defaults to 'GITHUB_CLIENT_SECRET', empty for not available. - default: GITHUB_CLIENT_SECRET - type: string - type: object - k8s: - description: Kubernetes specific configuration fields that are injected to the backstage instance to allow the plugin to communicate with the Kubernetes API Server. - properties: - clusterToken: - description: Key in the secret with name defined in the 'name' field that contains the value of the API URL of the kubernetes cluster. Defaults to 'K8S_CLUSTER_TOKEN', empty for not available. - type: string - default: K8S_CLUSTER_TOKEN - clusterUrl: - description: Key in the secret with name defined in the 'name' field that contains the value of the Kubernetes API bearer token used for authentication. Defaults to 'K8S_CLUSTER_URL', empty for not available. - type: string - default: K8S_CLUSTER_URL - type: object - argocd: - description: ArgoCD specific configuration fields that are injected to the backstage instance to allow the plugin to communicate with ArgoCD. Note that ArgoCD must be deployed beforehand and the argocd.enabled field must be set to true as well. - type: object - properties: - url: - description: Key in the secret with name defined in the 'name' field that contains the value of the URL of the ArgoCD API server. Defaults to 'ARGOCD_URL', empty for not available. - type: string - default: ARGOCD_URL - username: - description: Key in the secret with name defined in the 'name' field that contains the value of the username to login to ArgoCD. Defaults to 'ARGOCD_USERNAME', empty for not available. - type: string - default: ARGOCD_USERNAME - password: - description: Key in the secret with name defined in the 'name' field that contains the value of the password to authenticate to ArgoCD. Defaults to 'ARGOCD_PASSWORD', empty for not available. - type: string - default: ARGOCD_PASSWORD - notificationsEmail: - description: Notifications Email backstage plugin specific configuration fields that are injected to the backstage instance. - type: object - properties: - hostname: - description: Key in the secret with name defined in the 'name' field that contains the value of the hostname of the SMTP server for the notifications plugin. Defaults to 'NOTIFICATIONS_EMAIL_HOSTNAME', empty for not available. - type: string - default: NOTIFICATIONS_EMAIL_HOSTNAME - username: - description: Key in the secret with name defined in the 'name' field that contains the value of the username of the SMTP server for the notifications plugin. Defaults to 'NOTIFICATIONS_EMAIL_USERNAME', empty for not available. - type: string - default: NOTIFICATIONS_EMAIL_USERNAME - password: - description: Key in the secret with name defined in the 'name' field that contains the value of the password of the SMTP server for the notifications plugin. Defaults to 'NOTIFICATIONS_EMAIL_PASSWORD', empty for not available. - type: string - default: NOTIFICATIONS_EMAIL_PASSWORD - type: object - subscription: - description: Subscription specifies the subscription attributes to use to deploy the operator. - properties: - channel: - default: fast-1.2 - description: Channel defines the channel of the operator package to subscribe to - type: string - installPlanApproval: - default: Automatic - description: InstallPlanApproval specifies the approval policy - for an InstallPlan. It must be one of "Automatic" or "Manual". - Defaults to Automatic. - type: string - name: - default: rhdh - description: Name defines the name of the operator package - type: string - namespace: - default: rhdh-operator - description: Namespace determines the namespace where the operator should be deployed. Defaults to rhdh-operator - type: string - sourceName: - default: "redhat-operators" - description: SourceName captures the name of the catalog source - type: string - startingCSV: - default: "" - description: The initial version of the operator - type: string - targetNamespace: - default: rhdh-operator - description: The target namespace for the backstage CR in which RHDH instance is created - type: string - type: object - type: object - rhdhPlugins: - description: Backstage plugins - properties: - npmRegistry: - description: NPM registry is defined already in the container, but sometimes the registry need to be modified to use different versions of the plugin, for example staging (https://npm.stage.registry.redhat.com) or development repositories - default: "https://npm.stage.registry.redhat.com" - type: string - scope: - description: Scope of the plugins - default: "@redhat" - type: string - orchestrator: - description: Orchestrator plugin information - properties: - package: - description: Package name - default: backstage-plugin-orchestrator@1.2.0-rc.1 - type: string - integrity: - description: Package SHA integrity - default: sha512-4C3ZeaGeJdrDWRlWGm1sxiZrfn5cIYynlIsKCcKq+aGpZKJABaKesuvGScBX++jmTbCUMDwPXZmWF20ZzSCuxg== - type: string - type: object - orchestratorBackend: - description: Orchestrator backend plugin information - properties: - package: - description: Package name - type: string - default: backstage-plugin-orchestrator-backend-dynamic@1.2.0-rc.1 - integrity: - description: Package SHA integrity - type: string - default: sha512-uF7BVOTQEofTyKGvEW7ipPhbHCjsXw8wvSx1YyAQDSsVgq7l6FckUZN2jT0kXmiGqH2f7C7+xKIAoi/ETn3Kdw== - type: object - notifications: - description: Notification plugin information - properties: - package: - description: Package name - type: string - default: plugin-notifications-dynamic@1.2.0-rc.1 - integrity: - description: Package SHA integrity - type: string - default: sha512-3sKvF+sMzx1dPzSGHlbeePmUTrFKztSRcOQGsP60GHgEfg/g4NHQi2nZMlaYYG4+2/ChMl/CrA0vv481s5bgHg== - type: object - notificationsBackend: - description: Notification backend plugin information - properties: - package: - description: Package name - type: string - default: plugin-notifications-backend-dynamic@1.2.0-rc.1 - integrity: - description: Package SHA integrity - type: string - default: sha512-LgW8Jq5a0fxPymQoH99ssvwUz0mZLb3dmUx53LtImdT5+B/cKQ/VKa+iLDe7bMZepwqA0yJmjf/tDwKi8qzNqg== - type: object - signals: - description: Signals plugin information - properties: - package: - description: Package name - type: string - default: plugin-signals-dynamic@1.2.0-rc.1 - integrity: - description: Package SHA integrity - type: string - default: sha512-ESZJiXPL5hbE3w0oenBy/iY50V/QS5udqfdY0EggCLz7McsjYuBgz9zyowi87oxt8Sscu/Er9gquqi8gGAo4Dw== - type: object - signalsBackend: - description: Signals backend plugin information - properties: - package: - description: Package name - type: string - default: plugin-signals-backend-dynamic@1.2.0-rc.1 - integrity: - description: Package SHA integrity - type: string - default: sha512-yFSHfkvq9RTzeWTb+V0mMCxShrbHdad6AhNKZ0wU6ywbjw5N9CaedmD0eG+A7f7XEy3dLsmTxIlYbshdct4TiQ== - type: object - notificationsEmail: - description: Notification email plugin information - properties: - enabled: - description: whether to install the notifications email plugin. requires setting of hostname and credentials in backstage secret to enable. See value backstage-backend-auth-secret. See plugin configuration at https://github.com/backstage/backstage/blob/master/plugins/notifications-backend-module-email/config.d.ts - type: boolean - default: false - package: - description: Package name - type: string - default: plugin-notifications-backend-module-email-dynamic@1.2.0-rc.1 - integrity: - description: Package SHA integrity - type: string - default: sha512-S2+gNOoEyQMPATdfIIB4XvZPLGWqyCiAHsOgfgW3qxjM8paSYoxbhHtGP2m+1BePLSbm9PBjVv54xOWTPyL25A== - port: - description: SMTP server port - type: integer - default: 587 - sender: - description: The email sender address - type: string - default: "" - replyTo: - description: Reply-to address - type: string - default: "" - type: object - type: object - postgres: - description: Sonataflow operator PostgreSQL configuration details - properties: - serviceName: - description: The name of the Postgres DB service to be used by platform services. Cannot be empty. - default: sonataflow-psql-postgresql - type: string - serviceNamespace: - description: The namespace of the Postgres DB service to be used by platform services. - default: sonataflow-infra - type: string - authSecret: - description: PostgreSQL connection credentials details - properties: - name: - description: Name of existing secret to use for PostgreSQL credentials. - default: sonataflow-psql-postgresql - type: string - userKey: - description: Name of key in existing secret to use for PostgreSQL credentials. - default: postgres-username - type: string - passwordKey: - description: name of key in existing secret to use for PostgreSQL credentials. - default: postgres-password - type: string - type: object - database: - description: Existing database instance used by data index and job service - default: sonataflow - type: string - type: object - orchestrator: - description: Orchestrator contains the fields for the orchestrator configuration - properties: - namespace: - description: Namespace where sonataflow's workflows run. The value is captured when running the setup.sh script and stored as a label in the target namespace. User can override the value by populating this field. Defaults to `sonataflow-infra`. This field takes precendence over the value in the label. - type: string - default: sonataflow-infra - sonataflowPlatform: - description: SonataflowPlatform contains the pod resource configuration to be used for the data index and job services - properties: - resources: - description: Resources contains the requests and limit of CPU and memory resources for the pod instance - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - properties: - cpu: - description: CPU defines the CPU resource limits - default: 500m - type: string - memory: - description: Memory defines the memory resource limits - default: 1Gi - type: string - type: object - requests: - description: | - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. - Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - properties: - cpu: - description: CPU defines the CPU resource limits - default: 250m - type: string - memory: - description: Memory defines the memory resource limits - default: 64Mi - type: string - type: object - dataIndexImage: - description: This field contains the location of a custom DataIndex service container image to be used instead of the provided one by SonataFlow - default: - type: string - jobServiceImage: - description: This field contains the location of a custom Job Service container image to be used instead of the provided one by SonataFlow - default: - type: string - type: object - type: object - tekton: - description: Contains the tekton configuration fields - properties: - enabled: - description: Enabled determines whether to create the Tekton pipeline resources. Defaults to false. - default: false - type: boolean - type: object - argocd: - description: ArgoCD contains the fields for the ArgoCD configuration - properties: - enabled: - description: Enabled determines whether to install the ArgoCD plugin and create the orchestrator AppProject - type: boolean - default: false - namespace: - description: Namespace defines the namespace where ther ArgoCD operator is deployed and is watching for argoapp CR instances - type: string - default: orchestrator-gitops - type: object - status: - description: Status defines the observed state of Orchestrator - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true - subresources: - status: {} diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml deleted file mode 100644 index bd12f630..00000000 --- a/config/crd/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# This kustomization.yaml is not intended to be run by itself, -# since it depends on service name and namespace that are out of this kustomize package. -# It should be run by config/default -resources: -- bases/orchestrator.parodos.dev_orchestrators.yaml -#+kubebuilder:scaffold:crdkustomizeresource diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml deleted file mode 100644 index 447a5b7e..00000000 --- a/config/default/kustomization.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# Adds namespace to all resources. -namespace: orchestrator-system - -# Value of this field is prepended to the -# names of all resources, e.g. a deployment named -# "wordpress" becomes "alices-wordpress". -# Note that it should also match with the prefix (text before '-') of the namespace -# field above. -namePrefix: orchestrator- - -# Labels to add to all resources and selectors. -#labels: -#- includeSelectors: true -# pairs: -# someName: someValue - -resources: -- ../crd -- ../rbac -- ../manager -# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. -#- ../prometheus - -patches: -# Protect the /metrics endpoint by putting it behind auth. -# If you want your controller-manager to expose the /metrics -# endpoint w/o any authn/z, please comment the following line. -- path: manager_auth_proxy_patch.yaml - - diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml deleted file mode 100644 index 02da3055..00000000 --- a/config/default/manager_auth_proxy_patch.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# This patch inject a sidecar container which is a HTTP proxy for the -# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. -apiVersion: apps/v1 -kind: Deployment -metadata: - name: operator - namespace: system -spec: - template: - spec: - containers: - - name: kube-rbac-proxy - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - image: registry.redhat.io/openshift4/ose-kube-rbac-proxy-rhel9@sha256:29201e85bd41642b72c7c0ce915e40aad90823d0efc3e7bbab9c351c92c74341 - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=0" - ports: - - containerPort: 8443 - protocol: TCP - name: https - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 5m - memory: 64Mi - - name: manager - args: - - "--health-probe-bind-address=:8081" - - "--metrics-bind-address=127.0.0.1:8080" - - "--leader-elect" - - "--leader-election-id=orchestrator-operator" diff --git a/config/default/manager_config_patch.yaml b/config/default/manager_config_patch.yaml deleted file mode 100644 index 301fb2e5..00000000 --- a/config/default/manager_config_patch.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: operator - namespace: system -spec: - template: - spec: - containers: - - name: manager diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml deleted file mode 100644 index 63a47397..00000000 --- a/config/manager/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -resources: -- manager.yaml -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -images: -- name: controller - newName: quay.io/orchestrator/orchestrator-operator - newTag: 1.2.0-rc5 diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml deleted file mode 100644 index f7cde969..00000000 --- a/config/manager/manager.yaml +++ /dev/null @@ -1,101 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - control-plane: orchestrator-operator - app.kubernetes.io/name: namespace - app.kubernetes.io/instance: system - app.kubernetes.io/component: manager - app.kubernetes.io/created-by: orchestrator-operator - app.kubernetes.io/part-of: orchestrator-operator - app.kubernetes.io/managed-by: kustomize - name: system ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: operator - namespace: system - labels: - control-plane: orchestrator-operator - app.kubernetes.io/name: deployment - app.kubernetes.io/instance: orchestrator-operator - app.kubernetes.io/component: manager - app.kubernetes.io/created-by: orchestrator-operator - app.kubernetes.io/part-of: orchestrator-operator - app.kubernetes.io/managed-by: kustomize -spec: - selector: - matchLabels: - control-plane: orchestrator-operator - replicas: 1 - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: manager - labels: - control-plane: orchestrator-operator - spec: - # TODO(user): Uncomment the following code to configure the nodeAffinity expression - # according to the platforms which are supported by your solution. - # It is considered best practice to support multiple architectures. You can - # build your manager image using the makefile target docker-buildx. - # affinity: - # nodeAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # nodeSelectorTerms: - # - matchExpressions: - # - key: kubernetes.io/arch - # operator: In - # values: - # - amd64 - # - arm64 - # - ppc64le - # - s390x - # - key: kubernetes.io/os - # operator: In - # values: - # - linux - securityContext: - runAsNonRoot: true - # TODO(user): For common cases that do not require escalating privileges - # it is recommended to ensure that all your Pods/Containers are restrictive. - # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted - # Please uncomment the following code if your project does NOT have to work on old Kubernetes - # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ). - # seccompProfile: - # type: RuntimeDefault - containers: - - args: - - --leader-elect - - --leader-election-id=orchestrator-operator - image: controller:latest - name: manager - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - # TODO(user): Configure the resources accordingly based on the project requirements. - # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 10m - memory: 64Mi - serviceAccountName: operator - terminationGracePeriodSeconds: 10 diff --git a/config/manifests/bases/orchestrator-operator.clusterserviceversion.yaml b/config/manifests/bases/orchestrator-operator.clusterserviceversion.yaml deleted file mode 100644 index 6c960457..00000000 --- a/config/manifests/bases/orchestrator-operator.clusterserviceversion.yaml +++ /dev/null @@ -1,83 +0,0 @@ -apiVersion: operators.coreos.com/v1alpha1 -kind: ClusterServiceVersion -metadata: - annotations: - alm-examples: '[]' - capabilities: Basic Install - categories: Developer Tools - console.openshift.io/disable-operand-delete: "true" - features.operators.openshift.io/cnf: "false" - features.operators.openshift.io/cni: "false" - features.operators.openshift.io/csi: "false" - features.operators.openshift.io/disconnected: "false" - features.operators.openshift.io/fips-compliant: "false" - features.operators.openshift.io/proxy-aware: "false" - features.operators.openshift.io/tls-profiles: "false" - features.operators.openshift.io/token-auth-aws: "false" - features.operators.openshift.io/token-auth-azure: "false" - features.operators.openshift.io/token-auth-gcp: "false" - operator.openshift.io/uninstall-message: This action won't automatically delete - managed resources (operands). To prevent data loss or disruption, you'll need - to manually delete them. - operators.openshift.io/valid-subscription: '["Red Hat Developer Hub"]' - repository: https://github.com/parodos-dev/orchestrator-helm-operator - labels: - operatorframework.io/arch.amd64: supported - operatorframework.io/arch.arm64: unsupported - operatorframework.io/arch.ppc64le: unsupported - operatorframework.io/arch.s390x: unsupported - operatorframework.io/suggested-namespace: orchestrator - name: orchestrator-operator.v1.2.0-rc1 - namespace: placeholder -spec: - apiservicedefinitions: {} - customresourcedefinitions: - owned: - - description: Parodos introduces serverless asynchronous workflows to Backstage, - with a focus on facilitating the transition of applications to the cloud, - onboarding developers, and enabling users to create workflows for backstage - actions or external systems. - displayName: Orchestrator - kind: Orchestrator - name: orchestrators.orchestrator.parodos.dev - version: v1alpha1 - description: | - Red Hat Developer Hub Orchestrator is a plugin that enables serverless asynchronous workflows to Backstage. - - ## More Information - - * [Red Hat Developer Hub Product Page](https://www.redhat.com/en/technologies/cloud-computing/developer-hub) - * [Product Documentation](https://parodos.dev) - displayName: Orchestrator Operator - icon: - - base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c3ZnIGlkPSJ1dWlkLWEwYWY5ZDg4LTU3MGItNGQ0Ny04OWQ4LThjYWU0YmE5MjdhMiIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2aWV3Qm94PSIwIDAgMzggMzgiPjx0aXRsZT5vcmNoZXN0cmF0b3IgaWNvbjwvdGl0bGU+CjxkZXNjPkNsb3VkPC9kZXNjPgo8bWV0YWRhdGE+PD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4KPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgOC4wLWMwMDEgMS4wMDAwMDAsIDAwMDAvMDAvMDAtMDA6MDA6MDAgICAgICAgICI+CiAgIDxyZGY6UkRGIHhtbG5zOnJkZj0iaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyI+CiAgICAgIDxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PSIiCiAgICAgICAgICAgIHhtbG5zOnhtcD0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wLyIKICAgICAgICAgICAgeG1sbnM6dGlmZj0iaHR0cDovL25zLmFkb2JlLmNvbS90aWZmLzEuMC8iCiAgICAgICAgICAgIHhtbG5zOmRjPSJodHRwOi8vcHVybC5vcmcvZGMvZWxlbWVudHMvMS4xLyIKICAgICAgICAgICAgeG1sbnM6eG1wUmlnaHRzPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvcmlnaHRzLyI+CiAgICAgICAgIDx4bXA6cmhjYy1lZmZlY3RpdmUtb24+MjAyNC0wNy0wOFQyMDo1Nzo1OS44NjVaPC94bXA6cmhjYy1lZmZlY3RpdmUtb24+CiAgICAgICAgIDx4bXA6cmhjYy1yaWdodHMtcmVzdHJpY3RlZD5ubzwveG1wOnJoY2MtcmlnaHRzLXJlc3RyaWN0ZWQ+CiAgICAgICAgIDx4bXA6YnJhbmQtY29udGVudC1zdWJ0eXBlPlRlY2hub2xvZ3kgaWNvbjwveG1wOmJyYW5kLWNvbnRlbnQtc3VidHlwZT4KICAgICAgICAgPHhtcDpyaGNjLW1ldGFkYXRhLWNvbXBsZXRlLW1vZGVyYXRvcj5wZW5kaW5nPC94bXA6cmhjYy1tZXRhZGF0YS1jb21wbGV0ZS1tb2RlcmF0b3I+CiAgICAgICAgIDx4bXA6cmhjYy10cmFuc2xhdGlvbi1pZD5UUkE4Nzk4MDVkOC0zZGZiLTRlMzgtOTc1NS1jNWNlOTY3MjI5OGY8L3htcDpyaGNjLXRyYW5zbGF0aW9uLWlkPgogICAgICAgICA8eG1wOmJyYW5kLWNvbnRlbnQtdHlwZT5JY29uPC94bXA6YnJhbmQtY29udGVudC10eXBlPgogICAgICAgICA8eG1wOkNyZWF0ZURhdGU+MjAyNC0wNy0wOFQyMDo1Nzo1OS44NjVaPC94bXA6Q3JlYXRlRGF0ZT4KICAgICAgICAgPHhtcDpyaGNjLWRlcml2YXRpdmUtaWQ+REVSODc5ODA1ZDgtM2RmYi00ZTM4LTk3NTUtYzVjZTk2NzIyOThmPC94bXA6cmhjYy1kZXJpdmF0aXZlLWlkPgogICAgICAgICA8eG1wOnJoY2MtZWZmZWN0aXZlLW9uLXNldC1vbi11cGxvYWQ+dHJ1ZTwveG1wOnJoY2MtZWZmZWN0aXZlLW9uLXNldC1vbi11cGxvYWQ+CiAgICAgICAgIDx4bXA6YnJhbmQtbG9nby1jb2xvcj5TdGFuZGFyZDwveG1wOmJyYW5kLWxvZ28tY29sb3I+CiAgICAgICAgIDx4bXA6cmhjYy1tZXRhZGF0YS1jb21wbGV0ZS11cGxvYWRlcj5wZW5kaW5nPC94bXA6cmhjYy1tZXRhZGF0YS1jb21wbGV0ZS11cGxvYWRlcj4KICAgICAgICAgPHhtcDpyaGNjLWZpbGUtbGFzdC1tb2RpZmllZD4yMDI0LTA3LTA4VDIwOjU4OjA5LjkzOFo8L3htcDpyaGNjLWZpbGUtbGFzdC1tb2RpZmllZD4KICAgICAgICAgPHhtcDpyaGNjLWF1ZGllbmNlPnJoY2MtYXVkaWVuY2U6aW50ZXJuYWw8L3htcDpyaGNjLWF1ZGllbmNlPgogICAgICAgICA8eG1wOnJoY2Mtbm90aWZ5LXBvcnRhbC1zdWJzY3JpYmVycy1vbi1jaGFuZ2U+eWVzPC94bXA6cmhjYy1ub3RpZnktcG9ydGFsLXN1YnNjcmliZXJzLW9uLWNoYW5nZT4KICAgICAgICAgPHhtcDpyaGNjLXByb2R1Y3Q+CiAgICAgICAgICAgIDxyZGY6QmFnPgogICAgICAgICAgICAgICA8cmRmOmxpPnJoY2MtcHJvZHVjdDpyZWQtaGF0LWRldmVsb3Blci1odWI8L3JkZjpsaT4KICAgICAgICAgICAgPC9yZGY6QmFnPgogICAgICAgICA8L3htcDpyaGNjLXByb2R1Y3Q+CiAgICAgICAgIDx0aWZmOkltYWdlTGVuZ3RoPjM4PC90aWZmOkltYWdlTGVuZ3RoPgogICAgICAgICA8dGlmZjpJbWFnZVdpZHRoPjM4PC90aWZmOkltYWdlV2lkdGg+CiAgICAgICAgIDxkYzpmb3JtYXQ+aW1hZ2Uvc3ZnK3htbDwvZGM6Zm9ybWF0PgogICAgICAgICA8ZGM6bW9kaWZpZWQ+MjAyNC0wNy0wOFQyMDo1OToyMi44ODlaPC9kYzptb2RpZmllZD4KICAgICAgICAgPGRjOmRlc2NyaXB0aW9uPgogICAgICAgICAgICA8cmRmOkFsdD4KICAgICAgICAgICAgICAgPHJkZjpsaSB4bWw6bGFuZz0ieC1kZWZhdWx0Ij5DbG91ZDwvcmRmOmxpPgogICAgICAgICAgICA8L3JkZjpBbHQ+CiAgICAgICAgIDwvZGM6ZGVzY3JpcHRpb24+CiAgICAgICAgIDxkYzp0aXRsZT4KICAgICAgICAgICAgPHJkZjpBbHQ+CiAgICAgICAgICAgICAgIDxyZGY6bGkgeG1sOmxhbmc9IngtZGVmYXVsdCI+b3JjaGVzdHJhdG9yIGljb248L3JkZjpsaT4KICAgICAgICAgICAgPC9yZGY6QWx0PgogICAgICAgICA8L2RjOnRpdGxlPgogICAgICAgICA8eG1wUmlnaHRzOlVzYWdlVGVybXM+CiAgICAgICAgICAgIDxyZGY6QWx0PgogICAgICAgICAgICAgICA8cmRmOmxpIHhtbDpsYW5nPSJ4LWRlZmF1bHQiPlVzZSB0ZWNobm9sb2d5IGljb25zIHRvIHJlcHJlc2VudCBSZWQgSGF0IHByb2R1Y3RzIGFuZCBjb21wb25lbnRzLiBEbyBub3QgcmVtb3ZlIHRoZSBpY29uIGZyb20gdGhlIGJvdW5kaW5nIHNoYXBlLjwvcmRmOmxpPgogICAgICAgICAgICA8L3JkZjpBbHQ+CiAgICAgICAgIDwveG1wUmlnaHRzOlVzYWdlVGVybXM+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAKPD94cGFja2V0IGVuZD0idyI/PjwvbWV0YWRhdGE+CjxkZWZzPjxzdHlsZT4udXVpZC1jMTkzZTg1NC1kOTU4LTRhZGYtYjNiZS03ZmVhMjNjNmZiMWZ7ZmlsbDojZTBlMGUwO30udXVpZC1jMTkzZTg1NC1kOTU4LTRhZGYtYjNiZS03ZmVhMjNjNmZiMWYsLnV1aWQtMzU4MjVlODEtMTdiMy00YWQ1LThhZTUtOGYxODU4OGIzNjg5LC51dWlkLWQ3MzhjOTFjLTkxYjUtNDg1OC04MWRhLTEyZjA2MmNkNTkwNCwudXVpZC0wMmVjZTY4MC1kOTVjLTQ1Y2QtYjg0Ny0xZjQwZGZlYTg5MTF7c3Ryb2tlLXdpZHRoOjBweDt9LnV1aWQtMzU4MjVlODEtMTdiMy00YWQ1LThhZTUtOGYxODU4OGIzNjg5e2ZpbGw6IzAwMDt9LnV1aWQtZDczOGM5MWMtOTFiNS00ODU4LTgxZGEtMTJmMDYyY2Q1OTA0e2ZpbGw6I2UwMDt9LnV1aWQtMDJlY2U2ODAtZDk1Yy00NWNkLWI4NDctMWY0MGRmZWE4OTExe2ZpbGw6I2ZmZjt9PC9zdHlsZT48L2RlZnM+PHJlY3QgY2xhc3M9InV1aWQtMDJlY2U2ODAtZDk1Yy00NWNkLWI4NDctMWY0MGRmZWE4OTExIiB4PSIxIiB5PSIxIiB3aWR0aD0iMzYiIGhlaWdodD0iMzYiIHJ4PSI5IiByeT0iOSIvPjxwYXRoIGNsYXNzPSJ1dWlkLWMxOTNlODU0LWQ5NTgtNGFkZi1iM2JlLTdmZWEyM2M2ZmIxZiIgZD0iTTI4LDIuMjVjNC4yNzM0LDAsNy43NSwzLjQ3NjYsNy43NSw3Ljc1djE4YzAsNC4yNzM0LTMuNDc2Niw3Ljc1LTcuNzUsNy43NUgxMGMtNC4yNzM0LDAtNy43NS0zLjQ3NjYtNy43NS03Ljc1VjEwYzAtNC4yNzM0LDMuNDc2Ni03Ljc1LDcuNzUtNy43NWgxOE0yOCwxSDEwQzUuMDI5NCwxLDEsNS4wMjk0LDEsMTB2MThjMCw0Ljk3MDYsNC4wMjk0LDksOSw5aDE4YzQuOTcwNiwwLDktNC4wMjk0LDktOVYxMGMwLTQuOTcwNi00LjAyOTQtOS05LTloMFoiLz48cGF0aCBjbGFzcz0idXVpZC1kNzM4YzkxYy05MWI1LTQ4NTgtODFkYS0xMmYwNjJjZDU5MDQiIGQ9Ik0xNCw5LjM3NWgtNGMtLjM0NDcsMC0uNjI1LjI3OTgtLjYyNS42MjV2NGMwLC4zNDUyLjI4MDMuNjI1LjYyNS42MjVoNGMuMzQ0NywwLC42MjUtLjI3OTguNjI1LS42MjV2LTRjMC0uMzQ1Mi0uMjgwMy0uNjI1LS42MjUtLjYyNVpNMTMuMzc1LDEzLjM3NWgtMi43NXYtMi43NWgyLjc1djIuNzVaIi8+PHBhdGggY2xhc3M9InV1aWQtZDczOGM5MWMtOTFiNS00ODU4LTgxZGEtMTJmMDYyY2Q1OTA0IiBkPSJNMjcsMjIuNjE5NmMuMTY5OSwwLC4zMzAxLS4wNTk2LjQzOTUtLjE3OTcuMTIwMS0uMTEwNC4xOTA0LS4yODAzLjE5MDQtLjQzOTksMC0uMDgwMS0uMDIwNS0uMTYwMi0uMDQ5OC0uMjQwMi0uMDMwMy0uMDY5OC0uMDgwMS0uMTQwMS0uMTQwNi0uMTk5Ny0uMjI5NS0uMjMwNS0uNjQ5NC0uMjMwNS0uODc5OSwwLS4xMjAxLjEwOTktLjE3OTcuMjY5NS0uMTc5Ny40Mzk5LDAsLjE2OTkuMDU5Ni4zMjk2LjE3OTcuNDM5OS4xMjAxLjEyMDEuMjgwMy4xNzk3LjQ0MDQuMTc5N1oiLz48cGF0aCBjbGFzcz0idXVpZC1kNzM4YzkxYy05MWI1LTQ4NTgtODFkYS0xMmYwNjJjZDU5MDQiIGQ9Ik0yNSwyMi42MTk2Yy4xNjk5LDAsLjMzMDEtLjA1OTYuNDM5NS0uMTc5Ny4xMjAxLS4xMTA0LjE5MDQtLjI4MDMuMTkwNC0uNDM5OSwwLS4wODAxLS4wMjA1LS4xNjAyLS4wNDk4LS4yNDAyLS4wMzAzLS4wNjk4LS4wODAxLS4xNDAxLS4xNDA2LS4xOTk3LS4wNDk4LS4wNjAxLS4xMjk5LS4xMTA0LS4xOTkyLS4xNDAxLS4yMzA1LS4wOTAzLS41MTA3LS4wNC0uNjgwNy4xNDAxLS4wNTk2LjA1OTYtLjEwOTQuMTI5OS0uMTM5Ni4xOTk3LS4wMzAzLjA4MDEtLjA0OTguMTYwMi0uMDQ5OC4yNDAyLDAsLjE1OTcuMDY5My4zMjk2LjE4OTUuNDM5OS4xMTA0LjEyMDEuMjgwMy4xNzk3LjQ0MDQuMTc5N1oiLz48cGF0aCBjbGFzcz0idXVpZC1kNzM4YzkxYy05MWI1LTQ4NTgtODFkYS0xMmYwNjJjZDU5MDQiIGQ9Ik0yOSwxOS4zNzVoLThjLS4zNDQ3LDAtLjYyNS4yNzk4LS42MjUuNjI1djhjMCwuMzQ1Mi4yODAzLjYyNS42MjUuNjI1aDhjLjM0NDcsMCwuNjI1LS4yNzk4LjYyNS0uNjI1di04YzAtLjM0NTItLjI4MDMtLjYyNS0uNjI1LS42MjVaTTI4LjM3NSwyNy4zNzVoLTYuNzV2LTYuNzVoNi43NXY2Ljc1WiIvPjxwYXRoIGNsYXNzPSJ1dWlkLTM1ODI1ZTgxLTE3YjMtNGFkNS04YWU1LThmMTg1ODhiMzY4OSIgZD0iTTIxLjUsMTEuMzc1aC01LjVjLS4zNDQ3LDAtLjYyNS4yNzk4LS42MjUuNjI1cy4yODAzLjYyNS42MjUuNjI1aDUuNWMxLjAzNDIsMCwxLjg3NS44NDEzLDEuODc1LDEuODc1cy0uODQwOCwxLjg3NS0xLjg3NSwxLjg3NWgtMi44NzV2LS4zNzVjMC0uMjUyOS0uMTUyMy0uNDgwNS0uMzg1Ny0uNTc3Ni0uMjMxNC0uMDk1Mi0uNTAyLS4wNDM5LS42ODE2LjEzNTdsLTEsMWMtLjAxMjkuMDEyOS0uMDE3NS4wMy0uMDI4OS4wNDM4LS4wNDEyLjA0ODgtLjA4MDYuMDk5NC0uMTA1NC4xNTkyLS4wMjc2LjA2Ny0uMDM5LjEzODItLjA0MjQuMjA5Ni0uMDAwNS4wMTAzLS4wMDU5LjAxODktLjAwNTkuMDI5MywwLC4wMTA0LjAwNTUuMDE5Mi4wMDYuMDI5NS4wMDM0LjA3MTMuMDE0Ny4xNDIzLjA0MjMuMjA5NC4wMjQ5LjA2MDEuMDY0NC4xMTEuMTA1OC4xNi4wMTE0LjAxMzUuMDE1OC4wMzA0LjAyODUuMDQzMWwxLDFjLjEyMDEuMTE5Ni4yODAzLjE4MzEuNDQyNC4xODMxLjA4MTEsMCwuMTYyMS0uMDE1Ni4yMzkzLS4wNDc0LjIzMzQtLjA5NzIuMzg1Ny0uMzI0Ny4zODU3LS41Nzc2di0uMzc1aDIuODc1YzEuNzIyNywwLDMuMTI1LTEuNDAxOSwzLjEyNS0zLjEyNXMtMS40MDIzLTMuMTI1LTMuMTI1LTMuMTI1WiIvPjxwYXRoIGNsYXNzPSJ1dWlkLTM1ODI1ZTgxLTE3YjMtNGFkNS04YWU1LThmMTg1ODhiMzY4OSIgZD0iTTE3LjQ0MjQsMjAuNTU4MWMtLjI0NDEtLjI0NDEtLjY0MDYtLjI0NDEtLjg4NDgsMC0uMjQzMi4yNDQxLS4yNDMyLjYzOTYsMCwuODgzOGwuOTMzNC45MzMxaC0zLjQ5MWMtMS4zMDk2LDAtMi4zNzUtMS4wNjU0LTIuMzc1LTIuMzc1czEuMDY1NC0yLjM3NSwyLjM3NS0yLjM3NWgxYy4zNDQ3LDAsLjYyNS0uMjc5OC42MjUtLjYyNXMtLjI4MDMtLjYyNS0uNjI1LS42MjVoLTFjLTEuOTk5LDAtMy42MjUsMS42MjYtMy42MjUsMy42MjVzMS42MjYsMy42MjUsMy42MjUsMy42MjVoMy40OTFsLS45MzM0LjkzMzFjLS4yNDMyLjI0NDEtLjI0MzIuNjM5NiwwLC44ODM4LjEyMjEuMTIyMS4yODIyLjE4MzEuNDQyNC4xODMxcy4zMjAzLS4wNjEuNDQyNC0uMTgzMWwyLTJjLjI0MzItLjI0NDEuMjQzMi0uNjM5NiwwLS44ODM4bC0yLTJaIi8+PC9zdmc+ - mediatype: image/svg+xml - install: - spec: - deployments: null - strategy: "" - installModes: - - supported: false - type: OwnNamespace - - supported: false - type: SingleNamespace - - supported: false - type: MultiNamespace - - supported: true - type: AllNamespaces - keywords: - - Orchestrator - - RHDH - - Backstage - links: - - name: Orchestrator Operator - url: https://github.com/parodos-dev/orchestrator-helm-operator - maintainers: - - email: jgil@redhat.com - name: Red Hat - maturity: alpha - minKubeVersion: 1.26.0 - provider: - name: Red Hat - url: https://www.redhat.com - version: 1.2.0 diff --git a/config/manifests/kustomization.yaml b/config/manifests/kustomization.yaml deleted file mode 100644 index 94b14158..00000000 --- a/config/manifests/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ -# These resources constitute the fully configured set of manifests -# used to generate the 'manifests/' directory in a bundle. -resources: -- bases/orchestrator-operator.clusterserviceversion.yaml -- ../default -- ../samples -- ../scorecard -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml deleted file mode 100644 index ed137168..00000000 --- a/config/prometheus/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: -- monitor.yaml diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml deleted file mode 100644 index b99c9978..00000000 --- a/config/prometheus/monitor.yaml +++ /dev/null @@ -1,26 +0,0 @@ - -# Prometheus Monitor Service (Metrics) -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - control-plane: orchestrator-operator - app.kubernetes.io/name: servicemonitor - app.kubernetes.io/instance: orchestrator-operator-metrics-monitor - app.kubernetes.io/component: metrics - app.kubernetes.io/created-by: orchestrator-operator - app.kubernetes.io/part-of: orchestrator-operator - app.kubernetes.io/managed-by: kustomize - name: orchestrator-operator-metrics-monitor - namespace: system -spec: - endpoints: - - path: /metrics - port: https - scheme: https - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - tlsConfig: - insecureSkipVerify: true - selector: - matchLabels: - control-plane: orchestrator-operator diff --git a/config/rbac/auth_proxy_client_clusterrole.yaml b/config/rbac/auth_proxy_client_clusterrole.yaml deleted file mode 100644 index 9d294166..00000000 --- a/config/rbac/auth_proxy_client_clusterrole.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: clusterrole - app.kubernetes.io/instance: metrics-reader - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: orchestrator-operator - app.kubernetes.io/part-of: orchestrator-operator - app.kubernetes.io/managed-by: kustomize - name: metrics-reader -rules: -- nonResourceURLs: - - "/metrics" - verbs: - - get diff --git a/config/rbac/auth_proxy_role.yaml b/config/rbac/auth_proxy_role.yaml deleted file mode 100644 index 6413029a..00000000 --- a/config/rbac/auth_proxy_role.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: clusterrole - app.kubernetes.io/instance: proxy-role - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: orchestrator-operator - app.kubernetes.io/part-of: orchestrator-operator - app.kubernetes.io/managed-by: kustomize - name: proxy-role -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create diff --git a/config/rbac/auth_proxy_role_binding.yaml b/config/rbac/auth_proxy_role_binding.yaml deleted file mode 100644 index af0b5c78..00000000 --- a/config/rbac/auth_proxy_role_binding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: clusterrolebinding - app.kubernetes.io/instance: proxy-rolebinding - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: orchestrator-operator - app.kubernetes.io/part-of: orchestrator-operator - app.kubernetes.io/managed-by: kustomize - name: proxy-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: proxy-role -subjects: -- kind: ServiceAccount - name: operator - namespace: system diff --git a/config/rbac/auth_proxy_service.yaml b/config/rbac/auth_proxy_service.yaml deleted file mode 100644 index 873b5ec6..00000000 --- a/config/rbac/auth_proxy_service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: orchestrator-operator - app.kubernetes.io/name: service - app.kubernetes.io/instance: orchestrator-operator-metrics-service - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: orchestrator-operator - app.kubernetes.io/part-of: orchestrator-operator - app.kubernetes.io/managed-by: kustomize - name: metrics-service - namespace: system -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - selector: - control-plane: orchestrator-operator diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml deleted file mode 100644 index 731832a6..00000000 --- a/config/rbac/kustomization.yaml +++ /dev/null @@ -1,18 +0,0 @@ -resources: -# All RBAC will be applied under this service account in -# the deployment namespace. You may comment out this resource -# if your manager will use a service account that exists at -# runtime. Be sure to update RoleBinding and ClusterRoleBinding -# subjects if changing service account names. -- service_account.yaml -- role.yaml -- role_binding.yaml -- leader_election_role.yaml -- leader_election_role_binding.yaml -# Comment the following 4 lines if you want to disable -# the auth proxy (https://github.com/brancz/kube-rbac-proxy) -# which protects your /metrics endpoint. -- auth_proxy_service.yaml -- auth_proxy_role.yaml -- auth_proxy_role_binding.yaml -- auth_proxy_client_clusterrole.yaml diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml deleted file mode 100644 index 7cedb1b5..00000000 --- a/config/rbac/leader_election_role.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# permissions to do leader election. -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/name: role - app.kubernetes.io/instance: leader-election-role - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: orchestrator-operator - app.kubernetes.io/part-of: orchestrator-operator - app.kubernetes.io/managed-by: kustomize - name: leader-election-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml deleted file mode 100644 index 12f83d35..00000000 --- a/config/rbac/leader_election_role_binding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/name: rolebinding - app.kubernetes.io/instance: leader-election-rolebinding - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: orchestrator-operator - app.kubernetes.io/part-of: orchestrator-operator - app.kubernetes.io/managed-by: kustomize - name: leader-election-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: leader-election-role -subjects: -- kind: ServiceAccount - name: operator - namespace: system diff --git a/config/rbac/orchestrator_editor_role.yaml b/config/rbac/orchestrator_editor_role.yaml deleted file mode 100644 index 9447b532..00000000 --- a/config/rbac/orchestrator_editor_role.yaml +++ /dev/null @@ -1,31 +0,0 @@ -# permissions for end users to edit orchestrators. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: clusterrole - app.kubernetes.io/instance: orchestrator-editor-role - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: orchestrator-operator - app.kubernetes.io/part-of: orchestrator-operator - app.kubernetes.io/managed-by: kustomize - name: orchestrator-editor-role -rules: -- apiGroups: - - orchestrator.parodos.dev - resources: - - orchestrators - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - orchestrator.parodos.dev - resources: - - orchestrators/status - verbs: - - get diff --git a/config/rbac/orchestrator_viewer_role.yaml b/config/rbac/orchestrator_viewer_role.yaml deleted file mode 100644 index 6d558229..00000000 --- a/config/rbac/orchestrator_viewer_role.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# permissions for end users to view orchestrators. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: clusterrole - app.kubernetes.io/instance: orchestrator-viewer-role - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: orchestrator-operator - app.kubernetes.io/part-of: orchestrator-operator - app.kubernetes.io/managed-by: kustomize - name: orchestrator-viewer-role -rules: -- apiGroups: - - orchestrator.parodos.dev - resources: - - orchestrators - verbs: - - get - - list - - watch -- apiGroups: - - orchestrator.parodos.dev - resources: - - orchestrators/status - verbs: - - get diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml deleted file mode 100644 index 42705229..00000000 --- a/config/rbac/role.yaml +++ /dev/null @@ -1,226 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: manager-role -rules: -## -## Base operator rules -## -# We need to get namespaces so the operator can read namespaces to ensure they exist -# We need to manage Helm release secrets -- apiGroups: - - "" - resources: - - namespaces - - secrets - - pods - - services - - services/finalizers - - events - - configmaps - - serviceaccounts - verbs: - - list - - get - - delete - - update - - create - - patch - - watch -# We need to create events on CRs about things happening during reconciliation -- apiGroups: - - "" - resources: - - events - verbs: - - create -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list -- apiGroups: - - operators.coreos.com - resources: - - operatorgroups - - subscriptions - - catalogsources - verbs: - - list - - get - - delete - - update - - create - - patch - - watch -- apiGroups: - - config.openshift.io - resources: - - ingresses - verbs: - - get - - list -- apiGroups: - - operator.knative.dev - resources: - - knativeeventings - - knativeservings - verbs: - - get - - create - - delete - - list - - watch - - patch - - update -- apiGroups: - - serving.knative.dev - resources: - - services - verbs: - - list - - get -- apiGroups: - - rhdh.redhat.com - resources: - - backstages - verbs: - - get - - create - - delete - - list - - watch - - patch - - update -- apiGroups: - - sonataflow.org - resources: - - sonataflows - - sonataflowclusterplatforms - - sonataflowplatforms - verbs: - - get - - list - - create - - delete - - watch - - patch - - update -- apiGroups: - - apps.openshift.io - resources: - - deploymentconfigs - verbs: - - get - - list -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - list - - get -- apiGroups: - - route.openshift.io - resources: - - routes - verbs: - - list - - get -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles - - clusterrolebindings - verbs: - - delete - - create - - get - - list - - watch -- apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - delete - - create - - list - - watch - - get - - patch -- apiGroups: - - networking.k8s.io - resources: - - networkpolicies - verbs: - - get - - create - - delete - - list - - watch - - patch - - update -## -## Rules for orchestrator.parodos.dev/v1alpha1, Kind: Orchestrator -## -- apiGroups: - - orchestrator.parodos.dev - resources: - - orchestrators - - orchestrators/status - - orchestrators/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - argoproj.io - resources: - - appprojects - verbs: - - get - - create - - list - - update - - create - - delete - - watch - - patch -- apiGroups: - - tekton.dev - resources: - - pipelines - - tasks - verbs: - - get - - create - - list - - update - - create - - delete - - watch - - patch -#+kubebuilder:scaffold:rules diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml deleted file mode 100644 index ab7653de..00000000 --- a/config/rbac/role_binding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: clusterrolebinding - app.kubernetes.io/instance: manager-rolebinding - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: orchestrator-operator - app.kubernetes.io/part-of: orchestrator-operator - app.kubernetes.io/managed-by: kustomize - name: rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: manager-role -subjects: -- kind: ServiceAccount - name: operator - namespace: system diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml deleted file mode 100644 index 3f2914fd..00000000 --- a/config/rbac/service_account.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/name: serviceaccount - app.kubernetes.io/instance: orchestrator-operator-sa - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: orchestrator-operator - app.kubernetes.io/part-of: orchestrator-operator - app.kubernetes.io/managed-by: kustomize - name: operator - namespace: system diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml deleted file mode 100644 index fd6de357..00000000 --- a/config/samples/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -## Append samples of your project ## -resources: -- orchestrator_v1alpha1_orchestrator.yaml -#+kubebuilder:scaffold:manifestskustomizesamples diff --git a/config/samples/orchestrator_v1alpha1_orchestrator.yaml b/config/samples/orchestrator_v1alpha1_orchestrator.yaml deleted file mode 100644 index 4f4c7757..00000000 --- a/config/samples/orchestrator_v1alpha1_orchestrator.yaml +++ /dev/null @@ -1,105 +0,0 @@ -apiVersion: orchestrator.parodos.dev/v1alpha1 -kind: Orchestrator -metadata: - name: orchestrator-sample -spec: - sonataFlowOperator: - isReleaseCandidate: false # Indicates RC builds should be used by the chart to install Sonataflow - enabled: true # whether the operator should be deployed by the chart - subscription: - namespace: openshift-serverless-logic # namespace where the operator should be deployed - channel: alpha # channel of an operator package to subscribe to - installPlanApproval: Automatic # whether the update should be installed automatically - name: logic-operator-rhel8 # name of the operator package - sourceName: redhat-operators # name of the catalog source - startingCSV: logic-operator-rhel8.v1.33.0 # The initial version of the operator - serverlessOperator: - enabled: true # whether the operator should be deployed by the chart - subscription: - namespace: openshift-serverless # namespace where the operator should be deployed - channel: stable # channel of an operator package to subscribe to - installPlanApproval: Automatic # whether the update should be installed automatically - name: serverless-operator # name of the operator package - sourceName: redhat-operators # name of the catalog source - rhdhOperator: - isReleaseCandidate: false # Indicates RC builds should be used by the chart to install RHDH - enabled: true # whether the operator should be deployed by the chart - enableGuestProvider: false # whether to enable guest provider - secretRef: - name: backstage-backend-auth-secret # name of the secret that contains the credentials for the plugin to establish a communication channel with the Kubernetes API, ArgoCD, GitHub servers and SMTP mail server. - backstage: - backendSecret: BACKEND_SECRET # Key in the secret with name defined in the 'name' field that contains the value of the Backstage backend secret. Defaults to 'BACKEND_SECRET'. It's required. - github: #GitHub specific configuration fields that are injected to the backstage instance to allow the plugin to communicate with GitHub. - token: GITHUB_TOKEN # Key in the secret with name defined in the 'name' field that contains the value of the authentication token as expected by GitHub. Required for importing resource to the catalog, launching software templates and more. Defaults to 'GITHUB_TOKEN', empty for not available. - clientId: GITHUB_CLIENT_ID # Key in the secret with name defined in the 'name' field that contains the value of the client ID that you generated on GitHub, for GitHub authentication (requires GitHub App). Defaults to 'GITHUB_CLIENT_ID', empty for not available. - clientSecret: GITHUB_CLIENT_SECRET # Key in the secret with name defined in the 'name' field that contains the value of the client secret tied to the generated client ID. Defaults to 'GITHUB_CLIENT_SECRET', empty for not available. - k8s: # Kubernetes specific configuration fields that are injected to the backstage instance to allow the plugin to communicate with the Kubernetes API Server. - clusterToken: K8S_CLUSTER_TOKEN # Key in the secret with name defined in the 'name' field that contains the value of the Kubernetes API bearer token used for authentication. Defaults to 'K8S_CLUSTER_TOKEN', empty for not available. - clusterUrl: K8S_CLUSTER_URL # Key in the secret with name defined in the 'name' field that contains the value of the API URL of the kubernetes cluster. Defaults to 'K8S_CLUSTER_URL', empty for not available. - argocd: # ArgoCD specific configuration fields that are injected to the backstage instance to allow the plugin to communicate with ArgoCD. Note that ArgoCD must be deployed beforehand and the argocd.enabled field must be set to true as well. - url: ARGOCD_URL # Key in the secret with name defined in the 'name' field that contains the value of the URL of the ArgoCD API server. Defaults to 'ARGOCD_URL', empty for not available. - username: ARGOCD_USERNAME # Key in the secret with name defined in the 'name' field that contains the value of the username to login to ArgoCD. Defaults to 'ARGOCD_USERNAME', empty for not available. - password: ARGOCD_PASSWORD # Key in the secret with name defined in the 'name' field that contains the value of the password to authenticate to ArgoCD. Defaults to 'ARGOCD_PASSWORD', empty for not available. - notificationsEmail: - hostname: NOTIFICATIONS_EMAIL_HOSTNAME # Key in the secret with name defined in the 'name' field that contains the value of the hostname of the SMTP server for the notifications plugin. Defaults to 'NOTIFICATIONS_EMAIL_HOSTNAME', empty for not available. - username: NOTIFICATIONS_EMAIL_USERNAME # Key in the secret with name defined in the 'name' field that contains the value of the username of the SMTP server for the notifications plugin. Defaults to 'NOTIFICATIONS_EMAIL_USERNAME', empty for not available. - password: NOTIFICATIONS_EMAIL_PASSWORD # Key in the secret with name defined in the 'name' field that contains the value of the password of the SMTP server for the notifications plugin. Defaults to 'NOTIFICATIONS_EMAIL_PASSWORD', empty for not available. - subscription: - namespace: rhdh-operator # namespace where the operator should be deployed - channel: fast-1.2 # channel of an operator package to subscribe to - installPlanApproval: Automatic # whether the update should be installed automatically - name: rhdh # name of the operator package - source: redhat-operators # name of the catalog source - startingCSV: "" # The initial version of the operator - targetNamespace: rhdh-operator # the target namespace for the backstage CR in which RHDH instance is created - rhdhPlugins: # RHDH plugins required for the Orchestrator - npmRegistry: "https://npm.stage.registry.redhat.com" # NPM registry is defined already in the container, but sometimes the registry need to be modified to use different versions of the plugin, for example: staging(https://npm.stage.registry.redhat.com) or development repositories - scope: "@redhat" - orchestrator: - package: "backstage-plugin-orchestrator@1.1.0-rc.0-0" - integrity: sha512-uxkNFS/4nkVM6FRq0Uvnznvxcm/3MNdh11R6sRsbmKCP4KF4N9T2GF4lgfD7J+p7EuGMD4UFnjKjaR77v0NGaQ== - orchestratorBackend: - package: "backstage-plugin-orchestrator-backend-dynamic@1.1.0-rc.0-0" - integrity: sha512-NIIGpwH/uJaMknTdORdnqsHfPeI/OrAl2biqELal1e9tK2r6PrVWfIWr9XoH5AfOjtQjbeAe7joiLwhM+uyVAw== - notifications: - package: "plugin-notifications-dynamic@0.2.0-rc.0-0" - integrity: sha512-wmISWN02G4OiBF7y8Jpl5KCbDfhzl70s+r0h2tdVh1IIwYmojH5pqXFQAhDd3FTlqYc8yqDG8gEAQ8v66qbU1g== - notificationsBackend: - package: "plugin-notifications-backend-dynamic@0.2.0-rc.0-0" - integrity: sha512-CHTNYVGWPxT94viabzCqxKIkDxflium9vkgh9Emu+3SuJSEsrZ6G+U1UZgpQ4gO03oOeiTm3xsoTg/AfKGf7CQ== - signals: - package: "plugin-signals-dynamic@0.0.5-rc.0-0" - integrity: sha512-5Iwp9gF6VPiMLJ5NUw5s5Z17AuJ5XYS97wghNTfcmah/OFxTmgZHWxvhcRoXDRQvyj4nc/gOZes74kp6kZ9XDg== - signalsBackend: - package: "plugin-signals-backend-dynamic@0.1.3-rc.0-0" - integrity: sha512-LlkM2Mf2QTndsS6eBzyXDhJmRTHLpAku3hhlvWhtQChSLTFCtNGRTIQA5WHG7NqLH0QqBz+UcEjX7Vca82QKKg== - notificationsEmail: - enabled: false # whether to install the notifications email plugin. requires setting of hostname and credentials in backstage secret to enable. See value backstage-backend-auth-secret. See plugin configuration at https://github.com/backstage/backstage/blob/master/plugins/notifications-backend-module-email/config.d.ts - package: "plugin-notifications-backend-module-email-dynamic@0.0.0-rc.0-0" - integrity: sha512-TikxFBxBHKJYZy8go+Mw+7yjfSJILgXjr4K0C0+tnKyMOn+OqIX6K8c1fq7IdXto3fftQ+mmCrBqJem25JjVnA== - port: 587 # SMTP server port - sender: "" # the email sender address - replyTo: "" # reply-to address - postgres: - serviceName: "sonataflow-psql-postgresql" # The name of the Postgres DB service to be used by platform services. Cannot be empty. - serviceNamespace: "sonataflow-infra" # The namespace of the Postgres DB service to be used by platform services. - authSecret: - name: "sonataflow-psql-postgresql" # name of existing secret to use for PostgreSQL credentials. - userKey: postgres-username # name of key in existing secret to use for PostgreSQL credentials. - passwordKey: postgres-password # name of key in existing secret to use for PostgreSQL credentials. - database: sonataflow # existing database instance used by data index and job service - orchestrator: - namespace: "sonataflow-infra" # Namespace where sonataflow's workflows run. The value is captured when running the setup.sh script and stored as a label in the selected namespace. User can override the value by populating this field. Defaults to `sonataflow-infra`. - sonataflowPlatform: - resources: - requests: - memory: "64Mi" - cpu: "250m" - limits: - memory: "1Gi" - cpu: "500m" - tekton: - enabled: false # whether to create the Tekton pipeline resources - argocd: - enabled: false # whether to install the ArgoCD plugin and create the orchestrator AppProject - namespace: "" # Defines the namespace where the orchestrator's instance of ArgoCD is deployed. The value is captured when running setup.sh script and stored as a label in the selected namespace. User can override the value by populating this field. Defaults to `orchestrator-gitops` in the setup.sh script. diff --git a/config/scorecard/bases/config.yaml b/config/scorecard/bases/config.yaml deleted file mode 100644 index c7704784..00000000 --- a/config/scorecard/bases/config.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: scorecard.operatorframework.io/v1alpha3 -kind: Configuration -metadata: - name: config -stages: -- parallel: true - tests: [] diff --git a/config/scorecard/kustomization.yaml b/config/scorecard/kustomization.yaml deleted file mode 100644 index a9a84a85..00000000 --- a/config/scorecard/kustomization.yaml +++ /dev/null @@ -1,16 +0,0 @@ -resources: -- bases/config.yaml -patches: -- path: patches/basic.config.yaml - target: - group: scorecard.operatorframework.io - version: v1alpha3 - kind: Configuration - name: config -- path: patches/olm.config.yaml - target: - group: scorecard.operatorframework.io - version: v1alpha3 - kind: Configuration - name: config -#+kubebuilder:scaffold:patches diff --git a/config/scorecard/patches/basic.config.yaml b/config/scorecard/patches/basic.config.yaml deleted file mode 100644 index a2f15894..00000000 --- a/config/scorecard/patches/basic.config.yaml +++ /dev/null @@ -1,10 +0,0 @@ -- op: add - path: /stages/0/tests/- - value: - entrypoint: - - scorecard-test - - basic-check-spec - image: quay.io/operator-framework/scorecard-test:v1.33.0 - labels: - suite: basic - test: basic-check-spec-test diff --git a/config/scorecard/patches/olm.config.yaml b/config/scorecard/patches/olm.config.yaml deleted file mode 100644 index 9b7ca41b..00000000 --- a/config/scorecard/patches/olm.config.yaml +++ /dev/null @@ -1,50 +0,0 @@ -- op: add - path: /stages/0/tests/- - value: - entrypoint: - - scorecard-test - - olm-bundle-validation - image: quay.io/operator-framework/scorecard-test:v1.33.0 - labels: - suite: olm - test: olm-bundle-validation-test -- op: add - path: /stages/0/tests/- - value: - entrypoint: - - scorecard-test - - olm-crds-have-validation - image: quay.io/operator-framework/scorecard-test:v1.33.0 - labels: - suite: olm - test: olm-crds-have-validation-test -- op: add - path: /stages/0/tests/- - value: - entrypoint: - - scorecard-test - - olm-crds-have-resources - image: quay.io/operator-framework/scorecard-test:v1.33.0 - labels: - suite: olm - test: olm-crds-have-resources-test -- op: add - path: /stages/0/tests/- - value: - entrypoint: - - scorecard-test - - olm-spec-descriptors - image: quay.io/operator-framework/scorecard-test:v1.33.0 - labels: - suite: olm - test: olm-spec-descriptors-test -- op: add - path: /stages/0/tests/- - value: - entrypoint: - - scorecard-test - - olm-status-descriptors - image: quay.io/operator-framework/scorecard-test:v1.33.0 - labels: - suite: olm - test: olm-status-descriptors-test diff --git a/gitops/README.md b/gitops/README.md new file mode 100644 index 00000000..ba12fc55 --- /dev/null +++ b/gitops/README.md @@ -0,0 +1,152 @@ +# Initialize the GitOps Environment + +To set up the CI/CD capabilities, you can choose between two methods to install the OpenShift GitOps and OpenShift Pipelines operators. + +## Method 1: Install the Operators from Demo Charts + +You can use the Janus IDP Demo repository to install the `Red Hat OpenShift Pipelines` and `Red Hat OpenShift GitOps` operators. This repository contains automation scripts to install the Janus IDP Demo and its supporting components. Note that a fork of this repository has been created to remove the configuration excluding Tekton resources from being managed by ArgoCD applications. More details can be found in this [discussion](https://github.com/argoproj/argo-cd/discussions/8674#discussioncomment-2318554). + +### Install OpenShift Pipelines Operator + +1. Clone the repository: + + ```bash + git clone https://github.com/parodos-dev/janus-idp-bootstrap.git + ``` + +2. Navigate to the charts directory: + + ```bash + cd janus-idp-bootstrap/charts + ``` +3. Install the OpenShift Pipelines operator: + + ```bash + helm upgrade --install orchestrator-pipelines pipelines-operator/ -f pipelines-operator/values.yaml -n orchestrator-gitops --create-namespace + ``` + +### Install OpenShift GitOps Operator + +1. Install and configure the OpenShift GitOps operator: + + ```bash + helm upgrade --install orchestrator-gitops gitops-operator/ -f gitops-operator/values.yaml -n orchestrator-gitops --create-namespace --set namespaces={orchestrator-gitops} + ``` + + +## Method 2: Install the Operators from OpenShift OperatorHub + +### Install OpenShift Pipelines Operator + +The OpenShift Pipelines Operator can be installed directly from the OperatorHub. Select the operator from the list and install it without any special configuration. + +### Install OpenShift GitOps Operator + +To install the OpenShift GitOps Operator with custom configuration: + +1. Add the following configuration to the Subscription used to install the operator: + + ```yaml + config: + env: + - name: DISABLE_DEFAULT_ARGOCD_INSTANCE + value: "true" + - name: ARGOCD_CLUSTER_CONFIG_NAMESPACES + value: "orchestrator-gitops" + ``` + + Detailed information about these environment variables can be found in the [OpenShift GitOps Usage Guide](https://github.com/redhat-developer/gitops-operator/blob/master/docs/OpenShift%20GitOps%20Usage%20Guide.md#installation-of-openshift-gitops-without-ready-to-use-argo-cd-instance-for-rosaosd) and the [ArgoCD Operator Documentation](https://argocd-operator.readthedocs.io/en/latest/usage/basics/#cluster-scoped-instance). + +2. Create an ArgoCD instance in the `orchestrator-gitops` namespace: + + ```bash + oc new-project orchestrator-gitops + oc apply -f https://raw.githubusercontent.com/parodos-dev/orchestrator-helm-chart/gh-pages/gitops/resources/argocd-example.yaml + ``` + + Alternatively, if creating a default ArgoCD instance, ensure to exclude Tekton resources from its specification: + + ```yaml + resourceExclusions: | + - apiGroups: + - tekton.dev + clusters: + - '*' + kinds: + - TaskRun + - PipelineRun + ``` + +3. Add a label to the workflow namespace (`sonataflow-infra`) to enable ArgoCD to manage resources in that namespace: + + ```bash + oc label ns sonataflow-infra argocd.argoproj.io/managed-by=orchestrator-gitops + ``` + +These steps will set up the required CI/CD environment using either method. Ensure to follow the steps carefully to achieve a successful installation. + +## Installing docker credentials + +The Tekton pipeline deployed by the Orchestrator is responsible for building a workflow image and pushing it to Quay.io. +There is a need to create a single K8s secret combined with the following secrets: +1. A secret for Quay.io organization to push the images built by the pipeline: + - Create or edit a [Robot account](https://access.redhat.com/documentation/en-us/red_hat_quay/3.3/html/use_red_hat_quay/use-quay-manage-repo) and grant it `Write` permissions to the newly created repository + - Download the credentials as Kubernetes secret. +2. A secret for _registry.redhat.io_. To build workflow images, the pipeline uses the [builder image](https://github.com/parodos-dev/serverless-workflows/blob/main/pipeline/workflow-builder.Dockerfile) from [registry.redhat.io](https://registry.redhat.io). + - Generate a token [here](https://access.redhat.com/terms-based-registry/create), and download it as OCP secret. + +Those two K8s secrets should be merged into a single secret named `docker-credentials` in `orchestrator-gitops` namespace in the cluster that runs the pipelines. +You may use this [helper script](https://github.com/parodos-dev/orchestrator-helm-chart/blob/main/hack/merge_secrets.sh) to merge the secrets or choose another method of downloading the credentials and merging them. + +## Define the SSH credentials + +The pipeline uses SSH to push the deployment configuration to the `gitops` repository containing the `kustomize` deployment configuration. + +Follow these steps to properly configure the credentials in the namespace: + +- Generate default SSH keys under the `ssh` folder + +```console +mkdir -p ssh +ssh-keygen -t rsa -b 4096 -f ssh/id_rsa -N "" -C git@github.com -q +``` + +- Add the SSH key to your GitHub account using the gh CLI or using the [SSH keys](https://github.com/settings/keys) setting: + +```console +gh ssh-key add ssh/id_rsa.pub --title "Tekton pipeline" +``` + +- Create a `known_hosts` file by scanning the GitHub's SSH public key: + +```console +ssh-keyscan github.com > ssh/known_hosts +``` + +- Create the default `config` file: + +```console +echo "Host github.com + HostName github.com + IdentityFile ~/.ssh/id_rsa" > ssh/config +``` + +- Create the secret that the Pipeline uses to store the SSH credentials: + +```console +oc create secret -n orchestrator-gitops generic git-ssh-credentials \ + --from-file=ssh/id_rsa \ + --from-file=ssh/config \ + --from-file=ssh/known_hosts +``` + +Note: if you change the SSH key type from the default value `rsa`, you need to update the `config` file accordingly + +## Setting up GitHub Integration + +To begin serverless workflow development using the "Basic workflow bootstrap project" software template with GitHub as the target source control, you'll need to configure organization settings to allow read and write permissions for GitHub workflows. Follow these steps to enable the necessary permissions: + +1. Navigate to your organization settings on GitHub. +2. Locate the section for managing organization settings related to GitHub Actions. +3. Enable read and write permissions for workflows by adjusting the settings accordingly. +4. For detailed instructions and exact steps, refer to the GitHub guide available [here](https://docs.github.com/en/enterprise-server@3.9/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#configuring-the-default-github_token-permissions). diff --git a/gitops/resources/argocd-example.yaml b/gitops/resources/argocd-example.yaml new file mode 100644 index 00000000..d6ae48a8 --- /dev/null +++ b/gitops/resources/argocd-example.yaml @@ -0,0 +1,65 @@ +apiVersion: argoproj.io/v1beta1 +kind: ArgoCD +metadata: + name: argocd + namespace: orchestrator-gitops +spec: + controller: + resources: + limits: + cpu: 2000m + memory: 2048Mi + requests: + cpu: 250m + memory: 1024Mi + ha: + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 250m + memory: 128Mi + enabled: false + rbac: + defaultPolicy: "" + policy: | + g, system:cluster-admins, role:admin + scopes: "[groups]" + redis: + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 250m + memory: 128Mi + repo: + resources: + limits: + cpu: 1000m + memory: 1024Mi + requests: + cpu: 250m + memory: 256Mi + server: + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 125m + memory: 128Mi + route: + enabled: true + sso: + dex: + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 250m + memory: 128Mi + openShiftOAuth: true + provider: dex diff --git a/helm-charts/orchestrator/Chart.yaml b/helm-charts/orchestrator/Chart.yaml deleted file mode 100644 index 2bfd6b73..00000000 --- a/helm-charts/orchestrator/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v2 -name: orchestrator -description: > - Helm chart to deploy the Orchestrator solution suite on OpenShift, including Janus IDP backstage, SonataFlow Operator, OpenShift Serverless Operator, Knative Eventing and Knative Serving. -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.2.0-rc23 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "0.0.1" - -# This is an icon to Parodos project. In the future we might design a dedicated logo for the Orchestrator. -# However, since the entire development is done under the Parodos organization, we'll use it. -icon: data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c3ZnIGlkPSJ1dWlkLWEwYWY5ZDg4LTU3MGItNGQ0Ny04OWQ4LThjYWU0YmE5MjdhMiIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2aWV3Qm94PSIwIDAgMzggMzgiPjx0aXRsZT5vcmNoZXN0cmF0b3IgaWNvbjwvdGl0bGU+CjxkZXNjPkNsb3VkPC9kZXNjPgo8bWV0YWRhdGE+PD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4KPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgOC4wLWMwMDEgMS4wMDAwMDAsIDAwMDAvMDAvMDAtMDA6MDA6MDAgICAgICAgICI+CiAgIDxyZGY6UkRGIHhtbG5zOnJkZj0iaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyI+CiAgICAgIDxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PSIiCiAgICAgICAgICAgIHhtbG5zOnhtcD0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wLyIKICAgICAgICAgICAgeG1sbnM6dGlmZj0iaHR0cDovL25zLmFkb2JlLmNvbS90aWZmLzEuMC8iCiAgICAgICAgICAgIHhtbG5zOmRjPSJodHRwOi8vcHVybC5vcmcvZGMvZWxlbWVudHMvMS4xLyIKICAgICAgICAgICAgeG1sbnM6eG1wUmlnaHRzPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvcmlnaHRzLyI+CiAgICAgICAgIDx4bXA6cmhjYy1lZmZlY3RpdmUtb24+MjAyNC0wNy0wOFQyMDo1Nzo1OS44NjVaPC94bXA6cmhjYy1lZmZlY3RpdmUtb24+CiAgICAgICAgIDx4bXA6cmhjYy1yaWdodHMtcmVzdHJpY3RlZD5ubzwveG1wOnJoY2MtcmlnaHRzLXJlc3RyaWN0ZWQ+CiAgICAgICAgIDx4bXA6YnJhbmQtY29udGVudC1zdWJ0eXBlPlRlY2hub2xvZ3kgaWNvbjwveG1wOmJyYW5kLWNvbnRlbnQtc3VidHlwZT4KICAgICAgICAgPHhtcDpyaGNjLW1ldGFkYXRhLWNvbXBsZXRlLW1vZGVyYXRvcj5wZW5kaW5nPC94bXA6cmhjYy1tZXRhZGF0YS1jb21wbGV0ZS1tb2RlcmF0b3I+CiAgICAgICAgIDx4bXA6cmhjYy10cmFuc2xhdGlvbi1pZD5UUkE4Nzk4MDVkOC0zZGZiLTRlMzgtOTc1NS1jNWNlOTY3MjI5OGY8L3htcDpyaGNjLXRyYW5zbGF0aW9uLWlkPgogICAgICAgICA8eG1wOmJyYW5kLWNvbnRlbnQtdHlwZT5JY29uPC94bXA6YnJhbmQtY29udGVudC10eXBlPgogICAgICAgICA8eG1wOkNyZWF0ZURhdGU+MjAyNC0wNy0wOFQyMDo1Nzo1OS44NjVaPC94bXA6Q3JlYXRlRGF0ZT4KICAgICAgICAgPHhtcDpyaGNjLWRlcml2YXRpdmUtaWQ+REVSODc5ODA1ZDgtM2RmYi00ZTM4LTk3NTUtYzVjZTk2NzIyOThmPC94bXA6cmhjYy1kZXJpdmF0aXZlLWlkPgogICAgICAgICA8eG1wOnJoY2MtZWZmZWN0aXZlLW9uLXNldC1vbi11cGxvYWQ+dHJ1ZTwveG1wOnJoY2MtZWZmZWN0aXZlLW9uLXNldC1vbi11cGxvYWQ+CiAgICAgICAgIDx4bXA6YnJhbmQtbG9nby1jb2xvcj5TdGFuZGFyZDwveG1wOmJyYW5kLWxvZ28tY29sb3I+CiAgICAgICAgIDx4bXA6cmhjYy1tZXRhZGF0YS1jb21wbGV0ZS11cGxvYWRlcj5wZW5kaW5nPC94bXA6cmhjYy1tZXRhZGF0YS1jb21wbGV0ZS11cGxvYWRlcj4KICAgICAgICAgPHhtcDpyaGNjLWZpbGUtbGFzdC1tb2RpZmllZD4yMDI0LTA3LTA4VDIwOjU4OjA5LjkzOFo8L3htcDpyaGNjLWZpbGUtbGFzdC1tb2RpZmllZD4KICAgICAgICAgPHhtcDpyaGNjLWF1ZGllbmNlPnJoY2MtYXVkaWVuY2U6aW50ZXJuYWw8L3htcDpyaGNjLWF1ZGllbmNlPgogICAgICAgICA8eG1wOnJoY2Mtbm90aWZ5LXBvcnRhbC1zdWJzY3JpYmVycy1vbi1jaGFuZ2U+eWVzPC94bXA6cmhjYy1ub3RpZnktcG9ydGFsLXN1YnNjcmliZXJzLW9uLWNoYW5nZT4KICAgICAgICAgPHhtcDpyaGNjLXByb2R1Y3Q+CiAgICAgICAgICAgIDxyZGY6QmFnPgogICAgICAgICAgICAgICA8cmRmOmxpPnJoY2MtcHJvZHVjdDpyZWQtaGF0LWRldmVsb3Blci1odWI8L3JkZjpsaT4KICAgICAgICAgICAgPC9yZGY6QmFnPgogICAgICAgICA8L3htcDpyaGNjLXByb2R1Y3Q+CiAgICAgICAgIDx0aWZmOkltYWdlTGVuZ3RoPjM4PC90aWZmOkltYWdlTGVuZ3RoPgogICAgICAgICA8dGlmZjpJbWFnZVdpZHRoPjM4PC90aWZmOkltYWdlV2lkdGg+CiAgICAgICAgIDxkYzpmb3JtYXQ+aW1hZ2Uvc3ZnK3htbDwvZGM6Zm9ybWF0PgogICAgICAgICA8ZGM6bW9kaWZpZWQ+MjAyNC0wNy0wOFQyMDo1OToyMi44ODlaPC9kYzptb2RpZmllZD4KICAgICAgICAgPGRjOmRlc2NyaXB0aW9uPgogICAgICAgICAgICA8cmRmOkFsdD4KICAgICAgICAgICAgICAgPHJkZjpsaSB4bWw6bGFuZz0ieC1kZWZhdWx0Ij5DbG91ZDwvcmRmOmxpPgogICAgICAgICAgICA8L3JkZjpBbHQ+CiAgICAgICAgIDwvZGM6ZGVzY3JpcHRpb24+CiAgICAgICAgIDxkYzp0aXRsZT4KICAgICAgICAgICAgPHJkZjpBbHQ+CiAgICAgICAgICAgICAgIDxyZGY6bGkgeG1sOmxhbmc9IngtZGVmYXVsdCI+b3JjaGVzdHJhdG9yIGljb248L3JkZjpsaT4KICAgICAgICAgICAgPC9yZGY6QWx0PgogICAgICAgICA8L2RjOnRpdGxlPgogICAgICAgICA8eG1wUmlnaHRzOlVzYWdlVGVybXM+CiAgICAgICAgICAgIDxyZGY6QWx0PgogICAgICAgICAgICAgICA8cmRmOmxpIHhtbDpsYW5nPSJ4LWRlZmF1bHQiPlVzZSB0ZWNobm9sb2d5IGljb25zIHRvIHJlcHJlc2VudCBSZWQgSGF0IHByb2R1Y3RzIGFuZCBjb21wb25lbnRzLiBEbyBub3QgcmVtb3ZlIHRoZSBpY29uIGZyb20gdGhlIGJvdW5kaW5nIHNoYXBlLjwvcmRmOmxpPgogICAgICAgICAgICA8L3JkZjpBbHQ+CiAgICAgICAgIDwveG1wUmlnaHRzOlVzYWdlVGVybXM+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAKPD94cGFja2V0IGVuZD0idyI/PjwvbWV0YWRhdGE+CjxkZWZzPjxzdHlsZT4udXVpZC1jMTkzZTg1NC1kOTU4LTRhZGYtYjNiZS03ZmVhMjNjNmZiMWZ7ZmlsbDojZTBlMGUwO30udXVpZC1jMTkzZTg1NC1kOTU4LTRhZGYtYjNiZS03ZmVhMjNjNmZiMWYsLnV1aWQtMzU4MjVlODEtMTdiMy00YWQ1LThhZTUtOGYxODU4OGIzNjg5LC51dWlkLWQ3MzhjOTFjLTkxYjUtNDg1OC04MWRhLTEyZjA2MmNkNTkwNCwudXVpZC0wMmVjZTY4MC1kOTVjLTQ1Y2QtYjg0Ny0xZjQwZGZlYTg5MTF7c3Ryb2tlLXdpZHRoOjBweDt9LnV1aWQtMzU4MjVlODEtMTdiMy00YWQ1LThhZTUtOGYxODU4OGIzNjg5e2ZpbGw6IzAwMDt9LnV1aWQtZDczOGM5MWMtOTFiNS00ODU4LTgxZGEtMTJmMDYyY2Q1OTA0e2ZpbGw6I2UwMDt9LnV1aWQtMDJlY2U2ODAtZDk1Yy00NWNkLWI4NDctMWY0MGRmZWE4OTExe2ZpbGw6I2ZmZjt9PC9zdHlsZT48L2RlZnM+PHJlY3QgY2xhc3M9InV1aWQtMDJlY2U2ODAtZDk1Yy00NWNkLWI4NDctMWY0MGRmZWE4OTExIiB4PSIxIiB5PSIxIiB3aWR0aD0iMzYiIGhlaWdodD0iMzYiIHJ4PSI5IiByeT0iOSIvPjxwYXRoIGNsYXNzPSJ1dWlkLWMxOTNlODU0LWQ5NTgtNGFkZi1iM2JlLTdmZWEyM2M2ZmIxZiIgZD0iTTI4LDIuMjVjNC4yNzM0LDAsNy43NSwzLjQ3NjYsNy43NSw3Ljc1djE4YzAsNC4yNzM0LTMuNDc2Niw3Ljc1LTcuNzUsNy43NUgxMGMtNC4yNzM0LDAtNy43NS0zLjQ3NjYtNy43NS03Ljc1VjEwYzAtNC4yNzM0LDMuNDc2Ni03Ljc1LDcuNzUtNy43NWgxOE0yOCwxSDEwQzUuMDI5NCwxLDEsNS4wMjk0LDEsMTB2MThjMCw0Ljk3MDYsNC4wMjk0LDksOSw5aDE4YzQuOTcwNiwwLDktNC4wMjk0LDktOVYxMGMwLTQuOTcwNi00LjAyOTQtOS05LTloMFoiLz48cGF0aCBjbGFzcz0idXVpZC1kNzM4YzkxYy05MWI1LTQ4NTgtODFkYS0xMmYwNjJjZDU5MDQiIGQ9Ik0xNCw5LjM3NWgtNGMtLjM0NDcsMC0uNjI1LjI3OTgtLjYyNS42MjV2NGMwLC4zNDUyLjI4MDMuNjI1LjYyNS42MjVoNGMuMzQ0NywwLC42MjUtLjI3OTguNjI1LS42MjV2LTRjMC0uMzQ1Mi0uMjgwMy0uNjI1LS42MjUtLjYyNVpNMTMuMzc1LDEzLjM3NWgtMi43NXYtMi43NWgyLjc1djIuNzVaIi8+PHBhdGggY2xhc3M9InV1aWQtZDczOGM5MWMtOTFiNS00ODU4LTgxZGEtMTJmMDYyY2Q1OTA0IiBkPSJNMjcsMjIuNjE5NmMuMTY5OSwwLC4zMzAxLS4wNTk2LjQzOTUtLjE3OTcuMTIwMS0uMTEwNC4xOTA0LS4yODAzLjE5MDQtLjQzOTksMC0uMDgwMS0uMDIwNS0uMTYwMi0uMDQ5OC0uMjQwMi0uMDMwMy0uMDY5OC0uMDgwMS0uMTQwMS0uMTQwNi0uMTk5Ny0uMjI5NS0uMjMwNS0uNjQ5NC0uMjMwNS0uODc5OSwwLS4xMjAxLjEwOTktLjE3OTcuMjY5NS0uMTc5Ny40Mzk5LDAsLjE2OTkuMDU5Ni4zMjk2LjE3OTcuNDM5OS4xMjAxLjEyMDEuMjgwMy4xNzk3LjQ0MDQuMTc5N1oiLz48cGF0aCBjbGFzcz0idXVpZC1kNzM4YzkxYy05MWI1LTQ4NTgtODFkYS0xMmYwNjJjZDU5MDQiIGQ9Ik0yNSwyMi42MTk2Yy4xNjk5LDAsLjMzMDEtLjA1OTYuNDM5NS0uMTc5Ny4xMjAxLS4xMTA0LjE5MDQtLjI4MDMuMTkwNC0uNDM5OSwwLS4wODAxLS4wMjA1LS4xNjAyLS4wNDk4LS4yNDAyLS4wMzAzLS4wNjk4LS4wODAxLS4xNDAxLS4xNDA2LS4xOTk3LS4wNDk4LS4wNjAxLS4xMjk5LS4xMTA0LS4xOTkyLS4xNDAxLS4yMzA1LS4wOTAzLS41MTA3LS4wNC0uNjgwNy4xNDAxLS4wNTk2LjA1OTYtLjEwOTQuMTI5OS0uMTM5Ni4xOTk3LS4wMzAzLjA4MDEtLjA0OTguMTYwMi0uMDQ5OC4yNDAyLDAsLjE1OTcuMDY5My4zMjk2LjE4OTUuNDM5OS4xMTA0LjEyMDEuMjgwMy4xNzk3LjQ0MDQuMTc5N1oiLz48cGF0aCBjbGFzcz0idXVpZC1kNzM4YzkxYy05MWI1LTQ4NTgtODFkYS0xMmYwNjJjZDU5MDQiIGQ9Ik0yOSwxOS4zNzVoLThjLS4zNDQ3LDAtLjYyNS4yNzk4LS42MjUuNjI1djhjMCwuMzQ1Mi4yODAzLjYyNS42MjUuNjI1aDhjLjM0NDcsMCwuNjI1LS4yNzk4LjYyNS0uNjI1di04YzAtLjM0NTItLjI4MDMtLjYyNS0uNjI1LS42MjVaTTI4LjM3NSwyNy4zNzVoLTYuNzV2LTYuNzVoNi43NXY2Ljc1WiIvPjxwYXRoIGNsYXNzPSJ1dWlkLTM1ODI1ZTgxLTE3YjMtNGFkNS04YWU1LThmMTg1ODhiMzY4OSIgZD0iTTIxLjUsMTEuMzc1aC01LjVjLS4zNDQ3LDAtLjYyNS4yNzk4LS42MjUuNjI1cy4yODAzLjYyNS42MjUuNjI1aDUuNWMxLjAzNDIsMCwxLjg3NS44NDEzLDEuODc1LDEuODc1cy0uODQwOCwxLjg3NS0xLjg3NSwxLjg3NWgtMi44NzV2LS4zNzVjMC0uMjUyOS0uMTUyMy0uNDgwNS0uMzg1Ny0uNTc3Ni0uMjMxNC0uMDk1Mi0uNTAyLS4wNDM5LS42ODE2LjEzNTdsLTEsMWMtLjAxMjkuMDEyOS0uMDE3NS4wMy0uMDI4OS4wNDM4LS4wNDEyLjA0ODgtLjA4MDYuMDk5NC0uMTA1NC4xNTkyLS4wMjc2LjA2Ny0uMDM5LjEzODItLjA0MjQuMjA5Ni0uMDAwNS4wMTAzLS4wMDU5LjAxODktLjAwNTkuMDI5MywwLC4wMTA0LjAwNTUuMDE5Mi4wMDYuMDI5NS4wMDM0LjA3MTMuMDE0Ny4xNDIzLjA0MjMuMjA5NC4wMjQ5LjA2MDEuMDY0NC4xMTEuMTA1OC4xNi4wMTE0LjAxMzUuMDE1OC4wMzA0LjAyODUuMDQzMWwxLDFjLjEyMDEuMTE5Ni4yODAzLjE4MzEuNDQyNC4xODMxLjA4MTEsMCwuMTYyMS0uMDE1Ni4yMzkzLS4wNDc0LjIzMzQtLjA5NzIuMzg1Ny0uMzI0Ny4zODU3LS41Nzc2di0uMzc1aDIuODc1YzEuNzIyNywwLDMuMTI1LTEuNDAxOSwzLjEyNS0zLjEyNXMtMS40MDIzLTMuMTI1LTMuMTI1LTMuMTI1WiIvPjxwYXRoIGNsYXNzPSJ1dWlkLTM1ODI1ZTgxLTE3YjMtNGFkNS04YWU1LThmMTg1ODhiMzY4OSIgZD0iTTE3LjQ0MjQsMjAuNTU4MWMtLjI0NDEtLjI0NDEtLjY0MDYtLjI0NDEtLjg4NDgsMC0uMjQzMi4yNDQxLS4yNDMyLjYzOTYsMCwuODgzOGwuOTMzNC45MzMxaC0zLjQ5MWMtMS4zMDk2LDAtMi4zNzUtMS4wNjU0LTIuMzc1LTIuMzc1czEuMDY1NC0yLjM3NSwyLjM3NS0yLjM3NWgxYy4zNDQ3LDAsLjYyNS0uMjc5OC42MjUtLjYyNXMtLjI4MDMtLjYyNS0uNjI1LS42MjVoLTFjLTEuOTk5LDAtMy42MjUsMS42MjYtMy42MjUsMy42MjVzMS42MjYsMy42MjUsMy42MjUsMy42MjVoMy40OTFsLS45MzM0LjkzMzFjLS4yNDMyLjI0NDEtLjI0MzIuNjM5NiwwLC44ODM4LjEyMjEuMTIyMS4yODIyLjE4MzEuNDQyNC4xODMxcy4zMjAzLS4wNjEuNDQyNC0uMTgzMWwyLTJjLjI0MzItLjI0NDEuMjQzMi0uNjM5NiwwLS44ODM4bC0yLTJaIi8+PC9zdmc+ diff --git a/helm-charts/orchestrator/README.md b/helm-charts/orchestrator/README.md deleted file mode 100644 index c0baf2df..00000000 --- a/helm-charts/orchestrator/README.md +++ /dev/null @@ -1,92 +0,0 @@ - -Orchestrator -=========== - -Helm chart to deploy the Orchestrator solution suite on OpenShift, including Janus IDP backstage, SonataFlow Operator, OpenShift Serverless Operator, Knative Eventing and Knative Serving. - - - -## Configuration - -The following table lists the configurable parameters of the Orchestrator chart and their default values. - -| Parameter | Description | Default | -| ------------------------ | ----------------------- | -------------- | -| `sonataFlowOperator.isReleaseCandidate` | Indicates RC builds should be used by the chart to install Sonataflow | `false` | -| `sonataFlowOperator.enabled` | whether the operator should be deployed by the chart | `true` | -| `sonataFlowOperator.subscription.namespace` | namespace where the operator should be deployed | `"openshift-serverless-logic"` | -| `sonataFlowOperator.subscription.channel` | channel of an operator package to subscribe to | `"alpha"` | -| `sonataFlowOperator.subscription.installPlanApproval` | whether the update should be installed automatically | `"Automatic"` | -| `sonataFlowOperator.subscription.name` | name of the operator package | `"logic-operator-rhel8"` | -| `sonataFlowOperator.subscription.sourceName` | name of the catalog source | `"redhat-operators"` | -| `sonataFlowOperator.subscription.startingCSV` | The initial version of the operator | `"logic-operator-rhel8.v1.33.0"` | -| `serverlessOperator.enabled` | whether the operator should be deployed by the chart | `true` | -| `serverlessOperator.subscription.namespace` | namespace where the operator should be deployed | `"openshift-serverless"` | -| `serverlessOperator.subscription.channel` | channel of an operator package to subscribe to | `"stable"` | -| `serverlessOperator.subscription.installPlanApproval` | whether the update should be installed automatically | `"Automatic"` | -| `serverlessOperator.subscription.name` | name of the operator package | `"serverless-operator"` | -| `serverlessOperator.subscription.sourceName` | name of the catalog source | `"redhat-operators"` | -| `rhdhOperator.isReleaseCandidate` | Indicates RC builds should be used by the chart to install RHDH | `false` | -| `rhdhOperator.enabled` | whether the operator should be deployed by the chart | `true` | -| `rhdhOperator.enableGuestProvider` | whether to enable guest provider | `false` | -| `rhdhOperator.catalogBranch` | The branch for https://github.com/parodos-dev/workflow-software-templates used to import software templates resources | `"v1.2.x"` | -| `rhdhOperator.secretRef.name` | name of the secret that contains the credentials for the plugin to establish a communication channel with the Kubernetes API, ArgoCD, GitHub servers and SMTP mail server. | `"backstage-backend-auth-secret"` | -| `rhdhOperator.secretRef.backstage.backendSecret` | Key in the secret with name defined in the 'name' field that contains the value of the Backstage backend secret. Defaults to 'BACKEND_SECRET'. It's required. | `"BACKEND_SECRET"` | -| `rhdhOperator.secretRef.github.token` | Key in the secret with name defined in the 'name' field that contains the value of the authentication token as expected by GitHub. Required for importing resource to the catalog, launching software templates and more. Defaults to 'GITHUB_TOKEN', empty for not available. | `"GITHUB_TOKEN"` | -| `rhdhOperator.secretRef.github.clientId` | Key in the secret with name defined in the 'name' field that contains the value of the client ID that you generated on GitHub, for GitHub authentication (requires GitHub App). Defaults to 'GITHUB_CLIENT_ID', empty for not available. | `"GITHUB_CLIENT_ID"` | -| `rhdhOperator.secretRef.github.clientSecret` | Key in the secret with name defined in the 'name' field that contains the value of the client secret tied to the generated client ID. Defaults to 'GITHUB_CLIENT_SECRET', empty for not available. | `"GITHUB_CLIENT_SECRET"` | -| `rhdhOperator.secretRef.k8s.clusterToken` | Key in the secret with name defined in the 'name' field that contains the value of the Kubernetes API bearer token used for authentication. Defaults to 'K8S_CLUSTER_TOKEN', empty for not available. | `"K8S_CLUSTER_TOKEN"` | -| `rhdhOperator.secretRef.k8s.clusterUrl` | Key in the secret with name defined in the 'name' field that contains the value of the API URL of the kubernetes cluster. Defaults to 'K8S_CLUSTER_URL', empty for not available. | `"K8S_CLUSTER_URL"` | -| `rhdhOperator.secretRef.argocd.url` | Key in the secret with name defined in the 'name' field that contains the value of the URL of the ArgoCD API server. Defaults to 'ARGOCD_URL', empty for not available. | `"ARGOCD_URL"` | -| `rhdhOperator.secretRef.argocd.username` | Key in the secret with name defined in the 'name' field that contains the value of the username to login to ArgoCD. Defaults to 'ARGOCD_USERNAME', empty for not available. | `"ARGOCD_USERNAME"` | -| `rhdhOperator.secretRef.argocd.password` | Key in the secret with name defined in the 'name' field that contains the value of the password to authenticate to ArgoCD. Defaults to 'ARGOCD_PASSWORD', empty for not available. | `"ARGOCD_PASSWORD"` | -| `rhdhOperator.secretRef.notificationsEmail.hostname` | Key in the secret with name defined in the 'name' field that contains the value of the hostname of the SMTP server for the notifications plugin. Defaults to 'NOTIFICATIONS_EMAIL_HOSTNAME', empty for not available. | `"NOTIFICATIONS_EMAIL_HOSTNAME"` | -| `rhdhOperator.secretRef.notificationsEmail.username` | Key in the secret with name defined in the 'name' field that contains the value of the username of the SMTP server for the notifications plugin. Defaults to 'NOTIFICATIONS_EMAIL_USERNAME', empty for not available. | `"NOTIFICATIONS_EMAIL_USERNAME"` | -| `rhdhOperator.secretRef.notificationsEmail.password` | Key in the secret with name defined in the 'name' field that contains the value of the password of the SMTP server for the notifications plugin. Defaults to 'NOTIFICATIONS_EMAIL_PASSWORD', empty for not available. | `"NOTIFICATIONS_EMAIL_PASSWORD"` | -| `rhdhOperator.subscription.namespace` | namespace where the operator should be deployed | `"rhdh-operator"` | -| `rhdhOperator.subscription.channel` | channel of an operator package to subscribe to | `"fast-1.2"` | -| `rhdhOperator.subscription.installPlanApproval` | whether the update should be installed automatically | `"Automatic"` | -| `rhdhOperator.subscription.name` | name of the operator package | `"rhdh"` | -| `rhdhOperator.subscription.source` | name of the catalog source | `"redhat-operators"` | -| `rhdhOperator.subscription.startingCSV` | The initial version of the operator | `""` | -| `rhdhOperator.subscription.targetNamespace` | the target namespace for the backstage CR in which RHDH instance is created | `"rhdh-operator"` | -| `rhdhPlugins.npmRegistry` | NPM registry is defined already in the container, but sometimes the registry need to be modified to use different versions of the plugin, for example: staging(https://npm.stage.registry.redhat.com) or development repositories | `"https://npm.stage.registry.redhat.com"` | -| `rhdhPlugins.scope` | | `"@redhat"` | -| `rhdhPlugins.orchestrator.package` | | `"backstage-plugin-orchestrator@1.2.0-rc.1"` | -| `rhdhPlugins.orchestrator.integrity` | | `"sha512-4C3ZeaGeJdrDWRlWGm1sxiZrfn5cIYynlIsKCcKq+aGpZKJABaKesuvGScBX++jmTbCUMDwPXZmWF20ZzSCuxg=="` | -| `rhdhPlugins.orchestratorBackend.package` | | `"backstage-plugin-orchestrator-backend-dynamic@1.2.0-rc.1"` | -| `rhdhPlugins.orchestratorBackend.integrity` | | `"sha512-uF7BVOTQEofTyKGvEW7ipPhbHCjsXw8wvSx1YyAQDSsVgq7l6FckUZN2jT0kXmiGqH2f7C7+xKIAoi/ETn3Kdw=="` | -| `rhdhPlugins.notifications.package` | | `"plugin-notifications-dynamic@1.2.0-rc.1"` | -| `rhdhPlugins.notifications.integrity` | | `"sha512-3sKvF+sMzx1dPzSGHlbeePmUTrFKztSRcOQGsP60GHgEfg/g4NHQi2nZMlaYYG4+2/ChMl/CrA0vv481s5bgHg=="` | -| `rhdhPlugins.notificationsBackend.package` | | `"plugin-notifications-backend-dynamic@1.2.0-rc.1"` | -| `rhdhPlugins.notificationsBackend.integrity` | | `"sha512-LgW8Jq5a0fxPymQoH99ssvwUz0mZLb3dmUx53LtImdT5+B/cKQ/VKa+iLDe7bMZepwqA0yJmjf/tDwKi8qzNqg=="` | -| `rhdhPlugins.signals.package` | | `"plugin-signals-dynamic@1.2.0-rc.1"` | -| `rhdhPlugins.signals.integrity` | | `"sha512-ESZJiXPL5hbE3w0oenBy/iY50V/QS5udqfdY0EggCLz7McsjYuBgz9zyowi87oxt8Sscu/Er9gquqi8gGAo4Dw=="` | -| `rhdhPlugins.signalsBackend.package` | | `"plugin-signals-backend-dynamic@1.2.0-rc.1"` | -| `rhdhPlugins.signalsBackend.integrity` | | `"sha512-yFSHfkvq9RTzeWTb+V0mMCxShrbHdad6AhNKZ0wU6ywbjw5N9CaedmD0eG+A7f7XEy3dLsmTxIlYbshdct4TiQ=="` | -| `rhdhPlugins.notificationsEmail.enabled` | whether to install the notifications email plugin. requires setting of hostname and credentials in backstage secret to enable. See value backstage-backend-auth-secret. See plugin configuration at https://github.com/backstage/backstage/blob/master/plugins/notifications-backend-module-email/config.d.ts | `false` | -| `rhdhPlugins.notificationsEmail.package` | | `"plugin-notifications-backend-module-email-dynamic@1.2.0-rc.1"` | -| `rhdhPlugins.notificationsEmail.integrity` | | `"sha512-S2+gNOoEyQMPATdfIIB4XvZPLGWqyCiAHsOgfgW3qxjM8paSYoxbhHtGP2m+1BePLSbm9PBjVv54xOWTPyL25A=="` | -| `rhdhPlugins.notificationsEmail.port` | SMTP server port | `587` | -| `rhdhPlugins.notificationsEmail.sender` | the email sender address | `""` | -| `rhdhPlugins.notificationsEmail.replyTo` | reply-to address | `""` | -| `postgres.serviceName` | The name of the Postgres DB service to be used by platform services. Cannot be empty. | `"sonataflow-psql-postgresql"` | -| `postgres.serviceNamespace` | The namespace of the Postgres DB service to be used by platform services. | `"sonataflow-infra"` | -| `postgres.authSecret.name` | name of existing secret to use for PostgreSQL credentials. | `"sonataflow-psql-postgresql"` | -| `postgres.authSecret.userKey` | name of key in existing secret to use for PostgreSQL credentials. | `"postgres-username"` | -| `postgres.authSecret.passwordKey` | name of key in existing secret to use for PostgreSQL credentials. | `"postgres-password"` | -| `postgres.database` | existing database instance used by data index and job service | `"sonataflow"` | -| `orchestrator.namespace` | Namespace where sonataflow's workflows run. The value is captured when running the setup.sh script and stored as a label in the selected namespace. User can override the value by populating this field. Defaults to `sonataflow-infra`. | `"sonataflow-infra"` | -| `orchestrator.sonataflowPlatform.resources.requests.memory` | | `"64Mi"` | -| `orchestrator.sonataflowPlatform.resources.requests.cpu` | | `"250m"` | -| `orchestrator.sonataflowPlatform.resources.limits.memory` | | `"1Gi"` | -| `orchestrator.sonataflowPlatform.resources.limits.cpu` | | `"500m"` | -| `tekton.enabled` | whether to create the Tekton pipeline resources | `false` | -| `argocd.enabled` | whether to install the ArgoCD plugin and create the orchestrator AppProject | `false` | -| `argocd.namespace` | Defines the namespace where the orchestrator's instance of ArgoCD is deployed. The value is captured when running setup.sh script and stored as a label in the selected namespace. User can override the value by populating this field. Defaults to `orchestrator-gitops` in the setup.sh script. | `""` | - - - ---- -_Documentation generated by [Frigate](https://frigate.readthedocs.io)._ - diff --git a/helm-charts/orchestrator/templates/NOTES.txt b/helm-charts/orchestrator/templates/NOTES.txt deleted file mode 100644 index 02ab5f9a..00000000 --- a/helm-charts/orchestrator/templates/NOTES.txt +++ /dev/null @@ -1,132 +0,0 @@ -{{/* Empty line */}} -Helm Release {{ .Release.Name }} installed in namespace {{ .Release.Namespace }}. -{{- $yes := "YES" }} -{{- $no := "NO " }} -{{- $backstageInstalled := $yes }} -{{- $postgresBackstageInstalled := $no }} -{{- $serverlessOperatorInstalled := $no }} -{{- $knativeServingInstalled := $no }} -{{- $knativeEventingInstalled := $no }} -{{- $sonataFlowOperatorInstalled := $no }} -{{- $sonataFlowPlatformInstalled := $no }} -{{- $tektonPipelineInstalled := $no }} -{{- $tektonTaskInstalled := $no }} -{{- $argocdInstalled := $no }} -{{- $timeout := "--timeout=5m" }} - -{{- if .Values.serverlessOperator.enabled }} -{{- $unmanagedSubscriptionExists := include "unmanaged-resource-exists" (list "operators.coreos.com/v1alpha1" "Subscription" .Values.serverlessOperator.subscription.namespace "serverless-operator" .Release.Name .Capabilities.APIVersions ) }} -{{- if eq $unmanagedSubscriptionExists "false" }} -{{- $serverlessOperatorInstalled = $yes }} -{{- end }} -{{- end }} - -{{- if not .Values.rhdhOperator.enabled }} - {{- $backstageInstalled = $no}} -{{- end }} - -{{- if and $backstageInstalled (lookup "apps/v1" "StatefulSet" .Values.rhdhOperator.subscription.targetNamespace "backstage-psql-backstage" ) }} - {{- $postgresBackstageInstalled = $yes }} -{{- end }} - -{{- $unmanagedNamespaceExists := include "unmanaged-resource-exists" (list "v1" "Namespace" "" "knative-serving" .Release.Name .Capabilities.APIVersions) }} -{{- $unmanagedKnativeEventingExists := include "unmanaged-resource-exists" (list "operator.knative.dev/v1beta1" "KnativeEventing" "knative-eventing" "knative-eventing" .Release.Name .Capabilities.APIVersions ) }} -{{- if and .Values.serverlessOperator.enabled (eq $unmanagedKnativeEventingExists "false") }} -{{- $knativeEventingInstalled = $yes }} -{{- end }} -{{- $unmanagedKnativeServingExists := include "unmanaged-resource-exists" (list "operator.knative.dev/v1beta1" "KnativeServing" "knative-serving" "knative-serving" .Release.Name .Capabilities.APIVersions ) }} -{{- if and .Values.serverlessOperator.enabled (eq $unmanagedKnativeServingExists "false") }} -{{- $knativeServingInstalled = $yes }} -{{- end }} - -{{- if .Values.sonataFlowOperator.enabled }} -{{- $sonataFlowOperatorInstalled = $yes }} -{{- $sonataFlowPlatformInstalled = $yes }} -{{- end }} - -{{- if eq "true" (include "install-tekton-pipeline" .) }} -{{- $tektonPipelineInstalled = $yes }} -{{- end }} - -{{- if eq "true" (include "install-tekton-task" .) }} -{{- $tektonTaskInstalled = $yes }} -{{- end }} - -{{- if eq "true" (include "install-argocd-project" .) }} -{{- $argocdInstalled = $yes }} -{{- end }} - -{{- $workflowNamespace := include "get-workflow-namespace" . }} -{{- $gitopsNamespace := include "get-argocd-namespace" . }} - - -Components Installed Namespace -==================================================================== -Backstage {{ $backstageInstalled }} {{ .Values.rhdhOperator.subscription.targetNamespace }} -Postgres DB - Backstage {{ $postgresBackstageInstalled }} {{ .Values.rhdhOperator.subscription.targetNamespace }} -Red Hat Serverless Operator {{ $serverlessOperatorInstalled }} {{ .Values.serverlessOperator.subscription.namespace }} -KnativeServing {{ $knativeServingInstalled }} knative-serving -KnativeEventing {{ $knativeEventingInstalled }} knative-eventing -SonataFlow Operator {{ $sonataFlowOperatorInstalled }} {{ .Values.sonataFlowOperator.subscription.namespace }} -SonataFlowPlatform {{ $sonataFlowPlatformInstalled }} {{ $workflowNamespace }} -Data Index Service {{ $sonataFlowPlatformInstalled }} {{ $workflowNamespace }} -Job Service {{ $sonataFlowPlatformInstalled }} {{ $workflowNamespace }} -Tekton pipeline {{ $tektonPipelineInstalled }} {{ $gitopsNamespace }} -Tekton task {{ $tektonTaskInstalled }} {{ $gitopsNamespace }} -ArgoCD project {{ $argocdInstalled }} {{ $gitopsNamespace }} -{{/* Empty line */}} -==================================================================== -Prerequisites check: -{{- if not (.Capabilities.APIVersions.Has "tekton.dev/v1/Task") }} -WARN: CRD for tekton.dev/v1/Task is not installed -{{- else }} -The required CRD tekton.dev/v1beta1/Task is already installed. -{{- end }} -{{- if not (.Capabilities.APIVersions.Has "tekton.dev/v1/Pipeline") }} -WARN: CRD for tekton.dev/v1/Pipeline is not installed -{{- else }} -The required CRD tekton.dev/v1/Pipeline is already installed. -{{- end }} -{{- if not (.Capabilities.APIVersions.Has "argoproj.io/v1alpha1/AppProject") }} -WARN: CRD for argoproj.io/v1alpha1/AppProject is not installed -{{- else }} -The required CRD argoproj.io/v1alpha1/AppProject is already installed. -{{- end }} -==================================================================== -{{/* Empty line */}} - -Run the following commands to wait until the services are ready: -{{- if eq $serverlessOperatorInstalled $yes }} - oc wait -n {{ .Values.serverlessOperator.subscription.namespace }} deploy/knative-openshift --for=condition=Available {{ $timeout }} -{{- end }} -{{- if eq $knativeEventingInstalled $yes }} - oc wait -n knative-eventing knativeeventing/knative-eventing --for=condition=Ready {{ $timeout }} -{{- end }} -{{- if eq $knativeServingInstalled $yes }} - oc wait -n knative-serving knativeserving/knative-serving --for=condition=Ready {{ $timeout }} -{{- end }} -{{- if eq $sonataFlowOperatorInstalled $yes }} - oc wait -n {{ .Values.sonataFlowOperator.subscription.namespace }} deploy/logic-operator-rhel8-controller-manager --for=condition=Available {{ $timeout }} -{{- end }} -{{- if eq $sonataFlowPlatformInstalled $yes }} - oc wait -n {{ $workflowNamespace }} sonataflowplatform/sonataflow-platform --for=condition=Succeed {{ $timeout }} -{{- end }} -{{- if eq $sonataFlowPlatformInstalled $yes }} - oc wait -n {{ $workflowNamespace }} deploy/sonataflow-platform-data-index-service --for=condition=Available {{ $timeout }} -{{- end }} -{{- if eq $sonataFlowPlatformInstalled $yes }} - oc wait -n {{ $workflowNamespace }} deploy/sonataflow-platform-jobs-service --for=condition=Available {{ $timeout }} -{{- end }} -{{- if eq $postgresBackstageInstalled $yes }} - oc wait -n {{ .Values.rhdhOperator.subscription.targetNamespace }} pod/backstage-psql-backstage-0 --for=condition=Ready {{ $timeout }} -{{- end }} -{{- if eq $backstageInstalled $yes }} - oc wait -n {{ .Values.rhdhOperator.subscription.targetNamespace }} backstage backstage --for=condition=Deployed=True - oc wait -n {{ .Values.rhdhOperator.subscription.targetNamespace }} deploy/backstage-backstage --for=condition=Available {{ $timeout }} -{{- end }} -{{- if eq $sonataFlowPlatformInstalled $yes }} - oc get networkpolicy -n {{ $workflowNamespace }} -{{- end }} - -In case of a CR deployment failure, check the logs of the pods created by the corresponding job to deploy the failed CRs instance. The jobs are always -deleted after the deployment of the chart is completed. diff --git a/helm-charts/orchestrator/templates/_cr_lifecycle_helper.tpl b/helm-charts/orchestrator/templates/_cr_lifecycle_helper.tpl deleted file mode 100644 index 8904a6fc..00000000 --- a/helm-charts/orchestrator/templates/_cr_lifecycle_helper.tpl +++ /dev/null @@ -1,143 +0,0 @@ -{{- define "manage-cr-lifecycle-on-action" }} - {{- $resourceAPIGroup := printf "%s.%s" .kinds .apiGroup }} - {{- $releaseNameKind := printf "%s-%s" .release.Name .kind |lower }} - {{- if .isEnabled }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ $releaseNameKind }} - namespace: {{ .release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ $releaseNameKind }} -rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - apiGroups: - - {{ .apiGroup }} - resources: - - {{ .kinds |lower}} - verbs: - - patch - - update - - create - - get - - list - - delete - - watch - - apiGroups: - - batch - resources: - - cronjobs - verbs: - - delete - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ $releaseNameKind }} -subjects: - - kind: ServiceAccount - name: {{ $releaseNameKind }} - namespace: {{ .release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ $releaseNameKind }} - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: batch/v1 -kind: CronJob -metadata: - name: {{ trunc -52 (printf "%s-reconcile" $releaseNameKind | trimPrefix "-" | trimPrefix "_" ) }} # Fixes https://github.com/parodos-dev/orchestrator-helm-chart/issues/160 - # job name is used in the spec.template.metadata.labels, and labels cannot be more than 63 characters https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - namespace: {{ .release.Namespace }} - labels: - "orchestrator.rhdh.redhat.com/reconciles": {{ $resourceAPIGroup }} -spec: - schedule: '* * * * *' #run every minute - concurrencyPolicy: Replace - successfulJobsHistoryLimit: 0 - jobTemplate: - spec: - template: - spec: - restartPolicy: OnFailure - serviceAccountName: {{ $releaseNameKind }} - containers: - - name: job - image: registry.redhat.io/openshift4/ose-cli:latest - env: - - name: MANIFEST - value: {{ .manifest }} - command: - - "bin/bash" - - "-c" - args: - - | - echo "Update Job for CR {{ .kind }} of {{ $resourceAPIGroup }} started" - echo "Checking for availability of CRD {{ printf "%s.%s" .kinds .apiGroup }}" - count=60 - while [[ count -ne 0 ]] - do - kubectl get crd {{ printf "%s.%s" .kinds .apiGroup }} -oname - if [[ $? -eq 0 ]]; then - echo $MANIFEST | base64 -d | kubectl apply -f - - if [[ $? -eq 0 ]]; then - echo "Update Job finished" - exit 0 - fi - exit 1 - fi - ((count--)) - sleep 5 - done - echo "Could not find CRD {{ printf "%s.%s" .kinds .apiGroup }} deployed" - exit 1 - {{- end }} - {{ if or (.isEnabled) (and (not .isEnabled) (and .hasCRDInstalled (not (empty (lookup (printf "%s/%s" .apiGroup .groupVersion) .kind (dig "targetNamespace" "" . ) .resourceName ))))) }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ trunc -57 (printf "%s-delete" $releaseNameKind) | trimPrefix "-" | trimPrefix "_" }} # Fixes https://github.com/parodos-dev/orchestrator-helm-chart/issues/160 - # job name is used in the spec.template.metadata.labels, and labels cannot be more than 63 characters https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - namespace: {{ .release.Namespace }} - annotations: - "helm.sh/hook": {{ if .isEnabled }}pre-delete{{ end }}{{ if and (not .isEnabled) (not (empty (lookup (printf "%s/%s" .apiGroup .groupVersion) .kind (dig "targetNamespace" "" . ) .resourceName ))) }}pre-upgrade,pre-rollback{{ end }} - "helm.sh/hook-delete-policy": before-hook-creation - "helm.sh/hook-weight": "1" -spec: - template: - metadata: - name: {{ $releaseNameKind }} - spec: - restartPolicy: Never - serviceAccountName: {{ $releaseNameKind }} - containers: - - name: cleanup - image: registry.redhat.io/openshift4/ose-cli:latest - command: - - "bin/bash" - - "-c" - args: - - | - echo "Cleanup Job for CR {{ .kind }} of {{ $resourceAPIGroup }} started" - kubectl get crd {{ $resourceAPIGroup }} - if [ $? -eq 0 ]; then - kubectl delete cronjob -l orchestrator.rhdh.redhat.com/reconciles={{ $resourceAPIGroup }} -n {{ .release.Namespace }} # Ensure no race condition happens where a cronjob's spawned job creates the CR after the delete job is completed and while helm is processing the other delete jobs - kubectl get {{ if (hasKey . "targetNamespace") }} -n {{ .targetNamespace }} {{ end }} {{ $resourceAPIGroup }} {{ .resourceName }} - if [ $? -eq 0 ]; then - kubectl delete {{ if (hasKey . "targetNamespace") }} -n {{ .targetNamespace }} {{ end }} {{ $resourceAPIGroup }} {{ .resourceName }} --timeout=60s || exit 1 - fi - fi - echo "Cleanup Job finished" - {{- end }} -{{- end }} \ No newline at end of file diff --git a/helm-charts/orchestrator/templates/_helpers.tpl b/helm-charts/orchestrator/templates/_helpers.tpl deleted file mode 100644 index cb586834..00000000 --- a/helm-charts/orchestrator/templates/_helpers.tpl +++ /dev/null @@ -1,140 +0,0 @@ -{{/* Helepr functions */}} - -{{- define "unmanaged-resource-exists" -}} - {{- $api := index . 0 -}} - {{- $kind := index . 1 -}} - {{- $namespace := index . 2 -}} - {{- $name := index . 3 -}} - {{- $releaseName := index . 4 -}} - {{- $apiCapabilities := index . 5 -}} - {{- $unmanagedSubscriptionExists := "true" -}} - {{- if $apiCapabilities.Has (printf "%s/%s" $api $kind) }} - {{- $existingOperator := lookup $api $kind $namespace $name -}} - {{- if empty $existingOperator -}} - {{- "false" -}} - {{- else -}} - {{- $isManagedResource := include "is-managed-resource" (list $existingOperator $releaseName) -}} - {{- if eq $isManagedResource "true" -}} - {{- "false" -}} - {{- else -}} - {{- "true" -}} - {{- end -}} - {{- end -}} - {{- else -}} - {{- "false" -}} - {{- end -}} -{{- end -}} - -{{- define "is-managed-resource" -}} - {{- $resource := index . 0 -}} - {{- $releaseName := index . 1 -}} - {{- $resourceReleaseName := dig "metadata" "annotations" (dict "meta.helm.sh/release-name" "NA") $resource -}} - {{- if eq (get $resourceReleaseName "meta.helm.sh/release-name") $releaseName -}} - {{- "true" -}} - {{- else -}} - {{- "false" -}} - {{- end -}} -{{- end -}} - - -{{- define "cluster.domain" -}} - {{- if .Capabilities.APIVersions.Has "config.openshift.io/v1/Ingress" -}} - {{- $cluster := (lookup "config.openshift.io/v1" "Ingress" "" "cluster") -}} - {{- if and (hasKey $cluster "spec") (hasKey $cluster.spec "domain") -}} - {{- printf "%s" $cluster.spec.domain -}} - {{- else -}} - {{ fail "Unable to obtain cluster domain, OCP Ingress Resource is missing the `spec.domain` field." }} - {{- end }} - {{- else -}} - {{ fail "Unable to obtain cluster domain, config.openshift.io/v1/Ingress is missing" }} - {{- end -}} -{{- end -}} - - -{{- define "install-tekton-task" -}} - {{- if and (and (and .Values.tekton.enabled .Values.argocd.enabled) (ne .Values.rhdhOperator.secretRef.k8s.clusterToken "")) (.Capabilities.APIVersions.Has "tekton.dev/v1/Task") }} - {{- "true" -}} - {{- else }} - {{- "false" -}} - {{- end -}} -{{- end -}} - -{{- define "install-tekton-pipeline" -}} - {{- if and (and (and .Values.tekton.enabled .Values.argocd.enabled) (ne .Values.rhdhOperator.secretRef.k8s.clusterToken "")) (.Capabilities.APIVersions.Has "tekton.dev/v1/Pipeline") }} - {{- "true" -}} - {{- else }} - {{- "false" -}} - {{- end -}} -{{- end -}} - -{{- define "install-argocd-project" -}} - {{- if and (.Values.argocd.enabled) (.Capabilities.APIVersions.Has "argoproj.io/v1alpha1/AppProject") }} - {{- "true" -}} - {{- else }} - {{- "false" -}} - {{- end -}} -{{- end -}} - - -{{- define "get-namespace-with-label" -}} - {{- $paramValue:= index . 0 -}} - {{- $matchingLabel:= index . 1 -}} - {{- if $paramValue -}} - {{- $paramValue -}} - {{- else -}} - {{- $ns:= "" }} - {{- $list:= lookup "v1" "Namespace" "" "" -}} - {{- if eq 0 (len (dig "items" (dict "" "") $list ) )}} - {{- fail (printf "No namespaces found: %d" (len (dig "items" (dict "" "") $list)) ) }} - {{- end -}} - {{- range (dig "items" (dict "" "") $list) }} - {{- $labels:= dig "metadata" "labels" (dict "" "" ) . -}} - {{- if (hasKey $labels $matchingLabel ) }} - {{- if not $ns }} - {{- $ns = dig "metadata" "name" "" . -}} - {{- else -}} - {{- fail (printf "More than one namespace found with label %s: %s and %s" $matchingLabel $ns (dig "metadata" "name" "" .) )}} - {{- end }} - {{- end -}} - {{- end -}} - {{- if not $ns -}} - {{- fail (printf "No namespace found with label '%s'. Please follow the installation instructions to properly configure the environment" $matchingLabel) -}} - {{- end }} - {{- $ns }} - {{- end -}} -{{- end -}} - -{{- define "get-workflow-namespace" -}} - {{- if (not (hasKey . "workflowNamespace" ) ) -}} - {{- $workflowNamespace := include "get-namespace-with-label" (list .Values.orchestrator.namespace "rhdh.redhat.com/workflow-namespace") }} - {{- $_ := set . "workflowNamespace" $workflowNamespace }} - {{- end -}} - {{- .workflowNamespace -}} -{{- end -}} - -{{- define "get-argocd-namespace" -}} - {{- if .Values.argocd.enabled }} - {{- if (not (hasKey . "argoCDNamespace" ) ) -}} - {{- $argoCDNamespace := include "get-namespace-with-label" (list .Values.argocd.namespace "rhdh.redhat.com/argocd-namespace") }} - {{- $_ := set . "argoCDNamespace" $argoCDNamespace }} - {{- end -}} - {{- .argoCDNamespace -}} - {{- end -}} -{{- end -}} - -{{- define "get-cluster-version" -}} - {{- $v := "" }} - {{- $version :=(lookup "config.openshift.io/v1" "ClusterVersion" "" "version") }} - {{- range $version.status.history }} - {{- if eq .state "Completed" }} - {{- $v = (semver .version) }} - {{- end }} - {{- end }} - - {{- $validMinors := list "4.13" "4.14" "4.15" "4.16" -}} - {{- $versionString := printf "%d.%d" $v.Major $v.Minor -}} - {{- if not (semverCompare ">=4.13 <=4.16" $versionString) -}} - {{- fail (printf "Unsupported OCP version: %s. Supported versions: %s." $versionString $validMinors) -}} - {{- end -}} - {{- $versionString -}} -{{- end -}} \ No newline at end of file diff --git a/helm-charts/orchestrator/templates/argocd-project.yaml b/helm-charts/orchestrator/templates/argocd-project.yaml deleted file mode 100644 index 3236d9b3..00000000 --- a/helm-charts/orchestrator/templates/argocd-project.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if eq "true" (include "install-argocd-project" .) }} -apiVersion: argoproj.io/v1alpha1 -kind: AppProject -metadata: - name: orchestrator-gitops - namespace: {{ include "get-argocd-namespace" . }} -spec: - destinations: - - name: '*' - namespace: '*' - server: '*' - sourceRepos: - - '*' -{{- end }} \ No newline at end of file diff --git a/helm-charts/orchestrator/templates/network-policies.yaml b/helm-charts/orchestrator/templates/network-policies.yaml deleted file mode 100644 index 2d155f3e..00000000 --- a/helm-charts/orchestrator/templates/network-policies.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.sonataFlowOperator.enabled }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: allow-rhdh-to-sonataflow-and-workflows - # Sonataflow and Workflows are using the same namespace. - namespace: "{{- include "get-workflow-namespace" . }}" -spec: - podSelector: {} - ingress: - - from: - - namespaceSelector: - matchLabels: - # Allow RHDH namespace to communicate with workflows and sonataflow services - kubernetes.io/metadata.name: {{ .Values.rhdhOperator.subscription.targetNamespace }} - - namespaceSelector: - matchLabels: - # Allow any other namespace the has workflows deployed because this is where - # this namespace contains the sonataflow services - rhdh.redhat.com/workflow-namespace: "" -{{- end }} diff --git a/helm-charts/orchestrator/templates/openshift-serverless.yaml b/helm-charts/orchestrator/templates/openshift-serverless.yaml deleted file mode 100644 index 373db358..00000000 --- a/helm-charts/orchestrator/templates/openshift-serverless.yaml +++ /dev/null @@ -1,86 +0,0 @@ -## Knative Serving CR -{{- define "knativeServing-manifest" -}} ---- -apiVersion: operator.knative.dev/v1beta1 -kind: KnativeServing -metadata: - name: knative-serving - namespace: knative-serving - annotations: - "meta.helm.sh/release-name": {{ .Release.Name}} -spec: - controller-custom-certs: - name: "" - type: "" - registry: {} -{{- end }} -## Knative Eventing CR -{{- define "knativeEventing-manifest" -}} ---- -apiVersion: operator.knative.dev/v1beta1 -kind: KnativeEventing -metadata: - name: knative-eventing - namespace: knative-eventing - annotations: - "meta.helm.sh/release-name": {{ .Release.Name}} -spec: - Registry: -{{- end }} -#### Openshift Serverless Manifests -{{- if .Values.serverlessOperator.enabled }} - {{- $unmanagedNamespaceExists := include "unmanaged-resource-exists" (list "v1" "Namespace" "" .Values.serverlessOperator.subscription.namespace .Release.Name .Capabilities.APIVersions) }} - {{- if and (eq $unmanagedNamespaceExists "false") .Values.serverlessOperator.enabled }} ---- -apiVersion: v1 -kind: Namespace -metadata: - name: {{ .Values.serverlessOperator.subscription.namespace }} ---- -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: serverless-operator-group - namespace: {{ .Values.serverlessOperator.subscription.namespace }} -spec: {} - {{- end }} - {{- $unmanagedSubscriptionExists := include "unmanaged-resource-exists" (list "operators.coreos.com/v1alpha1" "Subscription" .Values.serverlessOperator.subscription.namespace "serverless-operator" .Release.Name .Capabilities.APIVersions ) }} - {{- if eq $unmanagedSubscriptionExists "false" }} ---- -apiVersion: operators.coreos.com/v1alpha1 -kind: Subscription -metadata: - name: serverless-operator - namespace: {{ .Values.serverlessOperator.subscription.namespace }} -spec: - channel: {{ .Values.serverlessOperator.subscription.channel }} - installPlanApproval: Automatic - name: {{ .Values.serverlessOperator.subscription.name }} - source: redhat-operators - sourceNamespace: openshift-marketplace - {{- end }} - {{- $unmanagedNamespaceExists := include "unmanaged-resource-exists" (list "v1" "Namespace" "" "knative-serving" .Release.Name .Capabilities.APIVersions) }} - {{- if eq $unmanagedNamespaceExists "false" }} ---- -apiVersion: v1 -kind: Namespace -metadata: - name: knative-serving - {{- end }} - {{- $unmanagedNamespaceExists := include "unmanaged-resource-exists" (list "v1" "Namespace" "" "knative-eventing" .Release.Name .Capabilities.APIVersions) }} - {{- if eq $unmanagedNamespaceExists "false" }} ---- -apiVersion: v1 -kind: Namespace -metadata: - name: knative-eventing - {{- end }} -{{- end }} -{{- $unmanagedKnativeEventingExists := include "unmanaged-resource-exists" (list "operator.knative.dev/v1beta1" "KnativeEventing" "knative-eventing" "knative-eventing" .Release.Name .Capabilities.APIVersions) }} -{{- if eq $unmanagedKnativeEventingExists "false" }} - {{- include "manage-cr-lifecycle-on-action" (dict "release" .Release "apiGroup" "operator.knative.dev" "groupVersion" "v1beta1" "kind" "KnativeEventing" "kinds" "knativeeventings" "targetNamespace" "knative-eventing" "resourceName" "knative-eventing" "isEnabled" .Values.serverlessOperator.enabled "hasCRDInstalled" (.Capabilities.APIVersions.Has "operator.knative.dev/v1beta1/KnativeEventing") "manifest" (include "knativeEventing-manifest" . | b64enc )) }} -{{- end }} -{{- $unmanagedKnativeEventingExists := include "unmanaged-resource-exists" (list "operator.knative.dev/v1beta1" "KnativeServing" "knative-serving" "knative-serving" .Release.Name .Capabilities.APIVersions) }} -{{- if eq $unmanagedKnativeEventingExists "false" }} - {{- include "manage-cr-lifecycle-on-action" (dict "release" .Release "apiGroup" "operator.knative.dev" "groupVersion" "v1beta1" "kind" "KnativeServing" "kinds" "knativeservings" "targetNamespace" "knative-serving" "resourceName" "knative-serving" "isEnabled" .Values.serverlessOperator.enabled "hasCRDInstalled" (.Capabilities.APIVersions.Has "operator.knative.dev/v1beta1/KnativeServing") "manifest" (include "knativeServing-manifest" . | b64enc )) }} -{{- end }} \ No newline at end of file diff --git a/helm-charts/orchestrator/templates/release-candidate.yaml b/helm-charts/orchestrator/templates/release-candidate.yaml deleted file mode 100644 index 0f61fef5..00000000 --- a/helm-charts/orchestrator/templates/release-candidate.yaml +++ /dev/null @@ -1,104 +0,0 @@ -{{/* -This file used for including source resources for RHDH and Sonataflow components from RC builds. -It requires including a secret to enable access to the image registries that contains the builds. -See https://github.com/janus-idp/operator/blob/main/.rhdh/docs/installing-ci-builds.adoc -*/}} - -{{- $version := "" }} -{{- if or .Values.sonataFlowOperator.isReleaseCandidate .Values.rhdhOperator.isReleaseCandidate }} - {{- $version = include "get-cluster-version" . -}} -{{- end}} - -{{- if .Values.sonataFlowOperator.isReleaseCandidate }} -apiVersion: operator.openshift.io/v1alpha1 -kind: ImageContentSourcePolicy -metadata: - labels: - operators.openshift.org/catalog: "true" - name: brew-registry -spec: - repositoryDigestMirrors: - - mirrors: - - brew.registry.redhat.io/openshift-serverless-1/logic-rhel8-operator - source: registry.redhat.io/openshift-serverless-1/logic-rhel8-operator - - mirrors: - - brew.registry.redhat.io/rh-osbs/openshift-serverless-1-logic-operator-bundle - source: registry-proxy.engineering.redhat.com/rh-osbs/openshift-serverless-1-logic-operator-bundle ---- -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: {{ .Values.sonataFlowOperator.subscription.sourceName }} - namespace: openshift-marketplace -spec: - displayName: Sonataflow Operator (Brew) - image: {{ (get .Values.sonataflow.images $version) }} - sourceType: grpc - publisher: Sonataflow Operator (Brew) ---- -{{- end}} - -{{- if .Values.rhdhOperator.isReleaseCandidate }} -apiVersion: operator.openshift.io/v1alpha1 -kind: ImageContentSourcePolicy -metadata: - name: quay-io -spec: - repositoryDigestMirrors: - - mirrors: - - quay.io/rhdh/rhdh-operator-bundle - source: registry.redhat.io/rhdh/rhdh-operator-bundle - - mirrors: - - quay.io/rhdh/rhdh-operator-bundle - source: registry.stage.redhat.io/rhdh/rhdh-operator-bundle - - mirrors: - - quay.io/rhdh/rhdh-operator-bundle - source: registry-proxy.engineering.redhat.com/rh-osbs/rhdh-rhdh-operator-bundle - - mirrors: - - quay.io/rhdh/rhdh-rhel9-operator - source: registry.redhat.io/rhdh/rhdh-rhel9-operator - - mirrors: - - quay.io/rhdh/rhdh-rhel9-operator - source: registry.stage.redhat.io/rhdh/rhdh-rhel9-operator - - mirrors: - - quay.io/rhdh/rhdh-rhel9-operator - source: registry-proxy.engineering.redhat.com/rh-osbs/rhdh-rhdh-rhel9-operator - - mirrors: - - quay.io/rhdh/rhdh-hub-rhel9 - source: registry.redhat.io/rhdh/rhdh-hub-rhel9 - - mirrors: - - quay.io/rhdh/rhdh-hub-rhel9 - source: registry.stage.redhat.io/rhdh/rhdh-hub-rhel9 - - mirrors: - - quay.io/rhdh/rhdh-hub-rhel9 - source: registry-proxy.engineering.redhat.com/rh-osbs/rhdh-rhdh-hub-rhel9 - - mirrors: - - quay.io - source: registry.redhat.io - - mirrors: - - quay.io - source: registry.stage.redhat.io - - mirrors: - - quay.io - source: registry-proxy.engineering.redhat.com - - mirrors: - - registry.redhat.io - source: registry.stage.redhat.io - - mirrors: - - registry.stage.redhat.io - source: registry-proxy.engineering.redhat.com - - mirrors: - - registry.redhat.io - source: registry-proxy.engineering.redhat.com ---- -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: {{ .Values.rhdhOperator.subscription.sourceName }} - namespace: openshift-marketplace -spec: - displayName: IIB testing catalog - image: {{ (get .Values.rhdh.images $version) }} - sourceType: grpc - publisher: IIB testing catalog -{{- end }} diff --git a/helm-charts/orchestrator/templates/rhdh-operator.yaml b/helm-charts/orchestrator/templates/rhdh-operator.yaml deleted file mode 100644 index 52ce1de0..00000000 --- a/helm-charts/orchestrator/templates/rhdh-operator.yaml +++ /dev/null @@ -1,331 +0,0 @@ -{{- define "backstage-manifest" }} ---- -apiVersion: rhdh.redhat.com/v1alpha1 -kind: Backstage -metadata: - name: backstage - namespace: {{ .Values.rhdhOperator.subscription.targetNamespace }} - annotations: - "meta.helm.sh/release-name": {{ .Release.Name}} -spec: - application: - appConfig: - configMaps: - - name: app-config-rhdh - - name: app-config-rhdh-auth - - name: app-config-rhdh-catalog - dynamicPluginsConfigMapName: dynamic-plugins-rhdh - extraEnvs: - secrets: - - name: {{ .Values.rhdhOperator.secretRef.name }} - replicas: 1 -{{- end }} - -{{- if .Values.rhdhOperator.enabled }} - {{- if not .Values.rhdhOperator.secretRef.name }} - {{- fail "Backstage's secret name defined in 'rhdhOperator.secretRef.name' is required" }} - {{- end }} - {{- $secret := lookup "v1" "Secret" .Values.rhdhOperator.subscription.targetNamespace .Values.rhdhOperator.secretRef.name }} - {{- if not $secret }} - {{- fail (printf "Secret %s not found in namespace %s" .Values.rhdhOperator.secretRef.name .Values.rhdhOperator.subscription.targetNamespace ) }} - {{- end }} - {{ if not .Values.rhdhOperator.secretRef.backstage.backendSecret }} - {{ fail printf "Backend secret key not defined in secret '%s' for Backstage. Please ensure that the value key 'rhdhOperator.secretRef.backstage.backendSecret' has been populated and the value matches the key in the secret" .Values.rhdhOperator.secretRef.name }} - {{- end }} - {{- if not (dig "data" .Values.rhdhOperator.secretRef.backstage.backendSecret "" $secret) }} - {{ fail (printf "Backend secret key %s not found in secret '%s' for Backstage. Please ensure that the value key 'rhdhOperator.secretRef.backstage.backendSecret' matches the key in the secret: %s" .Values.rhdhOperator.secretRef.backstage.backendSecret .Values.rhdhOperator.secretRef.name ($secret|toPrettyJson) )}} - {{- end }} ---- -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: rhdh-operator-group - namespace: {{ .Values.rhdhOperator.subscription.namespace }} -spec: {} ---- -apiVersion: operators.coreos.com/v1alpha1 -kind: Subscription -metadata: - name: {{ .Values.rhdhOperator.subscription.name }} - namespace: {{ .Values.rhdhOperator.subscription.namespace }} -spec: - channel: {{ .Values.rhdhOperator.subscription.channel }} - installPlanApproval: Automatic - name: {{ .Values.rhdhOperator.subscription.name }} - source: {{ .Values.rhdhOperator.subscription.source }} - sourceNamespace: openshift-marketplace - {{- if .Values.rhdhOperator.subscription.startingCSV }} - startingCSV: {{ .Values.rhdhOperator.subscription.startingCSV }} - {{- end }} - {{- if .Values.rhdhPlugins.npmRegistry }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: dynamic-plugins-npmrc - namespace: {{ .Values.rhdhOperator.subscription.targetNamespace }} -type: Opaque -stringData: - .npmrc: | - registry={{ .Values.rhdhPlugins.npmRegistry }} - {{- end }} ---- -kind: ConfigMap -apiVersion: v1 -metadata: - name: app-config-rhdh - namespace: {{ .Values.rhdhOperator.subscription.targetNamespace }} -data: - "app-config-rhdh.yaml": | - app: - title: Red Hat Developer Hub - baseUrl: https://backstage-backstage-{{ .Values.rhdhOperator.subscription.targetNamespace }}.{{ include "cluster.domain" . }} - backend: - auth: - externalAccess: - - type: static - options: - token: {{ printf "${%s}" .Values.rhdhOperator.secretRef.backstage.backendSecret }} - subject: orchestrator - baseUrl: https://backstage-backstage-{{ .Values.rhdhOperator.subscription.targetNamespace }}.{{ include "cluster.domain" . }} - csp: - script-src: ["'self'", "'unsafe-inline'", "'unsafe-eval'"] - script-src-elem: ["'self'", "'unsafe-inline'", "'unsafe-eval'"] - connect-src: ["'self'", 'http:', 'https:', 'data:'] - cors: - origin: https://backstage-backstage-{{ .Values.rhdhOperator.subscription.targetNamespace }}.{{ include "cluster.domain" . }} - database: - client: pg - connection: - password: ${POSTGRESQL_ADMIN_PASSWORD} - user: ${POSTGRES_USER} - host: ${POSTGRES_HOST} - port: ${POSTGRES_PORT} - {{- if and .Values.argocd.enabled - ( and - (and (.Values.rhdhOperator.secretRef.argocd.url) (dig "data" .Values.rhdhOperator.secretRef.argocd.url "" $secret ) ) - (and (.Values.rhdhOperator.secretRef.argocd.username) (dig "data" .Values.rhdhOperator.secretRef.argocd.password "" $secret) ) - ) - }} - argocd: - appLocatorMethods: - - instances: - - name: main - url: {{ printf "${%s}" .Values.rhdhOperator.secretRef.argocd.url }} - username: {{ printf "${%s}" .Values.rhdhOperator.secretRef.argocd.username }} - password: {{ printf "${%s}" .Values.rhdhOperator.secretRef.argocd.password }} - type: config - {{- end }} ---- -kind: ConfigMap -apiVersion: v1 -metadata: - name: dynamic-plugins-rhdh - namespace: {{ .Values.rhdhOperator.subscription.targetNamespace }} -data: - "dynamic-plugins.yaml": | - includes: - - dynamic-plugins.default.yaml - plugins: - {{- if and (and .Values.rhdhOperator.secretRef.k8s.clusterToken (dig "data" .Values.rhdhOperator.secretRef.k8s.clusterToken "" $secret ) ) - (and .Values.rhdhOperator.secretRef.k8s.clusterUrl (dig "data" .Values.rhdhOperator.secretRef.k8s.clusterUrl "" $secret ) ) }} - - package: ./dynamic-plugins/dist/backstage-plugin-kubernetes-backend-dynamic - disabled: false - pluginConfig: - kubernetes: - customResources: - - group: 'tekton.dev' - apiVersion: 'v1' - plural: 'pipelines' - - group: 'tekton.dev' - apiVersion: 'v1' - plural: 'pipelineruns' - - group: 'tekton.dev' - apiVersion: 'v1' - plural: 'taskruns' - - group: 'route.openshift.io' - apiVersion: 'v1' - plural: 'routes' - serviceLocatorMethod: - type: 'multiTenant' - clusterLocatorMethods: - - type: 'config' - clusters: - - name: 'Default Cluster' - url: {{ printf "${%s}" .Values.rhdhOperator.secretRef.k8s.clusterUrl }} - authProvider: 'serviceAccount' - skipTLSVerify: true - serviceAccountToken: {{ printf "${%s}" .Values.rhdhOperator.secretRef.k8s.clusterToken }} - - package: ./dynamic-plugins/dist/backstage-plugin-kubernetes - disabled: false - {{- if .Values.tekton.enabled }} - - package: ./dynamic-plugins/dist/janus-idp-backstage-plugin-tekton - disabled: false - {{- end }} - {{- end }} - {{- if and .Values.argocd.enabled - ( and - (and (.Values.rhdhOperator.secretRef.argocd.url) (dig "data" .Values.rhdhOperator.secretRef.argocd.url "" $secret ) ) - (and (.Values.rhdhOperator.secretRef.argocd.username) (dig "data" .Values.rhdhOperator.secretRef.argocd.password "" $secret) ) - ) - }} - - disabled: false - package: ./dynamic-plugins/dist/janus-idp-backstage-plugin-argocd - - disabled: false - package: ./dynamic-plugins/dist/roadiehq-backstage-plugin-argo-cd-backend-dynamic - - disabled: false - package: ./dynamic-plugins/dist/roadiehq-scaffolder-backend-argocd-dynamic - {{- end }} - - disabled: false - package: "{{ .Values.rhdhPlugins.scope }}/{{ .Values.rhdhPlugins.orchestratorBackend.package }}" - integrity: {{ .Values.rhdhPlugins.orchestratorBackend.integrity }} - pluginConfig: - orchestrator: - dataIndexService: - url: http://sonataflow-platform-data-index-service.{{- include "get-workflow-namespace" . }} - - disabled: false - package: "{{ .Values.rhdhPlugins.scope }}/{{ .Values.rhdhPlugins.orchestrator.package }}" - integrity: {{ .Values.rhdhPlugins.orchestrator.integrity }} - pluginConfig: - dynamicPlugins: - frontend: - janus-idp.backstage-plugin-orchestrator: - appIcons: - - importName: OrchestratorIcon - module: OrchestratorPlugin - name: orchestratorIcon - dynamicRoutes: - - importName: OrchestratorPage - menuItem: - icon: orchestratorIcon - text: Orchestrator - module: OrchestratorPlugin - path: /orchestrator - - disabled: false - package: "{{ .Values.rhdhPlugins.scope }}/{{ .Values.rhdhPlugins.notifications.package }}" - integrity: {{ .Values.rhdhPlugins.notifications.integrity }} - pluginConfig: - dynamicPlugins: - frontend: - redhat.plugin-notifications: - dynamicRoutes: - - importName: NotificationsPage - menuItem: - config: - props: - titleCounterEnabled: true - webNotificationsEnabled: false - importName: NotificationsSidebarItem - path: /notifications - - disabled: false - package: "{{ .Values.rhdhPlugins.scope }}/{{ .Values.rhdhPlugins.signals.package }}" - integrity: {{ .Values.rhdhPlugins.signals.integrity }} - pluginConfig: - dynamicPlugins: - frontend: - redhat.plugin-signals: {} - - disabled: false - package: "{{ .Values.rhdhPlugins.scope }}/{{ .Values.rhdhPlugins.notificationsBackend.package }}" - integrity: {{ .Values.rhdhPlugins.notificationsBackend.integrity }} - - disabled: false - package: "{{ .Values.rhdhPlugins.scope }}/{{ .Values.rhdhPlugins.signalsBackend.package }}" - integrity: {{ .Values.rhdhPlugins.signalsBackend.integrity }} - {{- if and .Values.rhdhPlugins.notificationsEmail.enabled - ( and (.Values.rhdhOperator.secretRef.notificationsEmail.hostname) (dig "data" .Values.rhdhOperator.secretRef.notificationsEmail.hostname "" $secret ) ) - }} - - disabled: false - package: "{{ .Values.rhdhPlugins.scope }}/{{ .Values.rhdhPlugins.notificationsEmail.package }}" - integrity: {{ .Values.rhdhPlugins.notificationsEmail.integrity }} - pluginConfig: - notifications: - processors: - email: - transportConfig: - transport: smtp - hostname: {{ printf "${%s}" .Values.rhdhOperator.secretRef.notificationsEmail.hostname }} - port: {{ .Values.rhdhPlugins.notificationsEmail.port }} - secure: false - {{- if .Values.rhdhOperator.secretRef.notificationsEmail.username }} - username: {{ printf "${%s}" .Values.rhdhOperator.secretRef.notificationsEmail.username }} - {{- end}} - {{- if .Values.rhdhOperator.secretRef.notificationsEmail.password }} - password: {{ printf "${%s}" .Values.rhdhOperator.secretRef.notificationsEmail.password }} - {{- end}} - sender: {{ .Values.rhdhPlugins.notificationsEmail.sender }} - {{- if .Values.rhdhPlugins.notificationsEmail.replyTo }} - replyTo: {{ .Values.rhdhPlugins.notificationsEmail.replyTo }} - {{- end}} - broadcastConfig: - receiver: "none" - concurrencyLimit: 10 - cache: - ttl: - days: 1 - {{- end }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: app-config-rhdh-auth - namespace: {{ .Values.rhdhOperator.subscription.targetNamespace }} -data: - app-config-auth.gh.yaml: | - {{- if and .Values.rhdhOperator.secretRef.github.token (dig "data" .Values.rhdhOperator.secretRef.github.token "" $secret) }} - integrations: - github: - - host: github.com - token: {{ printf "${%s}" .Values.rhdhOperator.secretRef.github.token }} - auth: - environment: development - {{- end }} - providers: - {{- if and (and .Values.rhdhOperator.secretRef.github.clientId (dig "data" .Values.rhdhOperator.secretRef.github.clientId "" $secret) ) - (and .Values.rhdhOperator.secretRef.github.clientSecret (dig "data" .Values.rhdhOperator.secretRef.github.clientSecret "" $secret ) ) }} - github: - development: - clientId: {{ printf "${%s}" .Values.rhdhOperator.secretRef.github.clientId }} - clientSecret: {{ printf "${%s}" .Values.rhdhOperator.secretRef.github.clientSecret }} - {{- end }} - {{- if .Values.rhdhOperator.enableGuestProvider }} - guest: - dangerouslyAllowOutsideDevelopment: true - userEntityRef: user:default/guest - {{- end }} ---- -kind: ConfigMap -apiVersion: v1 -metadata: - name: app-config-rhdh-catalog - namespace: {{ .Values.rhdhOperator.subscription.targetNamespace }} -data: - "app-config-catalog.yaml": | - catalog: - rules: - - allow: - [ - Component, - System, - Group, - Resource, - Location, - Template, - API, - User, - Domain, - ] - locations: - {{- if .Values.rhdhOperator.enableGuestProvider }} - - type: url - target: https://github.com/parodos-dev/orchestrator-helm-chart/blob/main/resources/users.yaml - {{- end }} - - type: url - target: https://github.com/parodos-dev/workflow-software-templates/blob/{{ .Values.rhdhOperator.catalogBranch }}/entities/workflow-resources.yaml - - type: url - target: https://github.com/parodos-dev/workflow-software-templates/blob/{{ .Values.rhdhOperator.catalogBranch }}/scaffolder-templates/basic-workflow/template.yaml - - type: url - target: https://github.com/parodos-dev/workflow-software-templates/blob/{{ .Values.rhdhOperator.catalogBranch }}/scaffolder-templates/complex-assessment-workflow/template.yaml -{{- end }} -{{- $unmanagedNamespaceExists := include "unmanaged-resource-exists" (list "rhdh.redhat.com/v1alpha1" "Backstage" .Values.rhdhOperator.subscription.targetNamespace "backstage" .Release.Name .Capabilities.APIVersions ) }} -{{- if eq $unmanagedNamespaceExists "false" }} - {{- include "manage-cr-lifecycle-on-action" (dict "release" .Release "apiGroup" "rhdh.redhat.com" "groupVersion" "v1alpha1" "kind" "Backstage" "kinds" "backstages" "targetNamespace" .Values.rhdhOperator.subscription.targetNamespace "resourceName" "backstage" "isEnabled" .Values.rhdhOperator.enabled "hasCRDInstalled" (.Capabilities.APIVersions.Has "rhdh.redhat.com/v1alpha1/Backstage") "manifest" (include "backstage-manifest" . | b64enc )) }} -{{- end }} diff --git a/helm-charts/orchestrator/templates/sonataflow-operator.yaml b/helm-charts/orchestrator/templates/sonataflow-operator.yaml deleted file mode 100644 index 04339115..00000000 --- a/helm-charts/orchestrator/templates/sonataflow-operator.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.sonataFlowOperator.enabled }} - {{- $unmanagedNamespaceExists := include "unmanaged-resource-exists" (list "v1" "Namespace" "" .Values.sonataFlowOperator.subscription.namespace .Release.Name .Capabilities.APIVersions) }} - {{- if and (eq $unmanagedNamespaceExists "false") .Values.sonataFlowOperator.enabled }} ---- -apiVersion: v1 -kind: Namespace -metadata: - name: {{ .Values.sonataFlowOperator.subscription.namespace }} ---- -{{- end }} -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: openshift-serverless-logic - namespace: {{ .Values.sonataFlowOperator.subscription.namespace }} -spec: {} ---- -apiVersion: operators.coreos.com/v1alpha1 -kind: Subscription -metadata: - name: {{ .Values.sonataFlowOperator.subscription.name }} - namespace: {{ .Values.sonataFlowOperator.subscription.namespace }} -spec: - channel: {{ .Values.sonataFlowOperator.subscription.channel }} - installPlanApproval: Automatic - name: {{ .Values.sonataFlowOperator.subscription.name }} - source: {{ .Values.sonataFlowOperator.subscription.sourceName }} - sourceNamespace: openshift-marketplace - {{- if ne .Values.sonataFlowOperator.subscription.startingCSV "" }} - startingCSV: {{ .Values.sonataFlowOperator.subscription.startingCSV }} - {{- end }} -{{- end }} diff --git a/helm-charts/orchestrator/templates/sonataflows.yaml b/helm-charts/orchestrator/templates/sonataflows.yaml deleted file mode 100644 index e6523c95..00000000 --- a/helm-charts/orchestrator/templates/sonataflows.yaml +++ /dev/null @@ -1,72 +0,0 @@ -{{- define "sonataFlowClusterPlatform-manifest" }} -{{- $workflowNamespace := include "get-workflow-namespace" . }} ---- -apiVersion: sonataflow.org/v1alpha08 -kind: SonataFlowClusterPlatform -metadata: - name: cluster-platform - annotations: - "meta.helm.sh/release-name": {{ .Release.Name}} -spec: - platformRef: - name: sonataflow-platform - namespace: {{ $workflowNamespace }} -{{- end }} -{{- define "sonataFlowPlatform-manifest" }} -{{- $workflowNamespace := include "get-workflow-namespace" . }} ---- -apiVersion: sonataflow.org/v1alpha08 -kind: SonataFlowPlatform -metadata: - name: sonataflow-platform - namespace: {{ $workflowNamespace }} - annotations: - "meta.helm.sh/release-name": {{ .Release.Name}} -spec: - build: - template: - resources: - requests: - memory: {{ .Values.orchestrator.sonataflowPlatform.resources.requests.memory }} - cpu: {{ .Values.orchestrator.sonataflowPlatform.resources.requests.cpu }} - limits: - memory: {{ .Values.orchestrator.sonataflowPlatform.resources.limits.memory }} - cpu: {{ .Values.orchestrator.sonataflowPlatform.resources.limits.cpu }} - services: - dataIndex: - enabled: true - persistence: - postgresql: - secretRef: - name: {{ .Values.postgres.authSecret.name }} - userKey: {{ .Values.postgres.authSecret.userKey }} - passwordKey: {{ .Values.postgres.authSecret.passwordKey }} - serviceRef: - name: {{ .Values.postgres.serviceName }} - namespace: {{ .Values.postgres.serviceNamespace }} - {{- if .Values.orchestrator.sonataflowPlatform.dataIndexImage }} - podTemplate: - container: - image: {{ .Values.orchestrator.sonataflowPlatform.dataIndexImage }} - {{- end }} - jobService: - enabled: true - persistence: - postgresql: - secretRef: - name: {{ .Values.postgres.authSecret.name }} - userKey: {{ .Values.postgres.authSecret.userKey }} - passwordKey: {{ .Values.postgres.authSecret.passwordKey }} - serviceRef: - name: {{ .Values.postgres.serviceName }} - namespace: {{ .Values.postgres.serviceNamespace }} - {{- if .Values.orchestrator.sonataflowPlatform.jobServiceImage }} - podTemplate: - container: - image: {{ .Values.orchestrator.sonataflowPlatform.jobServiceImage }} - {{- end }} -{{- end }} -{{- $workflowNamespace := include "get-workflow-namespace" . }} -## Manifests -{{ include "manage-cr-lifecycle-on-action" (dict "release" .Release "apiGroup" "sonataflow.org" "groupVersion" "v1alpha08" "kind" "SonataFlowClusterPlatform" "kinds" "sonataflowclusterplatforms" "resourceName" "cluster-platform" "isEnabled" .Values.sonataFlowOperator.enabled "hasCRDInstalled" (.Capabilities.APIVersions.Has "sonataflow.org/v1alpha08/SonataFlowClusterPlatform") "manifest" (include "sonataFlowClusterPlatform-manifest" . | b64enc )) }} -{{ include "manage-cr-lifecycle-on-action" (dict "release" .Release "apiGroup" "sonataflow.org" "groupVersion" "v1alpha08" "kind" "SonataFlowPlatform" "kinds" "sonataflowplatforms" "targetNamespace" $workflowNamespace "resourceName" "sonataflow-platform" "isEnabled" .Values.sonataFlowOperator.enabled "hasCRDInstalled" (.Capabilities.APIVersions.Has "sonataflow.org/v1alpha08/SonataFlowClusterPlatform") "manifest" (include "sonataFlowPlatform-manifest" . | b64enc )) }} \ No newline at end of file diff --git a/helm-charts/orchestrator/templates/tekton-pipeline.yaml b/helm-charts/orchestrator/templates/tekton-pipeline.yaml deleted file mode 100644 index 20f34dde..00000000 --- a/helm-charts/orchestrator/templates/tekton-pipeline.yaml +++ /dev/null @@ -1,164 +0,0 @@ -{{- if eq "true" (include "install-tekton-pipeline" .) }} - {{- $gitopsNamespace := include "get-argocd-namespace" . }} -apiVersion: tekton.dev/v1 -kind: Pipeline -metadata: - name: workflow-deployment - namespace: {{ $gitopsNamespace }} -spec: - description: | - This pipeline clones a git repo, builds a Docker image with Kaniko and - pushes it to a registry - params: - - name: gitUrl - description: The SSH URL of the repository to clone - type: string - - name: gitOpsUrl - description: The SSH URL of the config repository for pushing the changes - type: string - - name: workflowId - description: The workflow ID from the repository - type: string - - name: convertToFlat - description: Whether conversion to flat layout is needed or it's already flattened - type: string - default: "true" - - name: quayOrgName - description: The Quay Organization Name of the published workflow - type: string - - name: quayRepoName - description: The Quay Repository Name of the published workflow - type: string - workspaces: - - name: workflow-source - - name: workflow-gitops - - name: ssh-creds - - name: docker-credentials - tasks: - - name: fetch-workflow - taskRef: - name: git-cli - workspaces: - - name: source - workspace: workflow-source - - name: ssh-directory - workspace: ssh-creds - params: - - name: GIT_USER_NAME - value: Parodos Tekton Pipeline - - name: GIT_USER_EMAIL - value: parodos@redhat.com - - name: USER_HOME - value: /home/git - - name: GIT_SCRIPT - value: | - eval "$(ssh-agent -s)" - ssh-add "${PARAM_USER_HOME}"/.ssh/id_rsa - git clone $(params.gitUrl) workflow - cd workflow - - name: fetch-workflow-gitops - taskRef: - name: git-cli - workspaces: - - name: source - workspace: workflow-gitops - - name: ssh-directory - workspace: ssh-creds - params: - - name: GIT_USER_NAME - value: Parodos Tekton Pipeline - - name: GIT_USER_EMAIL - value: parodos@redhat.com - - name: USER_HOME - value: /home/git - - name: GIT_SCRIPT - value: | - eval "$(ssh-agent -s)" - ssh-add "${PARAM_USER_HOME}"/.ssh/id_rsa - git clone $(params.gitOpsUrl) workflow-gitops - - name: flatten-workflow - runAfter: ["fetch-workflow"] - taskRef: - name: flattener - workspaces: - - name: workflow-source - workspace: workflow-source - params: - - name: workflowId - value: $(params.workflowId) - - name: convertToFlat - value: $(params.convertToFlat) - - name: build-manifests - runAfter: ["flatten-workflow"] - taskRef: - name: build-manifests - workspaces: - - name: workflow-source - workspace: workflow-source - params: - - name: workflowId - value: $(params.workflowId) - - name: build-gitops - runAfter: ["build-manifests", "fetch-workflow-gitops"] - taskRef: - name: build-gitops - workspaces: - - name: workflow-source - workspace: workflow-source - - name: workflow-gitops - workspace: workflow-gitops - params: - - name: workflowId - value: $(params.workflowId) - - name: imageTag - value: $(tasks.fetch-workflow.results.commit) - - name: build-and-push-image - runAfter: ["flatten-workflow"] - taskRef: - name: buildah - kind: ClusterTask - workspaces: - - name: source - workspace: workflow-source - - name: dockerconfig - workspace: docker-credentials - params: - - name: IMAGE - value: quay.io/$(params.quayOrgName)/$(params.quayRepoName):$(tasks.fetch-workflow.results.commit) - - name: DOCKERFILE - value: flat/workflow-builder.Dockerfile - - name: CONTEXT - value: flat/$(params.workflowId) - - name: BUILD_EXTRA_ARGS - value: '--authfile=/workspace/dockerconfig/.dockerconfigjson --ulimit nofile=4096:4096 --build-arg WF_RESOURCES="." ' - - name: push-workflow-gitops - runAfter: ["build-gitops", "build-and-push-image"] - taskRef: - name: git-cli - workspaces: - - name: source - workspace: workflow-gitops - - name: ssh-directory - workspace: ssh-creds - params: - - name: GIT_USER_NAME - value: Parodos Tekton Pipeline - - name: GIT_USER_EMAIL - value: parodos@redhat.com - - name: USER_HOME - value: /home/git - - name: GIT_SCRIPT - value: | - WORKFLOW_COMMIT=$(tasks.fetch-workflow.results.commit) - - eval "$(ssh-agent -s)" - ssh-add "${PARAM_USER_HOME}"/.ssh/id_rsa - - cd workflow-gitops - git add . - git diff - # TODO: create PR - git commit -m "Deployment for workflow commit $WORKFLOW_COMMIT from $(params.gitUrl)" - # TODO: parametrize branch - git push origin main -{{- end }} \ No newline at end of file diff --git a/helm-charts/orchestrator/templates/tekton-tasks.yaml b/helm-charts/orchestrator/templates/tekton-tasks.yaml deleted file mode 100644 index 9db5b02a..00000000 --- a/helm-charts/orchestrator/templates/tekton-tasks.yaml +++ /dev/null @@ -1,246 +0,0 @@ -{{- if eq "true" (include "install-tekton-task" .) }} - {{- $gitopsNamespace := include "get-argocd-namespace" . }} -# From https://raw.githubusercontent.com/tektoncd/catalog/main/task/git-cli/0.4/git-cli.yaml -apiVersion: tekton.dev/v1 -kind: Task -metadata: - name: git-cli - namespace: {{ $gitopsNamespace }} - labels: - app.kubernetes.io/version: "0.4" - annotations: - tekton.dev/pipelines.minVersion: "0.21.0" - tekton.dev/categories: Git - tekton.dev/tags: git - tekton.dev/displayName: "git cli" - tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le" -spec: - description: >- - This task can be used to perform git operations. - - Git command that needs to be run can be passed as a script to - the task. This task needs authentication to git in order to push - after the git operation. - - workspaces: - - name: source - description: A workspace that contains the fetched git repository. - - - name: input - optional: true - description: | - An optional workspace that contains the files that need to be added to git. You can - access the workspace from your script using `$(workspaces.input.path)`, for instance: - - cp $(workspaces.input.path)/file_that_i_want . - git add file_that_i_want - # etc - - - name: ssh-directory - optional: true - description: | - A .ssh directory with private key, known_hosts, config, etc. Copied to - the user's home before git commands are executed. Used to authenticate - with the git remote when performing the clone. Binding a Secret to this - Workspace is strongly recommended over other volume types. - - - name: basic-auth - optional: true - description: | - A Workspace containing a .gitconfig and .git-credentials file. These - will be copied to the user's home before any git commands are run. Any - other files in this Workspace are ignored. It is strongly recommended - to use ssh-directory over basic-auth whenever possible and to bind a - Secret to this Workspace over other volume types. - params: - - name: BASE_IMAGE - description: | - The base image for the task. - type: string - # TODO: Deprecate use of root image. - default: cgr.dev/chainguard/git:root-2.39@sha256:7759f87050dd8bacabe61354d75ccd7f864d6b6f8ec42697db7159eccd491139 - - - name: GIT_USER_NAME - type: string - description: | - Git user name for performing git operation. - default: "" - - - name: GIT_USER_EMAIL - type: string - description: | - Git user email for performing git operation. - default: "" - - - name: GIT_SCRIPT - description: The git script to run. - type: string - default: | - git help - - - name: USER_HOME - description: | - Absolute path to the user's home directory. Set this explicitly if you are running the image as a non-root user or have overridden - the gitInitImage param with an image containing custom user configuration. - type: string - default: "/root" - - - name: VERBOSE - description: Log the commands that are executed during `git-clone`'s operation. - type: string - default: "true" - - results: - - name: commit - description: The precise commit SHA after the git operation. - - steps: - - name: git - image: $(params.BASE_IMAGE) - workingDir: $(workspaces.source.path) - env: - - name: HOME - value: $(params.USER_HOME) - - name: PARAM_VERBOSE - value: $(params.VERBOSE) - - name: PARAM_USER_HOME - value: $(params.USER_HOME) - - name: WORKSPACE_OUTPUT_PATH - value: $(workspaces.output.path) - - name: WORKSPACE_SSH_DIRECTORY_BOUND - value: $(workspaces.ssh-directory.bound) - - name: WORKSPACE_SSH_DIRECTORY_PATH - value: $(workspaces.ssh-directory.path) - - name: WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND - value: $(workspaces.basic-auth.bound) - - name: WORKSPACE_BASIC_AUTH_DIRECTORY_PATH - value: $(workspaces.basic-auth.path) - script: | - #!/usr/bin/env sh - set -eu - - if [ "${PARAM_VERBOSE}" = "true" ] ; then - set -x - fi - - if [ "${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND}" = "true" ] ; then - cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials" "${PARAM_USER_HOME}/.git-credentials" - cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig" "${PARAM_USER_HOME}/.gitconfig" - chmod 400 "${PARAM_USER_HOME}/.git-credentials" - chmod 400 "${PARAM_USER_HOME}/.gitconfig" - fi - - if [ "${WORKSPACE_SSH_DIRECTORY_BOUND}" = "true" ] ; then - cp -R "${WORKSPACE_SSH_DIRECTORY_PATH}" "${PARAM_USER_HOME}"/.ssh - chmod 700 "${PARAM_USER_HOME}"/.ssh - chmod -R 400 "${PARAM_USER_HOME}"/.ssh/* - fi - - # Setting up the config for the git. - git config --global user.email "$(params.GIT_USER_EMAIL)" - git config --global user.name "$(params.GIT_USER_NAME)" - - eval '$(params.GIT_SCRIPT)' - - RESULT_SHA="$(git rev-parse HEAD | tr -d '\n')" - EXIT_CODE="$?" - if [ "$EXIT_CODE" != 0 ] - then - exit $EXIT_CODE - fi - # Make sure we don't add a trailing newline to the result! - printf "%s" "$RESULT_SHA" > "$(results.commit.path)" - # Patch to apply on OpenShift - securityContext: - runAsNonRoot: true - runAsUser: 65532 ---- -apiVersion: tekton.dev/v1 -kind: Task -metadata: - name: flattener - namespace: {{ $gitopsNamespace }} -spec: - workspaces: - - name: workflow-source - params: - - name: workflowId - description: The workflow ID from the repository - type: string - - name: convertToFlat - description: Whether conversion to flat layout is needed or it's already flattened - type: string - default: "true" - steps: - - name: flatten - image: registry.access.redhat.com/ubi9-minimal - workingDir: $(workspaces.workflow-source.path) - script: | - ROOT=/workspace/workflow - TARGET=flat - mkdir -p flat - - if [ -d "workflow/$(params.workflowId)" ]; then - cp -r workflow/$(params.workflowId)/src/main/resources flat/$(params.workflowId) - cp workflow/$(params.workflowId)/LICENSE flat/$(params.workflowId) - else - cp -r workflow/src/main/resources flat/$(params.workflowId) - cp workflow/LICENSE flat/$(params.workflowId) - fi - - if [ "$(params.convertToFlat)" == "false" ]; then - rm -rf workflow/src/main/resources - mv workflow/src flat/$(params.workflowId)/ - fi - - ls flat/$(params.workflowId) - - curl -L https://raw.githubusercontent.com/parodos-dev/serverless-workflows/v1.2.x/pipeline/workflow-builder.Dockerfile -o flat/workflow-builder.Dockerfile ---- -apiVersion: tekton.dev/v1 -kind: Task -metadata: - name: build-manifests - namespace: {{ $gitopsNamespace }} -spec: - workspaces: - - name: workflow-source - params: - - name: workflowId - description: The workflow ID from the repository - type: string - steps: - - name: build-manifests - image: registry.access.redhat.com/ubi9-minimal - workingDir: $(workspaces.workflow-source.path)/flat/$(params.workflowId) - script: | - microdnf install -y tar gzip - KN_CLI_URL="https://developers.redhat.com/content-gateway/file/pub/cgw/serverless-logic/1.33.0/kn-workflow-linux-amd64.tar.gz" - curl -L "$KN_CLI_URL" | tar -xz --no-same-owner && chmod +x kn-workflow-linux-amd64 && mv kn-workflow-linux-amd64 kn-workflow - ./kn-workflow gen-manifest --namespace "" ---- -apiVersion: tekton.dev/v1 -kind: Task -metadata: - name: build-gitops - namespace: {{ $gitopsNamespace }} -spec: - workspaces: - - name: workflow-source - - name: workflow-gitops - params: - - name: workflowId - description: The workflow ID from the repository - type: string - - name: imageTag - type: string - steps: - - name: build-gitops - image: registry.access.redhat.com/ubi9-minimal - workingDir: $(workspaces.workflow-gitops.path)/workflow-gitops - script: | - cp $(workspaces.workflow-source.path)/flat/$(params.workflowId)/manifests/* kustomize/base - microdnf install -y findutils && microdnf clean all - cd kustomize - ./updater.sh $(params.workflowId) $(params.imageTag) -{{- end }} diff --git a/helm-charts/orchestrator/values-rc.yaml b/helm-charts/orchestrator/values-rc.yaml deleted file mode 100644 index 27a83ba5..00000000 --- a/helm-charts/orchestrator/values-rc.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# This file should be used for testing CR operators -sonataFlowOperator: - isReleaseCandidate: true # Indicates RC builds should be used by the chart to install Sonataflow - enabled: true # whether the operator should be deployed by the chart - subscription: - namespace: openshift-serverless-logic # namespace where the operator should be deployed - channel: alpha # channel of an operator package to subscribe to - name: logic-operator-rhel8 # name of the operator package - sourceName: sonataflow-brew # name of the catalog source - startingCSV: logic-operator-rhel8.v1.33.0 # The initial version of the operator - -rhdhOperator: - isReleaseCandidate: false # Indicates RC builds should be used by the chart to install RHDH - enabled: true # whether the operator should be deployed by the chart - subscription: - namespace: rhdh-operator # namespace where the operator should be deployed - channel: fast # channel of an operator package to subscribe to - name: rhdh # name of the operator package - source: rhdh-brew # name of the catalog source - startingCSV: rhdh-operator.v1.2.0 # The initial version of the operator - -sonataflow: - images: - 4.13: brew.registry.redhat.io/rh-osbs/iib:747442 - 4.14: brew.registry.redhat.io/rh-osbs/iib:747447 - 4.15: brew.registry.redhat.io/rh-osbs/iib:747453 - 4.16: brew.registry.redhat.io/rh-osbs/iib:747466 - -rhdh: - images: - 4.13: quay.io/rhdh/iib:1.2.0.RC-06-18-v4.13-x86_64 - 4.14: quay.io/rhdh/iib:1.2.0.RC-06-18-v4.14-x86_64 - 4.15: quay.io/rhdh/iib:1.2.0.RC-06-18-v4.15-x86_64 - 4.16: quay.io/rhdh/iib:1.2.0.RC-06-18-v4.16-x86_64 - -orchestrator: - namespace: "sonataflow-infra" # Namespace where sonataflow's workflows run. The value is captured when running the setup.sh script and stored as a label in the selected namespace. User can override the value by populating this field. Defaults to `sonataflow-infra`. - sonataflowPlatform: - dataIndexImage: brew.registry.redhat.io/rh-osbs/openshift-serverless-1-logic-data-index-postgresql-rhel8@sha256:e5c4bad2b467958839475cc9086cb48b0f11286d843d85d230b9efb1a56673d5 - jobServiceImage: brew.registry.redhat.io/rh-osbs/openshift-serverless-1-logic-jobs-service-postgresql-rhel8@sha256:f69d466f0984ed620d68adb9c4b09a1e8a3a0f40412ca624ec6b41fd333b0f8a diff --git a/helm-charts/orchestrator/values-rh-postgres.yaml b/helm-charts/orchestrator/values-rh-postgres.yaml deleted file mode 100644 index ea4d6f74..00000000 --- a/helm-charts/orchestrator/values-rh-postgres.yaml +++ /dev/null @@ -1,8 +0,0 @@ -postgres: # redhat deployment requires a different userKey and passwordKey, since it is generated by the template. - serviceName: "sonataflow-psql-postgresql" # The name of the Postgres DB service to be used by platform services. Cannot be empty. - serviceNamespace: "sonataflow-infra" # The namespace of the Postgres DB service to be used by platform services. - authSecret: - name: "sonataflow-psql-postgresql" # name of existing secret to use for PostgreSQL credentials. - userKey: database-user # name of key in existing secret to use for PostgreSQL credentials. - passwordKey: database-password # name of key in existing secret to use for PostgreSQL credentials. - database: sonataflow # existing database instance used by data index and job service diff --git a/helm-charts/orchestrator/values.schema.json b/helm-charts/orchestrator/values.schema.json deleted file mode 100644 index 30edffef..00000000 --- a/helm-charts/orchestrator/values.schema.json +++ /dev/null @@ -1,1349 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "http://example.com/example.json", - "type": "object", - "default": {}, - "title": "Root Schema", - "required": [ - "sonataFlowOperator", - "serverlessOperator", - "rhdhOperator", - "rhdhPlugins", - "postgres", - "orchestrator", - "tekton", - "argocd" - ], - "properties": { - "sonataFlowOperator": { - "type": "object", - "default": {}, - "title": "The sonataFlowOperator Schema", - "required": [ - "isReleaseCandidate", - "enabled", - "subscription" - ], - "properties": { - "isReleaseCandidate": { - "type": "boolean", - "default": false, - "title": "The isReleaseCandidate Schema", - "examples": [ - false - ] - }, - "enabled": { - "type": "boolean", - "default": false, - "title": "The enabled Schema", - "examples": [ - true - ] - }, - "subscription": { - "type": "object", - "default": {}, - "title": "The subscription Schema", - "required": [ - "namespace", - "channel", - "installPlanApproval", - "name", - "sourceName", - "startingCSV" - ], - "properties": { - "namespace": { - "type": "string", - "default": "", - "title": "The namespace Schema", - "examples": [ - "openshift-serverless-logic" - ] - }, - "channel": { - "type": "string", - "default": "", - "title": "The channel Schema", - "examples": [ - "alpha" - ] - }, - "installPlanApproval": { - "type": "string", - "default": "", - "title": "The installPlanApproval Schema", - "examples": [ - "Automatic" - ] - }, - "name": { - "type": "string", - "default": "", - "title": "The name Schema", - "examples": [ - "logic-operator-rhel8" - ] - }, - "sourceName": { - "type": "string", - "default": "", - "title": "The sourceName Schema", - "examples": [ - "redhat-operators" - ] - }, - "startingCSV": { - "type": "string", - "default": "", - "title": "The startingCSV Schema", - "examples": [ - "logic-operator-rhel8.v1.33.0" - ] - } - }, - "examples": [{ - "namespace": "openshift-serverless-logic", - "channel": "alpha", - "installPlanApproval": "Automatic", - "name": "logic-operator-rhel8", - "sourceName": "redhat-operators", - "startingCSV": "logic-operator-rhel8.v1.33.0" - }] - } - }, - "examples": [{ - "isReleaseCandidate": false, - "enabled": true, - "subscription": { - "namespace": "openshift-serverless-logic", - "channel": "alpha", - "installPlanApproval": "Automatic", - "name": "logic-operator-rhel8", - "sourceName": "redhat-operators", - "startingCSV": "logic-operator-rhel8.v1.33.0" - } - }] - }, - "serverlessOperator": { - "type": "object", - "default": {}, - "title": "The serverlessOperator Schema", - "required": [ - "enabled", - "subscription" - ], - "properties": { - "enabled": { - "type": "boolean", - "default": false, - "title": "The enabled Schema", - "examples": [ - true - ] - }, - "subscription": { - "type": "object", - "default": {}, - "title": "The subscription Schema", - "required": [ - "namespace", - "channel", - "installPlanApproval", - "name", - "sourceName" - ], - "properties": { - "namespace": { - "type": "string", - "default": "", - "title": "The namespace Schema", - "examples": [ - "openshift-serverless" - ] - }, - "channel": { - "type": "string", - "default": "", - "title": "The channel Schema", - "examples": [ - "stable" - ] - }, - "installPlanApproval": { - "type": "string", - "default": "", - "title": "The installPlanApproval Schema", - "examples": [ - "Automatic" - ] - }, - "name": { - "type": "string", - "default": "", - "title": "The name Schema", - "examples": [ - "serverless-operator" - ] - }, - "sourceName": { - "type": "string", - "default": "", - "title": "The sourceName Schema", - "examples": [ - "redhat-operators" - ] - } - }, - "examples": [{ - "namespace": "openshift-serverless", - "channel": "stable", - "installPlanApproval": "Automatic", - "name": "serverless-operator", - "sourceName": "redhat-operators" - }] - } - }, - "examples": [{ - "enabled": true, - "subscription": { - "namespace": "openshift-serverless", - "channel": "stable", - "installPlanApproval": "Automatic", - "name": "serverless-operator", - "sourceName": "redhat-operators" - } - }] - }, - "rhdhOperator": { - "type": "object", - "default": {}, - "title": "The rhdhOperator Schema", - "required": [ - "isReleaseCandidate", - "enabled", - "enableGuestProvider", - "catalogBranch", - "secretRef", - "subscription" - ], - "properties": { - "isReleaseCandidate": { - "type": "boolean", - "default": false, - "title": "The isReleaseCandidate Schema", - "examples": [ - false - ] - }, - "enabled": { - "type": "boolean", - "default": false, - "title": "The enabled Schema", - "examples": [ - true - ] - }, - "enableGuestProvider": { - "type": "boolean", - "default": false, - "title": "The enableGuestProvider Schema", - "examples": [ - false - ] - }, - "catalogBranch": { - "type": "string", - "default": "", - "title": "The catalogBranch Schema", - "examples": [ - "v1.2.x" - ] - }, - "secretRef": { - "type": "object", - "default": {}, - "title": "The secretRef Schema", - "required": [ - "name", - "backstage", - "github", - "k8s", - "argocd", - "notificationsEmail" - ], - "properties": { - "name": { - "type": "string", - "default": "", - "title": "The name Schema", - "examples": [ - "backstage-backend-auth-secret" - ] - }, - "backstage": { - "type": "object", - "default": {}, - "title": "The backstage Schema", - "required": [ - "backendSecret" - ], - "properties": { - "backendSecret": { - "type": "string", - "default": "", - "title": "The backendSecret Schema", - "examples": [ - "BACKEND_SECRET" - ] - } - }, - "examples": [{ - "backendSecret": "BACKEND_SECRET" - }] - }, - "github": { - "type": "object", - "default": {}, - "title": "The github Schema", - "required": [ - "token", - "clientId", - "clientSecret" - ], - "properties": { - "token": { - "type": "string", - "default": "", - "title": "The token Schema", - "examples": [ - "GITHUB_TOKEN" - ] - }, - "clientId": { - "type": "string", - "default": "", - "title": "The clientId Schema", - "examples": [ - "GITHUB_CLIENT_ID" - ] - }, - "clientSecret": { - "type": "string", - "default": "", - "title": "The clientSecret Schema", - "examples": [ - "GITHUB_CLIENT_SECRET" - ] - } - }, - "examples": [{ - "token": "GITHUB_TOKEN", - "clientId": "GITHUB_CLIENT_ID", - "clientSecret": "GITHUB_CLIENT_SECRET" - }] - }, - "k8s": { - "type": "object", - "default": {}, - "title": "The k8s Schema", - "required": [ - "clusterToken", - "clusterUrl" - ], - "properties": { - "clusterToken": { - "type": "string", - "default": "", - "title": "The clusterToken Schema", - "examples": [ - "K8S_CLUSTER_TOKEN" - ] - }, - "clusterUrl": { - "type": "string", - "default": "", - "title": "The clusterUrl Schema", - "examples": [ - "K8S_CLUSTER_URL" - ] - } - }, - "examples": [{ - "clusterToken": "K8S_CLUSTER_TOKEN", - "clusterUrl": "K8S_CLUSTER_URL" - }] - }, - "argocd": { - "type": "object", - "default": {}, - "title": "The argocd Schema", - "required": [ - "url", - "username", - "password" - ], - "properties": { - "url": { - "type": "string", - "default": "", - "title": "The url Schema", - "examples": [ - "ARGOCD_URL" - ] - }, - "username": { - "type": "string", - "default": "", - "title": "The username Schema", - "examples": [ - "ARGOCD_USERNAME" - ] - }, - "password": { - "type": "string", - "default": "", - "title": "The password Schema", - "examples": [ - "ARGOCD_PASSWORD" - ] - } - }, - "examples": [{ - "url": "ARGOCD_URL", - "username": "ARGOCD_USERNAME", - "password": "ARGOCD_PASSWORD" - }] - }, - "notificationsEmail": { - "type": "object", - "default": {}, - "title": "The notificationsEmail Schema", - "required": [ - "hostname", - "username", - "password" - ], - "properties": { - "hostname": { - "type": "string", - "default": "", - "title": "The hostname Schema", - "examples": [ - "NOTIFICATIONS_EMAIL_HOSTNAME" - ] - }, - "username": { - "type": "string", - "default": "", - "title": "The username Schema", - "examples": [ - "NOTIFICATIONS_EMAIL_USERNAME" - ] - }, - "password": { - "type": "string", - "default": "", - "title": "The password Schema", - "examples": [ - "NOTIFICATIONS_EMAIL_PASSWORD" - ] - } - }, - "examples": [{ - "hostname": "NOTIFICATIONS_EMAIL_HOSTNAME", - "username": "NOTIFICATIONS_EMAIL_USERNAME", - "password": "NOTIFICATIONS_EMAIL_PASSWORD" - }] - } - }, - "examples": [{ - "name": "backstage-backend-auth-secret", - "backstage": { - "backendSecret": "BACKEND_SECRET" - }, - "github": { - "token": "GITHUB_TOKEN", - "clientId": "GITHUB_CLIENT_ID", - "clientSecret": "GITHUB_CLIENT_SECRET" - }, - "k8s": { - "clusterToken": "K8S_CLUSTER_TOKEN", - "clusterUrl": "K8S_CLUSTER_URL" - }, - "argocd": { - "url": "ARGOCD_URL", - "username": "ARGOCD_USERNAME", - "password": "ARGOCD_PASSWORD" - }, - "notificationsEmail": { - "hostname": "NOTIFICATIONS_EMAIL_HOSTNAME", - "username": "NOTIFICATIONS_EMAIL_USERNAME", - "password": "NOTIFICATIONS_EMAIL_PASSWORD" - } - }] - }, - "subscription": { - "type": "object", - "default": {}, - "title": "The subscription Schema", - "required": [ - "namespace", - "channel", - "installPlanApproval", - "name", - "source", - "startingCSV", - "targetNamespace" - ], - "properties": { - "namespace": { - "type": "string", - "default": "", - "title": "The namespace Schema", - "examples": [ - "rhdh-operator" - ] - }, - "channel": { - "type": "string", - "default": "", - "title": "The channel Schema", - "examples": [ - "fast-1.2" - ] - }, - "installPlanApproval": { - "type": "string", - "default": "", - "title": "The installPlanApproval Schema", - "examples": [ - "Automatic" - ] - }, - "name": { - "type": "string", - "default": "", - "title": "The name Schema", - "examples": [ - "rhdh" - ] - }, - "source": { - "type": "string", - "default": "", - "title": "The source Schema", - "examples": [ - "redhat-operators" - ] - }, - "startingCSV": { - "type": "string", - "default": "", - "title": "The startingCSV Schema", - "examples": [ - "" - ] - }, - "targetNamespace": { - "type": "string", - "default": "", - "title": "The targetNamespace Schema", - "examples": [ - "rhdh-operator" - ] - } - }, - "examples": [{ - "namespace": "rhdh-operator", - "channel": "fast-1.2", - "installPlanApproval": "Automatic", - "name": "rhdh", - "source": "redhat-operators", - "startingCSV": "", - "targetNamespace": "rhdh-operator" - }] - } - }, - "examples": [{ - "isReleaseCandidate": false, - "enabled": true, - "enableGuestProvider": false, - "catalogBranch": "v1.2.x", - "secretRef": { - "name": "backstage-backend-auth-secret", - "backstage": { - "backendSecret": "BACKEND_SECRET" - }, - "github": { - "token": "GITHUB_TOKEN", - "clientId": "GITHUB_CLIENT_ID", - "clientSecret": "GITHUB_CLIENT_SECRET" - }, - "k8s": { - "clusterToken": "K8S_CLUSTER_TOKEN", - "clusterUrl": "K8S_CLUSTER_URL" - }, - "argocd": { - "url": "ARGOCD_URL", - "username": "ARGOCD_USERNAME", - "password": "ARGOCD_PASSWORD" - }, - "notificationsEmail": { - "hostname": "NOTIFICATIONS_EMAIL_HOSTNAME", - "username": "NOTIFICATIONS_EMAIL_USERNAME", - "password": "NOTIFICATIONS_EMAIL_PASSWORD" - } - }, - "subscription": { - "namespace": "rhdh-operator", - "channel": "fast-1.2", - "installPlanApproval": "Automatic", - "name": "rhdh", - "source": "redhat-operators", - "startingCSV": "", - "targetNamespace": "rhdh-operator" - } - }] - }, - "rhdhPlugins": { - "type": "object", - "default": {}, - "title": "The rhdhPlugins Schema", - "required": [ - "npmRegistry", - "scope", - "orchestrator", - "orchestratorBackend", - "notifications", - "notificationsBackend", - "signals", - "signalsBackend", - "notificationsEmail" - ], - "properties": { - "npmRegistry": { - "type": "string", - "default": "", - "title": "The npmRegistry Schema", - "examples": [ - "https://npm.stage.registry.redhat.com" - ] - }, - "scope": { - "type": "string", - "default": "", - "title": "The scope Schema", - "examples": [ - "@redhat" - ] - }, - "orchestrator": { - "type": "object", - "default": {}, - "title": "The orchestrator Schema", - "required": [ - "package", - "integrity" - ], - "properties": { - "package": { - "type": "string", - "default": "", - "title": "The package Schema", - "examples": [ - "backstage-plugin-orchestrator@1.2.0-rc.1" - ] - }, - "integrity": { - "type": "string", - "default": "", - "title": "The integrity Schema", - "examples": [ - "sha512-4C3ZeaGeJdrDWRlWGm1sxiZrfn5cIYynlIsKCcKq+aGpZKJABaKesuvGScBX++jmTbCUMDwPXZmWF20ZzSCuxg==" - ] - } - }, - "examples": [{ - "package": "backstage-plugin-orchestrator@1.2.0-rc.1", - "integrity": "sha512-4C3ZeaGeJdrDWRlWGm1sxiZrfn5cIYynlIsKCcKq+aGpZKJABaKesuvGScBX++jmTbCUMDwPXZmWF20ZzSCuxg==" - }] - }, - "orchestratorBackend": { - "type": "object", - "default": {}, - "title": "The orchestratorBackend Schema", - "required": [ - "package", - "integrity" - ], - "properties": { - "package": { - "type": "string", - "default": "", - "title": "The package Schema", - "examples": [ - "backstage-plugin-orchestrator-backend-dynamic@1.2.0-rc.1" - ] - }, - "integrity": { - "type": "string", - "default": "", - "title": "The integrity Schema", - "examples": [ - "sha512-uF7BVOTQEofTyKGvEW7ipPhbHCjsXw8wvSx1YyAQDSsVgq7l6FckUZN2jT0kXmiGqH2f7C7+xKIAoi/ETn3Kdw==" - ] - } - }, - "examples": [{ - "package": "backstage-plugin-orchestrator-backend-dynamic@1.2.0-rc.1", - "integrity": "sha512-uF7BVOTQEofTyKGvEW7ipPhbHCjsXw8wvSx1YyAQDSsVgq7l6FckUZN2jT0kXmiGqH2f7C7+xKIAoi/ETn3Kdw==" - }] - }, - "notifications": { - "type": "object", - "default": {}, - "title": "The notifications Schema", - "required": [ - "package", - "integrity" - ], - "properties": { - "package": { - "type": "string", - "default": "", - "title": "The package Schema", - "examples": [ - "plugin-notifications-dynamic@1.2.0-rc.1" - ] - }, - "integrity": { - "type": "string", - "default": "", - "title": "The integrity Schema", - "examples": [ - "sha512-3sKvF+sMzx1dPzSGHlbeePmUTrFKztSRcOQGsP60GHgEfg/g4NHQi2nZMlaYYG4+2/ChMl/CrA0vv481s5bgHg==" - ] - } - }, - "examples": [{ - "package": "plugin-notifications-dynamic@1.2.0-rc.1", - "integrity": "sha512-3sKvF+sMzx1dPzSGHlbeePmUTrFKztSRcOQGsP60GHgEfg/g4NHQi2nZMlaYYG4+2/ChMl/CrA0vv481s5bgHg==" - }] - }, - "notificationsBackend": { - "type": "object", - "default": {}, - "title": "The notificationsBackend Schema", - "required": [ - "package", - "integrity" - ], - "properties": { - "package": { - "type": "string", - "default": "", - "title": "The package Schema", - "examples": [ - "plugin-notifications-backend-dynamic@1.2.0-rc.1" - ] - }, - "integrity": { - "type": "string", - "default": "", - "title": "The integrity Schema", - "examples": [ - "sha512-LgW8Jq5a0fxPymQoH99ssvwUz0mZLb3dmUx53LtImdT5+B/cKQ/VKa+iLDe7bMZepwqA0yJmjf/tDwKi8qzNqg==" - ] - } - }, - "examples": [{ - "package": "plugin-notifications-backend-dynamic@1.2.0-rc.1", - "integrity": "sha512-LgW8Jq5a0fxPymQoH99ssvwUz0mZLb3dmUx53LtImdT5+B/cKQ/VKa+iLDe7bMZepwqA0yJmjf/tDwKi8qzNqg==" - }] - }, - "signals": { - "type": "object", - "default": {}, - "title": "The signals Schema", - "required": [ - "package", - "integrity" - ], - "properties": { - "package": { - "type": "string", - "default": "", - "title": "The package Schema", - "examples": [ - "plugin-signals-dynamic@1.2.0-rc.1" - ] - }, - "integrity": { - "type": "string", - "default": "", - "title": "The integrity Schema", - "examples": [ - "sha512-ESZJiXPL5hbE3w0oenBy/iY50V/QS5udqfdY0EggCLz7McsjYuBgz9zyowi87oxt8Sscu/Er9gquqi8gGAo4Dw==" - ] - } - }, - "examples": [{ - "package": "plugin-signals-dynamic@1.2.0-rc.1", - "integrity": "sha512-ESZJiXPL5hbE3w0oenBy/iY50V/QS5udqfdY0EggCLz7McsjYuBgz9zyowi87oxt8Sscu/Er9gquqi8gGAo4Dw==" - }] - }, - "signalsBackend": { - "type": "object", - "default": {}, - "title": "The signalsBackend Schema", - "required": [ - "package", - "integrity" - ], - "properties": { - "package": { - "type": "string", - "default": "", - "title": "The package Schema", - "examples": [ - "plugin-signals-backend-dynamic@1.2.0-rc.1" - ] - }, - "integrity": { - "type": "string", - "default": "", - "title": "The integrity Schema", - "examples": [ - "sha512-yFSHfkvq9RTzeWTb+V0mMCxShrbHdad6AhNKZ0wU6ywbjw5N9CaedmD0eG+A7f7XEy3dLsmTxIlYbshdct4TiQ==" - ] - } - }, - "examples": [{ - "package": "plugin-signals-backend-dynamic@1.2.0-rc.1", - "integrity": "sha512-yFSHfkvq9RTzeWTb+V0mMCxShrbHdad6AhNKZ0wU6ywbjw5N9CaedmD0eG+A7f7XEy3dLsmTxIlYbshdct4TiQ==" - }] - }, - "notificationsEmail": { - "type": "object", - "default": {}, - "title": "The notificationsEmail Schema", - "required": [ - "enabled", - "package", - "integrity", - "port", - "sender", - "replyTo" - ], - "properties": { - "enabled": { - "type": "boolean", - "default": false, - "title": "The enabled Schema", - "examples": [ - false - ] - }, - "package": { - "type": "string", - "default": "", - "title": "The package Schema", - "examples": [ - "plugin-notifications-backend-module-email-dynamic@1.2.0-rc.1" - ] - }, - "integrity": { - "type": "string", - "default": "", - "title": "The integrity Schema", - "examples": [ - "sha512-S2+gNOoEyQMPATdfIIB4XvZPLGWqyCiAHsOgfgW3qxjM8paSYoxbhHtGP2m+1BePLSbm9PBjVv54xOWTPyL25A==" - ] - }, - "port": { - "type": "integer", - "default": 0, - "title": "The port Schema", - "examples": [ - 587 - ] - }, - "sender": { - "type": "string", - "default": "", - "title": "The sender Schema", - "examples": [ - "" - ] - }, - "replyTo": { - "type": "string", - "default": "", - "title": "The replyTo Schema", - "examples": [ - "" - ] - } - }, - "examples": [{ - "enabled": false, - "package": "plugin-notifications-backend-module-email-dynamic@1.2.0-rc.1", - "integrity": "sha512-S2+gNOoEyQMPATdfIIB4XvZPLGWqyCiAHsOgfgW3qxjM8paSYoxbhHtGP2m+1BePLSbm9PBjVv54xOWTPyL25A==", - "port": 587, - "sender": "", - "replyTo": "" - }] - } - }, - "examples": [{ - "npmRegistry": "https://npm.stage.registry.redhat.com", - "scope": "@redhat", - "orchestrator": { - "package": "backstage-plugin-orchestrator@1.2.0-rc.1", - "integrity": "sha512-4C3ZeaGeJdrDWRlWGm1sxiZrfn5cIYynlIsKCcKq+aGpZKJABaKesuvGScBX++jmTbCUMDwPXZmWF20ZzSCuxg==" - }, - "orchestratorBackend": { - "package": "backstage-plugin-orchestrator-backend-dynamic@1.2.0-rc.1", - "integrity": "sha512-uF7BVOTQEofTyKGvEW7ipPhbHCjsXw8wvSx1YyAQDSsVgq7l6FckUZN2jT0kXmiGqH2f7C7+xKIAoi/ETn3Kdw==" - }, - "notifications": { - "package": "plugin-notifications-dynamic@1.2.0-rc.1", - "integrity": "sha512-3sKvF+sMzx1dPzSGHlbeePmUTrFKztSRcOQGsP60GHgEfg/g4NHQi2nZMlaYYG4+2/ChMl/CrA0vv481s5bgHg==" - }, - "notificationsBackend": { - "package": "plugin-notifications-backend-dynamic@1.2.0-rc.1", - "integrity": "sha512-LgW8Jq5a0fxPymQoH99ssvwUz0mZLb3dmUx53LtImdT5+B/cKQ/VKa+iLDe7bMZepwqA0yJmjf/tDwKi8qzNqg==" - }, - "signals": { - "package": "plugin-signals-dynamic@1.2.0-rc.1", - "integrity": "sha512-ESZJiXPL5hbE3w0oenBy/iY50V/QS5udqfdY0EggCLz7McsjYuBgz9zyowi87oxt8Sscu/Er9gquqi8gGAo4Dw==" - }, - "signalsBackend": { - "package": "plugin-signals-backend-dynamic@1.2.0-rc.1", - "integrity": "sha512-yFSHfkvq9RTzeWTb+V0mMCxShrbHdad6AhNKZ0wU6ywbjw5N9CaedmD0eG+A7f7XEy3dLsmTxIlYbshdct4TiQ==" - }, - "notificationsEmail": { - "enabled": false, - "package": "plugin-notifications-backend-module-email-dynamic@1.2.0-rc.1", - "integrity": "sha512-S2+gNOoEyQMPATdfIIB4XvZPLGWqyCiAHsOgfgW3qxjM8paSYoxbhHtGP2m+1BePLSbm9PBjVv54xOWTPyL25A==", - "port": 587, - "sender": "", - "replyTo": "" - } - }] - }, - "postgres": { - "type": "object", - "default": {}, - "title": "The postgres Schema", - "required": [ - "serviceName", - "serviceNamespace", - "authSecret", - "database" - ], - "properties": { - "serviceName": { - "type": "string", - "default": "", - "title": "The serviceName Schema", - "examples": [ - "sonataflow-psql-postgresql" - ] - }, - "serviceNamespace": { - "type": "string", - "default": "", - "title": "The serviceNamespace Schema", - "examples": [ - "sonataflow-infra" - ] - }, - "authSecret": { - "type": "object", - "default": {}, - "title": "The authSecret Schema", - "required": [ - "name", - "userKey", - "passwordKey" - ], - "properties": { - "name": { - "type": "string", - "default": "", - "title": "The name Schema", - "examples": [ - "sonataflow-psql-postgresql" - ] - }, - "userKey": { - "type": "string", - "default": "", - "title": "The userKey Schema", - "examples": [ - "postgres-username" - ] - }, - "passwordKey": { - "type": "string", - "default": "", - "title": "The passwordKey Schema", - "examples": [ - "postgres-password" - ] - } - }, - "examples": [{ - "name": "sonataflow-psql-postgresql", - "userKey": "postgres-username", - "passwordKey": "postgres-password" - }] - }, - "database": { - "type": "string", - "default": "", - "title": "The database Schema", - "examples": [ - "sonataflow" - ] - } - }, - "examples": [{ - "serviceName": "sonataflow-psql-postgresql", - "serviceNamespace": "sonataflow-infra", - "authSecret": { - "name": "sonataflow-psql-postgresql", - "userKey": "postgres-username", - "passwordKey": "postgres-password" - }, - "database": "sonataflow" - }] - }, - "orchestrator": { - "type": "object", - "default": {}, - "title": "The orchestrator Schema", - "required": [ - "namespace", - "sonataflowPlatform" - ], - "properties": { - "namespace": { - "type": "string", - "default": "", - "title": "The namespace Schema", - "examples": [ - "sonataflow-infra" - ] - }, - "sonataflowPlatform": { - "type": "object", - "default": {}, - "title": "The sonataflowPlatform Schema", - "required": [ - "resources" - ], - "properties": { - "resources": { - "type": "object", - "default": {}, - "title": "The resources Schema", - "required": [ - "requests", - "limits" - ], - "properties": { - "requests": { - "type": "object", - "default": {}, - "title": "The requests Schema", - "required": [ - "memory", - "cpu" - ], - "properties": { - "memory": { - "type": "string", - "default": "", - "title": "The memory Schema", - "examples": [ - "64Mi" - ] - }, - "cpu": { - "type": "string", - "default": "", - "title": "The cpu Schema", - "examples": [ - "250m" - ] - } - }, - "examples": [{ - "memory": "64Mi", - "cpu": "250m" - }] - }, - "limits": { - "type": "object", - "default": {}, - "title": "The limits Schema", - "required": [ - "memory", - "cpu" - ], - "properties": { - "memory": { - "type": "string", - "default": "", - "title": "The memory Schema", - "examples": [ - "1Gi" - ] - }, - "cpu": { - "type": "string", - "default": "", - "title": "The cpu Schema", - "examples": [ - "500m" - ] - } - }, - "examples": [{ - "memory": "1Gi", - "cpu": "500m" - }] - } - }, - "examples": [{ - "requests": { - "memory": "64Mi", - "cpu": "250m" - }, - "limits": { - "memory": "1Gi", - "cpu": "500m" - } - }] - } - }, - "examples": [{ - "resources": { - "requests": { - "memory": "64Mi", - "cpu": "250m" - }, - "limits": { - "memory": "1Gi", - "cpu": "500m" - } - } - }] - } - }, - "examples": [{ - "namespace": "sonataflow-infra", - "sonataflowPlatform": { - "resources": { - "requests": { - "memory": "64Mi", - "cpu": "250m" - }, - "limits": { - "memory": "1Gi", - "cpu": "500m" - } - } - } - }] - }, - "tekton": { - "type": "object", - "default": {}, - "title": "The tekton Schema", - "required": [ - "enabled" - ], - "properties": { - "enabled": { - "type": "boolean", - "default": false, - "title": "The enabled Schema", - "examples": [ - false - ] - } - }, - "examples": [{ - "enabled": false - }] - }, - "argocd": { - "type": "object", - "default": {}, - "title": "The argocd Schema", - "required": [ - "enabled", - "namespace" - ], - "properties": { - "enabled": { - "type": "boolean", - "default": false, - "title": "The enabled Schema", - "examples": [ - false - ] - }, - "namespace": { - "type": "string", - "default": "", - "title": "The namespace Schema", - "examples": [ - "" - ] - } - }, - "examples": [{ - "enabled": false, - "namespace": "" - }] - } - }, - "examples": [{ - "sonataFlowOperator": { - "isReleaseCandidate": false, - "enabled": true, - "subscription": { - "namespace": "openshift-serverless-logic", - "channel": "alpha", - "installPlanApproval": "Automatic", - "name": "logic-operator-rhel8", - "sourceName": "redhat-operators", - "startingCSV": "logic-operator-rhel8.v1.33.0" - } - }, - "serverlessOperator": { - "enabled": true, - "subscription": { - "namespace": "openshift-serverless", - "channel": "stable", - "installPlanApproval": "Automatic", - "name": "serverless-operator", - "sourceName": "redhat-operators" - } - }, - "rhdhOperator": { - "isReleaseCandidate": false, - "enabled": true, - "enableGuestProvider": false, - "catalogBranch": "v1.2.x", - "secretRef": { - "name": "backstage-backend-auth-secret", - "backstage": { - "backendSecret": "BACKEND_SECRET" - }, - "github": { - "token": "GITHUB_TOKEN", - "clientId": "GITHUB_CLIENT_ID", - "clientSecret": "GITHUB_CLIENT_SECRET" - }, - "k8s": { - "clusterToken": "K8S_CLUSTER_TOKEN", - "clusterUrl": "K8S_CLUSTER_URL" - }, - "argocd": { - "url": "ARGOCD_URL", - "username": "ARGOCD_USERNAME", - "password": "ARGOCD_PASSWORD" - }, - "notificationsEmail": { - "hostname": "NOTIFICATIONS_EMAIL_HOSTNAME", - "username": "NOTIFICATIONS_EMAIL_USERNAME", - "password": "NOTIFICATIONS_EMAIL_PASSWORD" - } - }, - "subscription": { - "namespace": "rhdh-operator", - "channel": "fast-1.2", - "installPlanApproval": "Automatic", - "name": "rhdh", - "source": "redhat-operators", - "startingCSV": "", - "targetNamespace": "rhdh-operator" - } - }, - "rhdhPlugins": { - "npmRegistry": "https://npm.stage.registry.redhat.com", - "scope": "@redhat", - "orchestrator": { - "package": "backstage-plugin-orchestrator@1.2.0-rc.1", - "integrity": "sha512-4C3ZeaGeJdrDWRlWGm1sxiZrfn5cIYynlIsKCcKq+aGpZKJABaKesuvGScBX++jmTbCUMDwPXZmWF20ZzSCuxg==" - }, - "orchestratorBackend": { - "package": "backstage-plugin-orchestrator-backend-dynamic@1.2.0-rc.1", - "integrity": "sha512-uF7BVOTQEofTyKGvEW7ipPhbHCjsXw8wvSx1YyAQDSsVgq7l6FckUZN2jT0kXmiGqH2f7C7+xKIAoi/ETn3Kdw==" - }, - "notifications": { - "package": "plugin-notifications-dynamic@1.2.0-rc.1", - "integrity": "sha512-3sKvF+sMzx1dPzSGHlbeePmUTrFKztSRcOQGsP60GHgEfg/g4NHQi2nZMlaYYG4+2/ChMl/CrA0vv481s5bgHg==" - }, - "notificationsBackend": { - "package": "plugin-notifications-backend-dynamic@1.2.0-rc.1", - "integrity": "sha512-LgW8Jq5a0fxPymQoH99ssvwUz0mZLb3dmUx53LtImdT5+B/cKQ/VKa+iLDe7bMZepwqA0yJmjf/tDwKi8qzNqg==" - }, - "signals": { - "package": "plugin-signals-dynamic@1.2.0-rc.1", - "integrity": "sha512-ESZJiXPL5hbE3w0oenBy/iY50V/QS5udqfdY0EggCLz7McsjYuBgz9zyowi87oxt8Sscu/Er9gquqi8gGAo4Dw==" - }, - "signalsBackend": { - "package": "plugin-signals-backend-dynamic@1.2.0-rc.1", - "integrity": "sha512-yFSHfkvq9RTzeWTb+V0mMCxShrbHdad6AhNKZ0wU6ywbjw5N9CaedmD0eG+A7f7XEy3dLsmTxIlYbshdct4TiQ==" - }, - "notificationsEmail": { - "enabled": false, - "package": "plugin-notifications-backend-module-email-dynamic@1.2.0-rc.1", - "integrity": "sha512-S2+gNOoEyQMPATdfIIB4XvZPLGWqyCiAHsOgfgW3qxjM8paSYoxbhHtGP2m+1BePLSbm9PBjVv54xOWTPyL25A==", - "port": 587, - "sender": "", - "replyTo": "" - } - }, - "postgres": { - "serviceName": "sonataflow-psql-postgresql", - "serviceNamespace": "sonataflow-infra", - "authSecret": { - "name": "sonataflow-psql-postgresql", - "userKey": "postgres-username", - "passwordKey": "postgres-password" - }, - "database": "sonataflow" - }, - "orchestrator": { - "namespace": "sonataflow-infra", - "sonataflowPlatform": { - "resources": { - "requests": { - "memory": "64Mi", - "cpu": "250m" - }, - "limits": { - "memory": "1Gi", - "cpu": "500m" - } - } - } - }, - "tekton": { - "enabled": false - }, - "argocd": { - "enabled": false, - "namespace": "" - } - }] -} \ No newline at end of file diff --git a/helm-charts/orchestrator/values.yaml b/helm-charts/orchestrator/values.yaml deleted file mode 100644 index 680b90be..00000000 --- a/helm-charts/orchestrator/values.yaml +++ /dev/null @@ -1,110 +0,0 @@ -sonataFlowOperator: - isReleaseCandidate: false # Indicates RC builds should be used by the chart to install Sonataflow - enabled: true # whether the operator should be deployed by the chart - subscription: - namespace: openshift-serverless-logic # namespace where the operator should be deployed - channel: alpha # channel of an operator package to subscribe to - installPlanApproval: Automatic # whether the update should be installed automatically - name: logic-operator-rhel8 # name of the operator package - sourceName: redhat-operators # name of the catalog source - startingCSV: logic-operator-rhel8.v1.33.0 # The initial version of the operator - -serverlessOperator: - enabled: true # whether the operator should be deployed by the chart - subscription: - namespace: openshift-serverless # namespace where the operator should be deployed - channel: stable # channel of an operator package to subscribe to - installPlanApproval: Automatic # whether the update should be installed automatically - name: serverless-operator # name of the operator package - sourceName: redhat-operators # name of the catalog source - -rhdhOperator: - isReleaseCandidate: false # Indicates RC builds should be used by the chart to install RHDH - enabled: true # whether the operator should be deployed by the chart - enableGuestProvider: false # whether to enable guest provider - catalogBranch: v1.2.x # The branch for https://github.com/parodos-dev/workflow-software-templates used to import software templates resources - secretRef: - name: backstage-backend-auth-secret # name of the secret that contains the credentials for the plugin to establish a communication channel with the Kubernetes API, ArgoCD, GitHub servers and SMTP mail server. - backstage: - backendSecret: BACKEND_SECRET # Key in the secret with name defined in the 'name' field that contains the value of the Backstage backend secret. Defaults to 'BACKEND_SECRET'. It's required. - github: #GitHub specific configuration fields that are injected to the backstage instance to allow the plugin to communicate with GitHub. - token: GITHUB_TOKEN # Key in the secret with name defined in the 'name' field that contains the value of the authentication token as expected by GitHub. Required for importing resource to the catalog, launching software templates and more. Defaults to 'GITHUB_TOKEN', empty for not available. - clientId: GITHUB_CLIENT_ID # Key in the secret with name defined in the 'name' field that contains the value of the client ID that you generated on GitHub, for GitHub authentication (requires GitHub App). Defaults to 'GITHUB_CLIENT_ID', empty for not available. - clientSecret: GITHUB_CLIENT_SECRET # Key in the secret with name defined in the 'name' field that contains the value of the client secret tied to the generated client ID. Defaults to 'GITHUB_CLIENT_SECRET', empty for not available. - k8s: # Kubernetes specific configuration fields that are injected to the backstage instance to allow the plugin to communicate with the Kubernetes API Server. - clusterToken: K8S_CLUSTER_TOKEN # Key in the secret with name defined in the 'name' field that contains the value of the Kubernetes API bearer token used for authentication. Defaults to 'K8S_CLUSTER_TOKEN', empty for not available. - clusterUrl: K8S_CLUSTER_URL # Key in the secret with name defined in the 'name' field that contains the value of the API URL of the kubernetes cluster. Defaults to 'K8S_CLUSTER_URL', empty for not available. - argocd: # ArgoCD specific configuration fields that are injected to the backstage instance to allow the plugin to communicate with ArgoCD. Note that ArgoCD must be deployed beforehand and the argocd.enabled field must be set to true as well. - url: ARGOCD_URL # Key in the secret with name defined in the 'name' field that contains the value of the URL of the ArgoCD API server. Defaults to 'ARGOCD_URL', empty for not available. - username: ARGOCD_USERNAME # Key in the secret with name defined in the 'name' field that contains the value of the username to login to ArgoCD. Defaults to 'ARGOCD_USERNAME', empty for not available. - password: ARGOCD_PASSWORD # Key in the secret with name defined in the 'name' field that contains the value of the password to authenticate to ArgoCD. Defaults to 'ARGOCD_PASSWORD', empty for not available. - notificationsEmail: - hostname: NOTIFICATIONS_EMAIL_HOSTNAME # Key in the secret with name defined in the 'name' field that contains the value of the hostname of the SMTP server for the notifications plugin. Defaults to 'NOTIFICATIONS_EMAIL_HOSTNAME', empty for not available. - username: NOTIFICATIONS_EMAIL_USERNAME # Key in the secret with name defined in the 'name' field that contains the value of the username of the SMTP server for the notifications plugin. Defaults to 'NOTIFICATIONS_EMAIL_USERNAME', empty for not available. - password: NOTIFICATIONS_EMAIL_PASSWORD # Key in the secret with name defined in the 'name' field that contains the value of the password of the SMTP server for the notifications plugin. Defaults to 'NOTIFICATIONS_EMAIL_PASSWORD', empty for not available. - - subscription: - namespace: rhdh-operator # namespace where the operator should be deployed - channel: fast-1.2 # channel of an operator package to subscribe to - installPlanApproval: Automatic # whether the update should be installed automatically - name: rhdh # name of the operator package - source: redhat-operators # name of the catalog source - startingCSV: "" # The initial version of the operator - targetNamespace: rhdh-operator # the target namespace for the backstage CR in which RHDH instance is created - -rhdhPlugins: # RHDH plugins required for the Orchestrator - npmRegistry: "https://npm.stage.registry.redhat.com" # NPM registry is defined already in the container, but sometimes the registry need to be modified to use different versions of the plugin, for example: staging(https://npm.stage.registry.redhat.com) or development repositories - scope: "@redhat" - orchestrator: - package: "backstage-plugin-orchestrator@1.2.0-rc.1" - integrity: sha512-4C3ZeaGeJdrDWRlWGm1sxiZrfn5cIYynlIsKCcKq+aGpZKJABaKesuvGScBX++jmTbCUMDwPXZmWF20ZzSCuxg== - orchestratorBackend: - package: "backstage-plugin-orchestrator-backend-dynamic@1.2.0-rc.1" - integrity: sha512-uF7BVOTQEofTyKGvEW7ipPhbHCjsXw8wvSx1YyAQDSsVgq7l6FckUZN2jT0kXmiGqH2f7C7+xKIAoi/ETn3Kdw== - notifications: - package: "plugin-notifications-dynamic@1.2.0-rc.1" - integrity: sha512-3sKvF+sMzx1dPzSGHlbeePmUTrFKztSRcOQGsP60GHgEfg/g4NHQi2nZMlaYYG4+2/ChMl/CrA0vv481s5bgHg== - notificationsBackend: - package: "plugin-notifications-backend-dynamic@1.2.0-rc.1" - integrity: sha512-LgW8Jq5a0fxPymQoH99ssvwUz0mZLb3dmUx53LtImdT5+B/cKQ/VKa+iLDe7bMZepwqA0yJmjf/tDwKi8qzNqg== - signals: - package: "plugin-signals-dynamic@1.2.0-rc.1" - integrity: sha512-ESZJiXPL5hbE3w0oenBy/iY50V/QS5udqfdY0EggCLz7McsjYuBgz9zyowi87oxt8Sscu/Er9gquqi8gGAo4Dw== - signalsBackend: - package: "plugin-signals-backend-dynamic@1.2.0-rc.1" - integrity: sha512-yFSHfkvq9RTzeWTb+V0mMCxShrbHdad6AhNKZ0wU6ywbjw5N9CaedmD0eG+A7f7XEy3dLsmTxIlYbshdct4TiQ== - notificationsEmail: - enabled: false # whether to install the notifications email plugin. requires setting of hostname and credentials in backstage secret to enable. See value backstage-backend-auth-secret. See plugin configuration at https://github.com/backstage/backstage/blob/master/plugins/notifications-backend-module-email/config.d.ts - package: "plugin-notifications-backend-module-email-dynamic@1.2.0-rc.1" - integrity: sha512-S2+gNOoEyQMPATdfIIB4XvZPLGWqyCiAHsOgfgW3qxjM8paSYoxbhHtGP2m+1BePLSbm9PBjVv54xOWTPyL25A== - port: 587 # SMTP server port - sender: "" # the email sender address - replyTo: "" # reply-to address - -postgres: - serviceName: "sonataflow-psql-postgresql" # The name of the Postgres DB service to be used by platform services. Cannot be empty. - serviceNamespace: "sonataflow-infra" # The namespace of the Postgres DB service to be used by platform services. - authSecret: - name: "sonataflow-psql-postgresql" # name of existing secret to use for PostgreSQL credentials. - userKey: postgres-username # name of key in existing secret to use for PostgreSQL credentials. - passwordKey: postgres-password # name of key in existing secret to use for PostgreSQL credentials. - database: sonataflow # existing database instance used by data index and job service - -orchestrator: - namespace: "sonataflow-infra" # Namespace where sonataflow's workflows run. The value is captured when running the setup.sh script and stored as a label in the selected namespace. User can override the value by populating this field. Defaults to `sonataflow-infra`. - sonataflowPlatform: - resources: - requests: - memory: "64Mi" - cpu: "250m" - limits: - memory: "1Gi" - cpu: "500m" - -tekton: - enabled: false # whether to create the Tekton pipeline resources - -argocd: - enabled: false # whether to install the ArgoCD plugin and create the orchestrator AppProject - namespace: "" # Defines the namespace where the orchestrator's instance of ArgoCD is deployed. The value is captured when running setup.sh script and stored as a label in the selected namespace. User can override the value by populating this field. Defaults to `orchestrator-gitops` in the setup.sh script. - diff --git a/postgresql/README.md b/postgresql/README.md new file mode 100644 index 00000000..75be0659 --- /dev/null +++ b/postgresql/README.md @@ -0,0 +1,72 @@ +# Installing PostgreSQL Server + +Below there are two options to install PostgreSQL Server v15 on OCP cluster. +Both options shouldn't be used in production. + +# Using Bitnami helm chart +Follow these steps to deploy a sample PostgreSQL instance in the `sonataflow-infra` namespace, with minimal requirements to deploy the Orchestrator. + +Note: replace the password of the `sonataflow-psql-postgresql` secret below in the following command with the desired one. + +```bash +oc new-project sonataflow-infra +oc create secret generic sonataflow-psql-postgresql --from-literal=postgres-username=postgres --from-literal=postgres-password=postgres + +git clone git@github.com:parodos-dev/orchestrator-helm-chart.git +cd orchestrator-helm-chart/postgresql +helm repo add bitnami https://charts.bitnami.com/bitnami +helm install sonataflow-psql bitnami/postgresql --version 12.x.x -f ./values.yaml +``` + +Note: the default settings provided in [PostgreSQL values](https://github.com/parodos-dev/orchestrator-helm-chart/blob/main/postgresql/values.yaml) match the defaults provided in the +[Orchestrator values](https://github.com/parodos-dev/orchestrator-helm-chart/blob/main/charts/orchestrator/values.yaml). +Any changes to the first configuration must also be reported in the latter. + +For OpenShift-related configuration in the chart visit [here](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/README.md#differences-between-bitnami-postgresql-image-and-docker-official-image). + +In this installation, the image is `docker.io/bitnami/postgresql`. + +# Using PostgreSQL image from RH Catalog + +To install PostgreSQL based on RH [image](https://catalog.redhat.com/software/containers/rhel9/postgresql-15/63f763f779eb1214c4d6fcf6?architecture=amd64&image=65e0af6ed6fed9d9cb59fffd) +follow these [steps](https://github.com/sclorg/postgresql-container/tree/master/15): + +```bash +git clone https://github.com/sclorg/postgresql-container.git +cd postgresql-container/ + +oc process -f examples/postgresql-persistent-template.json \ + -p POSTGRESQL_VERSION=15 \ + -p POSTGRESQL_USER=postgres -p POSTGRESQL_PASSWORD=postgres \ + -p POSTGRESQL_DATABASE=sonataflow \ + -p VOLUME_CAPACITY=2Gi \ + -p DATABASE_SERVICE_NAME=sonataflow-psql-postgresql | oc create -n sonataflow-infra -f - + +oc set image deployment/sonataflow-psql-postgresql -n sonataflow-infra postgresql=registry.redhat.io/rhel9/postgresql-15 + +oc wait -n sonataflow-infra deploy/sonataflow-psql-postgresql --for=condition=Available --timeout=5m + +# Create the database +# Replace with the actual pod name +oc exec -i sonataflow-psql-postgresql-xyz -- psql -U postgres -d postgres <