vynil/addons
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial release

Browse Source
This commit is contained in:
Sébastien Huss
2024-03-19 13:13:53 +01:00
commit 451fdb09fc
391 changed files with 184309 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
core/keda/apiregistration.k8s.io_v1_APIService_v1beta1.external.metrics.k8s.io.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
labels:
app.kubernetes.io/name: v1beta1.external.metrics.k8s.io
app.kubernetes.io/part-of: keda-operator
app.kubernetes.io/version: 2.13.1
name: v1beta1.external.metrics.k8s.io
spec:
group: external.metrics.k8s.io
groupPriorityMinimum: 100
service:
name: keda-metrics-apiserver
namespace: keda
version: v1beta1
versionPriority: 100

95
core/keda/apps_v1_Deployment_keda-metrics-apiserver.yaml Normal file
View File

@@ -0,0 +1,95 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: keda-metrics-apiserver
app.kubernetes.io/name: keda-metrics-apiserver
app.kubernetes.io/part-of: keda-operator
app.kubernetes.io/version: 2.13.1
name: keda-metrics-apiserver
namespace: keda
spec:
replicas: 1
selector:
matchLabels:
app: keda-metrics-apiserver
template:
metadata:
labels:
app: keda-metrics-apiserver
name: keda-metrics-apiserver
spec:
containers:
- args:
- /usr/local/bin/keda-adapter
- --secure-port=6443
- --logtostderr=true
- --stderrthreshold=ERROR
- --v=0
- --client-ca-file=/certs/ca.crt
- --tls-cert-file=/certs/tls.crt
- --tls-private-key-file=/certs/tls.key
- --cert-dir=/certs
env:
- name: WATCH_NAMESPACE
value: ""
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: KEDA_HTTP_DEFAULT_TIMEOUT
value: ""
image: ghcr.io/kedacore/keda-metrics-apiserver:2.13.1
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /healthz
port: 6443
scheme: HTTPS
initialDelaySeconds: 5
name: keda-metrics-apiserver
ports:
- containerPort: 6443
name: https
- containerPort: 8080
name: http
readinessProbe:
httpGet:
path: /readyz
port: 6443
scheme: HTTPS
initialDelaySeconds: 5
resources:
limits:
cpu: 1000m
memory: 1000Mi
requests:
cpu: 100m
memory: 100Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /tmp
name: temp-vol
- mountPath: /certs
name: certificates
readOnly: true
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsNonRoot: true
serviceAccountName: keda-operator
volumes:
- emptyDir: {}
name: temp-vol
- name: certificates
secret:
defaultMode: 420
secretName: kedaorg-certs

90
core/keda/apps_v1_Deployment_keda-operator.yaml Normal file
View File

@@ -0,0 +1,90 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: keda-operator
app.kubernetes.io/component: operator
app.kubernetes.io/name: keda-operator
app.kubernetes.io/part-of: keda-operator
app.kubernetes.io/version: 2.13.1
name: keda-operator
namespace: keda
spec:
replicas: 1
selector:
matchLabels:
app: keda-operator
template:
metadata:
labels:
app: keda-operator
name: keda-operator
name: keda-operator
spec:
containers:
- args:
- --leader-elect
- --zap-log-level=info
- --zap-encoder=console
- --zap-time-encoding=rfc3339
- --enable-cert-rotation=true
command:
- /keda
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: WATCH_NAMESPACE
value: ""
- name: KEDA_HTTP_DEFAULT_TIMEOUT
value: ""
image: ghcr.io/kedacore/keda:2.13.1
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 25
name: keda-operator
ports:
- containerPort: 8080
name: http
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 20
resources:
limits:
cpu: 1000m
memory: 1000Mi
requests:
cpu: 100m
memory: 100Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /certs
name: certificates
readOnly: true
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsNonRoot: true
serviceAccountName: keda-operator
terminationGracePeriodSeconds: 10
volumes:
- name: certificates
secret:
defaultMode: 420
optional: true
secretName: kedaorg-certs

94
core/keda/datas.tf Normal file
View File

@@ -0,0 +1,94 @@
locals {
common-labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
"vynil.solidite.fr/owner-component" = var.component
"app.kubernetes.io/managed-by" = "vynil"
"app.kubernetes.io/name" = var.component
"app.kubernetes.io/instance" = var.instance
}
rb-patch = <<-EOF
- op: replace
path: /subjects/0/namespace
value: "${var.namespace}"
EOF
}
data "kustomization_overlay" "data" {
common_labels = local.common-labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("ClusterRole",file))<1 && length(regexall("APIService",file))<1]
images {
name = "ghcr.io/kedacore/keda-metrics-apiserver"
new_name = "${var.images.metrics.registry}/${var.images.metrics.repository}"
new_tag = "${var.images.metrics.tag}"
}
images {
name = "ghcr.io/kedacore/keda"
new_name = "${var.images.operator.registry}/${var.images.operator.repository}"
new_tag = "${var.images.operator.tag}"
}
patches {
target {
kind = "Deployment"
name = "keda-metrics-apiserver"
}
patch = <<-EOF
- op: replace
path: /spec/template/spec/containers/0/imagePullPolicy
value: "${var.images.metrics.pull_policy}"
EOF
}
patches {
target {
kind = "Deployment"
name = "keda-operator"
}
patch = <<-EOF
- op: replace
path: /spec/template/spec/containers/0/imagePullPolicy
value: "${var.images.operator.pull_policy}"
EOF
}
}
data "kustomization_overlay" "data_no_ns" {
common_labels = local.common-labels
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && (length(regexall("ClusterRole",file))>0 || length(regexall("APIService",file))>0)]
patches {
target {
kind = "ClusterRoleBinding"
name = "keda-hpa-controller-external-metrics"
}
patch = local.rb-patch
}
patches {
target {
kind = "ClusterRoleBinding"
name = "keda-operator"
}
patch = local.rb-patch
}
patches {
target {
kind = "ClusterRoleBinding"
name = "keda-system-auth-delegator"
}
patch = local.rb-patch
}
patches {
target {
kind = "APIService"
name = "v1beta1.external.metrics.k8s.io"
}
patch = <<-EOF
- op: replace
path: /spec/service/namespace
value: "${var.namespace}"
EOF
}
}

95
core/keda/index.yaml Normal file
View File

@@ -0,0 +1,95 @@
---
apiVersion: vinyl.solidite.fr/v1beta1
kind: Component
category: core
metadata:
name: keda
description: null
options:
images:
default:
metrics:
pullPolicy: IfNotPresent
registry: ghcr.io
repository: kedacore/keda-metrics-apiserver
tag: 2.13.1
operator:
pullPolicy: IfNotPresent
registry: ghcr.io
repository: kedacore/keda
tag: 2.13.1
examples:
- metrics:
pullPolicy: IfNotPresent
registry: ghcr.io
repository: kedacore/keda-metrics-apiserver
tag: 2.13.1
operator:
pullPolicy: IfNotPresent
registry: ghcr.io
repository: kedacore/keda
tag: 2.13.1
properties:
metrics:
default:
pullPolicy: IfNotPresent
registry: ghcr.io
repository: kedacore/keda-metrics-apiserver
tag: 2.13.1
properties:
pullPolicy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: ghcr.io
type: string
repository:
default: kedacore/keda-metrics-apiserver
type: string
tag:
default: 2.13.1
type: string
type: object
operator:
default:
pullPolicy: IfNotPresent
registry: ghcr.io
repository: kedacore/keda
tag: 2.13.1
properties:
pullPolicy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: ghcr.io
type: string
repository:
default: kedacore/keda
type: string
tag:
default: 2.13.1
type: string
type: object
type: object
dependencies:
- dist: null
category: crd
component: keda
providers:
kubernetes: true
authentik: null
kubectl: true
postgresql: null
mysql: null
restapi: null
http: null
gitea: null
tfaddtype: null

16
core/keda/rbac.authorization.k8s.io_v1_ClusterRoleBinding_keda-hpa-controller-external-metrics.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/name: keda-hpa-controller-external-metrics
app.kubernetes.io/part-of: keda-operator
app.kubernetes.io/version: 2.13.1
name: keda-hpa-controller-external-metrics
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: keda-external-metrics-reader
subjects:
- kind: ServiceAccount
name: horizontal-pod-autoscaler
namespace: kube-system

16
core/keda/rbac.authorization.k8s.io_v1_ClusterRoleBinding_keda-operator.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/name: keda-operator
app.kubernetes.io/part-of: keda-operator
app.kubernetes.io/version: 2.13.1
name: keda-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: keda-operator
subjects:
- kind: ServiceAccount
name: keda-operator
namespace: keda

16
core/keda/rbac.authorization.k8s.io_v1_ClusterRoleBinding_keda-system-auth-delegator.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/name: keda-system-auth-delegator
app.kubernetes.io/part-of: keda-operator
app.kubernetes.io/version: 2.13.1
name: keda-system-auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: keda-operator
namespace: keda

15
core/keda/rbac.authorization.k8s.io_v1_ClusterRole_keda-external-metrics-reader.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: keda-external-metrics-reader
app.kubernetes.io/part-of: keda-operator
app.kubernetes.io/version: 2.13.1
name: keda-external-metrics-reader
rules:
- apiGroups:
- external.metrics.k8s.io
resources:
- '*'
verbs:
- '*'

142
core/keda/rbac.authorization.k8s.io_v1_ClusterRole_keda-operator.yaml Normal file
View File

@@ -0,0 +1,142 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: keda-operator
app.kubernetes.io/part-of: keda-operator
app.kubernetes.io/version: 2.13.1
name: keda-operator
rules:
- apiGroups:
- ""
resources:
- configmaps
- configmaps/status
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- '*'
- apiGroups:
- ""
resources:
- external
- pods
- secrets
- services
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- limitranges
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- list
- watch
- apiGroups:
- '*'
resources:
- '*'
verbs:
- get
- apiGroups:
- '*'
resources:
- '*/scale'
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- apiregistration.k8s.io
resources:
- apiservices
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- deployments
- statefulsets
verbs:
- list
- watch
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- '*'
- apiGroups:
- batch
resources:
- jobs
verbs:
- '*'
- apiGroups:
- eventing.keda.sh
resources:
- cloudeventsources
- cloudeventsources/status
verbs:
- '*'
- apiGroups:
- keda.sh
resources:
- clustertriggerauthentications
- clustertriggerauthentications/status
verbs:
- '*'
- apiGroups:
- keda.sh
resources:
- scaledjobs
- scaledjobs/finalizers
- scaledjobs/status
verbs:
- '*'
- apiGroups:
- keda.sh
resources:
- scaledobjects
- scaledobjects/finalizers
- scaledobjects/status
verbs:
- '*'
- apiGroups:
- keda.sh
resources:
- triggerauthentications
- triggerauthentications/status
verbs:
- '*'

17
core/keda/rbac.authorization.k8s.io_v1_RoleBinding_keda-auth-reader.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/name: keda-auth-reader
app.kubernetes.io/part-of: keda-operator
app.kubernetes.io/version: 2.13.1
name: keda-auth-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: keda-operator
namespace: keda

17
core/keda/rbac.authorization.k8s.io_v1_RoleBinding_keda-operator.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/name: keda-operator
app.kubernetes.io/part-of: keda-operator
app.kubernetes.io/version: 2.13.1
name: keda-operator
namespace: keda
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: keda-operator
subjects:
- kind: ServiceAccount
name: keda-operator
namespace: keda

28
core/keda/rbac.authorization.k8s.io_v1_Role_keda-operator.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/name: keda-operator
app.kubernetes.io/part-of: keda-operator
app.kubernetes.io/version: 2.13.1
name: keda-operator
namespace: keda
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- '*'

45
core/keda/ressources_no_ns.tf Normal file
View File

@@ -0,0 +1,45 @@
# first loop through resources in ids_prio[0]
resource "kustomization_resource" "pre_no_ns" {
for_each = data.kustomization_overlay.data_no_ns.ids_prio[0]
manifest = (
contains(["_/Secret"], regex("(?P<group_kind>.*/.*)/.*/.*", each.value)["group_kind"])
? sensitive(data.kustomization_overlay.data_no_ns.manifests[each.value])
: data.kustomization_overlay.data_no_ns.manifests[each.value]
)
}
# then loop through resources in ids_prio[1]
# and set an explicit depends_on on kustomization_resource.pre
# wait 2 minutes for any deployment or daemonset to become ready
resource "kustomization_resource" "main_no_ns" {
for_each = data.kustomization_overlay.data_no_ns.ids_prio[1]
manifest = (
contains(["_/Secret"], regex("(?P<group_kind>.*/.*)/.*/.*", each.value)["group_kind"])
? sensitive(data.kustomization_overlay.data_no_ns.manifests[each.value])
: data.kustomization_overlay.data_no_ns.manifests[each.value]
)
wait = true
timeouts {
create = "5m"
update = "5m"
}
depends_on = [kustomization_resource.pre_no_ns]
}
# finally, loop through resources in ids_prio[2]
# and set an explicit depends_on on kustomization_resource.main
resource "kustomization_resource" "post_no_ns" {
for_each = data.kustomization_overlay.data_no_ns.ids_prio[2]
manifest = (
contains(["_/Secret"], regex("(?P<group_kind>.*/.*)/.*/.*", each.value)["group_kind"])
? sensitive(data.kustomization_overlay.data_no_ns.manifests[each.value])
: data.kustomization_overlay.data_no_ns.manifests[each.value]
)
depends_on = [kustomization_resource.main_no_ns]
}

9
core/keda/v1_ServiceAccount_keda-operator.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/name: keda-operator
app.kubernetes.io/part-of: keda-operator
app.kubernetes.io/version: 2.13.1
name: keda-operator
namespace: keda

19
core/keda/v1_Service_keda-metrics-apiserver.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/name: keda-metrics-apiserver
app.kubernetes.io/part-of: keda-operator
app.kubernetes.io/version: 2.13.1
name: keda-metrics-apiserver
namespace: keda
spec:
ports:
- name: https
port: 443
targetPort: 6443
- name: metrics
port: 8080
targetPort: 8080
selector:
app: keda-metrics-apiserver

19
core/keda/v1_Service_keda-operator.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/name: keda-operator
app.kubernetes.io/part-of: keda-operator
app.kubernetes.io/version: 2.13.1
name: keda-operator
namespace: keda
spec:
ports:
- name: metricsservice
port: 9666
targetPort: 9666
- name: metrics
port: 8080
targetPort: 8080
selector:
app: keda-operator

61
core/olm/apps_v1_Deployment_catalog-operator.yaml Normal file
View File

@@ -0,0 +1,61 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: catalog-operator
namespace: olm
labels:
app: catalog-operator
spec:
strategy:
type: Recreate
replicas: 1
selector:
matchLabels:
app: catalog-operator
template:
metadata:
labels:
app: catalog-operator
spec:
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
serviceAccountName: olm-operator-serviceaccount
containers:
- name: catalog-operator
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: [ "ALL" ]
command:
- /bin/catalog
args:
- '--namespace'
- olm
- --configmapServerImage=quay.io/operator-framework/configmap-operator-registry:latest
- --util-image
- quay.io/operator-framework/olm@sha256:1b6002156f568d722c29138575733591037c24b4bfabc67946f268ce4752c3e6
- --set-workload-user-id=true
image: quay.io/operator-framework/olm@sha256:1b6002156f568d722c29138575733591037c24b4bfabc67946f268ce4752c3e6
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
name: metrics
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
readinessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
terminationMessagePolicy: FallbackToLogsOnError
resources:
requests:
cpu: 10m
memory: 80Mi
nodeSelector:
kubernetes.io/os: linux

66
core/olm/apps_v1_Deployment_olm-operator.yaml Normal file
View File

@@ -0,0 +1,66 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: olm-operator
namespace: olm
labels:
app: olm-operator
spec:
strategy:
type: Recreate
replicas: 1
selector:
matchLabels:
app: olm-operator
template:
metadata:
labels:
app: olm-operator
spec:
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
serviceAccountName: olm-operator-serviceaccount
containers:
- name: olm-operator
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: [ "ALL" ]
command:
- /bin/olm
args:
- --namespace
- $(OPERATOR_NAMESPACE)
- --writeStatusName
- ""
image: quay.io/operator-framework/olm@sha256:1b6002156f568d722c29138575733591037c24b4bfabc67946f268ce4752c3e6
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
name: metrics
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
readinessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
terminationMessagePolicy: FallbackToLogsOnError
env:
- name: OPERATOR_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: OPERATOR_NAME
value: olm-operator
resources:
requests:
cpu: 10m
memory: 160Mi
nodeSelector:
kubernetes.io/os: linux

71
core/olm/datas.tf Normal file
View File

@@ -0,0 +1,71 @@
locals {
common-labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
"vynil.solidite.fr/owner-component" = var.component
"app.kubernetes.io/managed-by" = "vynil"
"app.kubernetes.io/name" = var.component
"app.kubernetes.io/instance" = var.instance
}
rb-patch = <<-EOF
- op: replace
path: /subjects/0/namespace
value: "${var.namespace}"
EOF
}
data "kustomization_overlay" "data" {
common_labels = local.common-labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("ClusterRole",file))<1]
patches {
target {
kind = "Deployment"
name = "catalog-operator"
}
patch = <<-EOF
- op: replace
path: /spec/template/spec/containers/0/imagePullPolicy
value: "${var.images.operator.pull_policy}"
- op: replace
path: /spec/template/spec/containers/0/image
value: "${var.images.operator.registry}/${var.images.operator.repository}:${var.images.operator.tag}"
- op: replace
path: /spec/template/spec/containers/0/args/1
value: "${var.namespace}"
- op: replace
path: /spec/template/spec/containers/0/args/4
value: "${var.images.operator.registry}/${var.images.operator.repository}:${var.images.operator.tag}"
EOF
}
patches {
target {
kind = "Deployment"
name = "olm-operator"
}
patch = <<-EOF
- op: replace
path: /spec/template/spec/containers/0/imagePullPolicy
value: "${var.images.operator.pull_policy}"
- op: replace
path: /spec/template/spec/containers/0/image
value: "${var.images.operator.registry}/${var.images.operator.repository}:${var.images.operator.tag}"
EOF
}
}
data "kustomization_overlay" "data_no_ns" {
common_labels = local.common-labels
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && (length(regexall("ClusterRole",file))>0)]
patches {
target {
kind = "ClusterRoleBinding"
name = "keda-hpa-controller-external-metrics"
}
patch = local.rb-patch
}
}

61
core/olm/index.yaml Normal file
View File

@@ -0,0 +1,61 @@
---
apiVersion: vinyl.solidite.fr/v1beta1
kind: Component
category: core
metadata:
name: olm
description: Operator Lifecycle Manager
options:
images:
default:
operator:
pull_policy: IfNotPresent
registry: quay.io
repository: operator-framework/olm@sha256
tag: 1b6002156f568d722c29138575733591037c24b4bfabc67946f268ce4752c3e6
examples:
- operator:
pull_policy: IfNotPresent
registry: quay.io
repository: operator-framework/olm@sha256
tag: 1b6002156f568d722c29138575733591037c24b4bfabc67946f268ce4752c3e6
properties:
operator:
default:
pull_policy: IfNotPresent
registry: quay.io
repository: operator-framework/olm@sha256
tag: 1b6002156f568d722c29138575733591037c24b4bfabc67946f268ce4752c3e6
properties:
pull_policy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: quay.io
type: string
repository:
default: operator-framework/olm@sha256
type: string
tag:
default: 1b6002156f568d722c29138575733591037c24b4bfabc67946f268ce4752c3e6
type: string
type: object
type: object
dependencies:
- dist: null
category: crd
component: olm
providers:
kubernetes: true
authentik: null
kubectl: true
postgresql: null
mysql: null
restapi: null
http: null
gitea: null
tfaddtype: null

5
core/olm/operators.coreos.com_v1_OperatorGroup_global-operators.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
name: global-operators
namespace: operators

8
core/olm/operators.coreos.com_v1_OperatorGroup_olm-operators.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
name: olm-operators
namespace: olm
spec:
targetNamespaces:
- olm

15
core/olm/operators.coreos.com_v1alpha1_CatalogSource_operatorhubio-catalog.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
name: operatorhubio-catalog
namespace: olm
spec:
sourceType: grpc
image: quay.io/operatorhubio/catalog:latest
displayName: Community Operators
publisher: OperatorHub.io
grpcPodConfig:
securityContextConfig: restricted
updateStrategy:
registryPoll:
interval: 60m

140
core/olm/operators.coreos.com_v1alpha1_ClusterServiceVersion_packageserver.yaml Normal file
View File

@@ -0,0 +1,140 @@
apiVersion: operators.coreos.com/v1alpha1
kind: ClusterServiceVersion
metadata:
name: packageserver
namespace: olm
labels:
olm.version: v0.27.0
spec:
displayName: Package Server
description: Represents an Operator package that is available from a given CatalogSource which will resolve to a ClusterServiceVersion.
minKubeVersion: 1.11.0
keywords: ['packagemanifests', 'olm', 'packages']
maintainers:
- name: Red Hat
email: openshift-operators@redhat.com
provider:
name: Red Hat
links:
- name: Package Server
url: https://github.com/operator-framework/operator-lifecycle-manager/tree/master/pkg/package-server
installModes:
- type: OwnNamespace
supported: true
- type: SingleNamespace
supported: true
- type: MultiNamespace
supported: true
- type: AllNamespaces
supported: true
install:
strategy: deployment
spec:
clusterPermissions:
- serviceAccountName: olm-operator-serviceaccount
rules:
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- get
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- "operators.coreos.com"
resources:
- catalogsources
verbs:
- get
- list
- watch
- apiGroups:
- "packages.operators.coreos.com"
resources:
- packagemanifests
verbs:
- get
- list
deployments:
- name: packageserver
spec:
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
replicas: 2
selector:
matchLabels:
app: packageserver
template:
metadata:
labels:
app: packageserver
spec:
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
serviceAccountName: olm-operator-serviceaccount
nodeSelector:
kubernetes.io/os: linux
containers:
- name: packageserver
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: [ "ALL" ]
command:
- /bin/package-server
- -v=4
- --secure-port
- "5443"
- --global-namespace
- olm
image: quay.io/operator-framework/olm@sha256:1b6002156f568d722c29138575733591037c24b4bfabc67946f268ce4752c3e6
imagePullPolicy: Always
ports:
- containerPort: 5443
protocol: TCP
livenessProbe:
httpGet:
scheme: HTTPS
path: /healthz
port: 5443
readinessProbe:
httpGet:
scheme: HTTPS
path: /healthz
port: 5443
terminationMessagePolicy: FallbackToLogsOnError
resources:
requests:
cpu: 10m
memory: 50Mi
volumeMounts:
- name: tmpfs
mountPath: /tmp
volumes:
- name: tmpfs
emptyDir: {}
maturity: alpha
version: v0.27.0
apiservicedefinitions:
owned:
- group: packages.operators.coreos.com
version: v1
kind: PackageManifest
name: packagemanifests
displayName: PackageManifest
description: A PackageManifest is a resource generated from existing CatalogSources and their ConfigMaps
deploymentName: packageserver
containerPort: 5443

12
core/olm/rbac.authorization.k8s.io_v1_ClusterRoleBinding_olm-operator-binding-olm.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: olm-operator-binding-olm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:controller:operator-lifecycle-manager
subjects:
- kind: ServiceAccount
name: olm-operator-serviceaccount
namespace: olm

14
core/olm/rbac.authorization.k8s.io_v1_ClusterRole_aggregate-olm-edit.yaml Normal file
View File

@@ -0,0 +1,14 @@
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: aggregate-olm-edit
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rules:
- apiGroups: ["operators.coreos.com"]
resources: ["subscriptions"]
verbs: ["create", "update", "patch", "delete"]
- apiGroups: ["operators.coreos.com"]
resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"]
verbs: ["delete"]

15
core/olm/rbac.authorization.k8s.io_v1_ClusterRole_aggregate-olm-view.yaml Normal file
View File

@@ -0,0 +1,15 @@
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: aggregate-olm-view
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
rules:
- apiGroups: ["operators.coreos.com"]
resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "operatorgroups"]
verbs: ["get", "list", "watch"]
- apiGroups: ["packages.operators.coreos.com"]
resources: ["packagemanifests", "packagemanifests/icon"]
verbs: ["get", "list", "watch"]

10
core/olm/rbac.authorization.k8s.io_v1_ClusterRole_system:controller:operator-lifecycle-manager.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:controller:operator-lifecycle-manager
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["watch", "list", "get", "create", "update", "patch", "delete", "deletecollection", "escalate", "bind"]
- nonResourceURLs: ["*"]
verbs: ["*"]

45
core/olm/ressources_no_ns.tf Normal file
View File

@@ -0,0 +1,45 @@
# first loop through resources in ids_prio[0]
resource "kustomization_resource" "pre_no_ns" {
for_each = data.kustomization_overlay.data_no_ns.ids_prio[0]
manifest = (
contains(["_/Secret"], regex("(?P<group_kind>.*/.*)/.*/.*", each.value)["group_kind"])
? sensitive(data.kustomization_overlay.data_no_ns.manifests[each.value])
: data.kustomization_overlay.data_no_ns.manifests[each.value]
)
}
# then loop through resources in ids_prio[1]
# and set an explicit depends_on on kustomization_resource.pre
# wait 2 minutes for any deployment or daemonset to become ready
resource "kustomization_resource" "main_no_ns" {
for_each = data.kustomization_overlay.data_no_ns.ids_prio[1]
manifest = (
contains(["_/Secret"], regex("(?P<group_kind>.*/.*)/.*/.*", each.value)["group_kind"])
? sensitive(data.kustomization_overlay.data_no_ns.manifests[each.value])
: data.kustomization_overlay.data_no_ns.manifests[each.value]
)
wait = true
timeouts {
create = "5m"
update = "5m"
}
depends_on = [kustomization_resource.pre_no_ns]
}
# finally, loop through resources in ids_prio[2]
# and set an explicit depends_on on kustomization_resource.main
resource "kustomization_resource" "post_no_ns" {
for_each = data.kustomization_overlay.data_no_ns.ids_prio[2]
manifest = (
contains(["_/Secret"], regex("(?P<group_kind>.*/.*)/.*/.*", each.value)["group_kind"])
? sensitive(data.kustomization_overlay.data_no_ns.manifests[each.value])
: data.kustomization_overlay.data_no_ns.manifests[each.value]
)
depends_on = [kustomization_resource.main_no_ns]
}

5
core/olm/v1_ServiceAccount_olm-operator-serviceaccount.yaml Normal file
View File

@@ -0,0 +1,5 @@
kind: ServiceAccount
apiVersion: v1
metadata:
name: olm-operator-serviceaccount
namespace: olm