diff --git a/bundle.Dockerfile b/bundle.Dockerfile index fd476f7..771fd7a 100644 --- a/bundle.Dockerfile +++ b/bundle.Dockerfile @@ -10,6 +10,11 @@ LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.33.0 LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 LABEL operators.operatorframework.io.metrics.project_layout=ansible.sdk.operatorframework.io/v1 +# Labels for testing. +LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 +LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ + # Copy files to locations specified by labels. COPY bundle/manifests /manifests/ COPY bundle/metadata /metadata/ +COPY bundle/tests/scorecard /tests/scorecard/ diff --git a/bundle/manifests/nfs-operator-controller-manager-metrics-service_v1_service.yaml b/bundle/manifests/nfs-operator-controller-manager-metrics-service_v1_service.yaml new file mode 100644 index 0000000..0db4523 --- /dev/null +++ b/bundle/manifests/nfs-operator-controller-manager-metrics-service_v1_service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: nfs-operator + app.kubernetes.io/instance: controller-manager-metrics-service + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: service + app.kubernetes.io/part-of: nfs-operator + control-plane: controller-manager + name: nfs-operator-controller-manager-metrics-service +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/bundle/manifests/nfs-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/nfs-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 0000000..d154cfd --- /dev/null +++ b/bundle/manifests/nfs-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: nfs-operator + app.kubernetes.io/instance: metrics-reader + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrole + app.kubernetes.io/part-of: nfs-operator + name: nfs-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/bundle/manifests/nfs-operator.clusterserviceversion.yaml b/bundle/manifests/nfs-operator.clusterserviceversion.yaml index 3cc7078..2e03c64 100644 --- a/bundle/manifests/nfs-operator.clusterserviceversion.yaml +++ b/bundle/manifests/nfs-operator.clusterserviceversion.yaml @@ -2,10 +2,26 @@ apiVersion: operators.coreos.com/v1alpha1 kind: ClusterServiceVersion metadata: annotations: - alm-examples: '[]' + alm-examples: |- + [ + { + "apiVersion": "nfs.krestomat.io/v1alpha1", + "kind": "Ganesha", + "metadata": { + "name": "ganesha-sample" + }, + "spec": { + "ganeshaExportGroupid": 0, + "ganeshaExportMode": "0700", + "ganeshaExportUserid": 0, + "ganeshaGeneratedNfsScNeeded": true, + "ganeshaPvcDataSize": "1Gi" + } + } + ] capabilities: Seamless Upgrades categories: Storage - createdAt: "2024-04-08T02:00:20Z" + createdAt: "2024-04-08T02:19:43Z" description: |- This operator simplifies NFS Ganesha deployments in Kubernetes by leveraging the Ansible Operator SDK for automation @@ -20,7 +36,14 @@ metadata: namespace: placeholder spec: apiservicedefinitions: {} - customresourcedefinitions: {} + customresourcedefinitions: + owned: + - kind: Ganesha + name: ganeshas.nfs.krestomat.io + version: v1alpha1 + - kind: Routine + name: routines.nfs.krestomat.io + version: v1alpha1 description: |- This operator simplifies NFS Ganesha deployments in Kubernetes by leveraging the Ansible Operator SDK for automation @@ -82,7 +105,221 @@ spec: mediatype: image/svg+xml install: spec: - deployments: [] + clusterPermissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - pods/exec + - pods/log + - persistentvolumeclaims + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - nfs.krestomat.io + resources: + - ganeshas + - ganeshas/status + - ganeshas/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - nfs.krestomat.io + resources: + - routines + - routines/status + - routines/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + serviceAccountName: nfs-operator-controller-manager + deployments: + - label: + app.kubernetes.io/component: manager + app.kubernetes.io/created-by: nfs-operator + app.kubernetes.io/instance: controller-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: deployment + app.kubernetes.io/part-of: nfs-operator + control-plane: controller-manager + name: nfs-operator-controller-manager + spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + strategy: {} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.1 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + - args: + - --health-probe-bind-address=:6789 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + - --leader-election-id=nfs-operator + env: + - name: ANSIBLE_GATHERING + value: explicit + image: quay.io/krestomatio/nfs-operator:0.4.5 + livenessProbe: + httpGet: + path: /healthz + port: 6789 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 6789 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: 10m + memory: 20Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + securityContext: + runAsNonRoot: true + serviceAccountName: nfs-operator-controller-manager + terminationGracePeriodSeconds: 10 + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: nfs-operator-controller-manager strategy: deployment installModes: - supported: false diff --git a/bundle/manifests/nfs.krestomat.io_ganeshas.yaml b/bundle/manifests/nfs.krestomat.io_ganeshas.yaml new file mode 100644 index 0000000..04ff625 --- /dev/null +++ b/bundle/manifests/nfs.krestomat.io_ganeshas.yaml @@ -0,0 +1,86 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: ganeshas.nfs.krestomat.io +spec: + group: nfs.krestomat.io + names: + categories: + - lms + - nfs + kind: Ganesha + listKind: GaneshaList + plural: ganeshas + singular: ganesha + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Age of the resource + jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - description: Site status such as Unknown/SettingUp/Ready/Failed/Terminating + etc + jsonPath: .status.state + name: STATUS + type: string + - description: Time of latest transition + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: SINCE + type: date + - description: Generated storage class name + jsonPath: .status.storageClass + name: STORAGECLASS + type: string + - description: Generated service name to access CR + jsonPath: .status.service + name: SERVICE + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Ganesha is the Schema for the ganeshas API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Ganeshas should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Ganeshas may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of Ganesha + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of Ganesha + properties: + ganesha_export_mode: + description: Ganesha export directory mode + maxLength: 4 + minLength: 3 + type: string + ganeshaExportMode: + description: Ganesha export directory mode + maxLength: 4 + minLength: 3 + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bundle/manifests/nfs.krestomat.io_routines.yaml b/bundle/manifests/nfs.krestomat.io_routines.yaml new file mode 100644 index 0000000..8029339 --- /dev/null +++ b/bundle/manifests/nfs.krestomat.io_routines.yaml @@ -0,0 +1,66 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: routines.nfs.krestomat.io +spec: + group: nfs.krestomat.io + names: + categories: + - lms + - nfs + kind: Routine + listKind: RoutineList + plural: routines + singular: routine + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Age of the resource + jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - description: Routine failure status + jsonPath: .status.conditions[?(@.type=='Failure')].status + name: FAILURE + type: string + - description: Time of latest transition + jsonPath: .status.conditions[?(@.type=='Failure')].lastTransitionTime + name: SINCE + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Routine is the Schema for the routines API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Ganeshas should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Ganeshas may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of Routine + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of Routine + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bundle/metadata/annotations.yaml b/bundle/metadata/annotations.yaml index 9f451eb..d146b62 100644 --- a/bundle/metadata/annotations.yaml +++ b/bundle/metadata/annotations.yaml @@ -8,3 +8,7 @@ annotations: operators.operatorframework.io.metrics.builder: operator-sdk-v1.33.0 operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 operators.operatorframework.io.metrics.project_layout: ansible.sdk.operatorframework.io/v1 + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ diff --git a/bundle/tests/scorecard/config.yaml b/bundle/tests/scorecard/config.yaml new file mode 100644 index 0000000..d5b4b3e --- /dev/null +++ b/bundle/tests/scorecard/config.yaml @@ -0,0 +1,70 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.33.0 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.33.0 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.33.0 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.33.0 + labels: + suite: olm + test: olm-crds-have-resources-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.33.0 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.33.0 + labels: + suite: olm + test: olm-status-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {} diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml index bc534f4..9d4f0c0 100644 --- a/config/samples/kustomization.yaml +++ b/config/samples/kustomization.yaml @@ -1,5 +1,4 @@ ## Append samples you want in your CSV to this file as resources ## resources: - nfs_v1alpha1_ganesha.yaml -- nfs_v1alpha1_routine.yaml #+kubebuilder:scaffold:manifestskustomizesamples