From cc49510a8bed717d320467aef585356085bb9f53 Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Mon, 22 Jan 2024 15:01:22 +0100 Subject: [PATCH] operators: remove kubebuilder legacy --- .../constellation-node-operator/.gitignore | 29 - .../constellation-node-operator/Makefile | 259 ------- operators/constellation-node-operator/PROJECT | 42 - .../constellation-node-operator/README.md | 82 +- .../bundle.Dockerfile | 20 - ...dgeless.systems_autoscalingstrategies.yaml | 78 -- .../update.edgeless.systems_joiningnodes.yaml | 63 -- .../update.edgeless.systems_nodeversions.yaml | 722 ------------------ .../update.edgeless.systems_pendingnodes.yaml | 85 --- ...update.edgeless.systems_scalinggroups.yaml | 157 ---- .../config/crd/kustomization.yaml | 33 - .../config/crd/kustomizeconfig.yaml | 19 - .../cainjection_in_autoscalingstrategies.yaml | 7 - .../patches/cainjection_in_joiningnodes.yaml | 7 - .../patches/cainjection_in_nodeversions.yaml | 7 - .../patches/cainjection_in_pendingnodes.yaml | 7 - .../patches/cainjection_in_scalinggroups.yaml | 7 - .../webhook_in_autoscalingstrategies.yaml | 16 - .../crd/patches/webhook_in_joiningnodes.yaml | 16 - .../crd/patches/webhook_in_nodeversions.yaml | 16 - .../crd/patches/webhook_in_pendingnodes.yaml | 16 - .../crd/patches/webhook_in_scalinggroups.yaml | 16 - .../config/default/kustomization.yaml | 74 -- .../default/manager_auth_proxy_patch.yaml | 34 - .../config/default/manager_config_patch.yaml | 20 - .../manager/controller_manager_config.yaml | 11 - .../config/manager/kustomization.yaml | 16 - .../config/manager/manager.yaml | 108 --- .../node-operator.clusterserviceversion.yaml | 67 -- .../config/manifests/kustomization.yaml | 27 - .../config/prometheus/kustomization.yaml | 2 - .../config/prometheus/monitor.yaml | 20 - .../rbac/auth_proxy_client_clusterrole.yaml | 9 - .../config/rbac/auth_proxy_role.yaml | 17 - .../config/rbac/auth_proxy_role_binding.yaml | 12 - .../config/rbac/auth_proxy_service.yaml | 15 - .../rbac/autoscalingstrategy_editor_role.yaml | 24 - .../rbac/autoscalingstrategy_viewer_role.yaml | 20 - .../config/rbac/kustomization.yaml | 18 - .../config/rbac/leader_election_role.yaml | 37 - .../rbac/leader_election_role_binding.yaml | 12 - .../config/rbac/nodeimage_editor_role.yaml | 24 - .../config/rbac/nodeimage_viewer_role.yaml | 20 - .../config/rbac/pendingnode_editor_role.yaml | 24 - .../config/rbac/pendingnode_viewer_role.yaml | 20 - .../config/rbac/role.yaml | 199 ----- .../config/rbac/role_binding.yaml | 12 - .../config/rbac/scalinggroup_editor_role.yaml | 24 - .../config/rbac/scalinggroup_viewer_role.yaml | 20 - .../config/rbac/service_account.yaml | 5 - .../config/samples/kustomization.yaml | 7 - .../update_v1alpha1_autoscalingstrategy.yaml | 8 - .../samples/update_v1alpha1_nodeversion.yaml | 15 - .../samples/update_v1alpha1_pendingnode.yaml | 21 - .../samples/update_v1alpha1_scalinggroup.yaml | 19 - .../config/scorecard/bases/config.yaml | 7 - .../config/scorecard/kustomization.yaml | 16 - .../scorecard/patches/basic.config.yaml | 10 - .../config/scorecard/patches/olm.config.yaml | 50 -- .../hack/boilerplate.go.txt | 0 60 files changed, 3 insertions(+), 2745 deletions(-) delete mode 100644 operators/constellation-node-operator/.gitignore delete mode 100644 operators/constellation-node-operator/Makefile delete mode 100644 operators/constellation-node-operator/PROJECT delete mode 100644 operators/constellation-node-operator/bundle.Dockerfile delete mode 100644 operators/constellation-node-operator/config/crd/bases/update.edgeless.systems_autoscalingstrategies.yaml delete mode 100644 operators/constellation-node-operator/config/crd/bases/update.edgeless.systems_joiningnodes.yaml delete mode 100644 operators/constellation-node-operator/config/crd/bases/update.edgeless.systems_nodeversions.yaml delete mode 100644 operators/constellation-node-operator/config/crd/bases/update.edgeless.systems_pendingnodes.yaml delete mode 100644 operators/constellation-node-operator/config/crd/bases/update.edgeless.systems_scalinggroups.yaml delete mode 100644 operators/constellation-node-operator/config/crd/kustomization.yaml delete mode 100644 operators/constellation-node-operator/config/crd/kustomizeconfig.yaml delete mode 100644 operators/constellation-node-operator/config/crd/patches/cainjection_in_autoscalingstrategies.yaml delete mode 100644 operators/constellation-node-operator/config/crd/patches/cainjection_in_joiningnodes.yaml delete mode 100644 operators/constellation-node-operator/config/crd/patches/cainjection_in_nodeversions.yaml delete mode 100644 operators/constellation-node-operator/config/crd/patches/cainjection_in_pendingnodes.yaml delete mode 100644 operators/constellation-node-operator/config/crd/patches/cainjection_in_scalinggroups.yaml delete mode 100644 operators/constellation-node-operator/config/crd/patches/webhook_in_autoscalingstrategies.yaml delete mode 100644 operators/constellation-node-operator/config/crd/patches/webhook_in_joiningnodes.yaml delete mode 100644 operators/constellation-node-operator/config/crd/patches/webhook_in_nodeversions.yaml delete mode 100644 operators/constellation-node-operator/config/crd/patches/webhook_in_pendingnodes.yaml delete mode 100644 operators/constellation-node-operator/config/crd/patches/webhook_in_scalinggroups.yaml delete mode 100644 operators/constellation-node-operator/config/default/kustomization.yaml delete mode 100644 operators/constellation-node-operator/config/default/manager_auth_proxy_patch.yaml delete mode 100644 operators/constellation-node-operator/config/default/manager_config_patch.yaml delete mode 100644 operators/constellation-node-operator/config/manager/controller_manager_config.yaml delete mode 100644 operators/constellation-node-operator/config/manager/kustomization.yaml delete mode 100644 operators/constellation-node-operator/config/manager/manager.yaml delete mode 100644 operators/constellation-node-operator/config/manifests/bases/node-operator.clusterserviceversion.yaml delete mode 100644 operators/constellation-node-operator/config/manifests/kustomization.yaml delete mode 100644 operators/constellation-node-operator/config/prometheus/kustomization.yaml delete mode 100644 operators/constellation-node-operator/config/prometheus/monitor.yaml delete mode 100644 operators/constellation-node-operator/config/rbac/auth_proxy_client_clusterrole.yaml delete mode 100644 operators/constellation-node-operator/config/rbac/auth_proxy_role.yaml delete mode 100644 operators/constellation-node-operator/config/rbac/auth_proxy_role_binding.yaml delete mode 100644 operators/constellation-node-operator/config/rbac/auth_proxy_service.yaml delete mode 100644 operators/constellation-node-operator/config/rbac/autoscalingstrategy_editor_role.yaml delete mode 100644 operators/constellation-node-operator/config/rbac/autoscalingstrategy_viewer_role.yaml delete mode 100644 operators/constellation-node-operator/config/rbac/kustomization.yaml delete mode 100644 operators/constellation-node-operator/config/rbac/leader_election_role.yaml delete mode 100644 operators/constellation-node-operator/config/rbac/leader_election_role_binding.yaml delete mode 100644 operators/constellation-node-operator/config/rbac/nodeimage_editor_role.yaml delete mode 100644 operators/constellation-node-operator/config/rbac/nodeimage_viewer_role.yaml delete mode 100644 operators/constellation-node-operator/config/rbac/pendingnode_editor_role.yaml delete mode 100644 operators/constellation-node-operator/config/rbac/pendingnode_viewer_role.yaml delete mode 100644 operators/constellation-node-operator/config/rbac/role.yaml delete mode 100644 operators/constellation-node-operator/config/rbac/role_binding.yaml delete mode 100644 operators/constellation-node-operator/config/rbac/scalinggroup_editor_role.yaml delete mode 100644 operators/constellation-node-operator/config/rbac/scalinggroup_viewer_role.yaml delete mode 100644 operators/constellation-node-operator/config/rbac/service_account.yaml delete mode 100644 operators/constellation-node-operator/config/samples/kustomization.yaml delete mode 100644 operators/constellation-node-operator/config/samples/update_v1alpha1_autoscalingstrategy.yaml delete mode 100644 operators/constellation-node-operator/config/samples/update_v1alpha1_nodeversion.yaml delete mode 100644 operators/constellation-node-operator/config/samples/update_v1alpha1_pendingnode.yaml delete mode 100644 operators/constellation-node-operator/config/samples/update_v1alpha1_scalinggroup.yaml delete mode 100644 operators/constellation-node-operator/config/scorecard/bases/config.yaml delete mode 100644 operators/constellation-node-operator/config/scorecard/kustomization.yaml delete mode 100644 operators/constellation-node-operator/config/scorecard/patches/basic.config.yaml delete mode 100644 operators/constellation-node-operator/config/scorecard/patches/olm.config.yaml delete mode 100644 operators/constellation-node-operator/hack/boilerplate.go.txt diff --git a/operators/constellation-node-operator/.gitignore b/operators/constellation-node-operator/.gitignore deleted file mode 100644 index 9731c6eba..000000000 --- a/operators/constellation-node-operator/.gitignore +++ /dev/null @@ -1,29 +0,0 @@ - -# Binaries for programs and plugins -*.exe -*.exe~ -*.dll -*.so -*.dylib -bin -testbin/* - -# Test binary, build with `go test -c` -*.test - -# Output of the go coverage tool, specifically when used with LiteIDE -*.out - -# Kubernetes Generated files - skip generated files, except for vendored files - -# We hold the charts in the internal/constellation/helm directory -chart/ -bundle/ - -!vendor/**/zz_generated.* - -# editor and IDE paraphernalia -.idea -*.swp -*.swo -*~ diff --git a/operators/constellation-node-operator/Makefile b/operators/constellation-node-operator/Makefile deleted file mode 100644 index ca2bd0906..000000000 --- a/operators/constellation-node-operator/Makefile +++ /dev/null @@ -1,259 +0,0 @@ -# VERSION defines the project version for the bundle. -# Update this value when you upgrade the version of your project. -# To re-generate a bundle for another specific version without changing the standard setup, you can: -# - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) -# - use environment variables to overwrite this value (e.g export VERSION=0.0.2) -VERSION ?= 0.0.1 - -# CHANNELS define the bundle channels used in the bundle. -# Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable") -# To re-generate a bundle for other specific channels without changing the standard setup, you can: -# - use the CHANNELS as arg of the bundle target (e.g make bundle CHANNELS=candidate,fast,stable) -# - use environment variables to overwrite this value (e.g export CHANNELS="candidate,fast,stable") -ifneq ($(origin CHANNELS), undefined) -BUNDLE_CHANNELS := --channels=$(CHANNELS) -endif - -# DEFAULT_CHANNEL defines the default channel used in the bundle. -# Add a new line here if you would like to change its default config. (E.g DEFAULT_CHANNEL = "stable") -# To re-generate a bundle for any other default channel without changing the default setup, you can: -# - use the DEFAULT_CHANNEL as arg of the bundle target (e.g make bundle DEFAULT_CHANNEL=stable) -# - use environment variables to overwrite this value (e.g export DEFAULT_CHANNEL="stable") -ifneq ($(origin DEFAULT_CHANNEL), undefined) -BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL) -endif -BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL) - -# IMAGE_TAG_BASE defines the docker.io namespace and part of the image name for remote images. -# This variable is used to construct full image tags for bundle and catalog images. -# -# For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both -# ghcr.io/edgelesssys/constellation/node-operator-bundle:$VERSION and ghcr.io/edgelesssys/constellation/node-operator-catalog:$VERSION. -IMAGE_TAG_BASE ?= ghcr.io/edgelesssys/constellation/node-operator - -# BUNDLE_IMG defines the image:tag used for the bundle. -# You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=/:) -BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION) - -# BUNDLE_GEN_FLAGS are the flags passed to the operator-sdk generate bundle command -BUNDLE_GEN_FLAGS ?= -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS) - -# USE_IMAGE_DIGESTS defines if images are resolved via tags or digests -# You can enable this value if you would like to use SHA Based Digests -# To enable set flag to true -USE_IMAGE_DIGESTS ?= false -ifeq ($(USE_IMAGE_DIGESTS), true) - BUNDLE_GEN_FLAGS += --use-image-digests -endif - -# Image URL to use all building/pushing image targets -IMG ?= $(IMAGE_TAG_BASE):v$(VERSION) - -# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) -ifeq (,$(shell go env GOBIN)) -GOBIN=$(shell go env GOPATH)/bin -else -GOBIN=$(shell go env GOBIN) -endif - -# Setting SHELL to bash allows bash commands to be executed by recipes. -# This is a requirement for 'setup-envtest.sh' in the test target. -# Options are set to exit when a recipe line exits non-zero or a piped command fails. -SHELL = /usr/bin/env bash -o pipefail -.SHELLFLAGS = -ec - -.PHONY: all -all: build - -##@ General - -# The help target prints out all targets with their descriptions organized -# beneath their categories. The categories are represented by '##@' and the -# target descriptions by '##'. The awk commands is responsible for reading the -# entire set of makefiles included in this invocation, looking for lines of the -# file as xyz: ## something, and then pretty-format the target and help. Then, -# if there's a line with ##@ something, that gets pretty-printed as a category. -# More info on the usage of ANSI control characters for terminal formatting: -# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters -# More info on the awk command: -# http://linuxcommand.org/lc3_adv_awk.php - -.PHONY: help -help: ## Display this help. - @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) - -##@ Development - -.PHONY: manifests -manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. - $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./" output:crd:artifacts:config=config/crd/bases - -.PHONY: generate -generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. - $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./" - -.PHONY: fmt -fmt: ## Run go fmt against code. - go fmt ./... - -.PHONY: vet -vet: ## Run go vet against code. - go vet ./... - -.PHONY: test -test: manifests generate fmt vet ## Run tests. - bazel test //operators/constellation-node-operator/... - -##@ Build - -.PHONY: build -build: generate fmt vet ## Build manager binary. - go build -o bin/manager main.go - -.PHONY: run -run: manifests generate fmt vet ## Run a controller from your host. - go run ./main.go - -.PHONY: docker-build -docker-build: test ## Build docker image with the manager. - # Since we need to download the dependencies from the project root, we need to change the build context to the project root. - pushd . ;\ - cd ../.. ;\ - docker build -t ${IMG} -f operators/constellation-node-operator/Dockerfile . ;\ - popd - -.PHONY: docker-push -docker-push: ## Push docker image with the manager. - docker push ${IMG} - -##@ Deployment - -ifndef ignore-not-found - ignore-not-found = false -endif - -.PHONY: install -install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. - $(KUSTOMIZE) build config/crd | kubectl apply -f - - -.PHONY: uninstall -uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. - $(KUSTOMIZE) build config/crd | kubectl delete --ignore-not-found=$(ignore-not-found) -f - - -.PHONY: deploy -deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. - cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} - $(KUSTOMIZE) build config/default | kubectl apply -f - - -.PHONY: undeploy -undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. - $(KUSTOMIZE) build config/default | kubectl delete --ignore-not-found=$(ignore-not-found) -f - - -##@ Build Dependencies - -## Location to install dependencies to -LOCALBIN ?= $(shell pwd)/bin -$(LOCALBIN): - mkdir -p $(LOCALBIN) - -## Tool Binaries -KUSTOMIZE ?= $(LOCALBIN)/kustomize -CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen - -## Tool Versions -KUSTOMIZE_VERSION ?= v3.8.7 -CONTROLLER_TOOLS_VERSION ?= v0.9.0 - -KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" -.PHONY: kustomize -kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. -$(KUSTOMIZE): $(LOCALBIN) - test -s $(LOCALBIN)/kustomize || { curl -s $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); } - -.PHONY: controller-gen -controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. -$(CONTROLLER_GEN): $(LOCALBIN) - GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_TOOLS_VERSION) - -.PHONY: bundle -bundle: manifests kustomize ## Generate bundle manifests and metadata, then validate generated files. - operator-sdk generate kustomize manifests -q - cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG) - $(KUSTOMIZE) build config/manifests | operator-sdk generate bundle $(BUNDLE_GEN_FLAGS) - operator-sdk bundle validate ./bundle - -.PHONY: bundle-build -bundle-build: ## Build the bundle image. - docker build -f bundle.Dockerfile -t $(BUNDLE_IMG) . - -.PHONY: bundle-push -bundle-push: ## Push the bundle image. - $(MAKE) docker-push IMG=$(BUNDLE_IMG) - -.PHONY: opm -OPM = ./bin/opm -opm: ## Download opm locally if necessary. -ifeq (,$(wildcard $(OPM))) -ifeq (,$(shell which opm 2>/dev/null)) - @{ \ - set -e ;\ - mkdir -p $(dir $(OPM)) ;\ - OS=$(shell go env GOOS) && ARCH=$(shell go env GOARCH) && \ - curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.19.1/$${OS}-$${ARCH}-opm ;\ - chmod +x $(OPM) ;\ - } -else -OPM = $(shell which opm) -endif -endif - -# A comma-separated list of bundle images (e.g. make catalog-build BUNDLE_IMGS=example.com/operator-bundle:v0.1.0,example.com/operator-bundle:v0.2.0). -# These images MUST exist in a registry and be pull-able. -BUNDLE_IMGS ?= $(BUNDLE_IMG) - -# The image tag given to the resulting catalog image (e.g. make catalog-build CATALOG_IMG=example.com/operator-catalog:v0.2.0). -CATALOG_IMG ?= $(IMAGE_TAG_BASE)-catalog:v$(VERSION) - -# Set CATALOG_BASE_IMG to an existing catalog image tag to add $BUNDLE_IMGS to that image. -ifneq ($(origin CATALOG_BASE_IMG), undefined) -FROM_INDEX_OPT := --from-index $(CATALOG_BASE_IMG) -endif - -# Build a catalog image by adding bundle images to an empty catalog using the operator package manager tool, 'opm'. -# This recipe invokes 'opm' in 'semver' bundle add mode. For more information on add modes, see: -# https://github.com/operator-framework/community-operators/blob/7f1438c/docs/packaging-operator.md#updating-your-existing-operator -.PHONY: catalog-build -catalog-build: opm ## Build a catalog image. - $(OPM) index add --container-tool docker --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT) - -# Push the catalog image. -.PHONY: catalog-push -catalog-push: ## Push a catalog image. - $(MAKE) docker-push IMG=$(CATALOG_IMG) - -HELMIFY_DIR ?= $(LOCALBIN)/helmify -HELMIFY = $(HELMIFY_DIR)/helmify - -.PHONY: helmify -helmify: ## Download helmify locally if necessary. - $(call go-install-tool,$(HELMIFY),$(HELMIFY_DIR),github.com/arttor/helmify/cmd/helmify@v0.3.18) - -# go-install-tool will delete old package $2, then 'go install' any package $3 to $1. -define go-install-tool -@[ -f $(1) ]|| { \ - set -e ;\ - rm -rf $(2) ;\ - TMP_DIR=$$(mktemp -d) ;\ - cd $$TMP_DIR ;\ - go mod init tmp ;\ - BIN_DIR=$$(dirname $(1)) ;\ - mkdir -p $$BIN_DIR ;\ - echo "Downloading $(3)" ;\ - GOBIN=$$BIN_DIR GOFLAGS='' go install $(3) ;\ - rm -rf $$TMP_DIR ;\ -} -endef - -.PHONY: helm -helm: manifests kustomize helmify - $(KUSTOMIZE) build config/default | $(HELMIFY) diff --git a/operators/constellation-node-operator/PROJECT b/operators/constellation-node-operator/PROJECT deleted file mode 100644 index d38cbb734..000000000 --- a/operators/constellation-node-operator/PROJECT +++ /dev/null @@ -1,42 +0,0 @@ -domain: edgeless.systems -layout: -- go.kubebuilder.io/v3 -plugins: - manifests.sdk.operatorframework.io/v2: {} - scorecard.sdk.operatorframework.io/v2: {} -projectName: node-operator -repo: github.com/edgelesssys/constellation/operators/constellation-node-operator -resources: -- api: - crdVersion: v1 - controller: true - domain: edgeless.systems - group: update - kind: NodeVersion - path: github.com/edgelesssys/constellation/operators/constellation-node-operator/api/v1alpha1 - version: v1alpha1 -- api: - crdVersion: v1 - controller: true - domain: edgeless.systems - group: update - kind: AutoscalingStrategy - path: github.com/edgelesssys/constellation/operators/constellation-node-operator/api/v1alpha1 - version: v1alpha1 -- api: - crdVersion: v1 - controller: true - domain: edgeless.systems - group: update - kind: ScalingGroup - path: github.com/edgelesssys/constellation/operators/constellation-node-operator/api/v1alpha1 - version: v1alpha1 -- api: - crdVersion: v1 - controller: true - domain: edgeless.systems - group: update - kind: PendingNode - path: github.com/edgelesssys/constellation/operators/constellation-node-operator/api/v1alpha1 - version: v1alpha1 -version: "3" diff --git a/operators/constellation-node-operator/README.md b/operators/constellation-node-operator/README.md index ad5e034cd..0df124608 100644 --- a/operators/constellation-node-operator/README.md +++ b/operators/constellation-node-operator/README.md @@ -125,85 +125,9 @@ spec: deadline: "2022-07-04T08:33:18+00:00" ``` -## Getting Started +## Development -You’ll need a Kubernetes cluster to run against. You can use [KIND](https://sigs.k8s.io/kind) to get a local cluster for testing, or run against a remote cluster. -**Note:** Your controller will automatically use the current context in your kubeconfig file (i.e. whatever cluster `kubectl cluster-info` shows). +This operator was originally scaffolded with kubebuilder, but is now fully integrated into Bazel build workflows. -### Running on the cluster +TODO: describe how to change permissions, add types, etc -1. Install Instances of Custom Resources: - -```sh -kubectl apply -f config/samples/ -``` - -2. Build and push your image to the location specified by `IMG`: - -```sh -make docker-build docker-push IMG=/constellation/node-operator:tag -``` - -3. Deploy the controller to the cluster with the image specified by `IMG`: - -```sh -make deploy IMG=/constellation/node-operator:tag -``` - -### Uninstall CRDs - -To delete the CRDs from the cluster: - -```sh -make uninstall -``` - -### Undeploy controller - -UnDeploy the controller to the cluster: - -```sh -make undeploy -``` - -### How it works - -This project aims to follow the Kubernetes [Operator pattern](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/) - -It uses [Controllers](https://kubernetes.io/docs/concepts/architecture/controller/) -which provides a reconcile function responsible for synchronizing resources until the desired state is reached on the cluster - -### Test It Out - -1. Install the CRDs into the cluster: - -```sh -make install -``` - -2. Run your controller (this will run in the foreground, so switch to a new terminal if you want to leave it running): - -```sh -make run -``` - -**NOTE:** You can also run this in one step by running: `make install run` - -### Modifying the API definitions - -If you are editing the API definitions, generate the manifests such as CRs or CRDs using: - -```sh -make manifests -``` - -**NOTE:** Run `make --help` for more information on all potential `make` targets - -More information can be found via the [Kubebuilder Documentation](https://book.kubebuilder.io/introduction.html) - -## Production deployment - -The operator is deployed automatically during `constellation-init`. -Prerequisite for this is that cert-manager is installed. -cert-manager is also installed during `constellation-init`. -To deploy you can use the Helm chart at `/internal/constellation/helm/charts/edgeless/operators/constellation-operator`. diff --git a/operators/constellation-node-operator/bundle.Dockerfile b/operators/constellation-node-operator/bundle.Dockerfile deleted file mode 100644 index d8621d888..000000000 --- a/operators/constellation-node-operator/bundle.Dockerfile +++ /dev/null @@ -1,20 +0,0 @@ -FROM scratch - -# Core bundle labels. -LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 -LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ -LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ -LABEL operators.operatorframework.io.bundle.package.v1=node-operator -LABEL operators.operatorframework.io.bundle.channels.v1=alpha -LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.25.3 -LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 -LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3 - -# Labels for testing. -LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 -LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ - -# Copy files to locations specified by labels. -COPY bundle/manifests /manifests/ -COPY bundle/metadata /metadata/ -COPY bundle/tests/scorecard /tests/scorecard/ diff --git a/operators/constellation-node-operator/config/crd/bases/update.edgeless.systems_autoscalingstrategies.yaml b/operators/constellation-node-operator/config/crd/bases/update.edgeless.systems_autoscalingstrategies.yaml deleted file mode 100644 index 6a014a394..000000000 --- a/operators/constellation-node-operator/config/crd/bases/update.edgeless.systems_autoscalingstrategies.yaml +++ /dev/null @@ -1,78 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.0 - creationTimestamp: null - name: autoscalingstrategies.update.edgeless.systems -spec: - group: update.edgeless.systems - names: - kind: AutoscalingStrategy - listKind: AutoscalingStrategyList - plural: autoscalingstrategies - singular: autoscalingstrategy - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: AutoscalingStrategy is the Schema for the autoscalingstrategies - API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AutoscalingStrategySpec defines the desired state of AutoscalingStrategy. - properties: - autoscalerExtraArgs: - additionalProperties: - type: string - description: AutoscalerExtraArgs defines extra arguments to be passed - to the autoscaler. - type: object - deploymentName: - description: DeploymentName defines the name of the autoscaler deployment. - type: string - deploymentNamespace: - description: DeploymentNamespace defines the namespace of the autoscaler - deployment. - type: string - enabled: - description: Enabled defines whether cluster autoscaling should be - enabled or not. - type: boolean - required: - - deploymentName - - deploymentNamespace - - enabled - type: object - status: - description: AutoscalingStrategyStatus defines the observed state of AutoscalingStrategy. - properties: - enabled: - description: Enabled shows whether cluster autoscaling is currently - enabled or not. - type: boolean - replicas: - description: Replicas is the number of replicas for the autoscaler - deployment. - format: int32 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/operators/constellation-node-operator/config/crd/bases/update.edgeless.systems_joiningnodes.yaml b/operators/constellation-node-operator/config/crd/bases/update.edgeless.systems_joiningnodes.yaml deleted file mode 100644 index 9c8e9e5a2..000000000 --- a/operators/constellation-node-operator/config/crd/bases/update.edgeless.systems_joiningnodes.yaml +++ /dev/null @@ -1,63 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.0 - creationTimestamp: null - name: joiningnodes.update.edgeless.systems -spec: - group: update.edgeless.systems - names: - kind: JoiningNode - listKind: JoiningNodeList - plural: joiningnodes - singular: joiningnode - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: JoiningNode is the Schema for the joiningnodes API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: JoiningNodeSpec defines the components hash which the node - should be annotated with. - properties: - componentsreference: - description: ComponentsReference is the reference to the ConfigMap - containing the components. - type: string - deadline: - description: Deadline is the time after which the joining node is - considered to have failed. - format: date-time - type: string - iscontrolplane: - description: IsControlPlane is true if the node is a control plane - node. - type: boolean - name: - description: Name of the node expected to join. - type: string - type: object - status: - description: JoiningNodeStatus defines the observed state of JoiningNode. - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/operators/constellation-node-operator/config/crd/bases/update.edgeless.systems_nodeversions.yaml b/operators/constellation-node-operator/config/crd/bases/update.edgeless.systems_nodeversions.yaml deleted file mode 100644 index e4c435ec1..000000000 --- a/operators/constellation-node-operator/config/crd/bases/update.edgeless.systems_nodeversions.yaml +++ /dev/null @@ -1,722 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.0 - creationTimestamp: null - name: nodeversions.update.edgeless.systems -spec: - group: update.edgeless.systems - names: - kind: NodeVersion - listKind: NodeVersionList - plural: nodeversions - singular: nodeversion - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: NodeVersion is the Schema for the nodeversions API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: NodeVersionSpec defines the desired state of NodeVersion. - properties: - image: - description: ImageReference is the image to use for all nodes. - type: string - imageVersion: - description: ImageVersion is the CSP independent version of the image - to use for all nodes. - type: string - kubernetesClusterVersion: - description: KubernetesClusterVersion is the advertised Kubernetes - version of the cluster. - type: string - kubernetesComponentsReference: - description: KubernetesComponentsReference is a reference to the ConfigMap - containing the Kubernetes components to use for all nodes. - type: string - type: object - status: - description: NodeVersionStatus defines the observed state of NodeVersion. - properties: - activeclusterversionupgrade: - description: ActiveClusterVersionUpgrade indicates whether the cluster - is currently upgrading. - type: boolean - awaitingAnnotation: - description: AwaitingAnnotation is a list of nodes that are waiting - for the operator to annotate them. - items: - description: "ObjectReference contains enough information to let - you inspect or modify the referred object. --- New uses of this - type are discouraged because of difficulty describing its usage - when embedded in APIs. 1. Ignored fields. It includes many fields - which are not generally honored. For instance, ResourceVersion - and FieldPath are both very rarely valid in actual usage. 2. Invalid - usage help. It is impossible to add specific help for individual - usage. In most embedded usages, there are particular restrictions - like, \"must refer only to types A and B\" or \"UID not honored\" - or \"name must be restricted\". Those cannot be well described - when embedded. 3. Inconsistent validation. Because the usages - are different, the validation rules are different by usage, which - makes it hard for users to predict what will happen. 4. The fields - are both imprecise and overly precise. Kind is not a precise - mapping to a URL. This can produce ambiguity during interpretation - and require a REST mapping. In most cases, the dependency is - on the group,resource tuple and the version of the actual struct - is irrelevant. 5. We cannot easily change it. Because this type - is embedded in many locations, updates to this type will affect - numerous schemas. Don't make new APIs embed an underspecified - API type they do not control. \n Instead of using this type, create - a locally provided and used type that is well-focused on your - reference. For example, ServiceReferences for admission registration: - https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 - ." - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - type: array - budget: - description: Budget is the amount of extra nodes that can be created - as replacements for outdated nodes. - format: int32 - type: integer - conditions: - description: Conditions represent the latest available observations - of an object's state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - donors: - description: Donors is a list of outdated nodes that donate labels - to heirs. - items: - description: "ObjectReference contains enough information to let - you inspect or modify the referred object. --- New uses of this - type are discouraged because of difficulty describing its usage - when embedded in APIs. 1. Ignored fields. It includes many fields - which are not generally honored. For instance, ResourceVersion - and FieldPath are both very rarely valid in actual usage. 2. Invalid - usage help. It is impossible to add specific help for individual - usage. In most embedded usages, there are particular restrictions - like, \"must refer only to types A and B\" or \"UID not honored\" - or \"name must be restricted\". Those cannot be well described - when embedded. 3. Inconsistent validation. Because the usages - are different, the validation rules are different by usage, which - makes it hard for users to predict what will happen. 4. The fields - are both imprecise and overly precise. Kind is not a precise - mapping to a URL. This can produce ambiguity during interpretation - and require a REST mapping. In most cases, the dependency is - on the group,resource tuple and the version of the actual struct - is irrelevant. 5. We cannot easily change it. Because this type - is embedded in many locations, updates to this type will affect - numerous schemas. Don't make new APIs embed an underspecified - API type they do not control. \n Instead of using this type, create - a locally provided and used type that is well-focused on your - reference. For example, ServiceReferences for admission registration: - https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 - ." - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - type: array - heirs: - description: Heirs is a list of nodes using the latest image that - still need to inherit labels from donors. - items: - description: "ObjectReference contains enough information to let - you inspect or modify the referred object. --- New uses of this - type are discouraged because of difficulty describing its usage - when embedded in APIs. 1. Ignored fields. It includes many fields - which are not generally honored. For instance, ResourceVersion - and FieldPath are both very rarely valid in actual usage. 2. Invalid - usage help. It is impossible to add specific help for individual - usage. In most embedded usages, there are particular restrictions - like, \"must refer only to types A and B\" or \"UID not honored\" - or \"name must be restricted\". Those cannot be well described - when embedded. 3. Inconsistent validation. Because the usages - are different, the validation rules are different by usage, which - makes it hard for users to predict what will happen. 4. The fields - are both imprecise and overly precise. Kind is not a precise - mapping to a URL. This can produce ambiguity during interpretation - and require a REST mapping. In most cases, the dependency is - on the group,resource tuple and the version of the actual struct - is irrelevant. 5. We cannot easily change it. Because this type - is embedded in many locations, updates to this type will affect - numerous schemas. Don't make new APIs embed an underspecified - API type they do not control. \n Instead of using this type, create - a locally provided and used type that is well-focused on your - reference. For example, ServiceReferences for admission registration: - https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 - ." - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - type: array - invalid: - description: Invalid is a list of invalid nodes (nodes that cannot - be processed by the operator due to missing information or transient - faults). - items: - description: "ObjectReference contains enough information to let - you inspect or modify the referred object. --- New uses of this - type are discouraged because of difficulty describing its usage - when embedded in APIs. 1. Ignored fields. It includes many fields - which are not generally honored. For instance, ResourceVersion - and FieldPath are both very rarely valid in actual usage. 2. Invalid - usage help. It is impossible to add specific help for individual - usage. In most embedded usages, there are particular restrictions - like, \"must refer only to types A and B\" or \"UID not honored\" - or \"name must be restricted\". Those cannot be well described - when embedded. 3. Inconsistent validation. Because the usages - are different, the validation rules are different by usage, which - makes it hard for users to predict what will happen. 4. The fields - are both imprecise and overly precise. Kind is not a precise - mapping to a URL. This can produce ambiguity during interpretation - and require a REST mapping. In most cases, the dependency is - on the group,resource tuple and the version of the actual struct - is irrelevant. 5. We cannot easily change it. Because this type - is embedded in many locations, updates to this type will affect - numerous schemas. Don't make new APIs embed an underspecified - API type they do not control. \n Instead of using this type, create - a locally provided and used type that is well-focused on your - reference. For example, ServiceReferences for admission registration: - https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 - ." - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - type: array - mints: - description: Mints is a list of up to date nodes that will become - heirs. - items: - description: "ObjectReference contains enough information to let - you inspect or modify the referred object. --- New uses of this - type are discouraged because of difficulty describing its usage - when embedded in APIs. 1. Ignored fields. It includes many fields - which are not generally honored. For instance, ResourceVersion - and FieldPath are both very rarely valid in actual usage. 2. Invalid - usage help. It is impossible to add specific help for individual - usage. In most embedded usages, there are particular restrictions - like, \"must refer only to types A and B\" or \"UID not honored\" - or \"name must be restricted\". Those cannot be well described - when embedded. 3. Inconsistent validation. Because the usages - are different, the validation rules are different by usage, which - makes it hard for users to predict what will happen. 4. The fields - are both imprecise and overly precise. Kind is not a precise - mapping to a URL. This can produce ambiguity during interpretation - and require a REST mapping. In most cases, the dependency is - on the group,resource tuple and the version of the actual struct - is irrelevant. 5. We cannot easily change it. Because this type - is embedded in many locations, updates to this type will affect - numerous schemas. Don't make new APIs embed an underspecified - API type they do not control. \n Instead of using this type, create - a locally provided and used type that is well-focused on your - reference. For example, ServiceReferences for admission registration: - https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 - ." - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - type: array - obsolete: - description: Obsolete is a list of obsolete nodes (nodes that have - been created by the operator but are no longer needed). - items: - description: "ObjectReference contains enough information to let - you inspect or modify the referred object. --- New uses of this - type are discouraged because of difficulty describing its usage - when embedded in APIs. 1. Ignored fields. It includes many fields - which are not generally honored. For instance, ResourceVersion - and FieldPath are both very rarely valid in actual usage. 2. Invalid - usage help. It is impossible to add specific help for individual - usage. In most embedded usages, there are particular restrictions - like, \"must refer only to types A and B\" or \"UID not honored\" - or \"name must be restricted\". Those cannot be well described - when embedded. 3. Inconsistent validation. Because the usages - are different, the validation rules are different by usage, which - makes it hard for users to predict what will happen. 4. The fields - are both imprecise and overly precise. Kind is not a precise - mapping to a URL. This can produce ambiguity during interpretation - and require a REST mapping. In most cases, the dependency is - on the group,resource tuple and the version of the actual struct - is irrelevant. 5. We cannot easily change it. Because this type - is embedded in many locations, updates to this type will affect - numerous schemas. Don't make new APIs embed an underspecified - API type they do not control. \n Instead of using this type, create - a locally provided and used type that is well-focused on your - reference. For example, ServiceReferences for admission registration: - https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 - ." - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - type: array - outdated: - description: Outdated is a list of nodes that are using an outdated - image. - items: - description: "ObjectReference contains enough information to let - you inspect or modify the referred object. --- New uses of this - type are discouraged because of difficulty describing its usage - when embedded in APIs. 1. Ignored fields. It includes many fields - which are not generally honored. For instance, ResourceVersion - and FieldPath are both very rarely valid in actual usage. 2. Invalid - usage help. It is impossible to add specific help for individual - usage. In most embedded usages, there are particular restrictions - like, \"must refer only to types A and B\" or \"UID not honored\" - or \"name must be restricted\". Those cannot be well described - when embedded. 3. Inconsistent validation. Because the usages - are different, the validation rules are different by usage, which - makes it hard for users to predict what will happen. 4. The fields - are both imprecise and overly precise. Kind is not a precise - mapping to a URL. This can produce ambiguity during interpretation - and require a REST mapping. In most cases, the dependency is - on the group,resource tuple and the version of the actual struct - is irrelevant. 5. We cannot easily change it. Because this type - is embedded in many locations, updates to this type will affect - numerous schemas. Don't make new APIs embed an underspecified - API type they do not control. \n Instead of using this type, create - a locally provided and used type that is well-focused on your - reference. For example, ServiceReferences for admission registration: - https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 - ." - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - type: array - pending: - description: Pending is a list of pending nodes (joining or leaving - the cluster). - items: - description: "ObjectReference contains enough information to let - you inspect or modify the referred object. --- New uses of this - type are discouraged because of difficulty describing its usage - when embedded in APIs. 1. Ignored fields. It includes many fields - which are not generally honored. For instance, ResourceVersion - and FieldPath are both very rarely valid in actual usage. 2. Invalid - usage help. It is impossible to add specific help for individual - usage. In most embedded usages, there are particular restrictions - like, \"must refer only to types A and B\" or \"UID not honored\" - or \"name must be restricted\". Those cannot be well described - when embedded. 3. Inconsistent validation. Because the usages - are different, the validation rules are different by usage, which - makes it hard for users to predict what will happen. 4. The fields - are both imprecise and overly precise. Kind is not a precise - mapping to a URL. This can produce ambiguity during interpretation - and require a REST mapping. In most cases, the dependency is - on the group,resource tuple and the version of the actual struct - is irrelevant. 5. We cannot easily change it. Because this type - is embedded in many locations, updates to this type will affect - numerous schemas. Don't make new APIs embed an underspecified - API type they do not control. \n Instead of using this type, create - a locally provided and used type that is well-focused on your - reference. For example, ServiceReferences for admission registration: - https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 - ." - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - type: array - upToDate: - description: UpToDate is a list of nodes that are using the latest - image and labels. - items: - description: "ObjectReference contains enough information to let - you inspect or modify the referred object. --- New uses of this - type are discouraged because of difficulty describing its usage - when embedded in APIs. 1. Ignored fields. It includes many fields - which are not generally honored. For instance, ResourceVersion - and FieldPath are both very rarely valid in actual usage. 2. Invalid - usage help. It is impossible to add specific help for individual - usage. In most embedded usages, there are particular restrictions - like, \"must refer only to types A and B\" or \"UID not honored\" - or \"name must be restricted\". Those cannot be well described - when embedded. 3. Inconsistent validation. Because the usages - are different, the validation rules are different by usage, which - makes it hard for users to predict what will happen. 4. The fields - are both imprecise and overly precise. Kind is not a precise - mapping to a URL. This can produce ambiguity during interpretation - and require a REST mapping. In most cases, the dependency is - on the group,resource tuple and the version of the actual struct - is irrelevant. 5. We cannot easily change it. Because this type - is embedded in many locations, updates to this type will affect - numerous schemas. Don't make new APIs embed an underspecified - API type they do not control. \n Instead of using this type, create - a locally provided and used type that is well-focused on your - reference. For example, ServiceReferences for admission registration: - https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 - ." - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - type: array - required: - - activeclusterversionupgrade - - budget - - conditions - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/operators/constellation-node-operator/config/crd/bases/update.edgeless.systems_pendingnodes.yaml b/operators/constellation-node-operator/config/crd/bases/update.edgeless.systems_pendingnodes.yaml deleted file mode 100644 index 7c5b5618b..000000000 --- a/operators/constellation-node-operator/config/crd/bases/update.edgeless.systems_pendingnodes.yaml +++ /dev/null @@ -1,85 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.0 - creationTimestamp: null - name: pendingnodes.update.edgeless.systems -spec: - group: update.edgeless.systems - names: - kind: PendingNode - listKind: PendingNodeList - plural: pendingnodes - singular: pendingnode - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: PendingNode is the Schema for the pendingnodes API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PendingNodeSpec defines the desired state of PendingNode. - properties: - deadline: - description: Deadline is the deadline for reaching the goal state. - Joining nodes will be terminated if the deadline is exceeded. Leaving - nodes will remain as unschedulable to prevent data loss. If not - specified, the node may remain in the pending state indefinitely. - format: date-time - type: string - goal: - description: Goal is the goal of the pending state. - enum: - - Join - - Leave - type: string - groupID: - description: ScalingGroupID is the ID of the group that this node - shall be part of. - type: string - nodeName: - description: NodeName is the kubernetes internal name of the node. - type: string - providerID: - description: ProviderID is the provider ID of the node. - type: string - type: object - status: - description: PendingNodeStatus defines the observed state of PendingNode. - properties: - cspState: - description: CSPNodeState is the state of the node in the cloud. - enum: - - Unknown - - Creating - - Ready - - Stopped - - Terminating - - Terminated - - Failed - type: string - reachedGoal: - description: ReachedGoal is true if the node has reached the goal - state. - type: boolean - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/operators/constellation-node-operator/config/crd/bases/update.edgeless.systems_scalinggroups.yaml b/operators/constellation-node-operator/config/crd/bases/update.edgeless.systems_scalinggroups.yaml deleted file mode 100644 index 0f87fbab1..000000000 --- a/operators/constellation-node-operator/config/crd/bases/update.edgeless.systems_scalinggroups.yaml +++ /dev/null @@ -1,157 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.0 - creationTimestamp: null - name: scalinggroups.update.edgeless.systems -spec: - group: update.edgeless.systems - names: - kind: ScalingGroup - listKind: ScalingGroupList - plural: scalinggroups - singular: scalinggroup - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: ScalingGroup is the Schema for the scalinggroups API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ScalingGroupSpec defines the desired state of ScalingGroup. - properties: - autoscalerGroupName: - description: AutoscalerGroupName is name that is expected by the autoscaler. - type: string - autoscaling: - description: Autoscaling specifies wether the scaling group should - automatically scale using the cluster-autoscaler. - type: boolean - groupId: - description: GroupID is the CSP specific, canonical identifier of - a scaling group. - type: string - max: - description: Max is the maximum number of autoscaled nodes in the - scaling group (used by cluster-autoscaler). - format: int32 - type: integer - min: - description: Min is the minimum number of nodes in the scaling group - (used by cluster-autoscaler). - format: int32 - type: integer - nodeGroupName: - description: NodeGroupName is the human friendly name of the node group - as defined in the Constellation configuration. - type: string - nodeImage: - description: NodeVersion is the name of the NodeVersion resource. - type: string - role: - description: Role is the role of the nodes in the scaling group. - enum: - - Worker - - ControlPlane - type: string - type: object - status: - description: ScalingGroupStatus defines the observed state of ScalingGroup. - properties: - conditions: - description: Conditions represent the latest available observations - of an object's state. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - imageReference: - description: ImageReference is the image currently used for newly - created nodes in this scaling group. - type: string - required: - - conditions - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/operators/constellation-node-operator/config/crd/kustomization.yaml b/operators/constellation-node-operator/config/crd/kustomization.yaml deleted file mode 100644 index 663768b0e..000000000 --- a/operators/constellation-node-operator/config/crd/kustomization.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# This kustomization.yaml is not intended to be run by itself, -# since it depends on service name and namespace that are out of this kustomize package. -# It should be run by config/default -resources: -- bases/update.edgeless.systems_nodeversions.yaml -- bases/update.edgeless.systems_joiningnodes.yaml -- bases/update.edgeless.systems_autoscalingstrategies.yaml -- bases/update.edgeless.systems_scalinggroups.yaml -- bases/update.edgeless.systems_pendingnodes.yaml -#+kubebuilder:scaffold:crdkustomizeresource - -patchesStrategicMerge: -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. -# patches here are for enabling the conversion webhook for each CRD -#- patches/webhook_in_nodeversions.yaml -#- patches/webhook_in_joiningnodes.yaml -#- patches/webhook_in_autoscalingstrategies.yaml -#- patches/webhook_in_scalinggroups.yaml -#- patches/webhook_in_pendingnodes.yaml -#+kubebuilder:scaffold:crdkustomizewebhookpatch - -# [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. -# patches here are for enabling the CA injection for each CRD -#- patches/cainjection_in_nodeversions.yaml -#- patches/cainjection_in_joiningnodes.yaml -#- patches/cainjection_in_autoscalingstrategies.yaml -#- patches/cainjection_in_scalinggroups.yaml -#- patches/cainjection_in_pendingnodes.yaml -#+kubebuilder:scaffold:crdkustomizecainjectionpatch - -# the following config is for teaching kustomize how to do kustomization for CRDs. -configurations: -- kustomizeconfig.yaml diff --git a/operators/constellation-node-operator/config/crd/kustomizeconfig.yaml b/operators/constellation-node-operator/config/crd/kustomizeconfig.yaml deleted file mode 100644 index ec5c150a9..000000000 --- a/operators/constellation-node-operator/config/crd/kustomizeconfig.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# This file is for teaching kustomize how to substitute name and namespace reference in CRD -nameReference: -- kind: Service - version: v1 - fieldSpecs: - - kind: CustomResourceDefinition - version: v1 - group: apiextensions.k8s.io - path: spec/conversion/webhook/clientConfig/service/name - -namespace: -- kind: CustomResourceDefinition - version: v1 - group: apiextensions.k8s.io - path: spec/conversion/webhook/clientConfig/service/namespace - create: false - -varReference: -- path: metadata/annotations diff --git a/operators/constellation-node-operator/config/crd/patches/cainjection_in_autoscalingstrategies.yaml b/operators/constellation-node-operator/config/crd/patches/cainjection_in_autoscalingstrategies.yaml deleted file mode 100644 index 5310bc710..000000000 --- a/operators/constellation-node-operator/config/crd/patches/cainjection_in_autoscalingstrategies.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) - name: autoscalingstrategies.update.edgeless.systems diff --git a/operators/constellation-node-operator/config/crd/patches/cainjection_in_joiningnodes.yaml b/operators/constellation-node-operator/config/crd/patches/cainjection_in_joiningnodes.yaml deleted file mode 100644 index 896050d25..000000000 --- a/operators/constellation-node-operator/config/crd/patches/cainjection_in_joiningnodes.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) - name: joiningnodes.update.edgeless.systems diff --git a/operators/constellation-node-operator/config/crd/patches/cainjection_in_nodeversions.yaml b/operators/constellation-node-operator/config/crd/patches/cainjection_in_nodeversions.yaml deleted file mode 100644 index bea5e6e29..000000000 --- a/operators/constellation-node-operator/config/crd/patches/cainjection_in_nodeversions.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) - name: nodeversions.update.edgeless.systems diff --git a/operators/constellation-node-operator/config/crd/patches/cainjection_in_pendingnodes.yaml b/operators/constellation-node-operator/config/crd/patches/cainjection_in_pendingnodes.yaml deleted file mode 100644 index 9991e3ba5..000000000 --- a/operators/constellation-node-operator/config/crd/patches/cainjection_in_pendingnodes.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) - name: pendingnodes.update.edgeless.systems diff --git a/operators/constellation-node-operator/config/crd/patches/cainjection_in_scalinggroups.yaml b/operators/constellation-node-operator/config/crd/patches/cainjection_in_scalinggroups.yaml deleted file mode 100644 index 3d3ef3ab3..000000000 --- a/operators/constellation-node-operator/config/crd/patches/cainjection_in_scalinggroups.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) - name: scalinggroups.update.edgeless.systems diff --git a/operators/constellation-node-operator/config/crd/patches/webhook_in_autoscalingstrategies.yaml b/operators/constellation-node-operator/config/crd/patches/webhook_in_autoscalingstrategies.yaml deleted file mode 100644 index 14cbc2601..000000000 --- a/operators/constellation-node-operator/config/crd/patches/webhook_in_autoscalingstrategies.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: autoscalingstrategies.update.edgeless.systems -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/operators/constellation-node-operator/config/crd/patches/webhook_in_joiningnodes.yaml b/operators/constellation-node-operator/config/crd/patches/webhook_in_joiningnodes.yaml deleted file mode 100644 index f544736ad..000000000 --- a/operators/constellation-node-operator/config/crd/patches/webhook_in_joiningnodes.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: joiningnodes.update.edgeless.systems -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/operators/constellation-node-operator/config/crd/patches/webhook_in_nodeversions.yaml b/operators/constellation-node-operator/config/crd/patches/webhook_in_nodeversions.yaml deleted file mode 100644 index 3ea33fb66..000000000 --- a/operators/constellation-node-operator/config/crd/patches/webhook_in_nodeversions.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: nodeversions.update.edgeless.systems -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/operators/constellation-node-operator/config/crd/patches/webhook_in_pendingnodes.yaml b/operators/constellation-node-operator/config/crd/patches/webhook_in_pendingnodes.yaml deleted file mode 100644 index 6d7488abe..000000000 --- a/operators/constellation-node-operator/config/crd/patches/webhook_in_pendingnodes.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: pendingnodes.update.edgeless.systems -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/operators/constellation-node-operator/config/crd/patches/webhook_in_scalinggroups.yaml b/operators/constellation-node-operator/config/crd/patches/webhook_in_scalinggroups.yaml deleted file mode 100644 index 56d2f22f1..000000000 --- a/operators/constellation-node-operator/config/crd/patches/webhook_in_scalinggroups.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: scalinggroups.update.edgeless.systems -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/operators/constellation-node-operator/config/default/kustomization.yaml b/operators/constellation-node-operator/config/default/kustomization.yaml deleted file mode 100644 index a314a4fa3..000000000 --- a/operators/constellation-node-operator/config/default/kustomization.yaml +++ /dev/null @@ -1,74 +0,0 @@ -# Adds namespace to all resources. -namespace: node-operator-system - -# Value of this field is prepended to the -# names of all resources, e.g. a deployment named -# "wordpress" becomes "alices-wordpress". -# Note that it should also match with the prefix (text before '-') of the namespace -# field above. -namePrefix: node-operator- - -# Labels to add to all resources and selectors. -#commonLabels: -# someName: someValue - -bases: -- ../crd -- ../rbac -- ../manager -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- ../webhook -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. -#- ../certmanager -# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. -#- ../prometheus - -patchesStrategicMerge: -# Protect the /metrics endpoint by putting it behind auth. -# If you want your controller-manager to expose the /metrics -# endpoint w/o any authn/z, please comment the following line. -- manager_auth_proxy_patch.yaml - -# Mount the controller config file for loading manager configurations -# through a ComponentConfig type -#- manager_config_patch.yaml - -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- manager_webhook_patch.yaml - -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. -# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. -# 'CERTMANAGER' needs to be enabled to use ca injection -#- webhookcainjection_patch.yaml - -# the following config is for teaching kustomize how to do var substitution -vars: -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. -#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -# fieldref: -# fieldpath: metadata.namespace -#- name: CERTIFICATE_NAME -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -#- name: SERVICE_NAMESPACE # namespace of the service -# objref: -# kind: Service -# version: v1 -# name: webhook-service -# fieldref: -# fieldpath: metadata.namespace -#- name: SERVICE_NAME -# objref: -# kind: Service -# version: v1 -# name: webhook-service diff --git a/operators/constellation-node-operator/config/default/manager_auth_proxy_patch.yaml b/operators/constellation-node-operator/config/default/manager_auth_proxy_patch.yaml deleted file mode 100644 index c374488f3..000000000 --- a/operators/constellation-node-operator/config/default/manager_auth_proxy_patch.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# This patch inject a sidecar container which is a HTTP proxy for the -# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: kube-rbac-proxy - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.1 - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=0" - ports: - - containerPort: 8443 - protocol: TCP - name: https - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 5m - memory: 64Mi - - name: manager - args: - - "--health-probe-bind-address=:8081" - - "--metrics-bind-address=127.0.0.1:8080" - - "--leader-elect" diff --git a/operators/constellation-node-operator/config/default/manager_config_patch.yaml b/operators/constellation-node-operator/config/default/manager_config_patch.yaml deleted file mode 100644 index 6c400155c..000000000 --- a/operators/constellation-node-operator/config/default/manager_config_patch.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager - args: - - "--config=controller_manager_config.yaml" - volumeMounts: - - name: manager-config - mountPath: /controller_manager_config.yaml - subPath: controller_manager_config.yaml - volumes: - - name: manager-config - configMap: - name: manager-config diff --git a/operators/constellation-node-operator/config/manager/controller_manager_config.yaml b/operators/constellation-node-operator/config/manager/controller_manager_config.yaml deleted file mode 100644 index b6b9bf26f..000000000 --- a/operators/constellation-node-operator/config/manager/controller_manager_config.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 -kind: ControllerManagerConfig -health: - healthProbeBindAddress: :8081 -metrics: - bindAddress: 127.0.0.1:8080 -webhook: - port: 9443 -leaderElection: - leaderElect: true - resourceName: 38cc1645.edgeless.systems # unique name used to lock the resource during leader election diff --git a/operators/constellation-node-operator/config/manager/kustomization.yaml b/operators/constellation-node-operator/config/manager/kustomization.yaml deleted file mode 100644 index 23ff3a7e4..000000000 --- a/operators/constellation-node-operator/config/manager/kustomization.yaml +++ /dev/null @@ -1,16 +0,0 @@ -resources: -- manager.yaml - -generatorOptions: - disableNameSuffixHash: true - -configMapGenerator: -- files: - - controller_manager_config.yaml - name: manager-config -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -images: -- name: controller - newName: ghcr.io/edgelesssys/constellation/node-operator - newTag: v0.0.0 diff --git a/operators/constellation-node-operator/config/manager/manager.yaml b/operators/constellation-node-operator/config/manager/manager.yaml deleted file mode 100644 index 32b39e301..000000000 --- a/operators/constellation-node-operator/config/manager/manager.yaml +++ /dev/null @@ -1,108 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - control-plane: controller-manager - name: system ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system - labels: - control-plane: controller-manager -spec: - selector: - matchLabels: - control-plane: controller-manager - replicas: 1 - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: manager - labels: - control-plane: controller-manager - spec: - securityContext: - runAsUser: 0 # required to read etcd certs and keys from /etc/kubernetes/pki - containers: - - command: - - /manager - args: - - --leader-elect - image: controller:latest - name: manager - securityContext: - allowPrivilegeEscalation: false - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/kubernetes/pki/etcd - name: etcd-certs - - mountPath: /host/usr/lib/os-release - name: usr-lib-os-release - - mountPath: /etc/os-release - name: etc-os-release - - mountPath: /etc/azure - name: azureconfig - readOnly: true - - mountPath: /etc/gce - name: gceconf - readOnly: true - - mountPath: /etc/constellation-upgrade-agent.sock - name: upgrade-agent-socket - readOnly: true - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 10m - memory: 64Mi - volumes: - - name: etcd-certs - hostPath: - path: /etc/kubernetes/pki/etcd - type: Directory - - hostPath: - path: /usr/lib/os-release - type: File - name: usr-lib-os-release - - hostPath: - path: /etc/os-release - type: File - name: etc-os-release - - name: azureconfig - secret: - secretName: azureconfig - optional: true - - name: gceconf - configMap: - name: gceconf - optional: true - - name: upgrade-agent-socket - hostPath: - path: /run/constellation-upgrade-agent.sock - type: Socket - nodeSelector: - node-role.kubernetes.io/control-plane: "" - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - operator: Exists - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Exists - serviceAccountName: controller-manager - terminationGracePeriodSeconds: 10 diff --git a/operators/constellation-node-operator/config/manifests/bases/node-operator.clusterserviceversion.yaml b/operators/constellation-node-operator/config/manifests/bases/node-operator.clusterserviceversion.yaml deleted file mode 100644 index 033a4d646..000000000 --- a/operators/constellation-node-operator/config/manifests/bases/node-operator.clusterserviceversion.yaml +++ /dev/null @@ -1,67 +0,0 @@ -apiVersion: operators.coreos.com/v1alpha1 -kind: ClusterServiceVersion -metadata: - annotations: - alm-examples: '[]' - capabilities: Basic Install - name: node-operator.v0.0.0 - namespace: placeholder -spec: - apiservicedefinitions: {} - customresourcedefinitions: - owned: - - description: AutoscalingStrategy is the Schema for the autoscalingstrategies - API. - displayName: Autoscaling Strategy - kind: AutoscalingStrategy - name: autoscalingstrategies.update.edgeless.systems - version: v1alpha1 - - description: NodeVersion is the Schema for the nodeversions API. - displayName: Node Version - kind: NodeVersion - name: nodeversions.update.edgeless.systems - version: v1alpha1 - - description: PendingNode is the Schema for the pendingnodes API. - displayName: Pending Node - kind: PendingNode - name: pendingnodes.update.edgeless.systems - version: v1alpha1 - - description: ScalingGroup is the Schema for the scalinggroups API. - displayName: Scaling Group - kind: ScalingGroup - name: scalinggroups.update.edgeless.systems - version: v1alpha1 - description: The constellation node operator manages the lifecycle of constellation - nodes after cluster initialization. In particular, it is responsible for updating - the OS images of nodes by replacing nodes running old images with new nodes. - displayName: Constellation Node Operator - icon: - - base64data: "" - mediatype: "" - install: - spec: - deployments: null - strategy: "" - installModes: - - supported: false - type: OwnNamespace - - supported: false - type: SingleNamespace - - supported: false - type: MultiNamespace - - supported: true - type: AllNamespaces - keywords: - - update - - constellation - links: - - name: Constellation Node Operator - url: https://edgeless.systems/ - maintainers: - - email: mp@edgeless.systems - name: Malte Poll - maturity: alpha - provider: - name: Edgeless Systems - url: https://edgeless.systems/ - version: 0.0.0 diff --git a/operators/constellation-node-operator/config/manifests/kustomization.yaml b/operators/constellation-node-operator/config/manifests/kustomization.yaml deleted file mode 100644 index 3975782cd..000000000 --- a/operators/constellation-node-operator/config/manifests/kustomization.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# These resources constitute the fully configured set of manifests -# used to generate the 'manifests/' directory in a bundle. -resources: -- bases/node-operator.clusterserviceversion.yaml -- ../default -- ../samples -- ../scorecard - -# [WEBHOOK] To enable webhooks, uncomment all the sections with [WEBHOOK] prefix. -# Do NOT uncomment sections with prefix [CERTMANAGER], as OLM does not support cert-manager. -# These patches remove the unnecessary "cert" volume and its manager container volumeMount. -#patchesJson6902: -#- target: -# group: apps -# version: v1 -# kind: Deployment -# name: controller-manager -# namespace: system -# patch: |- -# # Remove the manager container's "cert" volumeMount, since OLM will create and mount a set of certs. -# # Update the indices in this path if adding or removing containers/volumeMounts in the manager's Deployment. -# - op: remove -# path: /spec/template/spec/containers/1/volumeMounts/0 -# # Remove the "cert" volume, since OLM will create and mount a set of certs. -# # Update the indices in this path if adding or removing volumes in the manager's Deployment. -# - op: remove -# path: /spec/template/spec/volumes/0 diff --git a/operators/constellation-node-operator/config/prometheus/kustomization.yaml b/operators/constellation-node-operator/config/prometheus/kustomization.yaml deleted file mode 100644 index ed137168a..000000000 --- a/operators/constellation-node-operator/config/prometheus/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: -- monitor.yaml diff --git a/operators/constellation-node-operator/config/prometheus/monitor.yaml b/operators/constellation-node-operator/config/prometheus/monitor.yaml deleted file mode 100644 index d19136ae7..000000000 --- a/operators/constellation-node-operator/config/prometheus/monitor.yaml +++ /dev/null @@ -1,20 +0,0 @@ - -# Prometheus Monitor Service (Metrics) -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - control-plane: controller-manager - name: controller-manager-metrics-monitor - namespace: system -spec: - endpoints: - - path: /metrics - port: https - scheme: https - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - tlsConfig: - insecureSkipVerify: true - selector: - matchLabels: - control-plane: controller-manager diff --git a/operators/constellation-node-operator/config/rbac/auth_proxy_client_clusterrole.yaml b/operators/constellation-node-operator/config/rbac/auth_proxy_client_clusterrole.yaml deleted file mode 100644 index 51a75db47..000000000 --- a/operators/constellation-node-operator/config/rbac/auth_proxy_client_clusterrole.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: metrics-reader -rules: -- nonResourceURLs: - - "/metrics" - verbs: - - get diff --git a/operators/constellation-node-operator/config/rbac/auth_proxy_role.yaml b/operators/constellation-node-operator/config/rbac/auth_proxy_role.yaml deleted file mode 100644 index 80e1857c5..000000000 --- a/operators/constellation-node-operator/config/rbac/auth_proxy_role.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: proxy-role -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create diff --git a/operators/constellation-node-operator/config/rbac/auth_proxy_role_binding.yaml b/operators/constellation-node-operator/config/rbac/auth_proxy_role_binding.yaml deleted file mode 100644 index ec7acc0a1..000000000 --- a/operators/constellation-node-operator/config/rbac/auth_proxy_role_binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: proxy-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: proxy-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system diff --git a/operators/constellation-node-operator/config/rbac/auth_proxy_service.yaml b/operators/constellation-node-operator/config/rbac/auth_proxy_service.yaml deleted file mode 100644 index 71f179727..000000000 --- a/operators/constellation-node-operator/config/rbac/auth_proxy_service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - name: controller-manager-metrics-service - namespace: system -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - selector: - control-plane: controller-manager diff --git a/operators/constellation-node-operator/config/rbac/autoscalingstrategy_editor_role.yaml b/operators/constellation-node-operator/config/rbac/autoscalingstrategy_editor_role.yaml deleted file mode 100644 index f61a3d203..000000000 --- a/operators/constellation-node-operator/config/rbac/autoscalingstrategy_editor_role.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# permissions for end users to edit autoscalingstrategies. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: autoscalingstrategy-editor-role -rules: -- apiGroups: - - update.edgeless.systems - resources: - - autoscalingstrategies - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - update.edgeless.systems - resources: - - autoscalingstrategies/status - verbs: - - get diff --git a/operators/constellation-node-operator/config/rbac/autoscalingstrategy_viewer_role.yaml b/operators/constellation-node-operator/config/rbac/autoscalingstrategy_viewer_role.yaml deleted file mode 100644 index 9b333e70a..000000000 --- a/operators/constellation-node-operator/config/rbac/autoscalingstrategy_viewer_role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# permissions for end users to view autoscalingstrategies. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: autoscalingstrategy-viewer-role -rules: -- apiGroups: - - update.edgeless.systems - resources: - - autoscalingstrategies - verbs: - - get - - list - - watch -- apiGroups: - - update.edgeless.systems - resources: - - autoscalingstrategies/status - verbs: - - get diff --git a/operators/constellation-node-operator/config/rbac/kustomization.yaml b/operators/constellation-node-operator/config/rbac/kustomization.yaml deleted file mode 100644 index 731832a6a..000000000 --- a/operators/constellation-node-operator/config/rbac/kustomization.yaml +++ /dev/null @@ -1,18 +0,0 @@ -resources: -# All RBAC will be applied under this service account in -# the deployment namespace. You may comment out this resource -# if your manager will use a service account that exists at -# runtime. Be sure to update RoleBinding and ClusterRoleBinding -# subjects if changing service account names. -- service_account.yaml -- role.yaml -- role_binding.yaml -- leader_election_role.yaml -- leader_election_role_binding.yaml -# Comment the following 4 lines if you want to disable -# the auth proxy (https://github.com/brancz/kube-rbac-proxy) -# which protects your /metrics endpoint. -- auth_proxy_service.yaml -- auth_proxy_role.yaml -- auth_proxy_role_binding.yaml -- auth_proxy_client_clusterrole.yaml diff --git a/operators/constellation-node-operator/config/rbac/leader_election_role.yaml b/operators/constellation-node-operator/config/rbac/leader_election_role.yaml deleted file mode 100644 index 4190ec805..000000000 --- a/operators/constellation-node-operator/config/rbac/leader_election_role.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# permissions to do leader election. -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: leader-election-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch diff --git a/operators/constellation-node-operator/config/rbac/leader_election_role_binding.yaml b/operators/constellation-node-operator/config/rbac/leader_election_role_binding.yaml deleted file mode 100644 index 1d1321ed4..000000000 --- a/operators/constellation-node-operator/config/rbac/leader_election_role_binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: leader-election-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: leader-election-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system diff --git a/operators/constellation-node-operator/config/rbac/nodeimage_editor_role.yaml b/operators/constellation-node-operator/config/rbac/nodeimage_editor_role.yaml deleted file mode 100644 index 4e62617cd..000000000 --- a/operators/constellation-node-operator/config/rbac/nodeimage_editor_role.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# permissions for end users to edit nodeversions. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: nodeversion-editor-role -rules: -- apiGroups: - - update.edgeless.systems - resources: - - nodeversions - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - update.edgeless.systems - resources: - - nodeversions/status - verbs: - - get diff --git a/operators/constellation-node-operator/config/rbac/nodeimage_viewer_role.yaml b/operators/constellation-node-operator/config/rbac/nodeimage_viewer_role.yaml deleted file mode 100644 index 60c40caf0..000000000 --- a/operators/constellation-node-operator/config/rbac/nodeimage_viewer_role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# permissions for end users to view nodeversions. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: nodeversion-viewer-role -rules: -- apiGroups: - - update.edgeless.systems - resources: - - nodeversions - verbs: - - get - - list - - watch -- apiGroups: - - update.edgeless.systems - resources: - - nodeversions/status - verbs: - - get diff --git a/operators/constellation-node-operator/config/rbac/pendingnode_editor_role.yaml b/operators/constellation-node-operator/config/rbac/pendingnode_editor_role.yaml deleted file mode 100644 index 5b51c4c61..000000000 --- a/operators/constellation-node-operator/config/rbac/pendingnode_editor_role.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# permissions for end users to edit pendingnodes. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: pendingnode-editor-role -rules: -- apiGroups: - - update.edgeless.systems - resources: - - pendingnodes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - update.edgeless.systems - resources: - - pendingnodes/status - verbs: - - get diff --git a/operators/constellation-node-operator/config/rbac/pendingnode_viewer_role.yaml b/operators/constellation-node-operator/config/rbac/pendingnode_viewer_role.yaml deleted file mode 100644 index 3c19522a3..000000000 --- a/operators/constellation-node-operator/config/rbac/pendingnode_viewer_role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# permissions for end users to view pendingnodes. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: pendingnode-viewer-role -rules: -- apiGroups: - - update.edgeless.systems - resources: - - pendingnodes - verbs: - - get - - list - - watch -- apiGroups: - - update.edgeless.systems - resources: - - pendingnodes/status - verbs: - - get diff --git a/operators/constellation-node-operator/config/rbac/role.yaml b/operators/constellation-node-operator/config/rbac/role.yaml deleted file mode 100644 index 8700132c4..000000000 --- a/operators/constellation-node-operator/config/rbac/role.yaml +++ /dev/null @@ -1,199 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: manager-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list -- apiGroups: - - "" - resources: - - nodes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - nodes/status - verbs: - - get -- apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - get - - list - - update - - watch -- apiGroups: - - nodemaintenance.medik8s.io - resources: - - nodemaintenances - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - update.edgeless.systems - resources: - - autoscalingstrategies - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - update.edgeless.systems - resources: - - autoscalingstrategies/finalizers - verbs: - - update -- apiGroups: - - update.edgeless.systems - resources: - - autoscalingstrategies/status - verbs: - - get - - patch - - update -- apiGroups: - - update.edgeless.systems - resources: - - joiningnodes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - update.edgeless.systems - resources: - - joiningnodes/finalizers - verbs: - - update -- apiGroups: - - update.edgeless.systems - resources: - - joiningnodes/status - verbs: - - get - - patch - - update -- apiGroups: - - update.edgeless.systems - resources: - - nodeversion - verbs: - - get - - list - - watch -- apiGroups: - - update.edgeless.systems - resources: - - nodeversion/status - verbs: - - get -- apiGroups: - - update.edgeless.systems - resources: - - nodeversions - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - update.edgeless.systems - resources: - - nodeversions/finalizers - verbs: - - update -- apiGroups: - - update.edgeless.systems - resources: - - nodeversions/status - verbs: - - get - - patch - - update -- apiGroups: - - update.edgeless.systems - resources: - - pendingnodes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - update.edgeless.systems - resources: - - pendingnodes/finalizers - verbs: - - update -- apiGroups: - - update.edgeless.systems - resources: - - pendingnodes/status - verbs: - - get - - patch - - update -- apiGroups: - - update.edgeless.systems - resources: - - scalinggroups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - update.edgeless.systems - resources: - - scalinggroups/finalizers - verbs: - - update -- apiGroups: - - update.edgeless.systems - resources: - - scalinggroups/status - verbs: - - get - - patch - - update diff --git a/operators/constellation-node-operator/config/rbac/role_binding.yaml b/operators/constellation-node-operator/config/rbac/role_binding.yaml deleted file mode 100644 index 2070ede44..000000000 --- a/operators/constellation-node-operator/config/rbac/role_binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: manager-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system diff --git a/operators/constellation-node-operator/config/rbac/scalinggroup_editor_role.yaml b/operators/constellation-node-operator/config/rbac/scalinggroup_editor_role.yaml deleted file mode 100644 index 9f6062841..000000000 --- a/operators/constellation-node-operator/config/rbac/scalinggroup_editor_role.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# permissions for end users to edit scalinggroups. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: scalinggroup-editor-role -rules: -- apiGroups: - - update.edgeless.systems - resources: - - scalinggroups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - update.edgeless.systems - resources: - - scalinggroups/status - verbs: - - get diff --git a/operators/constellation-node-operator/config/rbac/scalinggroup_viewer_role.yaml b/operators/constellation-node-operator/config/rbac/scalinggroup_viewer_role.yaml deleted file mode 100644 index f73af2cf9..000000000 --- a/operators/constellation-node-operator/config/rbac/scalinggroup_viewer_role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# permissions for end users to view scalinggroups. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: scalinggroup-viewer-role -rules: -- apiGroups: - - update.edgeless.systems - resources: - - scalinggroups - verbs: - - get - - list - - watch -- apiGroups: - - update.edgeless.systems - resources: - - scalinggroups/status - verbs: - - get diff --git a/operators/constellation-node-operator/config/rbac/service_account.yaml b/operators/constellation-node-operator/config/rbac/service_account.yaml deleted file mode 100644 index 7cd6025bf..000000000 --- a/operators/constellation-node-operator/config/rbac/service_account.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: controller-manager - namespace: system diff --git a/operators/constellation-node-operator/config/samples/kustomization.yaml b/operators/constellation-node-operator/config/samples/kustomization.yaml deleted file mode 100644 index 2a0714113..000000000 --- a/operators/constellation-node-operator/config/samples/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -## Append samples you want in your CSV to this file as resources ## -resources: -- update_v1alpha1_nodeversion.yaml -- update_v1alpha1_autoscalingstrategy.yaml -- update_v1alpha1_scalinggroup.yaml -- update_v1alpha1_pendingnode.yaml -#+kubebuilder:scaffold:manifestskustomizesamples diff --git a/operators/constellation-node-operator/config/samples/update_v1alpha1_autoscalingstrategy.yaml b/operators/constellation-node-operator/config/samples/update_v1alpha1_autoscalingstrategy.yaml deleted file mode 100644 index 45abb3770..000000000 --- a/operators/constellation-node-operator/config/samples/update_v1alpha1_autoscalingstrategy.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: update.edgeless.systems/v1alpha1 -kind: AutoscalingStrategy -metadata: - name: autoscalingstrategy-sample -spec: - deploymentName: constellation-cluster-autoscaler - deploymentNamespace: kube-system - enabled: true diff --git a/operators/constellation-node-operator/config/samples/update_v1alpha1_nodeversion.yaml b/operators/constellation-node-operator/config/samples/update_v1alpha1_nodeversion.yaml deleted file mode 100644 index 559c87338..000000000 --- a/operators/constellation-node-operator/config/samples/update_v1alpha1_nodeversion.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: update.edgeless.systems/v1alpha1 -kind: NodeVersion -metadata: - name: constellation-version-azure - namespace: kube-system -spec: - image: "/subscriptions//resourceGroups//providers/Microsoft.Compute/galleries//images//versions/" ---- -apiVersion: update.edgeless.systems/v1alpha1 -kind: NodeVersion -metadata: - name: constellation-version-gcp - namespace: kube-system -spec: - image: projects//global/images/ diff --git a/operators/constellation-node-operator/config/samples/update_v1alpha1_pendingnode.yaml b/operators/constellation-node-operator/config/samples/update_v1alpha1_pendingnode.yaml deleted file mode 100644 index efb338872..000000000 --- a/operators/constellation-node-operator/config/samples/update_v1alpha1_pendingnode.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: update.edgeless.systems/v1alpha1 -kind: PendingNode -metadata: - name: pendingnode-azure -spec: - providerID: "azure:///subscriptions//resourceGroups//providers/Microsoft.Compute/virtualMachineScaleSets//virtualMachines/" - groupID: "/subscriptions//resourceGroups//providers/Microsoft.Compute/virtualMachineScaleSets/" - nodeName: "" - goal: Join - deadline: "2022-07-04T08:33:18+00:00" ---- -apiVersion: update.edgeless.systems/v1alpha1 -kind: PendingNode -metadata: - name: pendingnode-gcp -spec: - providerID: "gce:////" - groupID: "projects//zones//instanceGroupManagers/" - nodeName: "" - goal: Join - deadline: "2022-07-04T08:33:18+00:00" diff --git a/operators/constellation-node-operator/config/samples/update_v1alpha1_scalinggroup.yaml b/operators/constellation-node-operator/config/samples/update_v1alpha1_scalinggroup.yaml deleted file mode 100644 index 91130dadc..000000000 --- a/operators/constellation-node-operator/config/samples/update_v1alpha1_scalinggroup.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: update.edgeless.systems/v1alpha1 -kind: ScalingGroup -metadata: - name: scalinggroup-worker-azure - namespace: kube-system -spec: - nodeImage: "constellation-version-azure" - groupId: "/subscriptions//resourceGroups//providers/Microsoft.Compute/virtualMachineScaleSets/" - autoscaling: true ---- -apiVersion: update.edgeless.systems/v1alpha1 -kind: ScalingGroup -metadata: - name: scalinggroup-worker-gcp - namespace: kube-system -spec: - nodeImage: "constellation-version-gcp" - groupId: "projects//zones//instanceGroupManagers/" - autoscaling: true diff --git a/operators/constellation-node-operator/config/scorecard/bases/config.yaml b/operators/constellation-node-operator/config/scorecard/bases/config.yaml deleted file mode 100644 index c77047841..000000000 --- a/operators/constellation-node-operator/config/scorecard/bases/config.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: scorecard.operatorframework.io/v1alpha3 -kind: Configuration -metadata: - name: config -stages: -- parallel: true - tests: [] diff --git a/operators/constellation-node-operator/config/scorecard/kustomization.yaml b/operators/constellation-node-operator/config/scorecard/kustomization.yaml deleted file mode 100644 index 50cd2d084..000000000 --- a/operators/constellation-node-operator/config/scorecard/kustomization.yaml +++ /dev/null @@ -1,16 +0,0 @@ -resources: -- bases/config.yaml -patchesJson6902: -- path: patches/basic.config.yaml - target: - group: scorecard.operatorframework.io - version: v1alpha3 - kind: Configuration - name: config -- path: patches/olm.config.yaml - target: - group: scorecard.operatorframework.io - version: v1alpha3 - kind: Configuration - name: config -#+kubebuilder:scaffold:patchesJson6902 diff --git a/operators/constellation-node-operator/config/scorecard/patches/basic.config.yaml b/operators/constellation-node-operator/config/scorecard/patches/basic.config.yaml deleted file mode 100644 index 154137eec..000000000 --- a/operators/constellation-node-operator/config/scorecard/patches/basic.config.yaml +++ /dev/null @@ -1,10 +0,0 @@ -- op: add - path: /stages/0/tests/- - value: - entrypoint: - - scorecard-test - - basic-check-spec - image: quay.io/operator-framework/scorecard-test:v1.21.0 - labels: - suite: basic - test: basic-check-spec-test diff --git a/operators/constellation-node-operator/config/scorecard/patches/olm.config.yaml b/operators/constellation-node-operator/config/scorecard/patches/olm.config.yaml deleted file mode 100644 index ecf7d99c0..000000000 --- a/operators/constellation-node-operator/config/scorecard/patches/olm.config.yaml +++ /dev/null @@ -1,50 +0,0 @@ -- op: add - path: /stages/0/tests/- - value: - entrypoint: - - scorecard-test - - olm-bundle-validation - image: quay.io/operator-framework/scorecard-test:v1.21.0 - labels: - suite: olm - test: olm-bundle-validation-test -- op: add - path: /stages/0/tests/- - value: - entrypoint: - - scorecard-test - - olm-crds-have-validation - image: quay.io/operator-framework/scorecard-test:v1.21.0 - labels: - suite: olm - test: olm-crds-have-validation-test -- op: add - path: /stages/0/tests/- - value: - entrypoint: - - scorecard-test - - olm-crds-have-resources - image: quay.io/operator-framework/scorecard-test:v1.21.0 - labels: - suite: olm - test: olm-crds-have-resources-test -- op: add - path: /stages/0/tests/- - value: - entrypoint: - - scorecard-test - - olm-spec-descriptors - image: quay.io/operator-framework/scorecard-test:v1.21.0 - labels: - suite: olm - test: olm-spec-descriptors-test -- op: add - path: /stages/0/tests/- - value: - entrypoint: - - scorecard-test - - olm-status-descriptors - image: quay.io/operator-framework/scorecard-test:v1.21.0 - labels: - suite: olm - test: olm-status-descriptors-test diff --git a/operators/constellation-node-operator/hack/boilerplate.go.txt b/operators/constellation-node-operator/hack/boilerplate.go.txt deleted file mode 100644 index e69de29bb..000000000