Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity
4f596cde3c
constellation/internal/crds/olmDeployment.yaml
Malte Poll 2c7129987a Deploy operator-lifecycle-manager (OLM), node-maintenance-operator (NMO) and constellation-node-operator 
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-11 10:48:50 +02:00

340 lines
8.9 KiB
YAML
Raw Blame History

# source: https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.21.2/olm.yaml
# vendored here to allow use of goembed
---
apiVersion: v1
kind: Namespace
metadata:
name: olm
---
apiVersion: v1
kind: Namespace
metadata:
name: operators
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: olm-operator-serviceaccount
namespace: olm
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:controller:operator-lifecycle-manager
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
- nonResourceURLs: ["*"]
verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: olm-operator-binding-olm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:controller:operator-lifecycle-manager
subjects:
- kind: ServiceAccount
name: olm-operator-serviceaccount
namespace: olm
---
apiVersion: operators.coreos.com/v1
kind: OLMConfig
metadata:
name: cluster
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: olm-operator
namespace: olm
labels:
app: olm-operator
spec:
strategy:
type: RollingUpdate
replicas: 1
selector:
matchLabels:
app: olm-operator
template:
metadata:
labels:
app: olm-operator
spec:
serviceAccountName: olm-operator-serviceaccount
containers:
- name: olm-operator
command:
- /bin/olm
args:
- --namespace
- $(OPERATOR_NAMESPACE)
- --writeStatusName
- ""
image: quay.io/operator-framework/olm@sha256:32db73274863b08cef237d02314a9d8c827ed2f33f0b00166dd3b055af63bb31
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
name: metrics
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
readinessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
terminationMessagePolicy: FallbackToLogsOnError
env:
- name: OPERATOR_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: OPERATOR_NAME
value: olm-operator
resources:
requests:
cpu: 10m
memory: 160Mi
nodeSelector:
kubernetes.io/os: linux
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: catalog-operator
namespace: olm
labels:
app: catalog-operator
spec:
strategy:
type: RollingUpdate
replicas: 1
selector:
matchLabels:
app: catalog-operator
template:
metadata:
labels:
app: catalog-operator
spec:
serviceAccountName: olm-operator-serviceaccount
containers:
- name: catalog-operator
command:
- /bin/catalog
args:
- '--namespace'
- olm
- --configmapServerImage=quay.io/operator-framework/configmap-operator-registry:latest
- --util-image
- quay.io/operator-framework/olm@sha256:32db73274863b08cef237d02314a9d8c827ed2f33f0b00166dd3b055af63bb31
image: quay.io/operator-framework/olm@sha256:32db73274863b08cef237d02314a9d8c827ed2f33f0b00166dd3b055af63bb31
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
name: metrics
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
readinessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
terminationMessagePolicy: FallbackToLogsOnError
resources:
requests:
cpu: 10m
memory: 80Mi
nodeSelector:
kubernetes.io/os: linux
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: aggregate-olm-edit
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rules:
- apiGroups: ["operators.coreos.com"]
resources: ["subscriptions"]
verbs: ["create", "update", "patch", "delete"]
- apiGroups: ["operators.coreos.com"]
resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"]
verbs: ["delete"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: aggregate-olm-view
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
rules:
- apiGroups: ["operators.coreos.com"]
resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "operatorgroups"]
verbs: ["get", "list", "watch"]
- apiGroups: ["packages.operators.coreos.com"]
resources: ["packagemanifests", "packagemanifests/icon"]
verbs: ["get", "list", "watch"]
---
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
name: global-operators
namespace: operators
---
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
name: olm-operators
namespace: olm
spec:
targetNamespaces:
- olm
---
apiVersion: operators.coreos.com/v1alpha1
kind: ClusterServiceVersion
metadata:
name: packageserver
namespace: olm
labels:
olm.version: v0.21.2
spec:
displayName: Package Server
description: Represents an Operator package that is available from a given CatalogSource which will resolve to a ClusterServiceVersion.
minKubeVersion: 1.11.0
keywords: ['packagemanifests', 'olm', 'packages']
maintainers:
- name: Red Hat
email: openshift-operators@redhat.com
provider:
name: Red Hat
links:
- name: Package Server
url: https://github.com/operator-framework/operator-lifecycle-manager/tree/master/pkg/package-server
installModes:
- type: OwnNamespace
supported: true
- type: SingleNamespace
supported: true
- type: MultiNamespace
supported: true
- type: AllNamespaces
supported: true
install:
strategy: deployment
spec:
clusterPermissions:
- serviceAccountName: olm-operator-serviceaccount
rules:
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- get
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- "operators.coreos.com"
resources:
- catalogsources
verbs:
- get
- list
- watch
- apiGroups:
- "packages.operators.coreos.com"
resources:
- packagemanifests
verbs:
- get
- list
deployments:
- name: packageserver
spec:
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
replicas: 2
selector:
matchLabels:
app: packageserver
template:
metadata:
labels:
app: packageserver
spec:
serviceAccountName: olm-operator-serviceaccount
nodeSelector:
kubernetes.io/os: linux
containers:
- name: packageserver
command:
- /bin/package-server
- -v=4
- --secure-port
- "5443"
- --global-namespace
- olm
image: quay.io/operator-framework/olm@sha256:32db73274863b08cef237d02314a9d8c827ed2f33f0b00166dd3b055af63bb31
imagePullPolicy: Always
ports:
- containerPort: 5443
livenessProbe:
httpGet:
scheme: HTTPS
path: /healthz
port: 5443
readinessProbe:
httpGet:
scheme: HTTPS
path: /healthz
port: 5443
terminationMessagePolicy: FallbackToLogsOnError
resources:
requests:
cpu: 10m
memory: 50Mi
securityContext:
runAsUser: 1000
volumeMounts:
- name: tmpfs
mountPath: /tmp
volumes:
- name: tmpfs
emptyDir: {}
maturity: alpha
version: v0.21.2
apiservicedefinitions:
owned:
- group: packages.operators.coreos.com
version: v1
kind: PackageManifest
name: packagemanifests
displayName: PackageManifest
description: A PackageManifest is a resource generated from existing CatalogSources and their ConfigMaps
deploymentName: packageserver
containerPort: 5443
Reference in New Issue View Git Blame Copy Permalink