From 6a4b8a50d4ba3acf96ddab12cf029db8a61a21c5 Mon Sep 17 00:00:00 2001 From: Gaelle Fournier Date: Fri, 20 Oct 2023 15:14:22 +0200 Subject: [PATCH 1/4] replace placeholder to default --- .../operator-cluster-role-console-binding-openshift.yaml | 2 +- .../operator-cluster-role-binding-addressable-resolver.yaml | 2 +- ...erator-cluster-role-binding-custom-resource-definitions.yaml | 2 +- config/rbac/operator-role-binding-local-registry.yaml | 2 +- config/rbac/patch-rolebinding-to-clusterrolebinding.yaml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/config/rbac/openshift/operator-cluster-role-console-binding-openshift.yaml b/config/rbac/openshift/operator-cluster-role-console-binding-openshift.yaml index fef037a6bb..47bc18e19b 100644 --- a/config/rbac/openshift/operator-cluster-role-console-binding-openshift.yaml +++ b/config/rbac/openshift/operator-cluster-role-console-binding-openshift.yaml @@ -24,7 +24,7 @@ metadata: subjects: - kind: ServiceAccount name: camel-k-operator - namespace: placeholder + namespace: default roleRef: kind: ClusterRole name: camel-k-operator-console-openshift diff --git a/config/rbac/operator-cluster-role-binding-addressable-resolver.yaml b/config/rbac/operator-cluster-role-binding-addressable-resolver.yaml index bddbcfdfc6..a0718ee2b9 100644 --- a/config/rbac/operator-cluster-role-binding-addressable-resolver.yaml +++ b/config/rbac/operator-cluster-role-binding-addressable-resolver.yaml @@ -24,7 +24,7 @@ metadata: subjects: - kind: ServiceAccount name: camel-k-operator - namespace: placeholder + namespace: default roleRef: kind: ClusterRole name: camel-k-operator-bind-addressable-resolver diff --git a/config/rbac/operator-cluster-role-binding-custom-resource-definitions.yaml b/config/rbac/operator-cluster-role-binding-custom-resource-definitions.yaml index 14d3fa1a88..1ec479ccfb 100644 --- a/config/rbac/operator-cluster-role-binding-custom-resource-definitions.yaml +++ b/config/rbac/operator-cluster-role-binding-custom-resource-definitions.yaml @@ -24,7 +24,7 @@ metadata: subjects: - kind: ServiceAccount name: camel-k-operator - namespace: placeholder + namespace: default roleRef: kind: ClusterRole name: camel-k-operator-custom-resource-definitions diff --git a/config/rbac/operator-role-binding-local-registry.yaml b/config/rbac/operator-role-binding-local-registry.yaml index 56ed3c47dd..7b71ea1fd8 100644 --- a/config/rbac/operator-role-binding-local-registry.yaml +++ b/config/rbac/operator-role-binding-local-registry.yaml @@ -25,7 +25,7 @@ metadata: subjects: - kind: ServiceAccount name: camel-k-operator - namespace: placeholder + namespace: default roleRef: kind: ClusterRole name: camel-k-operator-local-registry diff --git a/config/rbac/patch-rolebinding-to-clusterrolebinding.yaml b/config/rbac/patch-rolebinding-to-clusterrolebinding.yaml index d0d3001f45..94ff1979db 100644 --- a/config/rbac/patch-rolebinding-to-clusterrolebinding.yaml +++ b/config/rbac/patch-rolebinding-to-clusterrolebinding.yaml @@ -23,4 +23,4 @@ value: ClusterRole - op: add path: /subjects/0/namespace - value: placeholder + value: default From ab3a4925f9f5775bf8a17a286d7b35254e9c459e Mon Sep 17 00:00:00 2001 From: Gaelle Fournier Date: Mon, 16 Oct 2023 18:02:09 +0200 Subject: [PATCH 2/4] Basic working kustomize --- config/manager/kustomization.yaml | 8 -- install/overlays/README.md | 98 ++++++++++++++++ install/overlays/common/kustomization.yaml | 20 ++++ .../patch-build-integration-platform.yaml | 73 ++++++++++++ .../patch-maven-integration-platform.yaml | 109 ++++++++++++++++++ .../patches/patch-operator-id-deployment.yaml | 28 +++++ ...atch-operator-id-integration-platform.yaml | 22 ++++ .../patch-registry-integration-platform.yaml | 50 ++++++++ .../resources/integration-platform.yaml | 15 +++ install/overlays/kubernetes/README.md | 50 ++++++++ .../overlays/kubernetes/kustomization.yaml | 38 ++++++ ...patch-kubernetes-integration-platform.yaml | 23 ++++ install/overlays/openshift/README.md | 22 ++++ install/overlays/openshift/kustomization.yaml | 36 ++++++ .../patch-openshift-integration-platform.yaml | 27 +++++ 15 files changed, 611 insertions(+), 8 deletions(-) create mode 100644 install/overlays/README.md create mode 100644 install/overlays/common/kustomization.yaml create mode 100644 install/overlays/common/patches/patch-build-integration-platform.yaml create mode 100644 install/overlays/common/patches/patch-maven-integration-platform.yaml create mode 100644 install/overlays/common/patches/patch-operator-id-deployment.yaml create mode 100644 install/overlays/common/patches/patch-operator-id-integration-platform.yaml create mode 100644 install/overlays/common/patches/patch-registry-integration-platform.yaml create mode 100644 install/overlays/common/resources/integration-platform.yaml create mode 100644 install/overlays/kubernetes/README.md create mode 100644 install/overlays/kubernetes/kustomization.yaml create mode 100644 install/overlays/kubernetes/patch-kubernetes-integration-platform.yaml create mode 100644 install/overlays/openshift/README.md create mode 100644 install/overlays/openshift/kustomization.yaml create mode 100644 install/overlays/openshift/patch-openshift-integration-platform.yaml diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 38c67427fe..39e8b42bb9 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -22,11 +22,3 @@ resources: - operator-deployment.yaml - operator-service-account.yaml -patchesStrategicMerge: -- patch-toleration.yaml -- patch-node-selector.yaml -- patch-resource-requirements.yaml -patches: -- path: patch-log-level.yaml - target: - kind: Deployment diff --git a/install/overlays/README.md b/install/overlays/README.md new file mode 100644 index 0000000000..3dfe451b2f --- /dev/null +++ b/install/overlays/README.md @@ -0,0 +1,98 @@ + +# Kustomize Camel K + +Kustomize provides a declarative approach to the configuration customization of a Camel-K installation. Kustomize works either with a standalone executable or as a built-in to kubectl. + +Basic overlays are provided for easy usage. + +## HOW-TO + +### Initialize + +First create a new kustomization from the wanted version (kubernetes or openshift) in the repository: +```sh +kustomize create --resources https://github.com/apache/camel-k.git/install/overlays/kubernetes\?ref\=exp/kustomize_structure +``` + +You can also clone the camel-k repository and reference the local folder : +```sh +kubectl kustomize (i.e., limits.memory=256Mi) (see `config/manager/patch-resource-requirement.yaml`) +* Add a Toleration to the operator Pod (see `config/manager/patch-toleration.yaml`) + +#### Build configuration + +We have several configuration used to influence the building of an integration (see `install/overlays/common/patches/patch-build-integration-platform.yaml`): + +* Set the base Image used to run integrations +* Set the build publish strategy +* Add a build publish strategy option, as +* Set the build strategy +* Set the build order strategy +* Set how long the build process can last +* Set how long the catalogtool image build can last + + +A very important set of configuration you can provide is related to Maven (see `install/overlays/common/patches/patch-maven-integration-platform.yaml`): + +* Configure the secret key containing the Maven CA certificates (secret/key) +* Add a default Maven CLI option to the list of arguments for Maven commands +* Add a Maven build extension +* Path of the local Maven repository +* Add a Maven property +* Configure the source of the Maven settings (configmap|secret:name[/key]) + +#### Publish configuration + +Camel K requires a container registry where to store the applications built (see `install/overlays/common/patches/patch-registry-integration-platform.yaml`). These are the main configurations: + +* A organization on the Docker Hub that can be used to publish images +* A container registry that can be used to publish images +* Configure registry access in insecure mode or not (`http` vs `https`) +* A secret used to push/pull images to the container registry containing authorization tokens for pushing and pulling images + +#### Monitoring + +Camel K Operator provides certain monitoring capabilities. + +You can activate the monitoring by adding the following resources: `config/prometheus` + +You can change the default settings: +* The port of the health endpoint (default 8081) (see `config/manager/patch-toleration.yaml`) +* The port of the metrics endpoint (default 8080) (see `config/manager/patch-toleration.yaml`) +* The level of operator logging (default - info): info or 0, debug or 1 (default "info") (see `config/manager/patch-log-level.yaml`) + + +#### Installation Topology + +By default the proposed overlays configure the cluster, install an integration platform and the operator. You can easilly build your own overlay with only part or the configuration to fit your need. diff --git a/install/overlays/common/kustomization.yaml b/install/overlays/common/kustomization.yaml new file mode 100644 index 0000000000..6ae3038426 --- /dev/null +++ b/install/overlays/common/kustomization.yaml @@ -0,0 +1,20 @@ +# --------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# --------------------------------------------------------------------------- + +resources: +- resources/integration-platform.yaml + diff --git a/install/overlays/common/patches/patch-build-integration-platform.yaml b/install/overlays/common/patches/patch-build-integration-platform.yaml new file mode 100644 index 0000000000..2c40b7f755 --- /dev/null +++ b/install/overlays/common/patches/patch-build-integration-platform.yaml @@ -0,0 +1,73 @@ + +# --------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# --------------------------------------------------------------------------- + +# +# The base Image used to run integrations +# +# value: base-image:1.0.0 +- op: replace + path: /spec/build/baseImage + value: +# +# Build order strategy for integrations +# ie. dependencies, fifo, sequential +# +# value: sequential +- op: replace + path: /spec/build/buildConfiguration/orderStrategy + value: +# +# Build strategy to for integrations +# ie. routine, pod +# +# value: routine +- op: replace + path: /spec/build/buildConfiguration/strategy + value: +# +# The maximum amount of parallel pipeline running +# +# value: 3 +- op: replace + path: /spec/build/maxRunningBuilds + value: +# +# The time to wait before time out the pipeline process +# +# value: 3000 +- op: replace + path: /spec/build/timeout + value: +# +# Build publish strategy for integrations +# ie. Buildah, Kaniko, S2I, Spectrum, Jib +# +# value: Buildah | Kaniko | S2I | Spectrum | Jib +- op: replace + path: /spec/build/publishStrategy + value: +# +# Options that can be used by any publish strategy +# +# value: +# KanikoPersistentVolumeClaim: camel-k +- op: replace + path: /spec/build/PublishStrategyOptions + value: + : + diff --git a/install/overlays/common/patches/patch-maven-integration-platform.yaml b/install/overlays/common/patches/patch-maven-integration-platform.yaml new file mode 100644 index 0000000000..abd8a70e3c --- /dev/null +++ b/install/overlays/common/patches/patch-maven-integration-platform.yaml @@ -0,0 +1,109 @@ + +# --------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# --------------------------------------------------------------------------- + +# +# Secret name and key, containing the CA certificate(s) used to connect +# to remote Maven repositories. +# +# Can contain X.509 certificates, and PKCS#7 formatted certificate chains. +# A JKS formatted keystore is automatically created to store the CA certificate(s), +# and configured to be used as a trusted certificate(s) by the Maven commands. +# Note that the root CA certificates are also imported into the created keystore. +# +# caSecret: +# key: tls.crt +# name: tls-secret +# +# +# CLI options passed to the Maven commands to be executed +# +# cliOptions: +# - --show-version +# - --batch-mode +# +# +# Maven build extensions. See https://maven.apache.org/guides/mini/guide-using-extensions.html. +# +# extensions: +# - artifactId: fi.yle.tools +# groupId: aws-maven +# version: 1.4.2 +# +# +# Location of the local Maven repository +# +# localRepository: my.repository.url +# +# +# Configure Maven profiles (configmap|secret:name[/key]) +# profiles: +# - configMapKeyRef: +# key: profile.xml +# name: maven-profile +# +# +# Maven properties +# +# properties: +# quarkus.package.type: native +# +# +# Configure a source of Maven settings (configmap|secret:name[/key]) +# settings: +# configMapKeyRef: +# key: settings.xml +# name: maven-settings +# +# +# Configure a source of Maven security settings (configmap|secret:name[/key]) +# settings: +# configMapKeyRef: +# key: settings.xml +# name: maven-settings +# +# +# +- op: replace + path: /spec/build/maven + value: + caSecrets: + - key: + name: + optional: + cliOptions: + - + - + extension: + - artifactId: + groupId: + version: + localRepository: + profiles: + - configMapKeyRef: + key: + name: + - secretKeyRef: + key: + name: + properties: + : + : + settings: + configMapKeyRef: + key: + name: diff --git a/install/overlays/common/patches/patch-operator-id-deployment.yaml b/install/overlays/common/patches/patch-operator-id-deployment.yaml new file mode 100644 index 0000000000..a13bed1fe9 --- /dev/null +++ b/install/overlays/common/patches/patch-operator-id-deployment.yaml @@ -0,0 +1,28 @@ +# --------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# --------------------------------------------------------------------------- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: camel-k-operator +spec: + template: + spec: + containers: + - name: camel-k-operator + env: + - name: OPERATOR_ID + value: \ No newline at end of file diff --git a/install/overlays/common/patches/patch-operator-id-integration-platform.yaml b/install/overlays/common/patches/patch-operator-id-integration-platform.yaml new file mode 100644 index 0000000000..b3effc51ac --- /dev/null +++ b/install/overlays/common/patches/patch-operator-id-integration-platform.yaml @@ -0,0 +1,22 @@ +# --------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# --------------------------------------------------------------------------- +- op: replace + path: /metadata/name + value: +- op: replace + path: /metadata/annotations/camel.apache.org~1operator.id + value: \ No newline at end of file diff --git a/install/overlays/common/patches/patch-registry-integration-platform.yaml b/install/overlays/common/patches/patch-registry-integration-platform.yaml new file mode 100644 index 0000000000..6dc290d056 --- /dev/null +++ b/install/overlays/common/patches/patch-registry-integration-platform.yaml @@ -0,0 +1,50 @@ + +# --------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# --------------------------------------------------------------------------- + +# +# Configures a custom registry +# eg. DigitalOcean, Docker Hub, Github, Gcr.io, IBM Container Registry +# Refer to https://camel.apache.org/camel-k/latest/installation/registry/registry.html +# The address of the registry +# eg. registry.digitalocean.com, docker.pkg.github.com +# +# address: registry-host.io +# +# +# The identifier of the organization +# eg. github-user/repository +# +# organization: your-user-id-or-org +# +# +# As an alternative, a secret can be added to the namespace containing credentials, +# eg. for use with connecting to Docker Hub +# +# secret: the-push-kubernetes-secret-name +# +# Should connection to registry be secure +# +# insecure: true | false +- op: replace + path: /spec/build/registry + value: +# address: +# ca: +# insecure: +# organization: +# secret: diff --git a/install/overlays/common/resources/integration-platform.yaml b/install/overlays/common/resources/integration-platform.yaml new file mode 100644 index 0000000000..7e3cd0d1c9 --- /dev/null +++ b/install/overlays/common/resources/integration-platform.yaml @@ -0,0 +1,15 @@ +apiVersion: camel.apache.org/v1 +kind: IntegrationPlatform +metadata: + annotations: + camel.apache.org/operator.id: camel-k + name: camel-k +spec: + build: + buildConfiguration: {} + maven: + settings: {} + settingsSecurity: {} + registry: {} + kamelet: {} + traits: {} \ No newline at end of file diff --git a/install/overlays/kubernetes/README.md b/install/overlays/kubernetes/README.md new file mode 100644 index 0000000000..4d1f512168 --- /dev/null +++ b/install/overlays/kubernetes/README.md @@ -0,0 +1,50 @@ +# Kubernetes overlay + +## Pre-requise + +This is an overlay intended for Minkube with the following configuration: +* Cluster-admin privileges are required +* Namespace is `default` +* Operator id is `camel-k` +* An available registry + +## Usage + +The following env variable are expected + + +To run from local folder : +```sh +kubectl kustomize kustomize/overlays/kubernetes | kubectl create -f - +``` + +To run from remote github repository: +```sh +kubectl kustomize https://github.com/apache/camel-k/kustomize/overlays/kubernetes | kubectl create -f - +``` + +NOTE: to use a different branch add the parameter "ref" to the github repository URL. + + +### Minikube + +You can easilly configure minikube with the registry addon. + +First get the internal registry service IP from minikube : + +```sh +export KAMEL_REGISTRY_ADDRESS="$(kubectl get service --selector "kubernetes.io/minikube-addons"="registry" --namespace kube-system -o=jsonpath='{.items[0].spec.clusterIP}')" +``` + +Then patch registry: +```yaml +- op: replace + path: /spec/build/registry + value: + insecure: true + address: ${KAMEL_REGISTRY_ADDRESS} +``` + +Finally run your modified version: + +kubectl kustomize . | envsubst '$KAMEL_REGISTRY_ADDRESS' | kubectl create -f - \ No newline at end of file diff --git a/install/overlays/kubernetes/kustomization.yaml b/install/overlays/kubernetes/kustomization.yaml new file mode 100644 index 0000000000..487f5207e4 --- /dev/null +++ b/install/overlays/kubernetes/kustomization.yaml @@ -0,0 +1,38 @@ +# --------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# --------------------------------------------------------------------------- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +# Labels to add to all resources and selectors. +commonLabels: + app: camel-k + +sortOptions: + order: fifo + +resources: +- ../../config/crd/ +- ../../config/rbac/ +- ../common +- ../../config/manager/ + +patches: +- path: patch-kubernetes-integration-platform.yaml + target: + group: camel.apache.org + version: v1 + kind: IntegrationPlatform diff --git a/install/overlays/kubernetes/patch-kubernetes-integration-platform.yaml b/install/overlays/kubernetes/patch-kubernetes-integration-platform.yaml new file mode 100644 index 0000000000..4df822c0b4 --- /dev/null +++ b/install/overlays/kubernetes/patch-kubernetes-integration-platform.yaml @@ -0,0 +1,23 @@ +# --------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# --------------------------------------------------------------------------- + +- op: replace + path: /spec/profile + value: Kubernetes +- op: replace + path: /spec/cluster + value: Kubernetes \ No newline at end of file diff --git a/install/overlays/openshift/README.md b/install/overlays/openshift/README.md new file mode 100644 index 0000000000..fc44431646 --- /dev/null +++ b/install/overlays/openshift/README.md @@ -0,0 +1,22 @@ +## Openshift overlay + +## Pre-requise + +This is an overlay intended for Openshift without OLM with the following configuration: +* Cluster-admin privileges are required +* Namespace is `default` +* Operator id is `camel-k` + +## Usage + +To run from local folder : +```sh +kubectl kustomize install/overlays/openshift | kubectl create -f - +``` + +To run from remote github repository: +```sh +kubectl kustomize https://github.com/apache/camel-k/install/overlays/openshift kubectl create -f - +``` + +NOTE: to use a different branch add the parameter "ref" to the github repository URL. diff --git a/install/overlays/openshift/kustomization.yaml b/install/overlays/openshift/kustomization.yaml new file mode 100644 index 0000000000..3186e0b618 --- /dev/null +++ b/install/overlays/openshift/kustomization.yaml @@ -0,0 +1,36 @@ +# --------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# --------------------------------------------------------------------------- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +sortOptions: + order: fifo + +resources: +- ../../config/crd/ +- ../../config/rbac/ +- ../../config/rbac/openshift/ +- ../common +- ../../config/manager/ + +patches: +- path: integration-platform-openshift-patch.yaml + target: + group: camel.apache.org + version: v1 + kind: IntegrationPlatform + diff --git a/install/overlays/openshift/patch-openshift-integration-platform.yaml b/install/overlays/openshift/patch-openshift-integration-platform.yaml new file mode 100644 index 0000000000..08c2077efe --- /dev/null +++ b/install/overlays/openshift/patch-openshift-integration-platform.yaml @@ -0,0 +1,27 @@ +# --------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# --------------------------------------------------------------------------- + +- op: replace + path: /spec/profile + value: OpenShift +- op: replace + path: /spec/build/registry + value: + insecure: true +- op: replace + path: /spec/build/publishStrategy + value: S2I \ No newline at end of file From e3de8901dd0f64a8c10d7ad154d3cb36191b2eae Mon Sep 17 00:00:00 2001 From: Gaelle Fournier Date: Fri, 20 Oct 2023 15:38:59 +0200 Subject: [PATCH 3/4] Remove unused kustomize install files --- install/Makefile | 471 ----------------------- install/example/kustomization.yaml | 21 - install/operator/kustomization.yaml | 50 --- install/platform/kustomization.yaml | 30 -- install/setup-cluster/kustomization.yaml | 22 -- install/setup/kustomization.yaml | 33 -- 6 files changed, 627 deletions(-) delete mode 100644 install/Makefile delete mode 100644 install/example/kustomization.yaml delete mode 100644 install/operator/kustomization.yaml delete mode 100644 install/platform/kustomization.yaml delete mode 100644 install/setup-cluster/kustomization.yaml delete mode 100644 install/setup/kustomization.yaml diff --git a/install/Makefile b/install/Makefile deleted file mode 100644 index ce329c6d51..0000000000 --- a/install/Makefile +++ /dev/null @@ -1,471 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# -# Use bash explicitly in this Makefile to avoid unexpected platform -# incompatibilities among Linux distros. -# -SHELL := /bin/bash - -MAKE := make --no-print-directory - -# -# Allows for resources to be loaded from outside the root location of -# the kustomize config file. Ensures that resource don't need to be -# copied around the file system. -# -# See https://kubectl.docs.kubernetes.io/faq/kustomize -# -KOPTIONS := --load-restrictor LoadRestrictionsNone - -# -# Include the main camel-k Makefile containing -# basic common recipes like kustomize and vars -# like VERSION -# -include script/Makefile - -# -# Vars that can be overridden by external env vars -# -DRY_RUN ?= false -NAMESPACE ?= camel-k - -# Global: [true|false] -# - On setup: will promote roles and bindings to cluster-level -# - On operator: set namespace to all using WATCH_NAMESPACE env var -GLOBAL ?= false -# Always Pull Images: [true|false] -ALWAYS_PULL_IMAGES ?= false -# Monitoring: [true|false] -# - On operator: will add the prometheus resources to install -MONITORING ?= false -# Monitoring Port: integer -MONITORING_PORT ?= 8080 -# Health Port: integer -HEALTH_PORT ?= 8081 -# Operator Logging Level: string [info, debug, 0, 1] -LOGGING_LEVEL ?= info -# Install default kamelets: [true|false] -INSTALL_DEFAULT_KAMELETS ?= true -# Install default pvc: [true|false] -INSTALL_DEFAULT_PVC ?= true -# Uninstall all Camel K resources: [true|false] -UNINSTALL_ALL ?=false - -CONFIG := config -MANAGER := $(CONFIG)/manager -SAMPLES := $(CONFIG)/samples -RBAC := $(CONFIG)/rbac -RBAC_OS := $(RBAC)/openshift -RBAC_GLOBAL := global -OPERATOR := operator -PLACEHOLDER := placeholder -YAML := yaml - -# Fetch the latest image name - may override the original constant -IMAGE_NAME := $(shell grep image: $(MANAGER)/operator-deployment.yaml | sed 's/.*image: \(.*\):.*/\1/') - -# Setup patches -ROLE_TO_CROLE_PATCH := $(RBAC)/patch-role-to-clusterrole -ROLEBIN_TO_CROLEBIN_PATCH := $(RBAC)/patch-rolebinding-to-clusterrolebinding -# Operator patches -PORTS_PATCH := patch-ports -LOG_LEVEL_PATCH := patch-log-level -INSTALL_DEFAULT_KAMELETS_PATCH := patch-install-default-kamelets -IMAGE_PULL_POLICY_PATCH := patch-image-pull-policy-always -WATCH_NAMESPACE_PATCH := patch-watch-namespace-global -# Platform patches -INT_PLATFORM_PATCH := patch-integration-platform - -# -# Macro for editing kustomization to define -# the image reference -# -# Parameter: directory of the kustomization.yaml -# -define set-kustomize-image - $(if $(filter $(IMAGE_NAME),$(CUSTOM_IMAGE):$(CUSTOM_VERSION)),,\ - @cd $(1) || exit 1 && \ - $(KUSTOMIZE) edit set image $(IMAGE_NAME)=$(CUSTOM_IMAGE):$(CUSTOM_VERSION)) -endef - -# -# Macro for editing kustomization to define -# the namespace -# -# Parameter: directory of the kustomization.yaml -# -define set-kustomize-namespace - @cd $(1) || exit 1 && \ - $(KUSTOMIZE) edit set namespace $(NAMESPACE) -endef - -# -# Add or remove a patch on a kustomization.yaml -# targetting a kind of resource -# -# Parameters: -# * directory of the kustomization.yaml -# * [add, remove] -# * path of patch -# * kind of resources, eg. Deployment, Role -# -define add-remove-kind-patch - @cd $(1) || exit 1 && \ - $(KUSTOMIZE) edit $(2) patch --path $(3) --kind $(4) &> /dev/null -endef - -# -# Macro for adding / removing the prometheus resources for monitoring -# -define add-remove-operator-monitoring - @cd $(1) || exit 1 && \ - $(KUSTOMIZE) edit $(2) resource ../$(CONFIG)/prometheus &> /dev/null -endef - -.PHONY: have-platform check_admin setup-cluster .setup-kubernetes .setup-openshift setup - -# -# Determine the platform of the cluster based on -# either the use of querying through a go-client -# or using an installed client, ie. oc or kubectl -# -find-platform: -ifndef PLATFORM -PLATFORM=$(shell script/check_platform.sh) -endif - -# -# Checks if the cluster platform has been defined correctly either by the user -# or by the platform_check script. -# -have-platform: find-platform -ifeq ($(PLATFORM),openshift) - @echo Platform identified as 'openshift' -else ifeq ($(PLATFORM),kubernetes) - @echo Platform identified as 'kubernetes' -else - @echo "****" - @echo "**** ERROR: Cannot continue as cluster platform cannot be identified ****" - @echo "****" - @exit 1 -endif - -# -# Checks if the cluster user has the necessary privileges to be a cluster-admin -# In this case if the user can list the CRDs then probably a cluster-admin -# -check-admin: kubectl - @output=$$(kubectl get crd 2>&1) || (echo "****" && echo "**** ERROR: Cannot continue as user is not a Cluster-Admin ****" && echo "****"; exit 1) - -crd-api-support: kubectl -ifndef CRD_SUPPORT -CRD_SUPPORT=$(shell script/check_crd_api_support.sh) -endif - -check-crd-api-support: crd-api-support -ifneq ($(CRD_SUPPORT),OK) - $(error *** CRD API FAILURE: $(CRD_SUPPORT) ****) -endif - -#--- -# -#@ setup-cluster -# -#== Setup the cluster installation by installing crds and cluster roles. -# -# Will either call setup-cluster-openshift (then setup-cluster-kubernetes) or -# setup-cluster-kubernetes depending on the identity of the cluster -# -#=== Cluster-admin privileges are required. -# -#* PARAMETERS: -#** NAMESPACE: Set the namespace for the resources -#** PLATFORM: Override the discovered platform, if required -#** DRY_RUN: Print the resources to be applied instead of applying them [true|false] -# -#--- -setup-cluster: check-admin check-crd-api-support have-platform kustomize kubectl -# Set the namespace in the setup-cluster kustomization yaml - @$(call set-kustomize-namespace,$@) -ifeq ($(PLATFORM), openshift) - @for res in $(RBAC_OS)/operator-cluster*; do \ - cd $@ || exit 1 && \ - $(KUSTOMIZE) edit add resource ../$$res && \ - cd - &> /dev/null; \ - done -endif -# -# Build the resources -# Post-process ClusterRoleBindings to fix the namespace in the refs (not yet handled by kustomize) -# Either apply to the cluster or output to CLI -# -ifeq ($(DRY_RUN), false) - @$(KUSTOMIZE) build $(KOPTIONS) $@ | \ - sed 's/$(PLACEHOLDER)/$(NAMESPACE)/' | \ - kubectl apply --server-side -f - -else - @$(KUSTOMIZE) build $(KOPTIONS) $@ | \ - sed 's/$(PLACEHOLDER)/$(NAMESPACE)/' -endif - -#--- -# -#@ setup -# -#== Setup the installation by installing roles and granting privileges for the installing operator. -# -#=== Calls setup-cluster -#=== Cluster-admin privileges are required. -# -#* PARAMETERS: -#** NAMESPACE: Set the namespace for the resources -#** GLOBAL: Convert all roles & bindings to cluster-level [true|false] -#** PLATFORM: Override the discovered platform, if required -#** DRY_RUN: Print the resources to be applied instead of applying them [true|false] -# -#--- -setup: setup-cluster -# Set the namespace in the setup kustomization yaml - @$(call set-kustomize-namespace,$@) -# If GLOBAL then add the conversion patches for all roles and rolebindings -ifeq ($(GLOBAL),true) - @$(call add-remove-kind-patch,setup,add,../$(ROLE_TO_CROLE_PATCH).$(YAML),Role) - @$(call add-remove-kind-patch,setup,add,../$(ROLEBIN_TO_CROLEBIN_PATCH).$(YAML),RoleBinding) -else - @$(call add-remove-kind-patch,setup,remove,../$(ROLE_TO_CROLE_PATCH).$(YAML),Role) - @$(call add-remove-kind-patch,setup,remove,../$(ROLEBIN_TO_CROLEBIN_PATCH).$(YAML),RoleBinding) -endif -ifeq ($(PLATFORM), openshift) - @for res in $(RBAC_OS)/operator-role*; do \ - cd $@ || exit 1 && \ - $(KUSTOMIZE) edit add resource ../$$res && \ - cd - &> /dev/null; \ - done -endif -# -# Build the resources -# Post-process RoleBindings to fix the namespace in the refs (not yet handled by kustomize) -# Either apply to the cluster or output to CLI -# -ifeq ($(DRY_RUN), false) - @$(KUSTOMIZE) build $(KOPTIONS) $@ | \ - sed 's/$(PLACEHOLDER)/$(NAMESPACE)/' | \ - kubectl apply --server-side -f - -else - @$(KUSTOMIZE) build $(KOPTIONS) $@ | \ - sed 's/$(PLACEHOLDER)/$(NAMESPACE)/' -endif - -.PHONY: operator .operator-port-patch .operator-can-monitor .operator-log-level-patch - -# -# Customizes the port patch -# -.operator-port-patch: - @sed -i 's/--monitoring-port=.*/--monitoring-port=$(MONITORING_PORT)/' $(MANAGER)/$(PORTS_PATCH).$(YAML) - @sed -i '/path:.*\/containerPort/,/- op/{s/value: .*/value: $(MONITORING_PORT)/}' $(MANAGER)/$(PORTS_PATCH).$(YAML) - @sed -i 's/--health-port=.*/--health-port=$(HEALTH_PORT)/' $(MANAGER)/$(PORTS_PATCH).$(YAML) - @sed -i '/path:.*\/httpGet\/port/,/- op/{s/value: .*/value: $(HEALTH_PORT)/}' $(MANAGER)/$(PORTS_PATCH).$(YAML) - -# -# Customizes the log level patch -# -.operator-log-level-patch: - @sed -i 's/ value:.*/ value: "$(LOGGING_LEVEL)"/' $(MANAGER)/$(LOG_LEVEL_PATCH).$(YAML) - -.operator-can-monitor: kubectl - @output=$$(kubectl get crd prometheusrules.monitoring.coreos.com 2>&1) || (echo "****" && echo "**** ERROR: Montoring not available as Prometheus CRDs not installed in cluster ****" && echo "****"; exit 1) - -#--- -# -#@ operator -# -#== Install the operator deployment and related resources. -# -#=== Cluster-admin privileges are required. -# -#* PARAMETERS: -#** NAMESPACE: Set the namespace to install the operator into -#** PLATFORM: Override the discovered platform, if required -#** GLOBAL: Set the operator to watch all namespaces for custom resources [true|false] -#** CUSTOM_IMAGE: Set a custom operator image name -#** CUSTOM_VERSION: Set a custom operator image version/tag -#** ALWAYS_PULL_IMAGES: Set whether to always pull the operator image [true|false] -#** MONITORING: Add the prometheus monitoring resources -#** MONITORING_PORT: Set a custom monitoring port -#** HEALTH_PORT: Set a custom health port -#** LOGGING_LEVEL: Set the level of logging [info|debug] -#** INSTALL_DEFAULT_KAMELETS: Install the default Kamelets from catalog [true|false] -#** DRY_RUN: Print the resources to be applied instead of applying them [true|false] -# -#--- -operator: check-admin have-platform check-crd-api-support kustomize kubectl .operator-port-patch .operator-log-level-patch -ifeq ($(MONITORING), true) - @$(MAKE) -s .operator-can-monitor - @$(call add-remove-operator-monitoring,$@,add) -else - @$(call add-remove-operator-monitoring,$@,remove) -endif -# Set the namespace in the operator kustomization yaml - @$(call set-kustomize-namespace,$@) -# Set the image reference of the kustomization - @$(call set-kustomize-image,$@) -# Set the WATCH NAMESPACE env var depending on GLOBAL var -ifeq ($(GLOBAL), true) - @$(call add-remove-kind-patch,$(MANAGER),add,$(WATCH_NAMESPACE_PATCH).$(YAML),Deployment) -else - @$(call add-remove-kind-patch,$(MANAGER),remove,$(WATCH_NAMESPACE_PATCH).$(YAML),Deployment) -endif -# Set the ALWAYS_PULL_IMAGES config depending on var -ifeq ($(ALWAYS_PULL_IMAGES),true) - @$(call add-remove-kind-patch,$(MANAGER),add,$(IMAGE_PULL_POLICY_PATCH).$(YAML),Deployment) -else - @$(call add-remove-kind-patch,$(MANAGER),remove,$(IMAGE_PULL_POLICY_PATCH).$(YAML),Deployment) -endif -# Set the PORTS depending on vars -ifneq ($(MONITORING_PORT), 8080) - @$(call add-remove-kind-patch,$(MANAGER),add,$(PORTS_PATCH).$(YAML),Deployment) -else ifneq ($(HEALTH_PORT), 8081) - @$(call add-remove-kind-patch,$(MANAGER),add,$(PORTS_PATCH).$(YAML),Deployment) -endif -# Set the Log level of the operator -ifneq ($(LOGGING_LEVEL), info) - @$(call add-remove-kind-patch,$(MANAGER),add,$(LOG_LEVEL_PATCH).$(YAML),Deployment) -else ifneq ($(LOGGING_LEVEL), 0) - @$(call add-remove-kind-patch,$(MANAGER),add,$(LOG_LEVEL_PATCH).$(YAML),Deployment) -else - @$(call add-remove-kind-patch,$(MANAGER),remove,$(LOG_LEVEL_PATCH).$(YAML),Deployment) -endif -# Set the INSTALL_DEFAULT_KAMELETS config depending on var -ifeq ($(INSTALL_DEFAULT_KAMELETS),false) - @$(call add-remove-kind-patch,$(MANAGER),add,$(INSTALL_DEFAULT_KAMELETS_PATCH).$(YAML),Deployment) -else - @$(call add-remove-kind-patch,$(MANAGER),remove,$(INSTALL_DEFAULT_KAMELETS_PATCH).$(YAML),Deployment) -endif -ifeq ($(DRY_RUN), false) - @$(KUSTOMIZE) build $(KOPTIONS) $@ | kubectl apply -f - -else - @$(KUSTOMIZE) build $(KOPTIONS) $@ -endif - -.PHONY: platform .platform-openshift-patch .platform-kubernetes-patch - -# -# Customizes the samples patches for kubernetes -# -.platform-kubernetes-patch: - @sed -i 's/.*profile:.*/ profile: Kubernetes/' $(SAMPLES)/$(INT_PLATFORM_PATCH).$(YAML) - -# -# Customizes the samples patches for openshift -# -.platform-openshift-patch: - @sed -i 's/.*profile:.*/ profile: OpenShift/' $(SAMPLES)/$(INT_PLATFORM_PATCH).$(YAML) - -#--- -# -#@ platform -# -#== Install the integration platform. -# -#=== Cluster-admin privileges are required. -# -#* PARAMETERS: -#** NAMESPACE: Set the namespace to install the operator into -#** PLATFORM: Override the discovered platform, if required -#** DRY_RUN: Print the resources to be applied instead of applying them [true|false] -# -#--- -platform: have-platform kustomize kubectl -# Cannot be a dependency as PLATFORM could contain 'ERROR: ' - @$(MAKE) .platform-$(PLATFORM)-patch -# Set the namespace in the platform kustomization yaml - @$(call set-kustomize-namespace,$@) -ifeq ($(DRY_RUN), false) - @$(KUSTOMIZE) build $(KOPTIONS) $@ | kubectl apply -f - -else - @$(KUSTOMIZE) build $(KOPTIONS) $@ -endif - -.PHONY: example - -#--- -# -#@ example -# -#== Install the example integration. -# -#* PARAMETERS: -#** NAMESPACE: Set the namespace to install the example into -#** PLATFORM: Override the discovered platform, if required -#** DRY_RUN: Print the resources to be applied instead of applying them [true|false] -# -#--- -example: kubectl -# Set the namespace in the example kustomization yaml - @$(call set-kustomize-namespace,$@) -ifeq ($(DRY_RUN), false) - @$(KUSTOMIZE) build $(KOPTIONS) $@ | kubectl apply -f - -else - @$(KUSTOMIZE) build $(KOPTIONS) $@ -endif - -.PHONY: uninstall - -#--- -# -#@ uninstall -# -#== Uninstall the resources previously installed by the platform, operator, setup, and setup-cluster targets. -# -#=== Cluster-admin privileges are required. -# -#* PARAMETERS: -#** NAMESPACE: Set the namespace to uninstall the resources from -#** UNINSTALL_ALL: Uninstall all Camel K resources including crds and cluster roles installed by setup-cluster [true|false] -#** DRY_RUN: Print the resources to be applied instead of applying them [true|false] -# -#--- -uninstall: kubectl -# Set the namespace in the all target kustomization yaml - @$(call set-kustomize-namespace, platform) - @$(call set-kustomize-namespace, operator) - @$(call set-kustomize-namespace, setup) -ifeq ($(UNINSTALL_ALL), true) - @$(call set-kustomize-namespace, setup-cluster) -endif -ifeq ($(DRY_RUN), false) - @$(KUSTOMIZE) build $(KOPTIONS) platform | kubectl delete --ignore-not-found=true -f - - @$(KUSTOMIZE) build $(KOPTIONS) operator | kubectl delete --ignore-not-found=true -f - - @$(KUSTOMIZE) build $(KOPTIONS) setup | kubectl delete --ignore-not-found=true -f - -ifeq ($(UNINSTALL_ALL), true) - @$(KUSTOMIZE) build $(KOPTIONS) setup-cluster | kubectl delete --ignore-not-found=true -f - -endif -else - @$(KUSTOMIZE) build $(KOPTIONS) platform | kubectl delete --dry-run=client -f - - @$(KUSTOMIZE) build $(KOPTIONS) operator | kubectl delete --dry-run=client -f - - @$(KUSTOMIZE) build $(KOPTIONS) setup | kubectl delete --dry-run=client -f - -ifeq ($(UNINSTALL_ALL), true) - @$(KUSTOMIZE) build $(KOPTIONS) setup-cluster | kubectl delete --dry-run=client -f - -endif -endif - -.DEFAULT_GOAL := help -.PHONY: help -help: ## Show this help screen. - @#./script/help.sh $(MAKEFILE_LIST) - @awk 'BEGIN { printf "\nUsage: make \033[31m\033[0m \033[36m\033[0m\n"; printf "\nAvailable targets are:\n" } /^#@/ { printf "\033[36m%-15s\033[0m", $$2; subdesc=0; next } /^#===/ { printf "%-14s \033[32m%s\033[0m\n", " ", substr($$0, 5); subdesc=1; next } /^#==/ { printf "\033[0m%s\033[0m\n\n", substr($$0, 4); next } /^#\*\*/ { printf "%-14s \033[31m%s\033[0m\n", " ", substr($$0, 4); next } /^#\*/ && (subdesc == 1) { printf "\n"; next } /^#\-\-\-/ { printf "\n"; next }' $(MAKEFILE_LIST) diff --git a/install/example/kustomization.yaml b/install/example/kustomization.yaml deleted file mode 100644 index 6b9541ac78..0000000000 --- a/install/example/kustomization.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# --------------------------------------------------------------------------- -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# --------------------------------------------------------------------------- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: -- ../config/samples/bases/camel_v1_integration.yaml diff --git a/install/operator/kustomization.yaml b/install/operator/kustomization.yaml deleted file mode 100644 index dc1a8db59d..0000000000 --- a/install/operator/kustomization.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# --------------------------------------------------------------------------- -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# --------------------------------------------------------------------------- - -# -# Add patches for modifying the deployment -# -# * patch-image-pull-policy-always.yaml -# modifies the image pull policy property to "Always" -# -# * patch-monitoring-port.yaml -# modifies the monitoring port -# -# * patch-health-port.yaml -# modifies the health port -# -# * patch-watch-namespace-global.yaml -# modifies the WATCH_NAMESPACE env var to wildcard for all namespaces -# -# * patch-toleration.yaml -# modifies the tolerations configuration of the deployment -# Edit the patch manually to add the required keys -# -# * patch-nodes-selector.yaml -# modifies the nodeSelector configuration of the deployment -# to bind the deployment to a particular labelled group of nodes -# Edit the patch manually to add the required configuration -# -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: -- ../config/manager -images: -- name: docker.io/apache/camel-k - newName: docker.io/apache/camel-k - newTag: 2.0.0-SNAPSHOT diff --git a/install/platform/kustomization.yaml b/install/platform/kustomization.yaml deleted file mode 100644 index b425aeb515..0000000000 --- a/install/platform/kustomization.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# --------------------------------------------------------------------------- -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# --------------------------------------------------------------------------- - -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -# -# * patch-integration-platform.yaml -# customizes the integration platform custom resource -# Edit the patch manually to add required configuration -# -resources: -- ../config/samples/bases/camel_v1_integrationplatform.yaml - -patchesStrategicMerge: -- ../config/samples/patch-integration-platform.yaml diff --git a/install/setup-cluster/kustomization.yaml b/install/setup-cluster/kustomization.yaml deleted file mode 100644 index cfce7838b8..0000000000 --- a/install/setup-cluster/kustomization.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# --------------------------------------------------------------------------- -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# --------------------------------------------------------------------------- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: -- ../config/crd -- ../config/rbac/user-cluster-role.yaml diff --git a/install/setup/kustomization.yaml b/install/setup/kustomization.yaml deleted file mode 100644 index 9598726cae..0000000000 --- a/install/setup/kustomization.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# --------------------------------------------------------------------------- -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# --------------------------------------------------------------------------- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: -- ../config/rbac - -transformers: -- |- - apiVersion: builtin - kind: PatchTransformer - metadata: - name: fix-local-registry-rbac-namespace - patch: '[{"op": "replace", "path": "/metadata/namespace", "value": "kube-public"}]' - target: - group: rbac.authorization.k8s.io - kind: RoleBinding - name: camel-k-operator-local-registry From 7b45cbdbc328288b548092f6fc83d31f2cb3644b Mon Sep 17 00:00:00 2001 From: Gaelle Fournier Date: Mon, 23 Oct 2023 11:17:29 +0200 Subject: [PATCH 4/4] Externalize registry rbac from default rbac --- config/manager/kustomization.yaml | 10 ++++++- .../bases/camel-k.clusterserviceversion.yaml | 2 +- config/rbac/kustomization.yaml | 2 -- config/rbac/registry/kustomization.yaml | 26 +++++++++++++++++++ .../operator-cluster-role-local-registry.yaml | 2 +- .../operator-role-binding-local-registry.yaml | 0 install/overlays/common/kustomization.yaml | 4 +-- ...-operator-custom-resource-definitions.yaml | 20 ++++++++++++++ ...namespace-role-binding-local-registry.yaml | 20 ++++++++++++++ .../resources/integration-platform.yaml | 1 - .../kubernetes/kube-public-transformer.yaml | 9 +++++++ .../overlays/kubernetes/kustomization.yaml | 13 +++++----- install/overlays/kubernetes/namespace.yaml | 5 ++++ pkg/util/registry/kep_1755.go | 1 + 14 files changed, 100 insertions(+), 15 deletions(-) create mode 100644 config/rbac/registry/kustomization.yaml rename config/rbac/{ => registry}/operator-cluster-role-local-registry.yaml (98%) rename config/rbac/{ => registry}/operator-role-binding-local-registry.yaml (100%) create mode 100644 install/overlays/common/patches/patch-namespace-camel-k-operator-custom-resource-definitions.yaml create mode 100644 install/overlays/common/patches/patch-namespace-role-binding-local-registry.yaml create mode 100644 install/overlays/kubernetes/kube-public-transformer.yaml create mode 100644 install/overlays/kubernetes/namespace.yaml diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 39e8b42bb9..505acfd3af 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -19,6 +19,14 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- operator-deployment.yaml - operator-service-account.yaml +- operator-deployment.yaml +patchesStrategicMerge: +- patch-toleration.yaml +- patch-node-selector.yaml +- patch-resource-requirements.yaml +patches: +- path: patch-log-level.yaml + target: + kind: Deployment \ No newline at end of file diff --git a/config/manifests/bases/camel-k.clusterserviceversion.yaml b/config/manifests/bases/camel-k.clusterserviceversion.yaml index db02c16a40..b94cf5e9bb 100644 --- a/config/manifests/bases/camel-k.clusterserviceversion.yaml +++ b/config/manifests/bases/camel-k.clusterserviceversion.yaml @@ -32,7 +32,7 @@ metadata: repository: https://github.com/apache/camel-k support: Camel name: camel-k.v2.2.0 - namespace: placeholder + namespace: default spec: apiservicedefinitions: {} customresourcedefinitions: diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index f2600f1626..6e488ca9c8 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -34,7 +34,6 @@ resources: - operator-role-binding-keda.yaml - operator-role-binding-knative.yaml - operator-role-binding-leases.yaml -- operator-role-binding-local-registry.yaml - operator-role-binding-podmonitors.yaml - operator-role-binding-strimzi.yaml - operator-role-binding.yaml @@ -42,4 +41,3 @@ resources: - operator-cluster-role-binding-custom-resource-definitions.yaml - operator-cluster-role-addressable-resolver.yaml - operator-cluster-role-binding-addressable-resolver.yaml -- operator-cluster-role-local-registry.yaml diff --git a/config/rbac/registry/kustomization.yaml b/config/rbac/registry/kustomization.yaml new file mode 100644 index 0000000000..f1cad91558 --- /dev/null +++ b/config/rbac/registry/kustomization.yaml @@ -0,0 +1,26 @@ +# --------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# --------------------------------------------------------------------------- + +# +# rbac resources applicable for all kubernetes platforms +# +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- operator-role-binding-local-registry.yaml +- operator-cluster-role-local-registry.yaml diff --git a/config/rbac/operator-cluster-role-local-registry.yaml b/config/rbac/registry/operator-cluster-role-local-registry.yaml similarity index 98% rename from config/rbac/operator-cluster-role-local-registry.yaml rename to config/rbac/registry/operator-cluster-role-local-registry.yaml index cb90a5fb44..aa25b52c0f 100644 --- a/config/rbac/operator-cluster-role-local-registry.yaml +++ b/config/rbac/registry/operator-cluster-role-local-registry.yaml @@ -25,4 +25,4 @@ rules: - apiGroups: [""] resources: ["configmaps"] resourceNames: ["local-registry-hosting"] - verbs: ["get"] + verbs: ["get"] \ No newline at end of file diff --git a/config/rbac/operator-role-binding-local-registry.yaml b/config/rbac/registry/operator-role-binding-local-registry.yaml similarity index 100% rename from config/rbac/operator-role-binding-local-registry.yaml rename to config/rbac/registry/operator-role-binding-local-registry.yaml diff --git a/install/overlays/common/kustomization.yaml b/install/overlays/common/kustomization.yaml index 6ae3038426..0424ff80a1 100644 --- a/install/overlays/common/kustomization.yaml +++ b/install/overlays/common/kustomization.yaml @@ -15,6 +15,6 @@ # limitations under the License. # --------------------------------------------------------------------------- -resources: -- resources/integration-platform.yaml +#resources: +#- resources/integration-platform.yaml diff --git a/install/overlays/common/patches/patch-namespace-camel-k-operator-custom-resource-definitions.yaml b/install/overlays/common/patches/patch-namespace-camel-k-operator-custom-resource-definitions.yaml new file mode 100644 index 0000000000..2d30ca655d --- /dev/null +++ b/install/overlays/common/patches/patch-namespace-camel-k-operator-custom-resource-definitions.yaml @@ -0,0 +1,20 @@ +# --------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# --------------------------------------------------------------------------- + +- op: replace + path: /subjects/0/namespace + value: default \ No newline at end of file diff --git a/install/overlays/common/patches/patch-namespace-role-binding-local-registry.yaml b/install/overlays/common/patches/patch-namespace-role-binding-local-registry.yaml new file mode 100644 index 0000000000..2d30ca655d --- /dev/null +++ b/install/overlays/common/patches/patch-namespace-role-binding-local-registry.yaml @@ -0,0 +1,20 @@ +# --------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# --------------------------------------------------------------------------- + +- op: replace + path: /subjects/0/namespace + value: default \ No newline at end of file diff --git a/install/overlays/common/resources/integration-platform.yaml b/install/overlays/common/resources/integration-platform.yaml index 7e3cd0d1c9..cf73a36efd 100644 --- a/install/overlays/common/resources/integration-platform.yaml +++ b/install/overlays/common/resources/integration-platform.yaml @@ -10,6 +10,5 @@ spec: maven: settings: {} settingsSecurity: {} - registry: {} kamelet: {} traits: {} \ No newline at end of file diff --git a/install/overlays/kubernetes/kube-public-transformer.yaml b/install/overlays/kubernetes/kube-public-transformer.yaml new file mode 100644 index 0000000000..e002f82a2a --- /dev/null +++ b/install/overlays/kubernetes/kube-public-transformer.yaml @@ -0,0 +1,9 @@ +apiVersion: builtin +kind: PatchTransformer +metadata: + name: fix-local-registry-rbac-namespace +patch: '[{"op": "replace", "path": "/metadata/namespace", "value": "kube-public"}]' +target: + group: rbac.authorization.k8s.io + kind: RoleBinding + name: camel-k-operator-local-registry \ No newline at end of file diff --git a/install/overlays/kubernetes/kustomization.yaml b/install/overlays/kubernetes/kustomization.yaml index 487f5207e4..edd64f0f64 100644 --- a/install/overlays/kubernetes/kustomization.yaml +++ b/install/overlays/kubernetes/kustomization.yaml @@ -27,12 +27,11 @@ sortOptions: resources: - ../../config/crd/ - ../../config/rbac/ -- ../common - ../../config/manager/ -patches: -- path: patch-kubernetes-integration-platform.yaml - target: - group: camel.apache.org - version: v1 - kind: IntegrationPlatform + +transformers: +- kube-public-transformer.yaml + +configurations: +- namespace.yaml \ No newline at end of file diff --git a/install/overlays/kubernetes/namespace.yaml b/install/overlays/kubernetes/namespace.yaml new file mode 100644 index 0000000000..173e4081b6 --- /dev/null +++ b/install/overlays/kubernetes/namespace.yaml @@ -0,0 +1,5 @@ +namespace: + - kind: RoleBinding + name: camel-k-operator-local-registry + path: /subjects/namespace + create: false \ No newline at end of file diff --git a/pkg/util/registry/kep_1755.go b/pkg/util/registry/kep_1755.go index f7783e8a32..bfc2c8294b 100644 --- a/pkg/util/registry/kep_1755.go +++ b/pkg/util/registry/kep_1755.go @@ -37,6 +37,7 @@ func GetRegistryAddress(ctx context.Context, c client.Client) (*string, error) { return nil, nil } else if k8serrors.IsNotFound(err) { log.Debug("Cannot find registry configuration local-registry-hosting ConfigMap", "error", err) + return nil, nil } return nil, err