From 6c5f90ffacf71c28d936bde36a6e835514fb1445 Mon Sep 17 00:00:00 2001 From: Pasquale Congiusti Date: Fri, 27 Oct 2023 12:25:15 +0200 Subject: [PATCH] feat(knative): helm installation procedure * The resources required to watch Knative are created for all installation methodologies * A log message is shown in the operator to verify if it has the privileges to watch Knative * Documentation Closes #4716 --- .../bases/camel-k.clusterserviceversion.yaml | 45 +++++----- config/rbac/descoped/kustomization.yaml | 2 +- config/rbac/namespaced/kustomization.yaml | 4 +- docs/charts/index.yaml | 70 +++++++-------- docs/modules/ROOT/nav.adoc | 5 +- .../ROOT/pages/installation/knative.adoc | 14 +++ e2e/knative/knative_test.go | 7 +- e2e/knative/pod_test.go | 4 +- e2e/support/test_support.go | 11 ++- ...{kamelet.feature => kamelet-beans.feature} | 0 .../kamelet-binding-broker.feature | 14 +++ .../kamelet-binding-broker/kamelet.feature | 14 --- ...nding.yaml => logger-sink-binding-br.yaml} | 2 +- ...ding.yaml => timer-source-binding-br.yaml} | 2 +- .../kamelet-binding-broker/yaks-config.yaml | 8 +- ...t.feature => kamelet-binding-http.feature} | 0 ...amelet.feature => kamelet-binding.feature} | 9 +- ...nding.yaml => logger-sink-binding-kb.yaml} | 2 +- ...ding.yaml => timer-source-binding-kb.yaml} | 2 +- .../common/kamelet-binding/yaks-config.yaml | 8 +- ...nding.feature => sinkbinding-http.feature} | 0 helm/camel-k/README.md | 57 ++++++++----- .../operator-cluster-role-bindings.yaml | 17 ++++ .../templates/operator-cluster-roles.yaml | 54 ++++++++++++ .../integration/integration_controller.go | 10 ++- pkg/install/knative.go | 85 ------------------- pkg/install/operator.go | 44 ++++------ pkg/install/optional.go | 6 -- pkg/util/kubernetes/permission.go | 4 +- 29 files changed, 257 insertions(+), 243 deletions(-) create mode 100644 docs/modules/ROOT/pages/installation/knative.adoc rename e2e/yaks/common/kamelet-beans/{kamelet.feature => kamelet-beans.feature} (100%) create mode 100644 e2e/yaks/common/kamelet-binding-broker/kamelet-binding-broker.feature delete mode 100644 e2e/yaks/common/kamelet-binding-broker/kamelet.feature rename e2e/yaks/common/kamelet-binding-broker/{logger-sink-binding.yaml => logger-sink-binding-br.yaml} (97%) rename e2e/yaks/common/kamelet-binding-broker/{timer-source-binding.yaml => timer-source-binding-br.yaml} (97%) rename e2e/yaks/common/kamelet-binding-http/{kamelet.feature => kamelet-binding-http.feature} (100%) rename e2e/yaks/common/kamelet-binding/{kamelet.feature => kamelet-binding.feature} (50%) rename e2e/yaks/common/kamelet-binding/{logger-sink-binding.yaml => logger-sink-binding-kb.yaml} (97%) rename e2e/yaks/common/kamelet-binding/{timer-source-binding.yaml => timer-source-binding-kb.yaml} (97%) rename e2e/yaks/common/knative-sinkbinding-http/{sinkbinding.feature => sinkbinding-http.feature} (100%) delete mode 100644 pkg/install/knative.go diff --git a/config/manifests/bases/camel-k.clusterserviceversion.yaml b/config/manifests/bases/camel-k.clusterserviceversion.yaml index 9a63dfe933..e69dc95dee 100644 --- a/config/manifests/bases/camel-k.clusterserviceversion.yaml +++ b/config/manifests/bases/camel-k.clusterserviceversion.yaml @@ -87,10 +87,12 @@ spec: Apache Camel K ============== - Apache Camel K is a lightweight integration platform, born on Kubernetes, with serverless superpowers. + Apache Camel K is a lightweight integration platform, born on Kubernetes, with serverless superpowers: + the easiest way to build and manage your Camel applications on Kubernetes. ## Installation + You may need to specify the container registry where to store the container images created for the Camel applications. To start using Camel K, install the operator and then create the following `IntegrationPlatform`: ``` apiVersion: camel.apache.org/v1 @@ -99,34 +101,39 @@ spec: name: camel-k labels: app: "camel-k" + spec: + build: + registry: + address: docker.io/my-org ``` - An `IntegrationPlatform` resource is automatically created by default on OpenShift, so you can skip this step. - Also, You can edit the `IntegrationPlatform`, to configure Camel K. - The configuration from the `IntegrationPlatform` will apply to the Camel integrations created in the same namespace/project. + An `IntegrationPlatform` resource is automatically created by default on OpenShift, so you can skip this step when using Openshift cluster. ## Running an Integration - After the initial setup, you can run a Camel integration on the cluster by creating an example `Integration`, e.g.: + Run a Camel application on the cluster by creating a sample `Integration`, e.g.: ``` apiVersion: camel.apache.org/v1 kind: Integration metadata: - name: example + annotations: + camel.apache.org/operator.id: camel-k + name: test spec: - sources: - - name: Example.java - content: | - import org.apache.camel.builder.RouteBuilder; - - public class Example extends RouteBuilder { - @Override - public void configure() throws Exception { - from("timer:tick") - .setBody(constant("Hello World!")) - .to("log:info?skipBodyLineSeparator=false"); - } - } + flows: + - from: + parameters: + period: "1000" + steps: + - setBody: + simple: Hello Camel from ${routeId} + - log: ${body} + uri: timer:yaml + ``` + Log the result of the running application: + ``` + kubectl wait --for=condition=ready integration test --timeout=180s + kubectl logs deployment/test -f ``` displayName: Camel K Operator icon: diff --git a/config/rbac/descoped/kustomization.yaml b/config/rbac/descoped/kustomization.yaml index ade2d46ba8..7eed136338 100644 --- a/config/rbac/descoped/kustomization.yaml +++ b/config/rbac/descoped/kustomization.yaml @@ -23,9 +23,9 @@ kind: Kustomization resources: - operator-cluster-role-events.yaml -- operator-cluster-role-knative.yaml - operator-cluster-role.yaml - operator-cluster-role-keda.yaml +- operator-cluster-role-knative.yaml - operator-cluster-role-leases.yaml - operator-cluster-role-podmonitors.yaml - operator-cluster-role-strimzi.yaml diff --git a/config/rbac/namespaced/kustomization.yaml b/config/rbac/namespaced/kustomization.yaml index 510beb4d57..134668d864 100644 --- a/config/rbac/namespaced/kustomization.yaml +++ b/config/rbac/namespaced/kustomization.yaml @@ -23,16 +23,16 @@ kind: Kustomization resources: - operator-role-events.yaml -- operator-role-knative.yaml - operator-role.yaml - operator-role-keda.yaml +- operator-role-knative.yaml - operator-role-leases.yaml - operator-role-podmonitors.yaml - operator-role-strimzi.yaml +- operator-role-binding.yaml - operator-role-binding-events.yaml - operator-role-binding-keda.yaml - operator-role-binding-knative.yaml - operator-role-binding-leases.yaml - operator-role-binding-podmonitors.yaml - operator-role-binding-strimzi.yaml -- operator-role-binding.yaml diff --git a/docs/charts/index.yaml b/docs/charts/index.yaml index 104ae65e42..6892af5c87 100644 --- a/docs/charts/index.yaml +++ b/docs/charts/index.yaml @@ -3,7 +3,7 @@ entries: camel-k: - apiVersion: v2 appVersion: 2.1.0 - created: "2023-10-24T09:35:15.199478942+02:00" + created: "2023-12-22T11:29:49.654212798+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: 3b8a8c2a9c3807ab4f1de096e3b7171a914f2f7b4e522dd88cbba7fedba036c8 @@ -30,7 +30,7 @@ entries: version: 2.1.0 - apiVersion: v2 appVersion: 2.0.1 - created: "2023-10-24T09:35:15.191652047+02:00" + created: "2023-12-22T11:29:49.645753442+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: c0d607c00ec876b211a337f391a3330c40e9f56f400420276ab3dd239234ec22 @@ -57,7 +57,7 @@ entries: version: 2.0.1 - apiVersion: v2 appVersion: 2.0.0 - created: "2023-10-24T09:35:15.184215927+02:00" + created: "2023-12-22T11:29:49.637592397+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: c4f3eeb2536dd573c0b135213d5d02a0f4575d9f6bd2debb31b11615eb7bb085 @@ -84,7 +84,7 @@ entries: version: 2.0.0 - apiVersion: v2 appVersion: 1.12.1 - created: "2023-10-24T09:35:15.14588312+02:00" + created: "2023-12-22T11:29:49.602181347+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: cc5682a0d6cd8f0c475803ac7e142278682a14478dc1a907cf3e36e4dd0ecfb7 @@ -111,7 +111,7 @@ entries: version: 0.13.1 - apiVersion: v2 appVersion: 1.12.0 - created: "2023-10-24T09:35:15.140688157+02:00" + created: "2023-12-22T11:29:49.597081863+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: 394402fd476570978214a1288a883db9f2e1186780322cf3c47503ce27d2c117 @@ -138,7 +138,7 @@ entries: version: 0.13.0 - apiVersion: v2 appVersion: 1.11.1 - created: "2023-10-24T09:35:15.135601375+02:00" + created: "2023-12-22T11:29:49.591825747+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: 2f4a9e0fa5c4adbb16a7795f6ccc1387537ea13b67b1ee2e5f505c0eab349ec6 @@ -165,7 +165,7 @@ entries: version: 0.12.1 - apiVersion: v2 appVersion: 1.11.0 - created: "2023-10-24T09:35:15.130402423+02:00" + created: "2023-12-22T11:29:49.587217004+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: 487e987dbf332d61745d4a8888ed5be116eb1e370d3ebd8cbb095eda470401d1 @@ -192,7 +192,7 @@ entries: version: 0.12.0 - apiVersion: v2 appVersion: 1.10.4 - created: "2023-10-24T09:35:15.125286534+02:00" + created: "2023-12-22T11:29:49.582743662+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: e3708a8a36fde9f85c33a819de5531ed03cdc9331c594e34861fdaea65b3e537 @@ -219,7 +219,7 @@ entries: version: 0.11.4 - apiVersion: v2 appVersion: 1.10.3 - created: "2023-10-24T09:35:15.1208584+02:00" + created: "2023-12-22T11:29:49.578225412+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: 59ddb87112b9b7ccd3db621f5987afe6f61006b5638a2e83eed14c1ba06dfca6 @@ -246,7 +246,7 @@ entries: version: 0.11.3 - apiVersion: v2 appVersion: 1.10.2 - created: "2023-10-24T09:35:15.116338632+02:00" + created: "2023-12-22T11:29:49.572863991+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: 02daa47b4984d9273a3f68854ad4dbc54b40d344fa1167d17954e2e960f54d7e @@ -273,7 +273,7 @@ entries: version: 0.11.2 - apiVersion: v2 appVersion: 1.10.1 - created: "2023-10-24T09:35:15.111568278+02:00" + created: "2023-12-22T11:29:49.568427196+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: f1e8d2405b146b5e7e9a17e2b5f69a456fb7f1e4aa06964f010a88a014ded4e5 @@ -300,7 +300,7 @@ entries: version: 0.11.1 - apiVersion: v2 appVersion: 1.10.0 - created: "2023-10-24T09:35:15.106655136+02:00" + created: "2023-12-22T11:29:49.563568255+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: 14fb0780b934ac871f5dfc473ddb7db1e1a70df257faedf33bd62c99e0eaa980 @@ -327,7 +327,7 @@ entries: version: 0.11.0 - apiVersion: v2 appVersion: 1.9.2 - created: "2023-10-24T09:35:15.101586846+02:00" + created: "2023-12-22T11:29:49.558683135+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: 90ea439bb18596657e6e93b4b07a41a5da499f77d7233d661677a0463b8d5f52 @@ -352,7 +352,7 @@ entries: version: 0.10.3 - apiVersion: v2 appVersion: 1.9.2 - created: "2023-10-24T09:35:15.098093616+02:00" + created: "2023-12-22T11:29:49.555526088+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: bbf1187380da9a5c9725e8c1a94ea49dd858d4dab7da7ea13345a04aa24911d3 @@ -377,7 +377,7 @@ entries: version: 0.10.2 - apiVersion: v2 appVersion: 1.9.1 - created: "2023-10-24T09:35:15.094284057+02:00" + created: "2023-12-22T11:29:49.551358216+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: 0cba3a300eed89997102d6e82a53b4b898cb20b2d89c0c9b75cff58886ac7ac8 @@ -402,7 +402,7 @@ entries: version: 0.10.1 - apiVersion: v2 appVersion: 1.9.0 - created: "2023-10-24T09:35:15.090670777+02:00" + created: "2023-12-22T11:29:49.545793097+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: 6e6cb47f1bbcaf2e0269ee92b8cf3c5d88255681633a53ef61a925536aa9b073 @@ -427,7 +427,7 @@ entries: version: 0.10.0 - apiVersion: v2 appVersion: 1.8.2 - created: "2023-10-24T09:35:15.177296252+02:00" + created: "2023-12-22T11:29:49.631185998+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: 4ada6d477897adb993d6e08e665cdf6eb94ebf71d2503b5cb0921016837021eb @@ -452,7 +452,7 @@ entries: version: 0.9.2 - apiVersion: v2 appVersion: 1.8.1 - created: "2023-10-24T09:35:15.173794324+02:00" + created: "2023-12-22T11:29:49.628096241+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: ec85e315b224177021660106e375de7990b1f4c9594a10d668ade5e998e40bff @@ -477,7 +477,7 @@ entries: version: 0.9.1 - apiVersion: v2 appVersion: 1.8.0 - created: "2023-10-24T09:35:15.170741053+02:00" + created: "2023-12-22T11:29:49.624936682+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: 9c7ec4fceec32adbf281562a9a61aa612a4ac52df358a9a6f4903896ee7a7684 @@ -502,7 +502,7 @@ entries: version: 0.9.0 - apiVersion: v2 appVersion: 1.7.0 - created: "2023-10-24T09:35:15.167316865+02:00" + created: "2023-12-22T11:29:49.62219828+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: efccc4fab8d7f8b4e5ad129d9117e8a8d8fb5f65c7c3141eb07a63481eb7a4a7 @@ -527,7 +527,7 @@ entries: version: 0.8.0 - apiVersion: v2 appVersion: 1.6.1 - created: "2023-10-24T09:35:15.164190105+02:00" + created: "2023-12-22T11:29:49.618798898+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: 949d4e2d12f3a7667ec5dcd924788ba38b955b75cdcf2b9c9fd8bda30d491b20 @@ -552,7 +552,7 @@ entries: version: 0.7.1 - apiVersion: v2 appVersion: 1.5.0 - created: "2023-10-24T09:35:15.160609544+02:00" + created: "2023-12-22T11:29:49.615929215+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: 226251d742edff0f1a71d0068de67de348e0be0a8b29a411cad073ceb7d48535 @@ -577,7 +577,7 @@ entries: version: 0.7.0 - apiVersion: v2 appVersion: 1.4.1 - created: "2023-10-24T09:35:15.157143656+02:00" + created: "2023-12-22T11:29:49.613026637+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: a3f32e2e2d73361b9d4cda028c9c549ba5dfd5cbf1f0224a1badcff295292818 @@ -602,7 +602,7 @@ entries: version: 0.6.1 - apiVersion: v2 appVersion: 1.4.0 - created: "2023-10-24T09:35:15.156176558+02:00" + created: "2023-12-22T11:29:49.612307589+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: a011dd36bbfb07a23ca18baabec945274d2ac1164e08414147ecf683cccf8a21 @@ -627,7 +627,7 @@ entries: version: 0.6.0 - apiVersion: v2 appVersion: 1.3.2-SNAPSHOT - created: "2023-10-24T09:35:15.155372324+02:00" + created: "2023-12-22T11:29:49.611614376+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: 30d999fb1a24c741829cd3ad1c1ba3c8ac4d0571a9ad1258c327c426913312d7 @@ -652,7 +652,7 @@ entries: version: 0.5.2 - apiVersion: v2 appVersion: 1.3.1 - created: "2023-10-24T09:35:15.153868289+02:00" + created: "2023-12-22T11:29:49.609408997+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: 222b6b51ac7c836e1a7cfe44228de3666cb2b4c559c64bee35afaef9cbfe2449 @@ -677,7 +677,7 @@ entries: version: 0.5.1 - apiVersion: v2 appVersion: 1.2.1 - created: "2023-10-24T09:35:15.152280273+02:00" + created: "2023-12-22T11:29:49.607903389+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: 393f4e4b32119824442ee2abdfc34a34bc49ec0fc6e957057e955cb5dd63aece @@ -702,7 +702,7 @@ entries: version: 0.4.1 - apiVersion: v2 appVersion: 1.2.0 - created: "2023-10-24T09:35:15.150206461+02:00" + created: "2023-12-22T11:29:49.606614509+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: c47863e13644340b857acf5c688004927e0ad126a9c39e8c90fa6d84e2c445b9 @@ -727,7 +727,7 @@ entries: version: 0.4.0 - apiVersion: v2 appVersion: 1.1.1 - created: "2023-10-24T09:35:15.148553994+02:00" + created: "2023-12-22T11:29:49.605317089+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: 46771bd1c0e52097f07e9c17e657690872716ed845b196cd0c981c97b984b573 @@ -752,7 +752,7 @@ entries: version: 0.3.2 - apiVersion: v2 appVersion: 1.0.1 - created: "2023-10-24T09:35:15.147265624+02:00" + created: "2023-12-22T11:29:49.603524372+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: d7453b9b6281355caad37896c6760be64735f69009bc312a54cbc17e8a1f6697 @@ -777,7 +777,7 @@ entries: version: 0.3.1 - apiVersion: v2 appVersion: 1.0.0 - created: "2023-10-24T09:35:15.146816933+02:00" + created: "2023-12-22T11:29:49.603192257+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: 610a2b024d539451ee278b72179f34c242a67b7949e2a4eae7b0fa2d8d3630e3 @@ -802,7 +802,7 @@ entries: version: 0.3.0 - apiVersion: v2 appVersion: 1.0.0-RC2 - created: "2023-10-24T09:35:15.146357076+02:00" + created: "2023-12-22T11:29:49.602851839+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: 3d5397e111004a8735849dcebd55c9827e687aa3ab28b5c28de8fe69595e1b8f @@ -827,7 +827,7 @@ entries: version: 0.2.1 - apiVersion: v2 appVersion: 1.0.0-RC2 - created: "2023-10-24T09:35:15.086132845+02:00" + created: "2023-12-22T11:29:49.541215842+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: 43fa5d9563ce76d25695e4132c5870279541b26be2ac8023537b587483853260 @@ -852,7 +852,7 @@ entries: version: 0.1.1 - apiVersion: v2 appVersion: 1.0.0-RC2 - created: "2023-10-24T09:35:15.085662044+02:00" + created: "2023-12-22T11:29:49.54083444+01:00" description: A lightweight integration platform, born on Kubernetes, with serverless superpowers digest: 3bc8c53c4d781c4b4e4aac254d291339b348c2d8b4cf24b579ceb4330a48edd5 @@ -875,4 +875,4 @@ entries: urls: - https://apache.github.io/camel-k/charts/camel-k-0.1.0.tgz version: 0.1.0 -generated: "2023-10-24T09:35:15.084977082+02:00" +generated: "2023-12-22T11:29:49.540216165+01:00" diff --git a/docs/modules/ROOT/nav.adoc b/docs/modules/ROOT/nav.adoc index f13dbd7efa..017b36dfc2 100644 --- a/docs/modules/ROOT/nav.adoc +++ b/docs/modules/ROOT/nav.adoc @@ -1,6 +1,7 @@ * xref:installation/installation.adoc[Installation] -** xref:installation/advanced/maven.adoc[Configuring Maven] -** xref:installation/registry/registry.adoc[Configuring Registry] +** xref:installation/advanced/maven.adoc[Configure Maven] +** xref:installation/registry/registry.adoc[Configure Registry] +** xref:installation/knative.adoc[Configure Knative] ** xref:contributing/upgrade.adoc[Upgrade] ** xref:contributing/uninstalling.adoc[Uninstalling] ** xref:installation/advanced/advanced.adoc[Advanced] diff --git a/docs/modules/ROOT/pages/installation/knative.adoc b/docs/modules/ROOT/pages/installation/knative.adoc new file mode 100644 index 0000000000..844afd2e8a --- /dev/null +++ b/docs/modules/ROOT/pages/installation/knative.adoc @@ -0,0 +1,14 @@ += Knative configuration + +"https://knative.dev[Knative] is an Open-Source Enterprise-level solution to build Serverless and Event Driven Applications". The effort done in this project is a great complement to Camel K, which can leverage some feature offered by Knative. In particular, Camel K will be able to leverage "scale to 0" (hence, serverless) feature offered by Knative. + +NOTE: Knative is an optional configuration. It is not required to run Camel K. + +[[install-knative]] +== Knative privileges + +Camel K needs to have certain privileges to use the resources used by Knative. However, the installation procedure should take care of all the privileges aspects regardless the installation methodology you're using. + +NOTE: you should https://knative.dev/docs/install/[install Knative] "Serving" resources before installing and running Camel K Operator. This is required because the operator "watches" certain resources installed by Knative. If yuo install Knative after Camel K, then, you must restart Camel K operator Pod in order to watch the Knative resources accordingly. + +From now on you should be able to run some Camel application leveraging Knative with Camel K (see https://github.com/apache/camel-k-examples/tree/main/generic-examples/knative[examples]). \ No newline at end of file diff --git a/e2e/knative/knative_test.go b/e2e/knative/knative_test.go index 56ce5d5ec2..889eacc1d4 100644 --- a/e2e/knative/knative_test.go +++ b/e2e/knative/knative_test.go @@ -46,13 +46,13 @@ func TestKnative(t *testing.T) { t.Run("Service combo", func(t *testing.T) { Expect(KamelRunWithID(operatorID, ns, "files/knative2.groovy").Execute()).To(Succeed()) Eventually(IntegrationPodPhase(ns, "knative2"), TestTimeoutLong).Should(Equal(v1.PodRunning)) - Eventually(IntegrationConditionStatus(ns, "knative2", camelv1.IntegrationConditionReady), TestTimeoutShort).Should(Equal(v1.ConditionTrue)) + Eventually(IntegrationConditionStatus(ns, "knative2", camelv1.IntegrationConditionReady), TestTimeoutMedium).Should(Equal(v1.ConditionTrue)) Expect(KamelRunWithID(operatorID, ns, "files/knative3.groovy").Execute()).To(Succeed()) Eventually(IntegrationPodPhase(ns, "knative3"), TestTimeoutLong).Should(Equal(v1.PodRunning)) - Eventually(IntegrationConditionStatus(ns, "knative3", camelv1.IntegrationConditionReady), TestTimeoutShort).Should(Equal(v1.ConditionTrue)) + Eventually(IntegrationConditionStatus(ns, "knative3", camelv1.IntegrationConditionReady), TestTimeoutMedium).Should(Equal(v1.ConditionTrue)) Expect(KamelRunWithID(operatorID, ns, "files/knative1.groovy").Execute()).To(Succeed()) Eventually(IntegrationPodPhase(ns, "knative1"), TestTimeoutLong).Should(Equal(v1.PodRunning)) - Eventually(IntegrationConditionStatus(ns, "knative1", camelv1.IntegrationConditionReady), TestTimeoutShort).Should(Equal(v1.ConditionTrue)) + Eventually(IntegrationConditionStatus(ns, "knative1", camelv1.IntegrationConditionReady), TestTimeoutMedium).Should(Equal(v1.ConditionTrue)) // Correct logs Eventually(IntegrationLogs(ns, "knative1"), TestTimeoutMedium).Should(ContainSubstring("Received from 2: Hello from knative2")) Eventually(IntegrationLogs(ns, "knative1"), TestTimeoutMedium).Should(ContainSubstring("Received from 3: Hello from knative3")) @@ -142,6 +142,7 @@ func TestRunBroker(t *testing.T) { WithNewTestNamespaceWithKnativeBroker(t, func(ns string) { operatorID := fmt.Sprintf("camel-k-%s", ns) Expect(KamelInstallWithID(operatorID, ns, "--trait-profile", "knative").Execute()).To(Succeed()) + Expect(KamelRunWithID(operatorID, ns, "files/knativeevt1.groovy").Execute()).To(Succeed()) Expect(KamelRunWithID(operatorID, ns, "files/knativeevt2.groovy").Execute()).To(Succeed()) Eventually(IntegrationPodPhase(ns, "knativeevt1"), TestTimeoutLong).Should(Equal(v1.PodRunning)) diff --git a/e2e/knative/pod_test.go b/e2e/knative/pod_test.go index 64b39fda11..bb7d4e083a 100644 --- a/e2e/knative/pod_test.go +++ b/e2e/knative/pod_test.go @@ -39,10 +39,10 @@ func TestPodTraitWithKnative(t *testing.T) { Expect(KamelRunWithID(operatorID, ns, "files/podtest-knative2.groovy", "--pod-template", "files/template-knative.yaml").Execute()).To(Succeed()) Eventually(IntegrationPodPhase(ns, "podtest-knative2"), TestTimeoutLong).Should(Equal(corev1.PodRunning)) - Eventually(IntegrationConditionStatus(ns, "podtest-knative2", v1.IntegrationConditionReady), TestTimeoutShort).Should(Equal(corev1.ConditionTrue)) + Eventually(IntegrationConditionStatus(ns, "podtest-knative2", v1.IntegrationConditionReady), TestTimeoutMedium).Should(Equal(corev1.ConditionTrue)) Expect(KamelRunWithID(operatorID, ns, "files/podtest-knative1.groovy").Execute()).To(Succeed()) Eventually(IntegrationPodPhase(ns, "podtest-knative1"), TestTimeoutLong).Should(Equal(corev1.PodRunning)) - Eventually(IntegrationConditionStatus(ns, "podtest-knative1", v1.IntegrationConditionReady), TestTimeoutShort).Should(Equal(corev1.ConditionTrue)) + Eventually(IntegrationConditionStatus(ns, "podtest-knative1", v1.IntegrationConditionReady), TestTimeoutMedium).Should(Equal(corev1.ConditionTrue)) Eventually(IntegrationLogs(ns, "podtest-knative1"), TestTimeoutShort).Should(ContainSubstring("hello from the template")) Expect(Kamel("delete", "--all", "-n", ns).Execute()).To(Succeed()) diff --git a/e2e/support/test_support.go b/e2e/support/test_support.go index 371e8491ae..4b67c6dc65 100644 --- a/e2e/support/test_support.go +++ b/e2e/support/test_support.go @@ -102,10 +102,13 @@ const ciPID = "/tmp/ci-k8s-pid" // v1alpha1.Kamelet, v1alpha1.KameletBinding const ExpectedCRDs = 8 -// camel-k-operator, camel-k-operator-events, -// camel-k-operator-knative, camel-k-operator-leases, -// camel-k-operator-podmonitors, camel-k-operator-strimzi, -// camel-k-operator-keda +// camel-k-operator, +// camel-k-operator-events, +// camel-k-operator-leases, +// camel-k-operator-podmonitors, +// camel-k-operator-strimzi, +// camel-k-operator-keda, +// camel-k-operator-knative const ExpectedKubePromoteRoles = 7 // camel-k-edit diff --git a/e2e/yaks/common/kamelet-beans/kamelet.feature b/e2e/yaks/common/kamelet-beans/kamelet-beans.feature similarity index 100% rename from e2e/yaks/common/kamelet-beans/kamelet.feature rename to e2e/yaks/common/kamelet-beans/kamelet-beans.feature diff --git a/e2e/yaks/common/kamelet-binding-broker/kamelet-binding-broker.feature b/e2e/yaks/common/kamelet-binding-broker/kamelet-binding-broker.feature new file mode 100644 index 0000000000..2282bb61df --- /dev/null +++ b/e2e/yaks/common/kamelet-binding-broker/kamelet-binding-broker.feature @@ -0,0 +1,14 @@ +Feature: Camel K can bind Kamelets to the broker + + Background: + Given Camel K resource polling configuration + | maxAttempts | 40 | + | delayBetweenAttempts | 3000 | + + Scenario: Sending event to the custom broker with KameletBinding + Given Camel K integration logger-sink-binding-br is running + Then Camel K integration logger-sink-binding-br should print message: Hello Custom Event from sample-broker + + Scenario: Remove resources + Given delete Camel K integration timer-source-binding-br + Given delete Camel K integration logger-sink-binding-br diff --git a/e2e/yaks/common/kamelet-binding-broker/kamelet.feature b/e2e/yaks/common/kamelet-binding-broker/kamelet.feature deleted file mode 100644 index 3b8be0e198..0000000000 --- a/e2e/yaks/common/kamelet-binding-broker/kamelet.feature +++ /dev/null @@ -1,14 +0,0 @@ -Feature: Camel K can bind Kamelets to the broker - - Background: - Given Camel K resource polling configuration - | maxAttempts | 40 | - | delayBetweenAttempts | 3000 | - - Scenario: Sending event to the custom broker with KameletBinding - Given Camel K integration logger-sink-binding is running - Then Camel K integration logger-sink-binding should print message: Hello Custom Event from sample-broker - - Scenario: Remove resources - Given delete Camel K integration timer-source-binding - Given delete Camel K integration logger-sink-binding diff --git a/e2e/yaks/common/kamelet-binding-broker/logger-sink-binding.yaml b/e2e/yaks/common/kamelet-binding-broker/logger-sink-binding-br.yaml similarity index 97% rename from e2e/yaks/common/kamelet-binding-broker/logger-sink-binding.yaml rename to e2e/yaks/common/kamelet-binding-broker/logger-sink-binding-br.yaml index 523f21e586..0638a074c6 100644 --- a/e2e/yaks/common/kamelet-binding-broker/logger-sink-binding.yaml +++ b/e2e/yaks/common/kamelet-binding-broker/logger-sink-binding-br.yaml @@ -18,7 +18,7 @@ apiVersion: camel.apache.org/v1alpha1 kind: KameletBinding metadata: - name: logger-sink-binding + name: logger-sink-binding-br spec: source: ref: diff --git a/e2e/yaks/common/kamelet-binding-broker/timer-source-binding.yaml b/e2e/yaks/common/kamelet-binding-broker/timer-source-binding-br.yaml similarity index 97% rename from e2e/yaks/common/kamelet-binding-broker/timer-source-binding.yaml rename to e2e/yaks/common/kamelet-binding-broker/timer-source-binding-br.yaml index 585be48205..0231d68f54 100644 --- a/e2e/yaks/common/kamelet-binding-broker/timer-source-binding.yaml +++ b/e2e/yaks/common/kamelet-binding-broker/timer-source-binding-br.yaml @@ -18,7 +18,7 @@ apiVersion: camel.apache.org/v1alpha1 kind: KameletBinding metadata: - name: timer-source-binding + name: timer-source-binding-br spec: source: ref: diff --git a/e2e/yaks/common/kamelet-binding-broker/yaks-config.yaml b/e2e/yaks/common/kamelet-binding-broker/yaks-config.yaml index 3369a00764..ac1307831f 100644 --- a/e2e/yaks/common/kamelet-binding-broker/yaks-config.yaml +++ b/e2e/yaks/common/kamelet-binding-broker/yaks-config.yaml @@ -25,10 +25,10 @@ pre: kubectl apply -f timer-source.kamelet.yaml -n $YAKS_NAMESPACE kubectl apply -f logger-sink.kamelet.yaml -n $YAKS_NAMESPACE - kubectl apply -f timer-source-binding.yaml -n $YAKS_NAMESPACE - kubectl apply -f logger-sink-binding.yaml -n $YAKS_NAMESPACE - kubectl wait kameletbinding timer-source-binding --for=condition=Ready --timeout=15m -n $YAKS_NAMESPACE - kubectl wait kameletbinding logger-sink-binding --for=condition=Ready --timeout=15m -n $YAKS_NAMESPACE + kubectl apply -f timer-source-binding-br.yaml -n $YAKS_NAMESPACE + kubectl apply -f logger-sink-binding-br.yaml -n $YAKS_NAMESPACE + kubectl wait kameletbinding timer-source-binding-br --for=condition=Ready --timeout=15m -n $YAKS_NAMESPACE + kubectl wait kameletbinding logger-sink-binding-br --for=condition=Ready --timeout=15m -n $YAKS_NAMESPACE post: - name: print dump if: env:CI=true && failure() diff --git a/e2e/yaks/common/kamelet-binding-http/kamelet.feature b/e2e/yaks/common/kamelet-binding-http/kamelet-binding-http.feature similarity index 100% rename from e2e/yaks/common/kamelet-binding-http/kamelet.feature rename to e2e/yaks/common/kamelet-binding-http/kamelet-binding-http.feature diff --git a/e2e/yaks/common/kamelet-binding/kamelet.feature b/e2e/yaks/common/kamelet-binding/kamelet-binding.feature similarity index 50% rename from e2e/yaks/common/kamelet-binding/kamelet.feature rename to e2e/yaks/common/kamelet-binding/kamelet-binding.feature index eb977d33a9..6e0cf8c916 100644 --- a/e2e/yaks/common/kamelet-binding/kamelet.feature +++ b/e2e/yaks/common/kamelet-binding/kamelet-binding.feature @@ -6,9 +6,10 @@ Feature: Camel K can bind Kamelets | delayBetweenAttempts | 3000 | Scenario: Running integration using a simple Kamelet with KameletBinding - Given Camel K integration logger-sink-binding is running - Then Camel K integration logger-sink-binding should print message: Hello Kamelets + Given Camel K integration logger-sink-binding-kb is running + Then Camel K integration logger-sink-binding-kb should print message: Hello Kamelets Scenario: Remove resources - Given delete Camel K integration timer-source-binding - Given delete Camel K integration logger-sink-binding + Given delete Camel K integration timer-source-binding-kb + Given delete Camel K integration logger-sink-binding-kb + diff --git a/e2e/yaks/common/kamelet-binding/logger-sink-binding.yaml b/e2e/yaks/common/kamelet-binding/logger-sink-binding-kb.yaml similarity index 97% rename from e2e/yaks/common/kamelet-binding/logger-sink-binding.yaml rename to e2e/yaks/common/kamelet-binding/logger-sink-binding-kb.yaml index 8b892b67b8..908a3dd510 100644 --- a/e2e/yaks/common/kamelet-binding/logger-sink-binding.yaml +++ b/e2e/yaks/common/kamelet-binding/logger-sink-binding-kb.yaml @@ -18,7 +18,7 @@ apiVersion: camel.apache.org/v1alpha1 kind: KameletBinding metadata: - name: logger-sink-binding + name: logger-sink-binding-kb spec: source: ref: diff --git a/e2e/yaks/common/kamelet-binding/timer-source-binding.yaml b/e2e/yaks/common/kamelet-binding/timer-source-binding-kb.yaml similarity index 97% rename from e2e/yaks/common/kamelet-binding/timer-source-binding.yaml rename to e2e/yaks/common/kamelet-binding/timer-source-binding-kb.yaml index 7752e3347e..d8d3683ffd 100644 --- a/e2e/yaks/common/kamelet-binding/timer-source-binding.yaml +++ b/e2e/yaks/common/kamelet-binding/timer-source-binding-kb.yaml @@ -18,7 +18,7 @@ apiVersion: camel.apache.org/v1alpha1 kind: KameletBinding metadata: - name: timer-source-binding + name: timer-source-binding-kb spec: source: ref: diff --git a/e2e/yaks/common/kamelet-binding/yaks-config.yaml b/e2e/yaks/common/kamelet-binding/yaks-config.yaml index 2df50d0e75..f809331867 100644 --- a/e2e/yaks/common/kamelet-binding/yaks-config.yaml +++ b/e2e/yaks/common/kamelet-binding/yaks-config.yaml @@ -26,10 +26,10 @@ pre: kubectl apply -f timer-source.kamelet.yaml -n $YAKS_NAMESPACE kubectl apply -f logger-sink.kamelet.yaml -n $YAKS_NAMESPACE - kubectl apply -f timer-source-binding.yaml -n $YAKS_NAMESPACE - kubectl apply -f logger-sink-binding.yaml -n $YAKS_NAMESPACE - kubectl wait kameletbinding timer-source-binding --for=condition=Ready --timeout=10m -n $YAKS_NAMESPACE - kubectl wait kameletbinding logger-sink-binding --for=condition=Ready --timeout=10m -n $YAKS_NAMESPACE + kubectl apply -f timer-source-binding-kb.yaml -n $YAKS_NAMESPACE + kubectl apply -f logger-sink-binding-kb.yaml -n $YAKS_NAMESPACE + kubectl wait kameletbinding timer-source-binding-kb --for=condition=Ready --timeout=10m -n $YAKS_NAMESPACE + kubectl wait kameletbinding logger-sink-binding-kb --for=condition=Ready --timeout=10m -n $YAKS_NAMESPACE post: - name: print dump if: env:CI=true && failure() diff --git a/e2e/yaks/common/knative-sinkbinding-http/sinkbinding.feature b/e2e/yaks/common/knative-sinkbinding-http/sinkbinding-http.feature similarity index 100% rename from e2e/yaks/common/knative-sinkbinding-http/sinkbinding.feature rename to e2e/yaks/common/knative-sinkbinding-http/sinkbinding-http.feature diff --git a/helm/camel-k/README.md b/helm/camel-k/README.md index 838d78a8ea..1daa47960e 100644 --- a/helm/camel-k/README.md +++ b/helm/camel-k/README.md @@ -1,15 +1,13 @@ # Camel K -Apache Camel K is a lightweight integration platform, born on Kubernetes, -with serverless superpowers. +Apache Camel K is a lightweight integration platform, born on Kubernetes, with serverless superpowers: the easiest way to build and manage your Camel applications on Kubernetes. -This chart deploys the Camel K operator and all resources needed to natively run -Apache Camel integrations on any Kubernetes cluster. +This chart deploys the Camel K operator and all resources needed to natively run Apache Camel integrations on any Kubernetes cluster. ## Prerequisites - Kubernetes 1.11+ -- Container Image Registry installed and configured for pull +- Container Image Registry installed and configured for pull (optional in Openshift or Minikube) ## Installing the Chart @@ -19,22 +17,33 @@ To install the chart, first add the Camel K repository: $ helm repo add camel-k https://apache.github.io/camel-k/charts ``` -If you are installing on OpenShift, Camel K can use the OpenShift internal registry to -store and pull images. +Depending on the cloud platform of choice, you will need to specify a container registry at installation time. -Installation on OpenShift can be done with command: +### Plain Kubernetes + +A regular installation requires you to provide a registry, used by Camel K to build application containers. See official [Camel K registry documentation](https://camel.apache.org/camel-k/next/installation/registry/registry.html). + +```bash +$ helm install camel-k \ + --set platform.build.registry.address= \ + camel-k/camel-k +``` + +You may install Camel K and specify a container registry later. + +### Openshift + +If you are installing on OpenShift, Camel K can use the OpenShift internal registry to store and pull images: ```bash -$ helm install \ - --generate-name \ +$ helm install camel-k \ --set platform.cluster=OpenShift \ camel-k/camel-k ``` -When running on a cluster with no embedded internal registry, you need to specify the address -and properties of an image registry that the cluster can use to store image. +### Minikube -For example, on Minikube you can enable the internal registry and get its address: +Minikube offers a container registry addon, which it makes very well suited for local Camel K development and testing purposes. You can export the cluster IP registry addon using the following script: ```bash $ minikube addons enable registry @@ -44,15 +53,21 @@ $ export REGISTRY_ADDRESS=$(kubectl -n kube-system get service registry -o jsonp Then you can install Camel K with: ```bash -$ helm install \ - --generate-name \ +$ helm install camel-k \ --set platform.build.registry.address=${REGISTRY_ADDRESS} \ --set platform.build.registry.insecure=true \ camel-k/camel-k ``` -The [configuration](#configuration) section lists -additional parameters that can be set during installation. +### Knative configuration + +Camel K offers the possibility to run serverless Integrations in conjunction with [Knative operator](https://knative.dev). Once Knative and Camel K are installed on the same platform, you can configure Knative resources to be played by Camel K. + +See instructions [how to enable Knative on Camel K](https://camel.apache.org/camel-k/next/installation/knative.html). + +### Additional installation time configuration + +The [configuration](#configuration) section lists additional parameters that can be set during installation. > **Tip**: List all releases using `helm list` @@ -91,8 +106,7 @@ $ kubectl delete -f camel-k/crds ## Configuration -The following table lists the most commonly configured parameters of the -Camel K chart and their default values. The chart allows configuration of an `IntegrationPlatform` resource, which among others includes build properties and traits configuration. A full list of parameters can be found [in the operator specification][1]. +The following table lists the most commonly configured parameters of the Camel K chart and their default values. The chart allows configuration of an `IntegrationPlatform` resource, which among others includes build properties and traits configuration. A full list of parameters can be found [in the operator specification][1]. | Parameter | Description | Default | |----------------------------------------|---------------------------------------------------------------------------|--------------------------------| @@ -111,9 +125,8 @@ Camel K chart and their default values. The chart allows configuration of an `In We'd like to hear your feedback and we love any kind of contribution! -The main contact points for the Camel K project are the [GitHub repository][2] -and the [Chat room][3]. +The main contact points for the Camel K project are the [GitHub repository][2] and the [Camel K chat room][3]. -[1]: https://camel.apache.org/camel-k/latest/architecture/cr/integration-platform.html +[1]: https://camel.apache.org/camel-k/next/architecture/cr/integration-platform.html [2]: https://github.com/apache/camel-k [3]: https://camel.zulipchat.com diff --git a/helm/camel-k/templates/operator-cluster-role-bindings.yaml b/helm/camel-k/templates/operator-cluster-role-bindings.yaml index e8410f0978..54715f734d 100644 --- a/helm/camel-k/templates/operator-cluster-role-bindings.yaml +++ b/helm/camel-k/templates/operator-cluster-role-bindings.yaml @@ -69,6 +69,23 @@ roleRef: apiGroup: rbac.authorization.k8s.io +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: camel-k-operator-knative + labels: + app: "camel-k" + {{- include "camel-k.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: camel-k-operator + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: camel-k-operator-knative + apiGroup: rbac.authorization.k8s.io + --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/helm/camel-k/templates/operator-cluster-roles.yaml b/helm/camel-k/templates/operator-cluster-roles.yaml index 9dba288c5e..ac1da0ca8b 100644 --- a/helm/camel-k/templates/operator-cluster-roles.yaml +++ b/helm/camel-k/templates/operator-cluster-roles.yaml @@ -265,6 +265,60 @@ rules: - list - watch +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: camel-k-operator-knative + labels: + app: "camel-k" + {{- include "camel-k.labels" . | nindent 4 }} +rules: +- apiGroups: + - serving.knative.dev + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventing.knative.dev + resources: + - triggers + verbs: + - create + - delete + - get + - list + - patch + - update +- apiGroups: + - messaging.knative.dev + resources: + - subscriptions + verbs: + - create + - delete + - get + - list + - patch + - update +- apiGroups: + - sources.knative.dev + resources: + - sinkbindings + verbs: + - create + - delete + - get + - list + - patch + - update --- kind: ClusterRole diff --git a/pkg/controller/integration/integration_controller.go b/pkg/controller/integration/integration_controller.go index d76310fda5..a70a8713b4 100644 --- a/pkg/controller/integration/integration_controller.go +++ b/pkg/controller/integration/integration_controller.go @@ -400,14 +400,22 @@ func add(ctx context.Context, mgr manager.Manager, c client.Client, r reconcile. if ok, err := kubernetes.IsAPIResourceInstalled(c, servingv1.SchemeGroupVersion.String(), reflect.TypeOf(servingv1.Service{}).Name()); err != nil { return err } else if ok { - // Check for permission to watch the ConsoleCLIDownload resource + // Check for permission to watch the Knative Service resource checkCtx, cancel := context.WithTimeout(ctx, time.Minute) defer cancel() if ok, err = kubernetes.CheckPermission(checkCtx, c, serving.GroupName, "services", platform.GetOperatorWatchNamespace(), "", "watch"); err != nil { return err } else if ok { + log.Info("KnativeService resources installed in the cluster. RBAC privileges assigned correctly, you can use Knative features.") b.Owns(&servingv1.Service{}, builder.WithPredicates(StatusChangedPredicate{})) + } else { + log.Info(` KnativeService resources installed in the cluster. However Camel K operator has not the required RBAC privileges. You can't use Knative features. + Make sure to apply the required RBAC privileges and restart the Camel K Operator Pod to be able to watch for Camel K managed Knative Services.`) } + } else { + log.Info(`KnativeService resources are not installed in the cluster. You can't use Knative features. If you install Knative Serving resources after the + Camel K operator, make sure to apply the required RBAC privileges and restart the Camel K Operator Pod to be able to watch for + Camel K managed Knative Services.`) } return b.Complete(r) diff --git a/pkg/install/knative.go b/pkg/install/knative.go deleted file mode 100644 index 12e18c3db9..0000000000 --- a/pkg/install/knative.go +++ /dev/null @@ -1,85 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one or more -contributor license agreements. See the NOTICE file distributed with -this work for additional information regarding copyright ownership. -The ASF licenses this file to You under the Apache License, Version 2.0 -(the "License"); you may not use this file except in compliance with -the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package install - -import ( - "context" - "fmt" - - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - - rbacv1ac "k8s.io/client-go/applyconfigurations/rbac/v1" - "k8s.io/client-go/kubernetes" - - "github.com/apache/camel-k/v2/pkg/util/knative" -) - -const knativeAddressableResolverClusterRoleName = "addressable-resolver" - -// BindKnativeAddressableResolverClusterRole binds the Knative addressable resolver aggregated ClusterRole -// to the operator ServiceAccount. -func BindKnativeAddressableResolverClusterRole(ctx context.Context, c kubernetes.Interface, namespace string, operatorNamespace string) error { - if isKnative, err := knative.IsInstalled(c); err != nil { - return err - } else if !isKnative { - return nil - } - if namespace != "" { - return applyAddressableResolverRoleBinding(ctx, c, namespace, operatorNamespace) - } - return applyAddressableResolverClusterRoleBinding(ctx, c, operatorNamespace) -} - -func applyAddressableResolverRoleBinding(ctx context.Context, c kubernetes.Interface, namespace string, operatorNamespace string) error { - rb := rbacv1ac.RoleBinding(fmt.Sprintf("%s-addressable-resolver", serviceAccountName), namespace). - WithSubjects( - rbacv1ac.Subject(). - WithKind("ServiceAccount"). - WithNamespace(operatorNamespace). - WithName(serviceAccountName), - ). - WithRoleRef(rbacv1ac.RoleRef(). - WithAPIGroup(rbacv1.GroupName). - WithKind("ClusterRole"). - WithName(knativeAddressableResolverClusterRoleName)) - - _, err := c.RbacV1().RoleBindings(namespace). - Apply(ctx, rb, metav1.ApplyOptions{FieldManager: serviceAccountName, Force: true}) - - return err -} - -func applyAddressableResolverClusterRoleBinding(ctx context.Context, c kubernetes.Interface, operatorNamespace string) error { - crb := rbacv1ac.ClusterRoleBinding(fmt.Sprintf("%s-addressable-resolver", serviceAccountName)). - WithSubjects( - rbacv1ac.Subject(). - WithKind("ServiceAccount"). - WithNamespace(operatorNamespace). - WithName(serviceAccountName), - ). - WithRoleRef(rbacv1ac.RoleRef(). - WithAPIGroup(rbacv1.GroupName). - WithKind("ClusterRole"). - WithName(knativeAddressableResolverClusterRoleName)) - - _, err := c.RbacV1().ClusterRoleBindings(). - Apply(ctx, crb, metav1.ApplyOptions{FieldManager: serviceAccountName, Force: true}) - - return err -} diff --git a/pkg/install/operator.go b/pkg/install/operator.go index b24dbe2f30..0a3b4c2c9d 100644 --- a/pkg/install/operator.go +++ b/pkg/install/operator.go @@ -41,7 +41,6 @@ import ( "github.com/apache/camel-k/v2/pkg/client" "github.com/apache/camel-k/v2/pkg/resources" "github.com/apache/camel-k/v2/pkg/util/envvar" - "github.com/apache/camel-k/v2/pkg/util/knative" "github.com/apache/camel-k/v2/pkg/util/kubernetes" "github.com/apache/camel-k/v2/pkg/util/minikube" "github.com/apache/camel-k/v2/pkg/util/openshift" @@ -272,29 +271,18 @@ func OperatorOrCollect(ctx context.Context, cmd *cobra.Command, c client.Client, return err } - // Additionally, install Knative resources (roles and bindings) - isKnative, err := knative.IsInstalled(c) - if err != nil { - return err - } - if isKnative { - if err := installKnative(ctx, c, cfg.Namespace, customizer, collection, force, cfg.Global); err != nil { + if err = installEvents(ctx, c, cfg.Namespace, customizer, collection, force, cfg.Global); err != nil { + if k8serrors.IsAlreadyExists(err) { return err } - if err := installClusterRoleBinding(ctx, c, collection, cfg.Namespace, "camel-k-operator-bind-addressable-resolver", "/rbac/operator-cluster-role-binding-addressable-resolver.yaml"); err != nil { - if k8serrors.IsForbidden(err) { - fmt.Fprintln(cmd.ErrOrStderr(), "Warning: the operator will not be able to bind Knative addressable-resolver ClusterRole. Try installing the operator as cluster-admin.") - } else { - return err - } - } + fmt.Fprintln(cmd.ErrOrStderr(), "Warning: the operator will not be able to publish Kubernetes events. Try installing as cluster-admin to allow it to generate events.") } - if err = installEvents(ctx, c, cfg.Namespace, customizer, collection, force, cfg.Global); err != nil { + if err = installKnativeBindings(ctx, c, cfg.Namespace, customizer, collection, force, cfg.Global); err != nil { if k8serrors.IsAlreadyExists(err) { return err } - fmt.Fprintln(cmd.ErrOrStderr(), "Warning: the operator will not be able to publish Kubernetes events. Try installing as cluster-admin to allow it to generate events.") + fmt.Fprintln(cmd.ErrOrStderr(), "Warning: the operator will not be able to create Knative resources. Try installing as cluster-admin.") } if err = installKedaBindings(ctx, c, cfg.Namespace, customizer, collection, force, cfg.Global); err != nil { @@ -315,7 +303,7 @@ func OperatorOrCollect(ctx context.Context, cmd *cobra.Command, c client.Client, if k8serrors.IsAlreadyExists(err) { return err } - fmt.Fprintln(cmd.ErrOrStderr(), "Warning: the operator will not be able to lookup strimzi kafka resources. Try installing as cluster-admin to allow the lookup of strimzi kafka resources.") + fmt.Fprintln(cmd.ErrOrStderr(), "Warning: the operator will not be able to lookup Strimzi Kafka resources. Try installing as cluster-admin to allow the lookup of strimzi kafka resources.") } if err = installLeaseBindings(ctx, c, cfg.Namespace, customizer, collection, force, cfg.Global); err != nil { @@ -509,30 +497,30 @@ func installOperator(ctx context.Context, c client.Client, namespace string, cus ) } -func installKedaBindings(ctx context.Context, c client.Client, namespace string, customizer ResourceCustomizer, collection *kubernetes.Collection, force bool, global bool) error { +func installKnativeBindings(ctx context.Context, c client.Client, namespace string, customizer ResourceCustomizer, collection *kubernetes.Collection, force bool, global bool) error { if global { return ResourcesOrCollect(ctx, c, namespace, collection, force, customizer, - "/rbac/descoped/operator-cluster-role-keda.yaml", - "/rbac/descoped/operator-cluster-role-binding-keda.yaml", + "/rbac/descoped/operator-cluster-role-knative.yaml", + "/rbac/descoped/operator-cluster-role-binding-knative.yaml", ) } else { return ResourcesOrCollect(ctx, c, namespace, collection, force, customizer, - "/rbac/namespaced/operator-role-keda.yaml", - "/rbac/namespaced/operator-role-binding-keda.yaml", + "/rbac/namespaced/operator-role-knative.yaml", + "/rbac/namespaced/operator-role-binding-knative.yaml", ) } } -func installKnative(ctx context.Context, c client.Client, namespace string, customizer ResourceCustomizer, collection *kubernetes.Collection, force bool, global bool) error { +func installKedaBindings(ctx context.Context, c client.Client, namespace string, customizer ResourceCustomizer, collection *kubernetes.Collection, force bool, global bool) error { if global { return ResourcesOrCollect(ctx, c, namespace, collection, force, customizer, - "/rbac/descoped/operator-cluster-role-knative.yaml", - "/rbac/descoped/operator-cluster-role-binding-knative.yaml", + "/rbac/descoped/operator-cluster-role-keda.yaml", + "/rbac/descoped/operator-cluster-role-binding-keda.yaml", ) } else { return ResourcesOrCollect(ctx, c, namespace, collection, force, customizer, - "/rbac/namespaced/operator-role-knative.yaml", - "/rbac/namespaced/operator-role-binding-knative.yaml", + "/rbac/namespaced/operator-role-keda.yaml", + "/rbac/namespaced/operator-role-binding-keda.yaml", ) } } diff --git a/pkg/install/optional.go b/pkg/install/optional.go index 6e1de0972a..eaa5999f74 100644 --- a/pkg/install/optional.go +++ b/pkg/install/optional.go @@ -62,10 +62,4 @@ func OperatorStartupOptionalTools(ctx context.Context, c client.Client, namespac } } } - - // Try to bind the Knative Addressable resolver aggregated ClusterRole to the operator ServiceAccount - if err := BindKnativeAddressableResolverClusterRole(ctx, c, namespace, operatorNamespace); err != nil { - log.Info("Cannot bind the Knative addressable resolver aggregated ClusterRole: skipping.") - log.Debug("Error while binding the Knative Addressable resolver aggregated ClusterRole", "error", err) - } } diff --git a/pkg/util/kubernetes/permission.go b/pkg/util/kubernetes/permission.go index 12b18c5261..e8f3c94663 100644 --- a/pkg/util/kubernetes/permission.go +++ b/pkg/util/kubernetes/permission.go @@ -28,9 +28,7 @@ import ( // CheckPermission can be used to check if the current user/service-account is allowed to execute a given operation // in the cluster. -// E.g. checkPermission(client, olmv1alpha1.GroupName, "clusterserviceversions", namespace, "camel-k", "get") -// - +// E.g. checkPermission(client, olmv1alpha1.GroupName, "clusterserviceversions", namespace, "camel-k", "get"). func CheckPermission(ctx context.Context, client kubernetes.Interface, group, resource, namespace, name, verb string) (bool, error) { sarReview := &authorizationv1.SelfSubjectAccessReview{ Spec: authorizationv1.SelfSubjectAccessReviewSpec{