From 2a948b0411f9126d434e45bc76be86ecc2de13ed Mon Sep 17 00:00:00 2001 From: Hamed Karbasi Date: Mon, 4 Dec 2023 12:14:53 +0330 Subject: [PATCH 1/3] separate docker and bundle steps workflows --- .github/workflows/build.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index da5c4d1..0e7f798 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -6,8 +6,8 @@ on: - 'v*' jobs: - docker: - name: docker + build-push-docker: + name: build-docker runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 @@ -33,6 +33,10 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + build-push-bundle: + name: build-push-bundle + runs-on: ubuntu-latest + steps: - name: Install operator-sdk run: | curl -L https://github.com/operator-framework/operator-sdk/releases/download/v1.31.0/operator-sdk_linux_amd64 -o /usr/local/bin/operator-sdk From ab6b3610a09a17f64f15d4a77cf36015390a4a10 Mon Sep 17 00:00:00 2001 From: Hamed Karbasi Date: Mon, 4 Dec 2023 14:19:32 +0330 Subject: [PATCH 2/3] update helm chart --- config/manager/kustomization.yaml | 7 -- deploy/charts/s3-operator/Chart.yaml | 4 +- ...terresourcequota-updater-binding-rbac.yaml | 14 +++ .../clusterresourcequota-updater-rbac.yaml | 14 +++ .../s3-operator/templates/manager-rbac.yaml | 26 ++++++ ...urcequota-status-updater-binding-rbac.yaml | 14 +++ .../resourcequota-status-updater-rbac.yaml | 14 +++ .../s3-operator/templates/s3bucket-crd.yaml | 93 +++++++++++++++++++ .../s3-operator/templates/s3user-crd.yaml | 1 + .../templates/s3userclaim-crd.yaml | 14 +++ .../validating-webhook-configuration.yaml | 21 +++++ 11 files changed, 213 insertions(+), 9 deletions(-) create mode 100644 deploy/charts/s3-operator/templates/clusterresourcequota-updater-binding-rbac.yaml create mode 100644 deploy/charts/s3-operator/templates/clusterresourcequota-updater-rbac.yaml create mode 100644 deploy/charts/s3-operator/templates/resourcequota-status-updater-binding-rbac.yaml create mode 100644 deploy/charts/s3-operator/templates/resourcequota-status-updater-rbac.yaml create mode 100644 deploy/charts/s3-operator/templates/s3bucket-crd.yaml diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index da9b1d0..e6f4b7e 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -3,10 +3,3 @@ resources: - secret.yaml apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -images: -- name: controller - newName: controller - newTag: latest -- name: ghcr.io/snapp-incubator/s3-operator - newName: s3-operator - newTag: latest diff --git a/deploy/charts/s3-operator/Chart.yaml b/deploy/charts/s3-operator/Chart.yaml index 515901e..dd2caa0 100644 --- a/deploy/charts/s3-operator/Chart.yaml +++ b/deploy/charts/s3-operator/Chart.yaml @@ -13,9 +13,9 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.4 +version: 0.3.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "0.1.5" +appVersion: "v0.3.4" diff --git a/deploy/charts/s3-operator/templates/clusterresourcequota-updater-binding-rbac.yaml b/deploy/charts/s3-operator/templates/clusterresourcequota-updater-binding-rbac.yaml new file mode 100644 index 0000000..2730a01 --- /dev/null +++ b/deploy/charts/s3-operator/templates/clusterresourcequota-updater-binding-rbac.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "s3-operator.fullname" . }}-clusterresourcequota-updater-binding + labels: + {{- include "s3-operator.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: '{{ include "s3-operator.fullname" . }}-clusterresourcequota-updater' +subjects: +- kind: ServiceAccount + name: '{{ include "s3-operator.fullname" . }}-controller-manager' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/deploy/charts/s3-operator/templates/clusterresourcequota-updater-rbac.yaml b/deploy/charts/s3-operator/templates/clusterresourcequota-updater-rbac.yaml new file mode 100644 index 0000000..12ab4cf --- /dev/null +++ b/deploy/charts/s3-operator/templates/clusterresourcequota-updater-rbac.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "s3-operator.fullname" . }}-clusterresourcequota-updater + labels: + {{- include "s3-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - quota.openshift.io + resources: + - clusterresourcequotas/status + verbs: + - update + - patch \ No newline at end of file diff --git a/deploy/charts/s3-operator/templates/manager-rbac.yaml b/deploy/charts/s3-operator/templates/manager-rbac.yaml index f2095e7..6ca8e3b 100644 --- a/deploy/charts/s3-operator/templates/manager-rbac.yaml +++ b/deploy/charts/s3-operator/templates/manager-rbac.yaml @@ -49,6 +49,32 @@ rules: - patch - update - watch +- apiGroups: + - s3.snappcloud.io + resources: + - s3buckets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - s3.snappcloud.io + resources: + - s3buckets/finalizers + verbs: + - update +- apiGroups: + - s3.snappcloud.io + resources: + - s3buckets/status + verbs: + - get + - patch + - update - apiGroups: - s3.snappcloud.io resources: diff --git a/deploy/charts/s3-operator/templates/resourcequota-status-updater-binding-rbac.yaml b/deploy/charts/s3-operator/templates/resourcequota-status-updater-binding-rbac.yaml new file mode 100644 index 0000000..aa69916 --- /dev/null +++ b/deploy/charts/s3-operator/templates/resourcequota-status-updater-binding-rbac.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "s3-operator.fullname" . }}-resourcequota-status-updater-binding + labels: + {{- include "s3-operator.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: '{{ include "s3-operator.fullname" . }}-resourcequota-status-updater' +subjects: +- kind: ServiceAccount + name: '{{ include "s3-operator.fullname" . }}-controller-manager' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/deploy/charts/s3-operator/templates/resourcequota-status-updater-rbac.yaml b/deploy/charts/s3-operator/templates/resourcequota-status-updater-rbac.yaml new file mode 100644 index 0000000..38e4393 --- /dev/null +++ b/deploy/charts/s3-operator/templates/resourcequota-status-updater-rbac.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "s3-operator.fullname" . }}-resourcequota-status-updater + labels: + {{- include "s3-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - resourcequotas/status + verbs: + - update + - patch \ No newline at end of file diff --git a/deploy/charts/s3-operator/templates/s3bucket-crd.yaml b/deploy/charts/s3-operator/templates/s3bucket-crd.yaml new file mode 100644 index 0000000..c28f238 --- /dev/null +++ b/deploy/charts/s3-operator/templates/s3bucket-crd.yaml @@ -0,0 +1,93 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: s3buckets.s3.snappcloud.io + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + labels: + {{- include "s3-operator.labels" . | nindent 4 }} +spec: + group: s3.snappcloud.io + names: + kind: S3Bucket + listKind: S3BucketList + plural: s3buckets + shortNames: + - s3b + singular: s3bucket + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.s3UserRef + name: S3USERREF + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: S3Bucket is the Schema for the s3buckets API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: S3BucketSpec defines the desired state of S3Bucket + properties: + s3DeletionPolicy: + default: delete + enum: + - delete + - retain + type: string + s3SubuserBinding: + items: + properties: + access: + default: read + description: access of the subuser which can be read or write + enum: + - read + - write + type: string + name: + description: name of the subuser + type: string + required: + - name + type: object + type: array + s3UserRef: + type: string + required: + - s3UserRef + type: object + status: + description: S3BucketStatus defines the observed state of S3Bucket + properties: + created: + default: false + type: boolean + policy: + type: string + reason: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] \ No newline at end of file diff --git a/deploy/charts/s3-operator/templates/s3user-crd.yaml b/deploy/charts/s3-operator/templates/s3user-crd.yaml index 623242c..754b545 100644 --- a/deploy/charts/s3-operator/templates/s3user-crd.yaml +++ b/deploy/charts/s3-operator/templates/s3user-crd.yaml @@ -120,6 +120,7 @@ spec: properties: maxBuckets: description: max number of buckets the user can create + format: int64 type: integer maxObjects: anyOf: diff --git a/deploy/charts/s3-operator/templates/s3userclaim-crd.yaml b/deploy/charts/s3-operator/templates/s3userclaim-crd.yaml index 5fda1e2..cb5e2b4 100644 --- a/deploy/charts/s3-operator/templates/s3userclaim-crd.yaml +++ b/deploy/charts/s3-operator/templates/s3userclaim-crd.yaml @@ -12,6 +12,8 @@ spec: kind: S3UserClaim listKind: S3UserClaimList plural: s3userclaims + shortNames: + - s3u singular: s3userclaim scope: Namespaced versions: @@ -64,6 +66,7 @@ spec: properties: maxBuckets: description: max number of buckets the user can create + format: int64 type: integer maxObjects: anyOf: @@ -84,6 +87,11 @@ spec: type: string s3UserClass: type: string + subusers: + items: + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + type: array required: - adminSecret - readonlySecret @@ -96,6 +104,7 @@ spec: properties: maxBuckets: description: max number of buckets the user can create + format: int64 type: integer maxObjects: anyOf: @@ -114,6 +123,11 @@ spec: type: object s3UserName: type: string + subusers: + items: + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + type: array type: object type: object served: true diff --git a/deploy/charts/s3-operator/templates/validating-webhook-configuration.yaml b/deploy/charts/s3-operator/templates/validating-webhook-configuration.yaml index 20726e9..40151ff 100644 --- a/deploy/charts/s3-operator/templates/validating-webhook-configuration.yaml +++ b/deploy/charts/s3-operator/templates/validating-webhook-configuration.yaml @@ -7,6 +7,26 @@ metadata: labels: {{- include "s3-operator.labels" . | nindent 4 }} webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: '{{ include "s3-operator.fullname" . }}-webhook-service' + namespace: '{{ .Release.Namespace }}' + path: /validate-s3-snappcloud-io-v1alpha1-s3bucket + failurePolicy: Fail + name: vs3bucket.kb.io + rules: + - apiGroups: + - s3.snappcloud.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - s3buckets + sideEffects: None - admissionReviewVersions: - v1 clientConfig: @@ -24,6 +44,7 @@ webhooks: operations: - CREATE - UPDATE + - DELETE resources: - s3userclaims sideEffects: None \ No newline at end of file From 5d1acb857cafcd62e361c141e5631693a4f79d0e Mon Sep 17 00:00:00 2001 From: Hamed Karbasi Date: Mon, 4 Dec 2023 14:30:29 +0330 Subject: [PATCH 3/3] specify version of operator-sdk as env in workflow --- .github/workflows/build.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 0e7f798..98596f9 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -36,10 +36,12 @@ jobs: build-push-bundle: name: build-push-bundle runs-on: ubuntu-latest + env: + OPERATOR_SDK_VERSION: v1.31.0 steps: - name: Install operator-sdk run: | - curl -L https://github.com/operator-framework/operator-sdk/releases/download/v1.31.0/operator-sdk_linux_amd64 -o /usr/local/bin/operator-sdk + curl -L https://github.com/operator-framework/operator-sdk/releases/download/${OPERATOR_SDK_VERSION}/operator-sdk_linux_amd64 -o /usr/local/bin/operator-sdk chmod +x /usr/local/bin/operator-sdk - name: Build and push the bundle