From ce0549c7419958561addaf6f3744e21f7977b3ad Mon Sep 17 00:00:00 2001 From: Natalia Marukovich Date: Mon, 21 Oct 2024 12:57:35 +0200 Subject: [PATCH] K8SPSMDB-1183 bundle generations for psmdb --- .github/CODEOWNERS | 6 +- .github/dependabot.yml | 2 +- .gitignore | 4 + Jenkinsfile | 2 +- config/bundle/kustomization.yaml | 10 + config/community/kustomization.yaml | 5 + config/manager/cluster/kustomization.yaml | 13 + config/manager/cluster/manager-cluster.yaml | 48 +++ config/manager/namespace/kustomization.yaml | 13 + .../manager/namespace/manager-namespace.yaml | 50 +++ config/marketplace/kustomization.yaml | 6 + config/operator/kustomization.yaml | 6 + config/rbac/cluster/kustomization.yaml | 7 + config/rbac/cluster/role.yaml | 153 +++++++++ config/rbac/cluster/role_binding.yaml | 13 + config/rbac/cluster/service_account.yaml | 5 + config/rbac/namespace/kustomization.yaml | 7 + config/rbac/namespace/role.yaml | 133 ++++++++ config/rbac/namespace/role_binding.yaml | 12 + config/rbac/namespace/service_account.yaml | 5 + config/redhat/kustomization.yaml | 6 + installers/olm/Makefile | 133 ++++++++ installers/olm/README.md | 6 + installers/olm/bundle.Dockerfile | 16 + installers/olm/bundle.annotations.yaml | 10 + installers/olm/bundle.csv.yaml | 302 ++++++++++++++++++ installers/olm/bundle.relatedImages.yaml | 15 + installers/olm/generate.sh | 190 +++++++++++ 28 files changed, 1173 insertions(+), 5 deletions(-) create mode 100644 config/bundle/kustomization.yaml create mode 100644 config/community/kustomization.yaml create mode 100644 config/manager/cluster/kustomization.yaml create mode 100644 config/manager/cluster/manager-cluster.yaml create mode 100644 config/manager/namespace/kustomization.yaml create mode 100644 config/manager/namespace/manager-namespace.yaml create mode 100644 config/marketplace/kustomization.yaml create mode 100644 config/operator/kustomization.yaml create mode 100644 config/rbac/cluster/kustomization.yaml create mode 100644 config/rbac/cluster/role.yaml create mode 100644 config/rbac/cluster/role_binding.yaml create mode 100644 config/rbac/cluster/service_account.yaml create mode 100644 config/rbac/namespace/kustomization.yaml create mode 100644 config/rbac/namespace/role.yaml create mode 100644 config/rbac/namespace/role_binding.yaml create mode 100644 config/rbac/namespace/service_account.yaml create mode 100644 config/redhat/kustomization.yaml create mode 100644 installers/olm/Makefile create mode 100644 installers/olm/README.md create mode 100644 installers/olm/bundle.Dockerfile create mode 100644 installers/olm/bundle.annotations.yaml create mode 100644 installers/olm/bundle.csv.yaml create mode 100644 installers/olm/bundle.relatedImages.yaml create mode 100755 installers/olm/generate.sh diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index fcb580427a..97bd121a24 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,3 +1,3 @@ -* @hors @egegunes @inelpandzic @pooknull -/e2e-tests/ @tplavcic @nmarukovich @ptankov @jvpasinatto @eleo007 -Jenkinsfile @tplavcic @nmarukovich @ptankov @jvpasinatto @eleo007 +* @hors @egegunes @inelpandzic @pooknull @nmarukovich +/e2e-tests/ @nmarukovich @ptankov @jvpasinatto @eleo007 +Jenkinsfile @nmarukovich @ptankov @jvpasinatto @eleo007 diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 79206bc10e..f6be385652 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -23,7 +23,7 @@ updates: time: "01:00" reviewers: - hors - - tplavcic + - nmarukovich ignore: # ignore patch updates for all dependencies - dependency-name: "*" diff --git a/.gitignore b/.gitignore index 5bc9ed6695..97839cc8a4 100644 --- a/.gitignore +++ b/.gitignore @@ -182,3 +182,7 @@ bin/ ### VisualStudioCode ### .vscode/* .history + +projects/ +installers/olm/operator_*.yaml +installers/olm/bundles diff --git a/Jenkinsfile b/Jenkinsfile index 9f3bb0437b..416728663d 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -12,7 +12,7 @@ void createCluster(String CLUSTER_SUFFIX) { gcloud auth activate-service-account --key-file $CLIENT_SECRET_FILE gcloud config set project $GCP_PROJECT gcloud container clusters list --filter $CLUSTER_NAME-${CLUSTER_SUFFIX} --zone $region --format='csv[no-heading](name)' | xargs gcloud container clusters delete --zone $region --quiet || true - gcloud container clusters create --zone $region $CLUSTER_NAME-${CLUSTER_SUFFIX} --cluster-version=1.27 --machine-type=n1-standard-4 --preemptible --num-nodes=3 --network=jenkins-vpc --subnetwork=jenkins-${CLUSTER_SUFFIX} --no-enable-autoupgrade --cluster-ipv4-cidr=/21 --labels delete-cluster-after-hours=6 --enable-ip-alias --workload-pool=cloud-dev-112233.svc.id.goog && \ + gcloud container clusters create --zone $region $CLUSTER_NAME-${CLUSTER_SUFFIX} --cluster-version=1.28 --machine-type=n1-standard-4 --preemptible --num-nodes=3 --network=jenkins-vpc --subnetwork=jenkins-${CLUSTER_SUFFIX} --no-enable-autoupgrade --cluster-ipv4-cidr=/21 --labels delete-cluster-after-hours=6 --enable-ip-alias --workload-pool=cloud-dev-112233.svc.id.goog && \ kubectl create clusterrolebinding cluster-admin-binding --clusterrole cluster-admin --user jenkins@"$GCP_PROJECT".iam.gserviceaccount.com || ret_val=\$? if [ \${ret_val} -eq 0 ]; then break; fi ret_num=\$((ret_num + 1)) diff --git a/config/bundle/kustomization.yaml b/config/bundle/kustomization.yaml new file mode 100644 index 0000000000..a2c7d81955 --- /dev/null +++ b/config/bundle/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../crd +- ../rbac/namespace +- ../manager/namespace +images: +- name: percona-server-mongodb-operator + newName: perconalab/percona-server-mongodb-operator + newTag: main diff --git a/config/community/kustomization.yaml b/config/community/kustomization.yaml new file mode 100644 index 0000000000..305a5f27bc --- /dev/null +++ b/config/community/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- ../operator diff --git a/config/manager/cluster/kustomization.yaml b/config/manager/cluster/kustomization.yaml new file mode 100644 index 0000000000..0aaa5b2f8a --- /dev/null +++ b/config/manager/cluster/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- manager-cluster.yaml +commonLabels: + app.kubernetes.io/component: operator + app.kubernetes.io/instance: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb-operator + app.kubernetes.io/part-of: percona-server-mongodb-operator +images: +- name: psmdb-operator + newName: tishina/percona-server-mongodb-operator + newTag: main diff --git a/config/manager/cluster/manager-cluster.yaml b/config/manager/cluster/manager-cluster.yaml new file mode 100644 index 0000000000..6c9caa2fbd --- /dev/null +++ b/config/manager/cluster/manager-cluster.yaml @@ -0,0 +1,48 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: percona-server-mongodb-operator +spec: + replicas: 1 + selector: + matchLabels: + name: percona-server-mongodb-operator + template: + metadata: + labels: + name: percona-server-mongodb-operator + spec: + serviceAccountName: percona-server-mongodb-operator + containers: + - name: percona-server-mongodb-operator + image: perconalab/percona-server-mongodb-operator:main + imagePullPolicy: Always + livenessProbe: + failureThreshold: 3 + httpGet: + path: /metrics + port: metrics + scheme: HTTP + ports: + - containerPort: 8080 + protocol: TCP + name: metrics + command: + - percona-server-mongodb-operator + env: + - name: LOG_STRUCTURED + value: 'false' + - name: LOG_LEVEL + value: INFO + - name: WATCH_NAMESPACE + value: "" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: percona-server-mongodb-operator + - name: RESYNC_PERIOD + value: 5s + - name: DISABLE_TELEMETRY + value: "false" diff --git a/config/manager/namespace/kustomization.yaml b/config/manager/namespace/kustomization.yaml new file mode 100644 index 0000000000..7116ee9096 --- /dev/null +++ b/config/manager/namespace/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- manager-namespace.yaml +commonLabels: + app.kubernetes.io/component: operator + app.kubernetes.io/instance: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb-operator + app.kubernetes.io/part-of: percona-server-mongodb-operator +images: +- name: psmdb-operator + newName: tishina/percona-server-mongodb-operator + newTag: main diff --git a/config/manager/namespace/manager-namespace.yaml b/config/manager/namespace/manager-namespace.yaml new file mode 100644 index 0000000000..90581eb9ec --- /dev/null +++ b/config/manager/namespace/manager-namespace.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: percona-server-mongodb-operator +spec: + replicas: 1 + selector: + matchLabels: + name: percona-server-mongodb-operator + template: + metadata: + labels: + name: percona-server-mongodb-operator + spec: + serviceAccountName: percona-server-mongodb-operator + containers: + - name: percona-server-mongodb-operator + image: perconalab/percona-server-mongodb-operator:main + imagePullPolicy: Always + livenessProbe: + failureThreshold: 3 + httpGet: + path: /metrics + port: metrics + scheme: HTTP + ports: + - containerPort: 8080 + protocol: TCP + name: metrics + command: + - percona-server-mongodb-operator + env: + - name: LOG_STRUCTURED + value: 'false' + - name: LOG_LEVEL + value: INFO + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: percona-server-mongodb-operator + - name: RESYNC_PERIOD + value: 5s + - name: DISABLE_TELEMETRY + value: "false" diff --git a/config/marketplace/kustomization.yaml b/config/marketplace/kustomization.yaml new file mode 100644 index 0000000000..42bd0a3da5 --- /dev/null +++ b/config/marketplace/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- ../operator + diff --git a/config/operator/kustomization.yaml b/config/operator/kustomization.yaml new file mode 100644 index 0000000000..adbe6c3d62 --- /dev/null +++ b/config/operator/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- ../bundle + diff --git a/config/rbac/cluster/kustomization.yaml b/config/rbac/cluster/kustomization.yaml new file mode 100644 index 0000000000..82cfb0841b --- /dev/null +++ b/config/rbac/cluster/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- service_account.yaml +- role.yaml +- role_binding.yaml diff --git a/config/rbac/cluster/role.yaml b/config/rbac/cluster/role.yaml new file mode 100644 index 0000000000..14892c48a3 --- /dev/null +++ b/config/rbac/cluster/role.yaml @@ -0,0 +1,153 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: percona-server-mongodb-operator +rules: + - apiGroups: + - psmdb.percona.com + resources: + - perconaservermongodbs + - perconaservermongodbs/status + - perconaservermongodbs/finalizers + - perconaservermongodbbackups + - perconaservermongodbbackups/status + - perconaservermongodbbackups/finalizers + - perconaservermongodbrestores + - perconaservermongodbrestores/status + - perconaservermongodbrestores/finalizers + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods + - pods/exec + - services + - persistentvolumeclaims + - secrets + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apps + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - batch + resources: + - cronjobs + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - events.k8s.io + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - patch + - apiGroups: + - certmanager.k8s.io + - cert-manager.io + resources: + - issuers + - certificates + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - deletecollection + - apiGroups: + - net.gke.io + - multicluster.x-k8s.io + resources: + - serviceexports + - serviceimports + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - deletecollection \ No newline at end of file diff --git a/config/rbac/cluster/role_binding.yaml b/config/rbac/cluster/role_binding.yaml new file mode 100644 index 0000000000..736ec7c4f3 --- /dev/null +++ b/config/rbac/cluster/role_binding.yaml @@ -0,0 +1,13 @@ +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: service-account-percona-server-mongodb-operator +subjects: + - kind: ServiceAccount + name: percona-server-mongodb-operator + namespace: "psmdb-operator" +roleRef: + kind: ClusterRole + name: percona-server-mongodb-operator + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/config/rbac/cluster/service_account.yaml b/config/rbac/cluster/service_account.yaml new file mode 100644 index 0000000000..8a55417bcf --- /dev/null +++ b/config/rbac/cluster/service_account.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: percona-server-mongodb-operator diff --git a/config/rbac/namespace/kustomization.yaml b/config/rbac/namespace/kustomization.yaml new file mode 100644 index 0000000000..82cfb0841b --- /dev/null +++ b/config/rbac/namespace/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- service_account.yaml +- role.yaml +- role_binding.yaml diff --git a/config/rbac/namespace/role.yaml b/config/rbac/namespace/role.yaml new file mode 100644 index 0000000000..36c806a292 --- /dev/null +++ b/config/rbac/namespace/role.yaml @@ -0,0 +1,133 @@ +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: percona-server-mongodb-operator +rules: + - apiGroups: + - psmdb.percona.com + resources: + - perconaservermongodbs + - perconaservermongodbs/status + - perconaservermongodbs/finalizers + - perconaservermongodbbackups + - perconaservermongodbbackups/status + - perconaservermongodbbackups/finalizers + - perconaservermongodbrestores + - perconaservermongodbrestores/status + - perconaservermongodbrestores/finalizers + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - pods + - pods/exec + - services + - persistentvolumeclaims + - secrets + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apps + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - batch + resources: + - cronjobs + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - events.k8s.io + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - patch + - apiGroups: + - certmanager.k8s.io + - cert-manager.io + resources: + - issuers + - certificates + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - deletecollection + - apiGroups: + - net.gke.io + - multicluster.x-k8s.io + resources: + - serviceexports + - serviceimports + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - deletecollection \ No newline at end of file diff --git a/config/rbac/namespace/role_binding.yaml b/config/rbac/namespace/role_binding.yaml new file mode 100644 index 0000000000..38b981fb27 --- /dev/null +++ b/config/rbac/namespace/role_binding.yaml @@ -0,0 +1,12 @@ +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: service-account-percona-server-mongodb-operator +subjects: + - kind: ServiceAccount + name: percona-server-mongodb-operator +roleRef: + kind: Role + name: percona-server-mongodb-operator + apiGroup: rbac.authorization.k8s.io diff --git a/config/rbac/namespace/service_account.yaml b/config/rbac/namespace/service_account.yaml new file mode 100644 index 0000000000..8a55417bcf --- /dev/null +++ b/config/rbac/namespace/service_account.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: percona-server-mongodb-operator diff --git a/config/redhat/kustomization.yaml b/config/redhat/kustomization.yaml new file mode 100644 index 0000000000..42bd0a3da5 --- /dev/null +++ b/config/redhat/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- ../operator + diff --git a/installers/olm/Makefile b/installers/olm/Makefile new file mode 100644 index 0000000000..265ff8bc02 --- /dev/null +++ b/installers/olm/Makefile @@ -0,0 +1,133 @@ +NAME ?= percona-server-mongodb-operator +IMAGE_TAG_OWNER ?= perconalab +IMAGE_TAG_BASE ?= $(IMAGE_TAG_OWNER)/$(NAME) +SED := $(shell which gsed || which sed) +VERSION ?= $(shell git rev-parse --abbrev-ref HEAD | $(SED) -e 's^/^-^g; s^[.]^-^g;' | tr '[:upper:]' '[:lower:]') +IMAGE ?= $(IMAGE_TAG_BASE):$(VERSION) +MODE ?= namespace +DEPLOYDIR = ./deploy + +BUNDLEDIR = $(DEPLOYDIR)/csv/redhat +BUNDLE_CHANNELS := --channels=stable +BUNDLE_DEFAULT_CHANNEL := --default-channel=stable +BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL) + +# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. +ENVTEST_K8S_VERSION = 1.23 +.DEFAULT_GOAL := help +.SUFFIXES: + +CONTAINER ?= docker +OPENSHIFT_VERSIONS ?= v4.12-v4.15 +PACKAGE_CHANNEL ?= stable +MIN_KUBE_VERSION ?= 1.24.0 +DOCKER_DEFAULT_PLATFORM ?= linux/amd64 +SHELL := /bin/bash +REPO_ROOT = $(shell git rev-parse --show-toplevel) + +export VERSION +export BUNDLE_REPO +export OPENSHIFT_VERSIONS +export PACKAGE_CHANNEL +export MIN_KUBE_VERSION +export DOCKER_DEFAULT_PLATFORM +export MODE + +REPO_ROOT = $(shell git rev-parse --show-toplevel) + +distros = community redhat marketplace + +check-version: +ifndef VERSION + $(error VERSION is not set) +endif + +KUSTOMIZE = $(REPO_ROOT)/bin/kustomize +kustomize: ## Download kustomize locally if necessary. + $(call go-get-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/v4@v4.5.3) + +.PHONY: bundles +bundles: ## Build OLM bundles +bundles: check-version $(distros:%=bundles/%) + +# https://olm.operatorframework.io/docs/tasks/creating-operator-bundle/#validating-your-bundle +# https://github.com/operator-framework/community-operators/blob/8a36a33/docs/packaging-required-criteria-ocp.md +.PHONY: bundles/community +bundles/community: + cd ../../config/manager/$(MODE)/ && $(KUSTOMIZE) edit set image psmdb-operator=$(IMAGE) + ./generate.sh community + + env operator-sdk bundle validate $@ --select-optional='suite=operatorframework' + env operator-sdk bundle validate $@ --select-optional='name=community' --optional-values='index-path=$@/Dockerfile' + +.PHONY: bundles/redhat +bundles/redhat: + cd ../../config/manager/$(MODE)/ && $(KUSTOMIZE) edit set image psmdb-operator=$(IMAGE) + ./generate.sh redhat + env operator-sdk bundle validate $@ --select-optional='suite=operatorframework' + +# The 'marketplace' configuration is currently identical to the 'redhat', so we just copy it here. +.PHONY: bundles/marketplace +bundles/marketplace: + cd ../../config/manager/$(MODE)/ && $(KUSTOMIZE) edit set image psmdb-operator=$(IMAGE) + ./generate.sh marketplace + env operator-sdk bundle validate $@ --select-optional='suite=operatorframework' + +.PHONY: clean +clean: clean-deprecated +clean: ## Remove generated files and downloaded tools + rm -rf ./bundles ./projects ./tools + +.PHONY: clean-deprecated +clean-deprecated: + rm -rf ./package + +.PHONY: help +help: ALIGN=18 +help: ## Print this message + @awk -F ': ## ' -- "/^[^':]+: ## /"' { printf "'$$(tput bold)'%-$(ALIGN)s'$$(tput sgr0)' %s\n", $$1, $$2 }' $(MAKEFILE_LIST) + +.PHONY: install-olm +install-olm: ## Install OLM in Kubernetes + env operator-sdk olm install + +.PHONY: tools +tools: ## Download tools needed to build bundles + +tools: tools/$(SYSTEM)/jq +tools/$(SYSTEM)/jq: + install -d '$(dir $@)' + curl -fSL -o '$@' "https://github.com/stedolan/jq/releases/download/jq-1.7.1/jq-$$(SYSTEM='$(SYSTEM)'; \ + case "$$SYSTEM" in \ + (linux-*) echo "$${SYSTEM/-amd/}";; (darwin-*) echo "$${SYSTEM/darwin-*/osx-amd64}";; (*) echo '$(SYSTEM)';; \ + esac)" + chmod u+x '$@' + +tools: tools/$(SYSTEM)/kubectl +tools/$(SYSTEM)/kubectl: + install -d '$(dir $@)' + curl -fSL -o '$@' 'https://dl.k8s.io/release/$(shell curl -Ls https://dl.k8s.io/release/stable-1.21.txt)/bin/$(OS_KERNEL)/$(OS_MACHINE)/kubectl' + chmod u+x '$@' + +# quay.io/operator-framework/operator-sdk +tools: tools/$(SYSTEM)/operator-sdk +tools/$(SYSTEM)/operator-sdk: + install -d '$(dir $@)' + curl -fSL -o '$@' 'https://github.com/operator-framework/operator-sdk/releases/download/v1.19.1/operator-sdk_$(OS_KERNEL)_$(OS_MACHINE)' + chmod u+x '$@' + +tools: tools/$(SYSTEM)/opm +tools/$(SYSTEM)/opm: + install -d '$(dir $@)' + curl -fSL -o '$@' 'https://github.com/operator-framework/operator-registry/releases/download/v1.33.0/$(OS_KERNEL)-$(OS_MACHINE)-opm' + chmod u+x '$@' + +tools/$(SYSTEM)/venv: + install -d '$(dir $@)' + python3 -m venv '$@' + +tools: tools/$(SYSTEM)/yq +tools/$(SYSTEM)/yq: | tools/$(SYSTEM)/venv + 'tools/$(SYSTEM)/venv/bin/python' -m pip install yq + cd '$(dir $@)' && ln -s venv/bin/yq + diff --git a/installers/olm/README.md b/installers/olm/README.md new file mode 100644 index 0000000000..5f8a35143e --- /dev/null +++ b/installers/olm/README.md @@ -0,0 +1,6 @@ +1. Set VERSION env variable +2. Update rbac and operator in config +2. Choose the mode (cluster or namespace) and update bundle/kustomization.yaml and makefile with necessary mode. +3. update description in bundle.csv.yaml +4. Update variables in makefile. +5. ```make bundles``` \ No newline at end of file diff --git a/installers/olm/bundle.Dockerfile b/installers/olm/bundle.Dockerfile new file mode 100644 index 0000000000..ca6ac1a886 --- /dev/null +++ b/installers/olm/bundle.Dockerfile @@ -0,0 +1,16 @@ +# Used to build the bundle image. This file is ignored by the community operator +# registries which work with bundle directories instead. +# https://operator-framework.github.io/community-operators/packaging-operator/ + +FROM scratch AS builder + +COPY manifests/ /build/manifests/ +COPY metadata/ /build/metadata/ + +FROM scratch + +# ANNOTATIONS is replaced with bundle.annotations.yaml +LABEL \ + ${ANNOTATIONS} + +COPY --from=builder /build/ / diff --git a/installers/olm/bundle.annotations.yaml b/installers/olm/bundle.annotations.yaml new file mode 100644 index 0000000000..c96d1981f6 --- /dev/null +++ b/installers/olm/bundle.annotations.yaml @@ -0,0 +1,10 @@ +--- +annotations: + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.channel.default.v1: stable + com.redhat.openshift.versions: 'v4.13' + diff --git a/installers/olm/bundle.csv.yaml b/installers/olm/bundle.csv.yaml new file mode 100644 index 0000000000..ad79b59501 --- /dev/null +++ b/installers/olm/bundle.csv.yaml @@ -0,0 +1,302 @@ +# https://olm.operatorframework.io/docs/concepts/crds/clusterserviceversion/ +# https://docs.openshift.com/container-platform/4.7/operators/operator_sdk/osdk-generating-csvs.html +# https://redhat-connect.gitbook.io/certified-operator-guide/ocp-deployment/operator-metadata/creating-the-csv +# https://pkg.go.dev/github.com/operator-framework/api@v0.10.1/pkg/operators/v1alpha1#ClusterServiceVersion + +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + name: '' # generate.sh + annotations: + features.operators.openshift.io/disconnected: "true" + features.operators.openshift.io/fips-compliant: "false" + features.operators.openshift.io/proxy-aware: "false" + features.operators.openshift.io/tls-profiles: "false" + features.operators.openshift.io/token-auth-aws: "false" + features.operators.openshift.io/token-auth-azure: "false" + features.operators.openshift.io/token-auth-gcp: "false" + features.operators.openshift.io/cnf: "false" + features.operators.openshift.io/cni: "false" + features.operators.openshift.io/csi: "false" + support: percona.com + olm.properties: '[]' + + # The following affect how the package is indexed at OperatorHub.io: + # https://operatorhub.io/?category=Database + # https://sdk.operatorframework.io/docs/advanced-topics/operator-capabilities/operator-capabilities/ + categories: Database + capabilities: Deep Insights + description: >- + Percona Distribution for MongoDB Operator automates the creation, modification, or deletion of items in your Percona Server for MongoDB environment + + # The following appear on the details page at OperatorHub.io: + # https://operatorhub.io/operator/postgresql + createdAt: 2024-10-07 19:40Z + repository: https://github.com/percona/percona-server-mongodb-operator + alm-examples: >- + +spec: + # The following affect how the package is indexed at OperatorHub.io: + # https://operatorhub.io/ + displayName: Percona Distribution for MongoDB Operator + provider: + # These values become labels on the PackageManifest. + name: Percona + url: https://www.percona.com/ + keywords: + - mongodb + - percona + - database + - replicaset + - shard + + # The following appear on the details page at OperatorHub.io: + # https://operatorhub.io/operator/percona-xtradb-cluster-operator + description: |- + ## Percona is Cloud Native + + The Percona Distribution for MongoDB Kubernetes Operator automates the creation, modification, or deletion of items in your Percona Server for MongoDB environment. + The Operator contains the necessary Kubernetes settings to maintain a consistent Percona Server for MongoDB + instance modification, or deletion of items in your Percona Server for MongoDB environment. + The Operator contains the necessary Kubernetes settings to maintain a consistent Percona Server for MongoDB instance. + + + Consult the + [documentation](https://www.percona.com/doc/kubernetes-operator-for-psmongodb/index.html/) + on the Percona Kubernetes Operator for Percona Server for MongoDB for + complete details on capabilities and options. + + + ### Supported Features + + + * **Scale Your Cluster** - change the `size` parameter to [add or remove + members](https://www.percona.com/doc/kubernetes-operator-for-psmongodb/scaling.html) + of the replica set. Three is the minimum recommended size for a functioning + replica set. + + + * **Add Monitoring** - [Percona Monitoring and Management (PMM) can be + easily + deployed](https://www.percona.com/doc/kubernetes-operator-for-psmongodb/monitoring.html) + to monitor your Percona Server for MongoDB replica set(s). The recommended + installation process uses Helm, the package manager for Kubernetes. + + + * **Automate Your Backups** - [configure automatic + backups](https://www.percona.com/doc/kubernetes-operator-for-psmongodb/backups.html) + to run on a scheduled basis or run an on-demand backup at any time. Backups + are performed using Percona Backup for MongoDB (PBM) and can be stored on + local PVs or in any S3-compatible cloud storage provider. + + * **Physical Backups - [configure physical backups](https://docs.percona.com/percona-operator-for-mongodb/backups.html#physical) + + * **Automated volume expansion + Kubernetes supports the Persistent Volume expansion as a stable feature since v1.24. Using it with the Operator + previously involved manual operations. Now this is automated, and users can resize their PVCs by just changing + the value of the resources.requests.storage option in the PerconaServerMongoDB custom resource. + This feature is in a technical preview stage and is not recommended for production environments. + + + ### Common Configurations + + + * **Set Member as Arbiter** - [Set up a replica set which contains an + arbiter](https://www.percona.com/doc/kubernetes-operator-for-psmongodb/arbiter.html), + which participates in elections but does not store any data. This reduces + storage costs while helping maintain replica set integrity. + + + * **Expose Members Outside K8S** - [by appropriately configuring the + ServiceType](https://www.percona.com/doc/kubernetes-operator-for-psmongodb/expose.html) + you can expose replica set members outside of Kubernetes or provide + statically assigned IP addresses. + + + * **Utilize Local Storage Options** - [with support for Local Storage you + can mount existing data + directories](https://www.percona.com/doc/kubernetes-operator-for-psmongodb/storage.html) + into your replica set managed by Kubernetes or utilize high performance + hardware for local storage rather than network storage for your database. + + + ### Before You Start + + + Add the PSMDB user `Secret` to Kubernetes. User information must be placed + in the data section of the `secrets.yaml` + + file with Base64-encoded logins and passwords for the user accounts. + + + Below is a sample `secrets.yaml` file for the correct formatting. + + + ``` + + apiVersion: v1 + + kind: Secret + + metadata: + name: my-cluster-name-secrets + type: Opaque + + data: + MONGODB_BACKUP_USER: YmFja3Vw + MONGODB_BACKUP_PASSWORD: YmFja3VwMTIzNDU2 + MONGODB_CLUSTER_ADMIN_USER: Y2x1c3RlckFkbWlu + MONGODB_CLUSTER_ADMIN_PASSWORD: Y2x1c3RlckFkbWluMTIzNDU2 + MONGODB_CLUSTER_MONITOR_USER: Y2x1c3Rlck1vbml0b3I= + MONGODB_CLUSTER_MONITOR_PASSWORD: Y2x1c3Rlck1vbml0b3IxMjM0NTY= + MONGODB_USER_ADMIN_USER: dXNlckFkbWlu + MONGODB_USER_ADMIN_PASSWORD: dXNlckFkbWluMTIzNDU2 + PMM_SERVER_API_KEY: dXNlckFkbWluMTIzNDU2 + ``` + + ### Release Highlights + * General availability of Physical Backups + Two releases ago we added experimental support for Physical Backups and Restores to significantly reduce Recovery Time Objective (RTO ), + especially for big data sets. With this release Percona announces the general availability of physical backups and restores for + Percona Server for MongoDB with the Operator. + + * Automated volume expansion + Kubernetes supports the Persistent Volume expansion as a stable feature since v1.24. Using it with the Operator previously involved + manual operations. Now this is automated, and users can resize their PVCs by just changing the value of the resources.requests.storage + option in the PerconaServerMongoDB custom resource. This feature is in a technical preview stage and is not recommended + for production environments. + + * Support for MongoDB 7 + Starting from this release, MongoDB 7.0 is now supported. Read our take on top-5 changes in MongoDB version 7 in this blog post . + + * Support for ARM architecture (technical preview) + ARM architecture meets the intensive growth of its usage nowadays, both in a segment of highly efficient cloud computing based on systems + like AWS Graviton, and the Internet of Things or Edge. Officially certified images for ARM are now available for the Operator, + as well as Percona Server for MongoDB and Percona Backup for MongoDB, while database monitoring based on PMM Client is yet to follow. + + * Fixing the overloaded allowUnsafeConfigurations flag + In the previous Operator versions allowUnsafeConfigurations Custom Resource option was used to allow configuring a cluster + with unsafe parameters, such as starting it with less than 3 replica set instances. In fact, setting this option to true + resulted in a wide range of reduced safety features without the user’s explicit intent: disabling TLS, + allowing backups in unhealthy clusters, etc. + + version: '' # generate.sh + links: + - name: Percona + url: 'https://www.percona.com/' + - name: Percona Kubernetes Operators Landing Page + url: 'https://www.percona.com/software/percona-kubernetes-operators' + - name: Documentation + url: 'https://percona.github.io/percona-server-mongodb-operator/' + - name: Github + url: 'https://github.com/percona/percona-server-mongodb-operator' + maintainers: + - name: Percona + email: info@percona.com + icon: + - base64data: >- + PHN2ZyB3aWR0aD0iMjI3IiBoZWlnaHQ9IjE5NCIgdmlld0JveD0iMCAwIDIyNyAxOTQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxwYXRoIGQ9Ik01OS4yODk5IDE5My40M0w0My41NDk5IDE2NS4xMkw1Ny42NDk5IDEzOS43MUw0NS4wNjk5IDExNi45NUgxNi4zMjk5TDAuNjI5ODgzIDg5LjAxTDE2LjA1OTkgNjAuNzlINDkuMDA5OUw2Mi44Mjk5IDg1LjgzSDg4LjAxOTlMMTAyLjQxIDYwLjU2SDEzNC45NkwxNTAuMzUgODguNTJMMTM2LjI3IDExNC4wM0wxNDkuMjEgMTM2Ljc2TDE3OC4yMiAxMzYuODRMMTkzLjYzIDE2NC44OEwxNzguMSAxOTMuMDhMMTQ1Ljg4IDE5My4wNEwxMzEuMTQgMTY3LjQ4SDEwNi4wOUMxMDYuMDkgMTY3LjQ4IDkzLjAwOTkgMTkwLjQ4IDkxLjMxOTkgMTkzLjQzSDU5LjI2OTlINTkuMjg5OVpNNTEuNTA5OSAxNjguMTJMNjIuNTY5OSAxODcuNTdIODQuNjg5OUw3My41Nzk5IDE2OC4wNEw1MS41MTk5IDE2OC4xMkg1MS41MDk5Wk0xODMuODYgMTY3Ljk1QzE4Mi4xOCAxNjcuOTcgMTgwLjU3IDE2Ny45OSAxNzguOTYgMTY4TDE3My4wNSAxNjguMDVDMTY5Ljk5IDE2OC4wOCAxNjYuOTIgMTY4LjEgMTYzLjg2IDE2OC4xMkgxNjMuMzlMMTYzLjE2IDE2OC41M0MxNjAuNDEgMTczLjM5IDE1Ny42NSAxNzguMjUgMTU0Ljg4IDE4My4xMUwxNTIuNDggMTg3LjMzSDE3NC42TDE3NC44MyAxODYuOTJDMTc3LjAxIDE4My4wNiAxNzkuMjIgMTc5LjE5IDE4MS40MiAxNzUuMzFMMTgxLjM0IDE3NS4zNUMxODEuNTggMTc1LjAyIDE4MS45NCAxNzQuMzggMTgyLjYzIDE3My4xOEwxODUuNjIgMTY3LjkzTDE4My44NyAxNjcuOTVIMTgzLjg2Wk03OC40OTk5IDE2NC45Nkw4OS42OTk5IDE4NC41OUwxMDAuOTcgMTY0LjgzTDg5LjkyOTkgMTQ1LjQ4TDc4LjQ5OTkgMTY0Ljk2Wk0xMzYuMzggMTY0LjkzTDE0Ny40NSAxODQuMzRMMTU4LjM3IDE2NS4xOUwxNDcuMyAxNDUuNzdMMTM2LjM4IDE2NC45M1pNNTEuNDk5OSAxNjIuMjZMNzAuMTg5OSAxNjIuMTdMNjkuNDk5OSAxNjAuOTdDNjkuNDk5OSAxNjAuOTcgNjQuMzQ5OSAxNTEuOTMgNjEuNzQ5OSAxNDcuMzdMNjAuODY5OSAxNDUuODJMNTEuNDk5OSAxNjIuMjdWMTYyLjI2Wk0xNjYuNzggMTYyLjIyTDE4NS42NCAxNjIuMDZMMTg0Ljk3IDE2MC44N0MxODIuOCAxNTYuOTkgMTc5LjIgMTUwLjY5IDE3Ni45NSAxNDYuODFMMTc2LjI0IDE0NS41OUwxNjYuNzcgMTYyLjIySDE2Ni43OFpNMTA5LjI5IDE2MS42NkgxMzEuMjdMMTQyLjMzIDE0Mi4yMUgxMjAuOThMMTA5LjMgMTYxLjY2SDEwOS4yOVpNMTYxLjcyIDE1OS4zTDE3MS4yMiAxNDIuNkgxNTIuMkwxNjEuNzEgMTU5LjNIMTYxLjcyWk02Ni4zNTk5IDE0My40MUM2Ny4wNjk5IDE0NC42NyA2Ny45Mzk5IDE0Ni4yNSA2OC44Nzk5IDE0Ny45NEM3MC43ODk5IDE1MS4zOCA3Mi45NDk5IDE1NS4yOCA3NC40Njk5IDE1Ny44OUw3NS4xNjk5IDE1OS4wOUw3NS44Njk5IDE1Ny45Qzc3LjQxOTkgMTU1LjI1IDg0LjI3OTkgMTQzLjQzIDg0LjI3OTkgMTQzLjQzTDg0Ljk4OTkgMTQyLjIxSDY1LjY3OTlMNjYuMzU5OSAxNDMuNDJWMTQzLjQxWk0xMDQuMjEgMTU4LjhMMTE0LjE1IDE0Mi4yQzExNC4xNSAxNDIuMiAxMDkuMDQgMTQyLjIgMTA3LjIxIDE0Mi4ySDk0Ljc5OTlMMTA0LjIyIDE1OC43OUwxMDQuMjEgMTU4LjhaTTY2LjY0OTkgMTM0Ljc5TDY1LjcwOTkgMTM2LjY4TDg4LjAyOTkgMTM2LjRMOTkuMTE5OSAxMTYuOTFINzUuNDc5OUM3NS40Nzk5IDExNi45MSA2OS41Mjk5IDEyOC45NyA2Ni42NDk5IDEzNC43OVpNMTIwLjk3IDEzNi4zNkgxNDIuMzJMMTQxLjYzIDEzNS4xNUMxMzguMjUgMTI5LjIxIDEzNC44NyAxMjMuMjggMTMxLjUgMTE3LjM0TDEzMS4yNyAxMTYuOTNIMTA5LjMxTDEyMC45NyAxMzYuMzZaTTEwMy41IDEyMC45NUMxMDEuMjQgMTI0Ljg2IDk3LjYyOTkgMTMxLjIzIDk1LjQ1OTkgMTM1LjE1TDk0Ljc4OTkgMTM2LjM2SDk2LjE2OTlDMTAxLjcgMTM2LjM1IDEwNy4yMiAxMzYuMzUgMTEyLjczIDEzNi4zNUgxMTQuMTZMMTA0LjE5IDExOS43N0wxMDMuNSAxMjAuOTZWMTIwLjk1Wk02MC44Mjk5IDEzMy40Mkw2OC45Njk5IDExNi45OEg1MS43NTk5TDYwLjgyOTkgMTMzLjQyWk0yMi45OTk5IDExMS4wOUw0MS43MDk5IDExMS4wNEwzMi4zNDk5IDk0LjYyTDIyLjk4OTkgMTExLjFMMjIuOTk5OSAxMTEuMDlaTTEwOS45MiAxMTEuMDVIMTMxLjI4TDE0Mi4xNCA5MS42SDEyMS4wMkwxMDkuOTIgMTExLjA1Wk03NS40NTk5IDExMS4wNUg5OS4xMjk5TDg4LjA2OTkgOTEuNkg2NS44NTk5TDc1LjQ1OTkgMTExLjA1Wk01MS44NTk5IDExMS4wMkg2OC45Mzk5TDYxLjAxOTkgOTQuOTFMNTEuODU5OSAxMTEuMDJaTTk0Ljc3OTkgOTEuNjhMMTA0LjUgMTA4Ljc3TDExNC4zIDkxLjZMOTQuNzc5OSA5MS42OFpNNi45Mzk4OCA4OC43MkwxNy45ODk5IDEwOC4xTDI5LjA1OTkgODguNjhMMTcuOTg5OSA2OS4yOEw2LjkzOTg4IDg4LjcyWk00Ni43ODk5IDEwOC4wOUw1Ni4xNDk5IDkxLjY1SDM3LjQxOTlMNDYuNzc5OSAxMDguMDlINDYuNzg5OVpNMzQuMDg5OSA4NS43OUg1Ni4xNzk5TDQ1LjExOTkgNjYuMzRIMjMuMDM5OUwzNC4wODk5IDg1Ljc5Wk0xMjAuOTkgODUuNzZIMTQyLjM0TDEzMS4yOSA2Ni4zM0gxMDkuMzRMMTIwLjk5IDg1Ljc2Wk05NC44MDk5IDg1LjczSDExNC4xOEwxMDQuMjQgNjkuMTdMOTQuODA5OSA4NS43M1oiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl8xMjAyXzExNDU3KSIvPgo8cGF0aCBvcGFjaXR5PSIwLjUiIGQ9Ik0xMDkuNzcgMTc1LjA5SDEyNy41OEwxMzMuNDMgMTg1LjIySDEwNC4wNEwxMDkuNzcgMTc1LjA5WiIgZmlsbD0iIzYyQUVGRiIvPgo8cGF0aCBvcGFjaXR5PSIwLjUiIGQ9Ik00OS45NDk5IDE0MC4wNkwyOS43Mjk5IDE3NS4wOUg0MS4wNjk5TDQ2Ljc1OTkgMTg1LjIySDEyLjE1OTlMNDQuMjA5OSAxMjkuNzNMNDkuOTQ5OSAxNDAuMDZaIiBmaWxsPSIjNjJBRUZGIi8+CjxwYXRoIG9wYWNpdHk9IjAuNSIgZD0iTTE5NS45NiAxNzUuMDlIMjA4LjVMMTE5LjEyIDIwLjI3TDg1LjI5OTggNzguODRMNzMuNTk5OSA3OC44M0wxMTkuMTIgMEwyMjYuMDYgMTg1LjIySDE5MC4zNEwxOTUuOTYgMTc1LjA5WiIgZmlsbD0iIzYyQUVGRiIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzEyMDJfMTE0NTciIHgxPSIxNjMuNjIiIHkxPSI2MC40IiB4Mj0iMjAuOTE5OSIgeTI9IjIwMy4xMSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBvZmZzZXQ9IjAuMDMiIHN0b3AtY29sb3I9IiM0MzlFRkYiLz4KPHN0b3Agb2Zmc2V0PSIwLjE2IiBzdG9wLWNvbG9yPSIjM0I5NEY0Ii8+CjxzdG9wIG9mZnNldD0iMC4zOSIgc3RvcC1jb2xvcj0iIzI2N0NENyIvPgo8c3RvcCBvZmZzZXQ9IjAuNjIiIHN0b3AtY29sb3I9IiMwRTVGQjUiLz4KPC9saW5lYXJHcmFkaWVudD4KPC9kZWZzPgo8L3N2Zz4= + mediatype: image/svg+xml + + customresourcedefinitions: + owned: + - description: Instance of a Percona Server for MongoDB replica set + displayName: PerconaServerMongoDB + kind: PerconaServerMongoDB + name: perconaservermongodbs.psmdb.percona.com + version: v1 + specDescriptors: [ ] + statusDescriptors: [ ] + resources: + - version: v1 + kind: Deployment + name: '' + - version: v1 + kind: Service + name: '' + - version: v1 + kind: ReplicaSet + name: '' + - version: v1 + kind: Pod + name: '' + - version: v1 + kind: Secret + name: '' + - version: v1 + kind: ConfigMap + name: '' + - description: Instance of a Percona Server for MongoDB Backup + displayName: PerconaServerMongoDBBackup + kind: PerconaServerMongoDBBackup + name: perconaservermongodbbackups.psmdb.percona.com + version: v1 + specDescriptors: [ ] + statusDescriptors: [ ] + resources: + - version: v1 + kind: Deployment + name: '' + - version: v1 + kind: Service + name: '' + - version: v1 + kind: ReplicaSet + name: '' + - version: v1 + kind: Pod + name: '' + - version: v1 + kind: Secret + name: '' + - version: v1 + kind: ConfigMap + name: '' + - description: Instance of a Percona Server for MongoDB Restore + displayName: PerconaServerMongoDBRestore + kind: PerconaServerMongoDBRestore + name: perconaservermongodbrestores.psmdb.percona.com + version: v1 + specDescriptors: [ ] + statusDescriptors: [ ] + resources: + - version: v1 + kind: Deployment + name: '' + - version: v1 + kind: Service + name: '' + - version: v1 + kind: ReplicaSet + name: '' + - version: v1 + kind: Pod + name: '' + - version: v1 + kind: Secret + name: '' + - version: v1 + kind: ConfigMap + name: '' + required: [ ] + install: + strategy: deployment + # https://olm.operatorframework.io/docs/best-practices/common/ + # Note: The minKubeVersion must correspond to the lowest supported OCP version + minKubeVersion: 1.28.0 + maturity: stable + # https://github.com/operator-framework/operator-lifecycle-manager/blob/v0.18.2/doc/design/how-to-update-operators.md#replaces--channels + replaces: '' # generate.sh + + # https://olm.operatorframework.io/docs/advanced-tasks/operator-scoping-with-operatorgroups/ + installModes: + - { type: OwnNamespace, supported: true } + - { type: SingleNamespace, supported: true } + - { type: MultiNamespace, supported: true } + - { type: AllNamespaces, supported: true } + + install: + strategy: deployment + spec: + permissions: # kustomize config/operator + deployments: # kustomize config/operator \ No newline at end of file diff --git a/installers/olm/bundle.relatedImages.yaml b/installers/olm/bundle.relatedImages.yaml new file mode 100644 index 0000000000..87cdd2304d --- /dev/null +++ b/installers/olm/bundle.relatedImages.yaml @@ -0,0 +1,15 @@ +- name: mongod7.0 + image: registry.connect.redhat.com/percona/percona-server-mongodb-operator-containers@sha256: +- name: mongod6.0 + image: registry.connect.redhat.com/percona/percona-server-mongodb-operator-containers@sha256: +- name: mongod5.0 + image: registry.connect.redhat.com/percona/percona-server-mongodb-operator-containers@sha256: +- name: backup + image: registry.connect.redhat.com/percona/percona-server-mongodb-operator-containers@sha256: +- name: pmm + image: registry.connect.redhat.com/percona/percona-server-mongodb-operator-containers@sha256: +- name: operator + image: registry.connect.redhat.com/percona/percona-server-mongodb-operator@sha256: + + + diff --git a/installers/olm/generate.sh b/installers/olm/generate.sh new file mode 100755 index 0000000000..2ed9111a5e --- /dev/null +++ b/installers/olm/generate.sh @@ -0,0 +1,190 @@ +#!/usr/bin/env bash +set -eu + +DISTRIBUTION="$1" + +cd "${BASH_SOURCE[0]%/*}" + +bundle_directory="bundles/${DISTRIBUTION}" +project_directory="projects/${DISTRIBUTION}" +go_api_directory=$(cd ../../pkg/apis && pwd) + +# The 'operators.operatorframework.io.bundle.package.v1' package name for each +# bundle (updated for the 'certified' and 'marketplace' bundles). +package_name='percona-server-mongodb-operator' + +# The project name used by operator-sdk for initial bundle generation. +project_name='percona-server-mongodb-operator' + +# The prefix for the 'clusterserviceversion.yaml' file. +# Per OLM guidance, the filename for the clusterserviceversion.yaml must be prefixed +# with the Operator's package name for the 'redhat' and 'marketplace' bundles. +# https://github.com/redhat-openshift-ecosystem/certification-releases/blob/main/4.9/ga/troubleshooting.md#get-supported-versions +file_name='percona-server-mongodb-operator' + +if [ ${MODE} == "cluster" ]; then + suffix="-cw" + mode="Cluster" + rulesLevel="ClusterPermissions" + +elif [ ${MODE} == "namespace" ]; then + suffix="" + mode="" + rulesLevel="permissions" +else + echo "Please add MODE variable. It could be either namespace or cluster" + exit 1 +fi + +kubectl kustomize "../../config/${DISTRIBUTION}" >operator_yamls.yaml + +export role="${mode}Role" + +yq eval '. | select(.kind == "CustomResourceDefinition")' operator_yamls.yaml >operator_crds.yaml +yq eval '. | select(.kind == "Deployment")' operator_yamls.yaml >operator_deployments.yaml +yq eval '. | select(.kind == "ServiceAccount")' operator_yamls.yaml >operator_accounts.yaml +yq eval '. | select(.kind == env(role))' operator_yamls.yaml >operator_roles${suffix}.yaml + +## Recreate the Operator SDK project. + +[ ! -d "${project_directory}" ] || rm -r "${project_directory}" +install -d "${project_directory}" +( + cd "${project_directory}" + operator-sdk init --fetch-deps='false' --project-name=${project_name} + + # Generate CRD descriptions from Go markers. + # https://sdk.operatorframework.io/docs/building-operators/golang/references/markers/ + yq eval '[. | {"group": .spec.group, "kind": .spec.names.kind, "version": .spec.versions[].name}]' ../../operator_crds.yaml >crd_gvks.yaml + + yq eval --inplace '.multigroup = true | .resources = load("crd_gvks.yaml" | fromyaml) | .' ./PROJECT + + ln -s "${go_api_directory}" . + operator-sdk generate kustomize manifests --interactive='false' --verbose +) + +# Recreate the OLM bundle. +[ ! -d "${bundle_directory}" ] || rm -r "${bundle_directory}" +install -d \ + "${bundle_directory}/manifests" \ + "${bundle_directory}/metadata" + +# Render bundle annotations and strip comments. +# Per Red Hat we should not include the org.opencontainers annotations in the +# 'redhat' & 'marketplace' annotations.yaml file, so only add them for 'community'. +# - https://coreos.slack.com/team/UP1LZCC1Y + +export package="${package_name}" +export package_channel="${PACKAGE_CHANNEL}${suffix}" +export openshift_supported_versions="${OPENSHIFT_VERSIONS}" + +yq eval '.annotations["operators.operatorframework.io.bundle.channels.v1"] = env(package_channel) | + .annotations["operators.operatorframework.io.bundle.channel.default.v1"] = env(package_channel) | + .annotations["com.redhat.openshift.versions"] = env(openshift_supported_versions)' \ + bundle.annotations.yaml >"${bundle_directory}/metadata/annotations.yaml" + +if [ ${DISTRIBUTION} == 'community' ]; then + # community-operators + yq eval '.annotations["operators.operatorframework.io.bundle.package.v1"] = "percona-server-mongodb-operator" | + .annotations["org.opencontainers.image.authors"] = "info@percona.com" | + .annotations["org.opencontainers.image.url"] = "https://percona.com" | + .annotations["org.opencontainers.image.vendor"] = "Percona"' \ + bundle.annotations.yaml >"${bundle_directory}/metadata/annotations.yaml" + +# certified-operators +elif [ ${DISTRIBUTION} == 'redhat' ]; then + yq eval --inplace ' + .annotations["operators.operatorframework.io.bundle.package.v1"] = "percona-server-mongodb-operator-certified" ' \ + "${bundle_directory}/metadata/annotations.yaml" + +# redhat-marketplace +elif [ ${DISTRIBUTION} == 'marketplace' ]; then + yq eval --inplace ' + .annotations["operators.operatorframework.io.bundle.package.v1"] = "percona-server-mongodb-operator-certified-rhmp" ' \ + "${bundle_directory}/metadata/annotations.yaml" +fi + +# Copy annotations into Dockerfile LABELs. +# TODO fix tab for labels. + +labels=$(yq eval -r '.annotations | to_entries | map(" " + .key + "=" + (.value | tojson)) | join("\n")' \ + "${bundle_directory}/metadata/annotations.yaml") + +ANNOTATIONS="${labels}" envsubst "${bundle_directory}/Dockerfile" + +# Include CRDs as manifests. +crd_names=$(yq eval -o=tsv '.metadata.name' operator_crds.yaml) + +for name in ${crd_names}; do + yq eval ". | select(.metadata.name == \"${name}\")" operator_crds.yaml >"${bundle_directory}/manifests/${name}.crd.yaml" +done + +abort() { + echo >&2 "$@" + exit 1 +} +dump() { yq --color-output; } + +# The first command render yaml correctly and the second extract data. + +yq eval -i '[.]' operator_deployments.yaml && yq eval 'length == 1' operator_deployments.yaml --exit-status >/dev/null || abort "too many deployments accounts!" $'\n'"$(yq eval . operator_deployments.yaml)" + +yq eval -i '[.]' operator_accounts.yaml && yq eval 'length == 1' operator_accounts.yaml --exit-status >/dev/null || abort "too many service accounts!" $'\n'"$(yq eval . operator_accounts.yaml)" + +yq eval -i '[.]' operator_roles${suffix}.yaml && yq eval 'length == 1' operator_roles${suffix}.yaml --exit-status >/dev/null || abort "too many roles!" $'\n'"$(yq eval . operator_roles${suffix}.yaml)" + +# Render bundle CSV and strip comments. +csv_stem=$(yq -r '.projectName' "${project_directory}/PROJECT") + +cr_example=$(yq eval -o=json '[.]' ../../deploy/cr.yaml) + +export examples="${cr_example}" +export deployment=$(yq eval operator_deployments.yaml) +export account=$(yq eval '.[] | .metadata.name' operator_accounts.yaml) +export rules=$(yq eval '.[] | .rules' operator_roles${suffix}.yaml) +export version="${VERSION}${suffix}" +export minKubeVer="${MIN_KUBE_VERSION}" +export stem="${csv_stem}" +export timestamp=$(date -u +"%Y-%m-%dT%H:%M:%S.%3Z") +export name="${csv_stem}.v${VERSION}${suffix}" +export name_certified="${csv_stem}-certified.v${VERSION}${suffix}" +export name_certified_rhmp="${csv_stem}-certified-rhmp.v${VERSION}${suffix}" +export skip_range="<${VERSION}" +export containerImage=$(yq eval '.[0].spec.template.spec.containers[1].image' operator_deployments.yaml) +export relatedImages=$(yq eval bundle.relatedImages.yaml) +export rulesLevel=${rulesLevel} +yq eval ' + .metadata.annotations["alm-examples"] = strenv(examples) | + .metadata.annotations["containerImage"] = env(containerImage) | + .metadata.annotations["olm.skipRange"] = env(skip_range) | + .metadata.annotations["createdAt"] = env(timestamp) | + .metadata.name = env(name) | + .spec.version = env(version) | + .spec.install.spec[strenv(rulesLevel)] = [{ "serviceAccountName": env(account), "rules": env(rules) }] | + .spec.install.spec.deployments = [( env(deployment) | .[] |{ "name": .metadata.name, "spec": .spec} )] | + .spec.minKubeVersion = env(minKubeVer)' bundle.csv.yaml >"${bundle_directory}/manifests/${file_name}.clusterserviceversion.yaml" + +if [ ${DISTRIBUTION} == "redhat" ]; then + + yq eval --inplace ' + .spec.relatedImages = env(relatedImages) | + .metadata.annotations.certified = "true" | + .metadata.annotations["containerImage"] = "registry.connect.redhat.com/percona/percona-server-mongodb-operator@sha256:" | + .metadata.name = strenv(name_certified)' \ + "${bundle_directory}/manifests/${file_name}.clusterserviceversion.yaml" + +elif [ ${DISTRIBUTION} == "marketplace" ]; then + # Annotations needed when targeting Red Hat Marketplace + export package_url="https://marketplace.redhat.com/en-us/operators/${file_name}" + yq --inplace ' + .metadata.name = env(name_certified_rhmp) | + .metadata.annotations["containerImage"] = "registry.connect.redhat.com/percona/percona-server-mongodb-operator@sha256:" | + .metadata.annotations["marketplace.openshift.io/remote-workflow"] = + "https://marketplace.redhat.com/en-us/operators/percona-server-mongodb-operator-certified-rhmp/pricing?utm_source=openshift_console" | + .metadata.annotations["marketplace.openshift.io/support-workflow"] = + "https://marketplace.redhat.com/en-us/operators/percona-server-mongodb-operator-certified-rhmp/support?utm_source=openshift_console" | + .spec.relatedImages = env(relatedImages)' \ + "${bundle_directory}/manifests/${file_name}.clusterserviceversion.yaml" +fi + +if >/dev/null command -v tree; then tree -C "${bundle_directory}"; fi \ No newline at end of file