diff --git a/bundle/manifests/ibm-common-service-operator.clusterserviceversion.yaml b/bundle/manifests/ibm-common-service-operator.clusterserviceversion.yaml index 5d63b9aa6..dda5536bf 100644 --- a/bundle/manifests/ibm-common-service-operator.clusterserviceversion.yaml +++ b/bundle/manifests/ibm-common-service-operator.clusterserviceversion.yaml @@ -8,6 +8,11 @@ metadata: "apiVersion": "operator.ibm.com/v3", "kind": "CommonService", "metadata": { + "labels": { + "app.kubernetes.io/instance": "ibm-common-service-operator", + "app.kubernetes.io/managed-by": "ibm-common-service-operator", + "app.kubernetes.io/name": "ibm-common-service-operator" + }, "name": "example-commonservice" }, "spec": { @@ -17,7 +22,7 @@ metadata: ] capabilities: Seamless Upgrades containerImage: icr.io/cpopen/common-service-operator:latest - createdAt: "2024-01-04T22:59:50Z" + createdAt: "2024-01-10T21:50:05Z" description: The IBM Cloud Pak foundational services operator is used to deploy IBM foundational services. nss.operator.ibm.com/managed-operators: ibm-common-service-operator nss.operator.ibm.com/managed-webhooks: "" @@ -45,9 +50,9 @@ spec: kind: CommonService name: commonservices.operator.ibm.com specDescriptors: - - displayName: License + - description: License information for this instance. You must accept the license. + displayName: License path: license - description: License information for this instance. You must accept the license. - description: Read and accept the license that is applicable to your installation. For more information, see https://ibm.biz/icpfs39license displayName: Accept path: license.accept @@ -71,78 +76,76 @@ spec: displayName: Size path: size x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:select:starterset - - urn:alm:descriptor:com.tectonic.ui:select:starter - - urn:alm:descriptor:com.tectonic.ui:select:small - - urn:alm:descriptor:com.tectonic.ui:select:medium - - urn:alm:descriptor:com.tectonic.ui:select:large - - urn:alm:descriptor:com.tectonic.ui:select:production + - urn:alm:descriptor:com.tectonic.ui:select:starterset + - urn:alm:descriptor:com.tectonic.ui:select:starter + - urn:alm:descriptor:com.tectonic.ui:select:small + - urn:alm:descriptor:com.tectonic.ui:select:medium + - urn:alm:descriptor:com.tectonic.ui:select:large + - urn:alm:descriptor:com.tectonic.ui:select:production - displayName: Operator namespace path: operatorNamespace x-descriptors: - - urn:alm:descriptor:io.kubernetes:Namespace + - urn:alm:descriptor:io.kubernetes:Namespace - displayName: Services namespace path: servicesNamespace x-descriptors: - - urn:alm:descriptor:io.kubernetes:Namespace - # ----------- Advanced Section ----------- + - urn:alm:descriptor:io.kubernetes:Namespace - displayName: Storage class path: storageClass x-descriptors: - - urn:alm:descriptor:io.kubernetes:StorageClass - - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:io.kubernetes:StorageClass + - urn:alm:descriptor:com.tectonic.ui:advanced - displayName: FIPS mode path: fipsEnabled x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:booleanSwitch - - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - urn:alm:descriptor:com.tectonic.ui:advanced - description: The profile controller for IBM Cloud Pak foundational services displayName: ProfileController path: profileController x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:select:default - - urn:alm:descriptor:com.tectonic.ui:select:commonservice - - urn:alm:descriptor:com.tectonic.ui:select:turbonomic - - urn:alm:descriptor:com.tectonic.ui:select:vpa - - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:select:default + - urn:alm:descriptor:com.tectonic.ui:select:commonservice + - urn:alm:descriptor:com.tectonic.ui:select:turbonomic + - urn:alm:descriptor:com.tectonic.ui:select:vpa + - urn:alm:descriptor:com.tectonic.ui:advanced - displayName: Identity management custom hostname path: routeHost x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:advanced - displayName: Identity management custom certificates path: BYOCACertificate x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:booleanSwitch - - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - urn:alm:descriptor:com.tectonic.ui:advanced - displayName: Identity management default admin username path: defaultAdminUser x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:advanced - displayName: Custom OLM catalog name path: catalogName x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:advanced - displayName: Custom OLM catalog namespace path: catalogNamespace x-descriptors: - - urn:alm:descriptor:io.kubernetes:Namespace - - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:io.kubernetes:Namespace + - urn:alm:descriptor:com.tectonic.ui:advanced - displayName: OLM Install Plan approval mode path: installPlanApproval x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:select:Automatic - - urn:alm:descriptor:com.tectonic.ui:select:Manual - - urn:alm:descriptor:com.tectonic.ui:advanced - # ----------- Hidden Section ----------- + - urn:alm:descriptor:com.tectonic.ui:select:Automatic + - urn:alm:descriptor:com.tectonic.ui:select:Manual + - urn:alm:descriptor:com.tectonic.ui:advanced - path: manualManagement x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:hidden + - urn:alm:descriptor:com.tectonic.ui:hidden - path: features x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:hidden + - urn:alm:descriptor:com.tectonic.ui:hidden - path: services x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:hidden + - urn:alm:descriptor:com.tectonic.ui:hidden statusDescriptors: - description: Installed Bedrock Operator Name displayName: Name diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 52daaedb8..c2dc87690 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -13,11 +13,20 @@ rules: - configmaps resourceNames: - common-service-maps +- verbs: + - delete + apiGroups: + - "" + resources: + - configmaps + resourceNames: + - cloud-native-postgresql-image-list - verbs: - create - get - list - watch + - update apiGroups: - '' resources: diff --git a/controllers/constant/odlm.go b/controllers/constant/odlm.go index 747a098d0..5dcaae585 100644 --- a/controllers/constant/odlm.go +++ b/controllers/constant/odlm.go @@ -459,22 +459,6 @@ spec: force: true kind: OperandBindInfo name: keycloak-bindinfo - - apiVersion: cert-manager.io/v1 - kind: Certificate - force: true - name: cs-keycloak-tls-cert - data: - spec: - commonName: cs-keycloak-service - dnsNames: - - cs-keycloak-service - - cs-keycloak-service.{{ .ServicesNs }} - - cs-keycloak-service.{{ .ServicesNs }}.svc - - cs-keycloak-service.{{ .ServicesNs }}.svc.cluster.local - issuerRef: - kind: Issuer - name: cs-ca-issuer - secretName: cs-keycloak-tls-secret - apiVersion: v1 kind: ConfigMap name: cs-keycloak-entrypoint @@ -508,6 +492,62 @@ spec: done echo "Truststore file built, starting Keycloak ..." "/opt/keycloak/bin/kc.sh" "$@" --spi-truststore-file-file=${TRUSTSTORE_DIR}/keycloak-truststore.jks --spi-truststore-file-password=changeit --spi-truststore-file-hostname-verification-policy=WILDCARD + - apiVersion: v1 + data: + metadata: + annotations: + service.beta.openshift.io/serving-cert-secret-name: cpfs-opcon-cs-keycloak-tls-secret + labels: + app: keycloak + app.kubernetes.io/instance: cs-keycloak + app.kubernetes.io/managed-by: keycloak-operator + operator.ibm.com/opreq-control: 'true' + name: cpfs-opcon-cs-keycloak-service + namespace: {{ .ServicesNs }} + spec: + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: 8443 + selector: + app: keycloak + app.kubernetes.io/instance: cs-keycloak + app.kubernetes.io/managed-by: keycloak-operator + sessionAffinity: None + type: ClusterIP + force: true + kind: Service + name: cpfs-opcon-cs-keycloak-service + - apiVersion: v1 + data: + stringData: + ca.crt: + templatingValueFrom: + configMapKeyRef: + key: service-ca.crt + name: openshift-service-ca.crt + required: true + tls.crt: + templatingValueFrom: + required: true + secretKeyRef: + key: tls.crt + name: cpfs-opcon-cs-keycloak-tls-secret + tls.key: + templatingValueFrom: + required: true + secretKeyRef: + key: tls.key + name: cpfs-opcon-cs-keycloak-tls-secret + type: kubernetes.io/tls + force: true + kind: Secret + name: cs-keycloak-tls-secret - apiVersion: route.openshift.io/v1 data: spec: @@ -543,7 +583,7 @@ spec: termination: reencrypt to: kind: Service - name: cs-keycloak-service + name: cpfs-opcon-cs-keycloak-service wildcardPolicy: None force: true kind: Route