You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by ts...@apache.org on 2022/08/19 04:56:09 UTC
[camel-k] branch main updated (e7510e29a -> 11ad66407)
This is an automated email from the ASF dual-hosted git repository.
tsato pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/camel-k.git
from e7510e29a fix(knative): Fix the knative pods created unitl exhaustion
new c5b887b03 feat: add global option to helm installation for operator to watch all namespaces
new 11ad66407 docs: update helm README with operator global parameter
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
helm/camel-k/README.md | 5 +-
.../templates/operator-cluster-role-bindings.yaml | 179 +++++++++++++++
...rator-role.yaml => operator-cluster-roles.yaml} | 241 +++++++++++++++------
helm/camel-k/templates/operator-role-binding.yaml | 2 +
helm/camel-k/templates/operator-role.yaml | 2 +
helm/camel-k/templates/operator.yaml | 4 +
helm/camel-k/values.yaml | 1 +
7 files changed, 370 insertions(+), 64 deletions(-)
create mode 100644 helm/camel-k/templates/operator-cluster-role-bindings.yaml
copy helm/camel-k/templates/{operator-role.yaml => operator-cluster-roles.yaml} (62%)
[camel-k] 01/02: feat: add global option to helm installation for operator to watch all namespaces
Posted by ts...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
tsato pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit c5b887b03482c8ada2206a7a7dd4d9935f91274d
Author: zhiming.lim.e@thalesdigital.io <zh...@thalesdigital.io>
AuthorDate: Sat Aug 13 01:09:55 2022 +0800
feat: add global option to helm installation for operator to watch all namespaces
---
.../templates/operator-cluster-role-bindings.yaml | 179 +++++++++++++++
...rator-role.yaml => operator-cluster-roles.yaml} | 241 +++++++++++++++------
helm/camel-k/templates/operator-role-binding.yaml | 2 +
helm/camel-k/templates/operator-role.yaml | 2 +
helm/camel-k/templates/operator.yaml | 4 +
helm/camel-k/values.yaml | 1 +
6 files changed, 367 insertions(+), 62 deletions(-)
diff --git a/helm/camel-k/templates/operator-cluster-role-bindings.yaml b/helm/camel-k/templates/operator-cluster-role-bindings.yaml
new file mode 100644
index 000000000..e8410f097
--- /dev/null
+++ b/helm/camel-k/templates/operator-cluster-role-bindings.yaml
@@ -0,0 +1,179 @@
+# ---------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ---------------------------------------------------------------------------
+
+{{- if eq .Values.operator.global "true" }}
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: camel-k-operator
+ labels:
+ app: "camel-k"
+ {{- include "camel-k.labels" . | nindent 4 }}
+subjects:
+- kind: ServiceAccount
+ name: camel-k-operator
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: camel-k-operator
+ apiGroup: rbac.authorization.k8s.io
+
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: camel-k-operator-custom-resource-definitions
+ labels:
+ app: "camel-k"
+ {{- include "camel-k.labels" . | nindent 4 }}
+subjects:
+- kind: ServiceAccount
+ name: camel-k-operator
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: camel-k-operator-custom-resource-definitions
+ apiGroup: rbac.authorization.k8s.io
+
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: camel-k-operator-events
+ labels:
+ app: "camel-k"
+ {{- include "camel-k.labels" . | nindent 4 }}
+subjects:
+- kind: ServiceAccount
+ name: camel-k-operator
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: camel-k-operator-events
+ apiGroup: rbac.authorization.k8s.io
+
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: camel-k-operator-keda
+ labels:
+ app: "camel-k"
+ {{- include "camel-k.labels" . | nindent 4 }}
+subjects:
+- kind: ServiceAccount
+ name: camel-k-operator
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: camel-k-operator-keda
+ apiGroup: rbac.authorization.k8s.io
+
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: camel-k-operator-leases
+ labels:
+ app: "camel-k"
+ {{- include "camel-k.labels" . | nindent 4 }}
+subjects:
+- kind: ServiceAccount
+ name: camel-k-operator
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: camel-k-operator-leases
+ apiGroup: rbac.authorization.k8s.io
+
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: camel-k-operator-podmonitors
+ labels:
+ app: "camel-k"
+ {{- include "camel-k.labels" . | nindent 4 }}
+subjects:
+- kind: ServiceAccount
+ name: camel-k-operator
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: camel-k-operator-podmonitors
+ apiGroup: rbac.authorization.k8s.io
+
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: camel-k-operator-strimzi
+ labels:
+ app: "camel-k"
+ {{- include "camel-k.labels" . | nindent 4 }}
+subjects:
+- kind: ServiceAccount
+ name: camel-k-operator
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: camel-k-operator-strimzi
+ apiGroup: rbac.authorization.k8s.io
+
+
+{{- if eq .Values.platform.cluster "OpenShift" }}
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: camel-k-operator-console-openshift
+ labels:
+ app: "camel-k"
+ {{- include "camel-k.labels" . | nindent 4 }}
+subjects:
+- kind: ServiceAccount
+ name: camel-k-operator
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: camel-k-operator-console-openshift
+ apiGroup: rbac.authorization.k8s.io
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: camel-k-operator-openshift
+ labels:
+ app: "camel-k"
+ {{- include "camel-k.labels" . | nindent 4 }}
+subjects:
+- kind: ServiceAccount
+ name: camel-k-operator
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: camel-k-operator-openshift
+ apiGroup: rbac.authorization.k8s.io
+{{- end }}
+
+{{- end }}
\ No newline at end of file
diff --git a/helm/camel-k/templates/operator-role.yaml b/helm/camel-k/templates/operator-cluster-roles.yaml
similarity index 62%
copy from helm/camel-k/templates/operator-role.yaml
copy to helm/camel-k/templates/operator-cluster-roles.yaml
index 81f23b835..46ca9c777 100644
--- a/helm/camel-k/templates/operator-role.yaml
+++ b/helm/camel-k/templates/operator-cluster-roles.yaml
@@ -15,7 +15,57 @@
# limitations under the License.
# ---------------------------------------------------------------------------
-kind: Role
+{{- if eq .Values.operator.global "true" }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: camel-k-edit
+ labels:
+ app: "camel-k"
+ # Add these permissions to the "admin" and "edit" default roles.
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+ {{- include "camel-k.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+ - camel.apache.org
+ resources:
+ - builds
+ - camelcatalogs
+ - integrationkits
+ - integrationplatforms
+ - integrations
+ - kameletbindings
+ - kamelets
+ verbs:
+ - create
+ - delete
+ - deletecollection
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - camel.apache.org
+ resources:
+ - builds/status
+ - camelcatalogs/status
+ - integrationkits/status
+ - integrationplatforms/status
+ - integrations/scale
+ - integrations/status
+ - kameletbindings/scale
+ - kameletbindings/status
+ - kamelets/status
+ verbs:
+ - get
+ - patch
+ - update
+
+
+---
+kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: camel-k-operator
@@ -166,6 +216,34 @@ rules:
- patch
- update
- watch
+
+
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: camel-k-operator-custom-resource-definitions
+ labels:
+ app: "camel-k"
+ {{- include "camel-k.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - get
+
+
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: camel-k-operator-events
+ labels:
+ app: "camel-k"
+ {{- include "camel-k.labels" . | nindent 4 }}
+rules:
- apiGroups:
- ""
resources:
@@ -176,8 +254,19 @@ rules:
- get
- list
- watch
+
+
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: camel-k-operator-keda
+ labels:
+ app: "camel-k"
+ {{- include "camel-k.labels" . | nindent 4 }}
+rules:
- apiGroups:
- - keda.sh
+ - "keda.sh"
resources:
- scaledobjects
- triggerauthentications
@@ -190,55 +279,105 @@ rules:
- patch
- update
- watch
+
+
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: camel-k-operator-leases
+ labels:
+ app: "camel-k"
+ {{- include "camel-k.labels" . | nindent 4 }}
+rules:
- apiGroups:
- - serving.knative.dev
+ - "coordination.k8s.io"
resources:
- - services
+ - leases
verbs:
- create
- delete
+ - deletecollection
- get
- list
- patch
- update
- watch
+
+
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: camel-k-operator-local-registry
+ labels:
+ app: "camel-k"
+ {{- include "camel-k.labels" . | nindent 4 }}
+rules:
+ - apiGroups: [""]
+ resources: ["configmaps"]
+ resourceNames: ["local-registry-hosting"]
+ verbs: ["get"]
+
+
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: camel-k-operator-podmonitors
+ labels:
+ app: "camel-k"
+ {{- include "camel-k.labels" . | nindent 4 }}
+rules:
- apiGroups:
- - eventing.knative.dev
- resources:
- - triggers
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
-- apiGroups:
- - messaging.knative.dev
+ - monitoring.coreos.com
resources:
- - subscriptions
+ - podmonitors
verbs:
- create
- delete
+ - deletecollection
- get
- list
- patch
- update
+ - watch
+
+
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: camel-k-operator-strimzi
+ labels:
+ app: "camel-k"
+ {{- include "camel-k.labels" . | nindent 4 }}
+rules:
- apiGroups:
- - sources.knative.dev
+ - "kafka.strimzi.io"
resources:
- - sinkbindings
+ - kafkatopics
+ - kafkas
verbs:
- - create
- - delete
- get
- list
- - patch
- - update
+ - watch
+
+
+{{- if eq .Values.platform.cluster "OpenShift" }}
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: camel-k-operator-console-openshift
+ labels:
+ app: "camel-k"
+ {{- include "camel-k.labels" . | nindent 4 }}
+rules:
- apiGroups:
- - coordination.k8s.io
+ - console.openshift.io
resources:
- - leases
+ - consoleclidownloads
verbs:
- create
- delete
@@ -248,6 +387,15 @@ rules:
- patch
- update
- watch
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: camel-k-operator-openshift
+ labels:
+ app: "camel-k"
+ {{- include "camel-k.labels" . | nindent 4 }}
+rules:
- apiGroups:
- camel.apache.org
resources:
@@ -260,7 +408,7 @@ rules:
- update
- apiGroups:
- ""
- - build.openshift.io
+ - "build.openshift.io"
resources:
- buildconfigs
- buildconfigs/webhooks
@@ -276,7 +424,7 @@ rules:
- watch
- apiGroups:
- ""
- - image.openshift.io
+ - "image.openshift.io"
resources:
- imagestreamimages
- imagestreammappings
@@ -303,7 +451,7 @@ rules:
- create
- apiGroups:
- ""
- - route.openshift.io
+ - "route.openshift.io"
resources:
- routes
verbs:
@@ -322,37 +470,6 @@ rules:
- routes/custom-host
verbs:
- create
-- apiGroups:
- - monitoring.coreos.com
- resources:
- - podmonitors
- verbs:
- - create
- - delete
- - deletecollection
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - kafka.strimzi.io
- resources:
- - kafkatopics
- - kafkas
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - "apiextensions.k8s.io"
- resources:
- - customresourcedefinitions
- verbs:
- - get
-- apiGroups:
- - rbac.authorization.k8s.io
- resources:
- - clusterroles
- verbs:
- - bind
+{{- end }}
+
+{{- end }}
\ No newline at end of file
diff --git a/helm/camel-k/templates/operator-role-binding.yaml b/helm/camel-k/templates/operator-role-binding.yaml
index 0c785efa7..c34445be1 100644
--- a/helm/camel-k/templates/operator-role-binding.yaml
+++ b/helm/camel-k/templates/operator-role-binding.yaml
@@ -15,6 +15,7 @@
# limitations under the License.
# ---------------------------------------------------------------------------
+{{- if eq .Values.operator.global "false" }}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
@@ -29,3 +30,4 @@ roleRef:
kind: Role
name: camel-k-operator
apiGroup: rbac.authorization.k8s.io
+{{- end }}
\ No newline at end of file
diff --git a/helm/camel-k/templates/operator-role.yaml b/helm/camel-k/templates/operator-role.yaml
index 81f23b835..8b6badcda 100644
--- a/helm/camel-k/templates/operator-role.yaml
+++ b/helm/camel-k/templates/operator-role.yaml
@@ -15,6 +15,7 @@
# limitations under the License.
# ---------------------------------------------------------------------------
+{{- if eq .Values.operator.global "false" }}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
@@ -356,3 +357,4 @@ rules:
- clusterroles
verbs:
- bind
+{{- end }}
\ No newline at end of file
diff --git a/helm/camel-k/templates/operator.yaml b/helm/camel-k/templates/operator.yaml
index 6ef4a1d88..326432e21 100644
--- a/helm/camel-k/templates/operator.yaml
+++ b/helm/camel-k/templates/operator.yaml
@@ -43,9 +43,13 @@ spec:
- operator
env:
- name: WATCH_NAMESPACE
+ {{- if eq .Values.operator.global "false" }}
valueFrom:
fieldRef:
fieldPath: metadata.namespace
+ {{- else }}
+ value: ""
+ {{- end }}
- name: OPERATOR_NAME
value: camel-k
- name: POD_NAME
diff --git a/helm/camel-k/values.yaml b/helm/camel-k/values.yaml
index 2e8d7854f..ffec29d8b 100644
--- a/helm/camel-k/values.yaml
+++ b/helm/camel-k/values.yaml
@@ -24,6 +24,7 @@ fullnameOverride: ""
operator:
image: docker.io/apache/camel-k:1.10.0-SNAPSHOT
+ global: "false"
resources: {}
securityContext: {}
[camel-k] 02/02: docs: update helm README with operator global parameter
Posted by ts...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
tsato pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 11ad66407c23432a28731c98a09532ec9359592d
Author: zhiming.lim.e@thalesdigital.io <zh...@thalesdigital.io>
AuthorDate: Sat Aug 13 01:11:01 2022 +0800
docs: update helm README with operator global parameter
---
helm/camel-k/README.md | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/helm/camel-k/README.md b/helm/camel-k/README.md
index b834f2119..bd97e854b 100644
--- a/helm/camel-k/README.md
+++ b/helm/camel-k/README.md
@@ -79,8 +79,9 @@ Camel K chart and their default values. The chart allows configuration of an `In
| `platform.build.registry.insecure` | Indicates if the registry is not secured | true |
| `platform.cluster` | The kind of Kubernetes cluster (Kubernetes or OpenShift) | `Kubernetes` |
| `platform.profile` | The trait profile to use (Knative, Kubernetes or OpenShift) | auto |
-| `operator.resources` | the resource requests and limits to use for the operator | |
-| `operator.securityContext` | The (container-related) securityContext to use for the operato | |
+| `operator.global` | Indicates if the operator should watch all namespaces | `false` |
+| `operator.resources` | The resource requests and limits to use for the operator | |
+| `operator.securityContext` | The (container-related) securityContext to use for the operator | |
## Contributing