From 97887cbac6c0953dbb4ea3324bb4502c65e50493 Mon Sep 17 00:00:00 2001
From: Joel Takvorian <jtakvori@redhat.com>
Date: Wed, 2 Apr 2025 17:13:57 +0200
Subject: [PATCH] Create static console plugin in OLM bundle

---
 ...observ-operator.clusterserviceversion.yaml | 46 +++++++++++++++++
 ...serv-static-console-plugin_v1_service.yaml | 19 +++++++
 .../openshift-olm/default/kustomization.yaml  |  1 +
 .../static-console-plugin/kustomization.yaml  | 15 ++++++
 .../static_console_plugin.yaml                | 22 +++++++++
 .../static_console_plugin_deployment.yaml     | 49 +++++++++++++++++++
 .../static_console_plugin_service.yaml        | 17 +++++++
 7 files changed, 169 insertions(+)
 create mode 100644 bundle/manifests/netobserv-static-console-plugin_v1_service.yaml
 create mode 100644 config/static-console-plugin/kustomization.yaml
 create mode 100644 config/static-console-plugin/static_console_plugin.yaml
 create mode 100644 config/static-console-plugin/static_console_plugin_deployment.yaml
 create mode 100644 config/static-console-plugin/static_console_plugin_service.yaml

diff --git a/bundle/manifests/netobserv-operator.clusterserviceversion.yaml b/bundle/manifests/netobserv-operator.clusterserviceversion.yaml
index 6a335c020..988172fdb 100644
--- a/bundle/manifests/netobserv-operator.clusterserviceversion.yaml
+++ b/bundle/manifests/netobserv-operator.clusterserviceversion.yaml
@@ -1279,6 +1279,52 @@ spec:
                 secret:
                   defaultMode: 420
                   secretName: manager-metrics-tls
+      - label:
+          app: static-console-plugin
+        name: netobserv-static-console-plugin
+        spec:
+          replicas: 1
+          selector:
+            matchLabels:
+              app: static-console-plugin
+          strategy: {}
+          template:
+            metadata:
+              labels:
+                app: static-console-plugin
+            spec:
+              containers:
+              - command:
+                - /static-plugin
+                env:
+                - name: GODEBUG
+                  value: http2server=0
+                image: quay.io/netobserv/network-observability-console-plugin:b35da77
+                imagePullPolicy: Always
+                name: static-plugin
+                resources:
+                  limits:
+                    memory: 200Mi
+                  requests:
+                    cpu: 100m
+                    memory: 100Mi
+                securityContext:
+                  allowPrivilegeEscalation: false
+                  capabilities:
+                    drop:
+                    - ALL
+                  readOnlyRootFilesystem: true
+                volumeMounts:
+                - mountPath: /var/serving-cert
+                  name: static-console-plugin-tls
+                  readOnly: true
+              securityContext:
+                runAsNonRoot: true
+              volumes:
+              - name: static-console-plugin-tls
+                secret:
+                  defaultMode: 420
+                  secretName: static-console-plugin-tls
       permissions:
       - rules:
         - apiGroups:
diff --git a/bundle/manifests/netobserv-static-console-plugin_v1_service.yaml b/bundle/manifests/netobserv-static-console-plugin_v1_service.yaml
new file mode 100644
index 000000000..8333b986f
--- /dev/null
+++ b/bundle/manifests/netobserv-static-console-plugin_v1_service.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    service.beta.openshift.io/serving-cert-secret-name: static-console-plugin-tls
+  creationTimestamp: null
+  labels:
+    app: static-console-plugin
+  name: netobserv-static-console-plugin
+spec:
+  ports:
+  - name: https
+    port: 9001
+    protocol: TCP
+    targetPort: 9001
+  selector:
+    app: static-console-plugin
+status:
+  loadBalancer: {}
diff --git a/config/openshift-olm/default/kustomization.yaml b/config/openshift-olm/default/kustomization.yaml
index fc5b1790c..1fdf188bb 100644
--- a/config/openshift-olm/default/kustomization.yaml
+++ b/config/openshift-olm/default/kustomization.yaml
@@ -24,6 +24,7 @@ bases:
 - ../../crd
 - ../../rbac
 - ../../manager
+- ../../static-console-plugin
 - ../../webhook
 patchesStrategicMerge:
 - patch.yaml
diff --git a/config/static-console-plugin/kustomization.yaml b/config/static-console-plugin/kustomization.yaml
new file mode 100644
index 000000000..4ad2efc81
--- /dev/null
+++ b/config/static-console-plugin/kustomization.yaml
@@ -0,0 +1,15 @@
+resources:
+- static_console_plugin.yaml
+- static_console_plugin_deployment.yaml
+- static_console_plugin_service.yaml
+
+generatorOptions:
+  disableNameSuffixHash: true
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+images:
+- name: static-console-plugin
+  newName: quay.io/netobserv/network-observability-console-plugin
+  newTag: b35da77
+
diff --git a/config/static-console-plugin/static_console_plugin.yaml b/config/static-console-plugin/static_console_plugin.yaml
new file mode 100644
index 000000000..90ddb5097
--- /dev/null
+++ b/config/static-console-plugin/static_console_plugin.yaml
@@ -0,0 +1,22 @@
+apiVersion: console.openshift.io/v1
+kind: ConsolePlugin
+metadata:
+  name: netobserv-static-plugin
+spec:
+  backend:
+    service:
+      basePath: /
+      name: netobserv-static-plugin
+      namespace: system
+      port: 9001
+    type: Service
+  displayName: NetObserv configuration plugin
+  proxy:
+  - alias: backend
+    authorization: UserToken
+    endpoint:
+      service:
+        name: netobserv-static-plugin
+        namespace: netobserv
+        port: 9001
+      type: Service
diff --git a/config/static-console-plugin/static_console_plugin_deployment.yaml b/config/static-console-plugin/static_console_plugin_deployment.yaml
new file mode 100644
index 000000000..324c79d20
--- /dev/null
+++ b/config/static-console-plugin/static_console_plugin_deployment.yaml
@@ -0,0 +1,49 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: static-console-plugin
+  namespace: system
+  labels:
+    app: static-console-plugin
+spec:
+  selector:
+    matchLabels:
+      app: static-console-plugin
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: static-console-plugin
+    spec:
+      securityContext:
+        runAsNonRoot: true
+      containers:
+      - command:
+        - /static-plugin
+        env:
+        - name: GODEBUG
+          value: http2server=0
+        image: static-console-plugin
+        name: static-plugin
+        imagePullPolicy: Always
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+              - ALL
+          readOnlyRootFilesystem: true
+        resources:
+          limits:
+            memory: 200Mi
+          requests:
+            cpu: 100m
+            memory: 100Mi
+        volumeMounts:
+        - mountPath: /var/serving-cert
+          name: static-console-plugin-tls
+          readOnly: true
+      volumes:
+      - name: static-console-plugin-tls
+        secret:
+          defaultMode: 420
+          secretName: static-console-plugin-tls
diff --git a/config/static-console-plugin/static_console_plugin_service.yaml b/config/static-console-plugin/static_console_plugin_service.yaml
new file mode 100644
index 000000000..89ebb940f
--- /dev/null
+++ b/config/static-console-plugin/static_console_plugin_service.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: static-console-plugin
+  annotations:
+        service.beta.openshift.io/serving-cert-secret-name: static-console-plugin-tls
+  name: static-console-plugin
+  namespace: system
+spec:
+  ports:
+  - name: https
+    port: 9001
+    protocol: TCP
+    targetPort: 9001
+  selector:
+    app: static-console-plugin