Skip to content

Commit aa9e929

Browse files
nrbnrb
committed
UPSTREAM: <carry>: Regenerate manifests to include ASO
Signed-off-by: Nolan Brubaker <[email protected]>
1 parent 5e0bf6c commit aa9e929

File tree

7 files changed

+416
-2
lines changed

7 files changed

+416
-2
lines changed

openshift/infrastructure-components-openshift.yaml

Lines changed: 188 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4230,6 +4230,11 @@ spec:
42304230
type: object
42314231
x-kubernetes-map-type: atomic
42324232
type: object
4233+
certPath:
4234+
description: CertPath is the path where certificates exist. When set,
4235+
it takes precedence over ClientSecret for types that use certs like
4236+
ServicePrincipalCertificate.
4237+
type: string
42334238
clientID:
42344239
description: |-
42354240
ClientID is the service principal client ID.
@@ -15669,6 +15674,189 @@ spec:
1566915674
selector:
1567015675
control-plane: controller-manager
1567115676
---
15677+
apiVersion: apps/v1
15678+
kind: Deployment
15679+
metadata:
15680+
creationTimestamp: null
15681+
labels:
15682+
app.kubernetes.io/name: azure-service-operator
15683+
app.kubernetes.io/version: v2.8.0
15684+
cluster.x-k8s.io/provider: infrastructure-azure
15685+
clusterctl.cluster.x-k8s.io: ""
15686+
control-plane: controller-manager
15687+
name: azureserviceoperator-controller-manager
15688+
namespace: openshift-cluster-api
15689+
spec:
15690+
replicas: 1
15691+
selector:
15692+
matchLabels:
15693+
control-plane: controller-manager
15694+
strategy: {}
15695+
template:
15696+
metadata:
15697+
annotations:
15698+
kubectl.kubernetes.io/default-container: manager
15699+
target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}'
15700+
creationTimestamp: null
15701+
labels:
15702+
aadpodidbinding: aso-manager-binding
15703+
app.kubernetes.io/name: azure-service-operator
15704+
app.kubernetes.io/version: v2.8.0
15705+
control-plane: controller-manager
15706+
spec:
15707+
containers:
15708+
- args:
15709+
- --metrics-addr=:8080
15710+
- --health-addr=:8081
15711+
- --enable-leader-election
15712+
- --v=2
15713+
- --crd-management=none
15714+
- --webhook-port=9443
15715+
- --webhook-cert-dir=/tmp/k8s-webhook-server/serving-certs
15716+
env:
15717+
- name: AZURE_CLIENT_ID
15718+
valueFrom:
15719+
secretKeyRef:
15720+
key: azure_client_id
15721+
name: aso-controller-settings
15722+
- name: AZURE_CLIENT_SECRET
15723+
valueFrom:
15724+
secretKeyRef:
15725+
key: azure_client_secret
15726+
name: aso-controller-settings
15727+
optional: true
15728+
- name: AZURE_TENANT_ID
15729+
valueFrom:
15730+
secretKeyRef:
15731+
key: azure_tenant_id
15732+
name: aso-controller-settings
15733+
- name: AZURE_SUBSCRIPTION_ID
15734+
valueFrom:
15735+
secretKeyRef:
15736+
key: azure_subscription_id
15737+
name: aso-controller-settings
15738+
- name: AZURE_CLIENT_CERTIFICATE
15739+
valueFrom:
15740+
secretKeyRef:
15741+
key: AZURE_CLIENT_CERTIFICATE
15742+
name: aso-controller-settings
15743+
optional: true
15744+
- name: AZURE_CLIENT_CERTIFICATE_PASSWORD
15745+
valueFrom:
15746+
secretKeyRef:
15747+
key: AZURE_CLIENT_CERTIFICATE_PASSWORD
15748+
name: aso-controller-settings
15749+
optional: true
15750+
- name: AZURE_AUTHORITY_HOST
15751+
valueFrom:
15752+
secretKeyRef:
15753+
key: AZURE_AUTHORITY_HOST
15754+
name: aso-controller-settings
15755+
optional: true
15756+
- name: AZURE_RESOURCE_MANAGER_ENDPOINT
15757+
valueFrom:
15758+
secretKeyRef:
15759+
key: AZURE_RESOURCE_MANAGER_ENDPOINT
15760+
name: aso-controller-settings
15761+
optional: true
15762+
- name: AZURE_RESOURCE_MANAGER_AUDIENCE
15763+
valueFrom:
15764+
secretKeyRef:
15765+
key: AZURE_RESOURCE_MANAGER_AUDIENCE
15766+
name: aso-controller-settings
15767+
optional: true
15768+
- name: AZURE_TARGET_NAMESPACES
15769+
valueFrom:
15770+
secretKeyRef:
15771+
key: AZURE_TARGET_NAMESPACES
15772+
name: aso-controller-settings
15773+
optional: true
15774+
- name: AZURE_OPERATOR_MODE
15775+
valueFrom:
15776+
secretKeyRef:
15777+
key: AZURE_OPERATOR_MODE
15778+
name: aso-controller-settings
15779+
optional: true
15780+
- name: AZURE_SYNC_PERIOD
15781+
valueFrom:
15782+
secretKeyRef:
15783+
key: AZURE_SYNC_PERIOD
15784+
name: aso-controller-settings
15785+
optional: true
15786+
- name: USE_WORKLOAD_IDENTITY_AUTH
15787+
valueFrom:
15788+
secretKeyRef:
15789+
key: USE_WORKLOAD_IDENTITY_AUTH
15790+
name: aso-controller-settings
15791+
optional: true
15792+
- name: AZURE_USER_AGENT_SUFFIX
15793+
valueFrom:
15794+
secretKeyRef:
15795+
key: AZURE_USER_AGENT_SUFFIX
15796+
name: aso-controller-settings
15797+
optional: true
15798+
- name: POD_NAMESPACE
15799+
valueFrom:
15800+
fieldRef:
15801+
fieldPath: metadata.namespace
15802+
image: to.be/replaced:v99
15803+
imagePullPolicy: Always
15804+
livenessProbe:
15805+
httpGet:
15806+
path: /healthz
15807+
port: 8081
15808+
initialDelaySeconds: 60
15809+
name: manager
15810+
ports:
15811+
- containerPort: 9443
15812+
name: webhook-server
15813+
protocol: TCP
15814+
- containerPort: 8081
15815+
name: health-port
15816+
protocol: TCP
15817+
- containerPort: 8443
15818+
name: metrics-port
15819+
protocol: TCP
15820+
readinessProbe:
15821+
httpGet:
15822+
path: /readyz
15823+
port: 8081
15824+
initialDelaySeconds: 60
15825+
resources:
15826+
requests:
15827+
cpu: 10m
15828+
memory: 50Mi
15829+
securityContext:
15830+
allowPrivilegeEscalation: false
15831+
readOnlyRootFilesystem: true
15832+
terminationMessagePolicy: FallbackToLogsOnError
15833+
volumeMounts:
15834+
- mountPath: /var/run/secrets/tokens
15835+
name: azure-identity
15836+
readOnly: true
15837+
- mountPath: /tmp/k8s-webhook-server/serving-certs
15838+
name: cert
15839+
readOnly: true
15840+
nodeSelector:
15841+
kubernetes.io/os: linux
15842+
priorityClassName: system-cluster-critical
15843+
serviceAccountName: azureserviceoperator-default
15844+
terminationGracePeriodSeconds: 10
15845+
volumes:
15846+
- name: cert
15847+
secret:
15848+
defaultMode: 420
15849+
secretName: webhook-server-cert
15850+
- name: azure-identity
15851+
projected:
15852+
defaultMode: 420
15853+
sources:
15854+
- serviceAccountToken:
15855+
audience: api://AzureADTokenExchange
15856+
expirationSeconds: 3600
15857+
path: azure-identity
15858+
status: {}
15859+
---
1567215860
apiVersion: admissionregistration.k8s.io/v1
1567315861
kind: MutatingWebhookConfiguration
1567415862
metadata:

openshift/infrastructure-components.yaml

Lines changed: 182 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -713,6 +713,11 @@ spec:
713713
type: object
714714
x-kubernetes-map-type: atomic
715715
type: object
716+
certPath:
717+
description: CertPath is the path where certificates exist. When set,
718+
it takes precedence over ClientSecret for types that use certs like
719+
ServicePrincipalCertificate.
720+
type: string
716721
clientID:
717722
description: |-
718723
ClientID is the service principal client ID.
@@ -80755,6 +80760,183 @@ spec:
8075580760
---
8075680761
apiVersion: apps/v1
8075780762
kind: Deployment
80763+
metadata:
80764+
labels:
80765+
app.kubernetes.io/name: azure-service-operator
80766+
app.kubernetes.io/version: v2.8.0
80767+
control-plane: controller-manager
80768+
name: azureserviceoperator-controller-manager
80769+
namespace: capz-system
80770+
spec:
80771+
replicas: 1
80772+
selector:
80773+
matchLabels:
80774+
control-plane: controller-manager
80775+
template:
80776+
metadata:
80777+
annotations:
80778+
kubectl.kubernetes.io/default-container: manager
80779+
labels:
80780+
aadpodidbinding: aso-manager-binding
80781+
app.kubernetes.io/name: azure-service-operator
80782+
app.kubernetes.io/version: v2.8.0
80783+
control-plane: controller-manager
80784+
spec:
80785+
containers:
80786+
- args:
80787+
- --metrics-addr=:8080
80788+
- --health-addr=:8081
80789+
- --enable-leader-election
80790+
- --v=2
80791+
- --crd-management=none
80792+
- --webhook-port=9443
80793+
- --webhook-cert-dir=/tmp/k8s-webhook-server/serving-certs
80794+
env:
80795+
- name: AZURE_CLIENT_ID
80796+
valueFrom:
80797+
secretKeyRef:
80798+
key: AZURE_CLIENT_ID
80799+
name: aso-controller-settings
80800+
- name: AZURE_CLIENT_SECRET
80801+
valueFrom:
80802+
secretKeyRef:
80803+
key: AZURE_CLIENT_SECRET
80804+
name: aso-controller-settings
80805+
optional: true
80806+
- name: AZURE_TENANT_ID
80807+
valueFrom:
80808+
secretKeyRef:
80809+
key: AZURE_TENANT_ID
80810+
name: aso-controller-settings
80811+
- name: AZURE_SUBSCRIPTION_ID
80812+
valueFrom:
80813+
secretKeyRef:
80814+
key: AZURE_SUBSCRIPTION_ID
80815+
name: aso-controller-settings
80816+
- name: AZURE_CLIENT_CERTIFICATE
80817+
valueFrom:
80818+
secretKeyRef:
80819+
key: AZURE_CLIENT_CERTIFICATE
80820+
name: aso-controller-settings
80821+
optional: true
80822+
- name: AZURE_CLIENT_CERTIFICATE_PASSWORD
80823+
valueFrom:
80824+
secretKeyRef:
80825+
key: AZURE_CLIENT_CERTIFICATE_PASSWORD
80826+
name: aso-controller-settings
80827+
optional: true
80828+
- name: AZURE_AUTHORITY_HOST
80829+
valueFrom:
80830+
secretKeyRef:
80831+
key: AZURE_AUTHORITY_HOST
80832+
name: aso-controller-settings
80833+
optional: true
80834+
- name: AZURE_RESOURCE_MANAGER_ENDPOINT
80835+
valueFrom:
80836+
secretKeyRef:
80837+
key: AZURE_RESOURCE_MANAGER_ENDPOINT
80838+
name: aso-controller-settings
80839+
optional: true
80840+
- name: AZURE_RESOURCE_MANAGER_AUDIENCE
80841+
valueFrom:
80842+
secretKeyRef:
80843+
key: AZURE_RESOURCE_MANAGER_AUDIENCE
80844+
name: aso-controller-settings
80845+
optional: true
80846+
- name: AZURE_TARGET_NAMESPACES
80847+
valueFrom:
80848+
secretKeyRef:
80849+
key: AZURE_TARGET_NAMESPACES
80850+
name: aso-controller-settings
80851+
optional: true
80852+
- name: AZURE_OPERATOR_MODE
80853+
valueFrom:
80854+
secretKeyRef:
80855+
key: AZURE_OPERATOR_MODE
80856+
name: aso-controller-settings
80857+
optional: true
80858+
- name: AZURE_SYNC_PERIOD
80859+
valueFrom:
80860+
secretKeyRef:
80861+
key: AZURE_SYNC_PERIOD
80862+
name: aso-controller-settings
80863+
optional: true
80864+
- name: USE_WORKLOAD_IDENTITY_AUTH
80865+
valueFrom:
80866+
secretKeyRef:
80867+
key: USE_WORKLOAD_IDENTITY_AUTH
80868+
name: aso-controller-settings
80869+
optional: true
80870+
- name: AZURE_USER_AGENT_SUFFIX
80871+
valueFrom:
80872+
secretKeyRef:
80873+
key: AZURE_USER_AGENT_SUFFIX
80874+
name: aso-controller-settings
80875+
optional: true
80876+
- name: POD_NAMESPACE
80877+
valueFrom:
80878+
fieldRef:
80879+
fieldPath: metadata.namespace
80880+
image: mcr.microsoft.com/k8s/azureserviceoperator:v2.8.0
80881+
imagePullPolicy: Always
80882+
livenessProbe:
80883+
httpGet:
80884+
path: /healthz
80885+
port: 8081
80886+
initialDelaySeconds: 60
80887+
name: manager
80888+
ports:
80889+
- containerPort: 9443
80890+
name: webhook-server
80891+
protocol: TCP
80892+
- containerPort: 8081
80893+
name: health-port
80894+
protocol: TCP
80895+
- containerPort: 8443
80896+
name: metrics-port
80897+
protocol: TCP
80898+
readinessProbe:
80899+
httpGet:
80900+
path: /readyz
80901+
port: 8081
80902+
initialDelaySeconds: 60
80903+
resources:
80904+
limits:
80905+
cpu: 500m
80906+
memory: 512Mi
80907+
requests:
80908+
cpu: 200m
80909+
memory: 256Mi
80910+
securityContext:
80911+
allowPrivilegeEscalation: false
80912+
readOnlyRootFilesystem: true
80913+
volumeMounts:
80914+
- mountPath: /var/run/secrets/tokens
80915+
name: azure-identity
80916+
readOnly: true
80917+
- mountPath: /tmp/k8s-webhook-server/serving-certs
80918+
name: cert
80919+
readOnly: true
80920+
nodeSelector:
80921+
kubernetes.io/os: linux
80922+
serviceAccountName: azureserviceoperator-default
80923+
terminationGracePeriodSeconds: 10
80924+
volumes:
80925+
- name: cert
80926+
secret:
80927+
defaultMode: 420
80928+
secretName: webhook-server-cert
80929+
- name: azure-identity
80930+
projected:
80931+
defaultMode: 420
80932+
sources:
80933+
- serviceAccountToken:
80934+
audience: api://AzureADTokenExchange
80935+
expirationSeconds: 3600
80936+
path: azure-identity
80937+
---
80938+
apiVersion: apps/v1
80939+
kind: Deployment
8075880940
metadata:
8075980941
labels:
8076080942
cluster.x-k8s.io/provider: infrastructure-azure

0 commit comments

Comments
 (0)