WIP: Add openshift resources

Signed-off-by: Todd Short <[email protected]>

Author: tmshort

helm/olmv1/templates/_helpers.tpl

@@ -64,4 +64,14 @@ catalogd
 {{- else -}}
 olmv1
 {{- end -}}
-{{- end -}}
+{{- end -}}
+
+{{/*
+When rendering with OpenShift, only one of the main components (catalogd, operatorController)
+should be enabled
+*/}}
+{{- if .Values.options.openshift.enabled -}}
+{{- if and .Values.options.catalogd.enabled .Values.options.operatorController.enabled -}}
+{{- fail "When rendering Openshift, only one of {catalogd, operatorController} should also be enabled" -}}
+{{- end -}}
+{{- end -}}

helm/olmv1/templates/metrics_monitor_role.yaml

@@ -0,0 +1,25 @@
+{{- if .Values.options.openshift.enabled -}}
+{{- if or .Values.options.catalogd.enabled .Values.options.operatorController.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  annotations:
+    {{- include "olmv1.annotations" . | nindent 4 }}
+  labels:
+    app.kubernetes.io/name: {{ include "olmv1.label.name" . }}
+    {{- include "olmv1.labels" . | nindent 4 }}
+  name: {{ include "olmv1.label.name" . -}}-metrics-monitor-role
+  namespace: {{ .Values.namespaces.olmv1.name }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - services
+      - endpoints
+      - pods
+    verbs:
+      - get
+      - list
+      - watch
+{{- end -}}
+{{- end -}}

helm/olmv1/templates/metrics_monitor_rolebinding.yaml

@@ -0,0 +1,22 @@
+{{- if .Values.options.openshift.enabled -}}
+{{- if or .Values.options.catalogd.enabled .Values.options.operatorController.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations:
+    {{- include "olmv1.annotations" . | nindent 4 }}
+  labels:
+    app.kubernetes.io/name: {{ include "olmv1.label.name" . }}
+    {{- include "olmv1.labels" . | nindent 4 }}
+  name: {{ include "olmv1.label.name" . -}}-metrics-monitor-rolebinding
+  namespace: {{ .Values.namespaces.olmv1.name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "olmv1.label.name" . -}}-metrics-monitor-role
+subjects:
+  - kind: ServiceAccount
+    name: prometheus-k8s
+    namespace: openshift-monitoring
+{{- end -}}
+{{- end -}}

helm/olmv1/templates/metrics_monitor_servicemonitor.yaml

@@ -0,0 +1,33 @@
+{{- if .Values.options.openshift.enabled -}}
+{{- if or .Values.options.catalogd.enabled .Values.options.operatorController.enabled -}}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  annotations:
+    {{- include "olmv1.annotations" . | nindent 4 }}
+  labels:
+    openshift.io/cluster-monitoring: 'true'
+    app.kubernetes.io/name: {{ include "olmv1.label.name" . }}
+    {{- include "olmv1.labels" . | nindent 4 }}
+  name: {{ include "olmv1.label.name" . -}}-metrics-monitor
+  namespace: {{ .Values.namespaces.olmv1.name }}
+spec:
+  endpoints:
+    - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+      interval: 30s
+      path: /metrics
+      port: metrics
+      scheme: https
+      tlsConfig:
+        caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt
+        certFile: /etc/prometheus/secrets/metrics-client-certs/tls.crt
+        keyFile: /etc/prometheus/secrets/metrics-client-certs/tls.key
+        serverName: {{ include "olmv1.label.name" . -}}-service.{{ .Values.namespaces.olmv1.name }}.svc
+  namespaceSelector:
+    matchNames:
+      - {{ .Values.namespaces.olmv1.name }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "olmv1.label.name" . }}
+{{- end -}}
+{{- end -}}

helm/olmv1/templates/openshift-certified-operators.yaml

@@ -0,0 +1,13 @@
+{{- if and .Values.options.openshift.enabled .Values.options.catalogd.enabled -}}
+apiVersion: olm.operatorframework.io/v1
+kind: ClusterCatalog
+metadata:
+  name: openshift-certified-operators
+spec:
+  priority: -200
+  source:
+    type: Image
+    image:
+      pollIntervalMinutes: 10
+      ref: registry.redhat.io/redhat/certified-operator-index:v4.19
+{{- end -}}

helm/olmv1/templates/openshift-community-operators.yaml

@@ -0,0 +1,13 @@
+{{- if and .Values.options.openshift.enabled .Values.options.catalogd.enabled -}}
+apiVersion: olm.operatorframework.io/v1
+kind: ClusterCatalog
+metadata:
+  name: openshift-community-operators
+spec:
+  priority: -400
+  source:
+    type: Image
+    image:
+      pollIntervalMinutes: 10
+      ref: registry.redhat.io/redhat/community-operator-index:v4.19
+{{- end -}}

helm/olmv1/templates/openshift-config_manager_role.yaml

@@ -0,0 +1,24 @@
+{{- if .Values.options.openshift.enabled -}}
+{{- if or .Values.options.catalogd.enabled .Values.options.operatorController.enabled -}}
+# permissions to do leader election.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  annotations:
+    {{- include "olmv1.annotations" . | nindent 4 }}
+  labels:
+    app.kubernetes.io/name: {{ include "olmv1.label.name" . }}
+    {{- include "olmv1.labels" . | nindent 4 }}
+  name: {{ include "olmv1.label.name" . -}}-manager-role
+  namespace: openshift-config
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+{{- end -}}
+{{- end -}}

helm/olmv1/templates/openshift-config_manager_rolebinding.yaml

@@ -0,0 +1,22 @@
+{{- if .Values.options.openshift.enabled -}}
+{{- if or .Values.options.catalogd.enabled .Values.options.operatorController.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations:
+    {{- include "olmv1.annotations" . | nindent 4 }}
+  labels:
+    app.kubernetes.io/name: {{ include "olmv1.label.name" . }}
+    {{- include "olmv1.labels" . | nindent 4 }}
+  name: {{ include "olmv1.label.name" . -}}-manager-rolebinding
+  namespace: openshift-config
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "olmv1.label.name" . -}}-manager-role
+subjects:
+- kind: ServiceAccount
+  name: {{ include "olmv1.label.name" . -}}-controller-manager
+  namespace: {{ .Values.namespaces.olmv1.name }}
+{{- end -}}
+{{- end -}}

helm/olmv1/templates/openshift-redhat-marketplace.yaml

@@ -0,0 +1,13 @@
+{{- if and .Values.options.openshift.enabled .Values.options.catalogd.enabled -}}
+apiVersion: olm.operatorframework.io/v1
+kind: ClusterCatalog
+metadata:
+  name: openshift-redhat-marketplace
+spec:
+  priority: -300
+  source:
+    type: Image
+    image:
+      pollIntervalMinutes: 10
+      ref: registry.redhat.io/redhat/redhat-marketplace-index:v4.19
+{{- end -}}

helm/olmv1/templates/openshift-redhat-operators.yaml

@@ -0,0 +1,13 @@
+{{- if and .Values.options.openshift.enabled .Values.options.catalogd.enabled -}}
+apiVersion: olm.operatorframework.io/v1
+kind: ClusterCatalog
+metadata:
+  name: openshift-redhat-operators
+spec:
+  priority: -100
+  source:
+    type: Image
+    image:
+      pollIntervalMinutes: 10
+      ref: registry.redhat.io/redhat/redhat-operator-index:v4.19
+{{- end -}}