Skip to content

Commit 6c02a7f

Browse files
ecordellecordell
authored
Merge pull request #545 from jboyd01/initial-rework-on-csv
use OpenShift's ServiceCatalog build, update rbac + more
2 parents 88da44e + 7f24f13 commit 6c02a7f

File tree

1 file changed

+71
-94
lines changed

1 file changed

+71
-94
lines changed

deploy/chart/catalog_resources/rh-operators/svcat.v0.1.34.clusterserviceversion.yaml

Lines changed: 71 additions & 94 deletions
Original file line numberDiff line numberDiff line change
@@ -23,28 +23,28 @@ spec:
2323
strategy: deployment
2424
spec:
2525
permissions:
26-
- serviceAccountName: svcat-controller-manager
26+
- serviceAccountName: service-catalog-controller
2727
rules:
2828
- apiGroups: [""]
2929
resources: ["configmaps"]
3030
resourceNames: ["cluster-info"]
3131
verbs: ["get","create","list","watch","update"]
32-
- apiGroups: [""]
33-
resources: ["configmaps"]
34-
verbs: ["create"]
32+
- apiGroups: [""]
33+
resources: ["configmaps"]
34+
verbs: ["create", "list", "watch", "get", "update"]
3535
- apiGroups: [""]
3636
resources: ["configmaps"]
3737
resourceNames: ["service-catalog-controller-manager"]
3838
verbs: ["get","update"]
3939
clusterPermissions:
40-
- serviceAccountName: svcat-controller-manager
40+
- serviceAccountName: service-catalog-controller
4141
rules:
4242
- apiGroups: [""]
4343
resources: ["events"]
4444
verbs: ["create","patch","update"]
4545
- apiGroups: [""]
4646
resources: ["secrets"]
47-
verbs: ["get","create","update","delete"]
47+
verbs: ["get","create","update","delete","list","watch","patch"]
4848
- apiGroups: [""]
4949
resources: ["pods"]
5050
verbs: ["get","list","update", "patch", "watch", "delete", "initialize"]
@@ -80,6 +80,10 @@ spec:
8080
verbs: ["update"]
8181
- serviceAccountName: service-catalog-apiserver
8282
rules:
83+
- apiGroups: [""]
84+
resources: ["configmaps"]
85+
resourceNames: ["extension-apiserver-authentication"]
86+
verbs: ["get"]
8387
- apiGroups: [""]
8488
resources: ["namespaces"]
8589
verbs: ["get", "list", "watch"]
@@ -96,24 +100,25 @@ spec:
96100
resources: ["subjectaccessreviews"]
97101
verbs: ["create"]
98102
deployments:
99-
- name: svcat-catalog-apiserver
103+
- name: apiserver
100104
spec:
101105
replicas: 1
102106
strategy:
103107
type: RollingUpdate
104108
selector:
105109
matchLabels:
106-
app: svcat-catalog-apiserver
110+
app: apiserver
107111
template:
108112
metadata:
109113
labels:
110-
app: svcat-catalog-apiserver
114+
app: apiserver
111115
spec:
112-
serviceAccountName: "service-catalog-apiserver"
116+
serviceAccountName: service-catalog-apiserver
113117
containers:
114118
- name: apiserver
115-
image: quay.io/kubernetes-service-catalog/service-catalog:v0.1.34
116-
imagePullPolicy: Always
119+
image: registry.reg-aws.openshift.com:443/openshift/ose-service-catalog:v4.0.0
120+
imagePullPolicy: IfNotPresent
121+
command: ["/usr/bin/service-catalog"]
117122
resources:
118123
limits:
119124
cpu: 100m
@@ -130,11 +135,11 @@ spec:
130135
- --etcd-servers
131136
- http://localhost:2379
132137
- -v
133-
- "10"
138+
- "3"
134139
- --feature-gates
135140
- OriginatingIdentity=true
136141
- --feature-gates
137-
- ServicePlanDefaults=false
142+
- NamespacedServiceBroker=true
138143
ports:
139144
- containerPort: 5443
140145
volumeMounts:
@@ -146,20 +151,20 @@ spec:
146151
path: /healthz
147152
scheme: HTTPS
148153
failureThreshold: 1
149-
initialDelaySeconds: 10
150-
periodSeconds: 10
154+
initialDelaySeconds: 30
155+
periodSeconds: 5
151156
successThreshold: 1
152-
timeoutSeconds: 2
157+
timeoutSeconds: 5
153158
livenessProbe:
154159
httpGet:
155160
port: 5443
156161
path: /healthz
157162
scheme: HTTPS
158163
failureThreshold: 3
159-
initialDelaySeconds: 10
164+
initialDelaySeconds: 30
160165
periodSeconds: 10
161166
successThreshold: 1
162-
timeoutSeconds: 2
167+
timeoutSeconds: 5
163168
- name: etcd
164169
image: quay.io/coreos/etcd:latest
165170
imagePullPolicy: Always
@@ -189,40 +194,41 @@ spec:
189194
port: 2379
190195
path: /health
191196
failureThreshold: 1
192-
initialDelaySeconds: 10
193-
periodSeconds: 10
197+
initialDelaySeconds: 30
198+
periodSeconds: 5
194199
successThreshold: 1
195-
timeoutSeconds: 2
200+
timeoutSeconds: 5
196201
livenessProbe:
197202
httpGet:
198203
port: 2379
199204
path: /health
200205
failureThreshold: 3
201-
initialDelaySeconds: 10
206+
initialDelaySeconds: 30
202207
periodSeconds: 10
203208
successThreshold: 1
204-
timeoutSeconds: 2
209+
timeoutSeconds: 5
205210
volumes:
206211
- name: etcd-data-dir
207212
emptyDir: {}
208-
- name: svcat-controller-manager
213+
- name: controller-manager
209214
spec:
210215
replicas: 1
211216
strategy:
212217
type: RollingUpdate
213218
selector:
214219
matchLabels:
215-
app: svcat-controller-manager
220+
app: controller-manager
216221
template:
217222
metadata:
218223
labels:
219-
app: svcat-controller-manager
224+
app: controller-manager
220225
spec:
221-
serviceAccountName: svcat-controller-manager
226+
serviceAccountName: service-catalog-controller
222227
containers:
223228
- name: controller-manager
224-
image: quay.io/kubernetes-service-catalog/service-catalog:v0.1.34
225-
imagePullPolicy: Always
229+
image: registry.reg-aws.openshift.com:443/openshift/ose-service-catalog:v4.0.0
230+
imagePullPolicy: IfNotPresent
231+
command: ["/usr/bin/service-catalog"]
226232
resources:
227233
limits:
228234
cpu: 100m
@@ -239,18 +245,21 @@ spec:
239245
- controller-manager
240246
- --secure-port
241247
- "8444"
242-
- "--cluster-id-configmap-namespace=default"
243-
- "--leader-elect=false"
244248
- -v
245-
- "10"
246-
- --resync-interval
247-
- 5m
249+
- "3"
250+
- --leader-election-namespace
251+
- kube-service-catalog
252+
- --leader-elect-resource-lock
253+
- configmaps
254+
- --cluster-id-configmap-namespace=kube-service-catalog
248255
- --broker-relist-interval
249-
- 24h
256+
- "5m"
250257
- --feature-gates
251-
- OriginatingIdentity=true
258+
- "OriginatingIdentity=true"
259+
- --feature-gates
260+
- "AsyncBindingOperations=true"
252261
- --feature-gates
253-
- ServicePlanDefaults=false
262+
- "NamespacedServiceBroker=true"
254263
ports:
255264
- containerPort: 8444
256265
readinessProbe:
@@ -273,6 +282,22 @@ spec:
273282
periodSeconds: 10
274283
successThreshold: 1
275284
timeoutSeconds: 2
285+
# The following apiservice-cert is borrowed from the apiservice - it should be
286+
# replaced with one specific for the controller manager. How to create service
287+
# for controller manager??
288+
volumeMounts:
289+
- name: apiservice-cert
290+
mountPath: /var/run/kubernetes-service-catalog
291+
volumes:
292+
- name: apiservice-cert
293+
secret:
294+
defaultMode: 420
295+
items:
296+
- key: tls.crt
297+
path: apiserver.crt
298+
- key: tls.key
299+
path: apiserver.key
300+
secretName: v1beta1.servicecatalog.k8s.io-cert
276301
maturity: alpha
277302
version: 0.1.34
278303
apiservicedefinitions:
@@ -282,102 +307,54 @@ spec:
282307
kind: ClusterServiceClass
283308
displayName: ClusterServiceClass
284309
description: A service catalog resource
285-
deploymentName: svcat-catalog-apiserver
310+
deploymentName: apiserver
286311
containerPort: 5443
287312
- group: servicecatalog.k8s.io
288313
version: v1beta1
289314
kind: ClusterServicePlan
290315
displayName: ClusterServicePlan
291316
description: A service catalog resource
292-
deploymentName: svcat-catalog-apiserver
317+
deploymentName: apiserver
293318
containerPort: 5443
294319
- group: servicecatalog.k8s.io
295320
version: v1beta1
296321
kind: ClusterServiceBroker
297322
displayName: ClusterServiceBroker
298323
description: A service catalog resource
299-
deploymentName: svcat-catalog-apiserver
324+
deploymentName: apiserver
300325
containerPort: 5443
301326
- group: servicecatalog.k8s.io
302327
version: v1beta1
303328
kind: ServiceInstance
304329
displayName: ServiceInstance
305330
description: A service catalog resource
306-
deploymentName: svcat-catalog-apiserver
331+
deploymentName: apiserver
307332
containerPort: 5443
308333
- group: servicecatalog.k8s.io
309334
version: v1beta1
310335
kind: ServiceBinding
311336
displayName: ServiceBinding
312337
description: A service catalog resource
313-
deploymentName: svcat-catalog-apiserver
338+
deploymentName: apiserver
314339
containerPort: 5443
315340
- group: servicecatalog.k8s.io
316341
version: v1beta1
317342
kind: ServiceClass
318343
displayName: ServiceClass
319344
description: A service catalog resource
320-
deploymentName: svcat-catalog-apiserver
345+
deploymentName: apiserver
321346
containerPort: 5443
322347
- group: servicecatalog.k8s.io
323348
version: v1beta1
324349
kind: ServicePlan
325350
displayName: ServicePlan
326351
description: A service catalog resource
327-
deploymentName: svcat-catalog-apiserver
352+
deploymentName: apiserver
328353
containerPort: 5443
329354
- group: servicecatalog.k8s.io
330355
version: v1beta1
331356
kind: ServiceBroker
332357
displayName: ServiceBroker
333358
description: A service catalog resource
334-
deploymentName: svcat-catalog-apiserver
359+
deploymentName: apiserver
335360
containerPort: 5443
336-
customresourcedefinitions:
337-
required:
338-
- name: etcdclusters.etcd.database.coreos.com
339-
version: v1beta2
340-
kind: EtcdCluster
341-
displayName: etcd Cluster
342-
description: Represents a cluster of etcd nodes.
343-
resources:
344-
- kind: Service
345-
version: v1
346-
- kind: Pod
347-
version: v1
348-
specDescriptors:
349-
- description: The desired number of member Pods for the etcd cluster.
350-
displayName: Size
351-
path: size
352-
x-descriptors:
353-
- 'urn:alm:descriptor:com.tectonic.ui:podCount'
354-
statusDescriptors:
355-
- description: The status of each of the member Pods for the etcd cluster.
356-
displayName: Member Status
357-
path: members
358-
x-descriptors:
359-
- 'urn:alm:descriptor:com.tectonic.ui:podStatuses'
360-
- description: The service at which the running etcd cluster can be accessed.
361-
displayName: Service
362-
path: service
363-
x-descriptors:
364-
- 'urn:alm:descriptor:io.kubernetes:Service'
365-
- description: The current size of the etcd cluster.
366-
displayName: Cluster Size
367-
path: size
368-
- description: The current version of the etcd cluster.
369-
displayName: Current Version
370-
path: currentVersion
371-
- description: 'The target version of the etcd cluster, after upgrading.'
372-
displayName: Target Version
373-
path: targetVersion
374-
- description: The current status of the etcd cluster.
375-
displayName: Status
376-
path: phase
377-
x-descriptors:
378-
- 'urn:alm:descriptor:io.kubernetes.phase'
379-
- description: Explanation for the current status of the cluster.
380-
displayName: Status Details
381-
path: reason
382-
x-descriptors:
383-
- 'urn:alm:descriptor:io.kubernetes.phase:reason'

0 commit comments

Comments
 (0)