snyk
diff --git a/‎snyk-monitor/templates/deployment.yaml‎
Lines changed: 1 addition & 1 deletion b/‎snyk-monitor/templates/deployment.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎snyk-operator-certified/Dockerfile‎
Lines changed: 15 additions & 0 deletions b/‎snyk-operator-certified/Dockerfile‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎snyk-operator-certified/LICENSE‎
Lines changed: 14 additions & 0 deletions b/‎snyk-operator-certified/LICENSE‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎snyk-operator-certified/Makefile‎
Lines changed: 92 additions & 0 deletions b/‎snyk-operator-certified/Makefile‎
Lines changed: 92 additions & 0 deletions
diff --git a/‎snyk-operator-certified/PROJECT‎
Lines changed: 8 additions & 0 deletions b/‎snyk-operator-certified/PROJECT‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎snyk-operator-certified/README.md‎
Lines changed: 69 additions & 0 deletions b/‎snyk-operator-certified/README.md‎
Lines changed: 69 additions & 0 deletions
diff --git a/‎snyk-operator-certified/bundle.Dockerfile‎
Lines changed: 23 additions & 0 deletions b/‎snyk-operator-certified/bundle.Dockerfile‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎snyk-operator-certified/bundle/manifests/charts.snyk.io_snykmonitors.yaml‎
Lines changed: 82 additions & 0 deletions b/‎snyk-operator-certified/bundle/manifests/charts.snyk.io_snykmonitors.yaml‎
Lines changed: 82 additions & 0 deletions
diff --git a/‎snyk-operator-certified/bundle/manifests/snyk-monitor-controller-manager-metrics-service_v1_service.yaml‎
Lines changed: 16 additions & 0 deletions b/‎snyk-operator-certified/bundle/manifests/snyk-monitor-controller-manager-metrics-service_v1_service.yaml‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎snyk-operator-certified/bundle/manifests/snyk-monitor-metrics-reader_rbac.authorization.k8s.io_v1beta1_clusterrole.yaml‎
Lines changed: 10 additions & 0 deletions b/‎snyk-operator-certified/bundle/manifests/snyk-monitor-metrics-reader_rbac.authorization.k8s.io_v1beta1_clusterrole.yaml‎
Lines changed: 10 additions & 0 deletions
@@ -43,7 +43,7 @@ spec:
       initContainers:
         - name: volume-permissions
           image: "{{ .Values.initContainerImage.repository }}:{{ .Values.initContainerImage.tag }}"
-          command : ['sh', '-c', 'chmod -R go+rwX /var/tmp || true']
+          command: ['sh', '-c', 'chmod -R go+rwX /var/tmp || true']
           volumeMounts:
             - name: temporary-storage
               mountPath: "/var/tmp"
 
@@ -0,0 +1,15 @@
+# Build the manager binary
+FROM quay.io/operator-framework/helm-operator:v1.8.0
+
+LABEL name="Snyk Operator" \
+      maintainer="[email protected]" \
+      vendor="Snyk Ltd" \
+      summary="Snyk Operator for Snyk Controller" \
+      description="Snyk Controller enables you to import and test your running workloads and identify vulnerabilities in their associated images and configurations that might make those workloads less secure."
+
+ENV HOME=/opt/helm
+
+COPY LICENSE /licenses/LICENSE
+COPY watches.yaml ${HOME}/watches.yaml
+COPY helm-charts  ${HOME}/helm-charts
+WORKDIR ${HOME}
@@ -0,0 +1,14 @@
+Copyright 2019 Snyk Ltd.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
@@ -0,0 +1,92 @@
+# Current Operator version
+VERSION ?= 1.64.1
+# Default bundle image tag
+BUNDLE_IMG ?= snyk/snyk-operator-bundle:$(VERSION)
+# Options for 'bundle-build'
+ifneq ($(origin CHANNELS), undefined)
+BUNDLE_CHANNELS := --channels=$(CHANNELS)
+endif
+ifneq ($(origin DEFAULT_CHANNEL), undefined)
+BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL)
+endif
+BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL)
+
+# Image URL to use all building/pushing image targets
+IMG ?= snyk/snyk-operator:$(VERSION)
+
+all: docker-build
+
+# Run against the configured Kubernetes cluster in ~/.kube/config
+run: helm-operator
+	$(HELM_OPERATOR) run
+
+# Install CRDs into a cluster
+install: kustomize
+	$(KUSTOMIZE) build config/crd | kubectl apply -f -
+
+# Uninstall CRDs from a cluster
+uninstall: kustomize
+	$(KUSTOMIZE) build config/crd | kubectl delete -f -
+
+# Deploy controller in the configured Kubernetes cluster in ~/.kube/config
+deploy: kustomize
+	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	$(KUSTOMIZE) build config/default | kubectl apply -f -
+
+# Undeploy controller in the configured Kubernetes cluster in ~/.kube/config
+undeploy: kustomize
+	$(KUSTOMIZE) build config/default | kubectl delete -f -
+
+# Build the docker image
+docker-build:
+	docker build . -t ${IMG}
+
+# Push the docker image
+docker-push:
+	docker push ${IMG}
+
+PATH  := $(PATH):$(PWD)/bin
+# SHELL := env PATH=$(PATH) /bin/sh
+OS    = $(shell uname -s | tr '[:upper:]' '[:lower:]')
+ARCH  = $(shell uname -m | sed 's/x86_64/amd64/')
+OSOPER   = $(shell uname -s | tr '[:upper:]' '[:lower:]' | sed 's/darwin/apple-darwin/' | sed 's/linux/linux-gnu/')
+ARCHOPER = $(shell uname -m )
+
+kustomize:
+ifeq (, $(shell which kustomize 2>/dev/null))
+	@{ \
+	set -e ;\
+	mkdir -p bin ;\
+	curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v3.5.4/kustomize_v3.5.4_$(OS)_$(ARCH).tar.gz | tar xzf - -C bin/ ;\
+	}
+KUSTOMIZE=$(realpath ./bin/kustomize)
+else
+KUSTOMIZE=$(shell which kustomize)
+endif
+
+helm-operator:
+ifeq (, $(shell which helm-operator 2>/dev/null))
+	@{ \
+	set -e ;\
+	mkdir -p bin ;\
+	curl -LO https://github.com/operator-framework/operator-sdk/releases/download/v1.8.0/helm-operator-v1.8.0-$(ARCHOPER)-$(OSOPER) ;\
+	mv helm-operator-v1.1.0-$(ARCHOPER)-$(OSOPER) ./bin/helm-operator ;\
+	chmod +x ./bin/helm-operator ;\
+	}
+HELM_OPERATOR=$(realpath ./bin/helm-operator)
+else
+HELM_OPERATOR=$(shell which helm-operator)
+endif
+
+# Generate bundle manifests and metadata, then validate generated files.
+.PHONY: bundle
+bundle: kustomize
+	operator-sdk generate kustomize manifests -q
+	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
+	$(KUSTOMIZE) build config/manifests | operator-sdk generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS)
+	operator-sdk bundle validate ./bundle
+
+# Build the bundle image.
+.PHONY: bundle-build
+bundle-build:
+	docker build -f bundle.Dockerfile -t $(BUNDLE_IMG) .
@@ -0,0 +1,8 @@
+domain: snyk.io
+layout: helm.sdk.operatorframework.io/v1
+projectName: snyk-monitor
+resources:
+- group: charts.snyk.io/v1alpha1
+  kind: SnykMonitor
+  version: v1alpha1
+version: 3-alpha
@@ -0,0 +1,69 @@
+# snyk-operator
+
+```sh
+curl -Lo opm https://github.com/operator-framework/operator-registry/releases/download/v1.17.3/darwin-amd64-opm
+chmod +x opm
+```
+
+```sh
+export VERSION=1.64.1-pre0
+make docker-build
+docker tag snyk/snyk-operator-bundle:$VERSION <operator-certification-repo>:$VERSION
+docker push registry.connect.redhat.com/snyk/kubernetes-operator:$VERSION
+
+make bundle-build
+docker tag snyk/snyk-operator-bundle:$VERSION <bundle-certification-repo>:$VERSION
+docker push <bundle-certification-repo>:$VERSION
+
+./opm index add -c docker --bundles snyk/snyk-operator-bundle:$VERSION --tag snyk/snyk-operator-index:$VERSION
+```
+
+```yaml
+apiVersion: operators.coreos.com/v1alpha1
+kind: CatalogSource
+metadata:
+  name: snyk-operator
+  namespace: openshift-marketplace
+spec:
+  sourceType: grpc
+  image: docker.io/snyk/snyk-operator-index:1.64.1
+  displayName: Snyk Operator Bundle
+  publisher: Snyk Ltd.
+  updateStrategy:
+    registryPoll:
+      interval: 1m
+```
+
+```yaml
+apiVersion: charts.snyk.io/v1alpha1 # this has changed, used to be "charts.helm.k8s.io/v1alpha1"
+kind: SnykMonitor
+metadata:
+  name: snyk-monitor
+  namespace: snyk-monitor
+spec:
+  integrationApi: https://kubernetes-upstream.dev.snyk.io
+  temporaryStorageSize: 20Gi
+  pvc:
+    enabled: true
+---
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: snyk-operator
+  namespace: snyk-monitor
+spec:
+  targetNamespaces:
+    - snyk-monitor
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: snyk-operator
+  namespace: snyk-monitor
+spec:
+  channel: stable
+  name: snyk-operator-marketplace # this has changed, used to be "snyk-operator"
+  installPlanApproval: Automatic
+  source: snyk-operator
+  sourceNamespace: openshift-marketplace
+```
@@ -0,0 +1,23 @@
+FROM scratch
+
+LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1
+LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
+LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
+LABEL operators.operatorframework.io.bundle.package.v1=snyk-operator-marketplace
+LABEL operators.operatorframework.io.bundle.channels.v1=stable
+LABEL operators.operatorframework.io.bundle.channel.default.v1=stable
+LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.3.0
+LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
+LABEL operators.operatorframework.io.metrics.project_layout=helm.sdk.operatorframework.io/v1
+LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/
+LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1
+
+# Labels added in accord with the documentation
+# https://redhat-connect.gitbook.io/certified-operator-guide/ocp-deployment/operator-metadata/bundle-directory/managing-openshift-versions
+LABEL com.redhat.openshift.versions="v4.5-v4.7"
+LABEL com.redhat.delivery.operator.bundle=true
+LABEL com.redhat.delivery.backport=true
+
+COPY bundle/manifests /manifests/
+COPY bundle/metadata /metadata/
+COPY bundle/tests/scorecard /tests/scorecard/
@@ -0,0 +1,82 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: snykmonitors.charts.snyk.io
+spec:
+  group: charts.snyk.io
+  names:
+    kind: SnykMonitor
+    listKind: SnykMonitorList
+    plural: snykmonitors
+    singular: snykmonitor
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      description: SnykMonitor is the Schema for the snykmonitors API
+      type: object
+      properties:
+        apiVersion:
+          description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
+          type: string
+        kind:
+          description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
+          type: string
+        metadata:
+          type: object
+        spec:
+          description: Spec defines the desired state of SnykMonitor
+          type: object
+          x-kubernetes-preserve-unknown-fields: true
+          properties:
+            monitorSecrets:
+              description: >-
+                The name of the secret object that stores the Snyk controller secrets.
+                The secret needs to contain the following data fields:
+                - integrationId
+                - dockercfg.json
+              type: string
+            image:
+              properties:
+                pullPolicy:
+                  type: string
+                image:
+                  type: string
+              type: object
+            scope:
+              type: string
+            clusterName:
+              type: string
+            integrationApi:
+              type: string
+            temporaryStorageSize:
+              type: string
+            pvc:
+              properties:
+                enabled:
+                  type: boolean
+                name:
+                  type: string
+              type: object
+            initContainerImage:
+              properties:
+                image:
+                  type: string
+                pullPolicy:
+                  type: string
+              type: object
+        status:
+          description: Status defines the observed state of SnykMonitor
+          type: object
+          x-kubernetes-preserve-unknown-fields: true
+  versions:
+    - name: v1alpha1
+      served: true
+      storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: null
+  storedVersions: null
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  creationTimestamp: null
+  labels:
+    control-plane: controller-manager
+  name: snyk-monitor-controller-manager-metrics-service
+spec:
+  ports:
+  - name: https
+    port: 8443
+    targetPort: https
+  selector:
+    control-plane: controller-manager
+status:
+  loadBalancer: {}
@@ -0,0 +1,10 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  name: snyk-monitor-metrics-reader
+rules:
+- nonResourceURLs:
+  - /metrics
+  verbs:
+  - get