├── .github ├── operator-release-files │ ├── licenses │ │ ├── ELA.pdf │ │ └── LICENSE │ ├── operatorhub-bundle │ │ ├── hazelcast-enterprise-operator.package-template.yaml │ │ ├── hazelcast-enterprise-operator.vOPERATOR_VERSION.clusterserviceversion.yaml │ │ ├── hazelcast-operator.package-template.yaml │ │ ├── hazelcast-operator.vOPERATOR_VERSION.clusterserviceversion.yaml │ │ ├── hazelcastenterprises.hazelcast.com.crd.yaml │ │ └── hazelcasts.hazelcast.com.crd.yaml │ └── rhel-operator-bundle │ │ ├── hazelcast-enterprise-operator.package-template.yaml │ │ ├── hazelcast-enterprise-operator.vOPERATOR_VERSION.clusterserviceversion.yaml │ │ └── hazelcastenterprises.hazelcast.com.crd.yaml ├── scripts │ ├── clean-up.sh │ ├── cluster-verification.sh │ ├── expect.sh │ ├── publish-rhel.sh │ └── smoke-test.sh └── workflows │ ├── hz-enterprise-op-rhel-release.yaml │ └── hz-op-dockerhub-release.yml ├── LICENSE ├── README.md ├── hazelcast-enterprise-operator ├── README.md ├── bundle-rhel.yaml ├── bundle.yaml ├── hazelcast-full.yaml ├── hazelcast-rbac.yaml ├── hazelcast.yaml ├── hazelcastcluster.crd.yaml ├── operator-docker-hub.yaml ├── operator-rbac.yaml ├── operator-rhel.yaml └── secret.yaml ├── hazelcast-operator ├── README.md ├── bundle.yaml ├── hazelcast-full.yaml ├── hazelcast-rbac.yaml ├── hazelcast.yaml ├── hazelcastcluster.crd.yaml ├── operator-rbac.yaml └── operator.yaml └── markdown └── management-center.png /.github/operator-release-files/licenses/ELA.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hazelcast/hazelcast-operator/d3564675d74f17126f1489642ce2f3a96ace918d/.github/operator-release-files/licenses/ELA.pdf -------------------------------------------------------------------------------- /.github/operator-release-files/licenses/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright hazelcast all rights reserved. And then software to be used in conjunction with the license provided to you by Hazelcast. 2 | 3 | We have Master License Agreements with companies. They are usually custom. So those licenses cannot be embedded in a directory in the bundle. 4 | 5 | The license key, either trial or subscription, also needs to be added to the software at runtime. -------------------------------------------------------------------------------- /.github/operator-release-files/operatorhub-bundle/hazelcast-enterprise-operator.package-template.yaml: -------------------------------------------------------------------------------- 1 | channels: 2 | - currentCSV: hazelcast-enterprise-operator.vOPERATOR_VERSION 3 | name: alpha 4 | defaultChannel: alpha 5 | packageName: hazelcast-enterprise-operator 6 | -------------------------------------------------------------------------------- /.github/operator-release-files/operatorhub-bundle/hazelcast-enterprise-operator.vOPERATOR_VERSION.clusterserviceversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: ClusterServiceVersion 3 | metadata: 4 | annotations: 5 | alm-examples: |- 6 | [{ 7 | "apiVersion": "hazelcast.com/v1alpha1", 8 | "kind": "HazelcastEnterprise", 9 | "metadata": { 10 | "name": "hz" 11 | }, 12 | "spec": { 13 | "hazelcast": { 14 | "licenseKeySecretName": "hz-license-key-secret" 15 | }, 16 | "securityContext": { 17 | "runAsUser": "", 18 | "runAsGroup": "", 19 | "fsGroup": "" 20 | } 21 | } 22 | }] 23 | capabilities: Seamless Upgrades 24 | categories: Database 25 | certified: "false" 26 | containerImage: hazelcast/hazelcast-enterprise-operator:OPERATOR_VERSION 27 | createdAt: RELEASE_DATE 28 | description: Install Hazelcast Enterprise cluster. 29 | repository: https://github.com/hazelcast/hazelcast-operator 30 | support: Hazelcast, Inc 31 | name: hazelcast-enterprise-operator.vOPERATOR_VERSION 32 | namespace: placeholder 33 | spec: 34 | customresourcedefinitions: 35 | owned: 36 | - description: Hazelcast Enterprise cluster. 37 | displayName: Hazelcast Enterprise 38 | group: hazelcast.com 39 | kind: HazelcastEnterprise 40 | name: hazelcastenterprises.hazelcast.com 41 | version: v1alpha1 42 | description: | 43 | Hazelcast IMDG Enterprise is the most widely used in-memory data grid with hundreds of thousands of installed clusters around the world. It offers caching solutions ensuring that data is in the right place when it’s needed for optimal performance. 44 | 45 | ### Before Your Start 46 | 47 | You need Hazelcast Enterprise License Key. If you don't have one, get a trial key from this [link](https://hazelcast.com/hazelcast-enterprise-download/trial/). 48 | 49 | ### Installation Guide & Configuration 50 | 51 | For the complete installation guide and all configuration options please refer to [Hazelcast OperatorHub Deployment Instructions](https://github.com/hazelcast/hazelcast-operator/tree/master/hazelcast-enterprise-operator#step-4-hazelcast-enterprise-cluster-and-management-center-installation). 52 | 53 | displayName: Hazelcast Enterprise Operator 54 | icon: 55 | - base64data: iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAYAAACtWK6eAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAFoNJREFUeNrsXb+PI7cVpuYAw0AKTxPgABeedEEKn1IESLezXVyttourlUpXK5UpAp2QKpWkv0DaLq5W2yXVznYGUnguRdrMNUYAN+MigIE0mac87vHmRj+GPx9pfoBwC3ul5Ud+3yM5It8bMEn87Fe/GTb/jJrXRfOCn9MDv1o0r7J5PcHP//nn32tGFA0nkU9+4NfqFp+CKp/P//g2FcYoO8Kpwhdw2v3jT5+VhDlxHnychkc4lQKnSubvDXoKCDp82rxusMP7AsS1a17rRlglEVMAjzkKKZXktEVOFRER5ThGY8mPAB53zWvVCKsmwmmMnHLJjwC9rRs+W+0GEYxxKymiLoBRZq5EJRhjrPFjt8ipdiQiiKZLBRF1mR9E9dqx2TeSAfmQ+RfnGmVwhpB0N7CNRSOo15bNMUVzpAY+HkQ1aTjtLAvpNXIyARDVtc2lFy4PNzizmwAsjSenll6DE0Iy2entxl6bjrw4Ey41zxqHsGr4zCwJ6fHIWlwnJn2XKAoz4b3BoCwGMzB+0dsgjZg2loQkrhEvTZkEzWFLSM9LrobPJAAhvcepEZRpTo+GZvfexh8QMYdRkzgyh1GT4NOcby0LyahJHJnjqEmSA8sqF+ZgKOBHA5+7cWQOwBgDju5l1b0jIe054VMl3YZ/dMhpgwY9bBDckM+ZWwybdiw1b8hHjjmN8TsWXVg6NPxRQSnApeE5HjH4fGgQXIZsGA1M0ayq5shQTBSwwT5WjbQjhzN818ysY/Z4TcDwDA26OTSDTC1v9s6JkiQGUGPnL4n0i7bZvhH3VMPSak6I0wi/e3lnEIxst4wWYKklHSlxBsqJcRrjrCYrpjGxIAaYt5clfd/P6GHenkGmBNZ/Xbh19F4rnR+ImFLZPR7OHmOCnHI+i3CD3BAV0xAPRcrsPUZEOcmKaURw9lANRlTH6NkTCQowI9zQUWAdn0o+0boizGmIs4GUCCnrLiEuJllhXATIKSfOqZeOcN8yJMwnhWVW4oGYhgGKadhTTBnxWR7wysK4Wh+nxIeG9vlOBJ/IpYGZPvNATH3bmHvA6VXigZhszDguTJ8Fxqmv4D/xwfSJJ6LPWHjowykNkL8XgSwaJCIiAIPUcagiokEOowyw73/qpq+iQWLHH0TPrC5FgEHsrQ9BLAmt86mk3tFs4jpATj6M05vEg+VLJXEFtwjF8ADMJkLdJG8CG6P9OIFBnog3UqYjqXN6sNQPNrHrafrKg1mk4EusOjAx7QI0/QNhPpVkzizK4wTpSusEly9UG1rJJGDDDTDVpeNOcp+0IxzI7iy/z1pg5k+x1oF1PGVOUu3CHLlUA9lWklNJdOlY8RRAiRBxqXU+CGIl++aG05bgGlc1G/yC4Cyylc2cLnCihuc2id+DzIg1UkcS6BnVjpeMuBWxmbFW7WNM+0kpOJdiArlEiLgVITcXOAMoAfcvVDp/paOWCGZap7K/mmgqjzAhNDO+lzEyaQnqNYE14T6hsGbCrgVVak5kTUFQsLTSEnzQZBMC5pi1n8Z1HTW5digo6CituXnxs1wKCmbmS50fiIPoUlCl7ty8aLaJY8N/sOdNDgjq0oFJuDm0/138zEsHJtnPhiYy1jsUVKnb8AKnraNl/sFk3MmRqGvTJMbM0WGSyqKQfmGSEwrKpvHBlJcmy7LhHsum8VfHZsNzKkxBqsupwQYWzELxHIGP6cpF+05n/6+cZYUTJnWA5M8mb+ktbJZiM1B6rSsoT07to86tUQiN1Z1RfP+IUMfTKkmjjJCTzgGA2WniqvItJoHWWUeSB7CZi8q3mBpobiBAb5HTyQDWt8rtGAdgqCiifQVVCiWhkdNc0SgVzhhb13xQVDoKrhY4axQEOGVMrRKxaIy7PpwGkqLiNdKvzjRLhR3+YLu4ZQ9OOfLJz+TEj0ncUSlp3SGskcApO9MUcAZpp/jtuEnzi5xOmaVGTk+4Ee8dkAcaxcVwEDJsGBdNSWGmUOA0xIF45uRqCaVBXNz4uRC44FW7WEJpmlkyHJ+hELhgrCqKJo+IiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiPAbuo6aHCrIWHmSK7eLU8a6zy95y+nzP77lx2baKE3e8XDBSdchy4GCeODQGBQAzdnpQ2PQWDgwtqN6sE/gxA/CHQM/l/XA5BPB2RLPDQavczgV7N1hxZooJ1F3pw6VVpyT7P35vsfdoVG3TO2yEQhrTeFoOHIao4hyhY+BQVhQOcTYiAg4qR7hh/G5I3LcXccRfp54b9HnEOO5F6agozdMb2VSaOTM1fF3Q5fACuRUemyMNmB8Zq5Oxhq6BLZCo6hfmGqENEUhmcI++YDlK7cmbqmJWGAKJZsR9p6ZK61co0m2FjkNMSibukYMhp+cmiEHJ4Rk+u62uOyamI68yOmR2amwCh1v/K49CumR2amEu9Wd7ufITLi0xGnWle7nqEEsC0mMUsYym+AtSFtCEo1/acokls1hxSRojo3lldxBTgMi5jBqEuT0L+am3rgRkzgyh1GTODLH876k4fRB9suuvFhL5q7I+34tjYLWvaxKHXEa4v5Ap5Ayx5zGTRuWBgzvyhyAKRr0sEFwQz5mbpFp7qi5Q8Nz5E3f6ty0bxyaQxTUSJM5eBBzjSUGnw8Ngo9y54wGRpi3SnX2yJnZp1W9jIr7IFUxAZ+cCKcNiltZmAQMz1cwm0MzyJxII8VOo/AZZDgJidSoIFUNQJhBcUyIUy4utRJh9hgTE1OG33LLzh5jAkurrqWWSvSfEgtigFvFWWTO6GHenkEoNlK1XTdEOd06ei+5WQTX+zlBThnfX3GDjIiKKZNZt+OMmBPlNJJ5SofTfkqU001Ahn+PU4Kb4ZR6Q/uKkNGGTPuuCPPJ8DFtSOP0PINcEBdTHpiYmGSf5yGNk5A2lCzgAUJCcCPbxjCKaS+mNDDTU9fdfpwSD8TE+jz5wf0HdWSGf98HTj4Y5FXCwoMPYupr5NwDSn0F/4kHnFJfDDKMRg4OXoypLwZJWURENMhB1HGoIqJBDqMMsO+rn7j2Sl8MUkfh2UfPVEGFB5T6tvEHH7SU+ODkPul0UHjUTV8GaPracB+4wFswyFOAU3EZEidMuUPd9E8BGqRIPJi+Zdr3EJiYALuQxglNT9kkUPm3SHD5Qjk63QUopl1gpq8ky0g/UB8j/hRrS7XjZTKc4D6E6sy4lclwgrllqe5F1rJ9QT0wJ4oETWPh6L0UxSQ7m9rYnEsJHZdZFE1S8oyLiRBxqTW0UklwjUtHarOIanb7FcHl8FoxEzzFQPacHytp/UdKnT/RSZRIpFVqDwqREqcKTavCSfkzdD9sEPP1JkLErTWJUgdWOkoJYLSmEqEWOuqIYAJpKg8hJprqiCyI7K8+8EDSEtSOgJu1ihqzrLteasHGXGe/TggIaqGrdgia7JrACmbSLvOQdAhq5nA/wnPz6u6oa+bumXupe1lEQFCQm/e1Zk6l4xXMpKsKVXIg6k4cmKQyZA6+fLx0YBJj2d1RUJcOTGIsuzsKdOLIHJ16T46IyqZJYLB/bbI+iGASW8utLTNY+qBlElvGX5iuD4JC/bUl49fHzAE4p8IUpD8xmSx5hcs6a8BE0nODnb7QvOc4CiEl6dSwkHYWOWVMf9m/dlCenDoBcG6NQhgAyCs71tjAgjksfIkJ6ZaaB2Bfz89V1VvMcwuiynQGMHZmPT9DnMZMb91F4LE+dw/Vt8ptho1VSTYHIlpTqQirqXLvFjmROHyHolKp3Mu/HV+7Kt5pwCjAA04irPqYfaAgLF5TfMiOX8Cv2Lua4gXVmuI4S4o1uLMT0zO8eO13qjXFM4HT8AxOELSebC6lJDgNW5zSE6uU/RhJHqaUN8iB2UUcgJpKRNXIqaJq8J4CE0VVulo+aV5aspA4RURERERERERERERERERERERERERERERERERERERE0ITyURPhOEbXuZiCeXjkROCUd/xv4OTdkRM8vczHSQQcydifLaN6puwIpxw11+ZU4UuZ00CyYfygYs7OO11Zo7DgwCLJw30Np7HAKT2TExzqe8C7/NT48MOXV+z8k8qVwKkgGrhE7Z0DfgjzTiZQDyREpHo2nwtr4ToKo4jgktEtU7sQBjz2R6ldm1+4kjBW/KgKx2hLZKZQvZLAZ/9ed5DOvTAFDVsyvRdx9hdXMOuIi06fopBSzZxmLkSFZjdxqxCMMnExoyCnjQZjdBllds6MMjijgbpvEnZNgRNb+xSMsCavcjKcISe2ZhPcX9wzs4VBrV6NtnDVm6FJVlIGQSHdMzvVSGsU1M6CkB6ZnaKgEHmvTRsfl70bS7o1lqWlxWnJzN2vb2OLCUrON4hlIYmYmFqeOOLE83yVAZjDikkaThvDK5ZeJhkcWFZ9y9zV8b7Uvd51aHhjJnFkDqMmsTxznGWSrrxYj8xtkft7XN7p3Oi5MgfDv7vBdug0/MbhGGn/+2j4qUNOY0wHddgg+AtD5hYp7n20Gc6hOURBzTUa/p65xwifBOp6cLIkwGmOj5Q/NAhGpTmjgWGXmyWjUk6E07Td+bKD6HiGbwtKR1tMP63q25bOGWTJaOFWw7JkTozTRtHwmeNlSNdsP1fklBMKYoBMDM4J0Ubyzp8qdPyYUKQVO38ckOH52j0LjNNtewa5YTRxG1jHS/c1zqbjkMaJaGDeB2ceyBLiHZ/iN6p9O/5UFkGXyCUj7ojRxdhmsLCEKz6DUO7454YG1PGyYr8izCeVfABBWXvwlC4Fg1wQF5NMxw+Jc7oITEy9xwln+ZQ6p4TwUkTc2KYWTGUTQwkxscBM7wOnYeKBmHp1pidiygz/fuSkB68SFh5SHxrZ08ghmv4zH7Tki0HyaOTg4MMMwhIWERHhvUGqOFQR0SA/LYP0uR8SYrWkJ18M4oP4akPCc4ael4184FSEGMS8MEif23goPOoRtzT8+z7M8j4Y6m3iwVRXWHoPWU5oeuqB7ClA0xdgkB3xRj5Yeg/19fcuQNNTNsk+ZW6CyxfK0WkXmJhqyfRGlE1fSmbJvCPMacs36ZQbWsh0PEanLeWOl+BUEA5ka4W+oLpfvBMNsiLa0IUqwYDEpNofxjbnsrnMMJBRnO0L/mAoERq6JthI6c02vpda569UEnajEKnNIqqmnREMzs8pVhOh818T6/yZps+g0vm1phlgQiyIKS1lMThTmhlX4tcK7W/Sr6lEJR2ZCDFaz4hw0pLMGmfGFRHDazErJpAuCHCq2mZNWg0tCUSonc6SCBjhtgQMv9PICUzv+hHpTHN9l2vHsz387et2EEuICcqIQTHnqitOW0M1UC4dmkR7knEU5qVDk3Rm4k8ICcpo1nBHnI6m1tckqNJ3c7RWMLZNwmeOziXei0Pv+u/33z189PNP3zI7yQJASF80f/NHk38EOcFFpd9aWlbNDPP5seHzdfPjL/FlWkhfma6e1XD6N3LKm9dLC3uOL449LX1xorFl09gHFNRLQ53+ZdPAP9sKFw2nvzWc3jQ//q55fWyo069tlWEDkzSvrxtOP+A4meBUnBKSZk41muRjg8Fsh5yO7qPOLuJpoKbfFjd6TtacGgt4imaH75JWDjllTE8BT9HsTgt54t39JdN37bpE3Z1l9oGEqEYoqqFkh9/hkqpiBCAYBZLNZZKc1sipJsIpwzEaS5ofRLSmUOFW4JTjGI0kOe2QU69ZcKA4CNDYVyis/EBHg4BgSbOzVahTMVoBjwvkNDyw3AAjwIncwgNOeYtTdoBTJXCqiHMa4dgc4sRPCpcCpxBvZUZERERERERERERERERERERERERERERERERERERERERERNDBQOXNeNCPn1/6hL1/dqlqXm/xX/LnewROGfIYdnCCsz0/4L+lR5w4H+D2GXv/7BLP8lggp9ojTqA70OAr9u4AI7T/Df5bqh7RH0gKCA6L3bB+J3pBTHCi8o7aAT/h9OuI9TvRCzzgvsyWmlkUTr8CJ37iuibGCbhcSXAC3T3InE4e9BSRrrsG4OqFrQs4J0Q0Z3ruGmyRUxUIJ57UbebaKA2nMXLKNHDqdWdncGYDX2MDdQMGYGJ7AHBpuGT6LhaJWKFRbHMC8WyY/nqONfJZOTL7humvZ1ih8XdKBsFOv2dmq6zWaJKdpU4HLo/MbBFNGIBrW0tJjLBLw5wK1pEWxyAnU0G5PesfnSEHjoUkYmL6BhsKaWOJjxXjN5zAGFOLnC5NGh9n9w2zkyyE77kOZtMZEDEHx8JQDinb5rBi/IbTxtAy0YlJ0ByPzH5d+IMmSQiZAzBHIYdiDsAG+9TEzDF2wGcvYlx+a+8rB+Zg+Dcf0aCHDYK/cM/cFrnf4OZM555jydxCq6DwcefUIZ+9TroEpbjnGDnk1KmTpMPBGXOPjcbO3zg2PBfURpOQtH2WBkHNNXHKLWzIz8EYg8+HBsFGjhgNZDo6DKPSkAinXNPykYLhOaaalo8bRgfvBeeEaCN552cK5gCSt8Q4zRUNTymIcSwVOY2JrFrE2X76nkEINlKHoKaEIu3zzKg4i9wSHKNccc84J8jpls8ifAa5YTQxUtiL3BLlJCUI4QwcRdxIcup79s3mLLIPZAl2fE6041MZUWDHp0Q5ZZLrdqrmUGnbFWFON3wGyRltyHTiBXFOo8DElLaf/gRg+iFMHokHYsotvccmLgLk1GtWxFk0pa69hNF5DHosOmUmB8sDMVE3h4zpfeCU+WAQ1mcjZ+JYh6G9lcnfJz1GHnG6SJgfSAPr+L6zwjBAg7zyYZx8MciQRYSGNBokIsJz+GKQMg5VcKijQX5inWnQ9FWAY/TGF4P40Plnt9F1ppQe7awDM0hp2FBOOCUeLF9qiVQ61AVVGBafDwbxgdMbMMhTYGKSfY9N9OpznG3KwDj5MNMXYJBdSB2PeCDOaReg6QtL/WBtWQ8rlwSXL5Sj01Zifb8jvMatJDOC3FE2vGS+LMqB7I5v0gFrquZQSFS2o9zxEqYvCc8ia0lOW8KBbPtsEGxoFYqYEAuKDxzY/1OThsRJNYM6xeD8nIw8Idz5W5WOR4IrYpzWKqk7sT+ozSIzxfeviAXnWvRC0pruCkKNnGn4nAWhzi81ZY2cERLTTvVpFAYMSpzW4tcK7W/SJ0TWhFoyvuNnTIgYXks7cC9CQVCVRk47JvEwxgCKdhBLOpYl144budKZ8BkjnGtBzXTmssVSBFvHhted6R3GqHRs+A+0/6L9H/77/XfVRz//FEqnubgvDPuOr3R/aMPpm4ZTxtwcmzeSvLrh9OCQ05e6v+hr+PzY8Pm6+fF3zeulA8N/0XVi48WBxpYOTALmMLYcQkHBHYTf+m4OhybhQvqrIT4uTFIhp87Z68WRxoJJ4Iuc3zevjy0sQf5guicaTn9D4+eGOdUYZf9igROYZMDM3/HmQvrGMB9ukpcWjA+z4OWxs34nS7AZLmhSYpS1uvY0WK6Md/rEdq1Cg+XK9vtC5qas3IiZyUW8r1V4zlPFQc8B0FXwssIOd/rkQmNxSG72GYHCpDDot5pEVeh+wCDBh+fK1cVpy3oUW5UpAw0GkSkvDJAux2shUt1IzJK8EuwdtdOpaP4rBU5rSuW60Shj1r/8OA/IvLR1r5l9oNjoHBv76kAU5kXd9+eIfChSj5xy9n5x+nZnv0U+hQd8UuQzPMKpFDiVHnDKkBP8e3FkRn+DnKSXu/8TYADMMge34HbU5gAAAABJRU5ErkJggg== 56 | mediatype: image/png 57 | install: 58 | spec: 59 | clusterPermissions: 60 | - rules: 61 | - apiGroups: 62 | - "" 63 | resources: 64 | - pods 65 | - services 66 | - services/finalizers 67 | - endpoints 68 | - persistentvolumeclaims 69 | - events 70 | - configmaps 71 | - secrets 72 | - serviceaccounts 73 | verbs: 74 | - create 75 | - delete 76 | - get 77 | - list 78 | - patch 79 | - update 80 | - watch 81 | - apiGroups: 82 | - "" 83 | - "networking.k8s.io" 84 | resources: 85 | - ingresses 86 | verbs: 87 | - '*' 88 | - apiGroups: 89 | - rbac.authorization.k8s.io 90 | resources: 91 | - roles 92 | - rolebindings 93 | - clusterroles 94 | - clusterrolebindings 95 | verbs: 96 | - '*' 97 | - apiGroups: 98 | - apps 99 | resources: 100 | - deployments 101 | - daemonsets 102 | - replicasets 103 | - statefulsets 104 | verbs: 105 | - create 106 | - delete 107 | - get 108 | - list 109 | - patch 110 | - update 111 | - watch 112 | - apiGroups: 113 | - "" 114 | resources: 115 | - namespaces 116 | verbs: 117 | - get 118 | - apiGroups: 119 | - "" 120 | resources: 121 | - configmaps 122 | - secrets 123 | verbs: 124 | - "*" 125 | - apiGroups: 126 | - monitoring.coreos.com 127 | resources: 128 | - servicemonitors 129 | verbs: 130 | - get 131 | - create 132 | - apiGroups: 133 | - apps 134 | resourceNames: 135 | - hazelcast-enterprise-operator 136 | resources: 137 | - deployments/finalizers 138 | verbs: 139 | - update 140 | - apiGroups: 141 | - apps 142 | resources: 143 | - replicasets 144 | - deployments 145 | verbs: 146 | - get 147 | - apiGroups: 148 | - hazelcast.com 149 | resources: 150 | - "*" 151 | verbs: 152 | - create 153 | - delete 154 | - get 155 | - list 156 | - patch 157 | - update 158 | - watch 159 | serviceAccountName: hazelcast-enterprise-operator 160 | deployments: 161 | - name: hazelcast-enterprise-operator 162 | spec: 163 | replicas: 1 164 | selector: 165 | matchLabels: 166 | name: hazelcast-enterprise-operator 167 | strategy: {} 168 | template: 169 | metadata: 170 | labels: 171 | name: hazelcast-enterprise-operator 172 | spec: 173 | containers: 174 | - env: 175 | - name: WATCH_NAMESPACE 176 | valueFrom: 177 | fieldRef: 178 | fieldPath: metadata.annotations['olm.targetNamespaces'] 179 | - name: POD_NAME 180 | valueFrom: 181 | fieldRef: 182 | fieldPath: metadata.name 183 | - name: OPERATOR_NAME 184 | value: hazelcast-enterprise-operator 185 | - name: RELATED_IMAGE_HAZELCAST 186 | value: hazelcast/hazelcast-enterprise:HAZELCAST_IMAGE_VERSION 187 | - name: RELATED_IMAGE_MANCENTER 188 | value: hazelcast/management-center:MANCENTER_IMAGE_VERSION 189 | image: hazelcast/hazelcast-enterprise-operator:OPERATOR_VERSION 190 | imagePullPolicy: Always 191 | name: hazelcast-enterprise-operator 192 | resources: {} 193 | serviceAccountName: hazelcast-enterprise-operator 194 | serviceAccountName: hazelcast-enterprise-operator 195 | strategy: deployment 196 | installModes: 197 | - supported: true 198 | type: OwnNamespace 199 | - supported: true 200 | type: SingleNamespace 201 | - supported: false 202 | type: MultiNamespace 203 | - supported: false 204 | type: AllNamespaces 205 | replaces: hazelcast-enterprise-operator.vPREVIOUS_OPERATOR_VERSION 206 | maturity: beta 207 | version: OPERATOR_VERSION 208 | keywords: 209 | - hazelcast 210 | - keyvalue 211 | - in-memory 212 | - database 213 | - caching 214 | links: 215 | - name: Hazelcast Operator Deploy Guide 216 | url: https://github.com/hazelcast/hazelcast-operator 217 | - name: Hazelcast Documentation 218 | url: https://docs.hazelcast.org/ 219 | maintainers: 220 | - name: leszko 221 | email: rafal@hazelcast.com 222 | - name: hasancelik 223 | email: hasan@hazelcast.com 224 | provider: 225 | name: Hazelcast, Inc -------------------------------------------------------------------------------- /.github/operator-release-files/operatorhub-bundle/hazelcast-operator.package-template.yaml: -------------------------------------------------------------------------------- 1 | channels: 2 | - currentCSV: hazelcast-operator.vOPERATOR_VERSION 3 | name: alpha 4 | defaultChannel: alpha 5 | packageName: hazelcast-operator 6 | -------------------------------------------------------------------------------- /.github/operator-release-files/operatorhub-bundle/hazelcast-operator.vOPERATOR_VERSION.clusterserviceversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: ClusterServiceVersion 3 | metadata: 4 | annotations: 5 | alm-examples: |- 6 | [{ 7 | "apiVersion": "hazelcast.com/v1alpha1", 8 | "kind": "Hazelcast", 9 | "metadata": { 10 | "name": "hz" 11 | }, 12 | "spec": { 13 | "securityContext": { 14 | "runAsUser": "", 15 | "runAsGroup": "", 16 | "fsGroup": "" 17 | } 18 | } 19 | }] 20 | capabilities: Seamless Upgrades 21 | categories: Database 22 | certified: "false" 23 | containerImage: hazelcast/hazelcast-operator:OPERATOR_VERSION 24 | createdAt: RELEASE_DATE 25 | description: Install Hazelcast cluster. 26 | repository: https://github.com/hazelcast/hazelcast-operator 27 | support: Hazelcast, Inc 28 | name: hazelcast-operator.vOPERATOR_VERSION 29 | namespace: placeholder 30 | spec: 31 | customresourcedefinitions: 32 | owned: 33 | - description: Hazelcast cluster. 34 | displayName: Hazelcast 35 | group: hazelcast.com 36 | kind: Hazelcast 37 | name: hazelcasts.hazelcast.com 38 | version: v1alpha1 39 | description: | 40 | Hazelcast IMDG is the most widely used in-memory data grid with hundreds of thousands of installed clusters around the world. It offers caching solutions ensuring that data is in the right place when it’s needed for optimal performance. 41 | 42 | ### Installation Guide & Configuration 43 | 44 | For the complete installation guide and all configuration options please refer to [Hazelcast Operator Documentation](https://github.com/hazelcast/hazelcast-operator). 45 | 46 | displayName: Hazelcast Operator 47 | icon: 48 | - base64data: iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAYAAACtWK6eAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAFoNJREFUeNrsXb+PI7cVpuYAw0AKTxPgABeedEEKn1IESLezXVyttourlUpXK5UpAp2QKpWkv0DaLq5W2yXVznYGUnguRdrMNUYAN+MigIE0mac87vHmRj+GPx9pfoBwC3ul5Ud+3yM5It8bMEn87Fe/GTb/jJrXRfOCn9MDv1o0r7J5PcHP//nn32tGFA0nkU9+4NfqFp+CKp/P//g2FcYoO8Kpwhdw2v3jT5+VhDlxHnychkc4lQKnSubvDXoKCDp82rxusMP7AsS1a17rRlglEVMAjzkKKZXktEVOFRER5ThGY8mPAB53zWvVCKsmwmmMnHLJjwC9rRs+W+0GEYxxKymiLoBRZq5EJRhjrPFjt8ipdiQiiKZLBRF1mR9E9dqx2TeSAfmQ+RfnGmVwhpB0N7CNRSOo15bNMUVzpAY+HkQ1aTjtLAvpNXIyARDVtc2lFy4PNzizmwAsjSenll6DE0Iy2entxl6bjrw4Ey41zxqHsGr4zCwJ6fHIWlwnJn2XKAoz4b3BoCwGMzB+0dsgjZg2loQkrhEvTZkEzWFLSM9LrobPJAAhvcepEZRpTo+GZvfexh8QMYdRkzgyh1GT4NOcby0LyahJHJnjqEmSA8sqF+ZgKOBHA5+7cWQOwBgDju5l1b0jIe054VMl3YZ/dMhpgwY9bBDckM+ZWwybdiw1b8hHjjmN8TsWXVg6NPxRQSnApeE5HjH4fGgQXIZsGA1M0ayq5shQTBSwwT5WjbQjhzN818ysY/Z4TcDwDA26OTSDTC1v9s6JkiQGUGPnL4n0i7bZvhH3VMPSak6I0wi/e3lnEIxst4wWYKklHSlxBsqJcRrjrCYrpjGxIAaYt5clfd/P6GHenkGmBNZ/Xbh19F4rnR+ImFLZPR7OHmOCnHI+i3CD3BAV0xAPRcrsPUZEOcmKaURw9lANRlTH6NkTCQowI9zQUWAdn0o+0boizGmIs4GUCCnrLiEuJllhXATIKSfOqZeOcN8yJMwnhWVW4oGYhgGKadhTTBnxWR7wysK4Wh+nxIeG9vlOBJ/IpYGZPvNATH3bmHvA6VXigZhszDguTJ8Fxqmv4D/xwfSJJ6LPWHjowykNkL8XgSwaJCIiAIPUcagiokEOowyw73/qpq+iQWLHH0TPrC5FgEHsrQ9BLAmt86mk3tFs4jpATj6M05vEg+VLJXEFtwjF8ADMJkLdJG8CG6P9OIFBnog3UqYjqXN6sNQPNrHrafrKg1mk4EusOjAx7QI0/QNhPpVkzizK4wTpSusEly9UG1rJJGDDDTDVpeNOcp+0IxzI7iy/z1pg5k+x1oF1PGVOUu3CHLlUA9lWklNJdOlY8RRAiRBxqXU+CGIl++aG05bgGlc1G/yC4Cyylc2cLnCihuc2id+DzIg1UkcS6BnVjpeMuBWxmbFW7WNM+0kpOJdiArlEiLgVITcXOAMoAfcvVDp/paOWCGZap7K/mmgqjzAhNDO+lzEyaQnqNYE14T6hsGbCrgVVak5kTUFQsLTSEnzQZBMC5pi1n8Z1HTW5digo6CituXnxs1wKCmbmS50fiIPoUlCl7ty8aLaJY8N/sOdNDgjq0oFJuDm0/138zEsHJtnPhiYy1jsUVKnb8AKnraNl/sFk3MmRqGvTJMbM0WGSyqKQfmGSEwrKpvHBlJcmy7LhHsum8VfHZsNzKkxBqsupwQYWzELxHIGP6cpF+05n/6+cZYUTJnWA5M8mb+ktbJZiM1B6rSsoT07to86tUQiN1Z1RfP+IUMfTKkmjjJCTzgGA2WniqvItJoHWWUeSB7CZi8q3mBpobiBAb5HTyQDWt8rtGAdgqCiifQVVCiWhkdNc0SgVzhhb13xQVDoKrhY4axQEOGVMrRKxaIy7PpwGkqLiNdKvzjRLhR3+YLu4ZQ9OOfLJz+TEj0ncUSlp3SGskcApO9MUcAZpp/jtuEnzi5xOmaVGTk+4Ee8dkAcaxcVwEDJsGBdNSWGmUOA0xIF45uRqCaVBXNz4uRC44FW7WEJpmlkyHJ+hELhgrCqKJo+IiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiPAbuo6aHCrIWHmSK7eLU8a6zy95y+nzP77lx2baKE3e8XDBSdchy4GCeODQGBQAzdnpQ2PQWDgwtqN6sE/gxA/CHQM/l/XA5BPB2RLPDQavczgV7N1hxZooJ1F3pw6VVpyT7P35vsfdoVG3TO2yEQhrTeFoOHIao4hyhY+BQVhQOcTYiAg4qR7hh/G5I3LcXccRfp54b9HnEOO5F6agozdMb2VSaOTM1fF3Q5fACuRUemyMNmB8Zq5Oxhq6BLZCo6hfmGqENEUhmcI++YDlK7cmbqmJWGAKJZsR9p6ZK61co0m2FjkNMSibukYMhp+cmiEHJ4Rk+u62uOyamI68yOmR2amwCh1v/K49CumR2amEu9Wd7ufITLi0xGnWle7nqEEsC0mMUsYym+AtSFtCEo1/acokls1hxSRojo3lldxBTgMi5jBqEuT0L+am3rgRkzgyh1GTODLH876k4fRB9suuvFhL5q7I+34tjYLWvaxKHXEa4v5Ap5Ayx5zGTRuWBgzvyhyAKRr0sEFwQz5mbpFp7qi5Q8Nz5E3f6ty0bxyaQxTUSJM5eBBzjSUGnw8Ngo9y54wGRpi3SnX2yJnZp1W9jIr7IFUxAZ+cCKcNiltZmAQMz1cwm0MzyJxII8VOo/AZZDgJidSoIFUNQJhBcUyIUy4utRJh9hgTE1OG33LLzh5jAkurrqWWSvSfEgtigFvFWWTO6GHenkEoNlK1XTdEOd06ei+5WQTX+zlBThnfX3GDjIiKKZNZt+OMmBPlNJJ5SofTfkqU001Ahn+PU4Kb4ZR6Q/uKkNGGTPuuCPPJ8DFtSOP0PINcEBdTHpiYmGSf5yGNk5A2lCzgAUJCcCPbxjCKaS+mNDDTU9fdfpwSD8TE+jz5wf0HdWSGf98HTj4Y5FXCwoMPYupr5NwDSn0F/4kHnFJfDDKMRg4OXoypLwZJWURENMhB1HGoIqJBDqMMsO+rn7j2Sl8MUkfh2UfPVEGFB5T6tvEHH7SU+ODkPul0UHjUTV8GaPracB+4wFswyFOAU3EZEidMuUPd9E8BGqRIPJi+Zdr3EJiYALuQxglNT9kkUPm3SHD5Qjk63QUopl1gpq8ky0g/UB8j/hRrS7XjZTKc4D6E6sy4lclwgrllqe5F1rJ9QT0wJ4oETWPh6L0UxSQ7m9rYnEsJHZdZFE1S8oyLiRBxqTW0UklwjUtHarOIanb7FcHl8FoxEzzFQPacHytp/UdKnT/RSZRIpFVqDwqREqcKTavCSfkzdD9sEPP1JkLErTWJUgdWOkoJYLSmEqEWOuqIYAJpKg8hJprqiCyI7K8+8EDSEtSOgJu1ihqzrLteasHGXGe/TggIaqGrdgia7JrACmbSLvOQdAhq5nA/wnPz6u6oa+bumXupe1lEQFCQm/e1Zk6l4xXMpKsKVXIg6k4cmKQyZA6+fLx0YBJj2d1RUJcOTGIsuzsKdOLIHJ16T46IyqZJYLB/bbI+iGASW8utLTNY+qBlElvGX5iuD4JC/bUl49fHzAE4p8IUpD8xmSx5hcs6a8BE0nODnb7QvOc4CiEl6dSwkHYWOWVMf9m/dlCenDoBcG6NQhgAyCs71tjAgjksfIkJ6ZaaB2Bfz89V1VvMcwuiynQGMHZmPT9DnMZMb91F4LE+dw/Vt8ptho1VSTYHIlpTqQirqXLvFjmROHyHolKp3Mu/HV+7Kt5pwCjAA04irPqYfaAgLF5TfMiOX8Cv2Lua4gXVmuI4S4o1uLMT0zO8eO13qjXFM4HT8AxOELSebC6lJDgNW5zSE6uU/RhJHqaUN8iB2UUcgJpKRNXIqaJq8J4CE0VVulo+aV5aspA4RURERERERERERERERERERERERERERERERERERERE0ITyURPhOEbXuZiCeXjkROCUd/xv4OTdkRM8vczHSQQcydifLaN6puwIpxw11+ZU4UuZ00CyYfygYs7OO11Zo7DgwCLJw30Np7HAKT2TExzqe8C7/NT48MOXV+z8k8qVwKkgGrhE7Z0DfgjzTiZQDyREpHo2nwtr4ToKo4jgktEtU7sQBjz2R6ldm1+4kjBW/KgKx2hLZKZQvZLAZ/9ed5DOvTAFDVsyvRdx9hdXMOuIi06fopBSzZxmLkSFZjdxqxCMMnExoyCnjQZjdBllds6MMjijgbpvEnZNgRNb+xSMsCavcjKcISe2ZhPcX9wzs4VBrV6NtnDVm6FJVlIGQSHdMzvVSGsU1M6CkB6ZnaKgEHmvTRsfl70bS7o1lqWlxWnJzN2vb2OLCUrON4hlIYmYmFqeOOLE83yVAZjDikkaThvDK5ZeJhkcWFZ9y9zV8b7Uvd51aHhjJnFkDqMmsTxznGWSrrxYj8xtkft7XN7p3Oi5MgfDv7vBdug0/MbhGGn/+2j4qUNOY0wHddgg+AtD5hYp7n20Gc6hOURBzTUa/p65xwifBOp6cLIkwGmOj5Q/NAhGpTmjgWGXmyWjUk6E07Td+bKD6HiGbwtKR1tMP63q25bOGWTJaOFWw7JkTozTRtHwmeNlSNdsP1fklBMKYoBMDM4J0Ubyzp8qdPyYUKQVO38ckOH52j0LjNNtewa5YTRxG1jHS/c1zqbjkMaJaGDeB2ceyBLiHZ/iN6p9O/5UFkGXyCUj7ojRxdhmsLCEKz6DUO7454YG1PGyYr8izCeVfABBWXvwlC4Fg1wQF5NMxw+Jc7oITEy9xwln+ZQ6p4TwUkTc2KYWTGUTQwkxscBM7wOnYeKBmHp1pidiygz/fuSkB68SFh5SHxrZ08ghmv4zH7Tki0HyaOTg4MMMwhIWERHhvUGqOFQR0SA/LYP0uR8SYrWkJ18M4oP4akPCc4ael4184FSEGMS8MEif23goPOoRtzT8+z7M8j4Y6m3iwVRXWHoPWU5oeuqB7ClA0xdgkB3xRj5Yeg/19fcuQNNTNsk+ZW6CyxfK0WkXmJhqyfRGlE1fSmbJvCPMacs36ZQbWsh0PEanLeWOl+BUEA5ka4W+oLpfvBMNsiLa0IUqwYDEpNofxjbnsrnMMJBRnO0L/mAoERq6JthI6c02vpda569UEnajEKnNIqqmnREMzs8pVhOh818T6/yZps+g0vm1phlgQiyIKS1lMThTmhlX4tcK7W/Sr6lEJR2ZCDFaz4hw0pLMGmfGFRHDazErJpAuCHCq2mZNWg0tCUSonc6SCBjhtgQMv9PICUzv+hHpTHN9l2vHsz387et2EEuICcqIQTHnqitOW0M1UC4dmkR7knEU5qVDk3Rm4k8ICcpo1nBHnI6m1tckqNJ3c7RWMLZNwmeOziXei0Pv+u/33z189PNP3zI7yQJASF80f/NHk38EOcFFpd9aWlbNDPP5seHzdfPjL/FlWkhfma6e1XD6N3LKm9dLC3uOL449LX1xorFl09gHFNRLQ53+ZdPAP9sKFw2nvzWc3jQ//q55fWyo069tlWEDkzSvrxtOP+A4meBUnBKSZk41muRjg8Fsh5yO7qPOLuJpoKbfFjd6TtacGgt4imaH75JWDjllTE8BT9HsTgt54t39JdN37bpE3Z1l9oGEqEYoqqFkh9/hkqpiBCAYBZLNZZKc1sipJsIpwzEaS5ofRLSmUOFW4JTjGI0kOe2QU69ZcKA4CNDYVyis/EBHg4BgSbOzVahTMVoBjwvkNDyw3AAjwIncwgNOeYtTdoBTJXCqiHMa4dgc4sRPCpcCpxBvZUZERERERERERERERERERERERERERERERERERERERERERNDBQOXNeNCPn1/6hL1/dqlqXm/xX/LnewROGfIYdnCCsz0/4L+lR5w4H+D2GXv/7BLP8lggp9ojTqA70OAr9u4AI7T/Df5bqh7RH0gKCA6L3bB+J3pBTHCi8o7aAT/h9OuI9TvRCzzgvsyWmlkUTr8CJ37iuibGCbhcSXAC3T3InE4e9BSRrrsG4OqFrQs4J0Q0Z3ruGmyRUxUIJ57UbebaKA2nMXLKNHDqdWdncGYDX2MDdQMGYGJ7AHBpuGT6LhaJWKFRbHMC8WyY/nqONfJZOTL7humvZ1ih8XdKBsFOv2dmq6zWaJKdpU4HLo/MbBFNGIBrW0tJjLBLw5wK1pEWxyAnU0G5PesfnSEHjoUkYmL6BhsKaWOJjxXjN5zAGFOLnC5NGh9n9w2zkyyE77kOZtMZEDEHx8JQDinb5rBi/IbTxtAy0YlJ0ByPzH5d+IMmSQiZAzBHIYdiDsAG+9TEzDF2wGcvYlx+a+8rB+Zg+Dcf0aCHDYK/cM/cFrnf4OZM555jydxCq6DwcefUIZ+9TroEpbjnGDnk1KmTpMPBGXOPjcbO3zg2PBfURpOQtH2WBkHNNXHKLWzIz8EYg8+HBsFGjhgNZDo6DKPSkAinXNPykYLhOaaalo8bRgfvBeeEaCN552cK5gCSt8Q4zRUNTymIcSwVOY2JrFrE2X76nkEINlKHoKaEIu3zzKg4i9wSHKNccc84J8jpls8ifAa5YTQxUtiL3BLlJCUI4QwcRdxIcup79s3mLLIPZAl2fE6041MZUWDHp0Q5ZZLrdqrmUGnbFWFON3wGyRltyHTiBXFOo8DElLaf/gRg+iFMHokHYsotvccmLgLk1GtWxFk0pa69hNF5DHosOmUmB8sDMVE3h4zpfeCU+WAQ1mcjZ+JYh6G9lcnfJz1GHnG6SJgfSAPr+L6zwjBAg7zyYZx8MciQRYSGNBokIsJz+GKQMg5VcKijQX5inWnQ9FWAY/TGF4P40Plnt9F1ppQe7awDM0hp2FBOOCUeLF9qiVQ61AVVGBafDwbxgdMbMMhTYGKSfY9N9OpznG3KwDj5MNMXYJBdSB2PeCDOaReg6QtL/WBtWQ8rlwSXL5Sj01Zifb8jvMatJDOC3FE2vGS+LMqB7I5v0gFrquZQSFS2o9zxEqYvCc8ia0lOW8KBbPtsEGxoFYqYEAuKDxzY/1OThsRJNYM6xeD8nIw8Idz5W5WOR4IrYpzWKqk7sT+ozSIzxfeviAXnWvRC0pruCkKNnGn4nAWhzi81ZY2cERLTTvVpFAYMSpzW4tcK7W/SJ0TWhFoyvuNnTIgYXks7cC9CQVCVRk47JvEwxgCKdhBLOpYl144budKZ8BkjnGtBzXTmssVSBFvHhted6R3GqHRs+A+0/6L9H/77/XfVRz//FEqnubgvDPuOr3R/aMPpm4ZTxtwcmzeSvLrh9OCQ05e6v+hr+PzY8Pm6+fF3zeulA8N/0XVi48WBxpYOTALmMLYcQkHBHYTf+m4OhybhQvqrIT4uTFIhp87Z68WRxoJJ4Iuc3zevjy0sQf5guicaTn9D4+eGOdUYZf9igROYZMDM3/HmQvrGMB9ukpcWjA+z4OWxs34nS7AZLmhSYpS1uvY0WK6Md/rEdq1Cg+XK9vtC5qas3IiZyUW8r1V4zlPFQc8B0FXwssIOd/rkQmNxSG72GYHCpDDot5pEVeh+wCDBh+fK1cVpy3oUW5UpAw0GkSkvDJAux2shUt1IzJK8EuwdtdOpaP4rBU5rSuW60Shj1r/8OA/IvLR1r5l9oNjoHBv76kAU5kXd9+eIfChSj5xy9n5x+nZnv0U+hQd8UuQzPMKpFDiVHnDKkBP8e3FkRn+DnKSXu/8TYADMMge34HbU5gAAAABJRU5ErkJggg== 49 | mediatype: image/png 50 | install: 51 | spec: 52 | clusterPermissions: 53 | - rules: 54 | - apiGroups: 55 | - "" 56 | resources: 57 | - pods 58 | - services 59 | - services/finalizers 60 | - endpoints 61 | - persistentvolumeclaims 62 | - events 63 | - configmaps 64 | - secrets 65 | - serviceaccounts 66 | verbs: 67 | - create 68 | - delete 69 | - get 70 | - list 71 | - patch 72 | - update 73 | - watch 74 | - apiGroups: 75 | - "" 76 | - "networking.k8s.io" 77 | resources: 78 | - ingresses 79 | verbs: 80 | - '*' 81 | - apiGroups: 82 | - rbac.authorization.k8s.io 83 | resources: 84 | - roles 85 | - rolebindings 86 | - clusterroles 87 | - clusterrolebindings 88 | verbs: 89 | - '*' 90 | - apiGroups: 91 | - apps 92 | resources: 93 | - deployments 94 | - daemonsets 95 | - replicasets 96 | - statefulsets 97 | verbs: 98 | - create 99 | - delete 100 | - get 101 | - list 102 | - patch 103 | - update 104 | - watch 105 | - apiGroups: 106 | - "" 107 | resources: 108 | - namespaces 109 | verbs: 110 | - get 111 | - apiGroups: 112 | - "" 113 | resources: 114 | - configmaps 115 | - secrets 116 | verbs: 117 | - "*" 118 | - apiGroups: 119 | - monitoring.coreos.com 120 | resources: 121 | - servicemonitors 122 | verbs: 123 | - get 124 | - create 125 | - apiGroups: 126 | - apps 127 | resourceNames: 128 | - hazelcast-operator 129 | resources: 130 | - deployments/finalizers 131 | verbs: 132 | - update 133 | - apiGroups: 134 | - apps 135 | resources: 136 | - replicasets 137 | - deployments 138 | verbs: 139 | - get 140 | - apiGroups: 141 | - hazelcast.com 142 | resources: 143 | - "*" 144 | verbs: 145 | - create 146 | - delete 147 | - get 148 | - list 149 | - patch 150 | - update 151 | - watch 152 | serviceAccountName: hazelcast-operator 153 | deployments: 154 | - name: hazelcast-operator 155 | spec: 156 | replicas: 1 157 | selector: 158 | matchLabels: 159 | name: hazelcast-operator 160 | strategy: {} 161 | template: 162 | metadata: 163 | labels: 164 | name: hazelcast-operator 165 | spec: 166 | containers: 167 | - env: 168 | - name: WATCH_NAMESPACE 169 | valueFrom: 170 | fieldRef: 171 | fieldPath: metadata.annotations['olm.targetNamespaces'] 172 | - name: POD_NAME 173 | valueFrom: 174 | fieldRef: 175 | fieldPath: metadata.name 176 | - name: OPERATOR_NAME 177 | value: hazelcast-operator 178 | - name: RELATED_IMAGE_HAZELCAST 179 | value: hazelcast/hazelcast:HAZELCAST_IMAGE_VERSION 180 | - name: RELATED_IMAGE_MANCENTER 181 | value: hazelcast/management-center:MANCENTER_IMAGE_VERSION 182 | image: hazelcast/hazelcast-operator:OPERATOR_VERSION 183 | imagePullPolicy: Always 184 | name: hazelcast-operator 185 | resources: {} 186 | serviceAccountName: hazelcast-operator 187 | serviceAccountName: hazelcast-operator 188 | strategy: deployment 189 | installModes: 190 | - supported: true 191 | type: OwnNamespace 192 | - supported: true 193 | type: SingleNamespace 194 | - supported: false 195 | type: MultiNamespace 196 | - supported: false 197 | type: AllNamespaces 198 | replaces: hazelcast-operator.vPREVIOUS_OPERATOR_VERSION 199 | maturity: beta 200 | version: OPERATOR_VERSION 201 | keywords: 202 | - hazelcast 203 | - keyvalue 204 | - in-memory 205 | - database 206 | - caching 207 | links: 208 | - name: Hazelcast Operator Deploy Guide 209 | url: https://github.com/hazelcast/hazelcast-operator 210 | - name: Hazelcast Documentation 211 | url: https://docs.hazelcast.org/ 212 | maintainers: 213 | - name: leszko 214 | email: rafal@hazelcast.com 215 | - name: hasancelik 216 | email: hasan@hazelcast.com 217 | provider: 218 | name: Hazelcast, Inc -------------------------------------------------------------------------------- /.github/operator-release-files/operatorhub-bundle/hazelcastenterprises.hazelcast.com.crd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: hazelcastenterprises.hazelcast.com 5 | spec: 6 | group: hazelcast.com 7 | names: 8 | kind: HazelcastEnterprise 9 | listKind: HazelcastEnterpriseList 10 | plural: hazelcastenterprises 11 | singular: hazelcastenterprise 12 | scope: Namespaced 13 | versions: 14 | - name: v1alpha1 15 | served: true 16 | storage: true 17 | schema: 18 | openAPIV3Schema: 19 | type: object 20 | x-kubernetes-preserve-unknown-fields: true 21 | subresources: 22 | status: {} 23 | -------------------------------------------------------------------------------- /.github/operator-release-files/operatorhub-bundle/hazelcasts.hazelcast.com.crd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: hazelcasts.hazelcast.com 5 | spec: 6 | group: hazelcast.com 7 | names: 8 | kind: Hazelcast 9 | listKind: HazelcastList 10 | plural: hazelcasts 11 | singular: hazelcast 12 | scope: Namespaced 13 | versions: 14 | - name: v1alpha1 15 | served: true 16 | storage: true 17 | schema: 18 | openAPIV3Schema: 19 | type: object 20 | x-kubernetes-preserve-unknown-fields: true 21 | subresources: 22 | status: {} 23 | -------------------------------------------------------------------------------- /.github/operator-release-files/rhel-operator-bundle/hazelcast-enterprise-operator.package-template.yaml: -------------------------------------------------------------------------------- 1 | packageName: hazelcast-enterprise-certified 2 | channels: 3 | - name: alpha 4 | currentCSV: hazelcast-enterprise-operator.vOPERATOR_VERSION 5 | defaultChannel: alpha 6 | -------------------------------------------------------------------------------- /.github/operator-release-files/rhel-operator-bundle/hazelcast-enterprise-operator.vOPERATOR_VERSION.clusterserviceversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: ClusterServiceVersion 3 | metadata: 4 | annotations: 5 | alm-examples: |- 6 | [{ 7 | "apiVersion": "hazelcast.com/v1alpha1", 8 | "kind": "HazelcastEnterprise", 9 | "metadata": { 10 | "name": "hz" 11 | }, 12 | "spec": { 13 | "hazelcast": { 14 | "licenseKeySecretName": "hz-license-key-secret" 15 | }, 16 | "securityContext": { 17 | "runAsUser": "", 18 | "runAsGroup": "", 19 | "fsGroup": "" 20 | } 21 | } 22 | }] 23 | categories: "Database" 24 | certified: "true" 25 | capabilities: Seamless Upgrades 26 | containerImage: registry.connect.redhat.com/hazelcast/hazelcast-enterprise-operator:OPERATOR_VERSION 27 | createdAt: RELEASE_DATE 28 | description: Install Hazelcast Enterprise cluster. 29 | repository: https://github.com/hazelcast/hazelcast-operator 30 | support: Hazelcast, Inc 31 | name: hazelcast-enterprise-operator.vOPERATOR_VERSION 32 | namespace: placeholder 33 | spec: 34 | customresourcedefinitions: 35 | owned: 36 | - description: Hazelcast Enterprise cluster. 37 | displayName: Hazelcast Enterprise 38 | group: hazelcast.com 39 | kind: HazelcastEnterprise 40 | name: hazelcastenterprises.hazelcast.com 41 | version: v1alpha1 42 | description: | 43 | Hazelcast IMDG Enterprise is the most widely used in-memory data grid with hundreds of thousands of installed clusters around the world. It offers caching solutions ensuring that data is in the right place when it’s needed for optimal performance. 44 | 45 | ### Before Your Start 46 | 47 | You need Hazelcast Enterprise License Key. If you don't have one, get a trial key from this [link](https://hazelcast.com/hazelcast-enterprise-download/trial/). 48 | 49 | ### Installation Guide & Configuration 50 | 51 | For the complete installation guide and all configuration options please refer to [Hazelcast RHM Deployment Instructions](https://github.com/hazelcast/hazelcast-operator/tree/master/hazelcast-enterprise-operator#step-4-hazelcast-enterprise-cluster-and-management-center-installation). 52 | 53 | displayName: Hazelcast Enterprise Operator 54 | icon: 55 | - base64data: iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAYAAACtWK6eAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAFoNJREFUeNrsXb+PI7cVpuYAw0AKTxPgABeedEEKn1IESLezXVyttourlUpXK5UpAp2QKpWkv0DaLq5W2yXVznYGUnguRdrMNUYAN+MigIE0mac87vHmRj+GPx9pfoBwC3ul5Ud+3yM5It8bMEn87Fe/GTb/jJrXRfOCn9MDv1o0r7J5PcHP//nn32tGFA0nkU9+4NfqFp+CKp/P//g2FcYoO8Kpwhdw2v3jT5+VhDlxHnychkc4lQKnSubvDXoKCDp82rxusMP7AsS1a17rRlglEVMAjzkKKZXktEVOFRER5ThGY8mPAB53zWvVCKsmwmmMnHLJjwC9rRs+W+0GEYxxKymiLoBRZq5EJRhjrPFjt8ipdiQiiKZLBRF1mR9E9dqx2TeSAfmQ+RfnGmVwhpB0N7CNRSOo15bNMUVzpAY+HkQ1aTjtLAvpNXIyARDVtc2lFy4PNzizmwAsjSenll6DE0Iy2entxl6bjrw4Ey41zxqHsGr4zCwJ6fHIWlwnJn2XKAoz4b3BoCwGMzB+0dsgjZg2loQkrhEvTZkEzWFLSM9LrobPJAAhvcepEZRpTo+GZvfexh8QMYdRkzgyh1GT4NOcby0LyahJHJnjqEmSA8sqF+ZgKOBHA5+7cWQOwBgDju5l1b0jIe054VMl3YZ/dMhpgwY9bBDckM+ZWwybdiw1b8hHjjmN8TsWXVg6NPxRQSnApeE5HjH4fGgQXIZsGA1M0ayq5shQTBSwwT5WjbQjhzN818ysY/Z4TcDwDA26OTSDTC1v9s6JkiQGUGPnL4n0i7bZvhH3VMPSak6I0wi/e3lnEIxst4wWYKklHSlxBsqJcRrjrCYrpjGxIAaYt5clfd/P6GHenkGmBNZ/Xbh19F4rnR+ImFLZPR7OHmOCnHI+i3CD3BAV0xAPRcrsPUZEOcmKaURw9lANRlTH6NkTCQowI9zQUWAdn0o+0boizGmIs4GUCCnrLiEuJllhXATIKSfOqZeOcN8yJMwnhWVW4oGYhgGKadhTTBnxWR7wysK4Wh+nxIeG9vlOBJ/IpYGZPvNATH3bmHvA6VXigZhszDguTJ8Fxqmv4D/xwfSJJ6LPWHjowykNkL8XgSwaJCIiAIPUcagiokEOowyw73/qpq+iQWLHH0TPrC5FgEHsrQ9BLAmt86mk3tFs4jpATj6M05vEg+VLJXEFtwjF8ADMJkLdJG8CG6P9OIFBnog3UqYjqXN6sNQPNrHrafrKg1mk4EusOjAx7QI0/QNhPpVkzizK4wTpSusEly9UG1rJJGDDDTDVpeNOcp+0IxzI7iy/z1pg5k+x1oF1PGVOUu3CHLlUA9lWklNJdOlY8RRAiRBxqXU+CGIl++aG05bgGlc1G/yC4Cyylc2cLnCihuc2id+DzIg1UkcS6BnVjpeMuBWxmbFW7WNM+0kpOJdiArlEiLgVITcXOAMoAfcvVDp/paOWCGZap7K/mmgqjzAhNDO+lzEyaQnqNYE14T6hsGbCrgVVak5kTUFQsLTSEnzQZBMC5pi1n8Z1HTW5digo6CituXnxs1wKCmbmS50fiIPoUlCl7ty8aLaJY8N/sOdNDgjq0oFJuDm0/138zEsHJtnPhiYy1jsUVKnb8AKnraNl/sFk3MmRqGvTJMbM0WGSyqKQfmGSEwrKpvHBlJcmy7LhHsum8VfHZsNzKkxBqsupwQYWzELxHIGP6cpF+05n/6+cZYUTJnWA5M8mb+ktbJZiM1B6rSsoT07to86tUQiN1Z1RfP+IUMfTKkmjjJCTzgGA2WniqvItJoHWWUeSB7CZi8q3mBpobiBAb5HTyQDWt8rtGAdgqCiifQVVCiWhkdNc0SgVzhhb13xQVDoKrhY4axQEOGVMrRKxaIy7PpwGkqLiNdKvzjRLhR3+YLu4ZQ9OOfLJz+TEj0ncUSlp3SGskcApO9MUcAZpp/jtuEnzi5xOmaVGTk+4Ee8dkAcaxcVwEDJsGBdNSWGmUOA0xIF45uRqCaVBXNz4uRC44FW7WEJpmlkyHJ+hELhgrCqKJo+IiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiPAbuo6aHCrIWHmSK7eLU8a6zy95y+nzP77lx2baKE3e8XDBSdchy4GCeODQGBQAzdnpQ2PQWDgwtqN6sE/gxA/CHQM/l/XA5BPB2RLPDQavczgV7N1hxZooJ1F3pw6VVpyT7P35vsfdoVG3TO2yEQhrTeFoOHIao4hyhY+BQVhQOcTYiAg4qR7hh/G5I3LcXccRfp54b9HnEOO5F6agozdMb2VSaOTM1fF3Q5fACuRUemyMNmB8Zq5Oxhq6BLZCo6hfmGqENEUhmcI++YDlK7cmbqmJWGAKJZsR9p6ZK61co0m2FjkNMSibukYMhp+cmiEHJ4Rk+u62uOyamI68yOmR2amwCh1v/K49CumR2amEu9Wd7ufITLi0xGnWle7nqEEsC0mMUsYym+AtSFtCEo1/acokls1hxSRojo3lldxBTgMi5jBqEuT0L+am3rgRkzgyh1GTODLH876k4fRB9suuvFhL5q7I+34tjYLWvaxKHXEa4v5Ap5Ayx5zGTRuWBgzvyhyAKRr0sEFwQz5mbpFp7qi5Q8Nz5E3f6ty0bxyaQxTUSJM5eBBzjSUGnw8Ngo9y54wGRpi3SnX2yJnZp1W9jIr7IFUxAZ+cCKcNiltZmAQMz1cwm0MzyJxII8VOo/AZZDgJidSoIFUNQJhBcUyIUy4utRJh9hgTE1OG33LLzh5jAkurrqWWSvSfEgtigFvFWWTO6GHenkEoNlK1XTdEOd06ei+5WQTX+zlBThnfX3GDjIiKKZNZt+OMmBPlNJJ5SofTfkqU001Ahn+PU4Kb4ZR6Q/uKkNGGTPuuCPPJ8DFtSOP0PINcEBdTHpiYmGSf5yGNk5A2lCzgAUJCcCPbxjCKaS+mNDDTU9fdfpwSD8TE+jz5wf0HdWSGf98HTj4Y5FXCwoMPYupr5NwDSn0F/4kHnFJfDDKMRg4OXoypLwZJWURENMhB1HGoIqJBDqMMsO+rn7j2Sl8MUkfh2UfPVEGFB5T6tvEHH7SU+ODkPul0UHjUTV8GaPracB+4wFswyFOAU3EZEidMuUPd9E8BGqRIPJi+Zdr3EJiYALuQxglNT9kkUPm3SHD5Qjk63QUopl1gpq8ky0g/UB8j/hRrS7XjZTKc4D6E6sy4lclwgrllqe5F1rJ9QT0wJ4oETWPh6L0UxSQ7m9rYnEsJHZdZFE1S8oyLiRBxqTW0UklwjUtHarOIanb7FcHl8FoxEzzFQPacHytp/UdKnT/RSZRIpFVqDwqREqcKTavCSfkzdD9sEPP1JkLErTWJUgdWOkoJYLSmEqEWOuqIYAJpKg8hJprqiCyI7K8+8EDSEtSOgJu1ihqzrLteasHGXGe/TggIaqGrdgia7JrACmbSLvOQdAhq5nA/wnPz6u6oa+bumXupe1lEQFCQm/e1Zk6l4xXMpKsKVXIg6k4cmKQyZA6+fLx0YBJj2d1RUJcOTGIsuzsKdOLIHJ16T46IyqZJYLB/bbI+iGASW8utLTNY+qBlElvGX5iuD4JC/bUl49fHzAE4p8IUpD8xmSx5hcs6a8BE0nODnb7QvOc4CiEl6dSwkHYWOWVMf9m/dlCenDoBcG6NQhgAyCs71tjAgjksfIkJ6ZaaB2Bfz89V1VvMcwuiynQGMHZmPT9DnMZMb91F4LE+dw/Vt8ptho1VSTYHIlpTqQirqXLvFjmROHyHolKp3Mu/HV+7Kt5pwCjAA04irPqYfaAgLF5TfMiOX8Cv2Lua4gXVmuI4S4o1uLMT0zO8eO13qjXFM4HT8AxOELSebC6lJDgNW5zSE6uU/RhJHqaUN8iB2UUcgJpKRNXIqaJq8J4CE0VVulo+aV5aspA4RURERERERERERERERERERERERERERERERERERERE0ITyURPhOEbXuZiCeXjkROCUd/xv4OTdkRM8vczHSQQcydifLaN6puwIpxw11+ZU4UuZ00CyYfygYs7OO11Zo7DgwCLJw30Np7HAKT2TExzqe8C7/NT48MOXV+z8k8qVwKkgGrhE7Z0DfgjzTiZQDyREpHo2nwtr4ToKo4jgktEtU7sQBjz2R6ldm1+4kjBW/KgKx2hLZKZQvZLAZ/9ed5DOvTAFDVsyvRdx9hdXMOuIi06fopBSzZxmLkSFZjdxqxCMMnExoyCnjQZjdBllds6MMjijgbpvEnZNgRNb+xSMsCavcjKcISe2ZhPcX9wzs4VBrV6NtnDVm6FJVlIGQSHdMzvVSGsU1M6CkB6ZnaKgEHmvTRsfl70bS7o1lqWlxWnJzN2vb2OLCUrON4hlIYmYmFqeOOLE83yVAZjDikkaThvDK5ZeJhkcWFZ9y9zV8b7Uvd51aHhjJnFkDqMmsTxznGWSrrxYj8xtkft7XN7p3Oi5MgfDv7vBdug0/MbhGGn/+2j4qUNOY0wHddgg+AtD5hYp7n20Gc6hOURBzTUa/p65xwifBOp6cLIkwGmOj5Q/NAhGpTmjgWGXmyWjUk6E07Td+bKD6HiGbwtKR1tMP63q25bOGWTJaOFWw7JkTozTRtHwmeNlSNdsP1fklBMKYoBMDM4J0Ubyzp8qdPyYUKQVO38ckOH52j0LjNNtewa5YTRxG1jHS/c1zqbjkMaJaGDeB2ceyBLiHZ/iN6p9O/5UFkGXyCUj7ojRxdhmsLCEKz6DUO7454YG1PGyYr8izCeVfABBWXvwlC4Fg1wQF5NMxw+Jc7oITEy9xwln+ZQ6p4TwUkTc2KYWTGUTQwkxscBM7wOnYeKBmHp1pidiygz/fuSkB68SFh5SHxrZ08ghmv4zH7Tki0HyaOTg4MMMwhIWERHhvUGqOFQR0SA/LYP0uR8SYrWkJ18M4oP4akPCc4ael4184FSEGMS8MEif23goPOoRtzT8+z7M8j4Y6m3iwVRXWHoPWU5oeuqB7ClA0xdgkB3xRj5Yeg/19fcuQNNTNsk+ZW6CyxfK0WkXmJhqyfRGlE1fSmbJvCPMacs36ZQbWsh0PEanLeWOl+BUEA5ka4W+oLpfvBMNsiLa0IUqwYDEpNofxjbnsrnMMJBRnO0L/mAoERq6JthI6c02vpda569UEnajEKnNIqqmnREMzs8pVhOh818T6/yZps+g0vm1phlgQiyIKS1lMThTmhlX4tcK7W/Sr6lEJR2ZCDFaz4hw0pLMGmfGFRHDazErJpAuCHCq2mZNWg0tCUSonc6SCBjhtgQMv9PICUzv+hHpTHN9l2vHsz387et2EEuICcqIQTHnqitOW0M1UC4dmkR7knEU5qVDk3Rm4k8ICcpo1nBHnI6m1tckqNJ3c7RWMLZNwmeOziXei0Pv+u/33z189PNP3zI7yQJASF80f/NHk38EOcFFpd9aWlbNDPP5seHzdfPjL/FlWkhfma6e1XD6N3LKm9dLC3uOL449LX1xorFl09gHFNRLQ53+ZdPAP9sKFw2nvzWc3jQ//q55fWyo069tlWEDkzSvrxtOP+A4meBUnBKSZk41muRjg8Fsh5yO7qPOLuJpoKbfFjd6TtacGgt4imaH75JWDjllTE8BT9HsTgt54t39JdN37bpE3Z1l9oGEqEYoqqFkh9/hkqpiBCAYBZLNZZKc1sipJsIpwzEaS5ofRLSmUOFW4JTjGI0kOe2QU69ZcKA4CNDYVyis/EBHg4BgSbOzVahTMVoBjwvkNDyw3AAjwIncwgNOeYtTdoBTJXCqiHMa4dgc4sRPCpcCpxBvZUZERERERERERERERERERERERERERERERERERERERERERNDBQOXNeNCPn1/6hL1/dqlqXm/xX/LnewROGfIYdnCCsz0/4L+lR5w4H+D2GXv/7BLP8lggp9ojTqA70OAr9u4AI7T/Df5bqh7RH0gKCA6L3bB+J3pBTHCi8o7aAT/h9OuI9TvRCzzgvsyWmlkUTr8CJ37iuibGCbhcSXAC3T3InE4e9BSRrrsG4OqFrQs4J0Q0Z3ruGmyRUxUIJ57UbebaKA2nMXLKNHDqdWdncGYDX2MDdQMGYGJ7AHBpuGT6LhaJWKFRbHMC8WyY/nqONfJZOTL7humvZ1ih8XdKBsFOv2dmq6zWaJKdpU4HLo/MbBFNGIBrW0tJjLBLw5wK1pEWxyAnU0G5PesfnSEHjoUkYmL6BhsKaWOJjxXjN5zAGFOLnC5NGh9n9w2zkyyE77kOZtMZEDEHx8JQDinb5rBi/IbTxtAy0YlJ0ByPzH5d+IMmSQiZAzBHIYdiDsAG+9TEzDF2wGcvYlx+a+8rB+Zg+Dcf0aCHDYK/cM/cFrnf4OZM555jydxCq6DwcefUIZ+9TroEpbjnGDnk1KmTpMPBGXOPjcbO3zg2PBfURpOQtH2WBkHNNXHKLWzIz8EYg8+HBsFGjhgNZDo6DKPSkAinXNPykYLhOaaalo8bRgfvBeeEaCN552cK5gCSt8Q4zRUNTymIcSwVOY2JrFrE2X76nkEINlKHoKaEIu3zzKg4i9wSHKNccc84J8jpls8ifAa5YTQxUtiL3BLlJCUI4QwcRdxIcup79s3mLLIPZAl2fE6041MZUWDHp0Q5ZZLrdqrmUGnbFWFON3wGyRltyHTiBXFOo8DElLaf/gRg+iFMHokHYsotvccmLgLk1GtWxFk0pa69hNF5DHosOmUmB8sDMVE3h4zpfeCU+WAQ1mcjZ+JYh6G9lcnfJz1GHnG6SJgfSAPr+L6zwjBAg7zyYZx8MciQRYSGNBokIsJz+GKQMg5VcKijQX5inWnQ9FWAY/TGF4P40Plnt9F1ppQe7awDM0hp2FBOOCUeLF9qiVQ61AVVGBafDwbxgdMbMMhTYGKSfY9N9OpznG3KwDj5MNMXYJBdSB2PeCDOaReg6QtL/WBtWQ8rlwSXL5Sj01Zifb8jvMatJDOC3FE2vGS+LMqB7I5v0gFrquZQSFS2o9zxEqYvCc8ia0lOW8KBbPtsEGxoFYqYEAuKDxzY/1OThsRJNYM6xeD8nIw8Idz5W5WOR4IrYpzWKqk7sT+ozSIzxfeviAXnWvRC0pruCkKNnGn4nAWhzi81ZY2cERLTTvVpFAYMSpzW4tcK7W/SJ0TWhFoyvuNnTIgYXks7cC9CQVCVRk47JvEwxgCKdhBLOpYl144budKZ8BkjnGtBzXTmssVSBFvHhted6R3GqHRs+A+0/6L9H/77/XfVRz//FEqnubgvDPuOr3R/aMPpm4ZTxtwcmzeSvLrh9OCQ05e6v+hr+PzY8Pm6+fF3zeulA8N/0XVi48WBxpYOTALmMLYcQkHBHYTf+m4OhybhQvqrIT4uTFIhp87Z68WRxoJJ4Iuc3zevjy0sQf5guicaTn9D4+eGOdUYZf9igROYZMDM3/HmQvrGMB9ukpcWjA+z4OWxs34nS7AZLmhSYpS1uvY0WK6Md/rEdq1Cg+XK9vtC5qas3IiZyUW8r1V4zlPFQc8B0FXwssIOd/rkQmNxSG72GYHCpDDot5pEVeh+wCDBh+fK1cVpy3oUW5UpAw0GkSkvDJAux2shUt1IzJK8EuwdtdOpaP4rBU5rSuW60Shj1r/8OA/IvLR1r5l9oNjoHBv76kAU5kXd9+eIfChSj5xy9n5x+nZnv0U+hQd8UuQzPMKpFDiVHnDKkBP8e3FkRn+DnKSXu/8TYADMMge34HbU5gAAAABJRU5ErkJggg== 56 | mediatype: image/png 57 | install: 58 | spec: 59 | clusterPermissions: 60 | - rules: 61 | - apiGroups: 62 | - "" 63 | resources: 64 | - pods 65 | - services 66 | - services/finalizers 67 | - endpoints 68 | - persistentvolumeclaims 69 | - events 70 | - configmaps 71 | - secrets 72 | - serviceaccounts 73 | verbs: 74 | - create 75 | - delete 76 | - get 77 | - list 78 | - patch 79 | - update 80 | - watch 81 | - apiGroups: 82 | - "" 83 | - "networking.k8s.io" 84 | resources: 85 | - ingresses 86 | verbs: 87 | - '*' 88 | - apiGroups: 89 | - rbac.authorization.k8s.io 90 | resources: 91 | - roles 92 | - rolebindings 93 | - clusterroles 94 | - clusterrolebindings 95 | verbs: 96 | - '*' 97 | - apiGroups: 98 | - apps 99 | resources: 100 | - deployments 101 | - daemonsets 102 | - replicasets 103 | - statefulsets 104 | verbs: 105 | - create 106 | - delete 107 | - get 108 | - list 109 | - patch 110 | - update 111 | - watch 112 | - apiGroups: 113 | - "" 114 | resources: 115 | - namespaces 116 | verbs: 117 | - get 118 | - apiGroups: 119 | - "" 120 | resources: 121 | - configmaps 122 | - secrets 123 | verbs: 124 | - "*" 125 | - apiGroups: 126 | - monitoring.coreos.com 127 | resources: 128 | - servicemonitors 129 | verbs: 130 | - get 131 | - create 132 | - apiGroups: 133 | - apps 134 | resourceNames: 135 | - hazelcast-enterprise-operator 136 | resources: 137 | - deployments/finalizers 138 | verbs: 139 | - update 140 | - apiGroups: 141 | - apps 142 | resources: 143 | - replicasets 144 | - deployments 145 | verbs: 146 | - get 147 | - apiGroups: 148 | - hazelcast.com 149 | resources: 150 | - "*" 151 | verbs: 152 | - create 153 | - delete 154 | - get 155 | - list 156 | - patch 157 | - update 158 | - watch 159 | serviceAccountName: hazelcast-enterprise-operator 160 | deployments: 161 | - name: hazelcast-enterprise-operator 162 | spec: 163 | replicas: 1 164 | selector: 165 | matchLabels: 166 | name: hazelcast-enterprise-operator 167 | strategy: {} 168 | template: 169 | metadata: 170 | labels: 171 | name: hazelcast-enterprise-operator 172 | spec: 173 | containers: 174 | - env: 175 | - name: WATCH_NAMESPACE 176 | valueFrom: 177 | fieldRef: 178 | fieldPath: metadata.annotations['olm.targetNamespaces'] 179 | - name: POD_NAME 180 | valueFrom: 181 | fieldRef: 182 | fieldPath: metadata.name 183 | - name: OPERATOR_NAME 184 | value: hazelcast-enterprise-operator 185 | - name: RELATED_IMAGE_HAZELCAST 186 | value: registry.connect.redhat.com/hazelcast/hazelcast-enterprise-5-rhel8:HAZELCAST_IMAGE_VERSION 187 | - name: RELATED_IMAGE_MANCENTER 188 | value: registry.connect.redhat.com/hazelcast/management-center-5-rhel8:MANCENTER_IMAGE_VERSION 189 | image: registry.connect.redhat.com/hazelcast/hazelcast-enterprise-operator:OPERATOR_VERSION 190 | imagePullPolicy: Always 191 | name: hazelcast-enterprise-operator 192 | resources: {} 193 | serviceAccountName: hazelcast-enterprise-operator 194 | serviceAccountName: hazelcast-enterprise-operator 195 | strategy: deployment 196 | installModes: 197 | - supported: true 198 | type: OwnNamespace 199 | - supported: true 200 | type: SingleNamespace 201 | - supported: false 202 | type: MultiNamespace 203 | - supported: false 204 | type: AllNamespaces 205 | replaces: hazelcast-enterprise-operator.vPREVIOUS_OPERATOR_VERSION 206 | maturity: beta 207 | version: OPERATOR_VERSION 208 | keywords: 209 | - hazelcast 210 | - keyvalue 211 | - in-memory 212 | - database 213 | - caching 214 | links: 215 | - name: Hazelcast Operator Deploy Guide 216 | url: https://github.com/hazelcast/hazelcast-operator 217 | - name: Hazelcast Documentation 218 | url: https://docs.hazelcast.org/ 219 | maintainers: 220 | - name: leszko 221 | email: rafal@hazelcast.com 222 | - name: hasancelik 223 | email: hasan@hazelcast.com 224 | provider: 225 | name: Hazelcast, Inc 226 | -------------------------------------------------------------------------------- /.github/operator-release-files/rhel-operator-bundle/hazelcastenterprises.hazelcast.com.crd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: hazelcastenterprises.hazelcast.com 5 | spec: 6 | group: hazelcast.com 7 | names: 8 | kind: HazelcastEnterprise 9 | listKind: HazelcastEnterpriseList 10 | plural: hazelcastenterprises 11 | singular: hazelcastenterprise 12 | scope: Namespaced 13 | versions: 14 | - name: v1alpha1 15 | served: true 16 | storage: true 17 | schema: 18 | openAPIV3Schema: 19 | type: object 20 | x-kubernetes-preserve-unknown-fields: true 21 | subresources: 22 | status: {} 23 | -------------------------------------------------------------------------------- /.github/scripts/clean-up.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | set -o pipefail 5 | 6 | # Clean up after test 7 | WORKDIR=$1 8 | PROJECT=$2 9 | 10 | oc delete -f ${WORKDIR}/hazelcast.yaml --wait=true 11 | oc delete -f ${WORKDIR}/secret.yaml --wait=true 12 | oc delete -f ${WORKDIR}/hazelcast-rbac.yaml --wait=true 13 | 14 | oc delete --wait=true rolebinding hazelcast-enterprise-operator 15 | oc delete --wait=true clusterrole hazelcast-enterprise-operator 16 | oc delete --wait=true serviceaccount hazelcast-enterprise-operator 17 | oc delete --wait=true deployment hazelcast-enterprise-operator 18 | 19 | oc delete --wait=true secret pull-secret 20 | oc delete project $PROJECT --wait=true 21 | 22 | oc logout -------------------------------------------------------------------------------- /.github/scripts/cluster-verification.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | #CHECK IF THE LAST MEMBER POD IS READY 5 | wait_for_last_member_initialization() { 6 | local SIZE=$1 7 | local LAST_MEMBER=$(( $SIZE - 1 )) 8 | for i in `seq 1 10`; do 9 | if [[ $(kubectl get pods ${HZ_NAME}-${NAME}-${LAST_MEMBER} -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}') != "True" ]]; then 10 | echo "waiting for pod ${HZ_NAME}-${NAME}-${LAST_MEMBER} to be ready..." && sleep 24 11 | if [ "$i" = "10" ]; then 12 | echo "${HZ_NAME}-${NAME}-${LAST_MEMBER} pod failed to be ready!" 13 | kubectl get pods 14 | echo "" 15 | kubectl logs ${HZ_NAME}-${NAME}-${LAST_MEMBER} 16 | return 1 17 | fi 18 | else 19 | echo "${HZ_NAME}-${NAME}-${LAST_MEMBER} is ready!" 20 | return 0 21 | fi 22 | done 23 | } 24 | 25 | 26 | #CHECK IF CLUSTER SIZE IS CORRECT 27 | verify_cluster_size() { 28 | local SIZE=$1 29 | local LAST_MEMBER=$(( $SIZE - 1 )) 30 | for i in `seq 1 5`; do 31 | num=$(kubectl logs ${HZ_NAME}-${NAME}-${LAST_MEMBER} | grep "Members {size:${SIZE}, ver:${SIZE}}" | wc -l) 32 | if [ "$num" = "1" ]; then 33 | echo "Hazelcast cluster size is ${SIZE}!" 34 | return 0 35 | else 36 | echo "Waiting for cluster size to be ${SIZE}..." && sleep 4 37 | if [ "$i" = "5" ]; then 38 | echo "Hazelcast cluster size is not ${SIZE}!" 39 | kubectl get pods 40 | echo "" 41 | kubectl logs ${HZ_NAME}-${NAME}-${LAST_MEMBER} 42 | return 1 43 | fi 44 | fi 45 | done 46 | } 47 | 48 | 49 | #CHECK IF ALL MEMBERS CAN COMMUNICATE WITH MANAGEMENT CENTER 50 | verify_management_center() { 51 | local SIZE=$1 52 | for i in `seq 1 5`; do 53 | local MEMBER_COUNT=$(kubectl logs ${HZ_NAME}-${NAME}-mancenter-0 | grep -E "Started communication with (a new )?member" | wc -l) 54 | if [ "$MEMBER_COUNT" = "${SIZE}" ]; then 55 | echo "Management Center monitoring ${SIZE} members!" 56 | return 0 57 | else 58 | echo "Waiting for management center to find all ${SIZE} members..." && sleep 4 59 | if [ "$i" = "5" ]; then 60 | echo "Management center could not find all ${SIZE} members!" 61 | kubectl get pods 62 | echo "" 63 | kubectl logs ${HZ_NAME}-${NAME}-mancenter-0 64 | return 1 65 | fi 66 | fi 67 | done 68 | } -------------------------------------------------------------------------------- /.github/scripts/expect.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/expect -f 2 | 3 | set timeout -1 4 | 5 | spawn gh pr create --title "Update $::env(OPERATOR_NAME) to $::env(OPERATOR_VERSION)" --repo $::env(REPO_OWNER)/$::env(REPO_NAME) 6 | 7 | expect "Body" 8 | 9 | send -- "\n" 10 | 11 | expect "What's next" 12 | 13 | send -- "Submit\n" 14 | 15 | expect eof -------------------------------------------------------------------------------- /.github/scripts/publish-rhel.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | get_id_from_pid() 4 | { 5 | local PROJECT_ID=$1 6 | local RHEL_API_KEY=$2 7 | 8 | local ID=$( \ 9 | curl --silent \ 10 | --request GET \ 11 | -H "X-API-KEY: ${RHEL_API_KEY}" \ 12 | "https://catalog.redhat.com/api/containers/v1/projects/certification/pid/${PROJECT_ID}" \ 13 | | jq -r '._id') 14 | 15 | echo "${ID}" 16 | } 17 | 18 | get_image() 19 | { 20 | local PUBLISHED=$1 21 | local ID=$2 22 | local VERSION=$3 23 | local RHEL_API_KEY=$4 24 | 25 | if [[ $PUBLISHED == "published" ]]; then 26 | local PUBLISHED_FILTER="repositories.published==true" 27 | elif [[ $PUBLISHED == "not_published" ]]; then 28 | local PUBLISHED_FILTER="repositories.published!=true" 29 | else 30 | echo "Need first parameter as 'published' or 'not_published'." ; return 1 31 | fi 32 | 33 | local FILTER="filter=deleted==false;${PUBLISHED_FILTER};repositories.tags.name==${VERSION}" 34 | local INCLUDE="include=total,data.repositories.tags.name,data.scan_status,data._id" 35 | 36 | local RESPONSE=$( \ 37 | curl --silent \ 38 | --request GET \ 39 | --header "X-API-KEY: ${RHEL_API_KEY}" \ 40 | "https://catalog.redhat.com/api/containers/v1/projects/certification/id/${ID}/images?${FILTER}&${INCLUDE}") 41 | 42 | echo "${RESPONSE}" 43 | } 44 | 45 | wait_for_container_scan() 46 | { 47 | local PROJECT_ID=$1 48 | local VERSION=$2 49 | local RHEL_API_KEY=$3 50 | local TIMEOUT_IN_MINS=$4 51 | 52 | # Get ID of the PID from the API. 53 | local ID=$(get_id_from_pid "${PROJECT_ID}" "${RHEL_API_KEY}") 54 | 55 | local IS_PUBLISHED=$(get_image published "${ID}" "${VERSION}" "${RHEL_API_KEY}" | jq -r '.total') 56 | if [[ $IS_PUBLISHED == "1" ]]; then 57 | echo "Image is already published, exiting" 58 | return 0 59 | fi 60 | 61 | local NOF_RETRIES=$(( $TIMEOUT_IN_MINS / 2 )) 62 | # Wait until the image is scanned 63 | for i in `seq 1 ${NOF_RETRIES}`; do 64 | local IMAGE=$(get_image not_published "${ID}" "${VERSION}" "${RHEL_API_KEY}") 65 | local SCAN_STATUS=$(echo "$IMAGE" | jq -r '.data[0].scan_status') 66 | 67 | if [[ $SCAN_STATUS == "in progress" ]]; then 68 | echo "Scanning in progress, waiting..." 69 | elif [[ $SCAN_STATUS == "null" ]]; then 70 | echo "Image is still not present in the registry!" 71 | elif [[ $SCAN_STATUS == "passed" ]]; then 72 | echo "Scan passed!" ; return 0 73 | else 74 | echo "Scan failed!" ; return 1 75 | fi 76 | 77 | sleep 120 78 | 79 | if [[ $i == $NOF_RETRIES ]]; then 80 | echo "Timeout! Scan could not be finished" 81 | return 42 82 | fi 83 | done 84 | } 85 | 86 | publish_the_image() 87 | { 88 | local PROJECT_ID=$1 89 | local VERSION=$2 90 | local RHEL_API_KEY=$3 91 | 92 | # Get ID of the PID from the API. 93 | local ID=$(get_id_from_pid "${PROJECT_ID}" "${RHEL_API_KEY}") 94 | 95 | local IS_PUBLISHED=$(get_image published "${ID}" "${VERSION}" "${RHEL_API_KEY}" | jq -r '.total') 96 | if [[ $IS_PUBLISHED == "1" ]]; then 97 | echo "Image is already published, exiting" 98 | return 0 99 | fi 100 | 101 | local IMAGE=$(get_image not_published "${ID}" "${VERSION}" "${RHEL_API_KEY}") 102 | local IMAGE_EXISTS=$(echo $IMAGE | jq -r '.total') 103 | if [[ $IMAGE_EXISTS == "1" ]]; then 104 | local SCAN_STATUS=$(echo $IMAGE | jq -r '.data[0].scan_status') 105 | if [[ $SCAN_STATUS != "passed" ]]; then 106 | echo "Image you are trying to publish did not pass the certification test, its status is \"${SCAN_STATUS}\"" 107 | return 1 108 | fi 109 | else 110 | echo "Image you are trying to publish does not exist." 111 | return 1 112 | fi 113 | 114 | local IMAGE_ID=$(echo "$IMAGE" | jq -r '.data[0]._id') 115 | 116 | # Publish the image 117 | echo "Publishing the image..." 118 | RESPONSE=$( \ 119 | curl --silent \ 120 | --request POST \ 121 | --header "X-API-KEY: ${RHEL_API_KEY}" \ 122 | --header 'Cache-Control: no-cache' \ 123 | --header 'Content-Type: application/json' \ 124 | --data "{\"image_id\":\"${IMAGE_ID}\" , \"tag\" : \"${VERSION}\" }" \ 125 | "https://catalog.redhat.com/api/containers/v1/projects/certification/id/${ID}/requests/tags") 126 | 127 | echo "Created a tag request, please check if the image is published." 128 | } 129 | 130 | wait_for_container_publish() 131 | { 132 | local PROJECT_ID=$1 133 | local VERSION=$2 134 | local RHEL_API_KEY=$3 135 | local TIMEOUT_IN_MINS=$4 136 | 137 | # Get ID of the PID from the API. 138 | local ID=$(get_id_from_pid "${PROJECT_ID}" "${RHEL_API_KEY}") 139 | 140 | local NOF_RETRIES=$(( $TIMEOUT_IN_MINS / 2 )) 141 | # Wait until the image is published 142 | for i in `seq 1 ${NOF_RETRIES}`; do 143 | local IS_PUBLISHED=$(get_image published "${ID}" "${VERSION}" "${RHEL_API_KEY}" | jq -r '.total') 144 | 145 | if [[ $IS_PUBLISHED == "1" ]]; then 146 | echo "Image is published, exiting." 147 | return 0 148 | else 149 | echo "Image is still not published, waiting..." 150 | fi 151 | 152 | sleep 120 153 | 154 | if [[ $i == $NOF_RETRIES ]]; then 155 | echo "Timeout! Publish could not be finished" 156 | return 42 157 | fi 158 | done 159 | } -------------------------------------------------------------------------------- /.github/scripts/smoke-test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | set -o pipefail 5 | 6 | # Fill the variables before running the script 7 | WORKDIR=$1 8 | PROJECT=$2 9 | HZ_ENTERPRISE_LICENSE=$3 10 | LOGIN_USERNAME=$4 11 | LOGIN_PASSWORD=$5 12 | OCP_CLUSTER_URL=$6 13 | RED_HAT_USERNAME=unused 14 | RED_HAT_PASSWORD=$7 15 | RED_HAT_EMAIL=unused 16 | HAZELCAST_CLUSTER_SIZE=$8 17 | MANAGEMENT_CENTER_REPLICAS=$9 18 | LOGIN_COMMAND="oc login ${OCP_CLUSTER_URL} -u=${LOGIN_USERNAME} -p=${LOGIN_PASSWORD} --insecure-skip-tls-verify" 19 | 20 | # LOG INTO OpenShift 21 | eval "${LOGIN_COMMAND}" 22 | 23 | # CREATE PROJECT 24 | oc new-project $PROJECT 25 | 26 | oc create secret docker-registry pull-secret \ 27 | --docker-server=scan.connect.redhat.com \ 28 | --docker-username=$RED_HAT_USERNAME \ 29 | --docker-password=$RED_HAT_PASSWORD \ 30 | --docker-email=$RED_HAT_EMAIL 31 | 32 | cat </key: ${LICENSE_KEY}/g" ${WORKDIR}/secret.yaml 51 | oc apply -f ${WORKDIR}/secret.yaml 52 | 53 | oc apply -f ${WORKDIR}/hazelcast.yaml 54 | -------------------------------------------------------------------------------- /.github/workflows/hz-enterprise-op-rhel-release.yaml: -------------------------------------------------------------------------------- 1 | name: hz-enterprise-operator-rhel-autorelease 2 | on: 3 | workflow_dispatch: 4 | inputs: 5 | OPERATOR_VERSION: 6 | description: "OPERATOR_VERSION" 7 | required: true 8 | default: "0.3.4" 9 | PREVIOUS_OPERATOR_VERSION: 10 | description: "PREVIOUS_OPERATOR_VERSION" 11 | required: true 12 | default: "0.3.3" 13 | HELM_CHART_VERSION: 14 | description: "HELM_CHART_VERSION" 15 | required: true 16 | default: "3.5.2" 17 | HAZELCAST_VERSION: 18 | description: "HAZELCAST_VERSION" 19 | required: true 20 | default: "4.1.1" 21 | MANCENTER_VERSION: 22 | description: "MANCENTER_VERSION" 23 | required: true 24 | default: "4.2020.12" 25 | TIMEOUT_IN_MINS: 26 | description: "TIMEOUT_IN_MINS" 27 | required: true 28 | default: "60" 29 | 30 | jobs: 31 | build_publish: 32 | name: Build and Publish 33 | defaults: 34 | run: 35 | shell: bash 36 | env: 37 | OPERATOR_SDK_VERSION: "v1.10.0" 38 | KIND: "HazelcastEnterprise" 39 | NAME: "hazelcast-enterprise" 40 | REPO: "rhel" 41 | SCAN_REGISTRY: "scan.connect.redhat.com" 42 | OPERATOR_VERSION: ${{ github.event.inputs.OPERATOR_VERSION }} 43 | PREVIOUS_OPERATOR_VERSION: ${{ github.event.inputs.PREVIOUS_OPERATOR_VERSION }} 44 | HELM_CHART_VERSION: ${{ github.event.inputs.HELM_CHART_VERSION }} 45 | HAZELCAST_VERSION: ${{ github.event.inputs.HAZELCAST_VERSION }} 46 | MANCENTER_VERSION: ${{ github.event.inputs.MANCENTER_VERSION }} 47 | TIMEOUT_IN_MINS: ${{ github.event.inputs.TIMEOUT_IN_MINS }} 48 | HZ_ENTERPRISE_LICENSE: ${{ secrets.HZ_ENTERPRISE_LICENSE }} 49 | REDHAT_LOGIN_USERNAME: ${{ secrets.REDHAT_LOGIN_USERNAME }} 50 | REDHAT_LOGIN_PASSWORD: ${{ secrets.REDHAT_LOGIN_PASSWORD }} 51 | OCP_CLUSTER_URL: ${{ secrets.OCP_CLUSTER_URL }} 52 | RHEL_REPO_PASSWORD: ${{ secrets.RHEL_REPO_PASSWORD }} 53 | RHEL_BUNDLE_PASSWORD: ${{ secrets.RHEL_BUNDLE_PASSWORD }} 54 | RHEL_REPOSITORY: ${{ secrets.RHEL_REPOSITORY }} 55 | RHEL_BUNDLE_REPOSITORY: ${{ secrets.RHEL_BUNDLE_REPOSITORY }} 56 | RHEL_API_KEY: ${{ secrets.RHEL_API_KEY }} 57 | 58 | runs-on: ubuntu-20.04 59 | steps: 60 | - name: Install Operator-Sdk 61 | run: | 62 | sudo curl -L -o /operator-sdk "https://github.com/operator-framework/operator-sdk/releases/download/${OPERATOR_SDK_VERSION}/operator-sdk_linux_amd64" 63 | sudo chmod +x /operator-sdk 64 | /operator-sdk version 65 | 66 | - name: Install opm 67 | run: | 68 | sudo apt-get update 69 | sudo apt-get install --only-upgrade libc6 70 | wget https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/4.7.10/opm-linux-4.7.10.tar.gz 71 | tar xvf opm-linux-4.7.10.tar.gz 72 | chmod +x ./opm 73 | sudo mv opm /opm 74 | /opm version 75 | 76 | - name: Checkout to hazelcast-operator 77 | uses: actions/checkout@v2 78 | with: 79 | path: operator-repo 80 | 81 | - name: Download Hazelcast Helm Chart 82 | run: | 83 | mkdir WORKDIR 84 | cd WORKDIR 85 | if [ $(wget -q "https://hazelcast-charts.s3.amazonaws.com/${NAME}-${HELM_CHART_VERSION}.tgz" ; echo $? = "0") ]; then 86 | echo "${NAME}-${HELM_CHART_VERSION} chart is downloaded!" 87 | else 88 | echo "${NAME}-${HELM_CHART_VERSION} chart could not be downloaded!" 89 | fi 90 | tar xf ${NAME}-${HELM_CHART_VERSION}.tgz 91 | rm ${NAME}-${HELM_CHART_VERSION}.tgz 92 | 93 | - name: Overwrite template values 94 | working-directory: ./WORKDIR 95 | run: | 96 | cat <<'EOF' > new_image_block 97 | {{- if and (.Values.image.repository ) (.Values.image.tag) }} 98 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 99 | {{- else }} 100 | image: "{{ .Values.image.image }}" 101 | {{- end }} 102 | EOF 103 | sed -i '/image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"/d' ${NAME}/templates/statefulset.yaml 2>/dev/null 104 | sed -i '/- name: {{ template "hazelcast.fullname" . }}/r new_image_block' ${NAME}/templates/statefulset.yaml 2>/dev/null 105 | rm new_image_block 106 | cat <<'EOF' > new_mc_image_block 107 | {{- if and (.Values.mancenter.image.repository ) (.Values.mancenter.image.tag) }} 108 | image: "{{ .Values.mancenter.image.repository }}:{{ .Values.mancenter.image.tag }}" 109 | {{- else }} 110 | image: "{{ .Values.mancenter.image.image }}" 111 | {{- end }} 112 | EOF 113 | sed -i '/image: "{{ .Values.mancenter.image.repository }}:{{ .Values.mancenter.image.tag }}"/d' ${NAME}/templates/mancenter-statefulset.yaml 2>/dev/null 114 | sed -i '/- name: {{ template "mancenter.fullname" . }}/r new_mc_image_block' ${NAME}/templates/mancenter-statefulset.yaml 2>/dev/null 115 | rm new_mc_image_block 116 | 117 | HZ_REPO=$(grep -oE "repository:(\s+\S+|\S+)" ${NAME}/values.yaml | awk '{print $2}' | head -n1 | sed 's/"//g') 118 | HZ_TAG=$(grep -oE "tag:(\s+\S+|\S+)" ${NAME}/values.yaml | awk '{print $2}' | head -n1 | sed 's/"//g') 119 | MC_REPO=$(grep -oE "repository:(\s+\S+|\S+)" ${NAME}/values.yaml | awk '{print $2}' | tail -n1 | sed 's/"//g') 120 | MC_TAG=$(grep -oE "tag:(\s+\S+|\S+)" ${NAME}/values.yaml | awk '{print $2}' | tail -n1 | sed 's/"//g') 121 | 122 | linesArray=($(sed -n "/repository: .*/=" ${NAME}/values.yaml)) 123 | sed -i "${linesArray[0]}s|repository: .*|image: ${HZ_REPO}:${HZ_TAG}|" ${NAME}/values.yaml 124 | sed -i "${linesArray[1]}s|repository: .*|image: ${MC_REPO}:${MC_TAG}|" ${NAME}/values.yaml 125 | sed -i '/tag: .*/d' ${NAME}/values.yaml 126 | 127 | - name: Upload Helm Charts 128 | uses: actions/upload-artifact@v2 129 | with: 130 | name: updated-helm-charts 131 | path: ./WORKDIR/hazelcast-enterprise 132 | 133 | - name: Generate Operator and Operator Image 134 | working-directory: ./WORKDIR 135 | run: | 136 | OPERATOR_NAME="${NAME}-operator" 137 | OPERATOR_REPOSITORY="hazelcast/${OPERATOR_NAME}" 138 | OPERATOR_IMAGE="${OPERATOR_REPOSITORY}:${OPERATOR_VERSION}" 139 | RHEL_IMAGE=${RHEL_REPOSITORY}:${OPERATOR_VERSION} 140 | RHEL_BUNDLE_IMAGE=${RHEL_BUNDLE_REPOSITORY}:${OPERATOR_VERSION} 141 | 142 | echo "OPERATOR_NAME=${OPERATOR_NAME}" >> $GITHUB_ENV 143 | echo "OPERATOR_REPOSITORY=${OPERATOR_REPOSITORY}" >> $GITHUB_ENV 144 | echo "OPERATOR_IMAGE=${OPERATOR_IMAGE}" >> $GITHUB_ENV 145 | echo "RHEL_IMAGE=${RHEL_IMAGE}" >> $GITHUB_ENV 146 | echo "RHEL_BUNDLE_IMAGE=${RHEL_BUNDLE_IMAGE}" >> $GITHUB_ENV 147 | 148 | /operator-sdk init --plugins=helm --domain='' 149 | /operator-sdk create api version=v1alpha1 --group=hazelcast.com --crd-version=v1 --kind=${KIND} --helm-chart=$(pwd)/${NAME} 150 | 151 | cat >> watches.yaml <> Dockerfile <> ./bundle.Dockerfile < new_image_block 83 | {{- if and (.Values.image.repository ) (.Values.image.tag) }} 84 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 85 | {{- else }} 86 | image: "{{ .Values.image.image }}" 87 | {{- end }} 88 | EOF 89 | sed -i '/image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"/d' ${NAME}/templates/statefulset.yaml 2>/dev/null 90 | sed -i '/- name: {{ template "hazelcast.fullname" . }}/r new_image_block' ${NAME}/templates/statefulset.yaml 2>/dev/null 91 | rm new_image_block 92 | cat <<'EOF' > new_mc_image_block 93 | {{- if and (.Values.mancenter.image.repository ) (.Values.mancenter.image.tag) }} 94 | image: "{{ .Values.mancenter.image.repository }}:{{ .Values.mancenter.image.tag }}" 95 | {{- else }} 96 | image: "{{ .Values.mancenter.image.image }}" 97 | {{- end }} 98 | EOF 99 | sed -i '/image: "{{ .Values.mancenter.image.repository }}:{{ .Values.mancenter.image.tag }}"/d' ${NAME}/templates/mancenter-statefulset.yaml 2>/dev/null 100 | sed -i '/- name: {{ template "mancenter.fullname" . }}/r new_mc_image_block' ${NAME}/templates/mancenter-statefulset.yaml 2>/dev/null 101 | rm new_mc_image_block 102 | 103 | HZ_REPO=$(grep -oE "repository:(\s+\S+|\S+)" ${NAME}/values.yaml | awk '{print $2}' | head -n1 | sed 's/"//g') 104 | HZ_TAG=$(grep -oE "tag:(\s+\S+|\S+)" ${NAME}/values.yaml | awk '{print $2}' | head -n1 | sed 's/"//g') 105 | MC_REPO=$(grep -oE "repository:(\s+\S+|\S+)" ${NAME}/values.yaml | awk '{print $2}' | tail -n1 | sed 's/"//g') 106 | MC_TAG=$(grep -oE "tag:(\s+\S+|\S+)" ${NAME}/values.yaml | awk '{print $2}' | tail -n1 | sed 's/"//g') 107 | 108 | linesArray=($(sed -n "/repository: .*/=" ${NAME}/values.yaml)) 109 | sed -i "${linesArray[0]}s|repository: .*|image: ${HZ_REPO}:${HZ_TAG}|" ${NAME}/values.yaml 110 | sed -i "${linesArray[1]}s|repository: .*|image: ${MC_REPO}:${MC_TAG}|" ${NAME}/values.yaml 111 | sed -i '/tag: .*/d' ${NAME}/values.yaml 112 | 113 | #FOR UPLOADING ARTIFACT 114 | cp -r ./${NAME} ./artifact-helm-charts 115 | 116 | - name: Upload updated Helm-Charts 117 | uses: actions/upload-artifact@v2 118 | with: 119 | name: updated-helm-charts 120 | path: ./WORKDIR/artifact-helm-charts 121 | 122 | - name: Set KIND and OPERATOR_YAML_NAME as environment variables 123 | run: | 124 | if [ "${NAME}" = "hazelcast" ]; then 125 | KIND=Hazelcast 126 | OPERATOR_YAML_NAME=operator 127 | elif [ "${NAME}" = "hazelcast-enterprise" ]; then 128 | KIND=HazelcastEnterprise 129 | OPERATOR_YAML_NAME=operator-docker-hub 130 | else 131 | echo "Wrong input type for name, it can be 'hazelcast' or 'hazelcast-enterprise'" 132 | exit 1 133 | fi 134 | 135 | echo "KIND=${KIND}" >> $GITHUB_ENV 136 | echo "OPERATOR_YAML_NAME=${OPERATOR_YAML_NAME}" >> $GITHUB_ENV 137 | 138 | - name: Generate Operator and Operator image 139 | working-directory: ./WORKDIR 140 | run: | 141 | OPERATOR_NAME="${NAME}-operator" 142 | OPERATOR_REPOSITORY="hazelcast/${OPERATOR_NAME}" 143 | OPERATOR_IMAGE="${OPERATOR_REPOSITORY}:${OPERATOR_VERSION}" 144 | 145 | echo "OPERATOR_NAME=${OPERATOR_NAME}" >> $GITHUB_ENV 146 | echo "OPERATOR_REPOSITORY=${OPERATOR_REPOSITORY}" >> $GITHUB_ENV 147 | echo "OPERATOR_IMAGE=${OPERATOR_IMAGE}" >> $GITHUB_ENV 148 | 149 | /operator-sdk init --plugins=helm --domain='' 150 | /operator-sdk create api version=v1alpha1 --group=hazelcast.com --crd-version=v1 --kind=${KIND} --helm-chart=$(pwd)/${NAME} 151 | 152 | cat >> watches.yaml </key: ${LICENSE_KEY}/g" ./secret.yaml 204 | kubectl apply -f secret.yaml 205 | fi 206 | 207 | kubectl apply -f hazelcast.yaml 208 | 209 | - name: Print log of the Hazelcast-Operator 210 | run: | 211 | kubectl logs -l app.kubernetes.io/name=${OPERATOR_NAME} 212 | 213 | - name: Validate cluster size 214 | run: | 215 | HZ_NAME=$(grep -m 1 -Po "name: \K.+" ./${OPERATOR_NAME}/hazelcast.yaml) 216 | CLUSTER_SIZE=3 217 | 218 | source ./operator-repo/.github/scripts/cluster-verification.sh 219 | 220 | wait_for_last_member_initialization $CLUSTER_SIZE 221 | 222 | verify_cluster_size $CLUSTER_SIZE 223 | 224 | kubectl wait --for=condition=Ready --timeout=120s pod ${HZ_NAME}-${NAME}-mancenter-0 225 | 226 | verify_management_center $CLUSTER_SIZE 227 | 228 | - name: Copy Operatorhub bundle from the repo 229 | run: | 230 | cp -r ./operator-repo/.github/operator-release-files/operatorhub-bundle ./ 231 | 232 | - name: Build Operatorhub bundle 233 | working-directory: . 234 | run: | 235 | mkdir operatorhub-bundle-output 236 | mkdir operatorhub-bundle-output/${OPERATOR_VERSION} 237 | 238 | cp operatorhub-bundle/${OPERATOR_NAME}.vOPERATOR_VERSION.clusterserviceversion.yaml operatorhub-bundle-output/${OPERATOR_VERSION}/${OPERATOR_NAME}.v${OPERATOR_VERSION}.clusterserviceversion.yaml 239 | cp operatorhub-bundle/${OPERATOR_NAME}.package-template.yaml operatorhub-bundle-output/${OPERATOR_NAME}.package.yaml 240 | 241 | CRD_NAME="${NAME//-}s" 242 | cp operatorhub-bundle/${CRD_NAME}.hazelcast.com.crd.yaml operatorhub-bundle-output/${OPERATOR_VERSION}/${CRD_NAME}.hazelcast.com.crd.yaml 243 | 244 | cd operatorhub-bundle-output/${OPERATOR_VERSION} 245 | sed -i "s/PREVIOUS_OPERATOR_VERSION/${PREVIOUS_OPERATOR_VERSION}/g" ${OPERATOR_NAME}.v${OPERATOR_VERSION}.clusterserviceversion.yaml 246 | sed -i "s/OPERATOR_VERSION/${OPERATOR_VERSION}/g" ${OPERATOR_NAME}.v${OPERATOR_VERSION}.clusterserviceversion.yaml 247 | sed -i "s/HAZELCAST_IMAGE_VERSION/${HAZELCAST_VERSION}/g" ${OPERATOR_NAME}.v${OPERATOR_VERSION}.clusterserviceversion.yaml 248 | sed -i "s/MANCENTER_IMAGE_VERSION/${MANCENTER_VERSION}/g" ${OPERATOR_NAME}.v${OPERATOR_VERSION}.clusterserviceversion.yaml 249 | sed -i "s/RELEASE_DATE/${RELEASE_DATE}/g" ${OPERATOR_NAME}.v${OPERATOR_VERSION}.clusterserviceversion.yaml 250 | 251 | cd .. 252 | sed -i "s/OPERATOR_VERSION/${OPERATOR_VERSION}/g" ${OPERATOR_NAME}.package.yaml 253 | 254 | - name: Upload Operatorhub bundle 255 | uses: actions/upload-artifact@v2 256 | with: 257 | name: operatorhub-bundle 258 | path: ./operatorhub-bundle-output 259 | 260 | - name: Push Hazelcast-Operator to Dockerhub 261 | run: | 262 | docker login -u ${DOCKERHUB_USERNAME} -p ${DOCKERHUB_PASSWORD} 263 | docker push ${OPERATOR_IMAGE} 264 | 265 | - name: Update Hazelcast versions in the repo Hazelcast-Operator 266 | working-directory: ./operator-repo 267 | run: | 268 | sed -i "0,/tag: .*/s//tag: \"${HAZELCAST_VERSION}\"/" ./${OPERATOR_NAME}/hazelcast.yaml 269 | sed -i "0,/tag: /! s/tag: .*/tag: \"${MANCENTER_VERSION}\"/" ./${OPERATOR_NAME}/hazelcast.yaml 270 | 271 | sed -i "0,/tag: .*/s//tag: \"${HAZELCAST_VERSION}\"/" ./${OPERATOR_NAME}/hazelcast-full.yaml 272 | sed -i "0,/tag: /! s/tag: .*/tag: \"${MANCENTER_VERSION}\"/" ./${OPERATOR_NAME}/hazelcast-full.yaml 273 | 274 | sed -i "s/productVersion: .*/productVersion: ${OPERATOR_VERSION}/g" ./${OPERATOR_NAME}/bundle.yaml 275 | sed -i "s|image: hazelcast/${OPERATOR_NAME}:.*|image: hazelcast/${OPERATOR_NAME}:${OPERATOR_VERSION}|g" ./${OPERATOR_NAME}/bundle.yaml 276 | 277 | sed -i "s|hazelcast/${NAME}:.*|hazelcast/${NAME}:${HAZELCAST_VERSION}|" ./${OPERATOR_NAME}/bundle.yaml 278 | sed -i "s|hazelcast/management-center:.*|hazelcast/management-center:${MANCENTER_VERSION}|" ./${OPERATOR_NAME}/bundle.yaml 279 | 280 | sed -i "s/productVersion: .*/productVersion: ${OPERATOR_VERSION}/g" ./${OPERATOR_NAME}/${OPERATOR_YAML_NAME}.yaml 281 | sed -i "s|image: hazelcast/${OPERATOR_NAME}:.*|image: hazelcast/${OPERATOR_NAME}:${OPERATOR_VERSION}|g" ./${OPERATOR_NAME}/${OPERATOR_YAML_NAME}.yaml 282 | 283 | sed -i "s|hazelcast/${NAME}:.*|hazelcast/${NAME}:${HAZELCAST_VERSION}|" ./${OPERATOR_NAME}/${OPERATOR_YAML_NAME}.yaml 284 | sed -i "s|hazelcast/management-center:.*|hazelcast/management-center:${MANCENTER_VERSION}|" ./${OPERATOR_NAME}/${OPERATOR_YAML_NAME}.yaml 285 | 286 | - name: Commit changes done to Hazelcast-Operator 287 | working-directory: ./operator-repo 288 | run: | 289 | git config --global user.name 'devOpsHelm' 290 | git config --global user.email 'devopshelm@hazelcast.com' 291 | 292 | git checkout -b ${OPERATOR_NAME}-file-updates-${{ github.run_id }} 293 | 294 | git commit --signoff -am "${OPERATOR_NAME} is updated to version: ${OPERATOR_VERSION}. New image is released on Docker-Hub." 295 | 296 | git push -u origin ${OPERATOR_NAME}-file-updates-${{ github.run_id }} 297 | 298 | - name: Create a PR for changes in Hazelcast-Operator 299 | working-directory: ./operator-repo 300 | run: | 301 | echo ${{ github.token }} | gh auth login --with-token 302 | 303 | gh pr create \ 304 | --title "Update image tags after release of ${OPERATOR_IMAGE}" \ 305 | --body "Released ${OPERATOR_IMAGE} on Docker-Hub. This PR updates the image tags to new ones. " 306 | 307 | - name: Checkout to devOpsHelm/community-operators 308 | uses: actions/checkout@v2 309 | with: 310 | repository: devOpsHelm/community-operators 311 | path: community-operators 312 | token: ${{ secrets.DEVOPS_GITHUB_TOKEN }} 313 | 314 | - name: Update main branch of the fork 315 | working-directory: community-operators 316 | run: | 317 | git checkout main 318 | 319 | git remote add upstream https://github.com/k8s-operatorhub/community-operators.git 320 | 321 | git pull upstream main 322 | 323 | git push origin main 324 | 325 | - name: Create a PR for Operatorhub-bundle, k8s-operatorhub 326 | working-directory: community-operators 327 | run: | 328 | export REPO_OWNER=k8s-operatorhub 329 | export REPO_NAME=community-operators 330 | 331 | git checkout -b ${OPERATOR_NAME}-${OPERATOR_VERSION}-${{ github.run_id }} 332 | 333 | cp -r ../operatorhub-bundle-output/* ./operators/${OPERATOR_NAME}/ 334 | 335 | git add ./operators/${OPERATOR_NAME} 336 | 337 | git commit --signoff -m "Update ${OPERATOR_NAME} to ${OPERATOR_VERSION}" 338 | 339 | git push -u origin ${OPERATOR_NAME}-${OPERATOR_VERSION}-${{ github.run_id }} 340 | 341 | echo ${{ secrets.DEVOPS_GITHUB_TOKEN }} | gh auth login --with-token 342 | 343 | ../operator-repo/.github/scripts/expect.sh 344 | 345 | - name: Checkout to devOpsHelm/community-operators-prod 346 | uses: actions/checkout@v2 347 | with: 348 | repository: devOpsHelm/community-operators-prod 349 | path: community-operators-prod 350 | token: ${{ secrets.DEVOPS_GITHUB_TOKEN }} 351 | 352 | - name: Update main branch of the fork 353 | working-directory: community-operators-prod 354 | run: | 355 | git checkout main 356 | 357 | git remote add upstream https://github.com/redhat-openshift-ecosystem/community-operators-prod.git 358 | 359 | git pull upstream main 360 | 361 | git push origin main 362 | 363 | - name: Create a PR for Operatorhub-bundle, redhat-openshift-ecosystem 364 | if: env.NAME == 'hazelcast' 365 | working-directory: community-operators-prod 366 | run: | 367 | export REPO_OWNER=redhat-openshift-ecosystem 368 | export REPO_NAME=community-operators-prod 369 | 370 | git checkout -b ${OPERATOR_NAME}-${OPERATOR_VERSION}-${{ github.run_id }} 371 | 372 | cp -r ../operatorhub-bundle-output/* ./operators/${OPERATOR_NAME}/ 373 | 374 | git add ./operators/${OPERATOR_NAME} 375 | 376 | git commit --signoff -m "Update ${OPERATOR_NAME} to ${OPERATOR_VERSION}" 377 | 378 | git push -u origin ${OPERATOR_NAME}-${OPERATOR_VERSION}-${{ github.run_id }} 379 | 380 | echo ${{ secrets.DEVOPS_GITHUB_TOKEN }} | gh auth login --with-token 381 | 382 | ../operator-repo/.github/scripts/expect.sh 383 | 384 | slack_notify: 385 | name: Slack Notify 386 | needs: build_publish 387 | runs-on: ubuntu-latest 388 | if: always() 389 | steps: 390 | - uses: 8398a7/action-slack@f3635935f58910a6d6951b73efe9037c960c8c04 391 | if: needs.build_publish.result != 'success' 392 | with: 393 | fields: repo,commit,author,action,eventName,workflow 394 | status: ${{ needs.build_publish.result }} 395 | channel: "#github-actions-log" 396 | env: 397 | SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} 398 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | *** 2 | > :warning: **REMARK:** 3 | > 4 | > This project is deprecated, new project Hazelcast Platform Operator can be found [here](https://github.com/hazelcast/hazelcast-platform-operator). 5 | > 6 | *** 7 | 8 | # Hazelcast Operator 9 | 10 | Hazelcast and Hazelcast Enterprise are packaged with Operator Framework, which simplifies deployment on OpenShift and Kubernetes. 11 | 12 | See corresponding READMEs from below for each operator for step-by-step installation. 13 | 14 | - [Hazelcast Operator](hazelcast-operator/README.md) 15 | - [Hazelcast Enterprise Operator](hazelcast-enterprise-operator/README.md) 16 | -------------------------------------------------------------------------------- /hazelcast-enterprise-operator/README.md: -------------------------------------------------------------------------------- 1 | # Hazelcast Enterprise Operator 2 | 3 | This is a step-by-step guide how to deploy Hazelcast Enterprise cluster (together with Management Center) on your OpenShift or Kubernetes cluster. 4 | 5 | ## Prerequisites 6 | 7 | You must have one of the followings: 8 | * OpenShift cluster (with admin rights) and the `oc` command configured (you may use [Minishift](https://github.com/minishift/minishift)) 9 | * Kubernetes cluster (with admin rights) and the `kubectl` command configured (you may use [Minikube](https://kubernetes.io/docs/getting-started-guides/minikube/)) 10 | 11 | Versions compatibility: 12 | * hazelcast-enterprise-operator 0.2+ is compatible with hazelcast 4+ 13 | * for older hazelcast versions, use hazelcast-enterprise-operator 0.1.x 14 | 15 | ## Security Context Constraints (SCC) Requirements 16 | 17 | Hazelcast uses Redhat shipped `restricted` SCC which : 18 | 19 | - Ensures that pods cannot run as privileged. 20 | - Ensures that pods cannot mount host directory volumes. 21 | - Requires that a pod run as a user in a pre-allocated range of UIDs. 22 | - Requires that a pod run with a pre-allocated MCS label. 23 | - Allows pods to use any FSGroup. 24 | - Allows pods to use any supplemental group. 25 | 26 | You can refer to [Openshift Documentation](https://docs.openshift.com/) for more details. 27 | 28 | ## OpenShift Deployment steps 29 | 30 | Below are the steps to start a Hazelcast Enterprise cluster using Operator Framework. Note that the first 4 steps are usually performed only once for the OpenShift cluster/project (usually by the cluster admin). The step 5 is performed each time you want to create a new Hazelcast cluster. 31 | 32 | Note: You need to clone this repository before following the next steps. 33 | 34 | git clone https://github.com/hazelcast/hazelcast-operator.git 35 | cd hazelcast-operator/hazelcast-enterprise-operator 36 | 37 | Note: By default the communication is not secured. To enable SSL, read the [Configuring SSL](#configuring-ssl) section. 38 | 39 | #### Step 0: Create project 40 | 41 | To create a new project, run the following command. 42 | 43 | oc new-project hazelcast-operator 44 | 45 | #### Step 1: Deploy Hazelcast Operator 46 | 47 | Run the following command to configure the Hazelcast operator permissions, it will also deploy the operator. 48 | 49 | oc apply -f bundle-rhel.yaml 50 | 51 | Note that if you prefer Docker Hub images, you can use `bundle.yaml` instead. 52 | 53 | 54 | #### Step 2: Create RBAC 55 | 56 | Run the following command to configure the Hazelcast cluster permissions. 57 | 58 | oc apply -f hazelcast-rbac.yaml 59 | 60 | 61 | #### Step 3: Create Secret with Hazelcast License Key 62 | 63 | Use base64 to encode your Hazelcast License Key. If you don't have one, get a trial key from this [link](https://hazelcast.com/hazelcast-enterprise-download/trial/). 64 | 65 | $ echo -n "" | base64 66 | VU5MSU1JVEVEX0xJQ0VOU0UjOTlOb2RlcyMxMjM0NTY3ODlhYmNkZWZnaGlqa2xtbm9wcnN0d3kxMjM0NTY3ODkxMjM0NTY3ODkxMTExMTExMTExMTE= 67 | 68 | Insert this value into `secret.yaml`, replace ``. Then, create the secret. 69 | 70 | oc apply -f secret.yaml 71 | 72 | #### Step 4: Start Hazelcast 73 | 74 | Start Hazelcast cluster with the following command. 75 | 76 | oc apply -f hazelcast.yaml 77 | 78 | Your Hazelcast Enterprise cluster (together with Management Center) should be created. 79 | 80 | $ oc get pods 81 | NAME READY STATUS RESTARTS AGE 82 | hazelcast-enterprise-operator-7965b9d785-wst5k 1/1 Running 0 2m39s 83 | hz-hazelcast-enterprise-0 1/1 Running 0 2m6s 84 | hz-hazelcast-enterprise-1 1/1 Running 0 86s 85 | hz-hazelcast-enterprise-2 1/1 Running 0 44s 86 | hz-hazelcast-enterprise-mancenter-0 1/1 Running 0 2m6s 87 | 88 | 89 | **Note**: In `hazelcast.yaml` you can specify all parameters available in the [Hazelcast Enterprise Helm Chart](https://github.com/hazelcast/charts/tree/master/stable/hazelcast-enterprise). 90 | 91 | **Note** also that you cannot create multiple Hazelcast clusters with the same name. 92 | 93 | To connect to Management Center, you can use `EXTERNAL-IP` and open your browser at: `http://:8080/hazelcast-mancenter`. If your OpenShift environment does not have Load Balancer configured, then you can create a route to Management Center with `oc expose`. 94 | 95 | ![Management Center](../markdown/management-center.png) 96 | 97 | ## RedHat Marketplace Quick Start Guide 98 | 99 | ### Step 1: Prequisities 100 | 101 | You must have the following to install Hazelcast Enterprise IMDG on your Red Hat OpenShift cluster or Trial cluster: 102 | 103 | - [OpenShift CLI](https://docs.openshift.com/container-platform/4.7/cli_reference/openshift_cli/getting-started-cli.html) 104 | - Project/Namespace to deploy your Hazelcast cluster. 105 | 106 | $ oc new-project 107 | 108 | ### Step 2: Operator Installation from RedHat Marketplace 109 | 110 | 1. For information on registering your cluster and creating a project/namespace, see [Red Hat Marketplace Docs](https://marketplace.redhat.com/en-us/documentation/clusters). This must be done prior to operator install. 111 | 2. On the main menu, click **Workspace > My Software > Hazelcast IMDG Product > Install Operator**. 112 | 3. On the **Update Channel** section, select an option. 113 | 4. On the **Approval Strategy** section, select either **Automatic or Manual**. The approval strategy corresponds to how you want to process operator upgrades. 114 | 5. On the **Target Cluster** section: 115 | - Click the checkbox next to the clusters where you want to install the Operator. 116 | - For each cluster you selected, under **Namespace Scope**, on the **Select Scope** list, select an option. 117 | 6. Click **Install**. It may take several minutes for installation to complete. 118 | 7. Once installation is complete, the status will change from **Installing** to **Up to date**. 119 | 8. For further information, see the [Red Hat Marketplace Operator documentation](https://marketplace.redhat.com/en-us/documentation/operators). 120 | 121 | 122 | ### Step 3: Verification of Hazelcast Operator installation 123 | 124 | 1. Once status changes to Up to date, click the vertical ellipses and select Cluster Console. 125 | 2. Open the cluster where you installed the product 126 | 3. Go to **Operators > Installed Operators** 127 | 4. Select the **Namespace** or **Project** you installed on 128 | 5. Verify status for product is **Succeeded** 129 | 130 | ### Step 4: Hazelcast Enterprise Cluster and Management Center installation 131 | 132 | 1. Run the following command to configure the Hazelcast cluster permissions. 133 | 134 | $ oc apply -f https://raw.githubusercontent.com/hazelcast/hazelcast-operator/master/hazelcast-enterprise-operator/hazelcast-rbac.yaml 135 | 136 | 2. Hazelcast Enterprise license key. If you don't have one, get a trial key from this [link](https://hazelcast.com/get-started/#hazelcast-imdg/). Add a Secret within the Project that contains the Hazelcast License Key: 137 | 138 | $ oc create secret generic hz-license-key-secret --from-literal=key=LICENSE-KEY-HERE 139 | 140 | 3. Create Hazelcast Enterprise custom resource YAML file with minimal config: 141 | 142 | apiVersion: hazelcast.com/v1alpha1 143 | kind: HazelcastEnterprise 144 | metadata: 145 | name: hz 146 | namespace: 147 | spec: 148 | hazelcast: 149 | licenseKeySecretName: hz-license-key-secret 150 | securityContext: 151 | runAsUser: '' 152 | runAsGroup: '' 153 | fsGroup: '' 154 | 155 | 156 | If you want modify Hazelcast Enterprise IMDG configuration, you can check all configuration options in [hazelcast-full.yaml](https://github.com/hazelcast/hazelcast-operator/blob/master/hazelcast-enterprise-operator/hazelcast-full.yaml). Description of all parameters can be found [here](https://github.com/hazelcast/charts/tree/master/stable/hazelcast-enterprise#configuration). 157 | 158 | 4. Start Hazelcast Enterprise IMDG cluster and Management Center with the following command: 159 | 160 | $ oc apply -f < minimal config yaml > 161 | 162 | 5. Check the last status of your Hazelcast Enterprise IMDG cluster and Management Center: 163 | 164 | $ oc get pods 165 | NAME READY STATUS RESTARTS AGE 166 | hazelcast-enterprise-operator-7965b9d785-wst5k 1/1 Running 0 2m39s 167 | hz-hazelcast-enterprise-0 1/1 Running 0 2m6s 168 | hz-hazelcast-enterprise-1 1/1 Running 0 86s 169 | hz-hazelcast-enterprise-2 1/1 Running 0 44s 170 | hz-hazelcast-enterprise-mancenter-0 1/1 Running 0 2m6s 171 | 172 | 6. To connect to Management Center dashboard, you can use `EXTERNAL-IP` and open your browser at: `http://:8080`. 173 | 174 | $ oc get services 175 | NAME TYPE EXTERNAL-IP 176 | ... 177 | hz-hazelcast-enterprise-mancenter LoadBalancer ...eu-west-3.elb.amazonaws.com 178 | 179 | ![Management Center](../markdown/management-center.png) 180 | 181 | If your OpenShift environment does not have Load Balancer configured, then you can create a route to Management Center with `oc expose`: 182 | 183 | $ oc expose svc/hz-hazelcast-enterprise-mancenter 184 | 185 | Then you can reach its dashboard via route URL. 186 | 187 | 188 | ## Kubernetes Deployment steps 189 | 190 | Below are the steps to start a Hazelcast Enterprise cluster using Operator Framework. Note that the first 4 steps are usually performed only once for the Kubernetes cluster (by the cluster admin). The step 5 is performed each time you want to create a new Hazelcast cluster. 191 | 192 | Note: You need to clone this repository before following the next steps. 193 | 194 | git clone https://github.com/hazelcast/hazelcast-operator.git 195 | cd hazelcast-operator/hazelcast-enterprise-operator 196 | 197 | #### Step 1: Deploy Hazelcast Operator 198 | 199 | Deploy Hazelcast Operator with the following command. 200 | 201 | kubectl --validate=false apply -f bundle.yaml 202 | 203 | #### Step 2: Create RBAC 204 | 205 | Run the following commands to configure the Hazelcast cluster permissions. 206 | 207 | kubectl apply -f hazelcast-rbac.yaml 208 | 209 | #### Step 3: Create Secret with Hazelcast License Key 210 | 211 | Use base64 to encode your Hazelcast License Key. If you don't have one, get a trial key from this [link](https://hazelcast.com/hazelcast-enterprise-download/trial/). 212 | 213 | $ echo -n "" | base64 214 | VU5MSU1JVEVEX0xJQ0VOU0UjOTlOb2RlcyMxMjM0NTY3ODlhYmNkZWZnaGlqa2xtbm9wcnN0d3kxMjM0NTY3ODkxMjM0NTY3ODkxMTExMTExMTExMTE= 215 | 216 | Insert this value into `secret.yaml`, replace ``. Then, create the secret. 217 | 218 | kubectl apply -f secret.yaml 219 | 220 | #### Step 4: Start Hazelcast 221 | 222 | Before starting the cluster, you need to remove the `securityContext` part from `hazelcast.yaml`. 223 | 224 | 225 | ``` 226 | securityContext: 227 | runAsUser: "" 228 | runAsGroup: "" 229 | fsGroup: "" 230 | ``` 231 | 232 | After deletion, you can start the Hazelcast cluster with the following command. 233 | 234 | kubectl apply -f hazelcast.yaml 235 | 236 | Your Hazelcast Enterprise cluster (together with Management Center) should be created. 237 | 238 | $ kubectl get pods 239 | NAME READY STATUS RESTARTS AGE 240 | pod/hazelcast-enterprise-operator-79468c667-lz96b 1/1 Running 0 6m 241 | pod/hz-hazelcast-enterprise-0 1/1 Running 0 3m 242 | pod/hz-hazelcast-enterprise-1 1/1 Running 0 2m 243 | pod/hz-hazelcast-enterprise-2 1/1 Running 0 1m 244 | pod/hz-hazelcast-enterprise-mancenter-0 1/1 Running 0 1m 245 | 246 | **Note**: In `hazelcast.yaml` you can specify all parameters available in the [Hazelcast Enterprise Helm Chart](https://github.com/hazelcast/charts/tree/master/stable/hazelcast-enterprise). 247 | 248 | **Note** also that you cannot create multiple Hazelcast clusters with the same name. 249 | 250 | To connect to Management Center, you can use `EXTERNAL-IP` and open your browser at: `http://:8080/hazelcast-mancenter`. If your Kubernetes environment does not have Load Balancer configured, then please use `NodePort` or `Ingress`. 251 | 252 | ![Management Center](../markdown/management-center.png) 253 | 254 | ## Configuration 255 | 256 | You may want to modify the behavior of the Hazelcast Enterprise Operator. 257 | 258 | #### Changing Hazelcast and Management Center version 259 | 260 | If you want to modify the Hazelcast or Management Center version, update `RELATED_IMAGE_HAZELCAST` and `RELATED_IMAGE_MANCENTER` environment variables in `operator-rhel.yaml` (or `operator-docker-hub.yaml`). 261 | 262 | #### Configuring Hazelcast Cluster 263 | 264 | You can check all configuration options in [hazelcast-full.yaml](https://github.com/hazelcast/hazelcast-operator/blob/master/hazelcast-enterprise-operator/hazelcast-full.yaml). Description of all parameters can be found [here](https://github.com/hazelcast/charts/tree/master/stable/hazelcast-enterprise#configuration). 265 | 266 | #### Configuring SSL 267 | 268 | By default the communication is not secured. To enable SSL-protected communication between members and clients, you need first to provide the keys and certificates as a secret. 269 | 270 | For example, if you use keystore/truststore, then you can import them with the following OpenShift command. 271 | 272 | $ oc create secret generic keystore --from-file=./keystore --from-file=./truststore 273 | 274 | The same command for Kubernetes looks as follows. 275 | 276 | $ kubectl create secret generic keystore --from-file=./keystore --from-file=./truststore 277 | 278 | Then, since Kubernetes liveness/readiness probes cannot use SSL, we need to prepare Hazelcast configuration with a separate non-secured port opened for health checks. Create a file `hazelcast.yaml`. 279 | 280 | ```yaml 281 | hazelcast: 282 | advanced-network: 283 | enabled: true 284 | join: 285 | kubernetes: 286 | enabled: true 287 | service-name: ${serviceName} 288 | service-port: 5702 289 | namespace: ${namespace} 290 | member-server-socket-endpoint-config: 291 | port: 292 | port: 5702 293 | ssl: 294 | enabled: true 295 | client-server-socket-endpoint-config: 296 | port: 297 | port: 5701 298 | ssl: 299 | enabled: true 300 | rest-server-socket-endpoint-config: 301 | port: 302 | port: 5703 303 | endpoint-groups: 304 | HEALTH_CHECK: 305 | enabled: true 306 | ``` 307 | 308 | Then, add this configuration as a ConfigMap. 309 | 310 | $ oc create configmap hazelcast-configuration --from-file=hazelcast.yaml 311 | 312 | Or in case of Kubernetes, use the following command. 313 | 314 | $ kubectl create configmap hazelcast-configuration --from-file=hazelcast.yaml 315 | 316 | Then, use the following Hazelcast configuration. 317 | 318 | ```yaml 319 | apiVersion: hazelcast.com/v1alpha1 320 | kind: HazelcastEnterprise 321 | metadata: 322 | name: hz 323 | spec: 324 | ... 325 | secretsMountName: keystore 326 | hazelcast: 327 | licenseKeySecretName: hz-license-key 328 | javaOpts: '-Djavax.net.ssl.keyStore=/data/secrets/keystore -Djavax.net.ssl.keyStorePassword=123456 -Djavax.net.ssl.trustStore=/data/secrets/truststore -Djavax.net.ssl.trustStorePassword=123456' 329 | existingConfigMap: hazelcast-configuration 330 | livenessProbe: 331 | port: 5703 332 | readinessProbe: 333 | port: 5703 334 | mancenter: 335 | secretsMountName: keystore 336 | yaml: 337 | hazelcast-client: 338 | network: 339 | ssl: 340 | enabled: true 341 | javaOpts: '-Djavax.net.ssl.keyStore=/secrets/keystore -Djavax.net.ssl.keyStorePassword=123456 -Djavax.net.ssl.trustStore=/secrets/truststore -Djavax.net.ssl.trustStorePassword=123456' 342 | ``` 343 | 344 | For more information on Hazelcast Security check the following resources: 345 | 346 | * [Hazelcast Kubernetes SSL Guide](https://guides.hazelcast.org/kubernetes-ssl/) 347 | * [Hazelcast Reference Manual - Security](https://docs.hazelcast.com/imdg/latest/security/security.html) 348 | * [Management Center Reference Manual - Security](https://docs.hazelcast.org/docs/management-center/latest/manual/html/index.html#configuring-and-enabling-security) 349 | 350 | ## Troubleshooting 351 | 352 | Kubernetes/OpenShift clusters are deployed in many different ways and you may encounter some of the following issues in some environments. 353 | 354 | #### Invalid value: must be no more than 63 characters 355 | 356 | In the sample `hazelcast.yaml`, the name of the Hazelcast cluster is `hz`. If you make this value longer, you may encounter the following error. 357 | 358 | oc describe statefulset.apps/my-hazelcast-2esqhajupdg5002uqwgoc8jnj-hazelcast-enterprise 359 | 360 | .......Invalid value: "my-hazelcast-2esqhajupdg5002uqwgoc8jnj-hazelcast-enterprise-74cf94b5": must be no more than 63 characters 361 | 362 | This is the issue of the Operator itself, so there is not better solution for now than giving your cluster a short name. 363 | 364 | #### WriteNotAllowedException in Management Center 365 | 366 | Some of the OpenShift environments may have the restriction on the User ID used in volume mounts, which may cause the following exception in Management Center. 367 | 368 | Caused by: com.hazelcast.webmonitor.service.exception.WriteNotAllowedException: WARNING: /data can not be created. Either make it writable, or set "hazelcast.mancenter. 369 | home" system property to a writable directory and restart. 370 | at com.hazelcast.webmonitor.service.HomeDirectoryProviderImpl.constructDirectory(HomeDirectoryProviderImpl.java:63) 371 | at com.hazelcast.webmonitor.service.HomeDirectoryProviderImpl.(HomeDirectoryProviderImpl.java:25) 372 | at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) 373 | at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) 374 | at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) 375 | at java.lang.reflect.Constructor.newInstance(Constructor.java:423) 376 | at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:142) 377 | ... 66 common frames omitted 378 | 379 | In such case, please update your `hazelcast.yaml` with the valid `runAsUser` and `fsGroup` values. 380 | 381 | apiVersion: hazelcast.com/v1alpha1 382 | kind: HazelcastEnterprise 383 | metadata: 384 | name: hz 385 | spec: 386 | ... 387 | securityContext: 388 | runAsUser: 1000160000 389 | fsGroup: 1000160000 390 | 391 | Note: You can find the UID range for your project with the following command `oc describe project | grep openshift.io/sa.scc.uid-range`. 392 | -------------------------------------------------------------------------------- /hazelcast-enterprise-operator/bundle-rhel.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: hazelcastenterprises.hazelcast.com 6 | spec: 7 | group: hazelcast.com 8 | names: 9 | kind: HazelcastEnterprise 10 | listKind: HazelcastEnterpriseList 11 | plural: hazelcastenterprises 12 | singular: hazelcastenterprise 13 | scope: Namespaced 14 | versions: 15 | - name: v1alpha1 16 | served: true 17 | storage: true 18 | schema: 19 | openAPIV3Schema: 20 | type: object 21 | x-kubernetes-preserve-unknown-fields: true 22 | subresources: 23 | status: {} 24 | 25 | --- 26 | apiVersion: v1 27 | kind: ServiceAccount 28 | metadata: 29 | name: hazelcast-enterprise-operator 30 | labels: 31 | app.kubernetes.io/name: hazelcast-enterprise-operator 32 | app.kubernetes.io/instance: hazelcast-enterprise-operator 33 | app.kubernetes.io/managed-by: hazelcast-enterprise-operator 34 | 35 | --- 36 | apiVersion: rbac.authorization.k8s.io/v1 37 | kind: ClusterRole 38 | metadata: 39 | name: hazelcast-enterprise-operator 40 | labels: 41 | app.kubernetes.io/name: hazelcast-enterprise-operator 42 | app.kubernetes.io/instance: hazelcast-enterprise-operator 43 | app.kubernetes.io/managed-by: hazelcast-enterprise-operator 44 | rules: 45 | - apiGroups: 46 | - "" 47 | resources: 48 | - pods 49 | - services 50 | - endpoints 51 | - persistentvolumeclaims 52 | - events 53 | - configmaps 54 | - secrets 55 | verbs: 56 | - "*" 57 | - apiGroups: 58 | - "" 59 | - "networking.k8s.io" 60 | resources: 61 | - ingresses 62 | verbs: 63 | - "*" 64 | - apiGroups: 65 | - "" 66 | resources: 67 | - namespaces 68 | verbs: 69 | - get 70 | - apiGroups: 71 | - "" 72 | resources: 73 | - serviceaccounts 74 | verbs: 75 | - get 76 | - create 77 | - list 78 | - update 79 | - delete 80 | - apiGroups: 81 | - rbac.authorization.k8s.io 82 | resources: 83 | - roles 84 | - rolebindings 85 | verbs: 86 | - get 87 | - create 88 | - list 89 | - update 90 | - delete 91 | - apiGroups: 92 | - apps 93 | resources: 94 | - deployments 95 | - daemonsets 96 | - replicasets 97 | - statefulsets 98 | verbs: 99 | - "*" 100 | - apiGroups: 101 | - monitoring.coreos.com 102 | resources: 103 | - servicemonitors 104 | verbs: 105 | - get 106 | - create 107 | - apiGroups: 108 | - apps 109 | resourceNames: 110 | - hazelcast-enterprise-operator 111 | resources: 112 | - deployments/finalizers 113 | verbs: 114 | - update 115 | - apiGroups: 116 | - hazelcast.com 117 | resources: 118 | - "*" 119 | verbs: 120 | - "*" 121 | 122 | --- 123 | kind: RoleBinding 124 | apiVersion: rbac.authorization.k8s.io/v1 125 | metadata: 126 | name: hazelcast-enterprise-operator 127 | labels: 128 | app.kubernetes.io/name: hazelcast-enterprise-operator 129 | app.kubernetes.io/instance: hazelcast-enterprise-operator 130 | app.kubernetes.io/managed-by: hazelcast-enterprise-operator 131 | subjects: 132 | - kind: ServiceAccount 133 | name: hazelcast-enterprise-operator 134 | roleRef: 135 | kind: ClusterRole 136 | name: hazelcast-enterprise-operator 137 | apiGroup: rbac.authorization.k8s.io 138 | 139 | --- 140 | apiVersion: apps/v1 141 | kind: Deployment 142 | metadata: 143 | name: hazelcast-enterprise-operator 144 | labels: 145 | app.kubernetes.io/name: hazelcast-enterprise-operator 146 | app.kubernetes.io/instance: hazelcast-enterprise-operator 147 | app.kubernetes.io/managed-by: hazelcast-enterprise-operator 148 | spec: 149 | replicas: 1 150 | selector: 151 | matchLabels: 152 | app.kubernetes.io/name: hazelcast-enterprise-operator 153 | template: 154 | metadata: 155 | labels: 156 | app.kubernetes.io/name: hazelcast-enterprise-operator 157 | app.kubernetes.io/instance: hazelcast-enterprise-operator 158 | app.kubernetes.io/managed-by: hazelcast-enterprise-operator 159 | annotations: 160 | productID: hazelcast-enterprise-operator 161 | productName: Hazelcast Enterprise Operator 162 | productVersion: 0.3.8 163 | spec: 164 | serviceAccountName: hazelcast-enterprise-operator 165 | securityContext: 166 | capabilities: 167 | drop: 168 | - ALL 169 | affinity: 170 | nodeAffinity: 171 | requiredDuringSchedulingIgnoredDuringExecution: 172 | nodeSelectorTerms: 173 | - matchExpressions: 174 | - key: beta.kubernetes.io/arch 175 | operator: In 176 | values: 177 | - amd64 178 | containers: 179 | - name: hazelcast-enterprise-operator 180 | image: registry.connect.redhat.com/hazelcast/hazelcast-enterprise-operator:0.3.8 181 | imagePullPolicy: Always 182 | env: 183 | - name: WATCH_NAMESPACE 184 | valueFrom: 185 | fieldRef: 186 | fieldPath: metadata.namespace 187 | - name: POD_NAME 188 | valueFrom: 189 | fieldRef: 190 | fieldPath: metadata.name 191 | - name: OPERATOR_NAME 192 | value: "hazelcast-enterprise-operator" 193 | - name: RELATED_IMAGE_HAZELCAST 194 | value: registry.connect.redhat.com/hazelcast/hazelcast-enterprise-5-rhel8:5.0 195 | - name: RELATED_IMAGE_MANCENTER 196 | value: registry.connect.redhat.com/hazelcast/management-center-5-rhel8:5.0 197 | resources: 198 | limits: 199 | cpu: "0.1" 200 | memory: 512Mi 201 | requests: 202 | cpu: "0.1" 203 | memory: 256Mi 204 | -------------------------------------------------------------------------------- /hazelcast-enterprise-operator/bundle.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: hazelcastenterprises.hazelcast.com 6 | spec: 7 | group: hazelcast.com 8 | names: 9 | kind: HazelcastEnterprise 10 | listKind: HazelcastEnterpriseList 11 | plural: hazelcastenterprises 12 | singular: hazelcastenterprise 13 | scope: Namespaced 14 | versions: 15 | - name: v1alpha1 16 | served: true 17 | storage: true 18 | schema: 19 | openAPIV3Schema: 20 | type: object 21 | x-kubernetes-preserve-unknown-fields: true 22 | subresources: 23 | status: {} 24 | 25 | --- 26 | apiVersion: v1 27 | kind: ServiceAccount 28 | metadata: 29 | name: hazelcast-enterprise-operator 30 | labels: 31 | app.kubernetes.io/name: hazelcast-enterprise-operator 32 | app.kubernetes.io/instance: hazelcast-enterprise-operator 33 | app.kubernetes.io/managed-by: hazelcast-enterprise-operator 34 | 35 | --- 36 | apiVersion: rbac.authorization.k8s.io/v1 37 | kind: ClusterRole 38 | metadata: 39 | name: hazelcast-enterprise-operator 40 | labels: 41 | app.kubernetes.io/name: hazelcast-enterprise-operator 42 | app.kubernetes.io/instance: hazelcast-enterprise-operator 43 | app.kubernetes.io/managed-by: hazelcast-enterprise-operator 44 | rules: 45 | - apiGroups: 46 | - "" 47 | resources: 48 | - pods 49 | - services 50 | - endpoints 51 | - persistentvolumeclaims 52 | - events 53 | - configmaps 54 | - secrets 55 | verbs: 56 | - "*" 57 | - apiGroups: 58 | - "" 59 | - "networking.k8s.io" 60 | resources: 61 | - ingresses 62 | verbs: 63 | - "*" 64 | - apiGroups: 65 | - "" 66 | resources: 67 | - namespaces 68 | verbs: 69 | - get 70 | - apiGroups: 71 | - "" 72 | resources: 73 | - serviceaccounts 74 | verbs: 75 | - get 76 | - create 77 | - list 78 | - update 79 | - delete 80 | - apiGroups: 81 | - rbac.authorization.k8s.io 82 | resources: 83 | - roles 84 | - rolebindings 85 | verbs: 86 | - get 87 | - create 88 | - list 89 | - update 90 | - delete 91 | - apiGroups: 92 | - apps 93 | resources: 94 | - deployments 95 | - daemonsets 96 | - replicasets 97 | - statefulsets 98 | verbs: 99 | - "*" 100 | - apiGroups: 101 | - monitoring.coreos.com 102 | resources: 103 | - servicemonitors 104 | verbs: 105 | - get 106 | - create 107 | - apiGroups: 108 | - apps 109 | resourceNames: 110 | - hazelcast-enterprise-operator 111 | resources: 112 | - deployments/finalizers 113 | verbs: 114 | - update 115 | - apiGroups: 116 | - hazelcast.com 117 | resources: 118 | - "*" 119 | verbs: 120 | - "*" 121 | 122 | --- 123 | kind: RoleBinding 124 | apiVersion: rbac.authorization.k8s.io/v1 125 | metadata: 126 | name: hazelcast-enterprise-operator 127 | labels: 128 | app.kubernetes.io/name: hazelcast-enterprise-operator 129 | app.kubernetes.io/instance: hazelcast-enterprise-operator 130 | app.kubernetes.io/managed-by: hazelcast-enterprise-operator 131 | subjects: 132 | - kind: ServiceAccount 133 | name: hazelcast-enterprise-operator 134 | roleRef: 135 | kind: ClusterRole 136 | name: hazelcast-enterprise-operator 137 | apiGroup: rbac.authorization.k8s.io 138 | 139 | --- 140 | apiVersion: apps/v1 141 | kind: Deployment 142 | metadata: 143 | name: hazelcast-enterprise-operator 144 | labels: 145 | app.kubernetes.io/name: hazelcast-enterprise-operator 146 | app.kubernetes.io/instance: hazelcast-enterprise-operator 147 | app.kubernetes.io/managed-by: hazelcast-enterprise-operator 148 | spec: 149 | replicas: 1 150 | selector: 151 | matchLabels: 152 | app.kubernetes.io/name: hazelcast-enterprise-operator 153 | template: 154 | metadata: 155 | labels: 156 | app.kubernetes.io/name: hazelcast-enterprise-operator 157 | app.kubernetes.io/instance: hazelcast-enterprise-operator 158 | app.kubernetes.io/managed-by: hazelcast-enterprise-operator 159 | annotations: 160 | productID: hazelcast-enterprise-operator 161 | productName: Hazelcast Operator 162 | productVersion: 0.3.8 163 | spec: 164 | serviceAccountName: hazelcast-enterprise-operator 165 | securityContext: 166 | capabilities: 167 | drop: 168 | - ALL 169 | affinity: 170 | nodeAffinity: 171 | requiredDuringSchedulingIgnoredDuringExecution: 172 | nodeSelectorTerms: 173 | - matchExpressions: 174 | - key: beta.kubernetes.io/arch 175 | operator: In 176 | values: 177 | - amd64 178 | containers: 179 | - name: hazelcast-enterprise-operator 180 | image: hazelcast/hazelcast-enterprise-operator:0.3.8 181 | imagePullPolicy: Always 182 | env: 183 | - name: WATCH_NAMESPACE 184 | valueFrom: 185 | fieldRef: 186 | fieldPath: metadata.namespace 187 | - name: POD_NAME 188 | valueFrom: 189 | fieldRef: 190 | fieldPath: metadata.name 191 | - name: OPERATOR_NAME 192 | value: "hazelcast-enterprise-operator" 193 | - name: RELATED_IMAGE_HAZELCAST 194 | value: hazelcast/hazelcast-enterprise:5.0 195 | - name: RELATED_IMAGE_MANCENTER 196 | value: hazelcast/management-center:5.0 197 | resources: 198 | limits: 199 | cpu: "0.1" 200 | memory: 512Mi 201 | requests: 202 | cpu: "0.1" 203 | memory: 256Mi 204 | -------------------------------------------------------------------------------- /hazelcast-enterprise-operator/hazelcast-full.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: hazelcast.com/v1alpha1 2 | kind: HazelcastEnterprise 3 | metadata: 4 | name: hz 5 | labels: 6 | app.kubernetes.io/name: hazelcast 7 | app.kubernetes.io/instance: hazelcast 8 | app.kubernetes.io/managed-by: hazelcast-enterprise-operator 9 | spec: 10 | ## Hazelcast image version 11 | ## ref: https://hub.docker.com/r/hazelcast/hazelcast-enterprise-kubernetes/tags/ 12 | ## 13 | image: 14 | # repository is the Hazelcast image name 15 | repository: "hazelcast/hazelcast-enterprise" 16 | # tag is the Hazelcast image tag 17 | tag: "5.0" 18 | # pullPolicy is the Docker image pull policy 19 | # It's recommended to change this to 'Always' if the image tag is 'latest' 20 | # ref: http://kubernetes.io/docs/user-guide/images/#updating-images 21 | # 22 | pullPolicy: IfNotPresent 23 | # pullSecrets is an array of docker-registry secret names 24 | # Secrets must be manually created in the namespace. 25 | # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ 26 | # pullSecrets: 27 | # - myRegistryKeySecretName 28 | 29 | # Cluster settings 30 | cluster: 31 | # memberCount is the number Hazelcast members 32 | memberCount: 3 33 | 34 | # Hazelcast properties 35 | hazelcast: 36 | # ssl is a flag used to enable SSL for Hazelcast 37 | ssl: false 38 | # updateClusterVersionAfterRollingUpgrade is a flag used to automatically update the Hazelcast cluster version of the rolling upgrade procedure 39 | updateClusterVersionAfterRollingUpgrade: true 40 | # javaOpts are additional JAVA_OPTS properties for Hazelcast member 41 | javaOpts: 42 | # loggingLevel is the level of Hazelcast logs (SEVERE, WARNING, INFO, CONFIG, FINE, FINER, and FINEST) 43 | # Note that changing this value requires setting securityContext.runAsUser to 0 and securityContext.readOnlyRootFilesystem to false 44 | # loggingLevel: 45 | # existingConfigMap defines a ConfigMap which contains Hazelcast configuration file(s) that are used instead hazelcast.yaml configuration below 46 | # existingConfigMap: 47 | # yaml is the Hazelcast YAML configuration file 48 | yaml: 49 | hazelcast: 50 | network: 51 | join: 52 | multicast: 53 | enabled: false 54 | kubernetes: 55 | enabled: true 56 | service-name: ${serviceName} 57 | namespace: ${namespace} 58 | resolve-not-ready-addresses: true 59 | ssl: 60 | enabled: ${hazelcast.ssl} 61 | rest-api: 62 | enabled: true 63 | endpoint-groups: 64 | HEALTH_CHECK: 65 | enabled: true 66 | hot-restart-persistence: 67 | enabled: ${hazelcast.hotRestart} 68 | base-dir: /data/hot-restart 69 | validation-timeout-seconds: 1200 70 | data-load-timeout-seconds: 900 71 | auto-remove-stale-data: true 72 | management-center: 73 | enabled: ${hazelcast.mancenter.enabled} 74 | url: ${hazelcast.mancenter.url} 75 | # configurationFiles are any additional Hazelcast configuration files 76 | # configurationFiles: 77 | 78 | # affinity specifies the affinity/anti-affinity of different pods. The commented out 79 | # example below shows how you could ensure your hazelcast pods are scheduled on 80 | # different Kubernetes nodes 81 | affinity: 82 | # podAntiAffinity: 83 | # requiredDuringSchedulingIgnoredDuringExecution: 84 | # - labelSelector: 85 | # matchExpressions: 86 | # - key: app.kubernetes.io/name 87 | # operator: In 88 | # values: 89 | # - hazelcast 90 | # - key: role 91 | # operator: In 92 | # values: 93 | # - hazelcast 94 | # topologyKey: kubernetes.io/hostname 95 | 96 | # tolerations enable Hazelcast PODs to be able to run on nodes with taints 97 | # tolerations: 98 | 99 | # nodeSelector is an array of Hazelcast Node labels for POD assignments 100 | # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector 101 | nodeSelector: {} 102 | 103 | # hostPort is a port under which Hazelcast PODs are exposed on the host machines 104 | # hostPort: 105 | 106 | gracefulShutdown: 107 | enabled: true 108 | maxWaitSeconds: 600 109 | 110 | # Hazelcast Liveness probe 111 | livenessProbe: 112 | # enabled is a flag to used to enable liveness probe 113 | enabled: true 114 | # initialDelaySeconds is a delay before liveness probe is initiated 115 | initialDelaySeconds: 30 116 | # periodSeconds decides how often to perform the probe 117 | periodSeconds: 10 118 | # timeoutSeconds decides when the probe times out 119 | timeoutSeconds: 10 120 | # successThreshold is the minimum consecutive successes for the probe to be considered successful after having failed 121 | successThreshold: 1 122 | # failureThreshold is the minimum consecutive failures for the probe to be considered failed after having succeeded 123 | failureThreshold: 10 124 | # url path that will be called to check liveness 125 | path: /hazelcast/health/node-state 126 | # port that will be used in liveness probe calls 127 | # port: 128 | # HTTPS or HTTP scheme 129 | scheme: HTTP 130 | 131 | # Hazelcast Readiness probe 132 | readinessProbe: 133 | # enabled is a flag to used to enable readiness probe 134 | enabled: true 135 | # initialDelaySeconds is a delay before readiness probe is initiated 136 | initialDelaySeconds: 30 137 | # periodSeconds decides how often to perform the probe 138 | periodSeconds: 10 139 | # timeoutSeconds decides when the probe times out 140 | timeoutSeconds: 10 141 | # successThreshold is the minimum consecutive successes for the probe to be considered successful after having failed 142 | successThreshold: 1 143 | # failureThreshold is the minimum consecutive failures for the probe to be considered failed after having succeeded 144 | failureThreshold: 10 145 | # url path that will be called to check readiness 146 | path: /hazelcast/health/ready 147 | # port that will be used in readiness probe calls 148 | # port: 149 | # HTTPS or HTTP scheme 150 | scheme: HTTP 151 | 152 | # Configure resource requests and limits 153 | # ref: http://kubernetes.io/docs/user-guide/compute-resources/ 154 | # 155 | # resources: 156 | # requests: 157 | # memory: 256Mi 158 | # cpu: 100m 159 | # limits: 160 | # memory: 1024Mi 161 | # cpu: 200m 162 | 163 | # Hazelcast Service properties 164 | service: 165 | # Specifies whether a Service should be created 166 | create: true 167 | # The name of the Service to use. 168 | # The name is used for service discovery by Hazelcast K8S discovery plugin. 169 | # If not set and create is true, a name is generated using the fullname template 170 | # name: 171 | # type defines the Kubernetes service type ('ClusterIP', 'LoadBalancer', or 'NodePort') 172 | type: ClusterIP 173 | # port is the Kubernetes service port 174 | port: 5701 175 | # clusterIP set to None makes the service headless 176 | # It is required if DNS Lookup is used (https://github.com/hazelcast/hazelcast-kubernetes#dns-lookup) 177 | clusterIP: "None" 178 | 179 | 180 | # Role-based Access Control 181 | rbac: 182 | # Specifies whether RBAC resources should be created 183 | # It is not required if DNS Lookup is used (https://github.com/hazelcast/hazelcast-kubernetes#dns-lookup) 184 | create: false 185 | 186 | serviceAccount: 187 | # Specifies whether a ServiceAccount should be created 188 | create: false 189 | # The name of the ServiceAccount to use. 190 | # If not set and create is true, a name is generated using the fullname template 191 | name: hazelcast 192 | 193 | # Security Context properties 194 | securityContext: 195 | # enabled is a flag to enable Security Context 196 | enabled: true 197 | # runAsUser is the user ID used to run the container 198 | runAsUser: 65534 199 | # fsGroup is the group ID associated with the container 200 | fsGroup: 65534 201 | # readOnlyRootFilesystem is a flag to enable readOnlyRootFilesystem for the Hazelcast security context 202 | readOnlyRootFilesystem: true 203 | 204 | # Hazelcast Hot Restart persistence feature 205 | hotRestart: 206 | # enabled is a flag to enabled Hot Restart feature 207 | enabled: false 208 | # existingClaim is a name of the existing Persistence Volume Claim that will be used for the Hot Restart persistence 209 | # if not defined, a new Persistent Volume Claim is created with the default name 210 | # existingClaim: 211 | # accessModes defines the access modes for the created Persistent Volume Claim 212 | accessModes: 213 | - ReadWriteMany 214 | # size is the size of Persistent Volume Claim 215 | size: 8Gi 216 | # hostPath is the path of the node machine directory that is used for persistent storage 217 | # if defined, it's used instead of Persistent Volume Claim 218 | # hostPath: 219 | 220 | # Allows to enable a Prometheus to scrape pods, implemented for Hazelcast version >= 3.12 (or 'latest') 221 | metrics: 222 | enabled: false 223 | service: 224 | type: ClusterIP 225 | port: 8080 226 | annotations: 227 | prometheus.io/scrape: "true" 228 | prometheus.io/path: "/metrics" 229 | 230 | # secretsMountName is the secret name that is mounted as '/data/secrets/' (e.g. with keystore/trustore files) 231 | # secretsMountName: 232 | 233 | # customVolume is the configuration for any volume mounted as '/data/custom/' (e.g. to mount a volume with custom JARs) 234 | # customVolume: 235 | 236 | # Hazelcast Management Center application properties 237 | mancenter: 238 | # enabled is a flag to enable Management Center application 239 | enabled: true 240 | ## Hazelcast Management Center image version 241 | ## ref: https://hub.docker.com/r/hazelcast/management-center/tags/ 242 | ## 243 | image: 244 | # repository is the Hazelcast Management Center image name 245 | repository: "hazelcast/management-center" 246 | # tag is the Hazelcast Management Center image tag 247 | tag: "5.0" 248 | # pullPolicy is the Docker image pull policy 249 | # It's recommended to change this to 'Always' if the image tag is 'latest' 250 | # ref: http://kubernetes.io/docs/user-guide/images/#updating-images 251 | # 252 | pullPolicy: IfNotPresent 253 | # pullSecrets is an array of docker-registry secret names 254 | # Secrets must be manually created in the namespace. 255 | # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ 256 | # pullSecrets: 257 | # - myRegistryKeySecretName 258 | 259 | # ingress configuration for mancenter 260 | ingress: 261 | enabled: false 262 | annotations: {} 263 | # hosts: 264 | # - hazelcast-mancenter.cluster.domain 265 | # tls: 266 | # - secretName: hazelcast-ingress-tls 267 | # hosts: 268 | # - hazelcast-mancenter.cluster.domain 269 | 270 | # ssl is a flag to enable SSL for Management Center 271 | ssl: false 272 | # javaOpts are additional JAVA_OPTS properties for Hazelcast Management Center 273 | javaOpts: 274 | 275 | # licenseKey is the license key for Hazelcast Management Center 276 | # if not provided, it can be filled in the Management Center web interface 277 | # licenseKey: 278 | # licenseKeySecretName is the name of the secret where the Hazelcast Management Center License Key is stored (can be used instead of licenseKey) 279 | # licenseKeySecretName: 280 | 281 | # affinity specifies the Management Center affinity/anti-affinity of different pods 282 | # affinity: 283 | 284 | # tolerations enable Management Center POD to be able to run on nodes with taints 285 | # tolerations: 286 | 287 | # nodeSelector is an array of Hazelcast Management Center Node labels for POD assignments 288 | # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector 289 | nodeSelector: {} 290 | 291 | # Configure resource requests and limits 292 | # ref: http://kubernetes.io/docs/user-guide/compute-resources/ 293 | # 294 | # resources: 295 | # requests: 296 | # memory: 256Mi 297 | # cpu: 100m 298 | # limits: 299 | # memory: 1024Mi 300 | # cpu: 200m 301 | 302 | # Management Center persistence properties 303 | persistence: 304 | # enabled is a flag to enable persistence for Management Center 305 | enabled: true 306 | # existingClaim is a name of the existing Persistence Volume Claim that will be used for persistence 307 | # if not defined, a new Persistent Value Claim is created with the default name 308 | # existingClaim: 309 | # accessModes defines the access modes for the created Persistent Volume Claim 310 | accessModes: 311 | - ReadWriteOnce 312 | # size is the size of Persistent Volume Claim 313 | size: 8Gi 314 | 315 | # Hazelcast Management Center Service properties 316 | service: 317 | # type defines the Kubernetes service type ('ClusterIP', 'LoadBalancer', or 'NodePort') 318 | type: LoadBalancer 319 | # port is the Kubernetes service port 320 | port: 8080 321 | # service https port 322 | httpsPort: 443 323 | # service annotations for management center 324 | annotations: {} 325 | 326 | # Hazelcast Management Center Liveness probe 327 | livenessProbe: 328 | # enabled is a flag to used to enable liveness probe 329 | enabled: true 330 | # initialDelaySeconds is a delay before liveness probe is initiated 331 | initialDelaySeconds: 30 332 | # periodSeconds decides how often to perform the probe 333 | periodSeconds: 10 334 | # timeoutSeconds decides when the probe times out 335 | timeoutSeconds: 5 336 | # successThreshold is the minimum consecutive successes for the probe to be considered successful after having failed 337 | successThreshold: 1 338 | # failureThreshold is the minimum consecutive failures for the probe to be considered failed after having succeeded 339 | failureThreshold: 3 340 | # Hazelcast Management Center Readiness probe 341 | readinessProbe: 342 | # enabled is a flag to used to enable readiness probe 343 | enabled: true 344 | # initialDelaySeconds is a delay before readiness probe is initiated 345 | initialDelaySeconds: 30 346 | # periodSeconds decides how often to perform the probe 347 | periodSeconds: 10 348 | # timeoutSeconds decides when the probe times out 349 | timeoutSeconds: 1 350 | # successThreshold is the minimum consecutive successes for the probe to be considered successful after having failed 351 | successThreshold: 1 352 | # failureThreshold is the minimum consecutive failures for the probe to be considered failed after having succeeded 353 | failureThreshold: 3 354 | 355 | # secretsMountName is the secret name that is mounted as '/data/secrets/' (e.g. with keystore/trustore files) 356 | # secretsMountName: 357 | -------------------------------------------------------------------------------- /hazelcast-enterprise-operator/hazelcast-rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: hazelcast 5 | labels: 6 | app.kubernetes.io/name: hazelcast 7 | app.kubernetes.io/instance: hazelcast 8 | app.kubernetes.io/managed-by: hazelcast-enterprise-operator 9 | 10 | --- 11 | 12 | apiVersion: rbac.authorization.k8s.io/v1 13 | kind: ClusterRole 14 | metadata: 15 | name: hazelcast 16 | labels: 17 | app.kubernetes.io/name: hazelcast 18 | app.kubernetes.io/instance: hazelcast 19 | app.kubernetes.io/managed-by: hazelcast-enterprise-operator 20 | rules: 21 | - apiGroups: 22 | - "" 23 | resources: 24 | - endpoints 25 | - pods 26 | verbs: 27 | - get 28 | - list 29 | 30 | --- 31 | 32 | kind: RoleBinding 33 | apiVersion: rbac.authorization.k8s.io/v1 34 | metadata: 35 | name: hazelcast 36 | labels: 37 | app.kubernetes.io/name: hazelcast 38 | app.kubernetes.io/instance: hazelcast 39 | app.kubernetes.io/managed-by: hazelcast-enterprise-operator 40 | subjects: 41 | - kind: ServiceAccount 42 | name: hazelcast 43 | roleRef: 44 | kind: ClusterRole 45 | name: hazelcast 46 | apiGroup: rbac.authorization.k8s.io 47 | -------------------------------------------------------------------------------- /hazelcast-enterprise-operator/hazelcast.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: hazelcast.com/v1alpha1 2 | kind: HazelcastEnterprise 3 | metadata: 4 | name: hz 5 | labels: 6 | app.kubernetes.io/name: hazelcast 7 | app.kubernetes.io/instance: hazelcast 8 | app.kubernetes.io/managed-by: hazelcast-enterprise-operator 9 | spec: 10 | image: 11 | repository: "hazelcast/hazelcast-enterprise" 12 | tag: "5.0" 13 | service: 14 | create: true 15 | type: ClusterIP 16 | clusterIP: "None" 17 | hazelcast: 18 | licenseKeySecretName: hz-license-key-secret 19 | affinity: 20 | nodeAffinity: 21 | requiredDuringSchedulingIgnoredDuringExecution: 22 | nodeSelectorTerms: 23 | - matchExpressions: 24 | - key: beta.kubernetes.io/arch 25 | operator: In 26 | values: 27 | - amd64 28 | resources: 29 | requests: 30 | memory: 1024Mi 31 | cpu: 100m 32 | limits: 33 | memory: 1024Mi 34 | securityContext: 35 | runAsUser: "" 36 | runAsGroup: "" 37 | fsGroup: "" 38 | mancenter: 39 | image: 40 | repository: "hazelcast/management-center" 41 | tag: "5.0" 42 | service: 43 | type: LoadBalancer 44 | port: 8080 45 | affinity: 46 | nodeAffinity: 47 | requiredDuringSchedulingIgnoredDuringExecution: 48 | nodeSelectorTerms: 49 | - matchExpressions: 50 | - key: beta.kubernetes.io/arch 51 | operator: In 52 | values: 53 | - amd64 54 | resources: 55 | requests: 56 | memory: 1024Mi 57 | cpu: 100m 58 | limits: 59 | memory: 1024Mi 60 | rbac: 61 | create: false 62 | 63 | serviceAccount: 64 | create: false 65 | name: hazelcast 66 | -------------------------------------------------------------------------------- /hazelcast-enterprise-operator/hazelcastcluster.crd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: hazelcastenterprises.hazelcast.com 5 | spec: 6 | group: hazelcast.com 7 | names: 8 | kind: HazelcastEnterprise 9 | listKind: HazelcastEnterpriseList 10 | plural: hazelcastenterprises 11 | singular: hazelcastenterprise 12 | scope: Namespaced 13 | versions: 14 | - name: v1alpha1 15 | served: true 16 | storage: true 17 | schema: 18 | openAPIV3Schema: 19 | type: object 20 | x-kubernetes-preserve-unknown-fields: true 21 | subresources: 22 | status: {} 23 | -------------------------------------------------------------------------------- /hazelcast-enterprise-operator/operator-docker-hub.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: hazelcast-enterprise-operator 5 | labels: 6 | app.kubernetes.io/name: hazelcast-enterprise-operator 7 | app.kubernetes.io/instance: hazelcast-enterprise-operator 8 | app.kubernetes.io/managed-by: hazelcast-enterprise-operator 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | app.kubernetes.io/name: hazelcast-enterprise-operator 14 | template: 15 | metadata: 16 | labels: 17 | app.kubernetes.io/name: hazelcast-enterprise-operator 18 | app.kubernetes.io/instance: hazelcast-enterprise-operator 19 | app.kubernetes.io/managed-by: hazelcast-enterprise-operator 20 | annotations: 21 | productID: hazelcast-enterprise-operator 22 | productName: Hazelcast Operator 23 | productVersion: 0.3.8 24 | spec: 25 | serviceAccountName: hazelcast-enterprise-operator 26 | securityContext: 27 | capabilities: 28 | drop: 29 | - ALL 30 | affinity: 31 | nodeAffinity: 32 | requiredDuringSchedulingIgnoredDuringExecution: 33 | nodeSelectorTerms: 34 | - matchExpressions: 35 | - key: beta.kubernetes.io/arch 36 | operator: In 37 | values: 38 | - amd64 39 | containers: 40 | - name: hazelcast-enterprise-operator 41 | image: hazelcast/hazelcast-enterprise-operator:0.3.8 42 | imagePullPolicy: Always 43 | env: 44 | - name: WATCH_NAMESPACE 45 | valueFrom: 46 | fieldRef: 47 | fieldPath: metadata.namespace 48 | - name: POD_NAME 49 | valueFrom: 50 | fieldRef: 51 | fieldPath: metadata.name 52 | - name: OPERATOR_NAME 53 | value: "hazelcast-enterprise-operator" 54 | - name: RELATED_IMAGE_HAZELCAST 55 | value: hazelcast/hazelcast-enterprise:5.0 56 | - name: RELATED_IMAGE_MANCENTER 57 | value: hazelcast/management-center:5.0 58 | resources: 59 | limits: 60 | cpu: "0.1" 61 | memory: 512Mi 62 | requests: 63 | cpu: "0.1" 64 | memory: 256Mi 65 | -------------------------------------------------------------------------------- /hazelcast-enterprise-operator/operator-rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: hazelcast-enterprise-operator 5 | labels: 6 | app.kubernetes.io/name: hazelcast-enterprise-operator 7 | app.kubernetes.io/instance: hazelcast-enterprise-operator 8 | app.kubernetes.io/managed-by: hazelcast-enterprise-operator 9 | 10 | --- 11 | 12 | apiVersion: rbac.authorization.k8s.io/v1 13 | kind: ClusterRole 14 | metadata: 15 | name: hazelcast-enterprise-operator 16 | labels: 17 | app.kubernetes.io/name: hazelcast-enterprise-operator 18 | app.kubernetes.io/instance: hazelcast-enterprise-operator 19 | app.kubernetes.io/managed-by: hazelcast-enterprise-operator 20 | rules: 21 | - apiGroups: 22 | - "" 23 | resources: 24 | - pods 25 | - services 26 | - endpoints 27 | - persistentvolumeclaims 28 | - events 29 | - configmaps 30 | - secrets 31 | verbs: 32 | - '*' 33 | - apiGroups: 34 | - "" 35 | - "networking.k8s.io" 36 | resources: 37 | - ingresses 38 | verbs: 39 | - '*' 40 | - apiGroups: 41 | - "" 42 | resources: 43 | - namespaces 44 | verbs: 45 | - get 46 | - apiGroups: 47 | - "" 48 | resources: 49 | - serviceaccounts 50 | verbs: 51 | - get 52 | - create 53 | - list 54 | - update 55 | - delete 56 | - apiGroups: 57 | - rbac.authorization.k8s.io 58 | resources: 59 | - roles 60 | - rolebindings 61 | verbs: 62 | - get 63 | - create 64 | - list 65 | - update 66 | - delete 67 | - apiGroups: 68 | - apps 69 | resources: 70 | - deployments 71 | - daemonsets 72 | - replicasets 73 | - statefulsets 74 | verbs: 75 | - '*' 76 | - apiGroups: 77 | - monitoring.coreos.com 78 | resources: 79 | - servicemonitors 80 | verbs: 81 | - get 82 | - create 83 | - apiGroups: 84 | - apps 85 | resourceNames: 86 | - hazelcast-enterprise-operator 87 | resources: 88 | - deployments/finalizers 89 | verbs: 90 | - update 91 | - apiGroups: 92 | - hazelcast.com 93 | resources: 94 | - '*' 95 | verbs: 96 | - '*' 97 | 98 | --- 99 | 100 | kind: RoleBinding 101 | apiVersion: rbac.authorization.k8s.io/v1 102 | metadata: 103 | name: hazelcast-enterprise-operator 104 | labels: 105 | app.kubernetes.io/name: hazelcast-enterprise-operator 106 | app.kubernetes.io/instance: hazelcast-enterprise-operator 107 | app.kubernetes.io/managed-by: hazelcast-enterprise-operator 108 | subjects: 109 | - kind: ServiceAccount 110 | name: hazelcast-enterprise-operator 111 | roleRef: 112 | kind: ClusterRole 113 | name: hazelcast-enterprise-operator 114 | apiGroup: rbac.authorization.k8s.io 115 | -------------------------------------------------------------------------------- /hazelcast-enterprise-operator/operator-rhel.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: hazelcast-enterprise-operator 5 | labels: 6 | app.kubernetes.io/name: hazelcast-enterprise-operator 7 | app.kubernetes.io/instance: hazelcast-enterprise-operator 8 | app.kubernetes.io/managed-by: hazelcast-enterprise-operator 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | app.kubernetes.io/name: hazelcast-enterprise-operator 14 | template: 15 | metadata: 16 | labels: 17 | app.kubernetes.io/name: hazelcast-enterprise-operator 18 | app.kubernetes.io/instance: hazelcast-enterprise-operator 19 | app.kubernetes.io/managed-by: hazelcast-enterprise-operator 20 | annotations: 21 | productID: hazelcast-enterprise-operator 22 | productName: Hazelcast Enterprise Operator 23 | productVersion: 0.3.8 24 | spec: 25 | serviceAccountName: hazelcast-enterprise-operator 26 | securityContext: 27 | capabilities: 28 | drop: 29 | - ALL 30 | affinity: 31 | nodeAffinity: 32 | requiredDuringSchedulingIgnoredDuringExecution: 33 | nodeSelectorTerms: 34 | - matchExpressions: 35 | - key: beta.kubernetes.io/arch 36 | operator: In 37 | values: 38 | - amd64 39 | containers: 40 | - name: hazelcast-enterprise-operator 41 | image: registry.connect.redhat.com/hazelcast/hazelcast-enterprise-operator:0.3.8 42 | imagePullPolicy: Always 43 | env: 44 | - name: WATCH_NAMESPACE 45 | valueFrom: 46 | fieldRef: 47 | fieldPath: metadata.namespace 48 | - name: POD_NAME 49 | valueFrom: 50 | fieldRef: 51 | fieldPath: metadata.name 52 | - name: OPERATOR_NAME 53 | value: "hazelcast-enterprise-operator" 54 | - name: RELATED_IMAGE_HAZELCAST 55 | value: registry.connect.redhat.com/hazelcast/hazelcast-enterprise-5-rhel8:5.0 56 | - name: RELATED_IMAGE_MANCENTER 57 | value: registry.connect.redhat.com/hazelcast/management-center-5-rhel8:5.0 58 | resources: 59 | limits: 60 | cpu: "0.1" 61 | memory: 512Mi 62 | requests: 63 | cpu: "0.1" 64 | memory: 256Mi 65 | -------------------------------------------------------------------------------- /hazelcast-enterprise-operator/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | key: 4 | kind: Secret 5 | metadata: 6 | name: hz-license-key-secret 7 | labels: 8 | app.kubernetes.io/name: hazelcast 9 | app.kubernetes.io/instance: hazelcast 10 | app.kubernetes.io/managed-by: hazelcast-enterprise-operator 11 | -------------------------------------------------------------------------------- /hazelcast-operator/README.md: -------------------------------------------------------------------------------- 1 | # Hazelcast Operator 2 | 3 | This is a step-by-step guide how to deploy Hazelcast cluster (together with Management Center) on your OpenShift or Kubernetes cluster. 4 | 5 | ## Prerequisites 6 | 7 | You must have one of the followings: 8 | * OpenShift cluster (with admin rights) and the `oc` command configured (you may use [Minishift](https://github.com/minishift/minishift)) 9 | * Kubernetes cluster (with admin rights) and the `kubectl` command configured (you may use [Minikube](https://kubernetes.io/docs/getting-started-guides/minikube/)) 10 | 11 | ## Security Context Constraints (SCC) Requirements 12 | 13 | Hazelcast uses Redhat shipped `restricted` SCC which : 14 | 15 | - Ensures that pods cannot run as privileged. 16 | - Ensures that pods cannot mount host directory volumes. 17 | - Requires that a pod run as a user in a pre-allocated range of UIDs. 18 | - Requires that a pod run with a pre-allocated MCS label. 19 | - Allows pods to use any FSGroup. 20 | - Allows pods to use any supplemental group. 21 | 22 | You can refer to [Openshift Documentation](https://docs.openshift.com/) for more details. 23 | 24 | ## OpenShift Deployment steps 25 | 26 | Below are the steps to start a Hazelcast cluster using Operator Framework. Note that the first 3 steps are usually performed only once for the OpenShift cluster/project (usually by the cluster admin). The step 4 is performed each time you want to create a new Hazelcast cluster. 27 | 28 | Note: You need to clone this repository before following the next steps. 29 | 30 | git clone https://github.com/hazelcast/hazelcast-operator.git 31 | cd hazelcast-operator/hazelcast-operator 32 | 33 | #### Step 0: Create project 34 | 35 | To create a new project, run the following command. 36 | 37 | oc new-project hazelcast-operator 38 | 39 | #### Step 1: Deploy Hazelcast Operator 40 | 41 | Run the following command to configure the Hazelcast operator permissions, it will also deploy the operator. 42 | 43 | oc apply -f bundle.yaml 44 | 45 | 46 | #### Step 2: Create RBAC 47 | 48 | Run the following command to configure the Hazelcast cluster permissions. 49 | 50 | oc apply -f hazelcast-rbac.yaml 51 | 52 | 53 | #### Step 3: Start Hazelcast 54 | 55 | Start Hazelcast cluster with the following command. 56 | 57 | oc apply -f hazelcast.yaml 58 | 59 | Your Hazelcast cluster (together with Management Center) should be created. 60 | 61 | $ oc get pods 62 | NAME READY STATUS RESTARTS AGE 63 | hazelcast-operator-b5bd8f7c7-7wqxh 1/1 Running 0 8m21s 64 | hz-hazelcast-0 1/1 Running 0 3m55s 65 | hz-hazelcast-1 1/1 Running 0 3m11s 66 | hz-hazelcast-2 1/1 Running 0 2m25s 67 | hz-hazelcast-mancenter-0 1/1 Running 0 3m55s 68 | 69 | 70 | **Note**: In `hazelcast.yaml` you can specify all parameters available in the [Hazelcast Helm Chart](https://github.com/hazelcast/charts/tree/master/stable/hazelcast). 71 | 72 | **Note** also that you cannot create multiple Hazelcast clusters with the same name. 73 | 74 | To connect to Management Center, you can use `EXTERNAL-IP` and open your browser at: `http://:8080/hazelcast-mancenter`. If your OpenShift environment does not have Load Balancer configured, then you can create a route to Management Center with `oc expose`. 75 | 76 | ![Management Center](../markdown/management-center.png) 77 | 78 | ## Kubernetes Deployment steps 79 | 80 | Below are the steps to start a Hazelcast cluster using Operator Framework. Note that the first 3 steps are usually performed only once for the Kubernetes cluster (by the cluster admin). The step 4 is performed each time you want to create a new Hazelcast cluster. 81 | 82 | Note: You need to clone this repository before following the next steps. 83 | 84 | git clone https://github.com/hazelcast/hazelcast-operator.git 85 | cd hazelcast-operator/hazelcast-operator 86 | 87 | 88 | 89 | #### Step 1: Deploy Hazelcast Operator 90 | 91 | Deploy Hazelcast Operator with the following command. 92 | 93 | kubectl --validate=false apply -f bundle.yaml 94 | 95 | #### Step 2: Create RBAC 96 | 97 | Run the following commands to configure the Hazelcast cluster permissions. 98 | 99 | kubectl apply -f hazelcast-rbac.yaml 100 | 101 | #### Step 3: Start Hazelcast 102 | 103 | Before starting the cluster, you need to remove the `securityContext` part from `hazelcast.yaml`. 104 | 105 | ``` 106 | securityContext: 107 | runAsUser: "" 108 | runAsGroup: "" 109 | fsGroup: "" 110 | ``` 111 | 112 | After deletion, you can start the Hazelcast cluster with the following command. 113 | 114 | kubectl apply -f hazelcast.yaml 115 | 116 | Your Hazelcast cluster (together with Management Center) should be created. 117 | 118 | $ kubectl get pods 119 | NAME READY STATUS RESTARTS AGE 120 | hazelcast-operator-b5bd8f7c7-7wqxh 1/1 Running 0 8m21s 121 | hz-hazelcast-0 1/1 Running 0 3m55s 122 | hz-hazelcast-1 1/1 Running 0 3m11s 123 | hz-hazelcast-2 1/1 Running 0 2m25s 124 | hz-hazelcast-mancenter-0 1/1 Running 0 3m55s 125 | 126 | **Note**: In `hazelcast.yaml` you can specify all parameters available in the [Hazelcast Helm Chart](https://github.com/hazelcast/charts/tree/master/stable/hazelcast). 127 | 128 | **Note** also that you cannot create multiple Hazelcast clusters with the same name. 129 | 130 | To connect to Management Center, you can use `EXTERNAL-IP` and open your browser at: `http://:8080/hazelcast-mancenter`. If your Kubernetes environment does not have Load Balancer configured, then please use `NodePort` or `Ingress`. 131 | 132 | ![Management Center](../markdown/management-center.png) 133 | 134 | ## Configuration 135 | 136 | You may want to modify the behavior of the Hazelcast Operator. 137 | 138 | #### Changing Hazelcast and Management Center version 139 | 140 | If you want to modify the Hazelcast or Management Center version, update `RELATED_IMAGE_HAZELCAST` and `RELATED_IMAGE_MANCENTER` environment variables in `operator-rhel.yaml` (or `operator-docker-hub.yaml`). 141 | 142 | #### Configuring Hazelcast Cluster 143 | 144 | Description of all parameters can be found [here](https://github.com/hazelcast/charts/tree/master/stable/hazelcast#configuration). 145 | 146 | ## Troubleshooting 147 | 148 | Kubernetes/OpenShift clusters are deployed in many different ways and you may encounter some of the following issues in some environments. 149 | 150 | #### Invalid value: must be no more than 63 characters 151 | 152 | In the sample `hazelcast.yaml`, the name of the Hazelcast cluster is `hz`. If you make this value longer, you may encounter the following error. 153 | 154 | oc describe statefulset.apps/my-hazelcast-2esqhajupdg5002uqwgoc8jnj-hazelcast 155 | 156 | .......Invalid value: "my-hazelcast-2esqhajupdg5002uqwgoc8jnj-hazelcast-74cf94b5": must be no more than 63 characters 157 | 158 | This is the issue of the Operator itself, so there is not better solution for now than giving your cluster a short name. 159 | 160 | #### WriteNotAllowedException in Management Center 161 | 162 | Some of the OpenShift environments may have the restriction on the User ID used in volume mounts, which may cause the following exception in Management Center. 163 | 164 | Caused by: com.hazelcast.webmonitor.service.exception.WriteNotAllowedException: WARNING: /data can not be created. Either make it writable, or set "hazelcast.mancenter. 165 | home" system property to a writable directory and restart. 166 | at com.hazelcast.webmonitor.service.HomeDirectoryProviderImpl.constructDirectory(HomeDirectoryProviderImpl.java:63) 167 | at com.hazelcast.webmonitor.service.HomeDirectoryProviderImpl.(HomeDirectoryProviderImpl.java:25) 168 | at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) 169 | at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) 170 | at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) 171 | at java.lang.reflect.Constructor.newInstance(Constructor.java:423) 172 | at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:142) 173 | ... 66 common frames omitted 174 | 175 | In such case, please update your `hazelcast.yaml` with the valid `runAsUser` and `fsGroup` values. 176 | 177 | apiVersion: hazelcast.com/v1alpha1 178 | kind: Hazelcast 179 | metadata: 180 | name: hz 181 | spec: 182 | ... 183 | securityContext: 184 | runAsUser: 1000160000 185 | fsGroup: 1000160000 186 | 187 | Note: You can find the UID range for your project with the following command `oc describe project | grep openshift.io/sa.scc.uid-range`. 188 | -------------------------------------------------------------------------------- /hazelcast-operator/bundle.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: hazelcasts.hazelcast.com 6 | spec: 7 | group: hazelcast.com 8 | names: 9 | kind: Hazelcast 10 | listKind: HazelcastList 11 | plural: hazelcasts 12 | singular: hazelcast 13 | scope: Namespaced 14 | versions: 15 | - name: v1alpha1 16 | served: true 17 | storage: true 18 | schema: 19 | openAPIV3Schema: 20 | type: object 21 | x-kubernetes-preserve-unknown-fields: true 22 | subresources: 23 | status: {} 24 | 25 | --- 26 | apiVersion: v1 27 | kind: ServiceAccount 28 | metadata: 29 | name: hazelcast-operator 30 | labels: 31 | app.kubernetes.io/name: hazelcast-operator 32 | app.kubernetes.io/instance: hazelcast-operator 33 | app.kubernetes.io/managed-by: hazelcast-operator 34 | 35 | --- 36 | apiVersion: rbac.authorization.k8s.io/v1 37 | kind: ClusterRole 38 | metadata: 39 | name: hazelcast-operator 40 | labels: 41 | app.kubernetes.io/name: hazelcast-operator 42 | app.kubernetes.io/instance: hazelcast-operator 43 | app.kubernetes.io/managed-by: hazelcast-operator 44 | rules: 45 | - apiGroups: 46 | - "" 47 | resources: 48 | - pods 49 | - services 50 | - endpoints 51 | - persistentvolumeclaims 52 | - events 53 | - configmaps 54 | - secrets 55 | verbs: 56 | - "*" 57 | - apiGroups: 58 | - "" 59 | - "networking.k8s.io" 60 | resources: 61 | - ingresses 62 | verbs: 63 | - "*" 64 | - apiGroups: 65 | - "" 66 | resources: 67 | - namespaces 68 | verbs: 69 | - get 70 | - apiGroups: 71 | - "" 72 | resources: 73 | - serviceaccounts 74 | verbs: 75 | - get 76 | - create 77 | - list 78 | - update 79 | - delete 80 | - apiGroups: 81 | - rbac.authorization.k8s.io 82 | resources: 83 | - roles 84 | - rolebindings 85 | verbs: 86 | - get 87 | - create 88 | - list 89 | - update 90 | - delete 91 | - apiGroups: 92 | - apps 93 | resources: 94 | - deployments 95 | - daemonsets 96 | - replicasets 97 | - statefulsets 98 | verbs: 99 | - "*" 100 | - apiGroups: 101 | - monitoring.coreos.com 102 | resources: 103 | - servicemonitors 104 | verbs: 105 | - get 106 | - create 107 | - apiGroups: 108 | - apps 109 | resourceNames: 110 | - hazelcast-operator 111 | resources: 112 | - deployments/finalizers 113 | verbs: 114 | - update 115 | - apiGroups: 116 | - hazelcast.com 117 | resources: 118 | - "*" 119 | verbs: 120 | - "*" 121 | 122 | --- 123 | kind: RoleBinding 124 | apiVersion: rbac.authorization.k8s.io/v1 125 | metadata: 126 | name: hazelcast-operator 127 | labels: 128 | app.kubernetes.io/name: hazelcast-operator 129 | app.kubernetes.io/instance: hazelcast-operator 130 | app.kubernetes.io/managed-by: hazelcast-operator 131 | subjects: 132 | - kind: ServiceAccount 133 | name: hazelcast-operator 134 | roleRef: 135 | kind: ClusterRole 136 | name: hazelcast-operator 137 | apiGroup: rbac.authorization.k8s.io 138 | 139 | --- 140 | apiVersion: apps/v1 141 | kind: Deployment 142 | metadata: 143 | name: hazelcast-operator 144 | labels: 145 | app.kubernetes.io/name: hazelcast-operator 146 | app.kubernetes.io/instance: hazelcast-operator 147 | app.kubernetes.io/managed-by: hazelcast-operator 148 | spec: 149 | replicas: 1 150 | selector: 151 | matchLabels: 152 | app.kubernetes.io/name: hazelcast-operator 153 | template: 154 | metadata: 155 | labels: 156 | app.kubernetes.io/name: hazelcast-operator 157 | app.kubernetes.io/instance: hazelcast-operator 158 | app.kubernetes.io/managed-by: hazelcast-operator 159 | annotations: 160 | productID: hazelcast-operator 161 | productName: Hazelcast Operator 162 | productVersion: 0.3.8 163 | spec: 164 | serviceAccountName: hazelcast-operator 165 | securityContext: 166 | capabilities: 167 | drop: 168 | - ALL 169 | affinity: 170 | nodeAffinity: 171 | requiredDuringSchedulingIgnoredDuringExecution: 172 | nodeSelectorTerms: 173 | - matchExpressions: 174 | - key: beta.kubernetes.io/arch 175 | operator: In 176 | values: 177 | - amd64 178 | containers: 179 | - name: hazelcast-operator 180 | image: hazelcast/hazelcast-operator:0.3.8 181 | imagePullPolicy: Always 182 | env: 183 | - name: WATCH_NAMESPACE 184 | valueFrom: 185 | fieldRef: 186 | fieldPath: metadata.namespace 187 | - name: POD_NAME 188 | valueFrom: 189 | fieldRef: 190 | fieldPath: metadata.name 191 | - name: OPERATOR_NAME 192 | value: hazelcast-operator 193 | - name: RELATED_IMAGE_HAZELCAST 194 | value: hazelcast/hazelcast:5.0 195 | - name: RELATED_IMAGE_MANCENTER 196 | value: hazelcast/management-center:5.0 197 | resources: 198 | limits: 199 | cpu: "0.1" 200 | memory: 512Mi 201 | requests: 202 | cpu: "0.1" 203 | memory: 256Mi 204 | -------------------------------------------------------------------------------- /hazelcast-operator/hazelcast-full.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: hazelcast.com/v1alpha1 2 | kind: Hazelcast 3 | metadata: 4 | name: hz 5 | labels: 6 | app.kubernetes.io/name: hazelcast 7 | app.kubernetes.io/instance: hazelcast 8 | app.kubernetes.io/managed-by: hazelcast-operator 9 | spec: 10 | ## Hazelcast image version 11 | ## ref: https://hub.docker.com/r/hazelcast/hazelcast-kubernetes/tags/ 12 | ## 13 | image: 14 | # repository is the Hazelcast image name 15 | repository: "hazelcast/hazelcast" 16 | # tag is the Hazelcast image tag 17 | tag: "5.0" 18 | # pullPolicy is the Docker image pull policy 19 | # It's recommended to change this to 'Always' if the image tag is 'latest' 20 | # ref: http://kubernetes.io/docs/user-guide/images/#updating-images 21 | # 22 | pullPolicy: IfNotPresent 23 | # pullSecrets is an array of docker-registry secret names 24 | # Secrets must be manually created in the namespace. 25 | # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ 26 | # pullSecrets: 27 | # - myRegistryKeySecretName 28 | 29 | # Cluster settings 30 | cluster: 31 | # memberCount is the number Hazelcast members 32 | memberCount: 3 33 | 34 | # Hazelcast properties 35 | hazelcast: 36 | # javaOpts are additional JAVA_OPTS properties for Hazelcast member 37 | javaOpts: 38 | # loggingLevel is the level of Hazelcast logs (SEVERE, WARNING, INFO, CONFIG, FINE, FINER, and FINEST) 39 | # Note that changing this value requires setting securityContext.runAsUser to 0 and securityContext.readOnlyRootFilesystem to false 40 | # loggingLevel: 41 | # existingConfigMap defines a ConfigMap which contains Hazelcast configuration file(s) that are used instead hazelcast.yaml configuration below 42 | # existingConfigMap: 43 | # yaml is the Hazelcast YAML configuration file 44 | yaml: 45 | hazelcast: 46 | network: 47 | join: 48 | multicast: 49 | enabled: false 50 | kubernetes: 51 | enabled: true 52 | service-name: ${serviceName} 53 | namespace: ${namespace} 54 | resolve-not-ready-addresses: true 55 | rest-api: 56 | enabled: true 57 | endpoint-groups: 58 | HEALTH_CHECK: 59 | enabled: true 60 | management-center: 61 | enabled: ${hazelcast.mancenter.enabled} 62 | url: ${hazelcast.mancenter.url} 63 | # configurationFiles are any additional Hazelcast configuration files 64 | # configurationFiles: 65 | 66 | # affinity specifies the affinity/anti-affinity of different pods. The commented out 67 | # example below shows how you could ensure your hazelcast pods are scheduled on 68 | # different Kubernetes nodes 69 | affinity: 70 | # podAntiAffinity: 71 | # requiredDuringSchedulingIgnoredDuringExecution: 72 | # - labelSelector: 73 | # matchExpressions: 74 | # - key: app.kubernetes.io/name 75 | # operator: In 76 | # values: 77 | # - hazelcast 78 | # - key: role 79 | # operator: In 80 | # values: 81 | # - hazelcast 82 | # topologyKey: kubernetes.io/hostname 83 | 84 | # tolerations enable Hazelcast PODs to be able to run on nodes with taints 85 | # tolerations: 86 | 87 | # nodeSelector is an array of Hazelcast Node labels for POD assignments 88 | # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector 89 | nodeSelector: {} 90 | 91 | # hostPort is a port under which Hazelcast PODs are exposed on the host machines 92 | # hostPort: 93 | 94 | gracefulShutdown: 95 | enabled: true 96 | maxWaitSeconds: 600 97 | 98 | # Hazelcast Liveness probe 99 | livenessProbe: 100 | # enabled is a flag to used to enable liveness probe 101 | enabled: true 102 | # initialDelaySeconds is a delay before liveness probe is initiated 103 | initialDelaySeconds: 30 104 | # periodSeconds decides how often to perform the probe 105 | periodSeconds: 10 106 | # timeoutSeconds decides when the probe times out 107 | timeoutSeconds: 10 108 | # successThreshold is the minimum consecutive successes for the probe to be considered successful after having failed 109 | successThreshold: 1 110 | # failureThreshold is the minimum consecutive failures for the probe to be considered failed after having succeeded 111 | failureThreshold: 10 112 | # url path that will be called to check liveness 113 | path: /hazelcast/health/node-state 114 | # port that will be used in liveness probe calls 115 | # port: 116 | 117 | # Hazelcast Readiness probe 118 | readinessProbe: 119 | # enabled is a flag to used to enable readiness probe 120 | enabled: true 121 | # initialDelaySeconds is a delay before readiness probe is initiated 122 | initialDelaySeconds: 30 123 | # periodSeconds decides how often to perform the probe 124 | periodSeconds: 10 125 | # timeoutSeconds decides when the probe times out 126 | timeoutSeconds: 10 127 | # successThreshold is the minimum consecutive successes for the probe to be considered successful after having failed 128 | successThreshold: 1 129 | # failureThreshold is the minimum consecutive failures for the probe to be considered failed after having succeeded 130 | failureThreshold: 10 131 | # url path that will be called to check readiness 132 | path: /hazelcast/health/ready 133 | # port that will be used in readiness probe calls 134 | # port: 135 | 136 | # Configure resource requests and limits 137 | # ref: http://kubernetes.io/docs/user-guide/compute-resources/ 138 | # 139 | # resources: 140 | # requests: 141 | # memory: 256Mi 142 | # cpu: 100m 143 | # limits: 144 | # memory: 1024Mi 145 | # cpu: 200m 146 | 147 | # Hazelcast Service properties 148 | service: 149 | # Specifies whether a Service should be created 150 | create: true 151 | # The name of the Service to use. 152 | # The name is used for service discovery by Hazelcast K8S discovery plugin. 153 | # If not set and create is true, a name is generated using the fullname template 154 | # name: 155 | # type defines the Kubernetes service type ('ClusterIP', 'LoadBalancer', or 'NodePort') 156 | type: ClusterIP 157 | # port is the Kubernetes service port 158 | port: 5701 159 | # clusterIP set to None makes the service headless 160 | # It is required if DNS Lookup is used (https://github.com/hazelcast/hazelcast-kubernetes#dns-lookup) 161 | clusterIP: "None" 162 | 163 | 164 | # Role-based Access Control 165 | rbac: 166 | # Specifies whether RBAC resources should be created 167 | # It is not required if DNS Lookup is used (https://github.com/hazelcast/hazelcast-kubernetes#dns-lookup) 168 | create: false 169 | 170 | serviceAccount: 171 | # Specifies whether a ServiceAccount should be created 172 | create: false 173 | # The name of the ServiceAccount to use. 174 | # If not set and create is true, a name is generated using the fullname template 175 | name: hazelcast 176 | 177 | # Security Context properties 178 | securityContext: 179 | # enabled is a flag to enable Security Context 180 | enabled: true 181 | # runAsUser is the user ID used to run the container 182 | runAsUser: 65534 183 | # fsGroup is the group ID associated with the container 184 | fsGroup: 65534 185 | # readOnlyRootFilesystem is a flag to enable readOnlyRootFilesystem for the Hazelcast security context 186 | readOnlyRootFilesystem: true 187 | 188 | # Allows to enable a Prometheus to scrape pods, implemented for Hazelcast version >= 3.12 (or 'latest') 189 | metrics: 190 | enabled: false 191 | service: 192 | type: ClusterIP 193 | port: 8080 194 | annotations: 195 | prometheus.io/scrape: "true" 196 | prometheus.io/path: "/metrics" 197 | 198 | # customVolume is the configuration for any volume mounted as '/data/custom/' (e.g. to mount a volume with custom JARs) 199 | # customVolume: 200 | 201 | # Hazelcast Management Center application properties 202 | mancenter: 203 | # enabled is a flag to enable Management Center application 204 | enabled: true 205 | ## Hazelcast Management Center image version 206 | ## ref: https://hub.docker.com/r/hazelcast/management-center/tags/ 207 | ## 208 | image: 209 | # repository is the Hazelcast Management Center image name 210 | repository: "hazelcast/management-center" 211 | # tag is the Hazelcast Management Center image tag 212 | tag: "5.0" 213 | # pullPolicy is the Docker image pull policy 214 | # It's recommended to change this to 'Always' if the image tag is 'latest' 215 | # ref: http://kubernetes.io/docs/user-guide/images/#updating-images 216 | # 217 | pullPolicy: IfNotPresent 218 | # pullSecrets is an array of docker-registry secret names 219 | # Secrets must be manually created in the namespace. 220 | # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ 221 | # pullSecrets: 222 | # - myRegistryKeySecretName 223 | 224 | # ingress configuration for mancenter 225 | ingress: 226 | enabled: false 227 | annotations: {} 228 | # hosts: 229 | # - hazelcast-mancenter.cluster.domain 230 | # tls: 231 | # - secretName: hazelcast-ingress-tls 232 | # hosts: 233 | # - hazelcast-mancenter.cluster.domain 234 | 235 | # javaOpts are additional JAVA_OPTS properties for Hazelcast Management Center 236 | javaOpts: 237 | 238 | # licenseKey is the license key for Hazelcast Management Center 239 | # if not provided, it can be filled in the Management Center web interface 240 | licenseKey: 241 | # licenseKeySecretName is the name of the secret where the Hazelcast Management Center License Key is stored (can be used instead of licenseKey) 242 | # licenseKeySecretName: 243 | 244 | # affinity specifies the Management Center affinity/anti-affinity of different pods 245 | # affinity: 246 | 247 | # tolerations enable Management Center POD to be able to run on nodes with taints 248 | # tolerations: 249 | 250 | # nodeSelector is an array of Hazelcast Management Center Node labels for POD assignments 251 | # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector 252 | nodeSelector: {} 253 | 254 | # Configure resource requests and limits 255 | # ref: http://kubernetes.io/docs/user-guide/compute-resources/ 256 | # 257 | # resources: 258 | # requests: 259 | # memory: 256Mi 260 | # cpu: 100m 261 | # limits: 262 | # memory: 1024Mi 263 | # cpu: 200m 264 | 265 | # Management Center persistence properties 266 | persistence: 267 | # enabled is a flag to enable persistence for Management Center 268 | enabled: true 269 | # existingClaim is a name of the existing Persistence Volume Claim that will be used for persistence 270 | # if not defined, a new Persistent Value Claim is created with the default name 271 | # existingClaim: 272 | # accessModes defines the access modes for the created Persistent Volume Claim 273 | accessModes: 274 | - ReadWriteOnce 275 | # size is the size of Persistent Volume Claim 276 | size: 8Gi 277 | 278 | # Hazelcast Management Center Service properties 279 | service: 280 | # type defines the Kubernetes service type ('ClusterIP', 'LoadBalancer', or 'NodePort') 281 | type: LoadBalancer 282 | # port is the Kubernetes service port 283 | port: 8080 284 | # service https port 285 | httpsPort: 443 286 | # service annotations for management center 287 | annotations: {} 288 | 289 | # Hazelcast Management Center Liveness probe 290 | livenessProbe: 291 | # enabled is a flag to used to enable liveness probe 292 | enabled: true 293 | # initialDelaySeconds is a delay before liveness probe is initiated 294 | initialDelaySeconds: 30 295 | # periodSeconds decides how often to perform the probe 296 | periodSeconds: 10 297 | # timeoutSeconds decides when the probe times out 298 | timeoutSeconds: 5 299 | # successThreshold is the minimum consecutive successes for the probe to be considered successful after having failed 300 | successThreshold: 1 301 | # failureThreshold is the minimum consecutive failures for the probe to be considered failed after having succeeded 302 | failureThreshold: 3 303 | # Hazelcast Management Center Readiness probe 304 | readinessProbe: 305 | # enabled is a flag to used to enable readiness probe 306 | enabled: true 307 | # initialDelaySeconds is a delay before readiness probe is initiated 308 | initialDelaySeconds: 30 309 | # periodSeconds decides how often to perform the probe 310 | periodSeconds: 10 311 | # timeoutSeconds decides when the probe times out 312 | timeoutSeconds: 1 313 | # successThreshold is the minimum consecutive successes for the probe to be considered successful after having failed 314 | successThreshold: 1 315 | # failureThreshold is the minimum consecutive failures for the probe to be considered failed after having succeeded 316 | failureThreshold: 3 317 | 318 | -------------------------------------------------------------------------------- /hazelcast-operator/hazelcast-rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: hazelcast 5 | labels: 6 | app.kubernetes.io/name: hazelcast 7 | app.kubernetes.io/instance: hazelcast 8 | app.kubernetes.io/managed-by: hazelcast-operator 9 | 10 | --- 11 | 12 | apiVersion: rbac.authorization.k8s.io/v1 13 | kind: ClusterRole 14 | metadata: 15 | name: hazelcast 16 | labels: 17 | app.kubernetes.io/name: hazelcast 18 | app.kubernetes.io/instance: hazelcast 19 | app.kubernetes.io/managed-by: hazelcast-operator 20 | rules: 21 | - apiGroups: 22 | - "" 23 | resources: 24 | - endpoints 25 | - pods 26 | verbs: 27 | - get 28 | - list 29 | 30 | --- 31 | 32 | kind: RoleBinding 33 | apiVersion: rbac.authorization.k8s.io/v1 34 | metadata: 35 | name: hazelcast 36 | labels: 37 | app.kubernetes.io/name: hazelcast 38 | app.kubernetes.io/instance: hazelcast 39 | app.kubernetes.io/managed-by: hazelcast-operator 40 | subjects: 41 | - kind: ServiceAccount 42 | name: hazelcast 43 | roleRef: 44 | kind: ClusterRole 45 | name: hazelcast 46 | apiGroup: rbac.authorization.k8s.io 47 | -------------------------------------------------------------------------------- /hazelcast-operator/hazelcast.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: hazelcast.com/v1alpha1 2 | kind: Hazelcast 3 | metadata: 4 | name: hz 5 | labels: 6 | app.kubernetes.io/name: hazelcast 7 | app.kubernetes.io/instance: hazelcast 8 | app.kubernetes.io/managed-by: hazelcast-operator 9 | spec: 10 | image: 11 | repository: "hazelcast/hazelcast" 12 | tag: "5.0" 13 | service: 14 | create: true 15 | type: ClusterIP 16 | clusterIP: "None" 17 | affinity: 18 | nodeAffinity: 19 | requiredDuringSchedulingIgnoredDuringExecution: 20 | nodeSelectorTerms: 21 | - matchExpressions: 22 | - key: beta.kubernetes.io/arch 23 | operator: In 24 | values: 25 | - amd64 26 | resources: 27 | requests: 28 | memory: 1024Mi 29 | cpu: 100m 30 | limits: 31 | memory: 1024Mi 32 | securityContext: 33 | runAsUser: "" 34 | runAsGroup: "" 35 | fsGroup: "" 36 | mancenter: 37 | image: 38 | repository: "hazelcast/management-center" 39 | tag: "5.0" 40 | enabled: true 41 | service: 42 | type: LoadBalancer 43 | port: 8080 44 | affinity: 45 | nodeAffinity: 46 | requiredDuringSchedulingIgnoredDuringExecution: 47 | nodeSelectorTerms: 48 | - matchExpressions: 49 | - key: beta.kubernetes.io/arch 50 | operator: In 51 | values: 52 | - amd64 53 | resources: 54 | requests: 55 | memory: 1024Mi 56 | cpu: 100m 57 | limits: 58 | memory: 1024Mi 59 | rbac: 60 | create: false 61 | serviceAccount: 62 | create: false 63 | name: hazelcast 64 | -------------------------------------------------------------------------------- /hazelcast-operator/hazelcastcluster.crd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: hazelcasts.hazelcast.com 5 | spec: 6 | group: hazelcast.com 7 | names: 8 | kind: Hazelcast 9 | listKind: HazelcastList 10 | plural: hazelcasts 11 | singular: hazelcast 12 | scope: Namespaced 13 | versions: 14 | - name: v1alpha1 15 | served: true 16 | storage: true 17 | schema: 18 | openAPIV3Schema: 19 | type: object 20 | x-kubernetes-preserve-unknown-fields: true 21 | subresources: 22 | status: {} 23 | -------------------------------------------------------------------------------- /hazelcast-operator/operator-rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: hazelcast-operator 5 | labels: 6 | app.kubernetes.io/name: hazelcast-operator 7 | app.kubernetes.io/instance: hazelcast-operator 8 | app.kubernetes.io/managed-by: hazelcast-operator 9 | 10 | --- 11 | 12 | apiVersion: rbac.authorization.k8s.io/v1 13 | kind: ClusterRole 14 | metadata: 15 | name: hazelcast-operator 16 | labels: 17 | app.kubernetes.io/name: hazelcast-operator 18 | app.kubernetes.io/instance: hazelcast-operator 19 | app.kubernetes.io/managed-by: hazelcast-operator 20 | rules: 21 | - apiGroups: 22 | - "" 23 | resources: 24 | - pods 25 | - services 26 | - endpoints 27 | - persistentvolumeclaims 28 | - events 29 | - configmaps 30 | - secrets 31 | verbs: 32 | - '*' 33 | - apiGroups: 34 | - "" 35 | - "networking.k8s.io" 36 | resources: 37 | - ingresses 38 | verbs: 39 | - '*' 40 | - apiGroups: 41 | - "" 42 | resources: 43 | - namespaces 44 | verbs: 45 | - get 46 | - apiGroups: 47 | - "" 48 | resources: 49 | - serviceaccounts 50 | verbs: 51 | - get 52 | - create 53 | - list 54 | - update 55 | - delete 56 | - apiGroups: 57 | - rbac.authorization.k8s.io 58 | resources: 59 | - roles 60 | - rolebindings 61 | verbs: 62 | - get 63 | - create 64 | - list 65 | - update 66 | - delete 67 | - apiGroups: 68 | - apps 69 | resources: 70 | - deployments 71 | - daemonsets 72 | - replicasets 73 | - statefulsets 74 | verbs: 75 | - '*' 76 | - apiGroups: 77 | - monitoring.coreos.com 78 | resources: 79 | - servicemonitors 80 | verbs: 81 | - get 82 | - create 83 | - apiGroups: 84 | - apps 85 | resourceNames: 86 | - hazelcast-operator 87 | resources: 88 | - deployments/finalizers 89 | verbs: 90 | - update 91 | - apiGroups: 92 | - hazelcast.com 93 | resources: 94 | - '*' 95 | verbs: 96 | - '*' 97 | 98 | --- 99 | 100 | kind: RoleBinding 101 | apiVersion: rbac.authorization.k8s.io/v1 102 | metadata: 103 | name: hazelcast-operator 104 | labels: 105 | app.kubernetes.io/name: hazelcast-operator 106 | app.kubernetes.io/instance: hazelcast-operator 107 | app.kubernetes.io/managed-by: hazelcast-operator 108 | subjects: 109 | - kind: ServiceAccount 110 | name: hazelcast-operator 111 | roleRef: 112 | kind: ClusterRole 113 | name: hazelcast-operator 114 | apiGroup: rbac.authorization.k8s.io 115 | -------------------------------------------------------------------------------- /hazelcast-operator/operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: hazelcast-operator 5 | labels: 6 | app.kubernetes.io/name: hazelcast-operator 7 | app.kubernetes.io/instance: hazelcast-operator 8 | app.kubernetes.io/managed-by: hazelcast-operator 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | app.kubernetes.io/name: hazelcast-operator 14 | template: 15 | metadata: 16 | labels: 17 | app.kubernetes.io/name: hazelcast-operator 18 | app.kubernetes.io/instance: hazelcast-operator 19 | app.kubernetes.io/managed-by: hazelcast-operator 20 | annotations: 21 | productID: hazelcast-operator 22 | productName: Hazelcast Operator 23 | productVersion: 0.3.8 24 | spec: 25 | serviceAccountName: hazelcast-operator 26 | securityContext: 27 | capabilities: 28 | drop: 29 | - ALL 30 | affinity: 31 | nodeAffinity: 32 | requiredDuringSchedulingIgnoredDuringExecution: 33 | nodeSelectorTerms: 34 | - matchExpressions: 35 | - key: beta.kubernetes.io/arch 36 | operator: In 37 | values: 38 | - amd64 39 | containers: 40 | - name: hazelcast-operator 41 | image: hazelcast/hazelcast-operator:0.3.8 42 | imagePullPolicy: Always 43 | env: 44 | - name: WATCH_NAMESPACE 45 | valueFrom: 46 | fieldRef: 47 | fieldPath: metadata.namespace 48 | - name: POD_NAME 49 | valueFrom: 50 | fieldRef: 51 | fieldPath: metadata.name 52 | - name: OPERATOR_NAME 53 | value: hazelcast-operator 54 | - name: RELATED_IMAGE_HAZELCAST 55 | value: hazelcast/hazelcast:5.0 56 | - name: RELATED_IMAGE_MANCENTER 57 | value: hazelcast/management-center:5.0 58 | resources: 59 | limits: 60 | cpu: "0.1" 61 | memory: 512Mi 62 | requests: 63 | cpu: "0.1" 64 | memory: 256Mi 65 | -------------------------------------------------------------------------------- /markdown/management-center.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hazelcast/hazelcast-operator/d3564675d74f17126f1489642ce2f3a96ace918d/markdown/management-center.png --------------------------------------------------------------------------------