├── .gitignore ├── README.md ├── etc └── scripts │ ├── catalog.sh │ ├── install-on-minikube.sh │ ├── install-on-minishift.sh │ ├── install.sh │ ├── knative_release.sh │ └── installation-functions.sh ├── maistra-operators.catalogsource.yaml └── LICENSE /.gitignore: -------------------------------------------------------------------------------- 1 | .repos/ 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # WARNING! 2 | 3 | This repo is becoming obsolete. For current knative operator work, see 4 | [this poorly-named repo](https://github.com/openshift-knative) instead. 5 | 6 | # Knative Operators 7 | 8 | To install everything on a fresh minishift: 9 | 10 | $ ./etc/scripts/install-on-minishift.sh 11 | 12 | To install everything on a fresh minikube: 13 | 14 | $ ./etc/scripts/install-on-minikube.sh 15 | 16 | To install everything on any OpenShift cluster: 17 | 18 | $ oc login <<< with plenty of admin creds >>> 19 | $ ./etc/scripts/install.sh 20 | -------------------------------------------------------------------------------- /etc/scripts/catalog.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | DIR=${DIR:-$(cd $(dirname "$0")/../../olm-catalog && pwd)} 4 | NAME=${NAME:-knative-operators} 5 | x=( $(echo $NAME | tr '-' ' ') ) 6 | DISPLAYNAME=${DISPLAYNAME:=${x[*]^}} 7 | 8 | indent() { 9 | INDENT=" " 10 | sed "s/^/$INDENT/" | sed "s/^${INDENT}\($1\)/${INDENT:0:-2}- \1/" 11 | } 12 | 13 | CRD=$(cat $(ls $DIR/*crd.yaml) | grep -v -- "---" | indent apiVersion) 14 | CSV=$(cat $(ls $DIR/*version.yaml) | indent apiVersion) 15 | PKG=$(cat $(ls $DIR/*package.yaml) | indent packageName) 16 | 17 | cat <&1 | grep -E "^E[0-9]{4}"; then 8 | echo "minikube is confused, check for conflicting vm's, e.g. minishift" 9 | exit -1 10 | fi 11 | if minikube status | head -1 | grep "Running" >/dev/null; then 12 | echo "Please stop your running minikube to acknowledge this script will destroy it." 13 | exit 1 14 | fi 15 | 16 | set -x 17 | 18 | KUBERNETES_VERSION=${KUBERNETES_VERSION:-v1.12.0} 19 | MEMORY=${MEMORY:-10240} 20 | CPUS=${CPUS:-4} 21 | DISK_SIZE=${DISK_SIZE:-50g} 22 | VM_DRIVER=${VM_DRIVER:-$(minikube config get vm-driver 2>/dev/null || echo "virtualbox")} 23 | 24 | # configure knative profile 25 | minikube profile knative 26 | minikube config set kubernetes-version ${KUBERNETES_VERSION} 27 | minikube config set memory ${MEMORY} 28 | minikube config set cpus ${CPUS} 29 | minikube config set disk-size ${DISK_SIZE} 30 | minikube config set vm-driver ${VM_DRIVER} 31 | 32 | # blow away everything in the knative profile 33 | minikube delete 34 | 35 | # Start minikube 36 | minikube start -p knative --extra-config=apiserver.enable-admission-plugins="LimitRanger,NamespaceExists,NamespaceLifecycle,ResourceQuota,ServiceAccount,DefaultStorageClass,MutatingAdmissionWebhook" 37 | 38 | if [ $? -eq 0 ]; then 39 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" 40 | "$DIR/install.sh" -q 41 | else 42 | echo "Failed to start minikube!" 43 | exit -1 44 | fi 45 | -------------------------------------------------------------------------------- /etc/scripts/install-on-minishift.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # WARNING: this totally destroys and recreates your `knative` profile, 4 | # thereby guaranteeing (hopefully) a clean environment upon successful 5 | # completion. 6 | 7 | if minishift status | head -1 | grep "Running" >/dev/null; then 8 | echo "Please stop your running minishift to acknowledge this script will destroy it." 9 | exit 1 10 | fi 11 | 12 | set -ex 13 | 14 | OPENSHIFT_VERSION=${OPENSHIFT_VERSION:-v3.11.0} 15 | MEMORY=${MEMORY:-10GB} 16 | CPUS=${CPUS:-4} 17 | DISK_SIZE=${DISK_SIZE:-50g} 18 | 19 | if [ -z "${VM_DRIVER}" ]; then 20 | # check for default driver 21 | VM_DRIVER=$(minishift config get vm-driver --profile minishift) 22 | if [ -z "$VM_DRIVER" ] || [ $VM_DRIVER = "" ]; then 23 | if [[ -z "${OSTYPE}" && $(uname) == "Darwin" ]] || [ "${OSTYPE#darwin}" != "${OSTYPE}" ]; then 24 | # set hyperkit as default on macOs 25 | VM_DRIVER="hyperkit" 26 | else 27 | # no driver to set 28 | VM_DRIVER="" 29 | fi 30 | fi 31 | fi 32 | 33 | # blow away everything in the knative profile 34 | minishift profile delete knative --force >/dev/null 2>&1 35 | 36 | # configure knative profile 37 | minishift profile set knative 38 | minishift config set openshift-version ${OPENSHIFT_VERSION} 39 | minishift config set memory ${MEMORY} 40 | minishift config set cpus ${CPUS} 41 | minishift config set disk-size ${DISK_SIZE} 42 | minishift config set image-caching true 43 | if [ -n "${VM_DRIVER}" ]; then 44 | minishift config set vm-driver ${VM_DRIVER} 45 | fi 46 | 47 | minishift addons enable admin-user 48 | 49 | # Start minishift 50 | minishift start 51 | 52 | eval "$(minishift oc-env)" 53 | 54 | oc login -u admin -p admin 55 | 56 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" 57 | "$DIR/install.sh" -q 58 | -------------------------------------------------------------------------------- /etc/scripts/install.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Attempts to install istio, knative, and OLM, ideally not in that order. 4 | 5 | if [ "$1" != "-q" ]; then 6 | echo 7 | echo " This script will attempt to install istio, knative, and OLM in your " 8 | echo " Kubernetes/OpenShift cluster." 9 | echo 10 | echo " If targeting OpenShift, a recent version of 'oc' should be available" 11 | echo " in your PATH. Otherwise, 'kubectl' will be used." 12 | echo 13 | echo " If using OpenShift 3.11 and your cluster isn't minishift, ensure" 14 | echo " \$KUBE_SSH_KEY and \$KUBE_SSH_USER are set" 15 | echo 16 | echo " Pass -q to disable this prompt" 17 | echo 18 | read -p "Enter to continue or Ctrl-C to exit: " 19 | fi 20 | 21 | set -x 22 | 23 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" 24 | 25 | source "$DIR/installation-functions.sh" 26 | 27 | enable_admission_webhooks 28 | install_olm 29 | install_catalogsources 30 | install_istio 31 | install_knative build 32 | install_knative serving 33 | install_knative eventing 34 | 35 | wait_for_deployment knative-build build-controller 36 | wait_for_all_pods knative-build 37 | wait_for_deployment knative-serving controller 38 | wait_for_all_pods knative-serving 39 | wait_for_deployment knative-eventing eventing-controller 40 | wait_for_all_pods knative-eventing 41 | 42 | enable_interaction_with_registry 43 | 44 | # skip tag resolving for internal registry 45 | # OpenShift 3 and 4 place the registry in different locations, hence 46 | # the additional two hostnames here 47 | $CMD patch configmap config-controller -n knative-serving --type merge -p '{"data":{"registriesSkippingTagResolving": "ko.local,dev.local,docker-registry.default.svc:5000,image-registry.openshift-image-registry.svc:5000"}}' 48 | 49 | if $CMD get ns openshift 2>/dev/null; then 50 | # Add Golang imagestreams to be able to build go based images 51 | oc import-image -n openshift golang --from=centos/go-toolset-7-centos7 --confirm 52 | oc import-image -n openshift golang:1.11 --from=centos/go-toolset-7-centos7 --confirm 53 | 54 | if ! oc project myproject 2>/dev/null; then 55 | oc new-project myproject 56 | fi 57 | # these perms are required by istio 58 | oc adm policy add-scc-to-user privileged -z default 59 | oc adm policy add-scc-to-user anyuid -z default 60 | else 61 | $CMD get ns myproject 2>/dev/null || $CMD create namespace myproject 62 | fi 63 | 64 | # show all the running pods 65 | $CMD get pods --all-namespaces 66 | -------------------------------------------------------------------------------- /etc/scripts/knative_release.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # This script mirrors the Knative images built by OpenShift CI to 6 | # quay.io. It also pushes tags to GitHub for each repository in the 7 | # release except knative-operators. 8 | # 9 | # For every new major or minor version, bump RELEASE_MAJOR_MINOR to 10 | # the correct value. If doing a patch release, the script may need to 11 | # be adjusted a bit. At a minimum, RELEASE_VERSION will need to be 12 | # updated to not assume the patch version is 0. 13 | # 14 | # Also check CI_TAGS and add/remove/rename any images if they've 15 | # changed since the last release. 16 | # 17 | # The definitive list of images for each repo in Knative can be found 18 | # by looking at the bottom of the build logs for each Knative release 19 | # promotion job at 20 | # https://openshift-gce-devel.appspot.com/jobs/origin-ci-test/logs/. 21 | # 22 | # For example, 23 | # https://openshift-gce-devel.appspot.com/builds/origin-ci-test/logs/branch-ci-openshift-knative-build-release-0.3-images/ 24 | # and then click on the most recent job for the 0.3 release branch, view the entire log, and you'll see lines like: 25 | # 26 | # 2019/02/19 21:41:32 Promoting tags to openshift/knative-v0.3:${component}: knative-build-controller, knative-build-creds-init, knative-build-git-init, knative-build-nop, knative-build-test-panic, knative-build-webhook 27 | # 28 | 29 | 30 | RELEASE_MAJOR_MINOR="0.3" 31 | 32 | RELEASE_VERSION="${RELEASE_MAJOR_MINOR}.0" 33 | RELEASE_BRANCH="release-${RELEASE_MAJOR_MINOR}" 34 | RELEASE_TAG="openshift-v${RELEASE_VERSION}" 35 | RELEASE_DOCKER_REPO="quay.io/openshift-knative/knative-${RELEASE_VERSION}" 36 | 37 | CI_DOCKER_REGISTRY="registry.svc.ci.openshift.org" 38 | CI_DOCKER_ORG="openshift" 39 | CI_DOCKER_IMAGE="knative-v${RELEASE_MAJOR_MINOR}" 40 | 41 | CI_TAGS=$(cat < /dev/null 95 | git tag -f ${RELEASE_TAG} 96 | git push origin ${RELEASE_TAG} 97 | popd > /dev/null 98 | done 99 | } 100 | 101 | function update_and_tag_repos(){ 102 | local tmpdir=$(mktemp -d) 103 | echo "Using ${tmpdir} as a temporary directory for repo clones" 104 | pushd $tmpdir > /dev/null 105 | 106 | tag_knative_forks ${RELEASE_VERSION} 107 | 108 | echo "Tagging Documentation with ${RELEASE_TAG}" 109 | git clone -q git@github.com:openshift-cloud-functions/Documentation.git 110 | pushd Documentation 111 | git tag -f ${RELEASE_TAG} 112 | git push -f origin ${RELEASE_TAG} 113 | popd 114 | 115 | popd > /dev/null 116 | 117 | # Just a sanity check before we rm -rf something... 118 | if [[ $(echo "${tmpdir}" | grep "/tmp/tmp") ]]; then 119 | rm -rf "${tmpdir}" 120 | fi 121 | } 122 | 123 | echo "Releasing OpenShift Knative ${RELEASE_VERSION}" 124 | 125 | push_knative_images 126 | 127 | update_and_tag_repos 128 | 129 | exit 0 130 | -------------------------------------------------------------------------------- /maistra-operators.catalogsource.yaml: -------------------------------------------------------------------------------- 1 | kind: ConfigMap 2 | apiVersion: v1 3 | metadata: 4 | name: maistra-operators 5 | 6 | data: 7 | customResourceDefinitions: |- 8 | - apiVersion: apiextensions.k8s.io/v1beta1 9 | kind: CustomResourceDefinition 10 | metadata: 11 | name: installations.istio.openshift.com 12 | spec: 13 | group: istio.openshift.com 14 | names: 15 | kind: Installation 16 | plural: installations 17 | singular: installation 18 | scope: Namespaced 19 | version: v1alpha1 20 | 21 | clusterServiceVersions: |- 22 | - apiVersion: operators.coreos.com/v1alpha1 23 | kind: ClusterServiceVersion 24 | metadata: 25 | name: maistra.v0.5.0 26 | spec: 27 | displayName: Maistra 28 | description: "Maistra, otherwise known as OpenShift Service Mesh, is Red Hat's version of Istio." 29 | keywords: ['service mesh', 'istio'] 30 | maintainers: 31 | - name: Red Hat 32 | email: istio-feedback@redhat.com 33 | provider: 34 | name: Red Hat 35 | links: 36 | - name: Documentation 37 | url: https://maistra.io 38 | installModes: 39 | - supported: true 40 | type: OwnNamespace 41 | - supported: true 42 | type: SingleNamespace 43 | - supported: false 44 | type: MultiNamespace 45 | - supported: true 46 | type: AllNamespaces 47 | install: 48 | strategy: deployment 49 | spec: 50 | permissions: 51 | - serviceAccountName: istio-operator 52 | rules: 53 | - apiGroups: 54 | - istio.openshift.com 55 | resources: 56 | - "*" 57 | verbs: 58 | - "*" 59 | - apiGroups: 60 | - "" 61 | resources: 62 | - pods 63 | - services 64 | - endpoints 65 | - persistentvolumeclaims 66 | - events 67 | - configmaps 68 | - secrets 69 | - securitycontextconstraints 70 | verbs: 71 | - "*" 72 | - apiGroups: 73 | - apps 74 | resources: 75 | - deployments 76 | - daemonsets 77 | - replicasets 78 | - statefulsets 79 | verbs: 80 | - "*" 81 | clusterPermissions: 82 | - serviceAccountName: istio-operator 83 | rules: 84 | - apiGroups: 85 | - '*' 86 | resources: 87 | - '*' 88 | verbs: 89 | - '*' 90 | - nonResourceURLs: 91 | - '*' 92 | verbs: 93 | - '*' 94 | deployments: 95 | - name: istio-operator 96 | spec: 97 | replicas: 1 98 | strategy: 99 | type: RollingUpdate 100 | selector: 101 | matchLabels: 102 | app: istio-operator 103 | template: 104 | metadata: 105 | labels: 106 | app: istio-operator 107 | spec: 108 | containers: 109 | - name: istio-operator 110 | image: maistra/istio-operator-centos7:0.5.0 111 | ports: 112 | - containerPort: 60000 113 | name: metrics 114 | command: 115 | - istio-operator 116 | imagePullPolicy: Always 117 | env: 118 | - name: WATCH_NAMESPACE 119 | valueFrom: 120 | fieldRef: 121 | fieldPath: metadata.namespace 122 | - name: OPERATOR_NAME 123 | value: "istio-operator" 124 | serviceAccountName: istio-operator 125 | maturity: alpha 126 | version: 0.5.0 127 | apiservicedefinitions: 128 | customresourcedefinitions: 129 | owned: 130 | - name: installations.istio.openshift.com 131 | version: v1alpha1 132 | kind: Installation 133 | displayName: Maistra Installation 134 | description: CRD representing Maistra installation options 135 | - apiVersion: operators.coreos.com/v1alpha1 136 | kind: ClusterServiceVersion 137 | metadata: 138 | name: maistra.v0.6.0 139 | spec: 140 | displayName: Maistra 141 | description: "Maistra, otherwise known as OpenShift Service Mesh, is Red Hat's version of Istio." 142 | keywords: ['service mesh', 'istio'] 143 | maintainers: 144 | - name: Red Hat 145 | email: istio-feedback@redhat.com 146 | provider: 147 | name: Red Hat 148 | links: 149 | - name: Documentation 150 | url: https://maistra.io 151 | installModes: 152 | - supported: true 153 | type: OwnNamespace 154 | - supported: true 155 | type: SingleNamespace 156 | - supported: false 157 | type: MultiNamespace 158 | - supported: true 159 | type: AllNamespaces 160 | install: 161 | strategy: deployment 162 | spec: 163 | permissions: 164 | - serviceAccountName: istio-operator 165 | rules: 166 | - apiGroups: 167 | - istio.openshift.com 168 | resources: 169 | - "*" 170 | verbs: 171 | - "*" 172 | - apiGroups: 173 | - "" 174 | resources: 175 | - pods 176 | - services 177 | - endpoints 178 | - persistentvolumeclaims 179 | - events 180 | - configmaps 181 | - secrets 182 | - securitycontextconstraints 183 | verbs: 184 | - "*" 185 | - apiGroups: 186 | - apps 187 | resources: 188 | - deployments 189 | - daemonsets 190 | - replicasets 191 | - statefulsets 192 | verbs: 193 | - "*" 194 | clusterPermissions: 195 | - serviceAccountName: istio-operator 196 | rules: 197 | - apiGroups: 198 | - '*' 199 | resources: 200 | - '*' 201 | verbs: 202 | - '*' 203 | - nonResourceURLs: 204 | - '*' 205 | verbs: 206 | - '*' 207 | deployments: 208 | - name: istio-operator 209 | spec: 210 | replicas: 1 211 | strategy: 212 | type: RollingUpdate 213 | selector: 214 | matchLabels: 215 | app: istio-operator 216 | template: 217 | metadata: 218 | labels: 219 | app: istio-operator 220 | spec: 221 | containers: 222 | - name: istio-operator 223 | image: maistra/istio-operator-centos7:0.6.0 224 | ports: 225 | - containerPort: 60000 226 | name: metrics 227 | command: 228 | - istio-operator 229 | imagePullPolicy: Always 230 | env: 231 | - name: WATCH_NAMESPACE 232 | valueFrom: 233 | fieldRef: 234 | fieldPath: metadata.namespace 235 | - name: OPERATOR_NAME 236 | value: "istio-operator" 237 | serviceAccountName: istio-operator 238 | maturity: alpha 239 | version: 0.6.0 240 | apiservicedefinitions: 241 | customresourcedefinitions: 242 | owned: 243 | - name: installations.istio.openshift.com 244 | version: v1alpha1 245 | kind: Installation 246 | displayName: Maistra Installation 247 | description: CRD representing Maistra installation options 248 | 249 | packages: |- 250 | - packageName: maistra 251 | channels: 252 | - name: alpha 253 | currentCSV: maistra.v0.6.0 254 | --- 255 | apiVersion: operators.coreos.com/v1alpha1 256 | kind: CatalogSource 257 | metadata: 258 | name: maistra-operators 259 | spec: 260 | sourceType: internal 261 | configMap: maistra-operators 262 | displayName: Maistra Operators 263 | publisher: Red Hat 264 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /etc/scripts/installation-functions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # This is a function library, expected to be source'd 4 | 5 | # These are the versions in the OLM Subscriptions, but they will be 6 | # updated to the currentCSV version in the corresponding package in 7 | # the catalog source. 8 | KNATIVE_SERVING_VERSION=v0.5.1 9 | KNATIVE_BUILD_VERSION=v0.5.0 10 | KNATIVE_EVENTING_VERSION=v0.5.0 11 | 12 | readonly ISTIO_IMAGE_REPO="docker.io/istio/" 13 | readonly ISTIO_PATCH_VERSION="1.0.7" 14 | 15 | INSTALL_SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" 16 | 17 | CMD=kubectl 18 | if hash oc 2>/dev/null; then 19 | CMD=$_ 20 | fi 21 | 22 | # Loops until duration (car) is exceeded or command (cdr) returns success 23 | function timeout() { 24 | SECONDS=0; TIMEOUT=$1; shift 25 | until eval $*; do 26 | sleep 5 27 | [[ $SECONDS -gt $TIMEOUT ]] && echo "ERROR: Timed out" && exit -1 28 | done 29 | } 30 | 31 | # Waits for all pods in the given namespace to complete successfully. 32 | function wait_for_all_pods { 33 | timeout 300 "$CMD get pods -n $1 && [[ \$($CMD get pods -n $1 2>&1 --no-headers | grep -c -v -E '(Running|Completed|Terminating)') -eq 0 ]]" 34 | } 35 | 36 | # Waits for a particular deployment to have all its pods available 37 | # usage: wait_for_deployment namespace name 38 | function wait_for_deployment { 39 | timeout 300 "$CMD get deploy -n $1 && [[ \$($CMD get deploy -n $1 | grep -E '[1-9]\d*\s+\S+$' | grep -c $2) -eq 1 ]]" 40 | } 41 | 42 | function show_server { 43 | if [ "$CMD" = "oc" ]; then 44 | $CMD whoami --show-server 45 | else 46 | $CMD cluster-info | head -1 47 | fi 48 | } 49 | 50 | function olm_namespace { 51 | $CMD get pods --all-namespaces | grep olm-operator | head -1 | awk '{print $1}' 52 | } 53 | 54 | function check_minishift { 55 | (hash minishift && 56 | minishift ip | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" && 57 | show_server | grep "$(minishift ip)" 58 | ) >/dev/null 2>&1 59 | } 60 | 61 | function check_minikube { 62 | (hash minikube && 63 | minikube ip | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" && 64 | show_server | grep "$(minikube ip)" 65 | ) >/dev/null 2>&1 66 | } 67 | 68 | function check_openshift_4 { 69 | if $CMD api-resources >/dev/null; then 70 | $CMD api-resources | grep machineconfigs | grep machineconfiguration.openshift.io > /dev/null 2>&1 71 | else 72 | ($CMD get ns openshift && $CMD version | tail -1 | grep "v1.12") >/dev/null 2>&1 73 | fi 74 | } 75 | 76 | function check_operatorgroups { 77 | $CMD get crd operatorgroups.operators.coreos.com >/dev/null 2>&1 78 | } 79 | 80 | function enable_admission_webhooks { 81 | if check_openshift_4; then 82 | echo "Detected OpenShift 4 - skipping enabling admission webhooks" 83 | elif check_minikube; then 84 | echo "Detected minikube - assuming admission webhooks enabled via --extra-config" 85 | elif check_minishift; then 86 | echo "Detected minishift - checking if admission webhooks are enabled." 87 | if ! minishift openshift config view --target=kube | grep ValidatingAdmissionWebhook >/dev/null; then 88 | echo "Admission webhooks are not enabled - enabling now." 89 | minishift openshift config set --target=kube --patch '{ 90 | "admissionConfig": { 91 | "pluginConfig": { 92 | "ValidatingAdmissionWebhook": { 93 | "configuration": { 94 | "apiVersion": "apiserver.config.k8s.io/v1alpha1", 95 | "kind": "WebhookAdmission", 96 | "kubeConfigFile": "/dev/null" 97 | } 98 | }, 99 | "MutatingAdmissionWebhook": { 100 | "configuration": { 101 | "apiVersion": "apiserver.config.k8s.io/v1alpha1", 102 | "kind": "WebhookAdmission", 103 | "kubeConfigFile": "/dev/null" 104 | } 105 | } 106 | } 107 | } 108 | }' 109 | # wait until the kube-apiserver is restarted 110 | until oc login -u admin -p admin 2>/dev/null; do sleep 5; done; 111 | else 112 | echo "Admission webhooks are already enabled." 113 | fi 114 | elif [ "$KUBE_SSH_USER" != "" ]; then 115 | echo "Attempting to enable admission webhooks via SSH." 116 | API_SERVER=$($CMD config view --minify | grep server | awk -F'//' '{print $2}' | awk -F':' '{print $1}') 117 | 118 | ssh $KUBE_SSH_USER@$API_SERVER -i $KUBE_SSH_KEY /bin/bash <<- EOF 119 | sudo -i 120 | cp -n /etc/origin/master/master-config.yaml /etc/origin/master/master-config.yaml.backup 121 | oc ex config patch /etc/origin/master/master-config.yaml --type=merge -p '{ 122 | "admissionConfig": { 123 | "pluginConfig": { 124 | "ValidatingAdmissionWebhook": { 125 | "configuration": { 126 | "apiVersion": "apiserver.config.k8s.io/v1alpha1", 127 | "kind": "WebhookAdmission", 128 | "kubeConfigFile": "/dev/null" 129 | } 130 | }, 131 | "MutatingAdmissionWebhook": { 132 | "configuration": { 133 | "apiVersion": "apiserver.config.k8s.io/v1alpha1", 134 | "kind": "WebhookAdmission", 135 | "kubeConfigFile": "/dev/null" 136 | } 137 | } 138 | } 139 | } 140 | }' >/etc/origin/master/master-config.yaml.patched 141 | if [ $? == 0 ]; then 142 | mv /etc/origin/master/master-config.yaml.patched /etc/origin/master/master-config.yaml 143 | /usr/local/bin/master-restart api && /usr/local/bin/master-restart controllers 144 | else 145 | exit 146 | fi 147 | EOF 148 | 149 | if [ $? == 0 ]; then 150 | # wait until the kube-apiserver is restarted 151 | until oc status 2>/dev/null; do sleep 5; done 152 | else 153 | echo 'Remote command failed; check $KUBE_SSH_USER and/or $KUBE_SSH_KEY' 154 | return -1 155 | fi 156 | else 157 | echo "Unable to enable admission webhooks - if necessary, set KUBE_SSH_USER and retry" 158 | fi 159 | } 160 | 161 | function install_olm { 162 | if check_openshift_4; then 163 | echo "Detected OpenShift 4 - skipping OLM installation." 164 | elif $CMD get ns "operator-lifecycle-manager" 2>/dev/null; then 165 | echo "Detected OpenShift 3 with an older OLM already installed." 166 | # we'll assume this is v3.11.0, which doesn't support 167 | # OperatorGroups, or ClusterRoles in the CSV, so... 168 | oc adm policy add-cluster-role-to-user cluster-admin system:serviceaccount:istio-operator:istio-operator 169 | oc adm policy add-cluster-role-to-user cluster-admin system:serviceaccount:knative-build:build-controller 170 | oc adm policy add-cluster-role-to-user cluster-admin system:serviceaccount:knative-serving:controller 171 | oc adm policy add-cluster-role-to-user cluster-admin system:serviceaccount:knative-eventing:default 172 | elif [ "$(olm_namespace)" = "" ]; then 173 | $CMD apply -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/0.9.0/olm.yaml 174 | wait_for_all_pods olm 175 | # perms required by the OLM console: $OLM_DIR/scripts/run_console_local.sh 176 | # oc adm policy add-cluster-role-to-user cluster-admin system:serviceaccount:kube-system:default 177 | else 178 | echo "Detected OLM - skipping installation" 179 | fi 180 | } 181 | 182 | function install_catalogsources { 183 | local ROOT_DIR="$INSTALL_SCRIPT_DIR/../.." 184 | local OLM_NS=$(olm_namespace) 185 | $CMD apply -n "$OLM_NS" -f https://raw.githubusercontent.com/openshift/knative-serving/release-${KNATIVE_SERVING_VERSION}/openshift/olm/knative-serving.catalogsource.yaml 186 | $CMD apply -n "$OLM_NS" -f https://raw.githubusercontent.com/openshift/knative-build/release-${KNATIVE_BUILD_VERSION}/openshift/olm/knative-build.catalogsource.yaml 187 | $CMD apply -n "$OLM_NS" -f https://raw.githubusercontent.com/openshift/knative-eventing/release-${KNATIVE_EVENTING_VERSION}/openshift/olm/knative-eventing.catalogsource.yaml 188 | $CMD apply -f "$ROOT_DIR/maistra-operators.catalogsource.yaml" -n "$OLM_NS" 189 | timeout 120 "$CMD get pods -n $OLM_NS | grep knative" 190 | timeout 120 "$CMD get pods -n $OLM_NS | grep maistra" 191 | wait_for_all_pods "$OLM_NS" 192 | } 193 | 194 | function install_istio { 195 | if $CMD get ns "istio-system" 2>/dev/null; then 196 | echo "Detected istio - skipping installation" 197 | elif check_minikube; then 198 | echo "Detected minikube - incompatible with Maistra operator, so installing upstream istio." 199 | $CMD apply -f "https://github.com/knative/serving/releases/download/${KNATIVE_SERVING_VERSION}/istio-crds.yaml" && \ 200 | $CMD apply -f "https://github.com/knative/serving/releases/download/${KNATIVE_SERVING_VERSION}/istio.yaml" 201 | wait_for_all_pods istio-system 202 | else 203 | $CMD create ns istio-operator 204 | if check_operatorgroups; then 205 | cat <<-EOF | $CMD apply -f - 206 | apiVersion: operators.coreos.com/v1 207 | kind: OperatorGroup 208 | metadata: 209 | name: istio-operator 210 | namespace: istio-operator 211 | EOF 212 | fi 213 | cat <<-EOF | $CMD apply -f - 214 | apiVersion: operators.coreos.com/v1alpha1 215 | kind: Subscription 216 | metadata: 217 | name: maistra 218 | namespace: istio-operator 219 | spec: 220 | channel: alpha 221 | name: maistra 222 | source: maistra-operators 223 | sourceNamespace: $(olm_namespace) 224 | EOF 225 | wait_for_all_pods istio-operator 226 | 227 | cat <<-EOF | $CMD apply -f - 228 | apiVersion: istio.openshift.com/v1alpha1 229 | kind: Installation 230 | metadata: 231 | namespace: istio-operator 232 | name: istio-installation 233 | spec: 234 | istio: 235 | authentication: false 236 | community: true 237 | kiali: 238 | username: admin 239 | password: admin 240 | prefix: kiali/ 241 | EOF 242 | timeout 900 '$CMD get pods -n istio-system && [[ $($CMD get pods -n istio-system | grep openshift-ansible-istio-installer | grep -c Completed) -gt 0 ]]' 243 | 244 | # Scale down unused services deployed by the istio operator. The 245 | # jaeger pods will fail anyway due to the elasticsearch pod failing 246 | # due to "max virtual memory areas vm.max_map_count [65530] is too 247 | # low, increase to at least [262144]" which could be mitigated on 248 | # minishift with: 249 | # minishift ssh "echo 'echo vm.max_map_count = 262144 >/etc/sysctl.d/99-elasticsearch.conf' | sudo sh" 250 | $CMD scale -n istio-system --replicas=0 deployment/grafana 251 | $CMD scale -n istio-system --replicas=0 deployment/jaeger-collector 252 | $CMD scale -n istio-system --replicas=0 deployment/jaeger-query 253 | $CMD scale -n istio-system --replicas=0 statefulset/elasticsearch 254 | 255 | patch_istio_for_knative 256 | fi 257 | } 258 | 259 | function install_knative { 260 | local version 261 | case $1 in 262 | build) 263 | version=$KNATIVE_BUILD_VERSION 264 | ;; 265 | serving) 266 | version=$KNATIVE_SERVING_VERSION 267 | ;; 268 | eventing) 269 | version=$KNATIVE_EVENTING_VERSION 270 | ;; 271 | *) 272 | echo "Pass one of 'build', 'serving', or 'eventing'" 273 | return -1 274 | ;; 275 | esac 276 | local COMPONENT="knative-$1" 277 | if $CMD get ns ${COMPONENT} 2>/dev/null 1>&2; then 278 | echo "${COMPONENT} namespace exists - reapplying resources" 279 | else 280 | $CMD create ns ${COMPONENT} 281 | fi 282 | if check_operatorgroups; then 283 | cat <<-EOF | $CMD apply -f - 284 | apiVersion: operators.coreos.com/v1 285 | kind: OperatorGroup 286 | metadata: 287 | name: ${COMPONENT} 288 | namespace: ${COMPONENT} 289 | EOF 290 | fi 291 | cat <<-EOF | $CMD apply -f - 292 | apiVersion: operators.coreos.com/v1alpha1 293 | kind: Subscription 294 | metadata: 295 | name: ${COMPONENT}-subscription 296 | generateName: ${COMPONENT}- 297 | namespace: ${COMPONENT} 298 | spec: 299 | source: ${COMPONENT}-operator 300 | sourceNamespace: $(olm_namespace) 301 | name: ${COMPONENT}-operator 302 | startingCSV: ${COMPONENT}-operator.${version} 303 | channel: alpha 304 | EOF 305 | } 306 | 307 | function enable_interaction_with_registry() { 308 | if check_openshift_4; then 309 | local ns=${1:-knative-serving} 310 | local configmap_name=config-service-ca 311 | local cert_name=service-ca.crt 312 | local mount_path=/var/run/secrets/kubernetes.io/servicecerts 313 | 314 | $CMD -n $ns create configmap $configmap_name 315 | $CMD -n $ns annotate configmap $configmap_name service.alpha.openshift.io/inject-cabundle="true" 316 | timeout 180 '$CMD -n $ns get cm $configmap_name -oyaml | grep $cert_name' 317 | $CMD -n $ns set volume deployment/controller --add --name=service-ca --configmap-name=$configmap_name --mount-path=$mount_path 318 | $CMD -n $ns set env deployment/controller SSL_CERT_FILE=$mount_path/$cert_name 319 | else 320 | echo "Registry configuration only required for OCP4" 321 | fi 322 | } 323 | 324 | function patch_istio_for_knative() { 325 | local sidecar_config=$($CMD get configmap -n istio-system istio-sidecar-injector -o yaml) 326 | if [[ -z "${sidecar_config}" ]]; then 327 | return 1 328 | fi 329 | echo "${sidecar_config}" | grep lifecycle 330 | if [[ $? -eq 1 ]]; then 331 | echo "Patching Istio's preStop hook for graceful shutdown" 332 | echo "${sidecar_config}" | sed 's/\(name: istio-proxy\)/\1\\n lifecycle:\\n preStop:\\n exec:\\n command: [\\"sh\\", \\"-c\\", \\"sleep 20; while [ $(netstat -plunt | grep tcp | grep -v envoy | wc -l | xargs) -ne 0 ]; do sleep 1; done\\"]/' | $CMD replace -f - 333 | $CMD delete pod -n istio-system -l istio=sidecar-injector 334 | wait_for_all_pods istio-system 335 | fi 336 | 337 | # Patch the sidecar injector configmap up to $ISTIO_PATCH_VERSION 338 | oc get -n istio-system configmap/istio-sidecar-injector -o yaml | sed "s/:1.0.[[:digit:]]\+/:${ISTIO_PATCH_VERSION}/g" | oc replace -f - 339 | 340 | # Ensure Istio $ISTIO_PATCH_VERSION is used everywhere 341 | echo "Patching Istio images up to $ISTIO_PATCH_VERSION" 342 | patch_istio_deployment istio-galley 0 galley || return 1 343 | patch_istio_deployment istio-egressgateway 0 proxyv2 || return 1 344 | patch_istio_deployment istio-ingressgateway 0 proxyv2 || return 1 345 | patch_istio_deployment istio-policy 0 mixer || return 1 346 | patch_istio_deployment istio-policy 1 proxyv2 || return 1 347 | patch_istio_deployment istio-telemetry 0 mixer || return 1 348 | patch_istio_deployment istio-telemetry 1 proxyv2 || return 1 349 | patch_istio_deployment istio-pilot 0 pilot || return 1 350 | patch_istio_deployment istio-pilot 1 proxyv2 || return 1 351 | patch_istio_deployment istio-citadel 0 citadel || return 1 352 | patch_istio_deployment istio-sidecar-injector 0 sidecar_injector || return 1 353 | 354 | wait_for_deployment istio-system istio-galley 355 | wait_for_all_pods istio-system || return 1 356 | } 357 | 358 | function patch_istio_deployment() { 359 | local deployment="$1" 360 | local containerIndex=$2 361 | local imageName=$3 362 | oc patch -n istio-system deployment/${deployment} --type json -p "[{\"op\": \"replace\", \"path\": \"/spec/template/spec/containers/${containerIndex}/image\", \"value\":\"${ISTIO_IMAGE_REPO}${imageName}:${ISTIO_PATCH_VERSION}\"}]" 363 | } 364 | --------------------------------------------------------------------------------