├── .github ├── PULL_REQUEST_TEMPLATE.md └── workflows │ └── makecommit.yml ├── .gitignore ├── .kubeconfig ├── Dockerfile ├── LICENSE ├── Makefile ├── OWNERS ├── OWNERS_ALIASES ├── README.md ├── deploy ├── acm-policies │ ├── 00-openshift-acm-policies.Namespace.yaml │ ├── 50-GENERATED-backplane-acs.Policy.yaml │ ├── 50-GENERATED-backplane-cee-sp.Policy.yaml │ ├── 50-GENERATED-backplane-cee.Policy.yaml │ ├── 50-GENERATED-backplane-cse-sp.Policy.yaml │ ├── 50-GENERATED-backplane-cse.Policy.yaml │ ├── 50-GENERATED-backplane-csm-sp.Policy.yaml │ ├── 50-GENERATED-backplane-csm.Policy.yaml │ ├── 50-GENERATED-backplane-elevated-sre.Policy.yaml │ ├── 50-GENERATED-backplane-lpsre-sp.Policy.yaml │ ├── 50-GENERATED-backplane-lpsre.Policy.yaml │ ├── 50-GENERATED-backplane-mcs-tier-two-sp.Policy.yaml │ ├── 50-GENERATED-backplane-mcs-tier-two.Policy.yaml │ ├── 50-GENERATED-backplane-mobb-sp.Policy.yaml │ ├── 50-GENERATED-backplane-mobb.Policy.yaml │ ├── 50-GENERATED-backplane-srep-sp.Policy.yaml │ ├── 50-GENERATED-backplane-srep.Policy.yaml │ ├── 50-GENERATED-backplane-tam-sp.Policy.yaml │ ├── 50-GENERATED-backplane-tam.Policy.yaml │ ├── 50-GENERATED-backplane.Policy.yaml │ ├── 50-GENERATED-ccs-dedicated-admins-sp.Policy.yaml │ ├── 50-GENERATED-ccs-dedicated-admins.Policy.yaml │ ├── 50-GENERATED-customer-registry-cas.Policy.yaml │ ├── 50-GENERATED-hosted-uwm.Policy.yaml │ ├── 50-GENERATED-hypershift-ovn-logging.Policy.yaml │ ├── 50-GENERATED-osd-backplane-managed-scripts.Policy.yaml │ ├── 50-GENERATED-osd-cluster-admin.Policy.yaml │ ├── 50-GENERATED-osd-customer-monitoring.Policy.yaml │ ├── 50-GENERATED-osd-delete-backplane-script-resources.Policy.yaml │ ├── 50-GENERATED-osd-delete-backplane-serviceaccounts-sp.Policy.yaml │ ├── 50-GENERATED-osd-delete-backplane-serviceaccounts.Policy.yaml │ ├── 50-GENERATED-osd-logging-unsupported.Policy.yaml │ ├── 50-GENERATED-osd-must-gather-operator.Policy.yaml │ ├── 50-GENERATED-osd-openshift-operators-redhat.Policy.yaml │ ├── 50-GENERATED-osd-pcap-collector.Policy.yaml │ ├── 50-GENERATED-osd-project-request-template.Policy.yaml │ ├── 50-GENERATED-osd-user-workload-monitoring-sp.Policy.yaml │ ├── 50-GENERATED-osd-user-workload-monitoring.Policy.yaml │ ├── 50-GENERATED-rbac-permissions-operator-config-sp.Policy.yaml │ ├── 50-GENERATED-rbac-permissions-operator-config.Policy.yaml │ ├── 50-GENERATED-rosa-console-branding.Policy.yaml │ ├── 50-GENERATED-rosa-ingress-certificate-check.Policy.yaml │ ├── 50-GENERATED-rosa-ingress-certificate-policies.Policy.yaml │ └── config.yaml ├── aws-ssm-agent │ ├── 01-machineconfig.yaml │ ├── README.md │ └── config.yaml ├── backplane │ ├── 10-backplane-readers-cluster.ClusterRole.yml │ ├── OWNERS │ ├── README.md │ ├── acs-integration │ │ ├── 01-acs-integration-rhacs-observability-role.yml │ │ ├── 01-acs-integration-rhacs-observability-rolebinding.yml │ │ └── config.yaml │ ├── acs │ │ ├── 00-acs-admin.namespace.yaml │ │ ├── 01-acs-admins-cluster.ClusterRole.yaml │ │ ├── 01-acs-admins-project.ClusterRole.yaml │ │ ├── 02-acs-admins.SubjectPermission.yaml │ │ ├── 02-acs-openshift-ingress-role.yml │ │ ├── 02-acs-openshift-ingress-rolebinding.yml │ │ ├── 03-acs-openshift-monitoring-role.yml │ │ ├── 03-acs-openshift-monitoring-rolebinding.yml │ │ ├── 04-acs-openshift-console-role.yml │ │ ├── 04-acs-openshift-console-rolebinding.yml │ │ ├── 05-acs-rhacs-observability-role.yml │ │ ├── 05-acs-rhacs-observability-rolebinding.yml │ │ ├── 06-acs-openshift-gitops-role.yml │ │ ├── 06-acs-openshift-gitops-rolebinding.yml │ │ └── config.yaml │ ├── cee │ │ ├── 00-cee.namespace.yml │ │ ├── 01-cee-cluster-readers-cluster.ClusterRole.yml │ │ ├── 01-cee-monitoring-role.yml │ │ ├── 02-cee-monitoring-rolebinding.yml │ │ ├── 20-cee-mustgather.Role.yml │ │ ├── 30-cee-mustgather.RoleBinding.yml │ │ ├── 30-cee-pcap-collector.Role.yml │ │ ├── 40-cee.SubjectPermission.yml │ │ ├── 60-cee-pcap-collector.RoleBinding.yml │ │ ├── config.yaml │ │ └── hypershift │ │ │ ├── management-cluster │ │ │ ├── 10-cee-management-cluster-cluster.ClusterRole.yml │ │ │ ├── 20-cee.SubjectPermission.yml │ │ │ └── config.yaml │ │ │ └── service-cluster │ │ │ ├── 10-cee-service-cluster-cluster.ClusterRole.yml │ │ │ ├── 20-cee.SubjectPermission.yml │ │ │ └── config.yaml │ ├── config.yaml │ ├── configuration-anomaly-detection │ │ └── README.md │ ├── csa │ │ ├── 00-csa.namespace.yml │ │ ├── 20-csa.SubjectPermission.yml │ │ └── config.yaml │ ├── cse │ │ ├── 00-cse.namespace.yml │ │ ├── 20-cse.SubjectPermission.yml │ │ └── config.yaml │ ├── csm │ │ ├── 00-csm.namespace.yml │ │ ├── 01-csm-cluster-readers-cluster.ClusterRole.yml │ │ ├── 20-csm-mustgather.Role.yml │ │ ├── 30-csm-mustgather.RoleBinding.yml │ │ ├── 30-csm-pcap-collector.Role.yml │ │ ├── 40-csm.SubjectPermission.yml │ │ ├── 60-csm-pcap-collector.RoleBinding.yml │ │ └── config.yaml │ ├── elevated-sre │ │ ├── 00-impersonate-cluster-admin.ClusterRole.yml │ │ ├── 10-impersonate-cluster-admin.ClusterRoleBinding.yml │ │ ├── 20-cluster-admin.User.yml │ │ ├── 30-cluster-admin.ClusterRoleBinding.yml │ │ └── config.yaml │ ├── hybridsre-hcp │ │ └── hypershift │ │ │ └── management-cluster │ │ │ ├── 00-hybridsre-hcp.namespace.yml │ │ │ ├── 20-hybridsre-hcp.SubjectPermission.yml │ │ │ └── config.yaml │ ├── lpsre │ │ ├── 00-lpsre.namespace.yml │ │ ├── 01-lpsre-admins-cluster.ClusterRole.yaml │ │ ├── 02-lpsre-monitoring-role.yml │ │ ├── 02-lpsre-monitoring-rolebinding.yml │ │ ├── 10-lpsre-addon-operator-cluster.ClusterRole.yml │ │ ├── 10-lpsre-addon-operator-olm-project.ClusterRole.yml │ │ ├── 10-lpsre-monitoring-project.ClusterRole.yml │ │ ├── 15-lpsre-package-operator-cluster.ClusterRole.yaml │ │ ├── 15-lpsre-package-operator-project.ClusterRole.yaml │ │ ├── 15-lpsre-package-operator.SubjectPermission.yml │ │ ├── 20-lpsre-mustgather.Role.yml │ │ ├── 30-lpsre-mustgather.RoleBinding.yml │ │ ├── 40-lpsre.SubjectPermission.yml │ │ ├── acm │ │ │ ├── 01-acm-lpsre-admins.SubjectPermission.yaml │ │ │ ├── 02-acm-lpsre-admins-project.ClusterRole.yaml │ │ │ └── config.yaml │ │ ├── acs │ │ │ ├── 01-acs-lpsre-admins.SubjectPermission.yaml │ │ │ ├── 02-acs-lpsre-admins-project.ClusterRole.yaml │ │ │ └── config.yaml │ │ ├── cert-manager │ │ │ ├── 01-cert-manager-lpsre-project.SubjectPermission.yaml │ │ │ └── config.yaml │ │ ├── config.yaml │ │ ├── dynatrace │ │ │ ├── 01-lpsre-dynatrace.Role.yml │ │ │ ├── 02-lpsre-dynatrace.RoleBinding.yml │ │ │ ├── config.yaml │ │ │ └── otel │ │ │ │ ├── 01-lpsre-otel.Role.yml │ │ │ │ ├── 02-lpsre-otel.RoleBinding.yml │ │ │ │ └── config.yaml │ │ ├── hypershift │ │ │ ├── config.yaml │ │ │ └── management-cluster │ │ │ │ ├── 10-lpsre-management-cluster-cluster.ClusterRole.yml │ │ │ │ ├── 10-lpsre.SubjectPermission.yml │ │ │ │ └── config.yaml │ │ ├── managed-odh │ │ │ ├── 10-lpsre-odh-admins.SubjectPermission.yml │ │ │ └── config.yaml │ │ ├── non-hypershift │ │ │ ├── 20-lpsre-addon-operator.SubjectPermission.yml │ │ │ └── config.yaml │ │ ├── ocs-consumer │ │ │ ├── 01-ocs-consumer-cr-project.ClusterRole.yml │ │ │ ├── 10-lpsre-ocs-consumer-admins.SubjectPermission.yml │ │ │ └── config.yaml │ │ ├── ocs-converged │ │ │ ├── 10-lpsre-ocs-converged-admins.SubjectPermission.yml │ │ │ └── config.yaml │ │ ├── ocs-provider │ │ │ ├── 01-ocs-provider-cr-project.ClusterRole.yml │ │ │ ├── 10-lpsre-ocs-provider-admins.SubjectPermission.yml │ │ │ └── config.yaml │ │ ├── reference-addon │ │ │ ├── 10-lpsre-reference-addon-admins.SubjectPermission.yml │ │ │ └── config.yaml │ │ ├── rhmi │ │ │ ├── 01-rhmi-lpsre-admins-cluster-aggregate.ClusterRole.yaml │ │ │ ├── 01-rhmi-lpsre-admins-project.ClusterRole.yaml │ │ │ ├── 02-rhmi-lpsre-admins.SubjectPermission.yml │ │ │ └── config.yaml │ │ └── rhoam │ │ │ ├── 01-rhoam-lpsre-admins-cluster-aggregate.ClusterRole.yaml │ │ │ ├── 01-rhoam-lpsre-admins-project.ClusterRole.yaml │ │ │ ├── 02-rhoam-lpsre-admins.SubjectPermission.yml │ │ │ └── config.yaml │ ├── mcg │ │ ├── 00-mcg.namespace.yml │ │ ├── config.yaml │ │ └── mcg-osd │ │ │ ├── 01-mcg-osd-cr-project.ClusterRole.yml │ │ │ ├── 10-mcg-mcg-osd-admins.SubjectPermission.yml │ │ │ └── config.yaml │ ├── mcs-tier-two │ │ ├── 00-mcs-tier-two.namespace.yml │ │ ├── 01-mcs-tier-two-cluster-readers-cluster.ClusterRole.yml │ │ ├── 01-mcs-tier-two-monitoring-role.yml │ │ ├── 02-mcs-tier-two-monitoring-rolebinding.yml │ │ ├── 20-mcs-tier-two-mustgather.Role.yml │ │ ├── 30-mcs-tier-two-mustgather.RoleBinding.yml │ │ ├── 30-mcs-tier-two-pcap-collector.Role.yml │ │ ├── 40-mcs-tier-two.SubjectPermission.yml │ │ ├── 60-mcs-tier-two-pcap-collector.RoleBinding.yml │ │ ├── config.yaml │ │ └── hypershift │ │ │ ├── management-cluster │ │ │ ├── 10-mcs-tier-two-management-cluster-cluster.ClusterRole.yml │ │ │ ├── 20-mcs-tier-two.SubjectPermission.yml │ │ │ └── config.yaml │ │ │ └── service-cluster │ │ │ ├── 10-mcs-tier-two-service-cluster-cluster.ClusterRole.yml │ │ │ ├── 20-mcs-tier-two.SubjectPermission.yml │ │ │ └── config.yaml │ ├── mobb │ │ ├── 00-mobb.namespace.yml │ │ ├── 01-mobb-cluster-readers-cluster.ClusterRole.yml │ │ ├── 20-mobb-mustgather.Role.yml │ │ ├── 30-mobb-mustgather.RoleBinding.yml │ │ ├── 30-mobb-pcap-collector.Role.yml │ │ ├── 40-mobb.SubjectPermission.yml │ │ ├── 60-mobb-pcap-collector.RoleBinding.yml │ │ └── config.yaml │ ├── nvidia-gpu │ │ ├── 00-nvidia-gpu.namespace.yml │ │ ├── config.yaml │ │ └── nvidia-gpu │ │ │ ├── 10-nvidia-gpu-admins.SubjectPermission.yml │ │ │ └── config.yaml │ ├── odf-sre │ │ ├── 00-odf-sre.namespace.yml │ │ ├── 20-odf-sre.SubjectPermission.yml │ │ ├── config.yaml │ │ ├── ocs-consumer │ │ │ ├── 01-odf-sre-ocs-consumer-project.ClusterRole.yml │ │ │ ├── 10-odf-sre.SubjectPermission.yml │ │ │ └── config.yaml │ │ └── ocs-provider │ │ │ ├── 01-odf-sre-ocs-provider-project.ClusterRole.yml │ │ │ ├── 10-odf-sre.SubjectPermission.yml │ │ │ └── config.yaml │ ├── odf │ │ ├── 00-odf.namespace.yml │ │ ├── config.yaml │ │ ├── ocs-consumer │ │ │ ├── 10-odf-ocs-consumer-admins.SubjectPermission.yml │ │ │ └── config.yaml │ │ └── ocs-provider │ │ │ ├── 10-odf-ocs-provider-admins.SubjectPermission.yml │ │ │ └── config.yaml │ ├── sdcicd │ │ ├── 00-sdcicd.namespace.yml │ │ ├── 01-sdcicd-read-only-cluster.ClusterRole.yml │ │ ├── 10-sdcicd-read-only-cluster.ClusterRole.yml │ │ ├── 20-sdcicd.SubjectPermission.yml │ │ ├── 40-sdcicd.SubjectPermission.yml │ │ └── config.yaml │ ├── srep │ │ ├── 00-srep.namespace.yml │ │ ├── 10-srep-admins-cluster.ClusterRole.yml │ │ ├── 10-srep-admins-project.ClusterRole.yml │ │ ├── 10-srep-muo.Role.yml │ │ ├── 10-srep-mustgather.Role.yml │ │ ├── 20-srep-muo.RoleBinding.yml │ │ ├── 20-srep-mustgather.RoleBinding.yml │ │ ├── 20-srep.SubjectPermission.yml │ │ ├── 30-cee-pcap-collector.Role.yml │ │ ├── 40-cee-pcap-collector.RoleBinding.yml │ │ ├── config.yaml │ │ ├── dynatrace │ │ │ ├── 10-srep-dynatrace.Role.yml │ │ │ ├── 20-srep-dynatrace.RoleBinding.yml │ │ │ ├── config.yaml │ │ │ └── opentelemetry │ │ │ │ ├── 10-srep-opentelemetry.Role.yml │ │ │ │ ├── 20-srep-opentelemetry.RoleBinding.yml │ │ │ │ └── config.yaml │ │ ├── fedramp │ │ │ ├── 10-srep-fedramp-muo.Role.yml │ │ │ ├── 20-srep-fedramp-muo.RoleBinding.yml │ │ │ ├── 30-srep-fedramp.SubjectPermission.yml │ │ │ └── config.yaml │ │ ├── hive │ │ │ ├── 10-srep-hive-project.ClusterRole.yml │ │ │ ├── 20-srep.SubjectPermission.yml │ │ │ └── config.yaml │ │ └── hypershift │ │ │ ├── management-cluster │ │ │ ├── 10-srep-management-cluster-cluster.ClusteRole.yml │ │ │ ├── 10-srep-management-cluster-project.ClusteRole.yml │ │ │ ├── 20-srep.SubjectPermission.yml │ │ │ └── config.yaml │ │ │ └── service-cluster │ │ │ ├── 10-srep-service-cluster-cluster.ClusteRole.yml │ │ │ ├── 10-srep-service-cluster-project.ClusteRole.yml │ │ │ ├── 20-srep.SubjectPermission.yml │ │ │ └── config.yaml │ └── tam │ │ ├── 00-tam.namespace.yml │ │ ├── 01-tam-cluster-readers-cluster.ClusterRole.yml │ │ ├── 20-tam-mustgather.Role.yml │ │ ├── 30-tam-mustgather.RoleBinding.yml │ │ ├── 30-tam-pcap-collector.Role.yml │ │ ├── 40-tam.SubjectPermission.yml │ │ ├── 60-tam-pcap-collector.RoleBinding.yml │ │ └── config.yaml ├── ccs-dedicated-admins │ ├── 03-dedicated-admins-manage-operators.ClusterRole.yaml │ ├── 50-dedicated-admins-customer-monitoring.SubjectPermission.yaml │ ├── OWNERS │ └── config.yaml ├── cloud-ingress-operator-configuration │ ├── OWNERS │ ├── apischeme │ │ ├── 10-rh-api.apischeme.yaml │ │ └── config.yaml │ └── routerreplicas-osd-8028 │ │ ├── 10-routerreplics.ingresscontroller.yaml │ │ └── config.yaml ├── cluster-ingress-backplane │ ├── 00-ingress.config.yaml │ └── config.yaml ├── cluster-ingress-hive │ ├── 00-ingress.config.yaml │ └── config.yaml ├── cluster-ingress │ ├── 00-ingress.config.yaml │ └── config.yaml ├── cluster-monitoring-config-non-uwm │ ├── 50-GENERATED-cluster-monitoring-config.yaml │ ├── OWNERS │ ├── README.md │ ├── clusters-v4.5 │ │ ├── 50-GENERATED-cluster-monitoring-config.yaml │ │ └── config.yaml │ ├── config.yaml │ ├── management-clusters │ │ ├── 50-GENERATED-cluster-monitoring-config.yaml │ │ └── config.yaml │ └── pre-4.11 │ │ ├── 50-GENERATED-cluster-monitoring-config.yaml │ │ └── config.yaml ├── cluster-monitoring-config │ ├── 50-GENERATED-cluster-monitoring-config.yaml │ ├── OWNERS │ ├── README.md │ ├── config.yaml │ ├── management-clusters │ │ ├── 50-GENERATED-cluster-monitoring-config.yaml │ │ └── config.yaml │ └── pre-4.11 │ │ ├── 50-GENERATED-cluster-monitoring-config.yaml │ │ └── config.yaml ├── crio-config │ ├── 01-containerruntimeconfig.yaml │ └── config.yaml ├── crio-loglinking │ ├── 01-machineconfig.yaml │ └── config.yaml ├── customer-registry-cas │ ├── 10-dedicated-admins-registry-cas.ClusterRole.yaml │ ├── 15-dedicated-admins-registry-cas.Role.yaml │ ├── 20-dedicated-admins-registry-cas.ClusterRoleBinding.yaml │ ├── 25-dedicated-admins-registry-cas.RoleBinding.yaml │ └── config.yaml ├── hosted-uwm │ ├── 05-role.yaml │ ├── 06-rolebinding.yaml │ └── config.yaml ├── hs-delete-custom-cmo-config │ ├── 00-hs-delete-custom-cmo.Namespace.yaml │ ├── 01-hs-delete-custom-cmo.ServiceAccount.yaml │ ├── 02-hs-delete-custom-cmo.ClusterRole.yaml │ ├── 03-hs-delete-custom-cmo.ClusterRoleBinding.yaml │ ├── 10-hs-delete-custom-cmo.Job.yaml │ └── config.yaml ├── hypershift-namespace-labels │ ├── 01-openshift-observability-operator.patch.yaml │ ├── 02-openshift-monitoring.patch.yaml │ ├── README.md │ └── config.yaml ├── hypershift-obo-alertmanager-config │ ├── README.md │ ├── config.yaml │ └── hypershift-obo-alertmanager-config.secret.yaml ├── hypershift-obo-nodeselector-tolerations │ ├── config.yaml │ ├── obo-prometheus.nodeSelector.patch.yaml │ └── obo-prometheus.tolerations.patch.yaml ├── hypershift-ovn-logging │ ├── config.yaml │ └── ovn-logging-label.Policy.yaml ├── hypershift-sre-metric-set │ ├── config.yaml │ └── sre-metric-set.yaml ├── insights-integration │ ├── 01-support.Secret.yaml │ └── config.yaml ├── insights-staging │ ├── 01-support.Secret.yaml │ └── config.yaml ├── itn-2024-00255-camo-unsafefailforward │ ├── 10-openshift-cluster-monitoring-operatorgroup.patch.yaml │ └── config.yaml ├── kubelet-config │ ├── 01-kubelet-config.yaml │ ├── config.yaml │ ├── disable-debugging-handlers-masters │ │ ├── 01-disable-debugging-handlers-masters.KubeletConfig.yaml │ │ └── config.yaml │ ├── disable-debugging-handlers-workers │ │ ├── 01-disable-debugging-handlers-workers.KubeletConfig.yaml │ │ └── config.yaml │ └── pre-4.9 │ │ ├── 01-patch.machineconfigpool.yaml │ │ ├── 02-patch.machineconfigpool.yaml │ │ ├── 03-kubelet-config.yaml │ │ └── config.yaml ├── managed-upgrade-operator-config │ ├── 10-managed-upgrade-operator-configmap.yaml │ ├── 4.5 │ │ ├── 10-managed-upgrade-operator-configmap.yaml │ │ └── config.yaml │ ├── 4.6 │ │ ├── 10-managed-upgrade-operator-configmap.yaml │ │ └── config.yaml │ ├── 4.7 │ │ ├── 10-managed-upgrade-operator-configmap.yaml │ │ └── config.yaml │ ├── OWNERS │ ├── README.md │ ├── config.yaml │ └── hypershift-mc │ │ ├── 10-managed-upgrade-operator-configmap.yaml │ │ └── config.yaml ├── managed-velero-operator-rolebinding │ ├── 111-velero.Role.yaml │ ├── 116-velero.RoleBinding.yaml │ └── config.yaml ├── management-cluster-prometheus-metrics │ ├── 50-GENERATED-cluster-monitoring-config.yaml │ └── config.yaml ├── ocm-agent-operator-managedfleetnotifications │ ├── OWNERS │ ├── README.md │ ├── audit-webhook-error-putting-minimized-cloudwatch-log.yaml │ ├── config.yaml │ └── oidc-deleted-limited-support.yaml ├── ocm-agent-operator-managednotifications │ ├── 10-managednotifications-cr.yaml │ ├── 10-managednotifications-proxy-cr.yaml │ ├── 10-managednotifications-upgrade-cr.yaml │ ├── OWNERS │ ├── README.md │ ├── config.yaml │ ├── node-condition │ │ ├── 100-sre-node-condition-managed-notification.ManagedNotification.yaml │ │ └── config.yaml │ └── unsupported-logging │ │ ├── 10-managednotifications-cr.yaml │ │ └── config.yaml ├── ocpbugs-1341-pod-network-connectivity-check-leak │ ├── 00-OCPBUGS-1341.ServiceAccount.yaml │ ├── 01-OCPBUGS-1341.Role.yaml │ ├── 02-OCPBUGS-1341.RoleBinding.yaml │ ├── 03-OCPBUGS-1341.ClusterRoleBinding.yaml │ ├── OWNERS │ ├── README.md │ ├── config.yaml │ ├── no-seccomp │ │ ├── 10-OCPBUGS-1341.CronJob.yaml │ │ └── config.yaml │ └── seccomp │ │ ├── 10-OCPBUGS-1341.CronJob.yaml │ │ └── config.yaml ├── ocpbugs-15043 │ ├── 00-ocpbugs-15043.ServiceAccount.yaml │ ├── 01-ocpbugs-15043.Role.yaml │ ├── 02-ocpbugs-15043.RoleBinding.yaml │ ├── 03-ocpbugs-15043.configmap.yaml │ ├── 10-ocpbugs-15043.CronJob.yaml │ ├── config.yaml │ └── script.sh ├── ocpbugs-20184 │ ├── 00-ocpbugs-20184.ServiceAccount.yaml │ ├── 01-ocpbugs-20184.Role.yaml │ ├── 02-ocpbugs-20184.RoleBinding.yaml │ ├── 10-ocpbugs-20184.CronJob.yaml │ └── config.yaml ├── ocpbugs-773 │ ├── 00-OCPBUGS-773.ServiceAccount.yaml │ ├── 01-OCPBUGS-773.ClusterRole.yaml │ ├── 03-OCPBUGS-773.ClusterRoleBinding.yaml │ ├── OWNERS │ ├── README.md │ ├── config.yaml │ ├── no-seccomp │ │ ├── 10-OCPBUGS-773.CronJob.yaml │ │ └── config.yaml │ └── seccomp │ │ ├── 10-OCPBUGS-773.CronJob.yaml │ │ └── config.yaml ├── odf-prom-restart │ ├── 00-mtsre-1450.ServiceAccount.yaml │ ├── 01-mtsre-1450.Role.yaml │ ├── 02-mtsre-1450.RoleBinding.yaml │ ├── 10-mtsre-1450.cronjob.yaml │ └── config.yaml ├── osd-25821-capa-annotator │ ├── 00-Namespace.yaml │ ├── 01-ClusterRole.yaml │ ├── 02-ServiceAccount.yaml │ ├── 03-ClusterRoleBinding.yaml │ ├── 04-ConfigMap.yaml │ ├── 10-CronJob-4-14.yaml │ ├── 10-CronJob-4-15.yaml │ ├── 10-CronJob-4-16.yaml │ ├── 10-CronJob-4-17.yaml │ ├── README.md │ ├── config.yaml │ ├── generate_configmap.sh │ ├── patch.sh │ ├── should_patch.py │ └── tests.py ├── osd-aquasec-operator │ ├── 00-namespace.yaml │ ├── 01-operatorgroup.yaml │ ├── 02-role.yaml │ ├── 03-rolebinding.yaml │ ├── 10-clusterrole-image-scanner.yaml │ ├── 11-clusterrolebinding-image-scanner.yaml │ ├── OWNERS │ └── config.yaml ├── osd-avo-resources │ ├── OWNERS │ └── fedramp-vpc-endpoints │ │ ├── us-gov-east-1 │ │ ├── 00-osd-avo-VpcEndpoint.yaml │ │ └── config.yaml │ │ └── us-gov-west-1 │ │ ├── 00-osd-avo-VpcEndpoint.yaml │ │ └── config.yaml ├── osd-backplane-managed-scripts │ ├── 00-openshift-backplane-managed-scripts.Namespace.yml │ ├── 10-openshift-backplane-managed-scripts.ClusterRole.yml │ ├── 20-openshift-backplane-managed-scripts.ClusterRoleBinding.yml │ └── config.yaml ├── osd-channel-patch │ ├── README.md │ ├── candidate-4.10 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── candidate-4.11 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── candidate-4.12 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── candidate-4.13 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── candidate-4.14 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── candidate-4.15 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── candidate-4.16 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── candidate-4.17 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── candidate-4.18 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── candidate-4.19 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── candidate-4.5 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── candidate-4.6 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── candidate-4.7 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── candidate-4.8 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── candidate-4.9 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── fast-4.10 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── fast-4.11 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── fast-4.12 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── fast-4.13 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── fast-4.14 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── fast-4.15 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── fast-4.16 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── fast-4.17 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── fast-4.18 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── fast-4.19 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── fast-4.5 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── fast-4.6 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── fast-4.7 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── fast-4.8 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── fast-4.9 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── nightly │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── stable-4.10 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── stable-4.11 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── stable-4.12 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── stable-4.13 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── stable-4.14 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── stable-4.15 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── stable-4.16 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── stable-4.17 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── stable-4.18 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── stable-4.19 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── stable-4.5 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── stable-4.6 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── stable-4.7 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ ├── stable-4.8 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml │ └── stable-4.9 │ │ ├── 01-patch.clusterversion.yaml │ │ └── config.yaml ├── osd-cluster-acks │ ├── OWNERS │ ├── README.md │ ├── gcp │ │ └── 4.15 │ │ │ ├── config.yaml │ │ │ └── osd-gcp-ack_CloudCredential.yaml │ ├── ocp │ │ ├── 4.12 │ │ │ ├── admin-gates.yaml │ │ │ └── config.yaml │ │ ├── 4.13 │ │ │ ├── admin-gates.yaml │ │ │ └── config.yaml │ │ ├── 4.14 │ │ │ ├── admin-gates.yaml │ │ │ └── config.yaml │ │ ├── 4.16 │ │ │ ├── admin-gates.yaml │ │ │ └── config.yaml │ │ ├── 4.19 │ │ │ ├── admin-gates.yaml │ │ │ └── config.yaml │ │ └── 4.9 │ │ │ ├── admin-gates.yaml │ │ │ └── config.yaml │ ├── sts │ │ ├── 4.10 │ │ │ ├── config.yaml │ │ │ └── osd-sts-ack_CloudCredential.yaml │ │ ├── 4.11 │ │ │ ├── config.yaml │ │ │ └── osd-sts-ack_CloudCredential.yaml │ │ ├── 4.12 │ │ │ ├── config.yaml │ │ │ └── osd-sts-ack_CloudCredential.yaml │ │ ├── 4.13 │ │ │ ├── config.yaml │ │ │ └── osd-sts-ack_CloudCredential.yaml │ │ ├── 4.14 │ │ │ ├── config.yaml │ │ │ └── osd-sts-ack_CloudCredential.yaml │ │ ├── 4.15 │ │ │ ├── config.yaml │ │ │ └── osd-sts-ack_CloudCredential.yaml │ │ ├── 4.16 │ │ │ ├── config.yaml │ │ │ └── osd-sts-ack_CloudCredential.yaml │ │ ├── 4.17 │ │ │ ├── config.yaml │ │ │ └── osd-sts-ack_CloudCredential.yaml │ │ ├── 4.18 │ │ │ ├── config.yaml │ │ │ └── osd-sts-ack_CloudCredential.yaml │ │ ├── 4.19 │ │ │ ├── config.yaml │ │ │ └── osd-sts-ack_CloudCredential.yaml │ │ └── 4.9 │ │ │ ├── config.yaml │ │ │ └── osd-sts-ack_4.9_CloudCredential.yaml │ └── wif │ │ ├── 4.18 │ │ ├── config.yaml │ │ └── osd-wif-ack_CloudCredential.yaml │ │ └── 4.19 │ │ ├── config.yaml │ │ └── osd-wif-ack_CloudCredential.yaml ├── osd-cluster-admin │ ├── 03-cluster-admin.ClusterRoleBinding.yaml │ ├── OWNERS │ └── config.yaml ├── osd-cluster-ready │ ├── 10-osd-ready.ServiceAccount.yaml │ ├── 20-osd-ready.openshift-monitoring.Role.yaml │ ├── 25-osd-ready.openshift-monitoring.RoleBinding.yaml │ ├── 30-osd-ready.openshift-machine-api.Role.yaml │ ├── 35-osd-ready.openshift-machine-api.RoleBinding.yaml │ ├── 40-osd-ready.openshift-config.Role.yaml │ ├── 45-osd-ready.openshift-config.RoleBinding.yaml │ ├── 50-osd-ready.ClusterRole.yaml │ ├── 55-osd-ready.ClusterRoleBinding.yaml │ ├── config.yaml │ └── job │ │ ├── 10-osd-ready.Job.yaml │ │ └── config.yaml ├── osd-codeready-workspaces │ ├── 00-namespace.yaml │ ├── 01-operatorgroup.yaml │ ├── 05-role.yaml │ ├── 06-rolebinding.yaml │ ├── OWNERS │ └── config.yaml ├── osd-console-branding │ ├── config.yaml │ ├── osd-branding.console.Patch.yaml │ └── telemetry │ │ ├── config.yaml │ │ └── osd-branding.console.Patch.yaml ├── osd-curated-operatorsources-revert │ ├── 00-operatorhub.cr.yaml │ ├── 00-osd-patch-subscription-source.ServiceAccount.yaml │ ├── 01-osd-patch-subscription-source.ClusterRole.yaml │ ├── 02-osd-patch-subscription-source.ClusterRoleBinding.yaml │ ├── 10-osd-patch-subscription-source.CronJob.yaml │ ├── OWNERS │ ├── README.md │ └── config.yaml ├── osd-curated-operatorsources │ ├── 00-operatorhub.cr.yaml │ ├── OWNERS │ └── config.yaml ├── osd-custom-domains │ ├── 01-dedicated-admins-cluster.ClusterRole.yaml │ ├── OWNERS │ └── config.yaml ├── osd-customer-monitoring │ ├── 00-namespace.yaml │ ├── 01-operatorgroup.yaml │ ├── 05-prometheus-k8s-role.yaml │ ├── 05-role.yaml │ ├── 06-prometheus-k8s-rolebinding.yaml │ ├── 06-rolebinding.yaml │ ├── OWNERS │ └── config.yaml ├── osd-delete-backplane-remediation-rbacs │ ├── 00-delete-backplane-remediation-rbacs.namespace.yml │ ├── 10-delete-backplane-remediation-rbacs.rbac.yaml │ ├── 15-delete-backplane-remediation-rbacs.rbac.yaml │ ├── 20-delete-backplane-remediation-rbacs.CronJob.yaml │ └── config.yaml ├── osd-delete-backplane-script-resources │ ├── 00-delete-backplane-script-resources.namespace.yml │ ├── 10-delete-backplane-script-resources.rbac.yaml │ ├── 20-delete-backplane-script-resources.CronJob.yaml │ └── config.yaml ├── osd-delete-backplane-serviceaccounts │ ├── 00-delete-backplane-serviceaccounts.namespace.yml │ ├── 10-delete-backplane-serviceaccounts.rbac.yaml │ ├── 15-delete-backplane-serviceaccounts.SubjectPermission.yaml │ ├── 20-delete-backplane-serviceaccounts.CronJob.yaml │ └── config.yaml ├── osd-fedramp-cluster-monitoring-config │ ├── 50-GENERATED-cluster-monitoring-config.yaml │ ├── OWNERS │ └── config.yaml ├── osd-fedramp-machineconfig │ ├── chrony-pre-4.14 │ │ ├── 00-fedramp-chrony-master.yaml │ │ ├── 00-fedramp-chrony-worker.yaml │ │ └── config.yaml │ ├── chrony │ │ ├── 00-fedramp-chrony-master.yaml │ │ ├── 00-fedramp-chrony-worker.yaml │ │ └── config.yaml │ ├── int │ │ └── pre-4.15 │ │ │ ├── 51-master-rh-registry-trust.yaml │ │ │ ├── 51-worker-rh-registry-trust.yaml │ │ │ └── config.yaml │ ├── prod │ │ └── pre-4.15 │ │ │ ├── 51-master-rh-registry-trust.yaml │ │ │ ├── 51-worker-rh-registry-trust.yaml │ │ │ └── config.yaml │ └── stg │ │ └── pre-4.15 │ │ ├── 51-master-rh-registry-trust.yaml │ │ ├── 51-worker-rh-registry-trust.yaml │ │ └── config.yaml ├── osd-fedramp-managed-upgrade-operator-config │ ├── 10-managed-upgrade-operator-configmap.yaml │ ├── OWNERS │ ├── config.yaml │ ├── customer-clusters │ │ ├── 10-managed-upgrade-operator-configmap.yaml │ │ └── config.yaml │ └── hive-prod01 │ │ ├── 10-managed-upgrade-operator-configmap.yaml │ │ └── config.yaml ├── osd-fedramp-motd │ ├── 00-fedramp-motd.yaml │ └── config.yaml ├── osd-gcp-ssd-storage │ ├── cluster-storage-gcp-ssd.yaml │ ├── config.yaml │ └── gcp-dedicated-admin │ │ ├── 01-osd-gcp-storage-dedicated-admin.yaml │ │ └── config.yaml ├── osd-hsts-routes │ ├── config.yaml │ ├── hsts-alertmanager.Route.patch.yaml │ ├── hsts-console.Route.patch.yaml │ ├── hsts-prometheus.Route.patch.yaml │ ├── hsts-thanos.Route.patch.yaml │ └── pre-4.11 │ │ ├── config.yaml │ │ └── hsts-grafana.Route.patch.yaml ├── osd-ingress │ ├── OWNERS │ ├── controller │ │ ├── config.yaml │ │ └── router-infraNodes.patch.yaml │ └── routerreplicas-osd-20989 │ │ ├── 10-routerreplics.ingresscontroller.yaml │ │ └── config.yaml ├── osd-legacy-ingress-feature-labeller │ ├── 00-osd-legacy-ingress-feature-labeller.ServiceAccount.yaml │ ├── 01-osd-legacy-ingress-feature-labeller.ClusterRole.yaml │ ├── 02-osd-legacy-ingress-feature-labeller.ClusterRoleBinding.yaml │ ├── 10-osd-legacy-ingress-feature-labeller.CronJob.yaml │ └── config.yaml ├── osd-limited-support │ ├── 00-limited-support.ConfigMap.yaml │ └── config.yaml ├── osd-logging │ ├── 00-namespace.yaml │ ├── 01-operatorgroup.yaml │ ├── 02-curator.configmap.yaml │ ├── OWNERS │ ├── README.md │ ├── config.yaml │ ├── supported │ │ ├── 03-storage-quota.yaml │ │ ├── 05-role.yaml │ │ ├── 06-rolebinding.yaml │ │ └── config.yaml │ └── unsupported │ │ ├── 00-namespace.yaml │ │ ├── 05-role.yaml │ │ ├── 06-rolebinding.yaml │ │ └── config.yaml ├── osd-ls-banner │ ├── 10-limited-support-consolenotification.yaml │ └── config.yaml ├── osd-machine-api │ ├── 010-machine-api.srep-infra-healthcheck.MachineHealthCheck.yaml │ ├── 011-machine-api.srep-worker-healthcheck.MachineHealthCheck.yaml │ ├── 012-machine-api.srep-metal-worker-healthcheck.MachineHealthCheck.yaml │ ├── OWNERS │ ├── config.yaml │ └── management-clusters │ │ ├── 011-machine-api.srep-worker-healthcheck.MachineHealthCheck.yaml │ │ └── config.yaml ├── osd-managed-resources │ ├── OWNERS │ ├── README.md │ ├── config.yaml │ ├── managed-namespaces.ConfigMap.yaml │ └── ocp-namespaces.ConfigMap.yaml ├── osd-must-gather-operator │ ├── 01-openshift-must-gather-operator.Namespace.yaml │ └── config.yaml ├── osd-namespace-labels │ ├── 10-openshift-kube-apiserver.patch.yaml │ ├── 10-openshift-operator-lifecycle-manager.patch.yaml │ ├── README.md │ └── config.yaml ├── osd-netnamespaces │ ├── 01-dedicated-admins-cluster.ClusterRole.yaml │ └── config.yaml ├── osd-oauth-templates-errors │ ├── OWNERS │ ├── config.yaml │ └── osd-oauth-templates-errors.secret.yaml ├── osd-oauth-templates-login │ ├── OWNERS │ ├── config.yaml │ └── osd-oauth-templates-login.secret.yaml ├── osd-oauth-templates-providers │ ├── OWNERS │ ├── config.yaml │ └── osd-oauth-templates-providers.secret.yaml ├── osd-oauth-templates │ ├── config.yaml │ ├── ohss-2561-hypershift │ │ ├── README.md │ │ ├── config.yaml │ │ └── hive-integration-oauth.patch.yaml │ ├── ohss-2561 │ │ ├── README.md │ │ ├── config.yaml │ │ └── hive-integration-oauth.patch.yaml │ └── osd-oauth-templates.patch.yaml ├── osd-openshift-operators-redhat │ ├── 00-namespace.yaml │ ├── 10-rolebindings.yaml │ └── config.yaml ├── osd-pcap-collector │ ├── 04-pcap-dedicated-admins-scc.yaml │ ├── 05-pcap-dedicated-admins-ClusterRole.yaml │ ├── 06-pcap-dedicated-admins-ClusterRoleBind.yaml │ └── config.yaml ├── osd-project-request-template │ ├── 02-role.dedicated-admins-project-request.yaml │ ├── 03-rolebinding.dedicated-admins-project-request.yaml │ ├── config.yaml │ └── nonhypershift │ │ ├── 04-patch.label-default-namespace.yaml │ │ ├── README.md │ │ └── config.yaml ├── osd-rebalance-infra-nodes │ ├── 00-osd-rebalance-infra-nodes.ServiceAccount.yaml │ ├── 01-osd-rebalance-infra-nodes.ClusterRole.yaml │ ├── 01-osd-rebalance-infra-nodes.ClusterRoleBinding.yaml │ ├── 02-osd-rebalance-infra-nodes-openshift-dns.Role.yaml │ ├── 02-osd-rebalance-infra-nodes-openshift-dns.RoleBinding.yaml │ ├── 03-osd-rebalance-infra-nodes-openshift-monitoring.Role.yaml │ ├── 03-osd-rebalance-infra-nodes-openshift-monitoring.RoleBinding.yaml │ ├── 04-osd-rebalance-infra-nodes-openshift-user-workload-monitoring.Role.yaml │ ├── 04-osd-rebalance-infra-nodes-openshift-user-workload-monitoring.RoleBinding.yaml │ ├── 05-osd-rebalance-infra-nodes-openshift-security.Role.yaml │ ├── 05-osd-rebalance-infra-nodes-openshift-security.RoleBinding.yaml │ ├── 06-openshift-image-registry-pod-rebalance.RoleBinding.yaml │ ├── 06-openshift-monitoring-pod-rebalance.RoleBinding.yaml │ ├── 06-openshift-must-gather-operator-pod-rebalance.RoleBinding.yaml │ ├── 06-openshift-network-operator-pod-rebalance.RoleBinding.yaml │ ├── 06-openshift-rbac-permissions-pod-rebalance.RoleBinding.yaml │ ├── 06-openshift-route-monitor-operator-pod-rebalance.RoleBinding.yaml │ ├── 06-openshift-splunk-forwarder-operator-pod-rebalance.RoleBinding.yaml │ ├── 06-osd-rebalance-infra-nodes-openshift-pod-rebalance.ClusterRole.yaml │ ├── 07-osd-rebalance-infra-nodes.ConfigMap.yaml │ ├── 10-osd-rebalance-infra-nodes.CronJob.yaml │ ├── README.md │ ├── config.yaml │ ├── non-fr-sts-wif-privatelink │ │ ├── 00-openshift-cloud-ingress-operator-pod-rebalance.RoleBinding.yaml │ │ └── config.yaml │ ├── non-fr-sts-wif │ │ ├── 00-openshift-velero-pod-rebalance.RoleBinding.yaml │ │ └── config.yaml │ └── non-fr │ │ ├── 00-openshift-managed-node-metadata-operator-pod-rebalance.RoleBinding.yaml │ │ ├── 00-openshift-ocm-agent-operator-pod-rebalance.RoleBinding.yaml │ │ ├── 00-openshift-osd-metrics-pod-rebalance.RoleBinding.yaml │ │ ├── 06-openshift-custom-domains-operator-pod-rebalance.RoleBinding.yaml │ │ └── config.yaml ├── osd-registry │ ├── OWNERS │ ├── cluster.Config.patch.yaml │ └── config.yaml ├── osd-route-monitor-operator │ ├── 100-openshift-route-monitor-operator.api.ClusterUrlMonitor.yaml │ ├── 100-openshift-route-monitor-operator.console.RouteMonitor.yaml │ ├── OWNERS │ ├── README.md │ ├── config.yaml │ └── management-cluster │ │ ├── 100-openshift-route-monitor-operator.api.ClusterUrlMonitor.yaml │ │ ├── README.md │ │ └── config.yaml ├── osd-samesite-cookie │ ├── config.yaml │ ├── pre-4.11 │ │ ├── config.yaml │ │ └── ss-grafana.Route.patch.yaml │ ├── ss-alertmanager.Route.patch.yaml │ ├── ss-console.Route.patch.yaml │ ├── ss-prometheus.Route.patch.yaml │ └── ss-thanos.Route.patch.yaml ├── osd-serviceaccounts │ ├── 00-serviceaccounts.yaml │ ├── README.md │ ├── aws │ │ ├── 00-serviceaccounts.yaml │ │ ├── README.md │ │ └── config.yaml │ ├── config.yaml │ ├── cronjob │ │ ├── 00-osd-delete-ownerrefs.ServiceAccount.yaml │ │ ├── 01-osd-delete-ownerrefs.ClusterRole.yaml │ │ ├── 02-osd-delete-ownerrefs.ClusterRoleBinding.yaml │ │ ├── 10-osd-delete-ownerrefs.CronJob.yaml │ │ └── config.yaml │ ├── nonsts-nonwif-private-link-psc │ │ ├── 00-serviceaccounts.yaml │ │ ├── README.md │ │ └── config.yaml │ ├── sts │ │ ├── 00-serviceaccounts.yaml │ │ ├── README.md │ │ └── config.yaml │ └── wif │ │ ├── 00-serviceaccounts.yaml │ │ ├── README.md │ │ └── config.yaml ├── osd-suricata │ └── hypershift-management-cluster │ │ ├── 00-osd-suricata-Namespace.yaml │ │ ├── 04-osd-suricata-ServiceAccount.yaml │ │ ├── 05-osd-suricata-scc-SecurityContextConstraint.yaml │ │ ├── 10-osd-suricata-Role.yaml │ │ ├── 10-osd-suricata-RoleBinding.yaml │ │ ├── 15-configmap.yaml │ │ ├── 20-osd-suricata-Daemonset.yaml │ │ ├── OWNERS │ │ └── config.yaml ├── osd-user-workload-monitoring │ ├── 01-dedicated-admins-uwm-config-edit.RoleBinding.yaml │ ├── 02-dedicated-admins-uwm-cm-role.Role.yaml │ ├── 03-dedicated-admins-uwm-cm-rolebinding.RoleBinding.yaml │ ├── 04-dedicated-admins-uwm-am-secret-role.Role.yaml │ ├── 05-dedicated-admins-uwm-am-secret-rolebinding.RoleBinding.yaml │ ├── 06-dedicated-admins-alert-route-editing.SubjectPermission.yaml │ └── config.yaml ├── rbac-permissions-operator-config │ ├── 00-dedicated-admin.Namespace.yaml │ ├── 03-dedicated-admins-cluster.ClusterRole.yaml │ ├── 03-dedicated-admins-project.ClusterRole.yaml │ ├── 05-dedicated-admins-aggregate-cluster.ClusterRole.yaml │ ├── 05-dedicated-admins-aggregate-project.ClusterRole.yaml │ ├── 05-dedicated-readers.ClusterRole.yaml │ ├── 05-osd-readers.ClusterRole.yaml │ ├── 07-dedicated-admins-cluster.ClusterRoleBinding.yaml │ ├── 10-dedicated-admins-operators.Role.yaml │ ├── 10-dedicated-admins-operators.RoleBinding.yaml │ ├── 20-dedicated-admins-marketplace.Role.yaml │ ├── 20-dedicated-admins-marketplace.RoleBinding.yaml │ ├── 30-dedicated-admins-dns.Role.yaml │ ├── 30-dedicated-admins-dns.RoleBinding.yaml │ ├── 50-dedicated-admins-serviceaccounts.SubjectPermission.yaml │ ├── 50-dedicated-admins.SubjectPermission.yaml │ ├── 60-dedicated-admin-openshift-namespaces.SubjectPermission.yaml │ ├── 60-dedicated-admins-openshift-namespaces-serviceaccounts.SubjectPermission.yaml │ ├── OWNERS │ └── config.yaml ├── resource-quotas │ ├── 10-patch.namespace.openshift-etcd.yaml │ ├── 10-patch.namespace.openshift-ingress.yaml │ ├── 10-patch.namespace.openshift-kube-apiserver.yaml │ ├── 10-patch.namespace.openshift-monitoring.yaml │ ├── Makefile │ ├── OWNERS │ ├── README.md │ ├── config.yaml │ ├── functions.mk │ └── values.mk ├── rhoai │ ├── README.md │ ├── config.yaml │ └── rhods-prometheus-viewer.ClusterRoleBinding.yaml ├── rosa-console-branding │ ├── OWNERS │ ├── config.yaml │ ├── rosa-branding.Console.yaml │ └── telemetry │ │ ├── config.yaml │ │ └── osd-branding.console.Patch.yaml ├── rosa-console-legacy-branding-configmap │ ├── OWNERS │ ├── config.yaml │ └── rosa-brand-logo.yaml ├── rosa-console-legacy-branding │ ├── OWNERS │ ├── config.yaml │ └── rosa-branding.Console.yaml ├── rosa-ingress-certificate-check │ ├── 01-ingress-default.Policy.yaml │ └── config.yaml ├── rosa-ingress-certificate-policies │ ├── 00-ingress-default.Policy.yaml │ ├── 01-rosa-ingress-certificate.Policy.yaml │ └── config.yaml ├── rosa-oauth-templates-errors │ ├── OWNERS │ ├── config.yaml │ └── rosa-oauth-templates-errors.secret.yaml ├── rosa-oauth-templates-login │ ├── OWNERS │ ├── config.yaml │ └── rosa-oauth-templates-login.secret.yaml ├── rosa-oauth-templates-policies │ ├── 00-openshift-acm-policies.Namespace.yaml │ ├── 50-rosa-oauth-tpl-errors.Policy.yaml │ ├── 50-rosa-oauth-tpl-login.Policy.yaml │ ├── 50-rosa-oauth-tpl-providers.Policy.yaml │ └── config.yaml ├── rosa-oauth-templates-providers │ ├── OWNERS │ ├── config.yaml │ └── rosa-oauth-templates-providers.secret.yaml ├── rosa-oauth-templates │ ├── OWNERS │ ├── config.yaml │ └── rosa-oauth-templates.OAuth.yaml ├── sdn-ovn-migration │ ├── 100-network-live-migration.PrometheusRule.yaml │ └── config.yaml ├── sre-prometheus │ ├── 100-alertmanager-silence-active.PrometheusRule.yaml │ ├── 100-cluster-version-operator.PrometheusRule.yaml │ ├── 100-configure-alertmanager-operator.PrometheusRule.yaml │ ├── 100-control-plan-leader-election-status.PrometheusRule.yaml │ ├── 100-control-plane-resizing.PrometheusRule.yaml │ ├── 100-elasticsearch-jobs.PrometheusRule.yaml │ ├── 100-excessive-memory.PrometheusRule.yaml │ ├── 100-haproxy-reload-fails.Prometheusrule.yaml │ ├── 100-infra-resizing.PrometheusRule.yaml │ ├── 100-kube-apiserver-missing-on-node.yaml │ ├── 100-kube-controller-manager-crashlooping.yaml │ ├── 100-kube-controller-manager-missing-on-node.yaml │ ├── 100-kube-scheduler-missing-on-node.yaml │ ├── 100-machine-health-check-unterminated-short-circuit.PrometheusRule.yaml │ ├── 100-managed-node-metadata-operator.PrometheusRule.yaml │ ├── 100-managed-upgrade-operator.PrometheusRule.yaml │ ├── 100-managed-velero-operator.PrometheusRule.yaml │ ├── 100-node-filedescriptor-limits.PrometheusRule.yaml │ ├── 100-node-stuck-terminating-creating.PrometheusRule.yaml │ ├── 100-node-unschedulable.PrometheusRule.yaml │ ├── 100-oauth-server.PrometheusRule.yaml │ ├── 100-ocm-agent-operator.PrometheusRule.yaml │ ├── 100-pending-csr.PrometheusRule.yaml │ ├── 100-rhmi-sre-elevation.PrometheusRule.yaml │ ├── 100-rhoam-sre-elevation.PrometheusRule.yaml │ ├── 100-router-health.PrometheusRule.yaml │ ├── 100-runaway-sdn.PrometheusRule.yaml │ ├── 100-sre-api-errors.PrometheusRule.yaml │ ├── 100-sre-cannot-retrieve-updates.PrometheusRule.yaml │ ├── 100-sre-haproxydown.PrometheusRule.yaml │ ├── 100-sre-kubejobfailing.PrometheusRule.yaml │ ├── 100-sre-kubequotaexceeded.PrometheusRule.yaml │ ├── 100-sre-podDisruptionBudget.PrometheusRule.yaml │ ├── 100-sre-pruning.PrometheusRule.yaml │ ├── 100-sre-pv.PrometheusRule.yaml │ ├── 100-telemeter-client.PrometheusRule.yaml │ ├── OWNERS │ ├── README.md │ ├── aws │ │ ├── 100-stuck-volumes.PrometheusRule.yaml │ │ ├── config.yaml │ │ ├── ebs-iops-burstbalance │ │ │ ├── 100-aws-ebs-iops-burstbal.promRule.yaml │ │ │ └── config.yaml │ │ └── sts-privatelink │ │ │ ├── 100-cloud-ingress-operator.PrometheusRule.yaml │ │ │ └── config.yaml │ ├── centralized-observability │ │ ├── 100-sre-internal-recording-rules.yaml │ │ ├── 100-sre-internal-slo-recording-rules.PrometheusRule.yaml │ │ ├── 100-sre-operators-recording-rules.yaml │ │ ├── 100-sre-slo-recording-rules.PrometheusRule.yaml │ │ ├── 100-sre-telemetry-managed-labels-recording-rules.PrometheusRule.yaml │ │ ├── README.md │ │ ├── config.yaml │ │ └── srep_osd_metrics_flow.jpg │ ├── config.yaml │ ├── extended-logging │ │ ├── 101-parsed_elasticsearch_openshift-logging_elasticsearch-prometheus-rules.PrometheusRule.yaml │ │ ├── 101-parsed_fluentd_openshift-logging_collector.PrometheusRule.yaml │ │ ├── README.md │ │ └── config.yaml │ ├── fedramp │ │ ├── 100-avo-pendingAcceptance.PrometheusRule.yaml │ │ ├── 100-disk-full.PrometheusRule.yaml │ │ ├── config.yaml │ │ └── hive-prod │ │ │ ├── 100-cgao-inactive-heartbeatmonitor.yaml │ │ │ └── config.yaml │ ├── insights │ │ ├── 100-sre-insightsoperator.PrometheusRule.yaml │ │ └── config.yaml │ ├── legacy-ingress │ │ ├── 100-sre-haproxydown.PrometheusRule.yaml │ │ └── config.yaml │ ├── management-cluster │ │ ├── 100-dynatrace-workloads-monitoring.PrometheusRule.yaml │ │ ├── 100-kubeletconfig-debugging-handlers-enabled.PrometheusRule.yaml │ │ ├── 100-machine-out-of-compliance.PrometheusRule.yaml │ │ ├── 100-oadp-monitoring.PrometheusRule.yaml │ │ └── config.yaml │ ├── monitoring │ │ ├── 100-cluster-monitoring-error-budget-burn.yaml │ │ └── config.yaml │ ├── ocm-agent │ │ ├── 100-customer-webooks.PrometheusRule.yaml │ │ ├── 100-multiple-efs-operator-PrometheusRule.yaml │ │ ├── 100-ocm-agent-proxy.PrometheusRule.yaml │ │ ├── 100-ocm-agent-upgrade.PrometheusRule.yaml │ │ ├── 100-ocm-agent.PrometheusRule.yaml │ │ ├── README.md │ │ ├── config.yaml │ │ ├── legacy-ingress │ │ │ ├── 100-ocm-agent.PrometheusRule.yaml │ │ │ └── config.yaml │ │ ├── node-condition │ │ │ ├── 100-ocm-agent-node-condition.PrometheusRule.yaml │ │ │ └── config.yaml │ │ ├── obo-monitoring │ │ │ ├── 100-audit-webhook-cloud-watch-errors.PrometheusRule.yaml │ │ │ ├── 100-oidc-missing.PrometheusRule.yaml │ │ │ └── config.yaml │ │ └── unsupported-logging │ │ │ ├── 100-ocm-agent.PrometheusRule.yaml │ │ │ └── config.yaml │ └── pre-4.8 │ │ ├── 100-csv-abnormal.PrometheusRule.yaml │ │ └── config.yaml ├── sre-pruning │ ├── 100-pruning.Namespace.yaml │ ├── 105-pruning.rbac.ClusterRole.yaml │ ├── 105-pruning.rbac.ClusterRoleBinding.yaml │ ├── 105-pruning.rbac.ServiceAccount.yaml │ ├── 110-pruning-builds.CronJob.yaml │ ├── 110-pruning-deployments.CronJob.yaml │ ├── OWNERS │ ├── README.md │ ├── config.yaml │ ├── images-pre-4.6 │ │ ├── 00-pruning.rbac.yaml │ │ ├── 01-pruning-images.CronJob.yaml │ │ └── config.yaml │ └── images │ │ ├── 00-cluster.ImagePruner.patch.yaml │ │ └── config.yaml └── velero-configuration │ ├── 100-velero.Velero.yaml │ ├── 110-velero.Schedules.yaml │ ├── OWNERS │ ├── config.yaml │ └── hive-specific │ ├── 05-velero-schedule-admins-cluster.ClusterRole.yaml │ ├── 111-velero.Schedules.yaml │ └── config.yaml ├── docs └── backplane │ ├── OWNERS │ ├── guideline.md │ └── requirements │ ├── 10-template.md │ ├── README.md │ ├── acs │ ├── 10-acs-managed-service-nonprod.md │ └── 10-acs-managed-service.md │ ├── cee │ ├── 10-egressip.md │ ├── 20-machineautoscaler.md │ ├── 30-management-cluster.md │ ├── 30-service-cluster.md │ └── 40-backplane-cee.md │ ├── hybridsre-hcp │ ├── 20-hypershift-management-cluster.md │ └── OWNERS │ ├── mcs-tier-two │ ├── 10-egressip.md │ ├── 20-machineautoscaler.md │ ├── 30-management-cluster.md │ ├── 30-service-cluster.md │ └── 40-backplane-mcs-tier-two.md │ └── srep │ ├── 00-cloud-console.md │ ├── 10-managed-ocp.md │ ├── 20-hive-shard.md │ ├── 30-hypershift-service-cluster.md │ ├── 40-hypershift-management-cluster.md │ └── OWNERS ├── hack ├── 00-osd-managed-cluster-config-integration.yaml.tmpl ├── 00-osd-managed-cluster-config-production.yaml.tmpl ├── 00-osd-managed-cluster-config-stage.yaml.tmpl ├── OWNERS └── app_sre_pr_check.sh ├── project.mk ├── resources ├── README.md ├── addons-namespaces │ └── main.yaml ├── cluster-monitoring-config │ └── config.yaml ├── managed │ └── all-osd-resources.yaml ├── privatelink │ ├── 4.10 │ │ └── sts_installer_permission_policy.json │ ├── 4.7 │ │ └── sts_installer_permission_policy.json │ ├── 4.8 │ │ └── sts_installer_permission_policy.json │ └── 4.9 │ │ └── sts_installer_permission_policy.json ├── prometheusrules │ ├── README.md │ ├── elasticsearch_openshift-logging_elasticsearch-prometheus-rules.PrometheusRule.yaml │ └── fluentd_openshift-logging_collector.PrometheusRule.yaml ├── sts │ ├── 4.10 │ │ ├── openshift_aws_vpce_operator_avo_aws_creds_policy.json │ │ ├── openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json │ │ ├── openshift_cloud_ingress_operator_cloud_credentials_policy.json │ │ ├── openshift_cloud_network_config_controller_cloud_credentials_policy.json │ │ ├── openshift_cluster_csi_drivers_ebs_cloud_credentials_policy.json │ │ ├── openshift_image_registry_installer_cloud_credentials_policy.json │ │ ├── openshift_ingress_operator_cloud_credentials_policy.json │ │ ├── openshift_machine_api_aws_cloud_credentials_policy.json │ │ ├── operator_iam_role_policy.json │ │ ├── osd_scp_policy.json │ │ ├── sts_installer_permission_policy.json │ │ ├── sts_installer_trust_policy.json │ │ ├── sts_instance_controlplane_permission_policy.json │ │ ├── sts_instance_controlplane_trust_policy.json │ │ ├── sts_instance_worker_permission_policy.json │ │ ├── sts_instance_worker_trust_policy.json │ │ ├── sts_ocm_admin_permission_policy.json │ │ ├── sts_ocm_permission_policy.json │ │ ├── sts_ocm_trust_policy.json │ │ ├── sts_ocm_user_trust_policy.json │ │ ├── sts_support_permission_policy.json │ │ └── sts_support_trust_policy.json │ ├── 4.11 │ │ ├── openshift_aws_vpce_operator_avo_aws_creds_policy.json │ │ ├── openshift_capa_controller_manager_credentials_policy.json │ │ ├── openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json │ │ ├── openshift_cloud_ingress_operator_cloud_credentials_policy.json │ │ ├── openshift_cloud_network_config_controller_cloud_credentials_policy.json │ │ ├── openshift_cluster_csi_drivers_ebs_cloud_credentials_policy.json │ │ ├── openshift_control_plane_operator_credentials_policy.json │ │ ├── openshift_image_registry_installer_cloud_credentials_policy.json │ │ ├── openshift_ingress_operator_cloud_credentials_policy.json │ │ ├── openshift_kms_provider_credentials_policy.json │ │ ├── openshift_kube_controller_manager_credentials_policy.json │ │ ├── openshift_machine_api_aws_cloud_credentials_policy.json │ │ ├── operator_iam_role_policy.json │ │ ├── osd_scp_policy.json │ │ ├── sts_installer_core_permission_policy.json │ │ ├── sts_installer_permission_policy.json │ │ ├── sts_installer_privatelink_permission_policy.json │ │ ├── sts_installer_trust_policy.json │ │ ├── sts_installer_vpc_permission_policy.json │ │ ├── sts_instance_controlplane_permission_policy.json │ │ ├── sts_instance_controlplane_trust_policy.json │ │ ├── sts_instance_worker_permission_policy.json │ │ ├── sts_instance_worker_trust_policy.json │ │ ├── sts_ocm_admin_permission_policy.json │ │ ├── sts_ocm_permission_policy.json │ │ ├── sts_ocm_trust_policy.json │ │ ├── sts_ocm_user_trust_policy.json │ │ ├── sts_support_permission_policy.json │ │ └── sts_support_trust_policy.json │ ├── 4.12 │ │ ├── openshift_aws_vpce_operator_avo_aws_creds_policy.json │ │ ├── openshift_capa_controller_manager_credentials_policy.json │ │ ├── openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json │ │ ├── openshift_cloud_ingress_operator_cloud_credentials_policy.json │ │ ├── openshift_cloud_network_config_controller_cloud_credentials_policy.json │ │ ├── openshift_cluster_csi_drivers_ebs_cloud_credentials_policy.json │ │ ├── openshift_control_plane_operator_credentials_policy.json │ │ ├── openshift_image_registry_installer_cloud_credentials_policy.json │ │ ├── openshift_ingress_operator_cloud_credentials_policy.json │ │ ├── openshift_kms_provider_credentials_policy.json │ │ ├── openshift_kube_controller_manager_credentials_policy.json │ │ ├── openshift_machine_api_aws_cloud_credentials_policy.json │ │ ├── operator_iam_role_policy.json │ │ ├── osd_scp_policy.json │ │ ├── shared_vpc_openshift_ingress_operator_cloud_credentials_policy.json │ │ ├── sts_installer_core_permission_boundary_policy.json │ │ ├── sts_installer_permission_policy.json │ │ ├── sts_installer_privatelink_permission_boundary_policy.json │ │ ├── sts_installer_trust_policy.json │ │ ├── sts_installer_vpc_permission_boundary_policy.json │ │ ├── sts_instance_controlplane_permission_policy.json │ │ ├── sts_instance_controlplane_trust_policy.json │ │ ├── sts_instance_worker_permission_policy.json │ │ ├── sts_instance_worker_trust_policy.json │ │ ├── sts_ocm_admin_permission_policy.json │ │ ├── sts_ocm_permission_policy.json │ │ ├── sts_ocm_trust_policy.json │ │ ├── sts_ocm_user_trust_policy.json │ │ ├── sts_support_permission_policy.json │ │ └── sts_support_trust_policy.json │ ├── 4.13 │ │ ├── openshift_aws_vpce_operator_avo_aws_creds_policy.json │ │ ├── openshift_capa_controller_manager_credentials_policy.json │ │ ├── openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json │ │ ├── openshift_cloud_ingress_operator_cloud_credentials_policy.json │ │ ├── openshift_cloud_network_config_controller_cloud_credentials_policy.json │ │ ├── openshift_cluster_csi_drivers_ebs_cloud_credentials_policy.json │ │ ├── openshift_control_plane_operator_credentials_policy.json │ │ ├── openshift_image_registry_installer_cloud_credentials_policy.json │ │ ├── openshift_ingress_operator_cloud_credentials_policy.json │ │ ├── openshift_kms_provider_credentials_policy.json │ │ ├── openshift_kube_controller_manager_credentials_policy.json │ │ ├── openshift_machine_api_aws_cloud_credentials_policy.json │ │ ├── operator_iam_role_policy.json │ │ ├── osd_scp_policy.json │ │ ├── shared_vpc_openshift_ingress_operator_cloud_credentials_policy.json │ │ ├── sts_installer_core_permission_boundary_policy.json │ │ ├── sts_installer_permission_policy.json │ │ ├── sts_installer_privatelink_permission_boundary_policy.json │ │ ├── sts_installer_trust_policy.json │ │ ├── sts_installer_vpc_permission_boundary_policy.json │ │ ├── sts_instance_controlplane_permission_policy.json │ │ ├── sts_instance_controlplane_trust_policy.json │ │ ├── sts_instance_worker_permission_policy.json │ │ ├── sts_instance_worker_trust_policy.json │ │ ├── sts_ocm_admin_permission_policy.json │ │ ├── sts_ocm_permission_policy.json │ │ ├── sts_ocm_trust_policy.json │ │ ├── sts_ocm_user_trust_policy.json │ │ ├── sts_support_permission_policy.json │ │ └── sts_support_trust_policy.json │ ├── 4.14 │ │ ├── fedramp-hypershift │ │ │ ├── README.md │ │ │ ├── openshift_hcp_capa_controller_manager_credentials_policy.json │ │ │ ├── openshift_hcp_cloud_network_config_cloud_credentials_permission_policy.json │ │ │ ├── openshift_hcp_cluster_csi_driver_ebs_operator_cloud_credentials_policy.json │ │ │ ├── openshift_hcp_cluster_ingress_operator_cloud_credentials_policy.json │ │ │ ├── openshift_hcp_control_plane_operator_credentials_policy.json │ │ │ ├── openshift_hcp_image_registry_operator_permission_policy.json │ │ │ ├── openshift_hcp_kms_provider_credential_policy.json │ │ │ ├── openshift_hcp_kube_controller_manager_credentials_policy.json │ │ │ ├── openshift_hcp_shared_vpc_route_53_credentials_policy.json │ │ │ ├── openshift_hcp_shared_vpc_vpc_endpoint_credentials_policy.json │ │ │ ├── sts_extended_hcp_support_permission_policy.json │ │ │ ├── sts_hcp_installer_permission_policy.json │ │ │ ├── sts_hcp_support_permission_policy.json │ │ │ └── sts_hcp_worker_instance_permission_policy.json │ │ ├── openshift_aws_vpce_operator_avo_aws_creds_policy.json │ │ ├── openshift_capa_controller_manager_credentials_policy.json │ │ ├── openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json │ │ ├── openshift_cloud_ingress_operator_cloud_credentials_policy.json │ │ ├── openshift_cloud_network_config_controller_cloud_credentials_policy.json │ │ ├── openshift_cluster_csi_drivers_ebs_cloud_credentials_policy.json │ │ ├── openshift_control_plane_operator_credentials_policy.json │ │ ├── openshift_image_registry_installer_cloud_credentials_policy.json │ │ ├── openshift_ingress_operator_cloud_credentials_policy.json │ │ ├── openshift_kms_provider_credentials_policy.json │ │ ├── openshift_kube_controller_manager_credentials_policy.json │ │ ├── openshift_machine_api_aws_cloud_credentials_policy.json │ │ ├── operator_iam_role_policy.json │ │ ├── osd_scp_policy.json │ │ ├── shared_vpc_openshift_ingress_operator_cloud_credentials_policy.json │ │ ├── sts_installer_core_permission_boundary_policy.json │ │ ├── sts_installer_permission_policy.json │ │ ├── sts_installer_privatelink_permission_boundary_policy.json │ │ ├── sts_installer_trust_policy.json │ │ ├── sts_installer_vpc_permission_boundary_policy.json │ │ ├── sts_instance_controlplane_permission_policy.json │ │ ├── sts_instance_controlplane_trust_policy.json │ │ ├── sts_instance_worker_permission_policy.json │ │ ├── sts_instance_worker_trust_policy.json │ │ ├── sts_ocm_admin_permission_policy.json │ │ ├── sts_ocm_permission_policy.json │ │ ├── sts_ocm_trust_policy.json │ │ ├── sts_ocm_user_trust_policy.json │ │ ├── sts_support_permission_policy.json │ │ └── sts_support_trust_policy.json │ ├── 4.15 │ │ ├── openshift_aws_vpce_operator_avo_aws_creds_policy.json │ │ ├── openshift_capa_controller_manager_credentials_policy.json │ │ ├── openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json │ │ ├── openshift_cloud_ingress_operator_cloud_credentials_policy.json │ │ ├── openshift_cloud_network_config_controller_cloud_credentials_policy.json │ │ ├── openshift_cluster_csi_drivers_ebs_cloud_credentials_policy.json │ │ ├── openshift_control_plane_operator_credentials_policy.json │ │ ├── openshift_image_registry_installer_cloud_credentials_policy.json │ │ ├── openshift_ingress_operator_cloud_credentials_policy.json │ │ ├── openshift_kms_provider_credentials_policy.json │ │ ├── openshift_kube_controller_manager_credentials_policy.json │ │ ├── openshift_machine_api_aws_cloud_credentials_policy.json │ │ ├── operator_iam_role_policy.json │ │ ├── osd_scp_policy.json │ │ ├── shared_vpc_openshift_ingress_operator_cloud_credentials_policy.json │ │ ├── sts_installer_core_permission_boundary_policy.json │ │ ├── sts_installer_permission_policy.json │ │ ├── sts_installer_privatelink_permission_boundary_policy.json │ │ ├── sts_installer_trust_policy.json │ │ ├── sts_installer_vpc_permission_boundary_policy.json │ │ ├── sts_instance_controlplane_permission_policy.json │ │ ├── sts_instance_controlplane_trust_policy.json │ │ ├── sts_instance_worker_permission_policy.json │ │ ├── sts_instance_worker_trust_policy.json │ │ ├── sts_ocm_admin_permission_policy.json │ │ ├── sts_ocm_permission_policy.json │ │ ├── sts_ocm_trust_policy.json │ │ ├── sts_ocm_user_trust_policy.json │ │ ├── sts_support_permission_policy.json │ │ └── sts_support_trust_policy.json │ ├── 4.16 │ │ ├── openshift_aws_vpce_operator_avo_aws_creds_policy.json │ │ ├── openshift_capa_controller_manager_credentials_policy.json │ │ ├── openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json │ │ ├── openshift_cloud_ingress_operator_cloud_credentials_policy.json │ │ ├── openshift_cloud_network_config_controller_cloud_credentials_policy.json │ │ ├── openshift_cluster_csi_drivers_ebs_cloud_credentials_policy.json │ │ ├── openshift_control_plane_operator_credentials_policy.json │ │ ├── openshift_image_registry_installer_cloud_credentials_policy.json │ │ ├── openshift_ingress_operator_cloud_credentials_policy.json │ │ ├── openshift_kms_provider_credentials_policy.json │ │ ├── openshift_kube_controller_manager_credentials_policy.json │ │ ├── openshift_machine_api_aws_cloud_credentials_policy.json │ │ ├── operator_iam_role_policy.json │ │ ├── osd_scp_policy.json │ │ ├── shared_vpc_openshift_ingress_operator_cloud_credentials_policy.json │ │ ├── sts_installer_core_permission_boundary_policy.json │ │ ├── sts_installer_permission_policy.json │ │ ├── sts_installer_privatelink_permission_boundary_policy.json │ │ ├── sts_installer_trust_policy.json │ │ ├── sts_installer_vpc_permission_boundary_policy.json │ │ ├── sts_instance_controlplane_permission_policy.json │ │ ├── sts_instance_controlplane_trust_policy.json │ │ ├── sts_instance_worker_permission_policy.json │ │ ├── sts_instance_worker_trust_policy.json │ │ ├── sts_ocm_admin_permission_policy.json │ │ ├── sts_ocm_permission_policy.json │ │ ├── sts_ocm_trust_policy.json │ │ ├── sts_ocm_user_trust_policy.json │ │ ├── sts_support_permission_policy.json │ │ └── sts_support_trust_policy.json │ ├── 4.17 │ │ ├── openshift_aws_vpce_operator_avo_aws_creds_policy.json │ │ ├── openshift_capa_controller_manager_credentials_policy.json │ │ ├── openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json │ │ ├── openshift_cloud_ingress_operator_cloud_credentials_policy.json │ │ ├── openshift_cloud_network_config_controller_cloud_credentials_policy.json │ │ ├── openshift_cluster_csi_drivers_ebs_cloud_credentials_policy.json │ │ ├── openshift_control_plane_operator_credentials_policy.json │ │ ├── openshift_image_registry_installer_cloud_credentials_policy.json │ │ ├── openshift_ingress_operator_cloud_credentials_policy.json │ │ ├── openshift_kms_provider_credentials_policy.json │ │ ├── openshift_kube_controller_manager_credentials_policy.json │ │ ├── openshift_machine_api_aws_cloud_credentials_policy.json │ │ ├── operator_iam_role_policy.json │ │ ├── osd_scp_policy.json │ │ ├── shared_vpc_openshift_ingress_operator_cloud_credentials_policy.json │ │ ├── sts_installer_core_permission_boundary_policy.json │ │ ├── sts_installer_permission_policy.json │ │ ├── sts_installer_privatelink_permission_boundary_policy.json │ │ ├── sts_installer_trust_policy.json │ │ ├── sts_installer_vpc_permission_boundary_policy.json │ │ ├── sts_instance_controlplane_permission_policy.json │ │ ├── sts_instance_controlplane_trust_policy.json │ │ ├── sts_instance_worker_permission_policy.json │ │ ├── sts_instance_worker_trust_policy.json │ │ ├── sts_ocm_admin_permission_policy.json │ │ ├── sts_ocm_permission_policy.json │ │ ├── sts_ocm_trust_policy.json │ │ ├── sts_ocm_user_trust_policy.json │ │ ├── sts_support_permission_policy.json │ │ └── sts_support_trust_policy.json │ ├── 4.18 │ │ ├── openshift_aws_vpce_operator_avo_aws_creds_policy.json │ │ ├── openshift_capa_controller_manager_credentials_policy.json │ │ ├── openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json │ │ ├── openshift_cloud_ingress_operator_cloud_credentials_policy.json │ │ ├── openshift_cloud_network_config_controller_cloud_credentials_policy.json │ │ ├── openshift_cluster_csi_drivers_ebs_cloud_credentials_policy.json │ │ ├── openshift_control_plane_operator_credentials_policy.json │ │ ├── openshift_image_registry_installer_cloud_credentials_policy.json │ │ ├── openshift_ingress_operator_cloud_credentials_policy.json │ │ ├── openshift_kms_provider_credentials_policy.json │ │ ├── openshift_kube_controller_manager_credentials_policy.json │ │ ├── openshift_machine_api_aws_cloud_credentials_policy.json │ │ ├── operator_iam_role_policy.json │ │ ├── osd_scp_policy.json │ │ ├── shared_vpc_openshift_ingress_operator_cloud_credentials_policy.json │ │ ├── sts_installer_core_permission_boundary_policy.json │ │ ├── sts_installer_permission_policy.json │ │ ├── sts_installer_privatelink_permission_boundary_policy.json │ │ ├── sts_installer_trust_policy.json │ │ ├── sts_installer_vpc_permission_boundary_policy.json │ │ ├── sts_instance_controlplane_permission_policy.json │ │ ├── sts_instance_controlplane_trust_policy.json │ │ ├── sts_instance_worker_permission_policy.json │ │ ├── sts_instance_worker_trust_policy.json │ │ ├── sts_ocm_admin_permission_policy.json │ │ ├── sts_ocm_permission_policy.json │ │ ├── sts_ocm_trust_policy.json │ │ ├── sts_ocm_user_trust_policy.json │ │ ├── sts_support_permission_policy.json │ │ └── sts_support_trust_policy.json │ ├── 4.19 │ │ ├── openshift_aws_vpce_operator_avo_aws_creds_policy.json │ │ ├── openshift_capa_controller_manager_credentials_policy.json │ │ ├── openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json │ │ ├── openshift_cloud_ingress_operator_cloud_credentials_policy.json │ │ ├── openshift_cloud_network_config_controller_cloud_credentials_policy.json │ │ ├── openshift_cluster_csi_drivers_ebs_cloud_credentials_policy.json │ │ ├── openshift_control_plane_operator_credentials_policy.json │ │ ├── openshift_image_registry_installer_cloud_credentials_policy.json │ │ ├── openshift_ingress_operator_cloud_credentials_policy.json │ │ ├── openshift_kms_provider_credentials_policy.json │ │ ├── openshift_kube_controller_manager_credentials_policy.json │ │ ├── openshift_machine_api_aws_cloud_credentials_policy.json │ │ ├── operator_iam_role_policy.json │ │ ├── osd_scp_policy.json │ │ ├── shared_vpc_openshift_ingress_operator_cloud_credentials_policy.json │ │ ├── sts_installer_core_permission_boundary_policy.json │ │ ├── sts_installer_permission_policy.json │ │ ├── sts_installer_privatelink_permission_boundary_policy.json │ │ ├── sts_installer_trust_policy.json │ │ ├── sts_installer_vpc_permission_boundary_policy.json │ │ ├── sts_instance_controlplane_permission_policy.json │ │ ├── sts_instance_controlplane_trust_policy.json │ │ ├── sts_instance_worker_permission_policy.json │ │ ├── sts_instance_worker_trust_policy.json │ │ ├── sts_ocm_admin_permission_policy.json │ │ ├── sts_ocm_permission_policy.json │ │ ├── sts_ocm_trust_policy.json │ │ ├── sts_ocm_user_trust_policy.json │ │ ├── sts_support_permission_policy.json │ │ └── sts_support_trust_policy.json │ ├── 4.20 │ │ ├── openshift_aws_vpce_operator_avo_aws_creds_policy.json │ │ ├── openshift_capa_controller_manager_credentials_policy.json │ │ ├── openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json │ │ ├── openshift_cloud_ingress_operator_cloud_credentials_policy.json │ │ ├── openshift_cloud_network_config_controller_cloud_credentials_policy.json │ │ ├── openshift_cluster_csi_drivers_ebs_cloud_credentials_policy.json │ │ ├── openshift_control_plane_operator_credentials_policy.json │ │ ├── openshift_image_registry_installer_cloud_credentials_policy.json │ │ ├── openshift_ingress_operator_cloud_credentials_policy.json │ │ ├── openshift_kms_provider_credentials_policy.json │ │ ├── openshift_kube_controller_manager_credentials_policy.json │ │ ├── openshift_machine_api_aws_cloud_credentials_policy.json │ │ ├── operator_iam_role_policy.json │ │ ├── osd_scp_policy.json │ │ ├── shared_vpc_openshift_ingress_operator_cloud_credentials_policy.json │ │ ├── sts_installer_core_permission_boundary_policy.json │ │ ├── sts_installer_permission_policy.json │ │ ├── sts_installer_privatelink_permission_boundary_policy.json │ │ ├── sts_installer_trust_policy.json │ │ ├── sts_installer_vpc_permission_boundary_policy.json │ │ ├── sts_instance_controlplane_permission_policy.json │ │ ├── sts_instance_controlplane_trust_policy.json │ │ ├── sts_instance_worker_permission_policy.json │ │ ├── sts_instance_worker_trust_policy.json │ │ ├── sts_ocm_admin_permission_policy.json │ │ ├── sts_ocm_permission_policy.json │ │ ├── sts_ocm_trust_policy.json │ │ ├── sts_ocm_user_trust_policy.json │ │ ├── sts_support_permission_policy.json │ │ └── sts_support_trust_policy.json │ ├── 4.7 │ │ ├── openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json │ │ ├── openshift_cluster_csi_drivers_ebs_cloud_credentials_policy.json │ │ ├── openshift_image_registry_installer_cloud_credentials_policy.json │ │ ├── openshift_ingress_operator_cloud_credentials_policy.json │ │ ├── openshift_machine_api_aws_cloud_credentials_policy.json │ │ ├── operator_iam_role_policy.json │ │ ├── osd_scp_policy.json │ │ ├── sts_installer_permission_policy.json │ │ ├── sts_installer_trust_policy.json │ │ ├── sts_instance_controlplane_permission_policy.json │ │ ├── sts_instance_controlplane_trust_policy.json │ │ ├── sts_instance_worker_permission_policy.json │ │ ├── sts_instance_worker_trust_policy.json │ │ ├── sts_support_permission_policy.json │ │ └── sts_support_trust_policy.json │ ├── 4.8 │ │ ├── openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json │ │ ├── openshift_cluster_csi_drivers_ebs_cloud_credentials_policy.json │ │ ├── openshift_image_registry_installer_cloud_credentials_policy.json │ │ ├── openshift_ingress_operator_cloud_credentials_policy.json │ │ ├── openshift_machine_api_aws_cloud_credentials_policy.json │ │ ├── operator_iam_role_policy.json │ │ ├── osd_scp_policy.json │ │ ├── sts_installer_permission_policy.json │ │ ├── sts_installer_trust_policy.json │ │ ├── sts_instance_controlplane_permission_policy.json │ │ ├── sts_instance_controlplane_trust_policy.json │ │ ├── sts_instance_worker_permission_policy.json │ │ ├── sts_instance_worker_trust_policy.json │ │ ├── sts_support_permission_policy.json │ │ └── sts_support_trust_policy.json │ ├── 4.9 │ │ ├── openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json │ │ ├── openshift_cloud_ingress_operator_cloud_credentials_policy.json │ │ ├── openshift_cluster_csi_drivers_ebs_cloud_credentials_policy.json │ │ ├── openshift_image_registry_installer_cloud_credentials_policy.json │ │ ├── openshift_ingress_operator_cloud_credentials_policy.json │ │ ├── openshift_machine_api_aws_cloud_credentials_policy.json │ │ ├── operator_iam_role_policy.json │ │ ├── osd_scp_policy.json │ │ ├── sts_installer_permission_policy.json │ │ ├── sts_installer_trust_policy.json │ │ ├── sts_instance_controlplane_permission_policy.json │ │ ├── sts_instance_controlplane_trust_policy.json │ │ ├── sts_instance_worker_permission_policy.json │ │ ├── sts_instance_worker_trust_policy.json │ │ ├── sts_support_permission_policy.json │ │ └── sts_support_trust_policy.json │ ├── OWNERS │ ├── README.md │ └── hypershift │ │ ├── README.md │ │ ├── openshift_hcp_capa_controller_manager_credentials_policy.json │ │ ├── openshift_hcp_cloud_network_config_cloud_credentials_permission_policy.json │ │ ├── openshift_hcp_cluster_csi_driver_ebs_operator_cloud_credentials_policy.json │ │ ├── openshift_hcp_cluster_ingress_operator_cloud_credentials_policy.json │ │ ├── openshift_hcp_control_plane_operator_credentials_policy.json │ │ ├── openshift_hcp_image_registry_operator_permission_policy.json │ │ ├── openshift_hcp_kms_provider_credential_policy.json │ │ ├── openshift_hcp_kube_controller_manager_credentials_policy.json │ │ ├── openshift_hcp_shared_vpc_route_53_credentials_policy.json │ │ ├── openshift_hcp_shared_vpc_vpc_endpoint_credentials_policy.json │ │ ├── sts_extended_hcp_support_permission_policy.json │ │ ├── sts_hcp_installer_permission_policy.json │ │ ├── sts_hcp_support_permission_policy.json │ │ └── sts_hcp_worker_instance_permission_policy.json ├── tailored-profiles │ ├── hypershift-cis-tp.yaml │ └── hypershift-pcidss-tp.yaml └── wif │ ├── 4.17 │ └── vanilla.yaml │ ├── 4.18 │ └── vanilla.yaml │ ├── 4.19 │ └── vanilla.yaml │ └── README.md ├── scripts ├── checklinks.sh ├── enforce-backplane-rules.py ├── generate-cmo-config.py ├── generate-policy-config.py ├── generate-policy.sh ├── generate-subjectpermissions-policy-config.py ├── generate_template.py ├── jsonify.awk ├── managed-resources │ ├── generate-managed-list.py │ └── make-all-managed-lists.sh ├── policy-generator-config.yaml ├── rotate-aws-creds │ ├── common.sh │ ├── run.sh │ ├── sharded.sh │ └── v3.sh └── templates │ ├── selectorsyncset.yaml │ └── template.yaml └── source └── html ├── osd ├── README.md ├── errors.html ├── login.html └── providers.html └── rosa ├── README.md ├── errors.html ├── login.html ├── providers.html └── rosa-brand-logo.svg /.gitignore: -------------------------------------------------------------------------------- 1 | tmp_exporters/ 2 | generated/ 3 | .DS_Store 4 | .vscode/ 5 | .idea/ 6 | -------------------------------------------------------------------------------- /deploy/acm-policies/00-openshift-acm-policies.Namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-acm-policies 5 | 6 | -------------------------------------------------------------------------------- /deploy/acm-policies/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: ext-hypershift.openshift.io/cluster-type 5 | operator: In 6 | values: ["service-cluster","management-cluster-v2"] 7 | -------------------------------------------------------------------------------- /deploy/aws-ssm-agent/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: ext-hypershift.openshift.io/cluster-type 5 | operator: In 6 | values: ["management-cluster"] 7 | - key: api.openshift.com/fedramp 8 | operator: NotIn 9 | values: ["true"] 10 | - key: ext-hypershift.openshift.io/cluster-sector 11 | operator: NotIn 12 | values: ["ibm-infra"] 13 | -------------------------------------------------------------------------------- /deploy/backplane/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - srep-functional-leads 3 | - srep-team-leads 4 | approvers: 5 | - srep-team-leads 6 | - srep-architects 7 | -------------------------------------------------------------------------------- /deploy/backplane/acs-integration/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchLabels: 4 | api.openshift.com/addon-acs-fleetshard-dev: "true" 5 | matchLabelsApplyMode: "OR" 6 | -------------------------------------------------------------------------------- /deploy/backplane/acs/00-acs-admin.namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-backplane-addon-acs-fleet-shard -------------------------------------------------------------------------------- /deploy/backplane/acs/04-acs-openshift-console-role.yml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: backplane-acs-openshift-console 5 | namespace: openshift-console 6 | rules: 7 | # ACS SRE can use the `ocm backplane console` command 8 | - apiGroups: 9 | - apps 10 | resources: 11 | - deployments 12 | verbs: 13 | - get 14 | - list 15 | - watch -------------------------------------------------------------------------------- /deploy/backplane/cee/00-cee.namespace.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-backplane-cee 5 | -------------------------------------------------------------------------------- /deploy/backplane/cee/01-cee-monitoring-role.yml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: backplane-cee 5 | namespace: openshift-monitoring 6 | rules: 7 | # CEE can portforward monitoring pods 8 | - apiGroups: 9 | - "" 10 | resources: 11 | - pods/portforward 12 | verbs: 13 | - create 14 | -------------------------------------------------------------------------------- /deploy/backplane/cee/02-cee-monitoring-rolebinding.yml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: backplane-cee 5 | namespace: openshift-monitoring 6 | subjects: 7 | - apiGroup: rbac.authorization.k8s.io 8 | kind: Group 9 | name: system:serviceaccounts:openshift-backplane-cee 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: Role 13 | name: backplane-cee 14 | -------------------------------------------------------------------------------- /deploy/backplane/cee/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | policy: 5 | destination: "acm-policies" 6 | -------------------------------------------------------------------------------- /deploy/backplane/cee/hypershift/management-cluster/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: ext-hypershift.openshift.io/cluster-type 5 | operator: In 6 | values: ["management-cluster"] 7 | -------------------------------------------------------------------------------- /deploy/backplane/cee/hypershift/service-cluster/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: ext-hypershift.openshift.io/cluster-type 5 | operator: In 6 | values: ["service-cluster"] 7 | -------------------------------------------------------------------------------- /deploy/backplane/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | policy: 5 | destination: "acm-policies" 6 | -------------------------------------------------------------------------------- /deploy/backplane/csa/00-csa.namespace.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-backplane-csa 5 | -------------------------------------------------------------------------------- /deploy/backplane/csa/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | -------------------------------------------------------------------------------- /deploy/backplane/cse/00-cse.namespace.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-backplane-cse 5 | -------------------------------------------------------------------------------- /deploy/backplane/cse/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | policy: 5 | destination: "acm-policies" 6 | -------------------------------------------------------------------------------- /deploy/backplane/csm/00-csm.namespace.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-backplane-csm 5 | -------------------------------------------------------------------------------- /deploy/backplane/csm/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | policy: 5 | destination: "acm-policies" 6 | -------------------------------------------------------------------------------- /deploy/backplane/elevated-sre/20-cluster-admin.User.yml: -------------------------------------------------------------------------------- 1 | apiVersion: user.openshift.io/v1 2 | kind: User 3 | metadata: 4 | name: backplane-cluster-admin 5 | groups: [] 6 | -------------------------------------------------------------------------------- /deploy/backplane/elevated-sre/30-cluster-admin.ClusterRoleBinding.yml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: backplane-cluster-admin 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: cluster-admin 9 | subjects: 10 | - kind: User 11 | name: backplane-cluster-admin -------------------------------------------------------------------------------- /deploy/backplane/elevated-sre/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | policy: 5 | destination: "acm-policies" 6 | -------------------------------------------------------------------------------- /deploy/backplane/hybridsre-hcp/hypershift/management-cluster/00-hybridsre-hcp.namespace.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-backplane-hybridsre-hcp 5 | -------------------------------------------------------------------------------- /deploy/backplane/hybridsre-hcp/hypershift/management-cluster/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: ext-hypershift.openshift.io/cluster-type 5 | operator: In 6 | values: ["management-cluster"] 7 | -------------------------------------------------------------------------------- /deploy/backplane/lpsre/00-lpsre.namespace.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-backplane-lpsre 5 | -------------------------------------------------------------------------------- /deploy/backplane/lpsre/02-lpsre-monitoring-role.yml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: backplane-lpsre 5 | namespace: openshift-monitoring 6 | rules: 7 | # SRE can portforward pods 8 | - apiGroups: 9 | - "" 10 | resources: 11 | - pods/portforward 12 | verbs: 13 | - create -------------------------------------------------------------------------------- /deploy/backplane/lpsre/acm/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchLabels: 4 | api.openshift.com/addon-advanced-cluster-management: "true" 5 | -------------------------------------------------------------------------------- /deploy/backplane/lpsre/acs/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchLabels: 4 | api.openshift.com/addon-acs-fleetshard: "true" 5 | -------------------------------------------------------------------------------- /deploy/backplane/lpsre/cert-manager/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchLabels: 4 | api.openshift.com/addon-cert-manager-operator: "true" 5 | -------------------------------------------------------------------------------- /deploy/backplane/lpsre/dynatrace/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: ext-hypershift.openshift.io/cluster-type 5 | operator: In 6 | values: ["management-cluster"] 7 | - key: api.openshift.com/fedramp 8 | operator: NotIn 9 | values: ["true"] 10 | -------------------------------------------------------------------------------- /deploy/backplane/lpsre/dynatrace/otel/01-lpsre-otel.Role.yml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: backplane-lpsre-opentelemetry 5 | namespace: openshift-opentelemetry-operator 6 | rules: 7 | - apiGroups: 8 | - opentelemetry.io 9 | resources: 10 | - opentelemetrycollectors 11 | verbs: 12 | - list 13 | - get 14 | - watch 15 | -------------------------------------------------------------------------------- /deploy/backplane/lpsre/dynatrace/otel/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: ext-hypershift.openshift.io/cluster-type 5 | operator: In 6 | values: ["management-cluster"] 7 | - key: api.openshift.com/fedramp 8 | operator: NotIn 9 | values: ["true"] 10 | -------------------------------------------------------------------------------- /deploy/backplane/lpsre/hypershift/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | -------------------------------------------------------------------------------- /deploy/backplane/lpsre/hypershift/management-cluster/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: ext-hypershift.openshift.io/cluster-type 5 | operator: In 6 | values: ["management-cluster"] 7 | - key: api.openshift.com/fedramp 8 | operator: NotIn 9 | values: ["true"] 10 | -------------------------------------------------------------------------------- /deploy/backplane/lpsre/managed-odh/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchLabels: 4 | api.openshift.com/addon-managed-odh: "true" 5 | -------------------------------------------------------------------------------- /deploy/backplane/lpsre/ocs-consumer/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchLabels: 4 | api.openshift.com/addon-ocs-consumer: "true" 5 | -------------------------------------------------------------------------------- /deploy/backplane/lpsre/ocs-converged/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchLabels: 4 | api.openshift.com/addon-ocs-converged: "true" 5 | -------------------------------------------------------------------------------- /deploy/backplane/lpsre/ocs-provider/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchLabels: 4 | api.openshift.com/addon-ocs-provider: "true" 5 | -------------------------------------------------------------------------------- /deploy/backplane/lpsre/reference-addon/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchLabels: 4 | api.openshift.com/addon-reference-addon: "true" 5 | -------------------------------------------------------------------------------- /deploy/backplane/lpsre/rhmi/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchLabels: 4 | api.openshift.com/addon-rhmi-operator: "true" 5 | api.openshift.com/addon-rhmi-operator-internal: "true" 6 | matchLabelsApplyMode: "OR" 7 | -------------------------------------------------------------------------------- /deploy/backplane/lpsre/rhoam/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchLabels: 4 | api.openshift.com/addon-managed-api-service: "true" 5 | api.openshift.com/addon-managed-api-service-internal: "true" 6 | matchLabelsApplyMode: "OR" 7 | -------------------------------------------------------------------------------- /deploy/backplane/mcg/00-mcg.namespace.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-backplane-mcg 5 | -------------------------------------------------------------------------------- /deploy/backplane/mcg/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchLabels: 4 | api.openshift.com/addon-mcg-osd: "true" 5 | matchLabelsApplyMode: "OR" 6 | -------------------------------------------------------------------------------- /deploy/backplane/mcg/mcg-osd/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchLabels: 4 | api.openshift.com/addon-mcg-osd: "true" 5 | -------------------------------------------------------------------------------- /deploy/backplane/mcs-tier-two/00-mcs-tier-two.namespace.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-backplane-mcs-tier-two 5 | -------------------------------------------------------------------------------- /deploy/backplane/mcs-tier-two/01-mcs-tier-two-monitoring-role.yml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: backplane-mcs-tier-two 5 | namespace: openshift-monitoring 6 | rules: 7 | # MCS Tier Two Support Engineers can portforward monitoring pods 8 | - apiGroups: 9 | - "" 10 | resources: 11 | - pods/portforward 12 | verbs: 13 | - create 14 | -------------------------------------------------------------------------------- /deploy/backplane/mcs-tier-two/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | policy: 5 | destination: "acm-policies" 6 | -------------------------------------------------------------------------------- /deploy/backplane/mcs-tier-two/hypershift/management-cluster/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: ext-hypershift.openshift.io/cluster-type 5 | operator: In 6 | values: ["management-cluster"] 7 | - key: api.openshift.com/fedramp 8 | operator: NotIn 9 | values: ["true"] 10 | -------------------------------------------------------------------------------- /deploy/backplane/mcs-tier-two/hypershift/service-cluster/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: ext-hypershift.openshift.io/cluster-type 5 | operator: In 6 | values: ["service-cluster"] 7 | - key: api.openshift.com/fedramp 8 | operator: NotIn 9 | values: ["true"] 10 | -------------------------------------------------------------------------------- /deploy/backplane/mobb/00-mobb.namespace.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-backplane-mobb 5 | -------------------------------------------------------------------------------- /deploy/backplane/mobb/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | policy: 5 | destination: "acm-policies" 6 | -------------------------------------------------------------------------------- /deploy/backplane/nvidia-gpu/00-nvidia-gpu.namespace.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-backplane-nvidia-gpu 5 | -------------------------------------------------------------------------------- /deploy/backplane/nvidia-gpu/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchLabels: 4 | api.openshift.com/addon-nvidia-gpu-addon: "true" 5 | matchLabelsApplyMode: "OR" 6 | -------------------------------------------------------------------------------- /deploy/backplane/nvidia-gpu/nvidia-gpu/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchLabels: 4 | api.openshift.com/addon-nvidia-gpu-addon: "true" 5 | -------------------------------------------------------------------------------- /deploy/backplane/odf-sre/00-odf-sre.namespace.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-backplane-odf-sre 5 | -------------------------------------------------------------------------------- /deploy/backplane/odf-sre/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchLabels: 4 | api.openshift.com/addon-ocs-consumer: "true" 5 | api.openshift.com/addon-ocs-provider: "true" 6 | matchLabelsApplyMode: "OR" 7 | -------------------------------------------------------------------------------- /deploy/backplane/odf-sre/ocs-consumer/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchLabels: 4 | api.openshift.com/addon-ocs-consumer: "true" 5 | -------------------------------------------------------------------------------- /deploy/backplane/odf-sre/ocs-provider/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchLabels: 4 | api.openshift.com/addon-ocs-provider: "true" 5 | -------------------------------------------------------------------------------- /deploy/backplane/odf/00-odf.namespace.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-backplane-odf 5 | -------------------------------------------------------------------------------- /deploy/backplane/odf/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchLabels: 4 | api.openshift.com/addon-ocs-consumer: "true" 5 | api.openshift.com/addon-ocs-provider: "true" 6 | matchLabelsApplyMode: "OR" 7 | -------------------------------------------------------------------------------- /deploy/backplane/odf/ocs-consumer/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchLabels: 4 | api.openshift.com/addon-ocs-consumer: "true" 5 | -------------------------------------------------------------------------------- /deploy/backplane/odf/ocs-provider/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchLabels: 4 | api.openshift.com/addon-ocs-provider: "true" 5 | -------------------------------------------------------------------------------- /deploy/backplane/sdcicd/00-sdcicd.namespace.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-backplane-sdcicd 5 | -------------------------------------------------------------------------------- /deploy/backplane/sdcicd/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: SelectorSyncSet 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/environment 5 | operator: NotIn 6 | values: 7 | - "production" 8 | -------------------------------------------------------------------------------- /deploy/backplane/srep/00-srep.namespace.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-backplane-srep 5 | -------------------------------------------------------------------------------- /deploy/backplane/srep/10-srep-muo.Role.yml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: backplane-srep-muo 5 | namespace: openshift-managed-upgrade-operator 6 | rules: 7 | - apiGroups: 8 | - coordination.k8s.io 9 | resources: 10 | - leases 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | ### END 16 | -------------------------------------------------------------------------------- /deploy/backplane/srep/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | policy: 5 | destination: "acm-policies" 6 | -------------------------------------------------------------------------------- /deploy/backplane/srep/dynatrace/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: ext-hypershift.openshift.io/cluster-type 5 | operator: In 6 | values: ["management-cluster","service-cluster"] 7 | - key: api.openshift.com/fedramp 8 | operator: NotIn 9 | values: ["true"] 10 | -------------------------------------------------------------------------------- /deploy/backplane/srep/dynatrace/opentelemetry/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: ext-hypershift.openshift.io/cluster-type 5 | operator: In 6 | values: ["management-cluster"] 7 | - key: api.openshift.com/fedramp 8 | operator: NotIn 9 | values: ["true"] 10 | -------------------------------------------------------------------------------- /deploy/backplane/srep/fedramp/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/fedramp 5 | operator: In 6 | values: 7 | - "true" 8 | -------------------------------------------------------------------------------- /deploy/backplane/srep/hive/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: ext-managed.openshift.io/hive-shard 5 | operator: In 6 | values: ["true"] 7 | - key: api.openshift.com/fedramp 8 | operator: NotIn 9 | values: 10 | - "true" 11 | -------------------------------------------------------------------------------- /deploy/backplane/srep/hypershift/management-cluster/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: ext-hypershift.openshift.io/cluster-type 5 | operator: In 6 | values: ["management-cluster"] 7 | -------------------------------------------------------------------------------- /deploy/backplane/srep/hypershift/service-cluster/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: ext-hypershift.openshift.io/cluster-type 5 | operator: In 6 | values: ["service-cluster"] 7 | -------------------------------------------------------------------------------- /deploy/backplane/tam/00-tam.namespace.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-backplane-tam 5 | -------------------------------------------------------------------------------- /deploy/backplane/tam/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | policy: 5 | destination: "acm-policies" 6 | -------------------------------------------------------------------------------- /deploy/ccs-dedicated-admins/03-dedicated-admins-manage-operators.ClusterRole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | labels: 5 | managed.openshift.io/aggregate-to-dedicated-admins: "project" 6 | name: dedicated-admins-manage-operators 7 | rules: 8 | - apiGroups: 9 | - operators.coreos.com 10 | resources: 11 | - "*" 12 | verbs: 13 | - "*" 14 | -------------------------------------------------------------------------------- /deploy/ccs-dedicated-admins/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - rogbas 3 | -------------------------------------------------------------------------------- /deploy/ccs-dedicated-admins/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/extended-dedicated-admin 5 | operator: NotIn 6 | values: ["false"] 7 | policy: 8 | destination: "acm-policies" 9 | -------------------------------------------------------------------------------- /deploy/cloud-ingress-operator-configuration/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - cblecker 3 | - fahlmant 4 | - lisa 5 | - sam-nguyen7 6 | -------------------------------------------------------------------------------- /deploy/cloud-ingress-operator-configuration/routerreplicas-osd-8028/10-routerreplics.ingresscontroller.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: IngressController 3 | name: default 4 | namespace: openshift-ingress-operator 5 | applyMode: AlwaysApply 6 | patch: '{"spec":{"replicas":3}}' 7 | patchType: merge 8 | -------------------------------------------------------------------------------- /deploy/cloud-ingress-operator-configuration/routerreplicas-osd-8028/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/id 5 | operator: In 6 | values: "${{ROUTER_REPLICA_CLUSTER_IDS}}" 7 | - key: api.openshift.com/fedramp 8 | operator: NotIn 9 | values: ["true"] 10 | -------------------------------------------------------------------------------- /deploy/cluster-ingress-backplane/00-ingress.config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: Ingress 3 | name: cluster 4 | patch: |- 5 | { "metadata": {"annotations": {"ingress.operator.openshift.io/default-enable-http2": "false"} } } 6 | patchType: merge -------------------------------------------------------------------------------- /deploy/cluster-ingress-backplane/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: ext-managed.openshift.io/backplane-shard 5 | operator: In 6 | values: ["true"] 7 | -------------------------------------------------------------------------------- /deploy/cluster-ingress-hive/00-ingress.config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: Ingress 3 | name: cluster 4 | patch: |- 5 | { "metadata": {"annotations": {"ingress.operator.openshift.io/default-enable-http2": "false"} } } 6 | patchType: merge -------------------------------------------------------------------------------- /deploy/cluster-ingress-hive/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: NotIn 6 | values: ["4.0","4.1","4.2","4.3","4.4"] 7 | - key: ext-managed.openshift.io/hive-shard 8 | operator: In 9 | values: ["true"] -------------------------------------------------------------------------------- /deploy/cluster-ingress/00-ingress.config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: Ingress 3 | name: cluster 4 | patch: |- 5 | { "metadata": {"annotations": {"ingress.operator.openshift.io/default-enable-http2": "true"} } } 6 | patchType: merge -------------------------------------------------------------------------------- /deploy/cluster-ingress/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: NotIn 6 | values: ["4.0","4.1","4.2","4.3","4.4"] 7 | - key: ext-managed.openshift.io/hive-shard 8 | operator: NotIn 9 | values: ["true"] -------------------------------------------------------------------------------- /deploy/cluster-monitoring-config-non-uwm/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - boranx 3 | - cblecker 4 | -------------------------------------------------------------------------------- /deploy/cluster-monitoring-config-non-uwm/README.md: -------------------------------------------------------------------------------- 1 | # Cluster Monitoring Config 2 | 3 | Cluster monitoring config file content can now be found in [resources/cluster-monitoring-config/config.yaml](../../resources/cluster-monitoring-config/config.yaml). 4 | 5 | The ConfigMap is generated using the script [scripts/generate-cmo-config.py](../../scripts/generate-cmo-config.py). 6 | 7 | This is to ensure parity between UWM and non-UWM deployments. -------------------------------------------------------------------------------- /deploy/cluster-monitoring-config-non-uwm/clusters-v4.5/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.5"] -------------------------------------------------------------------------------- /deploy/cluster-monitoring-config/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - boranx 3 | - cblecker 4 | - sre-mst-observatorium 5 | -------------------------------------------------------------------------------- /deploy/cluster-monitoring-config/README.md: -------------------------------------------------------------------------------- 1 | # Cluster Monitoring Config 2 | 3 | Cluster monitoring config file content can now be found in [resources/cluster-monitoring-config/config.yaml](../../resources/cluster-monitoring-config/config.yaml). 4 | 5 | The ConfigMap is generated using the script [scripts/generate-cmo-config.py](../../scripts/generate-cmo-config.py). 6 | 7 | This is to ensure parity between UWM and non-UWM deployments. -------------------------------------------------------------------------------- /deploy/crio-config/01-containerruntimeconfig.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: machineconfiguration.openshift.io/v1 2 | kind: ContainerRuntimeConfig 3 | metadata: 4 | name: custom-crio 5 | spec: 6 | machineConfigPoolSelector: 7 | matchExpressions: 8 | - key: pools.operator.machineconfiguration.openshift.io/worker 9 | operator: Exists 10 | containerRuntimeConfig: 11 | pidsLimit: 4096 12 | -------------------------------------------------------------------------------- /deploy/customer-registry-cas/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | policy: 5 | destination: "acm-policies" 6 | -------------------------------------------------------------------------------- /deploy/hosted-uwm/06-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: dedicated-admins-hostedcluster-uwm 5 | namespace: openshift-monitoring 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: Role 9 | name: dedicated-admins-hostedcluster-uwm 10 | subjects: 11 | - kind: Group 12 | name: dedicated-admins 13 | -------------------------------------------------------------------------------- /deploy/hosted-uwm/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: Policy 2 | clusterSelectors: 3 | 'hypershift.open-cluster-management.io/hosted-cluster': 'true' -------------------------------------------------------------------------------- /deploy/hs-delete-custom-cmo-config/00-hs-delete-custom-cmo.Namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: openshift-delete-custom-cmo-config 6 | -------------------------------------------------------------------------------- /deploy/hs-delete-custom-cmo-config/01-hs-delete-custom-cmo.ServiceAccount.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: hs-delete-custom-cmo-config 6 | namespace: openshift-delete-custom-cmo-config 7 | -------------------------------------------------------------------------------- /deploy/hs-delete-custom-cmo-config/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: ext-managed.openshift.io/hive-shard 5 | operator: In 6 | values: ["true"] 7 | -------------------------------------------------------------------------------- /deploy/hypershift-namespace-labels/01-openshift-observability-operator.patch.yaml: -------------------------------------------------------------------------------- 1 | kind: Namespace 2 | apiVersion: v1 3 | name: openshift-observability-operator 4 | applyMode: AlwaysApply 5 | patch: |- 6 | { "metadata": {"labels": {"network.openshift.io/policy-group":"monitoring"} } } 7 | patchType: merge -------------------------------------------------------------------------------- /deploy/hypershift-namespace-labels/02-openshift-monitoring.patch.yaml: -------------------------------------------------------------------------------- 1 | kind: Namespace 2 | apiVersion: v1 3 | name: openshift-monitoring 4 | applyMode: AlwaysApply 5 | patch: |- 6 | { "metadata": {"labels": {"hypershift.openshift.io/monitoring":"true"} } } 7 | patchType: merge 8 | -------------------------------------------------------------------------------- /deploy/hypershift-namespace-labels/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: ext-hypershift.openshift.io/cluster-type 5 | operator: In 6 | values: ["management-cluster", "service-cluster"] -------------------------------------------------------------------------------- /deploy/hypershift-obo-nodeselector-tolerations/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | matchExpressions: 5 | - key: ext-hypershift.openshift.io/cluster-type 6 | operator: In 7 | values: ["management-cluster"] 8 | - key: api.openshift.com/fedramp 9 | operator: NotIn 10 | values: ["true"] 11 | -------------------------------------------------------------------------------- /deploy/hypershift-obo-nodeselector-tolerations/obo-prometheus.nodeSelector.patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.rhobs/v1 2 | kind: Prometheus 3 | name: hypershift-monitoring-stack 4 | namespace: openshift-observability-operator 5 | applyMode: Sync 6 | patch: '{"spec":{"nodeSelector":{"node-role.kubernetes.io/obo":""}}}' 7 | patchType: merge 8 | -------------------------------------------------------------------------------- /deploy/hypershift-obo-nodeselector-tolerations/obo-prometheus.tolerations.patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.rhobs/v1 2 | applyMode: Sync 3 | kind: Prometheus 4 | name: hypershift-monitoring-stack 5 | namespace: openshift-observability-operator 6 | patch: '{"spec":{"tolerations":[{"effect":"NoSchedule","key":"obo","value":"true"}]}}' 7 | patchType: merge 8 | -------------------------------------------------------------------------------- /deploy/hypershift-ovn-logging/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: Policy 2 | clusterSelectors: 3 | 'hypershift.open-cluster-management.io/management-cluster': 'true' 4 | policy: 5 | destination: "acm-policies" 6 | complianceType: "musthave" -------------------------------------------------------------------------------- /deploy/hypershift-sre-metric-set/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deploymentMode: "SelectorSyncSet" 3 | selectorSyncSet: 4 | matchExpressions: 5 | - key: ext-hypershift.openshift.io/cluster-type 6 | operator: In 7 | values: ["management-cluster"] 8 | -------------------------------------------------------------------------------- /deploy/insights-integration/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: Sync 4 | matchExpressions: 5 | - key: api.openshift.com/environment 6 | operator: In 7 | values: ["integration"] 8 | - key: api.openshift.com/fedramp 9 | operator: NotIn 10 | values: ["true"] 11 | -------------------------------------------------------------------------------- /deploy/insights-staging/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: Sync 4 | matchExpressions: 5 | - key: api.openshift.com/environment 6 | operator: In 7 | values: ["staging"] 8 | - key: api.openshift.com/fedramp 9 | operator: NotIn 10 | values: ["true"] 11 | -------------------------------------------------------------------------------- /deploy/itn-2024-00255-camo-unsafefailforward/10-openshift-cluster-monitoring-operatorgroup.patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | name: openshift-cluster-monitoring 4 | namespace: openshift-monitoring 5 | applyMode: AlwaysApply 6 | patch: '{"spec":{"upgradeStrategy":"TechPreviewUnsafeFailForward"}}' 7 | patchType: merge 8 | -------------------------------------------------------------------------------- /deploy/itn-2024-00255-camo-unsafefailforward/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | matchExpressions: 5 | - key: hive.openshift.io/version-major-minor 6 | operator: In 7 | values: ["4.11", "4.12", "4.13", "4.14", "4.15", "4.16", "4.17"] 8 | -------------------------------------------------------------------------------- /deploy/kubelet-config/01-kubelet-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: machineconfiguration.openshift.io/v1 2 | kind: KubeletConfig 3 | metadata: 4 | name: custom-kubelet 5 | spec: 6 | machineConfigPoolSelector: 7 | matchExpressions: 8 | - key: machineconfiguration.openshift.io/mco-built-in 9 | operator: Exists 10 | autoSizingReserved: true 11 | -------------------------------------------------------------------------------- /deploy/kubelet-config/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: Upsert 4 | matchLabelsApplyMode: "AND" 5 | matchExpressions: 6 | - key: hive.openshift.io/version-major-minor 7 | operator: NotIn 8 | values: ["4.1", "4.2", "4.3", "4.4", "4.5", "4.6", "4.7", "4.8"] 9 | -------------------------------------------------------------------------------- /deploy/kubelet-config/pre-4.9/01-patch.machineconfigpool.yaml: -------------------------------------------------------------------------------- 1 | kind: MachineConfigPool 2 | apiVersion: machineconfiguration.openshift.io/v1 3 | name: worker 4 | applyMode: AlwaysApply 5 | patch: |- 6 | { "metadata": {"labels": {"managed.openshift.io/custom-kubelet":""} } } 7 | patchType: merge 8 | -------------------------------------------------------------------------------- /deploy/kubelet-config/pre-4.9/02-patch.machineconfigpool.yaml: -------------------------------------------------------------------------------- 1 | kind: MachineConfigPool 2 | apiVersion: machineconfiguration.openshift.io/v1 3 | name: master 4 | applyMode: AlwaysApply 5 | patch: |- 6 | { "metadata": {"labels": {"managed.openshift.io/custom-kubelet":""} } } 7 | patchType: merge 8 | -------------------------------------------------------------------------------- /deploy/kubelet-config/pre-4.9/03-kubelet-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: machineconfiguration.openshift.io/v1 2 | kind: KubeletConfig 3 | metadata: 4 | name: custom-kubelet 5 | spec: 6 | machineConfigPoolSelector: 7 | matchLabels: 8 | managed.openshift.io/custom-kubelet: "" 9 | kubeletConfig: 10 | systemReserved: 11 | cpu: 1000m 12 | memory: 1Gi 13 | -------------------------------------------------------------------------------- /deploy/kubelet-config/pre-4.9/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: Upsert 4 | matchExpressions: 5 | - key: hive.openshift.io/version-major-minor 6 | operator: In 7 | values: ["4.1", "4.2", "4.3", "4.4", "4.5", "4.6", "4.7", "4.8"] 8 | -------------------------------------------------------------------------------- /deploy/managed-upgrade-operator-config/4.5/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.5"] 7 | resourceApplyMode: Upsert 8 | -------------------------------------------------------------------------------- /deploy/managed-upgrade-operator-config/4.6/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.6"] 7 | resourceApplyMode: Upsert 8 | -------------------------------------------------------------------------------- /deploy/managed-upgrade-operator-config/4.7/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.7"] 7 | resourceApplyMode: Upsert 8 | -------------------------------------------------------------------------------- /deploy/managed-upgrade-operator-config/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - bmeng 3 | - mrbarge 4 | - ravitri 5 | -------------------------------------------------------------------------------- /deploy/managed-upgrade-operator-config/hypershift-mc/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: ext-hypershift.openshift.io/cluster-type 5 | operator: In 6 | values: ["management-cluster"] 7 | -------------------------------------------------------------------------------- /deploy/managed-velero-operator-rolebinding/111-velero.Role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | creationTimestamp: null 5 | name: cluster-config-v1-reader 6 | namespace: kube-system 7 | rules: 8 | - apiGroups: 9 | - "" 10 | resourceNames: 11 | - cluster-config-v1 12 | resources: 13 | - configmaps 14 | verbs: 15 | - get 16 | -------------------------------------------------------------------------------- /deploy/managed-velero-operator-rolebinding/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | -------------------------------------------------------------------------------- /deploy/ocm-agent-operator-managedfleetnotifications/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - mrbarge 3 | - bmeng 4 | - ravitri -------------------------------------------------------------------------------- /deploy/ocm-agent-operator-managedfleetnotifications/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: Sync 4 | matchExpressions: 5 | - key: api.openshift.com/fedramp 6 | operator: NotIn 7 | values: 8 | - "true" 9 | -------------------------------------------------------------------------------- /deploy/ocm-agent-operator-managednotifications/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - bmeng 3 | - ravitri -------------------------------------------------------------------------------- /deploy/ocm-agent-operator-managednotifications/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: Sync 4 | matchExpressions: 5 | - key: api.openshift.com/fedramp 6 | operator: NotIn 7 | values: 8 | - "true" 9 | -------------------------------------------------------------------------------- /deploy/ocm-agent-operator-managednotifications/unsupported-logging/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | matchExpressions: 5 | - key: ext-managed.openshift.io/extended-logging-support 6 | operator: NotIn 7 | values: ["true"] 8 | - key: api.openshift.com/fedramp 9 | operator: NotIn 10 | values: 11 | - "true" -------------------------------------------------------------------------------- /deploy/ocpbugs-1341-pod-network-connectivity-check-leak/00-OCPBUGS-1341.ServiceAccount.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ServiceAccount 3 | apiVersion: v1 4 | metadata: 5 | name: sre-pod-network-connectivity-check-pruner 6 | namespace: openshift-network-diagnostics 7 | annotations: 8 | kubernetes.io/description: Mitigate https://issues.redhat.com/browse/OCPBUGS-1341 by pruning leaked PodNetworkConnectivityChecks. 9 | -------------------------------------------------------------------------------- /deploy/ocpbugs-1341-pod-network-connectivity-check-leak/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - wking 3 | -------------------------------------------------------------------------------- /deploy/ocpbugs-1341-pod-network-connectivity-check-leak/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: Sync 4 | matchExpressions: 5 | - key: hive.openshift.io/version-major-minor 6 | operator: In 7 | values: ["4.8","4.9","4.10","4.11"] 8 | -------------------------------------------------------------------------------- /deploy/ocpbugs-1341-pod-network-connectivity-check-leak/no-seccomp/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: Sync 4 | matchExpressions: 5 | - key: hive.openshift.io/version-major-minor 6 | operator: In 7 | values: ["4.8","4.9","4.10"] 8 | -------------------------------------------------------------------------------- /deploy/ocpbugs-1341-pod-network-connectivity-check-leak/seccomp/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: Sync 4 | matchExpressions: 5 | - key: hive.openshift.io/version-major-minor 6 | operator: In 7 | values: ["4.11"] 8 | -------------------------------------------------------------------------------- /deploy/ocpbugs-15043/00-ocpbugs-15043.ServiceAccount.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: ocpbugs-15043 6 | namespace: openshift-config 7 | -------------------------------------------------------------------------------- /deploy/ocpbugs-15043/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: Sync 4 | matchExpressions: 5 | - key: hive.openshift.io/version 6 | operator: In 7 | values: 8 | - 4.13.0 9 | - 4.13.1 10 | - 4.13.2 11 | - 4.13.3 12 | - 4.13.4 13 | - 4.13.5 14 | - 4.13.6 15 | - 4.13.7 16 | - 4.13.8 17 | - 4.13.9 18 | -------------------------------------------------------------------------------- /deploy/ocpbugs-20184/00-ocpbugs-20184.ServiceAccount.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: ocpbugs-20184 6 | namespace: openshift-network-node-identity 7 | -------------------------------------------------------------------------------- /deploy/ocpbugs-20184/01-ocpbugs-20184.Role.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: ocpbugs-20184 6 | namespace: openshift-network-node-identity 7 | rules: 8 | - apiGroups: 9 | - "" 10 | resources: 11 | - pods 12 | verbs: 13 | - get 14 | - list 15 | - delete 16 | -------------------------------------------------------------------------------- /deploy/ocpbugs-20184/02-ocpbugs-20184.RoleBinding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: RoleBinding 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: ocpbugs-20184 6 | namespace: openshift-network-node-identity 7 | subjects: 8 | - kind: ServiceAccount 9 | name: ocpbugs-20184 10 | namespace: openshift-network-node-identity 11 | roleRef: 12 | apiGroup: rbac.authorization.k8s.io 13 | kind: Role 14 | name: ocpbugs-20184 15 | -------------------------------------------------------------------------------- /deploy/ocpbugs-20184/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: Sync 4 | matchExpressions: 5 | - key: hive.openshift.io/version 6 | operator: In 7 | values: ["4.14.0-rc.3", "4.14.0-rc.4", "4.15.0-ec.0"] 8 | -------------------------------------------------------------------------------- /deploy/ocpbugs-773/00-OCPBUGS-773.ServiceAccount.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ServiceAccount 3 | apiVersion: v1 4 | metadata: 5 | name: ocpbugs-773 6 | namespace: openshift-sre-pruning 7 | annotations: 8 | kubernetes.io/description: Mitigate https://issues.redhat.com/browse/OCPBUGS-773 by checking podman version 9 | -------------------------------------------------------------------------------- /deploy/ocpbugs-773/03-OCPBUGS-773.ClusterRoleBinding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ClusterRoleBinding 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: ocpbugs-773 6 | subjects: 7 | - kind: ServiceAccount 8 | name: ocpbugs-773 9 | namespace: openshift-sre-pruning 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: ClusterRole 13 | name: ocpbugs-773 -------------------------------------------------------------------------------- /deploy/ocpbugs-773/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - mrbarge 3 | -------------------------------------------------------------------------------- /deploy/ocpbugs-773/README.md: -------------------------------------------------------------------------------- 1 | # OCPBUGS-773 2 | 3 | ## About 4 | 5 | This sets up a `CronJob` on the cluster which applies a read-only workaround to remediate any cluster potentially impacted by from [OCPBUGS-773][]. 6 | 7 | ## References: 8 | * [OCPBUGS-773][] 9 | 10 | [OCPBUGS-773]: https://issues.redhat.com/browse/OCPBUGS-773 11 | -------------------------------------------------------------------------------- /deploy/odf-prom-restart/00-mtsre-1450.ServiceAccount.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ServiceAccount 3 | apiVersion: v1 4 | metadata: 5 | name: prometheus-restarter 6 | namespace: openshift-storage 7 | -------------------------------------------------------------------------------- /deploy/odf-prom-restart/01-mtsre-1450.Role.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: prometheus-restarter-role 6 | namespace: openshift-storage 7 | rules: 8 | - apiGroups: [""] 9 | resources: 10 | - "pods" 11 | resourceNames: ["prometheus-managed-ocs-prometheus-0"] 12 | verbs: ["delete"] 13 | -------------------------------------------------------------------------------- /deploy/odf-prom-restart/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchLabels: 4 | api.openshift.com/addon-ocs-consumer: "true" 5 | api.openshift.com/addon-ocs-provider: "true" 6 | matchLabelsApplyMode: "OR" 7 | -------------------------------------------------------------------------------- /deploy/osd-25821-capa-annotator/00-Namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-capa-annotator -------------------------------------------------------------------------------- /deploy/osd-25821-capa-annotator/02-ServiceAccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: capa-annotator 5 | namespace: openshift-capa-annotator 6 | -------------------------------------------------------------------------------- /deploy/osd-25821-capa-annotator/03-ClusterRoleBinding.yaml: -------------------------------------------------------------------------------- 1 | kind: ClusterRoleBinding 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: capa-annotator 5 | subjects: 6 | - kind: ServiceAccount 7 | name: capa-annotator 8 | namespace: openshift-capa-annotator 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: capa-annotator -------------------------------------------------------------------------------- /deploy/osd-25821-capa-annotator/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: ext-hypershift.openshift.io/cluster-type 5 | operator: In 6 | values: ["service-cluster"] 7 | - key: api.openshift.com/fedramp 8 | operator: NotIn 9 | values: ["true"] -------------------------------------------------------------------------------- /deploy/osd-25821-capa-annotator/generate_configmap.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -eo pipefail 4 | 5 | echo "Generating 04-ConfigMap.yaml from files: should_patch.py, patch.sh" 6 | oc create configmap capa-annotator -n openshift-capa-annotator \ 7 | --from-file should_patch.py --from-file patch.sh --dry-run=client -o yaml > 04-ConfigMap.yaml 8 | 9 | echo "Complete!" 10 | -------------------------------------------------------------------------------- /deploy/osd-aquasec-operator/00-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-aqua 5 | annotations: 6 | openshift.io/node-selector: "" 7 | -------------------------------------------------------------------------------- /deploy/osd-aquasec-operator/03-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: dedicated-admins-openshift-aqua 5 | namespace: openshift-aqua 6 | subjects: 7 | - kind: Group 8 | name: dedicated-admins 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: Role 12 | name: dedicated-admins-openshift-aqua 13 | -------------------------------------------------------------------------------- /deploy/osd-aquasec-operator/11-clusterrolebinding-image-scanner.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: aqua-scanner-binding 5 | roleRef: 6 | kind: ClusterRole 7 | name: image-scanner 8 | apiGroup: rbac.authorization.k8s.io 9 | subjects: 10 | - kind: ServiceAccount 11 | name: aqua-sa 12 | namespace: openshift-aqua 13 | -------------------------------------------------------------------------------- /deploy/osd-aquasec-operator/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - jharrington22 3 | - rogbas 4 | -------------------------------------------------------------------------------- /deploy/osd-aquasec-operator/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | -------------------------------------------------------------------------------- /deploy/osd-avo-resources/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - dustman9000 3 | - robotmaxtron 4 | -------------------------------------------------------------------------------- /deploy/osd-backplane-managed-scripts/00-openshift-backplane-managed-scripts.Namespace.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-backplane-managed-scripts 5 | -------------------------------------------------------------------------------- /deploy/osd-backplane-managed-scripts/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | policy: 5 | destination: "acm-policies" 6 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.10/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"candidate-4.10"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.10/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.10"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["candidate"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.11/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"candidate-4.11"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.11/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.11"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["candidate"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.12/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"candidate-4.12"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.12/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.12"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["candidate"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.13/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"candidate-4.13"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.13/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.13"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["candidate"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.14/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"candidate-4.14"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.14/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.14"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["candidate"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.15/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"candidate-4.15"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.15/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.15"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["candidate"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.16/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"candidate-4.16"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.16/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.16"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["candidate"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.17/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"candidate-4.17"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.17/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.17"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["candidate"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.18/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"candidate-4.18"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.18/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.18"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["candidate"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.19/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"candidate-4.19"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.19/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.19"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["candidate"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.5/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"candidate-4.5"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.5/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.5"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["candidate"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.6/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"candidate-4.6"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.6/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.6"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["candidate"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.7/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"candidate-4.7"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.7/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.7"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["candidate"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.8/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"candidate-4.8"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.8/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.8"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["candidate"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.9/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"candidate-4.9"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/candidate-4.9/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.9"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["candidate"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.10/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"fast-4.10"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.10/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.10"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.11/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"fast-4.11"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.11/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.11"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.12/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"fast-4.12"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.12/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.12"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.13/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"fast-4.13"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.13/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.13"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.14/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"fast-4.14"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.14/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.14"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.15/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"fast-4.15"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.15/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.15"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.16/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"fast-4.16"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.16/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.16"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.17/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"fast-4.17"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.17/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.17"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.18/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"fast-4.18"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.18/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.18"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.19/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"fast-4.19"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.19/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.19"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.5/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"fast-4.5"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.5/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.5"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.6/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"fast-4.6"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.6/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.6"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.7/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"fast-4.7"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.7/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.7"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.8/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"fast-4.8"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.8/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.8"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.9/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"fast-4.9"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/fast-4.9/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.9"] 7 | - key: api.openshift.com/channel-group 8 | operator: In 9 | values: ["fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/nightly/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":""}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/nightly/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/channel-group 5 | operator: In 6 | values: ["nightly"] 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.10/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"stable-4.10"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.10/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.10"] 7 | - key: api.openshift.com/channel-group 8 | operator: NotIn 9 | values: ["nightly","candidate","fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.11/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"stable-4.11"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.11/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.11"] 7 | - key: api.openshift.com/channel-group 8 | operator: NotIn 9 | values: ["nightly","candidate","fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.12/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"stable-4.12"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.12/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.12"] 7 | - key: api.openshift.com/channel-group 8 | operator: NotIn 9 | values: ["nightly","candidate","fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.13/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"stable-4.13"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.13/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.13"] 7 | - key: api.openshift.com/channel-group 8 | operator: NotIn 9 | values: ["nightly","candidate","fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.14/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"stable-4.14"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.14/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.14"] 7 | - key: api.openshift.com/channel-group 8 | operator: NotIn 9 | values: ["nightly","candidate","fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.15/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"stable-4.15"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.15/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.15"] 7 | - key: api.openshift.com/channel-group 8 | operator: NotIn 9 | values: ["nightly","candidate","fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.16/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"stable-4.16"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.16/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.16"] 7 | - key: api.openshift.com/channel-group 8 | operator: NotIn 9 | values: ["nightly","candidate","fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.17/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"stable-4.17"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.17/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.17"] 7 | - key: api.openshift.com/channel-group 8 | operator: NotIn 9 | values: ["nightly","candidate","fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.18/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"stable-4.18"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.18/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.18"] 7 | - key: api.openshift.com/channel-group 8 | operator: NotIn 9 | values: ["nightly","candidate","fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.19/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"stable-4.19"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.19/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.19"] 7 | - key: api.openshift.com/channel-group 8 | operator: NotIn 9 | values: ["nightly","candidate","fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.5/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"stable-4.5"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.5/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.5"] 7 | - key: api.openshift.com/channel-group 8 | operator: NotIn 9 | values: ["nightly","candidate","fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.6/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"stable-4.6"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.6/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.6"] 7 | - key: api.openshift.com/channel-group 8 | operator: NotIn 9 | values: ["nightly","candidate","fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.7/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"stable-4.7"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.7/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.7"] 7 | - key: api.openshift.com/channel-group 8 | operator: NotIn 9 | values: ["nightly","candidate","fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.8/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"stable-4.8"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.8/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.8"] 7 | - key: api.openshift.com/channel-group 8 | operator: NotIn 9 | values: ["nightly","candidate","fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.9/01-patch.clusterversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: ClusterVersion 3 | name: version 4 | applyMode: AlwaysApply 5 | patch: '{"spec":{"channel":"stable-4.9"}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-channel-patch/stable-4.9/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.9"] 7 | - key: api.openshift.com/channel-group 8 | operator: NotIn 9 | values: ["nightly","candidate","fast"] 10 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - rafael-azevedo 3 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/gcp/4.15/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: SelectorSyncSet 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.14"] 7 | - key: hive.openshift.io/cluster-platform 8 | operator: In 9 | values: ["gcp"] 10 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/gcp/4.15/osd-gcp-ack_CloudCredential.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.openshift.io/v1 2 | kind: CloudCredential 3 | name: cluster 4 | applyMode: AlwaysApply 5 | patch: '{"metadata":{"annotations":{"cloudcredential.openshift.io/upgradeable-to":"v4.15"}}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/ocp/4.12/admin-gates.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | ack-4.11-kube-1.25-api-removals-in-4.12: "true" 4 | kind: ConfigMap 5 | metadata: 6 | name: admin-acks 7 | namespace: openshift-config 8 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/ocp/4.12/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: Upsert 4 | matchExpressions: 5 | - key: hive.openshift.io/version-major-minor 6 | operator: In 7 | values: ["4.11"] 8 | - key: api.openshift.com/gate-ocp 9 | operator: In 10 | values: ["4.12"] 11 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/ocp/4.13/admin-gates.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | ack-4.12-kube-1.26-api-removals-in-4.13: "true" 4 | kind: ConfigMap 5 | metadata: 6 | name: admin-acks 7 | namespace: openshift-config 8 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/ocp/4.13/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: Upsert 4 | matchExpressions: 5 | - key: hive.openshift.io/version-major-minor 6 | operator: In 7 | values: ["4.12"] 8 | - key: api.openshift.com/gate-ocp 9 | operator: In 10 | values: ["4.13"] 11 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/ocp/4.14/admin-gates.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | ack-4.13-kube-1.27-api-removals-in-4.14: "true" 4 | kind: ConfigMap 5 | metadata: 6 | name: admin-acks 7 | namespace: openshift-config 8 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/ocp/4.14/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: Upsert 4 | matchExpressions: 5 | - key: hive.openshift.io/version-major-minor 6 | operator: In 7 | values: ["4.13"] 8 | - key: api.openshift.com/gate-ocp 9 | operator: In 10 | values: ["4.14"] 11 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/ocp/4.16/admin-gates.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | ack-4.16-flowschemas-removal: "true" 4 | ack-4.16-prioritylevelconfigurations-removal: "true" 5 | ack-4.15-kube-1.29-api-removals-in-4.16: "true" 6 | kind: ConfigMap 7 | metadata: 8 | name: admin-acks 9 | namespace: openshift-config 10 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/ocp/4.16/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: Upsert 4 | matchExpressions: 5 | - key: hive.openshift.io/version-major-minor 6 | operator: In 7 | values: ["4.15"] 8 | - key: api.openshift.com/gate-ocp 9 | operator: In 10 | values: ["4.16"] 11 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/ocp/4.19/admin-gates.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | ack-4.18-kube-1.32-api-removals-in-4.19: "true" 4 | kind: ConfigMap 5 | metadata: 6 | name: admin-acks 7 | namespace: openshift-config 8 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/ocp/4.19/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: Upsert 4 | matchExpressions: 5 | - key: hive.openshift.io/version-major-minor 6 | operator: In 7 | values: ["4.18"] 8 | - key: api.openshift.com/gate-ocp 9 | operator: In 10 | values: ["4.19"] 11 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/ocp/4.9/admin-gates.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | ack-4.8-kube-1.22-api-removals-in-4.9: "true" 4 | kind: ConfigMap 5 | metadata: 6 | name: admin-acks 7 | namespace: openshift-config 8 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/ocp/4.9/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: Upsert 4 | matchExpressions: 5 | - key: hive.openshift.io/version-major-minor 6 | operator: In 7 | values: ["4.8"] 8 | - key: api.openshift.com/gate-ocp 9 | operator: In 10 | values: ["4.9"] 11 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/sts/4.10/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: SelectorSyncSet 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.9"] 7 | - key: api.openshift.com/gate-sts 8 | operator: In 9 | values: ["4.10"] 10 | - key: api.openshift.com/sts 11 | operator: In 12 | values: ["true"] 13 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/sts/4.10/osd-sts-ack_CloudCredential.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.openshift.io/v1 2 | kind: CloudCredential 3 | name: cluster 4 | applyMode: AlwaysApply 5 | patch: '{"metadata":{"annotations":{"cloudcredential.openshift.io/upgradeable-to":"v4.10"}}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/sts/4.11/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: SelectorSyncSet 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.10"] 7 | - key: api.openshift.com/gate-sts 8 | operator: In 9 | values: ["4.11"] 10 | - key: api.openshift.com/sts 11 | operator: In 12 | values: ["true"] 13 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/sts/4.11/osd-sts-ack_CloudCredential.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.openshift.io/v1 2 | kind: CloudCredential 3 | name: cluster 4 | applyMode: AlwaysApply 5 | patch: '{"metadata":{"annotations":{"cloudcredential.openshift.io/upgradeable-to":"v4.11"}}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/sts/4.12/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: SelectorSyncSet 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.11"] 7 | - key: api.openshift.com/gate-sts 8 | operator: In 9 | values: ["4.12"] 10 | - key: api.openshift.com/sts 11 | operator: In 12 | values: ["true"] 13 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/sts/4.12/osd-sts-ack_CloudCredential.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.openshift.io/v1 2 | kind: CloudCredential 3 | name: cluster 4 | applyMode: AlwaysApply 5 | patch: '{"metadata":{"annotations":{"cloudcredential.openshift.io/upgradeable-to":"v4.12"}}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/sts/4.13/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: SelectorSyncSet 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.12"] 7 | - key: api.openshift.com/gate-sts 8 | operator: In 9 | values: ["4.13"] 10 | - key: api.openshift.com/sts 11 | operator: In 12 | values: ["true"] 13 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/sts/4.13/osd-sts-ack_CloudCredential.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.openshift.io/v1 2 | kind: CloudCredential 3 | name: cluster 4 | applyMode: AlwaysApply 5 | patch: '{"metadata":{"annotations":{"cloudcredential.openshift.io/upgradeable-to":"v4.13"}}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/sts/4.14/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: SelectorSyncSet 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.13"] 7 | - key: api.openshift.com/gate-sts 8 | operator: In 9 | values: ["4.14"] 10 | - key: api.openshift.com/sts 11 | operator: In 12 | values: ["true"] 13 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/sts/4.14/osd-sts-ack_CloudCredential.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.openshift.io/v1 2 | kind: CloudCredential 3 | name: cluster 4 | applyMode: AlwaysApply 5 | patch: '{"metadata":{"annotations":{"cloudcredential.openshift.io/upgradeable-to":"v4.14"}}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/sts/4.15/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: SelectorSyncSet 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.14"] 7 | - key: api.openshift.com/gate-sts 8 | operator: In 9 | values: ["4.15"] 10 | - key: api.openshift.com/sts 11 | operator: In 12 | values: ["true"] 13 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/sts/4.15/osd-sts-ack_CloudCredential.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.openshift.io/v1 2 | kind: CloudCredential 3 | name: cluster 4 | applyMode: AlwaysApply 5 | patch: '{"metadata":{"annotations":{"cloudcredential.openshift.io/upgradeable-to":"v4.15"}}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/sts/4.16/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: SelectorSyncSet 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.15"] 7 | - key: api.openshift.com/sts 8 | operator: In 9 | values: ["true"] 10 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/sts/4.16/osd-sts-ack_CloudCredential.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.openshift.io/v1 2 | kind: CloudCredential 3 | name: cluster 4 | applyMode: AlwaysApply 5 | patch: '{"metadata":{"annotations":{"cloudcredential.openshift.io/upgradeable-to":"v4.16"}}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/sts/4.17/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: SelectorSyncSet 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.16"] 7 | - key: api.openshift.com/sts 8 | operator: In 9 | values: ["true"] 10 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/sts/4.17/osd-sts-ack_CloudCredential.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.openshift.io/v1 2 | kind: CloudCredential 3 | name: cluster 4 | applyMode: AlwaysApply 5 | patch: '{"metadata":{"annotations":{"cloudcredential.openshift.io/upgradeable-to":"v4.17"}}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/sts/4.18/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: SelectorSyncSet 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.17"] 7 | - key: api.openshift.com/sts 8 | operator: In 9 | values: ["true"] 10 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/sts/4.18/osd-sts-ack_CloudCredential.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.openshift.io/v1 2 | kind: CloudCredential 3 | name: cluster 4 | applyMode: AlwaysApply 5 | patch: '{"metadata":{"annotations":{"cloudcredential.openshift.io/upgradeable-to":"v4.18"}}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/sts/4.19/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: SelectorSyncSet 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.18"] 7 | - key: api.openshift.com/sts 8 | operator: In 9 | values: ["true"] 10 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/sts/4.19/osd-sts-ack_CloudCredential.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.openshift.io/v1 2 | kind: CloudCredential 3 | name: cluster 4 | applyMode: AlwaysApply 5 | patch: '{"metadata":{"annotations":{"cloudcredential.openshift.io/upgradeable-to":"v4.19"}}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/sts/4.9/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: SelectorSyncSet 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.8"] 7 | - key: api.openshift.com/gate-sts 8 | operator: In 9 | values: ["4.9"] 10 | - key: api.openshift.com/sts 11 | operator: In 12 | values: ["true"] 13 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/sts/4.9/osd-sts-ack_4.9_CloudCredential.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.openshift.io/v1 2 | kind: CloudCredential 3 | name: cluster 4 | applyMode: AlwaysApply 5 | patch: '{"metadata":{"annotations":{"cloudcredential.openshift.io/upgradeable-to":"v4.9"}}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/wif/4.18/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: SelectorSyncSet 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.17"] 7 | - key: api.openshift.com/gate-wif 8 | operator: In 9 | values: ["4.18"] 10 | - key: api.openshift.com/wif 11 | operator: In 12 | values: ["true"] 13 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/wif/4.18/osd-wif-ack_CloudCredential.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.openshift.io/v1 2 | kind: CloudCredential 3 | name: cluster 4 | applyMode: AlwaysApply 5 | patch: '{"metadata":{"annotations":{"cloudcredential.openshift.io/upgradeable-to":"v4.18"}}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/wif/4.19/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: SelectorSyncSet 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.17", "4.18"] 7 | - key: api.openshift.com/gate-wif 8 | operator: In 9 | values: ["4.19"] 10 | - key: api.openshift.com/wif 11 | operator: In 12 | values: ["true"] 13 | -------------------------------------------------------------------------------- /deploy/osd-cluster-acks/wif/4.19/osd-wif-ack_CloudCredential.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.openshift.io/v1 2 | kind: CloudCredential 3 | name: cluster 4 | applyMode: AlwaysApply 5 | patch: '{"metadata":{"annotations":{"cloudcredential.openshift.io/upgradeable-to":"v4.19"}}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-cluster-admin/03-cluster-admin.ClusterRoleBinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: osd-cluster-admin 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: cluster-admin 9 | subjects: 10 | - apiGroup: rbac.authorization.k8s.io 11 | kind: Group 12 | name: cluster-admins -------------------------------------------------------------------------------- /deploy/osd-cluster-admin/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - rogbas 3 | -------------------------------------------------------------------------------- /deploy/osd-cluster-admin/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchLabels: 4 | api.openshift.com/cluster-admin: "true" 5 | policy: 6 | destination: "acm-policies" 7 | -------------------------------------------------------------------------------- /deploy/osd-cluster-ready/10-osd-ready.ServiceAccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: osd-cluster-ready 5 | namespace: openshift-monitoring 6 | -------------------------------------------------------------------------------- /deploy/osd-cluster-ready/20-osd-ready.openshift-monitoring.Role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: osd-cluster-ready 5 | namespace: openshift-monitoring 6 | rules: 7 | # Service account needs to be able to get pods and exec on them 8 | - apiGroups: 9 | - "" 10 | resources: 11 | - pods 12 | verbs: 13 | - get 14 | - list 15 | -------------------------------------------------------------------------------- /deploy/osd-cluster-ready/30-osd-ready.openshift-machine-api.Role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: osd-cluster-ready 5 | namespace: openshift-machine-api 6 | rules: 7 | - apiGroups: 8 | - machine.openshift.io 9 | resources: 10 | - machines 11 | verbs: 12 | - list 13 | -------------------------------------------------------------------------------- /deploy/osd-cluster-ready/40-osd-ready.openshift-config.Role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: osd-cluster-ready 5 | namespace: openshift-config 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - secrets 11 | verbs: 12 | - list 13 | 14 | -------------------------------------------------------------------------------- /deploy/osd-cluster-ready/45-osd-ready.openshift-config.RoleBinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: osd-cluster-ready 5 | namespace: openshift-config 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: Role 9 | name: osd-cluster-ready 10 | subjects: 11 | - kind: ServiceAccount 12 | name: osd-cluster-ready 13 | namespace: openshift-monitoring 14 | -------------------------------------------------------------------------------- /deploy/osd-cluster-ready/55-osd-ready.ClusterRoleBinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: osd-cluster-ready 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: osd-cluster-ready 9 | subjects: 10 | - kind: ServiceAccount 11 | name: osd-cluster-ready 12 | namespace: openshift-monitoring 13 | -------------------------------------------------------------------------------- /deploy/osd-cluster-ready/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | -------------------------------------------------------------------------------- /deploy/osd-cluster-ready/job/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | applyBehavior: "CreateOnly" 4 | -------------------------------------------------------------------------------- /deploy/osd-codeready-workspaces/00-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-codeready-workspaces 5 | annotations: 6 | openshift.io/node-selector: "" 7 | labels: 8 | openshift.io/cluster-logging: "true" 9 | openshift.io/cluster-monitoring: "true" 10 | -------------------------------------------------------------------------------- /deploy/osd-codeready-workspaces/01-operatorgroup.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: openshift-codeready-workspaces 5 | namespace: openshift-codeready-workspaces 6 | spec: 7 | serviceAccount: 8 | metadata: 9 | creationTimestamp: null 10 | targetNamespaces: 11 | - openshift-codeready-workspaces 12 | -------------------------------------------------------------------------------- /deploy/osd-codeready-workspaces/06-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: dedicated-admins-openshift-codeready-workspaces 5 | namespace: openshift-codeready-workspaces 6 | subjects: 7 | - kind: Group 8 | name: dedicated-admins 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: Role 12 | name: dedicated-admins-openshift-codeready-workspaces 13 | -------------------------------------------------------------------------------- /deploy/osd-codeready-workspaces/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - rogbas 3 | - cblecker 4 | -------------------------------------------------------------------------------- /deploy/osd-codeready-workspaces/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | -------------------------------------------------------------------------------- /deploy/osd-console-branding/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/product 5 | operator: NotIn 6 | values: ["rosa"] 7 | -------------------------------------------------------------------------------- /deploy/osd-console-branding/osd-branding.console.Patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.openshift.io/v1 2 | applyMode: AlwaysApply 3 | kind: Console 4 | name: cluster 5 | patchType: merge 6 | patch: >- 7 | {"spec":{"managementState":"Managed","route":null,"customization":{"brand":"dedicated","documentationBaseURL":"https://docs.openshift.com/dedicated/4/","customProductName":null,"customLogoFile":null}}} 8 | -------------------------------------------------------------------------------- /deploy/osd-console-branding/telemetry/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/product 5 | operator: NotIn 6 | values: ["rosa"] 7 | - key: api.openshift.com/fedramp 8 | operator: NotIn 9 | values: ["true"] 10 | -------------------------------------------------------------------------------- /deploy/osd-console-branding/telemetry/osd-branding.console.Patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.openshift.io/v1 2 | applyMode: AlwaysApply 3 | kind: Console 4 | name: cluster 5 | patchType: merge 6 | patch: >- 7 | {"metadata":{"annotations":{"telemetry.console.openshift.io/CLUSTER_TYPE":"OSD","telemetry.console.openshift.io/SEGMENT_API_KEY":"${SEGMENT_API_KEY}"}}} 8 | -------------------------------------------------------------------------------- /deploy/osd-curated-operatorsources-revert/00-operatorhub.cr.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | applyMode: AlwaysApply 3 | kind: OperatorHub 4 | name: cluster 5 | patch: '{"spec":{"disableAllDefaultSources":false}}' 6 | patchType: merge 7 | -------------------------------------------------------------------------------- /deploy/osd-curated-operatorsources-revert/00-osd-patch-subscription-source.ServiceAccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: osd-patch-subscription-source 5 | namespace: openshift-marketplace 6 | -------------------------------------------------------------------------------- /deploy/osd-curated-operatorsources-revert/01-osd-patch-subscription-source.ClusterRole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: osd-patch-subscription-source 5 | rules: 6 | - apiGroups: 7 | - operators.coreos.com 8 | resources: 9 | - subscriptions 10 | verbs: 11 | - patch 12 | - get 13 | - list 14 | -------------------------------------------------------------------------------- /deploy/osd-curated-operatorsources-revert/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - rogbas 3 | -------------------------------------------------------------------------------- /deploy/osd-curated-operatorsources-revert/README.md: -------------------------------------------------------------------------------- 1 | This removes the override for OperatorHub. It does not remove the curated OperatorSource CRs. 2 | There is not a way to remove a file from hive at this time. And the existance of the shipped and curated OperatorSources works fine. -------------------------------------------------------------------------------- /deploy/osd-curated-operatorsources-revert/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/extended-dedicated-admin 5 | operator: NotIn 6 | values: ["false"] 7 | -------------------------------------------------------------------------------- /deploy/osd-curated-operatorsources/00-operatorhub.cr.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | applyMode: AlwaysApply 3 | kind: OperatorHub 4 | name: cluster 5 | patch: '{"spec":{"disableAllDefaultSources":true}}' 6 | patchType: merge -------------------------------------------------------------------------------- /deploy/osd-curated-operatorsources/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - rogbas 3 | -------------------------------------------------------------------------------- /deploy/osd-custom-domains/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - dustman9000 3 | - jharrington22 4 | -------------------------------------------------------------------------------- /deploy/osd-custom-domains/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | -------------------------------------------------------------------------------- /deploy/osd-customer-monitoring/00-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-customer-monitoring 5 | annotations: 6 | openshift.io/node-selector: "" 7 | labels: 8 | name: "openshift-customer-monitoring" 9 | openshift.io/cluster-logging: "true" 10 | openshift.io/cluster-monitoring: "false" 11 | openshift.io/workload-monitoring: "true" 12 | -------------------------------------------------------------------------------- /deploy/osd-customer-monitoring/01-operatorgroup.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: openshift-customer-monitoring 5 | namespace: openshift-customer-monitoring 6 | spec: 7 | targetNamespaces: 8 | - openshift-customer-monitoring 9 | -------------------------------------------------------------------------------- /deploy/osd-customer-monitoring/05-prometheus-k8s-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: prometheus-k8s-openshift-customer-monitoring 5 | namespace: openshift-customer-monitoring 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - secrets 11 | verbs: 12 | - "*" 13 | -------------------------------------------------------------------------------- /deploy/osd-customer-monitoring/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - rogbas 3 | -------------------------------------------------------------------------------- /deploy/osd-customer-monitoring/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | policy: 5 | destination: "acm-policies" 6 | -------------------------------------------------------------------------------- /deploy/osd-delete-backplane-remediation-rbacs/00-delete-backplane-remediation-rbacs.namespace.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-backplane 5 | -------------------------------------------------------------------------------- /deploy/osd-delete-backplane-remediation-rbacs/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | policy: 5 | destination: "acm-policies" 6 | -------------------------------------------------------------------------------- /deploy/osd-delete-backplane-script-resources/00-delete-backplane-script-resources.namespace.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-backplane-managed-scripts 5 | -------------------------------------------------------------------------------- /deploy/osd-delete-backplane-script-resources/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | policy: 5 | destination: "acm-policies" 6 | -------------------------------------------------------------------------------- /deploy/osd-delete-backplane-serviceaccounts/00-delete-backplane-serviceaccounts.namespace.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-backplane 5 | -------------------------------------------------------------------------------- /deploy/osd-delete-backplane-serviceaccounts/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | policy: 5 | destination: "acm-policies" 6 | -------------------------------------------------------------------------------- /deploy/osd-fedramp-cluster-monitoring-config/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - dustman9000 3 | - tonytheleg 4 | - theautoroboto 5 | - robotmaxtron 6 | - rhdedgar 7 | - katherinelc321 -------------------------------------------------------------------------------- /deploy/osd-fedramp-cluster-monitoring-config/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/fedramp 5 | operator: In 6 | values: 7 | - "true" 8 | -------------------------------------------------------------------------------- /deploy/osd-fedramp-machineconfig/chrony-pre-4.14/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: SelectorSyncSet 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/fedramp 5 | operator: In 6 | values: 7 | - "true" 8 | - key: hive.openshift.io/version-major-minor 9 | operator: In 10 | values: ["4.12", "4.13"] 11 | -------------------------------------------------------------------------------- /deploy/osd-fedramp-machineconfig/chrony/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: SelectorSyncSet 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/fedramp 5 | operator: In 6 | values: 7 | - "true" 8 | - key: hive.openshift.io/version-major-minor 9 | operator: NotIn 10 | values: ["4.11", "4.12", "4.13"] 11 | -------------------------------------------------------------------------------- /deploy/osd-fedramp-managed-upgrade-operator-config/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - dustman9000 3 | - tonytheleg 4 | - theautoroboto 5 | - robotmaxtron 6 | - rhdedgar 7 | - katherinelc321 8 | -------------------------------------------------------------------------------- /deploy/osd-fedramp-motd/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: SelectorSyncSet 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/fedramp 5 | operator: In 6 | values: 7 | - "true" 8 | -------------------------------------------------------------------------------- /deploy/osd-gcp-ssd-storage/cluster-storage-gcp-ssd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: storage.k8s.io/v1 2 | kind: StorageClass 3 | metadata: 4 | name: ssd 5 | annotations: 6 | storageclass.kubernetes.io/is-default-class: "false" 7 | provisioner: kubernetes.io/gce-pd 8 | parameters: 9 | type: pd-ssd 10 | replication-type: none 11 | volumeBindingMode: WaitForFirstConsumer 12 | allowVolumeExpansion: true 13 | reclaimPolicy: Delete 14 | -------------------------------------------------------------------------------- /deploy/osd-gcp-ssd-storage/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: SelectorSyncSet 2 | selectorSyncSet: 3 | applyBehavior: "CreateOnly" 4 | matchExpressions: 5 | - key: api.openshift.com/ccs 6 | operator: In 7 | values: ["true"] 8 | - key: hive.openshift.io/cluster-platform 9 | operator: In 10 | values: ["gcp"] 11 | -------------------------------------------------------------------------------- /deploy/osd-gcp-ssd-storage/gcp-dedicated-admin/01-osd-gcp-storage-dedicated-admin.yaml: -------------------------------------------------------------------------------- 1 | kind: ClusterRole 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: osd-gcp-storage-dedicated-admin 5 | labels: 6 | managed.openshift.io/aggregate-to-dedicated-admins: "cluster" 7 | rules: 8 | - verbs: 9 | - '*' 10 | apiGroups: 11 | - storage.k8s.io 12 | resources: 13 | - storageclasses 14 | -------------------------------------------------------------------------------- /deploy/osd-gcp-ssd-storage/gcp-dedicated-admin/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: SelectorSyncSet 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/ccs 5 | operator: In 6 | values: ["true"] 7 | - key: hive.openshift.io/cluster-platform 8 | operator: In 9 | values: ["gcp"] 10 | -------------------------------------------------------------------------------- /deploy/osd-hsts-routes/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | -------------------------------------------------------------------------------- /deploy/osd-hsts-routes/hsts-alertmanager.Route.patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: route.openshift.io/v1 2 | applyMode: Sync 3 | kind: Route 4 | name: alertmanager-main 5 | namespace: openshift-monitoring 6 | patch: '{"metadata":{"annotations":{"haproxy.router.openshift.io/hsts_header":"max-age=31536000;preload"}}}' 7 | patchType: merge 8 | -------------------------------------------------------------------------------- /deploy/osd-hsts-routes/hsts-console.Route.patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: route.openshift.io/v1 2 | applyMode: Sync 3 | kind: Route 4 | name: console 5 | namespace: openshift-console 6 | patch: '{"metadata":{"annotations":{"haproxy.router.openshift.io/hsts_header":"max-age=31536000;preload"}}}' 7 | patchType: merge 8 | -------------------------------------------------------------------------------- /deploy/osd-hsts-routes/hsts-prometheus.Route.patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: route.openshift.io/v1 2 | applyMode: Sync 3 | kind: Route 4 | name: prometheus-k8s 5 | namespace: openshift-monitoring 6 | patch: '{"metadata":{"annotations":{"haproxy.router.openshift.io/hsts_header":"max-age=31536000;preload"}}}' 7 | patchType: merge 8 | -------------------------------------------------------------------------------- /deploy/osd-hsts-routes/hsts-thanos.Route.patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: route.openshift.io/v1 2 | applyMode: Sync 3 | kind: Route 4 | name: thanos-querier 5 | namespace: openshift-monitoring 6 | patch: '{"metadata":{"annotations":{"haproxy.router.openshift.io/hsts_header":"max-age=31536000;preload"}}}' 7 | patchType: merge 8 | -------------------------------------------------------------------------------- /deploy/osd-hsts-routes/pre-4.11/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.0","4.1","4.2","4.3","4.4","4.5","4.6","4.7","4.8","4.9","4.10"] 7 | 8 | -------------------------------------------------------------------------------- /deploy/osd-hsts-routes/pre-4.11/hsts-grafana.Route.patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: route.openshift.io/v1 2 | applyMode: Sync 3 | kind: Route 4 | name: grafana 5 | namespace: openshift-monitoring 6 | patch: '{"metadata":{"annotations":{"haproxy.router.openshift.io/hsts_header":"max-age=31536000;preload"}}}' 7 | patchType: merge 8 | -------------------------------------------------------------------------------- /deploy/osd-ingress/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - cblecker 3 | - boranx 4 | -------------------------------------------------------------------------------- /deploy/osd-ingress/controller/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | -------------------------------------------------------------------------------- /deploy/osd-ingress/routerreplicas-osd-20989/10-routerreplics.ingresscontroller.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: IngressController 3 | name: default 4 | namespace: openshift-ingress-operator 5 | applyMode: AlwaysApply 6 | patch: '{"spec":{"replicas":3}}' 7 | patchType: merge 8 | -------------------------------------------------------------------------------- /deploy/osd-ingress/routerreplicas-osd-20989/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/legal-entity-id 5 | operator: In 6 | values: "${{ROUTER_REPLICA_ORG_IDS}}" 7 | - key: api.openshift.com/multi-az 8 | operator: In 9 | values: 10 | - "true" 11 | -------------------------------------------------------------------------------- /deploy/osd-legacy-ingress-feature-labeller/00-osd-legacy-ingress-feature-labeller.ServiceAccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: osd-legacy-ingress-feature-labeller 5 | namespace: openshift-config 6 | -------------------------------------------------------------------------------- /deploy/osd-legacy-ingress-feature-labeller/01-osd-legacy-ingress-feature-labeller.ClusterRole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: osd-legacy-ingress-feature-labeller 5 | rules: 6 | - apiGroups: 7 | - "hive.openshift.io" 8 | resources: 9 | - clusterdeployments 10 | verbs: 11 | - "list" 12 | - "get" 13 | - "patch" 14 | -------------------------------------------------------------------------------- /deploy/osd-legacy-ingress-feature-labeller/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchLabels: 4 | ext-managed.openshift.io/hive-shard: "true" 5 | -------------------------------------------------------------------------------- /deploy/osd-limited-support/00-limited-support.ConfigMap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | namespace: openshift-osd-metrics 5 | name: limited-support 6 | 7 | -------------------------------------------------------------------------------- /deploy/osd-limited-support/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/limited-support 5 | operator: In 6 | values: ["true"] 7 | - key: api.openshift.com/fedramp 8 | operator: NotIn 9 | values: ["true"] 10 | - key: ext-managed.openshift.io/support-exception 11 | operator: NotIn 12 | values: ["true"] 13 | -------------------------------------------------------------------------------- /deploy/osd-logging/00-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-logging 5 | annotations: 6 | openshift.io/node-selector: "" 7 | labels: 8 | managed.openshift.io/service-lb-quota-exempt: "true" 9 | managed.openshift.io/storage-pv-quota-exempt: "true" 10 | openshift.io/cluster-logging: "true" 11 | openshift.io/cluster-monitoring: 'true' 12 | -------------------------------------------------------------------------------- /deploy/osd-logging/01-operatorgroup.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | annotations: 5 | olm.providedAPIs: ClusterLogging.v1.logging.openshift.io 6 | name: openshift-logging 7 | namespace: openshift-logging 8 | spec: 9 | targetNamespaces: 10 | - openshift-logging 11 | -------------------------------------------------------------------------------- /deploy/osd-logging/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - wanghaoran1988 3 | -------------------------------------------------------------------------------- /deploy/osd-logging/supported/03-storage-quota.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ResourceQuota 3 | metadata: 4 | name: logging-storage-quota 5 | namespace: openshift-logging 6 | spec: 7 | hard: 8 | requests.storage: "1500Gi" 9 | -------------------------------------------------------------------------------- /deploy/osd-logging/supported/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | # Enable in-cluster logging alerts for those clusters that already have logging installed 5 | # https://issues.redhat.com/browse/OSD-7564 6 | - key: ext-managed.openshift.io/extended-logging-support 7 | operator: In 8 | values: ["true"] 9 | -------------------------------------------------------------------------------- /deploy/osd-logging/unsupported/00-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-logging 5 | annotations: 6 | openshift.io/node-selector: "" 7 | labels: 8 | openshift.io/cluster-logging: "true" 9 | -------------------------------------------------------------------------------- /deploy/osd-ls-banner/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/limited-support 5 | operator: In 6 | values: ["true"] 7 | - key: ext-managed.openshift.io/support-exception 8 | operator: NotIn 9 | values: ["true"] 10 | -------------------------------------------------------------------------------- /deploy/osd-machine-api/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - cblecker 3 | - luis-falcon 4 | - yithian 5 | -------------------------------------------------------------------------------- /deploy/osd-machine-api/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | -------------------------------------------------------------------------------- /deploy/osd-machine-api/management-clusters/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | matchExpressions: 5 | - key: ext-hypershift.openshift.io/cluster-type 6 | operator: In 7 | values: ["management-cluster"] 8 | -------------------------------------------------------------------------------- /deploy/osd-managed-resources/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | -------------------------------------------------------------------------------- /deploy/osd-managed-resources/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | -------------------------------------------------------------------------------- /deploy/osd-must-gather-operator/01-openshift-must-gather-operator.Namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-must-gather-operator 5 | annotations: 6 | openshift.io/node-selector: "" 7 | labels: 8 | openshift.io/cluster-logging: "true" 9 | openshift.io/cluster-monitoring: "true" 10 | -------------------------------------------------------------------------------- /deploy/osd-must-gather-operator/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | matchExpressions: 5 | - key: api.openshift.com/fedramp 6 | operator: In 7 | values: 8 | - "true" 9 | policy: 10 | destination: "acm-policies" 11 | -------------------------------------------------------------------------------- /deploy/osd-namespace-labels/10-openshift-kube-apiserver.patch.yaml: -------------------------------------------------------------------------------- 1 | kind: Namespace 2 | apiVersion: v1 3 | name: openshift-kube-apiserver 4 | applyMode: AlwaysApply 5 | # https://issues.redhat.com/browse/OSD-4230 6 | patch: |- 7 | { "metadata": {"labels": {"name":"openshift-kube-apiserver"} } } 8 | patchType: merge 9 | -------------------------------------------------------------------------------- /deploy/osd-namespace-labels/10-openshift-operator-lifecycle-manager.patch.yaml: -------------------------------------------------------------------------------- 1 | kind: Namespace 2 | apiVersion: v1 3 | name: openshift-operator-lifecycle-manager 4 | applyMode: AlwaysApply 5 | # https://issues.redhat.com/browse/OSD-4230 6 | patch: |- 7 | { "metadata": {"labels": {"name":"openshift-operator-lifecycle-manager"} } } 8 | patchType: merge 9 | -------------------------------------------------------------------------------- /deploy/osd-namespace-labels/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | -------------------------------------------------------------------------------- /deploy/osd-netnamespaces/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | -------------------------------------------------------------------------------- /deploy/osd-oauth-templates-errors/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - rafael-azevedo 3 | -------------------------------------------------------------------------------- /deploy/osd-oauth-templates-errors/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/product 5 | operator: NotIn 6 | values: ["rosa"] 7 | applyBehavior: "CreateOrUpdate" 8 | -------------------------------------------------------------------------------- /deploy/osd-oauth-templates-login/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - rafael-azevedo 3 | -------------------------------------------------------------------------------- /deploy/osd-oauth-templates-login/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/product 5 | operator: NotIn 6 | values: ["rosa"] 7 | applyBehavior: "CreateOrUpdate" 8 | -------------------------------------------------------------------------------- /deploy/osd-oauth-templates-providers/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - rafael-azevedo 3 | -------------------------------------------------------------------------------- /deploy/osd-oauth-templates-providers/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/product 5 | operator: NotIn 6 | values: ["rosa"] 7 | applyBehavior: "CreateOrUpdate" 8 | -------------------------------------------------------------------------------- /deploy/osd-oauth-templates/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/product 5 | operator: NotIn 6 | values: ["rosa"] 7 | -------------------------------------------------------------------------------- /deploy/osd-oauth-templates/ohss-2561-hypershift/README.md: -------------------------------------------------------------------------------- 1 | This is a temporary measure undertaken as part of [OHSS-2561](https://issues.redhat.com/browse/OHSS-2561) whilst a longer-term solution is sought to make this configurable by cluster owners. 2 | 3 | This change applies an extended login session duration of 7d to Hypershift Management and Service clusters in Integration. 4 | 5 | 6 | -------------------------------------------------------------------------------- /deploy/osd-oauth-templates/ohss-2561-hypershift/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: environment 5 | operator: In 6 | values: ["integration"] 7 | - key: ext-hypershift.openshift.io/cluster-type 8 | operator: In 9 | values: ["service-cluster", "management-cluster"] 10 | -------------------------------------------------------------------------------- /deploy/osd-oauth-templates/ohss-2561-hypershift/hive-integration-oauth.patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | applyMode: AlwaysApply 3 | kind: OAuth 4 | name: cluster 5 | namespace: default 6 | patch: '{"spec":{"tokenConfig":{"accessTokenMaxAgeSeconds":604800, "accessTokenInactivityTimeout": "168h"}}}' 7 | patchType: merge 8 | -------------------------------------------------------------------------------- /deploy/osd-oauth-templates/ohss-2561/README.md: -------------------------------------------------------------------------------- 1 | This is a temporary measure undertaken as part of [OHSS-2561](https://issues.redhat.com/browse/OHSS-2561) whilst a longer-term solution is sought to make this configurable by cluster owners. 2 | 3 | This change applies an extended login session duration of 7d to Hive Integration clusters. 4 | 5 | This change should _not_ be applied to any cluster other than Hive Integration clusters. 6 | -------------------------------------------------------------------------------- /deploy/osd-oauth-templates/ohss-2561/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: environment 5 | operator: In 6 | values: ["integration"] 7 | - key: ext-managed.openshift.io/hive-shard 8 | operator: In 9 | values: ["true"] 10 | -------------------------------------------------------------------------------- /deploy/osd-oauth-templates/ohss-2561/hive-integration-oauth.patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | applyMode: AlwaysApply 3 | kind: OAuth 4 | name: cluster 5 | namespace: default 6 | patch: '{"spec":{"tokenConfig":{"accessTokenMaxAgeSeconds":604800, "accessTokenInactivityTimeout": "168h"}}}' 7 | patchType: merge 8 | -------------------------------------------------------------------------------- /deploy/osd-oauth-templates/osd-oauth-templates.patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | applyMode: AlwaysApply 3 | kind: OAuth 4 | name: cluster 5 | patch: '{"spec":{"templates": {"login": {"name": "osd-oauth-templates-login"},"providerSelection": 6 | {"name": "osd-oauth-templates-providers"},"error": {"name": "osd-oauth-templates-errors"}}}}' 7 | patchType: merge 8 | -------------------------------------------------------------------------------- /deploy/osd-openshift-operators-redhat/00-namespace.yaml: -------------------------------------------------------------------------------- 1 | # Enable deployment of operators in the openshift-operators-redhat NS 2 | # https://issues.redhat.com/browse/OSD-6184 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: openshift-operators-redhat 7 | -------------------------------------------------------------------------------- /deploy/osd-openshift-operators-redhat/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | policy: 5 | destination: "acm-policies" 6 | -------------------------------------------------------------------------------- /deploy/osd-pcap-collector/05-pcap-dedicated-admins-ClusterRole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: pcap-dedicated-admins 5 | rules: 6 | - apiGroups: 7 | - security.openshift.io 8 | resources: 9 | - securitycontextconstraints 10 | resourceNames: 11 | - "pcap-dedicated-admins" 12 | verbs: 13 | - use 14 | -------------------------------------------------------------------------------- /deploy/osd-pcap-collector/06-pcap-dedicated-admins-ClusterRoleBind.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: pcap-dedicated-admins 5 | subjects: 6 | - kind: Group 7 | name: dedicated-admins 8 | roleRef: 9 | kind: ClusterRole 10 | name: pcap-dedicated-admins 11 | apiGroup: rbac.authorization.k8s.io 12 | -------------------------------------------------------------------------------- /deploy/osd-pcap-collector/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | policy: 5 | destination: "acm-policies" 6 | -------------------------------------------------------------------------------- /deploy/osd-project-request-template/02-role.dedicated-admins-project-request.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: dedicated-admins-project-request 5 | namespace: openshift-config 6 | rules: 7 | - apiGroups: 8 | - template.openshift.io 9 | resources: 10 | - templates 11 | verbs: 12 | - "*" 13 | -------------------------------------------------------------------------------- /deploy/osd-project-request-template/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | policy: 5 | destination: "acm-policies" 6 | -------------------------------------------------------------------------------- /deploy/osd-project-request-template/nonhypershift/04-patch.label-default-namespace.yaml: -------------------------------------------------------------------------------- 1 | kind: Namespace 2 | apiVersion: v1 3 | name: default 4 | applyMode: AlwaysApply 5 | patch: |- 6 | { "metadata": {"labels": {"name":"default"} } } 7 | patchType: merge 8 | -------------------------------------------------------------------------------- /deploy/osd-project-request-template/nonhypershift/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | -------------------------------------------------------------------------------- /deploy/osd-rebalance-infra-nodes/00-osd-rebalance-infra-nodes.ServiceAccount.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: osd-rebalance-infra-nodes 6 | namespace: openshift-monitoring -------------------------------------------------------------------------------- /deploy/osd-rebalance-infra-nodes/01-osd-rebalance-infra-nodes.ClusterRole.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: osd-rebalance-infra-nodes 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - nodes 11 | verbs: 12 | - list -------------------------------------------------------------------------------- /deploy/osd-rebalance-infra-nodes/02-osd-rebalance-infra-nodes-openshift-dns.Role.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: osd-rebalance-infra-nodes-openshift-dns 6 | namespace: openshift-dns 7 | rules: 8 | - apiGroups: 9 | - "" 10 | resources: 11 | - pods 12 | verbs: 13 | - get 14 | - list 15 | - delete 16 | -------------------------------------------------------------------------------- /deploy/osd-rebalance-infra-nodes/05-osd-rebalance-infra-nodes-openshift-security.Role.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: osd-rebalance-infra-nodes-openshift-security 6 | namespace: openshift-security 7 | rules: 8 | - apiGroups: 9 | - "" 10 | resources: 11 | - pods 12 | verbs: 13 | - get 14 | - list 15 | - delete -------------------------------------------------------------------------------- /deploy/osd-rebalance-infra-nodes/06-osd-rebalance-infra-nodes-openshift-pod-rebalance.ClusterRole.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: osd-rebalance-infra-nodes-openshift-pod-rebalance 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - pods 11 | verbs: 12 | - get 13 | - list 14 | - delete -------------------------------------------------------------------------------- /deploy/osd-rebalance-infra-nodes/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | -------------------------------------------------------------------------------- /deploy/osd-rebalance-infra-nodes/non-fr-sts-wif/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: Upsert 4 | matchExpressions: 5 | - key: api.openshift.com/sts 6 | operator: NotIn 7 | values: ["true"] 8 | - key: api.openshift.com/wif 9 | operator: NotIn 10 | values: ["true"] 11 | - key: api.openshift.com/fedramp 12 | operator: NotIn 13 | values: ["true"] 14 | -------------------------------------------------------------------------------- /deploy/osd-rebalance-infra-nodes/non-fr/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: Upsert 4 | matchExpressions: 5 | - key: api.openshift.com/fedramp 6 | operator: NotIn 7 | values: ["true"] 8 | -------------------------------------------------------------------------------- /deploy/osd-registry/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - boranx 3 | - bmeng 4 | -------------------------------------------------------------------------------- /deploy/osd-registry/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | -------------------------------------------------------------------------------- /deploy/osd-route-monitor-operator/100-openshift-route-monitor-operator.api.ClusterUrlMonitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.openshift.io/v1alpha1 2 | kind: ClusterUrlMonitor 3 | metadata: 4 | name: api 5 | namespace: openshift-route-monitor-operator 6 | spec: 7 | prefix: https://api. 8 | port: "6443" 9 | suffix: /livez 10 | slo: 11 | targetAvailabilityPercent: "99.0" 12 | -------------------------------------------------------------------------------- /deploy/osd-route-monitor-operator/100-openshift-route-monitor-operator.console.RouteMonitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.openshift.io/v1alpha1 2 | kind: RouteMonitor 3 | metadata: 4 | name: console 5 | namespace: openshift-route-monitor-operator 6 | spec: 7 | route: 8 | name: console 9 | namespace: openshift-console 10 | suffix: /health 11 | slo: 12 | targetAvailabilityPercent: "99.5" 13 | -------------------------------------------------------------------------------- /deploy/osd-route-monitor-operator/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | -------------------------------------------------------------------------------- /deploy/osd-route-monitor-operator/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: SelectorSyncSet 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/fedramp 5 | operator: NotIn 6 | values: 7 | - "true" 8 | - key: ext-hypershift.openshift.io/cluster-type 9 | operator: NotIn 10 | values: 11 | - "management-cluster" 12 | -------------------------------------------------------------------------------- /deploy/osd-route-monitor-operator/management-cluster/100-openshift-route-monitor-operator.api.ClusterUrlMonitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.openshift.io/v1alpha1 2 | kind: ClusterUrlMonitor 3 | metadata: 4 | name: api 5 | namespace: openshift-route-monitor-operator 6 | spec: 7 | prefix: https://api. 8 | port: "6443" 9 | suffix: /livez 10 | slo: 11 | targetAvailabilityPercent: "99.0" 12 | -------------------------------------------------------------------------------- /deploy/osd-route-monitor-operator/management-cluster/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: SelectorSyncSet 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/fedramp 5 | operator: NotIn 6 | values: 7 | - "true" 8 | - key: ext-hypershift.openshift.io/cluster-type 9 | operator: In 10 | values: 11 | - "management-cluster" 12 | -------------------------------------------------------------------------------- /deploy/osd-samesite-cookie/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: NotIn 6 | values: ["4.0","4.1","4.2","4.3","4.4","4.5"] 7 | 8 | -------------------------------------------------------------------------------- /deploy/osd-samesite-cookie/pre-4.11/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.6","4.7","4.8","4.9","4.10"] 7 | 8 | -------------------------------------------------------------------------------- /deploy/osd-samesite-cookie/pre-4.11/ss-grafana.Route.patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: route.openshift.io/v1 2 | applyMode: Sync 3 | kind: Route 4 | name: grafana 5 | namespace: openshift-monitoring 6 | patch: '{"metadata":{"annotations":{"router.openshift.io/cookie-same-site":"Strict"}}}' 7 | patchType: merge 8 | -------------------------------------------------------------------------------- /deploy/osd-samesite-cookie/ss-alertmanager.Route.patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: route.openshift.io/v1 2 | applyMode: Sync 3 | kind: Route 4 | name: alertmanager-main 5 | namespace: openshift-monitoring 6 | patch: '{"metadata":{"annotations":{"router.openshift.io/cookie-same-site":"Strict"}}}' 7 | patchType: merge 8 | -------------------------------------------------------------------------------- /deploy/osd-samesite-cookie/ss-console.Route.patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: route.openshift.io/v1 2 | applyMode: Sync 3 | kind: Route 4 | name: console 5 | namespace: openshift-console 6 | patch: '{"metadata":{"annotations":{"router.openshift.io/cookie-same-site":"Strict"}}}' 7 | patchType: merge 8 | -------------------------------------------------------------------------------- /deploy/osd-samesite-cookie/ss-prometheus.Route.patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: route.openshift.io/v1 2 | applyMode: Sync 3 | kind: Route 4 | name: prometheus-k8s 5 | namespace: openshift-monitoring 6 | patch: '{"metadata":{"annotations":{"router.openshift.io/cookie-same-site":"Strict"}}}' 7 | patchType: merge 8 | -------------------------------------------------------------------------------- /deploy/osd-samesite-cookie/ss-thanos.Route.patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: route.openshift.io/v1 2 | applyMode: Sync 3 | kind: Route 4 | name: thanos-querier 5 | namespace: openshift-monitoring 6 | patch: '{"metadata":{"annotations":{"router.openshift.io/cookie-same-site":"Strict"}}}' 7 | patchType: merge 8 | -------------------------------------------------------------------------------- /deploy/osd-serviceaccounts/aws/00-serviceaccounts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: custom-domains-operator 6 | namespace: openshift-custom-domains-operator 7 | -------------------------------------------------------------------------------- /deploy/osd-serviceaccounts/aws/README.md: -------------------------------------------------------------------------------- 1 | There are some AWS specific operators, so this SSS will apply only to AWS for those. -------------------------------------------------------------------------------- /deploy/osd-serviceaccounts/aws/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchLabels: 4 | hive.openshift.io/cluster-platform: aws 5 | matchExpressions: 6 | - key: api.openshift.com/fedramp 7 | operator: NotIn 8 | values: 9 | - "true" 10 | resourceApplyMode: Upsert 11 | -------------------------------------------------------------------------------- /deploy/osd-serviceaccounts/cronjob/00-osd-delete-ownerrefs.ServiceAccount.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: osd-delete-ownerrefs-serviceaccounts 6 | namespace: openshift-backplane-srep 7 | -------------------------------------------------------------------------------- /deploy/osd-serviceaccounts/cronjob/01-osd-delete-ownerrefs.ClusterRole.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: osd-delete-ownerrefs-serviceaccounts 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - serviceaccounts 11 | verbs: 12 | - "*" 13 | -------------------------------------------------------------------------------- /deploy/osd-serviceaccounts/cronjob/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: Sync 4 | -------------------------------------------------------------------------------- /deploy/osd-serviceaccounts/nonsts-nonwif-private-link-psc/README.md: -------------------------------------------------------------------------------- 1 | For private-link/PSC clusters which are not STS/WIF the cloud-ingress-operator is not deployed but the managed-velero-operator is deployed so we need to ensure the service account for MVO is defined 2 | -------------------------------------------------------------------------------- /deploy/osd-serviceaccounts/sts/README.md: -------------------------------------------------------------------------------- 1 | For STS clusters the cloud-ingress-operator and managed-velero-operator are not deployed so we don't need to ensure the service accounts for those operators exist 2 | -------------------------------------------------------------------------------- /deploy/osd-serviceaccounts/sts/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: Upsert 4 | matchExpressions: 5 | - key: api.openshift.com/sts 6 | operator: In 7 | values: ["true"] 8 | - key: api.openshift.com/fedramp 9 | operator: NotIn 10 | values: 11 | - "true" 12 | -------------------------------------------------------------------------------- /deploy/osd-serviceaccounts/wif/README.md: -------------------------------------------------------------------------------- 1 | For WIF clusters the cloud-ingress-operator and managed-velero-operator are not deployed so we don't need to ensure the service accounts for those operators exist 2 | -------------------------------------------------------------------------------- /deploy/osd-serviceaccounts/wif/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: Upsert 4 | matchExpressions: 5 | - key: api.openshift.com/wif 6 | operator: In 7 | values: ["true"] 8 | - key: api.openshift.com/fedramp 9 | operator: NotIn 10 | values: 11 | - "true" 12 | -------------------------------------------------------------------------------- /deploy/osd-suricata/hypershift-management-cluster/04-osd-suricata-ServiceAccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: suricata-sa 5 | namespace: openshift-suricata 6 | -------------------------------------------------------------------------------- /deploy/osd-suricata/hypershift-management-cluster/10-osd-suricata-RoleBinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: suricata-rolebinding 5 | namespace: openshift-suricata 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: Role 9 | name: suricata-role 10 | subjects: 11 | - kind: ServiceAccount 12 | name: suricata-sa 13 | namespace: openshift-suricata 14 | -------------------------------------------------------------------------------- /deploy/osd-suricata/hypershift-management-cluster/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - rhdedgar 3 | -------------------------------------------------------------------------------- /deploy/osd-suricata/hypershift-management-cluster/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: SelectorSyncSet 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: ext-hypershift.openshift.io/cluster-type 5 | operator: In 6 | values: ["management-cluster"] 7 | - key: api.openshift.com/fedramp 8 | operator: NotIn 9 | values: ["true"] 10 | -------------------------------------------------------------------------------- /deploy/osd-user-workload-monitoring/02-dedicated-admins-uwm-cm-role.Role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: dedicated-admins-user-workload-monitoring-create-cm 5 | namespace: openshift-user-workload-monitoring 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - '*' -------------------------------------------------------------------------------- /deploy/osd-user-workload-monitoring/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | policy: 5 | destination: "acm-policies" 6 | -------------------------------------------------------------------------------- /deploy/rbac-permissions-operator-config/00-dedicated-admin.Namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: dedicated-admin 5 | annotations: 6 | openshift.io/node-selector: "" 7 | -------------------------------------------------------------------------------- /deploy/rbac-permissions-operator-config/20-dedicated-admins-marketplace.Role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: dedicated-admins-openshift-marketplace 5 | namespace: openshift-marketplace 6 | rules: 7 | - apiGroups: 8 | - operators.coreos.com 9 | resources: 10 | - catalogsources 11 | verbs: 12 | - "*" 13 | -------------------------------------------------------------------------------- /deploy/rbac-permissions-operator-config/30-dedicated-admins-dns.Role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: dedicated-admins-openshift-dns 5 | namespace: openshift-dns 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - list 13 | - get 14 | - watch 15 | -------------------------------------------------------------------------------- /deploy/rbac-permissions-operator-config/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - wanghaoran1988 3 | - rogbas 4 | -------------------------------------------------------------------------------- /deploy/rbac-permissions-operator-config/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | policy: 5 | destination: "acm-policies" 6 | -------------------------------------------------------------------------------- /deploy/resource-quotas/10-patch.namespace.openshift-etcd.yaml: -------------------------------------------------------------------------------- 1 | kind: Namespace 2 | apiVersion: v1 3 | name: openshift-etcd 4 | applyMode: AlwaysApply 5 | patch: |- 6 | { "metadata": {"labels": {"managed.openshift.io/storage-pv-quota-exempt":"true"} } } 7 | patchType: merge 8 | -------------------------------------------------------------------------------- /deploy/resource-quotas/10-patch.namespace.openshift-ingress.yaml: -------------------------------------------------------------------------------- 1 | kind: Namespace 2 | apiVersion: v1 3 | name: openshift-ingress 4 | applyMode: AlwaysApply 5 | patch: |- 6 | { "metadata": {"labels": {"managed.openshift.io/service-lb-quota-exempt":"true"} } } 7 | patchType: merge 8 | -------------------------------------------------------------------------------- /deploy/resource-quotas/10-patch.namespace.openshift-kube-apiserver.yaml: -------------------------------------------------------------------------------- 1 | kind: Namespace 2 | apiVersion: v1 3 | name: openshift-kube-apiserver 4 | applyMode: AlwaysApply 5 | patch: |- 6 | { "metadata": {"labels": {"managed.openshift.io/service-lb-quota-exempt":"true"} } } 7 | patchType: merge 8 | -------------------------------------------------------------------------------- /deploy/resource-quotas/10-patch.namespace.openshift-monitoring.yaml: -------------------------------------------------------------------------------- 1 | kind: Namespace 2 | apiVersion: v1 3 | name: openshift-monitoring 4 | applyMode: AlwaysApply 5 | patch: |- 6 | { "metadata": {"labels": {"managed.openshift.io/storage-pv-quota-exempt":"true"} } } 7 | patchType: merge 8 | -------------------------------------------------------------------------------- /deploy/resource-quotas/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - lisa 3 | - cblecker 4 | -------------------------------------------------------------------------------- /deploy/resource-quotas/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | -------------------------------------------------------------------------------- /deploy/rhoai/README.md: -------------------------------------------------------------------------------- 1 | # Managed Red Hat OpenShift AI 2 | 3 | ## rhods-prometheus-viewer ClusterRoleBinding 4 | 5 | Workaround applied for issues identified with federated metrics for `RHOAI <=2.13` on OCP 4.16 clusters. 6 | 7 | See [RHOAIENG-12824](https://issues.redhat.com/browse/RHOAIENG-12824) for background information. 8 | -------------------------------------------------------------------------------- /deploy/rhoai/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/addon-managed-odh 5 | operator: In 6 | values: ["true"] 7 | - key: hive.openshift.io/version-major-minor 8 | operator: In 9 | values: ["4.16"] 10 | -------------------------------------------------------------------------------- /deploy/rhoai/rhods-prometheus-viewer.ClusterRoleBinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: rhods-prometheus-viewer 5 | subjects: 6 | - kind: ServiceAccount 7 | name: prometheus 8 | namespace: redhat-ods-monitoring 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: cluster-monitoring-view 13 | -------------------------------------------------------------------------------- /deploy/rosa-console-branding/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - boranx 3 | - cblecker 4 | -------------------------------------------------------------------------------- /deploy/rosa-console-branding/rosa-branding.Console.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.openshift.io/v1 2 | kind: Console 3 | metadata: 4 | name: cluster 5 | spec: 6 | managementState: Managed 7 | route: 8 | customization: 9 | brand: ROSA 10 | documentationBaseURL: https://docs.openshift.com/rosa/ 11 | -------------------------------------------------------------------------------- /deploy/rosa-console-branding/telemetry/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/product 5 | operator: In 6 | values: ["rosa"] 7 | - key: api.openshift.com/fedramp 8 | operator: NotIn 9 | values: ["true"] 10 | -------------------------------------------------------------------------------- /deploy/rosa-console-branding/telemetry/osd-branding.console.Patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.openshift.io/v1 2 | applyMode: AlwaysApply 3 | kind: Console 4 | name: cluster 5 | patchType: merge 6 | patch: >- 7 | {"metadata":{"annotations":{"telemetry.console.openshift.io/CLUSTER_TYPE":"ROSA","telemetry.console.openshift.io/SEGMENT_API_KEY":"${SEGMENT_API_KEY}"}}} 8 | -------------------------------------------------------------------------------- /deploy/rosa-console-legacy-branding-configmap/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - boranx 3 | - cblecker 4 | -------------------------------------------------------------------------------- /deploy/rosa-console-legacy-branding/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - boranx 3 | - cblecker 4 | -------------------------------------------------------------------------------- /deploy/rosa-ingress-certificate-check/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: Policy 2 | clusterSelectors: 3 | 'hypershift.open-cluster-management.io/hosted-cluster': 'true' 4 | policy: 5 | complianceType: "musthave" -------------------------------------------------------------------------------- /deploy/rosa-ingress-certificate-policies/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: Policy 2 | clusterSelectors: 3 | 'hypershift.open-cluster-management.io/hosted-cluster': 'true' 4 | policy: 5 | destination: "acm-policies" 6 | complianceType: "musthave" 7 | extraDependencies: [{'name': 'rosa-ingress-certificate-check', 'compliance': 'Compliant'}] -------------------------------------------------------------------------------- /deploy/rosa-oauth-templates-errors/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - boranx 3 | - cblecker 4 | -------------------------------------------------------------------------------- /deploy/rosa-oauth-templates-errors/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/product 5 | operator: In 6 | values: ["rosa"] 7 | applyBehavior: "CreateOrUpdate" 8 | -------------------------------------------------------------------------------- /deploy/rosa-oauth-templates-login/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - boranx 3 | - cblecker 4 | -------------------------------------------------------------------------------- /deploy/rosa-oauth-templates-login/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/product 5 | operator: In 6 | values: ["rosa"] 7 | applyBehavior: "CreateOrUpdate" 8 | -------------------------------------------------------------------------------- /deploy/rosa-oauth-templates-policies/00-openshift-acm-policies.Namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-rosa-oauth-tpl-policies 5 | -------------------------------------------------------------------------------- /deploy/rosa-oauth-templates-policies/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: ext-hypershift.openshift.io/cluster-type 5 | operator: In 6 | values: ["service-cluster"] 7 | - key: api.openshift.com/fedramp 8 | operator: NotIn 9 | values: ["true"] 10 | applyBehavior: "CreateOrUpdate" 11 | -------------------------------------------------------------------------------- /deploy/rosa-oauth-templates-providers/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - boranx 3 | - cblecker 4 | -------------------------------------------------------------------------------- /deploy/rosa-oauth-templates-providers/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/product 5 | operator: In 6 | values: ["rosa"] 7 | applyBehavior: "CreateOrUpdate" 8 | -------------------------------------------------------------------------------- /deploy/rosa-oauth-templates/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - boranx 3 | - cblecker 4 | -------------------------------------------------------------------------------- /deploy/rosa-oauth-templates/rosa-oauth-templates.OAuth.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: OAuth 3 | metadata: 4 | name: cluster 5 | spec: 6 | templates: 7 | login: 8 | name: rosa-oauth-templates-login 9 | providerSelection: 10 | name: rosa-oauth-templates-providers 11 | error: 12 | name: rosa-oauth-templates-errors 13 | -------------------------------------------------------------------------------- /deploy/sdn-ovn-migration/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | matchExpressions: 5 | - key: hive.openshift.io/version-major-minor 6 | operator: In 7 | values: ["4.16"] 8 | -------------------------------------------------------------------------------- /deploy/sre-prometheus/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - cblecker 3 | - sre-alert-sme 4 | - srep-region-leads 5 | approvers: 6 | - sre-alert-sme 7 | - srep-region-leads 8 | -------------------------------------------------------------------------------- /deploy/sre-prometheus/aws/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchLabels: 4 | hive.openshift.io/cluster-platform: aws 5 | matchExpressions: 6 | - key: api.openshift.com/ccs 7 | operator: NotIn 8 | values: ["true"] 9 | -------------------------------------------------------------------------------- /deploy/sre-prometheus/aws/ebs-iops-burstbalance/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: SelectorSyncSet 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/sts 5 | operator: NotIn 6 | values: ["true"] 7 | - key: api.openshift.com/fedramp 8 | operator: NotIn 9 | values: ["true"] 10 | matchLabels: 11 | hive.openshift.io/cluster-platform: aws 12 | -------------------------------------------------------------------------------- /deploy/sre-prometheus/aws/sts-privatelink/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/sts 5 | operator: NotIn 6 | values: ["true"] 7 | - key: api.openshift.com/private-link 8 | operator: NotIn 9 | values: ["true"] 10 | matchLabels: 11 | hive.openshift.io/cluster-platform: aws -------------------------------------------------------------------------------- /deploy/sre-prometheus/centralized-observability/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | -------------------------------------------------------------------------------- /deploy/sre-prometheus/centralized-observability/srep_osd_metrics_flow.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/managed-cluster-config/4a4fd95ac6ecfa062d38d9c6a21f2142648678e2/deploy/sre-prometheus/centralized-observability/srep_osd_metrics_flow.jpg -------------------------------------------------------------------------------- /deploy/sre-prometheus/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | -------------------------------------------------------------------------------- /deploy/sre-prometheus/extended-logging/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | # if we ever remove this, do not remove the resources 4 | resourceApplyMode: "Upsert" 5 | matchExpressions: 6 | 7 | - key: ext-managed.openshift.io/extended-logging-support 8 | operator: In 9 | values: ["true"] 10 | -------------------------------------------------------------------------------- /deploy/sre-prometheus/fedramp/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: SelectorSyncSet 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/fedramp 5 | operator: In 6 | values: 7 | - "true" 8 | -------------------------------------------------------------------------------- /deploy/sre-prometheus/insights/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: SelectorSyncSet 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | matchExpressions: 5 | - key: api.openshift.com/fedramp 6 | # Insights operator does not exist in FedRAMP 7 | # https://issues.redhat.com/browse/OSD-13685 8 | operator: NotIn 9 | values: 10 | - "true" 11 | -------------------------------------------------------------------------------- /deploy/sre-prometheus/legacy-ingress/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | matchExpressions: 5 | - key: ext-managed.openshift.io/legacy-ingress-support 6 | operator: NotIn 7 | values: ["false"] -------------------------------------------------------------------------------- /deploy/sre-prometheus/monitoring/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: SelectorSyncSet 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | matchExpressions: 5 | - key: api.openshift.com/fedramp 6 | operator: NotIn 7 | values: 8 | - "true" 9 | -------------------------------------------------------------------------------- /deploy/sre-prometheus/ocm-agent/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: Sync -------------------------------------------------------------------------------- /deploy/sre-prometheus/ocm-agent/legacy-ingress/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | matchExpressions: 5 | - key: hive.openshift.io/version-major-minor 6 | operator: In 7 | values: ["4.8", "4.9", "4.10", "4.11", "4.12"] 8 | -------------------------------------------------------------------------------- /deploy/sre-prometheus/ocm-agent/obo-monitoring/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deploymentMode: "SelectorSyncSet" 3 | selectorSyncSet: 4 | matchExpressions: 5 | - key: ext-hypershift.openshift.io/cluster-type 6 | operator: In 7 | values: ["management-cluster"] 8 | -------------------------------------------------------------------------------- /deploy/sre-prometheus/ocm-agent/unsupported-logging/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | matchExpressions: 5 | - key: ext-managed.openshift.io/extended-logging-support 6 | operator: NotIn 7 | values: ["true"] -------------------------------------------------------------------------------- /deploy/sre-prometheus/pre-4.8/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.5", "4.6", "4.7"] 7 | -------------------------------------------------------------------------------- /deploy/sre-pruning/100-pruning.Namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-sre-pruning 5 | -------------------------------------------------------------------------------- /deploy/sre-pruning/105-pruning.rbac.ClusterRoleBinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: sre-pruner-buildsdeploys-pruning 5 | roleRef: 6 | kind: ClusterRole 7 | name: sre-pruner-buildsdeploys-cr 8 | apiGroup: rbac.authorization.k8s.io 9 | subjects: 10 | - kind: ServiceAccount 11 | name: sre-pruner-sa 12 | namespace: openshift-sre-pruning 13 | -------------------------------------------------------------------------------- /deploy/sre-pruning/105-pruning.rbac.ServiceAccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: sre-pruner-sa 5 | namespace: openshift-sre-pruning 6 | -------------------------------------------------------------------------------- /deploy/sre-pruning/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - cblecker 3 | -------------------------------------------------------------------------------- /deploy/sre-pruning/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | resourceApplyMode: "Sync" 4 | -------------------------------------------------------------------------------- /deploy/sre-pruning/images-pre-4.6/00-pruning.rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: sre-pruner-images 5 | roleRef: 6 | kind: ClusterRole 7 | name: system:image-pruner 8 | apiGroup: rbac.authorization.k8s.io 9 | subjects: 10 | - kind: ServiceAccount 11 | name: sre-pruner-sa 12 | namespace: openshift-sre-pruning -------------------------------------------------------------------------------- /deploy/sre-pruning/images-pre-4.6/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: In 6 | values: ["4.0","4.1","4.2","4.3","4.4","4.5"] -------------------------------------------------------------------------------- /deploy/sre-pruning/images/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: hive.openshift.io/version-major-minor 5 | operator: NotIn 6 | values: ["4.0","4.1","4.2","4.3","4.4","4.5"] -------------------------------------------------------------------------------- /deploy/velero-configuration/100-velero.Velero.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: managed.openshift.io/v1alpha2 2 | kind: VeleroInstall 3 | metadata: 4 | name: cluster 5 | namespace: openshift-velero 6 | -------------------------------------------------------------------------------- /deploy/velero-configuration/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - cblecker 3 | -------------------------------------------------------------------------------- /deploy/velero-configuration/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchExpressions: 4 | - key: api.openshift.com/sts 5 | operator: NotIn 6 | values: ["true"] 7 | - key: api.openshift.com/wif 8 | operator: NotIn 9 | values: ["true"] 10 | - key: api.openshift.com/fedramp 11 | operator: NotIn 12 | values: 13 | - "true" 14 | -------------------------------------------------------------------------------- /deploy/velero-configuration/hive-specific/config.yaml: -------------------------------------------------------------------------------- 1 | deploymentMode: "SelectorSyncSet" 2 | selectorSyncSet: 3 | matchLabels: 4 | ext-managed.openshift.io/hive-shard: "true" 5 | matchExpressions: 6 | - key: api.openshift.com/fedramp 7 | operator: NotIn 8 | values: 9 | - "true" 10 | -------------------------------------------------------------------------------- /docs/backplane/OWNERS: -------------------------------------------------------------------------------- 1 | approvers: 2 | - sd-architects 3 | options: 4 | no_parent_owners: true 5 | -------------------------------------------------------------------------------- /docs/backplane/requirements/hybridsre-hcp/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - celebdor 3 | approvers: 4 | - srep-architects 5 | options: 6 | no_parent_owners: true 7 | -------------------------------------------------------------------------------- /docs/backplane/requirements/srep/00-cloud-console.md: -------------------------------------------------------------------------------- 1 | SREP must be able to access customer cloud account. 2 | 3 | Using `ocm backplane cloud console`, has permission to assume the *Support-Role* in the customer's AWS Account or GCP project. 4 | 5 | ## AWS 6 | See [sts_support_permission_policy.json](/resources/sts/4.12/sts_support_permission_policy.json) 7 | 8 | ## GCP 9 | TBD where this is managed -------------------------------------------------------------------------------- /docs/backplane/requirements/srep/40-hypershift-management-cluster.md: -------------------------------------------------------------------------------- 1 | # SREP on management-cluster 2 | label selectors: 3 | * ext-hypershift.openshift.io/cluster-type == "management-cluster" 4 | * api.openshift.com/fedramp != "true" 5 | 6 | Applies only to ROSA HCP Management Clusters. 7 | 8 | ## -------------------------------------------------------------------------------- /docs/backplane/requirements/srep/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - srep-functional-leads 3 | - srep-team-leads 4 | approvers: 5 | - srep-team-leads 6 | - srep-architects 7 | -------------------------------------------------------------------------------- /hack/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - srep-region-leads 3 | - srep-functional-leads 4 | - srep-team-leads 5 | approvers: 6 | - srep-region-leads 7 | - srep-team-leads 8 | - srep-architects 9 | -------------------------------------------------------------------------------- /resources/README.md: -------------------------------------------------------------------------------- 1 | # OSD Resources 2 | 3 | This directory holds various resources as a "source of truth". Documentation and other codebases may 4 | draw from files here, so please take caution when making changes. 5 | 6 | - STS - List of IAM policies used for STS Clusters, including core and optional sections (privatelink, etc) 7 | 8 | -------------------------------------------------------------------------------- /resources/prometheusrules/README.md: -------------------------------------------------------------------------------- 1 | The files here are pulled from other git repos and will serve as a template for generating custom alerts. 2 | 3 | each file should have a process of pulling it and the version is was pulled from (in order to check if things have changed over time) 4 | 5 | the format is: 6 | ``` 7 | __..yaml 8 | ``` 9 | -------------------------------------------------------------------------------- /resources/sts/4.10/openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "iam:GetUser", 8 | "iam:GetUserPolicy", 9 | "iam:ListAccessKeys" 10 | ], 11 | "Resource": "*" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /resources/sts/4.10/sts_instance_worker_permission_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ec2:DescribeInstances", 8 | "ec2:DescribeRegions" 9 | ], 10 | "Resource": "*" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /resources/sts/4.11/openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "iam:GetUser", 8 | "iam:GetUserPolicy", 9 | "iam:ListAccessKeys" 10 | ], 11 | "Resource": "*" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /resources/sts/4.11/openshift_kms_provider_credentials_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "kms:Encrypt", 8 | "kms:Decrypt", 9 | "kms:ReEncrypt*", 10 | "kms:GenerateDataKey*", 11 | "kms:DescribeKey" 12 | ], 13 | "Resource": "*" 14 | } 15 | ] 16 | } 17 | -------------------------------------------------------------------------------- /resources/sts/4.11/sts_instance_worker_permission_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ec2:DescribeInstances", 8 | "ec2:DescribeRegions" 9 | ], 10 | "Resource": "*" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /resources/sts/4.12/openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "iam:GetUser", 8 | "iam:GetUserPolicy", 9 | "iam:ListAccessKeys" 10 | ], 11 | "Resource": "*" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /resources/sts/4.12/openshift_kms_provider_credentials_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "kms:Encrypt", 8 | "kms:Decrypt", 9 | "kms:ReEncrypt*", 10 | "kms:GenerateDataKey*", 11 | "kms:DescribeKey" 12 | ], 13 | "Resource": "*" 14 | } 15 | ] 16 | } 17 | -------------------------------------------------------------------------------- /resources/sts/4.12/sts_instance_worker_permission_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ec2:DescribeInstances", 8 | "ec2:DescribeRegions" 9 | ], 10 | "Resource": "*" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /resources/sts/4.13/openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "iam:GetUser", 8 | "iam:GetUserPolicy", 9 | "iam:ListAccessKeys" 10 | ], 11 | "Resource": "*" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /resources/sts/4.13/openshift_kms_provider_credentials_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "kms:Encrypt", 8 | "kms:Decrypt", 9 | "kms:ReEncrypt*", 10 | "kms:GenerateDataKey*", 11 | "kms:DescribeKey" 12 | ], 13 | "Resource": "*" 14 | } 15 | ] 16 | } 17 | -------------------------------------------------------------------------------- /resources/sts/4.13/sts_instance_worker_permission_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ec2:DescribeInstances", 8 | "ec2:DescribeRegions" 9 | ], 10 | "Resource": "*" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /resources/sts/4.14/fedramp-hypershift/README.md: -------------------------------------------------------------------------------- 1 | # HyperShift STS role policies 2 | 3 | This directory contains policy files required for ROSA HCP clusters in FedRAMP. 4 | -------------------------------------------------------------------------------- /resources/sts/4.14/fedramp-hypershift/sts_hcp_worker_instance_permission_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ec2:DescribeInstances", 8 | "ec2:DescribeRegions" 9 | ], 10 | "Resource": "*" 11 | } 12 | ] 13 | } -------------------------------------------------------------------------------- /resources/sts/4.14/openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "iam:GetUser", 8 | "iam:GetUserPolicy", 9 | "iam:ListAccessKeys" 10 | ], 11 | "Resource": "*" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /resources/sts/4.14/openshift_kms_provider_credentials_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "kms:Encrypt", 8 | "kms:Decrypt", 9 | "kms:ReEncrypt*", 10 | "kms:GenerateDataKey*", 11 | "kms:DescribeKey" 12 | ], 13 | "Resource": "*" 14 | } 15 | ] 16 | } 17 | -------------------------------------------------------------------------------- /resources/sts/4.14/sts_instance_worker_permission_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ec2:DescribeInstances", 8 | "ec2:DescribeRegions" 9 | ], 10 | "Resource": "*" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /resources/sts/4.15/openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "iam:GetUser", 8 | "iam:GetUserPolicy", 9 | "iam:ListAccessKeys" 10 | ], 11 | "Resource": "*" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /resources/sts/4.15/openshift_kms_provider_credentials_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "kms:Encrypt", 8 | "kms:Decrypt", 9 | "kms:ReEncrypt*", 10 | "kms:GenerateDataKey*", 11 | "kms:DescribeKey" 12 | ], 13 | "Resource": "*" 14 | } 15 | ] 16 | } 17 | -------------------------------------------------------------------------------- /resources/sts/4.15/sts_instance_worker_permission_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ec2:DescribeInstances", 8 | "ec2:DescribeRegions" 9 | ], 10 | "Resource": "*" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /resources/sts/4.16/openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "iam:GetUser", 8 | "iam:GetUserPolicy", 9 | "iam:ListAccessKeys" 10 | ], 11 | "Resource": "*" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /resources/sts/4.16/openshift_kms_provider_credentials_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "kms:Encrypt", 8 | "kms:Decrypt", 9 | "kms:ReEncrypt*", 10 | "kms:GenerateDataKey*", 11 | "kms:DescribeKey" 12 | ], 13 | "Resource": "*" 14 | } 15 | ] 16 | } 17 | -------------------------------------------------------------------------------- /resources/sts/4.16/sts_instance_worker_permission_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ec2:DescribeInstances", 8 | "ec2:DescribeRegions" 9 | ], 10 | "Resource": "*" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /resources/sts/4.17/openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "iam:GetUser", 8 | "iam:GetUserPolicy", 9 | "iam:ListAccessKeys" 10 | ], 11 | "Resource": "*" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /resources/sts/4.17/openshift_kms_provider_credentials_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "kms:Encrypt", 8 | "kms:Decrypt", 9 | "kms:ReEncrypt*", 10 | "kms:GenerateDataKey*", 11 | "kms:DescribeKey" 12 | ], 13 | "Resource": "*" 14 | } 15 | ] 16 | } 17 | -------------------------------------------------------------------------------- /resources/sts/4.17/sts_instance_worker_permission_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ec2:DescribeInstances", 8 | "ec2:DescribeRegions" 9 | ], 10 | "Resource": "*" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /resources/sts/4.18/openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "iam:GetUser", 8 | "iam:GetUserPolicy", 9 | "iam:ListAccessKeys" 10 | ], 11 | "Resource": "*" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /resources/sts/4.18/openshift_kms_provider_credentials_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "kms:Encrypt", 8 | "kms:Decrypt", 9 | "kms:ReEncrypt*", 10 | "kms:GenerateDataKey*", 11 | "kms:DescribeKey" 12 | ], 13 | "Resource": "*" 14 | } 15 | ] 16 | } 17 | -------------------------------------------------------------------------------- /resources/sts/4.18/sts_instance_worker_permission_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ec2:DescribeInstances", 8 | "ec2:DescribeRegions" 9 | ], 10 | "Resource": "*" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /resources/sts/4.19/openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "iam:GetUser", 8 | "iam:GetUserPolicy", 9 | "iam:ListAccessKeys" 10 | ], 11 | "Resource": "*" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /resources/sts/4.19/openshift_kms_provider_credentials_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "kms:Encrypt", 8 | "kms:Decrypt", 9 | "kms:ReEncrypt*", 10 | "kms:GenerateDataKey*", 11 | "kms:DescribeKey" 12 | ], 13 | "Resource": "*" 14 | } 15 | ] 16 | } 17 | -------------------------------------------------------------------------------- /resources/sts/4.19/sts_instance_worker_permission_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ec2:DescribeInstances", 8 | "ec2:DescribeRegions" 9 | ], 10 | "Resource": "*" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /resources/sts/4.20/openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "iam:GetUser", 8 | "iam:GetUserPolicy", 9 | "iam:ListAccessKeys" 10 | ], 11 | "Resource": "*" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /resources/sts/4.20/openshift_kms_provider_credentials_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "kms:Encrypt", 8 | "kms:Decrypt", 9 | "kms:ReEncrypt*", 10 | "kms:GenerateDataKey*", 11 | "kms:DescribeKey" 12 | ], 13 | "Resource": "*" 14 | } 15 | ] 16 | } 17 | -------------------------------------------------------------------------------- /resources/sts/4.20/sts_instance_worker_permission_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ec2:DescribeInstances", 8 | "ec2:DescribeRegions" 9 | ], 10 | "Resource": "*" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /resources/sts/4.7/openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "iam:GetUser", 8 | "iam:GetUserPolicy", 9 | "iam:ListAccessKeys" 10 | ], 11 | "Resource": "*" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /resources/sts/4.7/sts_instance_worker_permission_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ec2:DescribeInstances" 8 | ], 9 | "Resource": "*" 10 | } 11 | ] 12 | } 13 | -------------------------------------------------------------------------------- /resources/sts/4.8/openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "iam:GetUser", 8 | "iam:GetUserPolicy", 9 | "iam:ListAccessKeys" 10 | ], 11 | "Resource": "*" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /resources/sts/4.8/sts_instance_worker_permission_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ec2:DescribeInstances" 8 | ], 9 | "Resource": "*" 10 | } 11 | ] 12 | } 13 | -------------------------------------------------------------------------------- /resources/sts/4.9/openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "iam:GetUser", 8 | "iam:GetUserPolicy", 9 | "iam:ListAccessKeys" 10 | ], 11 | "Resource": "*" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /resources/sts/4.9/sts_instance_worker_permission_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ec2:DescribeInstances" 8 | ], 9 | "Resource": "*" 10 | } 11 | ] 12 | } 13 | -------------------------------------------------------------------------------- /resources/sts/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - srep-functional-leads 3 | - srep-team-leads 4 | approvers: 5 | - srep-team-leads 6 | - srep-architects 7 | options: 8 | no_parent_owners: true 9 | -------------------------------------------------------------------------------- /resources/sts/hypershift/README.md: -------------------------------------------------------------------------------- 1 | # HyperShift STS role policies 2 | 3 | This directory contains policy files required for ROSA HCP clusters. 4 | -------------------------------------------------------------------------------- /scripts/generate-policy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | DIRECTORY="/tmp/*/" 4 | FILENAME="policy-generator-config.yaml" 5 | ROOT_DIR=$PWD 6 | for dir in $DIRECTORY; do 7 | echo $dir 8 | cd $dir 9 | name=$(grep "^\- name:" $FILENAME | cut -d: -f2- | xargs) 10 | echo $name 11 | PolicyGenerator $FILENAME > $ROOT_DIR/deploy/acm-policies/50-GENERATED-$name.Policy.yaml 12 | cd $ROOT_DIR 13 | done 14 | -------------------------------------------------------------------------------- /source/html/osd/README.md: -------------------------------------------------------------------------------- 1 | Source for these templates is here: 2 | * https://openshift.github.io/oauth-templates/od/errors.html 3 | * https://openshift.github.io/oauth-templates/od/login.html 4 | * https://openshift.github.io/oauth-templates/od/providers.html 5 | 6 | To stuff them in the correct place in this repo run `make generate-oauth-templates`. --------------------------------------------------------------------------------