├── .claude └── commands │ └── code-review.md ├── .dockerignore ├── .github ├── pull_request_template.md ├── renovate.json └── workflows │ ├── handle-onboard-request.yml │ ├── rbac-gen.yml │ ├── regenerate-charts.yml │ ├── regenerate-operator-bundles-2.0.yml │ ├── regenerate-operator-bundles-2.1.yml │ ├── regenerate-operator-bundles-2.2.yml │ ├── regenerate-operator-bundles-2.3.yml │ ├── regenerate-operator-bundles-2.4.yml │ ├── regenerate-operator-bundles-2.5.yml │ ├── regenerate-operator-bundles-2.6.yml │ ├── regenerate-operator-bundles-2.7.yml │ ├── regenerate-operator-bundles.yml │ ├── regenerate-sha-commit-2.6.yml │ ├── regenerate-sha-commit-2.7.yml │ ├── regenerate-sha-commit.yml │ └── resync-owner-file.yml ├── .gitignore ├── .tekton ├── backplane-operator-main-unit-test.yaml ├── backplane-operator-mce-211-pull-request.yaml └── backplane-operator-mce-211-push.yaml ├── COMPONENT_NAME ├── COMPONENT_VERSION ├── CONTRIBUTING.md ├── DCO ├── Dockerfile ├── LICENSE ├── Makefile ├── Makefile.dev ├── Makefile.prow ├── OWNERS ├── PROJECT ├── README.md ├── SECURITY.md ├── api └── v1 │ ├── groupversion_info.go │ ├── multiclusterengine_methods.go │ ├── multiclusterengine_methods_test.go │ ├── multiclusterengine_types.go │ ├── multiclusterengine_webhook.go │ ├── multiclusterengine_webhook_test.go │ ├── webhook_suite_test.go │ └── zz_generated.deepcopy.go ├── build ├── Dockerfile.prow ├── Dockerfile.rhtap └── Dockerfile.test.prow ├── bundle.Dockerfile ├── bundle ├── manifests │ ├── multicluster-engine-operator-config_v1_configmap.yaml │ ├── multicluster-engine-operator-webhook-service_v1_service.yaml │ ├── multicluster-engine.clusterserviceversion.yaml │ └── multicluster.openshift.io_multiclusterengines.yaml ├── metadata │ └── annotations.yaml └── tests │ └── scorecard │ └── config.yaml ├── config ├── crd │ ├── bases │ │ ├── multicluster.openshift.io_internalenginecomponents.yaml │ │ └── multicluster.openshift.io_multiclusterengines.yaml │ ├── kustomization.yaml │ ├── kustomizeconfig.yaml │ └── patches │ │ ├── cainjection_in_backplaneconfigs.yaml │ │ └── webhook_in_backplaneconfigs.yaml ├── default │ ├── kustomization.yaml │ ├── manager_auth_proxy_patch.yaml │ └── manager_config_patch.yaml ├── manager │ ├── controller_manager_config.yaml │ ├── kustomization.yaml │ └── manager.yaml ├── manifests │ ├── bases │ │ └── multicluster-engine.clusterserviceversion.yaml │ └── kustomization.yaml ├── prometheus │ ├── kustomization.yaml │ └── monitor.yaml ├── rbac │ ├── auth_proxy_client_clusterrole.yaml │ ├── auth_proxy_role.yaml │ ├── auth_proxy_role_binding.yaml │ ├── auth_proxy_service.yaml │ ├── backplaneconfig_editor_role.yaml │ ├── backplaneconfig_viewer_role.yaml │ ├── kustomization.yaml │ ├── leader_election_role.yaml │ ├── leader_election_role_binding.yaml │ ├── role.yaml │ ├── role_binding.yaml │ └── service_account.yaml ├── samples │ ├── kustomization.yaml │ └── multicluster_v1_multiclusterengine.yaml ├── scorecard │ ├── bases │ │ └── config.yaml │ ├── kustomization.yaml │ └── patches │ │ ├── basic.config.yaml │ │ └── olm.config.yaml └── webhook │ ├── kustomization.yaml │ └── service.yaml ├── controllers ├── backplaneconfig_controller.go ├── backplaneconfig_controller_test.go ├── common.go ├── local_cluster_test.go ├── mcewebhook │ ├── suite_test.go │ ├── webhook_controller.go │ └── webhook_controller_test.go ├── suite_test.go ├── toggle_components.go ├── toggle_components_test.go ├── uninstall.go └── uninstall_test.go ├── docs ├── README.md ├── available-components.md ├── examples │ └── image-override.json ├── override-crds.md └── override-images.md ├── go.mod ├── go.sum ├── hack ├── boilerplate.go.txt ├── bundle-automation │ ├── chart-templates │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── clusterrole.yaml │ │ │ ├── clusterrolebinding.yaml │ │ │ ├── deployment.yaml │ │ │ ├── deploymentspec.yaml │ │ │ ├── mutatingwebhookconfiguration.yaml │ │ │ ├── role.yaml │ │ │ ├── rolebinding.yaml │ │ │ ├── serviceaccount.yaml │ │ │ └── validatingwebhookconfiguration.yaml │ │ └── values.yaml │ ├── chart-values │ │ └── managed-serviceaccount │ │ │ └── overwriteValues.yaml │ ├── charts-config.yaml │ ├── config.yaml │ ├── csv_linter_rules.yaml │ ├── gen-hive-bundle.sh │ ├── generate-shell.py │ ├── requirements.txt │ └── validate_csv.py ├── catalog │ ├── catalogsource.yaml │ ├── kustomization.yaml │ ├── operatorgroup.yaml │ └── subscription.yaml ├── prereqs │ ├── kustomization.yaml │ ├── oc.yaml │ └── secret.yaml ├── scripts │ ├── dev-update-image-references.py │ └── upstream-install.sh ├── subscriptions │ ├── cluster-manager.yaml │ ├── hive.yaml │ ├── kustomization.yaml │ └── operator-group.yaml └── unit-test-crds │ ├── addondeploymentconfigs.yaml │ ├── addontemplates.yaml │ ├── clusteringress.yaml │ ├── clustermanagementaddons.addon.open-cluster-management.io.yaml │ ├── clusterversion.yaml │ ├── consoleplugin.yaml │ ├── consolequickstart.yaml │ ├── managedcluster.yaml │ ├── managedclusteraddons.yaml │ ├── operatorcondition.yaml │ ├── prometheusrule.yaml │ ├── route.yaml │ └── servicemonitor.yaml ├── main.go ├── pkg ├── foundation │ ├── cluster_manager.go │ └── cluster_manager_test.go ├── hive │ └── hiveconfig.go ├── manifest │ ├── manifest.go │ └── manifest_test.go ├── messages │ └── messages.go ├── overrides │ ├── overrides.go │ └── overrides_test.go ├── rendering │ ├── addon.go │ ├── addon_test.go │ ├── license_test.go │ ├── renderer.go │ └── renderer_test.go ├── status │ ├── cluster_manager.go │ ├── cluster_manager_test.go │ ├── condition.go │ ├── condition_test.go │ ├── console.go │ ├── console_test.go │ ├── deployment.go │ ├── deployment_test.go │ ├── generic.go │ ├── generic_test.go │ ├── local_cluster.go │ ├── local_cluster_test.go │ ├── status.go │ └── status_test.go ├── templates │ ├── charts │ │ ├── always │ │ │ └── rbac-aggregates │ │ │ │ ├── Chart.yaml │ │ │ │ ├── templates │ │ │ │ ├── clusterrole-admin-assisted-install.yaml │ │ │ │ ├── clusterrole-admin-clc.yaml │ │ │ │ ├── clusterrole-admin-discovery.yaml │ │ │ │ ├── clusterrole-admin-managed-serviceaccount.yaml │ │ │ │ ├── clusterrole-clusteradmin-assisted-install.yaml │ │ │ │ ├── clusterrole-clusteradmin-clc.yaml │ │ │ │ ├── clusterrole-clusteradmin-discovery.yaml │ │ │ │ ├── clusterrole-clusteradmin-foundation.yaml │ │ │ │ ├── clusterrole-clusteradmin-managed-serviceaccount.yaml │ │ │ │ ├── clusterrole-edit-assisted-install.yaml │ │ │ │ ├── clusterrole-edit-clc.yaml │ │ │ │ ├── clusterrole-edit-discovery.yaml │ │ │ │ ├── clusterrole-edit-managed-serviceaccount.yaml │ │ │ │ ├── clusterrole-view-assisted-install.yaml │ │ │ │ ├── clusterrole-view-clc.yaml │ │ │ │ ├── clusterrole-view-discovery.yaml │ │ │ │ └── clusterrole-view-managed-serviceaccount.yaml │ │ │ │ ├── unused │ │ │ │ ├── clusterrole-admin-unused.yaml │ │ │ │ ├── clusterrole-clusteradmin-unused.yaml │ │ │ │ ├── clusterrole-edit-unused.yaml │ │ │ │ └── clusterrole-view-unused.yaml │ │ │ │ └── values.yaml │ │ ├── hosted │ │ │ └── server-foundation │ │ │ │ ├── Chart.yaml │ │ │ │ ├── templates │ │ │ │ ├── managedcluster-import-role.yaml │ │ │ │ ├── managedcluster-import-role_binding.yaml │ │ │ │ └── managedcluster-import-service_account.yaml │ │ │ │ └── values.yaml │ │ ├── hosting │ │ │ └── server-foundation │ │ │ │ ├── Chart.yaml │ │ │ │ ├── templates │ │ │ │ └── managedcluster-import-deployment.yaml │ │ │ │ └── values.yaml │ │ └── toggle │ │ │ ├── assisted-service │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── assisted-service-clusterrole.yaml │ │ │ │ ├── assisted-service-clusterrolebinding.yaml │ │ │ │ ├── assisted-service-role.yaml │ │ │ │ ├── assisted-service-rolebinding.yaml │ │ │ │ ├── assisted-service-serviceaccount.yaml │ │ │ │ └── infrastructure-operator.yaml │ │ │ └── values.yaml │ │ │ ├── cluster-api-k8s │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── capi-aggregated-manager-role-clusterrole.yaml │ │ │ │ ├── capi-controller-manager-deployment.yaml │ │ │ │ ├── capi-leader-election-role-role.yaml │ │ │ │ ├── capi-leader-election-rolebinding-rolebinding.yaml │ │ │ │ ├── capi-manager-role-clusterrole.yaml │ │ │ │ ├── capi-manager-rolebinding-clusterrolebinding.yaml │ │ │ │ ├── capi-manager-serviceaccount.yaml │ │ │ │ ├── capi-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml │ │ │ │ ├── capi-selfsigned-issuer-issuer.yaml │ │ │ │ ├── capi-serving-cert-certificate.yaml │ │ │ │ ├── capi-validating-webhook-configuration-validatingwebhookconfiguration.yaml │ │ │ │ └── capi-webhook-service-service.yaml │ │ │ └── values.yaml │ │ │ ├── cluster-api-provider-aws │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── capa-controller-manager-deployment.yaml │ │ │ │ ├── capa-controller-manager-serviceaccount.yaml │ │ │ │ ├── capa-leader-elect-role-role.yaml │ │ │ │ ├── capa-leader-elect-rolebinding-rolebinding.yaml │ │ │ │ ├── capa-manager-bootstrap-credentials-secret.yaml │ │ │ │ ├── capa-manager-role-clusterrole.yaml │ │ │ │ ├── capa-manager-rolebinding-clusterrolebinding.yaml │ │ │ │ ├── capa-metrics-service-service.yaml │ │ │ │ ├── capa-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml │ │ │ │ ├── capa-system-namespace.yaml │ │ │ │ ├── capa-validating-webhook-configuration-validatingwebhookconfiguration.yaml │ │ │ │ └── capa-webhook-service-service.yaml │ │ │ └── values.yaml │ │ │ ├── cluster-api-provider-metal3-k8s │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── capm3-capm3fasttrack-configmap-configmap.yaml │ │ │ │ ├── capm3-controller-manager-deployment.yaml │ │ │ │ ├── capm3-leader-election-role-role.yaml │ │ │ │ ├── capm3-leader-election-rolebinding-rolebinding.yaml │ │ │ │ ├── capm3-manager-role-clusterrole.yaml │ │ │ │ ├── capm3-manager-rolebinding-clusterrolebinding.yaml │ │ │ │ ├── capm3-manager-serviceaccount.yaml │ │ │ │ ├── capm3-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml │ │ │ │ ├── capm3-selfsigned-issuer-issuer.yaml │ │ │ │ ├── capm3-serving-cert-certificate.yaml │ │ │ │ ├── capm3-validating-webhook-configuration-validatingwebhookconfiguration.yaml │ │ │ │ └── capm3-webhook-service-service.yaml │ │ │ └── values.yaml │ │ │ ├── cluster-api-provider-metal3 │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── capm3-capm3fasttrack-configmap-configmap.yaml │ │ │ │ ├── capm3-controller-manager-deployment.yaml │ │ │ │ ├── capm3-leader-election-role-role.yaml │ │ │ │ ├── capm3-leader-election-rolebinding-rolebinding.yaml │ │ │ │ ├── capm3-manager-role-clusterrole.yaml │ │ │ │ ├── capm3-manager-rolebinding-clusterrolebinding.yaml │ │ │ │ ├── capm3-manager-serviceaccount.yaml │ │ │ │ ├── capm3-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml │ │ │ │ ├── capm3-system-namespace.yaml │ │ │ │ ├── capm3-validating-webhook-configuration-validatingwebhookconfiguration.yaml │ │ │ │ └── capm3-webhook-service-service.yaml │ │ │ └── values.yaml │ │ │ ├── cluster-api-provider-openshift-assisted-k8s │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── capoa-bootstrap-cert-certificate.yaml │ │ │ │ ├── capoa-bootstrap-controller-manager-deployment.yaml │ │ │ │ ├── capoa-bootstrap-controller-manager-serviceaccount.yaml │ │ │ │ ├── capoa-bootstrap-leader-election-role-role.yaml │ │ │ │ ├── capoa-bootstrap-leader-election-rolebinding-rolebinding.yaml │ │ │ │ ├── capoa-bootstrap-manager-role-clusterrole.yaml │ │ │ │ ├── capoa-bootstrap-manager-rolebinding-clusterrolebinding.yaml │ │ │ │ ├── capoa-bootstrap-selfsigned-issuer-issuer.yaml │ │ │ │ ├── capoa-bootstrap-validating-webhook-configuration-validatingwebhookconfiguration.yaml │ │ │ │ ├── capoa-bootstrap-webhook-service-service.yaml │ │ │ │ ├── capoa-controlplane-controller-manager-deployment.yaml │ │ │ │ ├── capoa-controlplane-controller-manager-serviceaccount.yaml │ │ │ │ ├── capoa-controlplane-leader-election-role-role.yaml │ │ │ │ ├── capoa-controlplane-leader-election-rolebinding-rolebinding.yaml │ │ │ │ ├── capoa-controlplane-manager-role-clusterrole.yaml │ │ │ │ └── capoa-controlplane-manager-rolebinding-clusterrolebinding.yaml │ │ │ └── values.yaml │ │ │ ├── cluster-api-provider-openshift-assisted │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── capoa-bootstrap-controller-manager-deployment.yaml │ │ │ │ ├── capoa-bootstrap-controller-manager-serviceaccount.yaml │ │ │ │ ├── capoa-bootstrap-leader-election-role-role.yaml │ │ │ │ ├── capoa-bootstrap-leader-election-rolebinding-rolebinding.yaml │ │ │ │ ├── capoa-bootstrap-manager-role-clusterrole.yaml │ │ │ │ ├── capoa-bootstrap-manager-rolebinding-clusterrolebinding.yaml │ │ │ │ ├── capoa-bootstrap-system-namespace.yaml │ │ │ │ ├── capoa-bootstrap-validating-webhook-configuration-validatingwebhookconfiguration.yaml │ │ │ │ ├── capoa-bootstrap-webhook-service-service.yaml │ │ │ │ ├── capoa-controlplane-controller-manager-deployment.yaml │ │ │ │ ├── capoa-controlplane-controller-manager-serviceaccount.yaml │ │ │ │ ├── capoa-controlplane-leader-election-role-role.yaml │ │ │ │ ├── capoa-controlplane-leader-election-rolebinding-rolebinding.yaml │ │ │ │ ├── capoa-controlplane-manager-role-clusterrole.yaml │ │ │ │ ├── capoa-controlplane-manager-rolebinding-clusterrolebinding.yaml │ │ │ │ └── capoa-controlplane-system-namespace.yaml │ │ │ └── values.yaml │ │ │ ├── cluster-api │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── capi-aggregated-manager-role-clusterrole.yaml │ │ │ │ ├── capi-controller-manager-deployment.yaml │ │ │ │ ├── capi-leader-election-role-role.yaml │ │ │ │ ├── capi-leader-election-rolebinding-rolebinding.yaml │ │ │ │ ├── capi-manager-role-clusterrole.yaml │ │ │ │ ├── capi-manager-rolebinding-clusterrolebinding.yaml │ │ │ │ ├── capi-manager-serviceaccount.yaml │ │ │ │ ├── capi-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml │ │ │ │ ├── capi-system-namespace.yaml │ │ │ │ ├── capi-validating-webhook-configuration-validatingwebhookconfiguration.yaml │ │ │ │ ├── capi-webhook-service-service.yaml │ │ │ │ ├── mce-capi-webhook-config-configuration-mutatingwebhookconfiguration.yaml │ │ │ │ ├── mce-capi-webhook-config-deployment.yaml │ │ │ │ ├── mce-capi-webhook-config-service-service.yaml │ │ │ │ ├── mce-labeling-manager-serviceaccount.yaml │ │ │ │ ├── mce-labeling-role-clusterrole.yaml │ │ │ │ └── mce-labeling-rolebinding-clusterrolebinding.yaml │ │ │ └── values.yaml │ │ │ ├── cluster-lifecycle │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── cluster-curator-clusterrole.yaml │ │ │ │ ├── cluster-curator-controller-deployment.yaml │ │ │ │ ├── cluster-curator-rolebinding.yaml │ │ │ │ ├── cluster-curator-service_account.yaml │ │ │ │ ├── cluster-image-set-clusterrole.yaml │ │ │ │ ├── cluster-image-set-deployment.yaml │ │ │ │ ├── cluster-image-set-rolebinding.yaml │ │ │ │ ├── cluster-image-set-service_account.yaml │ │ │ │ ├── clusterclaims-clusterrole.yaml │ │ │ │ ├── clusterclaims-controller-deployment.yaml │ │ │ │ ├── clusterclaims-rolebinding.yaml │ │ │ │ ├── clusterclaims-service_account.yaml │ │ │ │ ├── clusterrole-clustermanageradmin.yaml │ │ │ │ ├── metrics-clusterrole.yaml │ │ │ │ ├── metrics-clusterrole_binding.yaml │ │ │ │ ├── metrics-clusterrolebinding-prom.yaml │ │ │ │ ├── metrics-deployment.yaml │ │ │ │ ├── metrics-prometheusrule.yaml │ │ │ │ ├── metrics-service.yaml │ │ │ │ ├── metrics-service_account.yaml │ │ │ │ ├── metrics-servicemonitor.yaml │ │ │ │ ├── provider-credential-clusterrole.yaml │ │ │ │ ├── provider-credential-clusterrolebinding.yaml │ │ │ │ ├── provider-credential-controller-deployment.yaml │ │ │ │ └── provider-credential-service_account.yaml │ │ │ └── values.yaml │ │ │ ├── cluster-manager │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── cluster-manager-clusterrole.yaml │ │ │ │ ├── cluster-manager-clusterrolebinding.yaml │ │ │ │ ├── cluster-manager-serviceaccount.yaml │ │ │ │ └── cluster-manager.yaml │ │ │ └── values.yaml │ │ │ ├── cluster-proxy-addon │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── anp-route.yaml │ │ │ │ ├── anp-service.yaml │ │ │ │ ├── clustermanagementaddon.yaml │ │ │ │ ├── clusterrole.yaml │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ ├── managedproxyconfiguration.yaml │ │ │ │ ├── manager-deployment.yaml │ │ │ │ ├── role.yaml │ │ │ │ ├── rolebinding.yaml │ │ │ │ ├── serviceaccount.yaml │ │ │ │ ├── user-deployment.yaml │ │ │ │ ├── user-route.yaml │ │ │ │ └── user-service.yaml │ │ │ └── values.yaml │ │ │ ├── console-mce │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── clusterimageset-clusterrole.yaml │ │ │ │ ├── clusterimageset-clusterrolebinding.yaml │ │ │ │ ├── console-clusterrole.yaml │ │ │ │ ├── console-clusterrolebinding.yaml │ │ │ │ ├── console-configmap.yaml │ │ │ │ ├── console-deployment.yaml │ │ │ │ ├── console-metrics-monitor-role.yaml │ │ │ │ ├── console-metrics-monitor-rolebinding.yaml │ │ │ │ ├── console-plugin.yaml │ │ │ │ ├── console-prometheus-rules.yaml │ │ │ │ ├── console-service.yaml │ │ │ │ ├── console-serviceaccount.yaml │ │ │ │ └── console-servicemonitor.yaml │ │ │ └── values.yaml │ │ │ ├── discovery-operator │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── discovery-operator-clusterrole.yaml │ │ │ │ ├── discovery-operator-clusterrolebinding.yaml │ │ │ │ ├── discovery-operator-metrics-reader_rbac.authorization.k8s.io_v1_role.yaml │ │ │ │ ├── discovery-operator-role.yaml │ │ │ │ ├── discovery-operator-rolebinding.yaml │ │ │ │ ├── discovery-operator-serviceaccount.yaml │ │ │ │ ├── discovery-operator-webhook_v1_service.yaml │ │ │ │ ├── discovery-operator.yaml │ │ │ │ └── discovery-operator_v1_service.yaml │ │ │ └── values.yaml │ │ │ ├── hive-operator │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── hive-operator-clusterrole.yaml │ │ │ │ ├── hive-operator-clusterrolebinding.yaml │ │ │ │ ├── hive-operator-serviceaccount.yaml │ │ │ │ └── hive-operator.yaml │ │ │ └── values.yaml │ │ │ ├── hypershift │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── hypershift-addon-configmap.yaml │ │ │ │ ├── hypershift-addon-deploymentconfig.yaml │ │ │ │ ├── hypershift-addon-manager-clustermanagementaddon.yaml │ │ │ │ ├── hypershift-addon-manager-clusterrolebinding.yaml │ │ │ │ ├── hypershift-addon-manager-deployment.yaml │ │ │ │ ├── hypershift-addon-manager-serviceaccount.yaml │ │ │ │ └── hypershift-addon-manager_clusterrole.yaml │ │ │ └── values.yaml │ │ │ ├── image-based-install-operator │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── image-based-install-config_v1_route.yaml │ │ │ │ ├── image-based-install-config_v1_service.yaml │ │ │ │ ├── image-based-install-operator-clusterrole.yaml │ │ │ │ ├── image-based-install-operator-clusterrolebinding.yaml │ │ │ │ ├── image-based-install-operator-role.yaml │ │ │ │ ├── image-based-install-operator-rolebinding.yaml │ │ │ │ ├── image-based-install-operator-serviceaccount.yaml │ │ │ │ ├── image-based-install-operator.yaml │ │ │ │ ├── image-based-install-webhook_v1_service.yaml │ │ │ │ └── imageclusterinstalls.extensions.hive.openshift.io-validatingwebhookconfiguration.yaml │ │ │ └── values.yaml │ │ │ ├── managed-serviceaccount │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── managed-serviceaccount-2.10-addontemplate.yaml │ │ │ │ ├── managed-serviceaccount-addon-agent-clusterrole.yaml │ │ │ │ ├── managed-serviceaccount-clustermanagementaddon.yaml │ │ │ │ └── open-cluster-management-addon-manager-managed-serviceaccount-clusterrolebinding.yaml │ │ │ └── values.yaml │ │ │ └── server-foundation │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ ├── clusterrole-foundation-agent.yaml │ │ │ ├── clusterrole-foundation.yaml │ │ │ ├── clusterrolebinding-foundation.yaml │ │ │ ├── inject-admin.yaml │ │ │ ├── inject-view.yaml │ │ │ ├── managedcluster-import-agent-registration-bootstrap-clusterrole.yaml │ │ │ ├── managedcluster-import-agent-registration-bootstrap-clusterrolebinding.yaml │ │ │ ├── managedcluster-import-agent-registration-bootstrap-serviceaccount.yaml │ │ │ ├── managedcluster-import-agent-registration-client-role.yaml │ │ │ ├── managedcluster-import-agent-registration-route.yaml │ │ │ ├── managedcluster-import-agent-registration-service.yaml │ │ │ ├── managedcluster-import-config-configmap.yaml │ │ │ ├── managedcluster-import-deployment.yaml │ │ │ ├── managedcluster-import-role.yaml │ │ │ ├── managedcluster-import-role_binding.yaml │ │ │ ├── managedcluster-import-service_account.yaml │ │ │ ├── ocm-clusterview-api-svc-v1alpha1.yaml │ │ │ ├── ocm-clusterview-api-svc.yaml │ │ │ ├── ocm-controller.yaml │ │ │ ├── ocm-proxyserver-api-svc.yaml │ │ │ ├── ocm-proxyserver-svc.yaml │ │ │ ├── ocm-proxyserver.yaml │ │ │ ├── ocm-webhook-svc.yaml │ │ │ ├── ocm-webhook.yaml │ │ │ ├── serviceaccount-foundation.yaml │ │ │ ├── webhook-mutating-config.yaml │ │ │ └── webhook-validating-config.yaml │ │ │ └── values.yaml │ ├── clustermanagementaddons │ │ └── workmanager.yaml │ ├── crds │ │ ├── assisted-service │ │ │ ├── agent-install.openshift.io_agentclassifications.yaml │ │ │ ├── agent-install.openshift.io_agents.yaml │ │ │ ├── agent-install.openshift.io_agentserviceconfigs.yaml │ │ │ ├── agent-install.openshift.io_hypershiftagentserviceconfigs.yaml │ │ │ ├── agent-install.openshift.io_infraenvs.yaml │ │ │ ├── agent-install.openshift.io_nmstateconfigs.yaml │ │ │ └── extensions.hive.openshift.io_agentclusterinstalls.yaml │ │ ├── cluster-api-k8s │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_clusterclasses.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_clusterresourcesetbindings.addons.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_clusterresourcesets.addons.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_clusters.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_extensionconfigs.runtime.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_machinedeployments.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_machinedrainrules.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_machinehealthchecks.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_machinepools.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_machines.cluster.x-k8s.io.yaml │ │ │ └── apiextensions.k8s.io_v1_customresourcedefinition_machinesets.cluster.x-k8s.io.yaml │ │ ├── cluster-api-provider-aws │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_awsclustercontrolleridentities.infrastructure.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_awsclusterroleidentities.infrastructure.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_awsclusters.infrastructure.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_awsclusterstaticidentities.infrastructure.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_awsclustertemplates.infrastructure.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_awsfargateprofiles.infrastructure.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_awsmachinepools.infrastructure.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_awsmachines.infrastructure.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_awsmachinetemplates.infrastructure.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_awsmanagedclusters.infrastructure.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_awsmanagedclustertemplates.infrastructure.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_awsmanagedcontrolplanes.controlplane.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_awsmanagedcontrolplanetemplates.controlplane.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_awsmanagedmachinepools.infrastructure.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_eksconfigs.bootstrap.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_eksconfigtemplates.bootstrap.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_rosaclusters.infrastructure.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_rosacontrolplanes.controlplane.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_rosamachinepools.infrastructure.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_rosanetworks.infrastructure.cluster.x-k8s.io.yaml │ │ │ └── apiextensions.k8s.io_v1_customresourcedefinition_rosaroleconfigs.infrastructure.cluster.x-k8s.io.yaml │ │ ├── cluster-api-provider-metal3-k8s │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_metal3clusters.infrastructure.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_metal3clustertemplates.infrastructure.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_metal3dataclaims.infrastructure.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_metal3datas.infrastructure.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_metal3datatemplates.infrastructure.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_metal3machines.infrastructure.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_metal3machinetemplates.infrastructure.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_metal3remediations.infrastructure.cluster.x-k8s.io.yaml │ │ │ └── apiextensions.k8s.io_v1_customresourcedefinition_metal3remediationtemplates.infrastructure.cluster.x-k8s.io.yaml │ │ ├── cluster-api-provider-metal3 │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_ipaddresses.ipam.metal3.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_ipclaims.ipam.metal3.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_ippools.ipam.metal3.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_metal3clusters.infrastructure.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_metal3clustertemplates.infrastructure.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_metal3dataclaims.infrastructure.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_metal3datas.infrastructure.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_metal3datatemplates.infrastructure.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_metal3machines.infrastructure.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_metal3machinetemplates.infrastructure.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_metal3remediations.infrastructure.cluster.x-k8s.io.yaml │ │ │ └── apiextensions.k8s.io_v1_customresourcedefinition_metal3remediationtemplates.infrastructure.cluster.x-k8s.io.yaml │ │ ├── cluster-api-provider-openshift-assisted-k8s │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_openshiftassistedconfigs.bootstrap.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_openshiftassistedconfigtemplates.bootstrap.cluster.x-k8s.io.yaml │ │ │ └── apiextensions.k8s.io_v1_customresourcedefinition_openshiftassistedcontrolplanes.controlplane.cluster.x-k8s.io.yaml │ │ ├── cluster-api-provider-openshift-assisted │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_openshiftassistedconfigs.bootstrap.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_openshiftassistedconfigtemplates.bootstrap.cluster.x-k8s.io.yaml │ │ │ └── apiextensions.k8s.io_v1_customresourcedefinition_openshiftassistedcontrolplanes.controlplane.cluster.x-k8s.io.yaml │ │ ├── cluster-api │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_clusterclasses.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_clusterresourcesetbindings.addons.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_clusterresourcesets.addons.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_clusters.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_extensionconfigs.runtime.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_machinedeployments.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_machinedrainrules.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_machinehealthchecks.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_machinepools.cluster.x-k8s.io.yaml │ │ │ ├── apiextensions.k8s.io_v1_customresourcedefinition_machines.cluster.x-k8s.io.yaml │ │ │ └── apiextensions.k8s.io_v1_customresourcedefinition_machinesets.cluster.x-k8s.io.yaml │ │ ├── cluster-lifecycle │ │ │ └── cluster.open-cluster-management.io_clustercurators.yaml │ │ ├── cluster-manager │ │ │ └── operator.open-cluster-management.io_clustermanagers.yaml │ │ ├── cluster-proxy-addon │ │ │ ├── proxy.open-cluster-management.io_managedproxyconfigurations.yaml │ │ │ └── proxy.open-cluster-management.io_managedproxyserviceresolvers.yaml │ │ ├── discovery-operator │ │ │ ├── discovery.open-cluster-management.io_discoveredclusters.yaml │ │ │ └── discovery.open-cluster-management.io_discoveryconfigs.yaml │ │ ├── foundation │ │ │ ├── action.open-cluster-management.io_managedclusteractions_crd.yaml │ │ │ ├── config.open-cluster-management.io_klusterletconfigs_crd.yaml │ │ │ ├── imageregistry.open-cluster-management.io_managedclusterimageregistries.yaml │ │ │ ├── internal.open-cluster-management.io_managedclusterinfos_crd.yaml │ │ │ └── view.open-cluster-management.io_managedclusterviews_crd.yaml │ │ ├── hive-operator │ │ │ ├── hive.openshift.io_checkpoints.yaml │ │ │ ├── hive.openshift.io_clusterclaims.yaml │ │ │ ├── hive.openshift.io_clusterdeploymentcustomizations.yaml │ │ │ ├── hive.openshift.io_clusterdeployments.yaml │ │ │ ├── hive.openshift.io_clusterdeprovisions.yaml │ │ │ ├── hive.openshift.io_clusterimagesets.yaml │ │ │ ├── hive.openshift.io_clusterpools.yaml │ │ │ ├── hive.openshift.io_clusterprovisions.yaml │ │ │ ├── hive.openshift.io_clusterrelocates.yaml │ │ │ ├── hive.openshift.io_clusterstates.yaml │ │ │ ├── hive.openshift.io_dnszones.yaml │ │ │ ├── hive.openshift.io_hiveconfigs.yaml │ │ │ ├── hive.openshift.io_machinepoolnameleases.yaml │ │ │ ├── hive.openshift.io_machinepools.yaml │ │ │ ├── hive.openshift.io_selectorsyncidentityproviders.yaml │ │ │ ├── hive.openshift.io_selectorsyncsets.yaml │ │ │ ├── hive.openshift.io_syncidentityproviders.yaml │ │ │ ├── hive.openshift.io_syncsets.yaml │ │ │ ├── hiveinternal.openshift.io_clustersyncleases.yaml │ │ │ ├── hiveinternal.openshift.io_clustersyncs.yaml │ │ │ └── hiveinternal.openshift.io_fakeclusterinstalls.yaml │ │ ├── image-based-install-operator │ │ │ └── extensions.hive.openshift.io_imageclusterinstalls.yaml │ │ ├── internal │ │ │ └── internal-engine-component.yaml │ │ └── managed-serviceaccount │ │ │ └── authentication.open-cluster-management.io_managedserviceaccounts.yaml │ ├── hosted-crds │ │ └── managed-import │ │ │ ├── agent-install.openshift.io_infraenvs.yaml │ │ │ └── hive.openshift.io_clusterdeployments.yaml │ ├── rbac.go │ └── rbac_gen.go ├── toggle │ └── toggle.go ├── utils │ ├── annotations.go │ ├── annotations_test.go │ ├── defaults.go │ ├── detect_ocp_test.go │ ├── local_cluster.go │ ├── local_cluster_test.go │ ├── operatorconditions.go │ ├── operatorconditions_test.go │ ├── utils.go │ └── utils_test.go └── version │ ├── base.go │ ├── version.go │ └── version_test.go ├── sonar-project.properties └── test ├── function_tests ├── backplane_operator_install_test │ ├── backplane_operator_install_test.go │ └── backplane_operator_suite_test.go ├── resources │ ├── managedcluster.yaml │ ├── multiclusterhub.yaml │ └── multiclusterhub_crd.yaml └── run_tests.sh └── unit-test-crds ├── cluster-api-provider-aws └── awsclusters.infrastructure.cluster.x-k8s.io.yaml ├── cluster-api └── clusters.cluster.x-k8s.io.yaml └── extensions.hive.openshift.io_agentclusterinstalls.yaml /.claude/commands/code-review.md: -------------------------------------------------------------------------------- 1 | --- 2 | allowed-tools: Bash(git fetch), Bash(git pull), Bash(git status:*), Bash(git log) 3 | argument-hint: [remote base branch] 4 | --- 5 | - Analyze the code changes made in this branch compared to $1. 6 | - Any and all changes should be reviewed no matter where they are in the project. -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | # More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file 2 | # Ignore all files which are not go type 3 | !**/*.go 4 | !**/*.mod 5 | !**/*.sum 6 | 7 | # Exclude test files 8 | # **/*_test.go 9 | # **/test/** -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | Please provide a brief description of the purpose of this pull request. 4 | 5 | ## Related Issue 6 | 7 | If applicable, please reference the issue(s) that this pull request addresses. 8 | 9 | ## Changes Made 10 | 11 | Provide a clear and concise overview of the changes made in this pull request. 12 | 13 | ## Screenshots (if applicable) 14 | 15 | Add screenshots or GIFs that demonstrate the changes visually, if relevant. 16 | 17 | ## Checklist 18 | 19 | - [ ] I have tested the changes locally and they are functioning as expected. 20 | - [ ] I have updated the documentation (if necessary) to reflect the changes. 21 | - [ ] I have added/updated relevant unit tests (if applicable). 22 | - [ ] I have ensured that my code follows the project's coding standards. 23 | - [ ] I have checked for any potential security issues and addressed them. 24 | - [ ] I have added necessary comments to the code, especially in complex or unclear sections. 25 | - [ ] I have rebased my branch on top of the latest main/master branch. 26 | 27 | ## Additional Notes 28 | 29 | Add any additional notes, context, or information that might be helpful for reviewers. 30 | 31 | ## Reviewers 32 | 33 | Tag the appropriate reviewers who should review this pull request. To add reviewers, please add the following line: `/cc @reviewer1 @reviewer2` 34 | 35 | ## Definition of Done 36 | 37 | - [ ] Code is reviewed. 38 | - [ ] Code is tested. 39 | - [ ] Documentation is updated. 40 | - [ ] All checks and tests pass. 41 | - [ ] Approved by at least one reviewer. 42 | - [ ] Merged into the main/master branch. 43 | -------------------------------------------------------------------------------- /.github/renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "addLabels": [ 4 | "ok-to-test" 5 | ], 6 | "baseBranchPatterns": [ 7 | "/(^main$)|(^backplane-(2\\.(6|7|8|9|[1-9][0-9]+)|[3-9]\\.\\d+)$)/" 8 | ], 9 | "rebaseWhen": "behind-base-branch", 10 | "recreateWhen": "never", 11 | "schedule": [ 12 | "before 8am on tuesday and thursday" 13 | ], 14 | "timezone": "America/New_York" 15 | } 16 | -------------------------------------------------------------------------------- /.github/workflows/rbac-gen.yml: -------------------------------------------------------------------------------- 1 | name: RBAC validation 2 | 3 | on: 4 | pull_request: 5 | branches: 6 | - main 7 | 8 | defaults: 9 | run: 10 | shell: bash 11 | 12 | jobs: 13 | rbac-check: 14 | runs-on: ubuntu-latest 15 | strategy: 16 | matrix: 17 | go: 18 | - '1.24.8' 19 | name: Generate role permissions 20 | steps: 21 | - name: Checkout backplane 22 | uses: actions/checkout@v2 23 | with: 24 | fetch-depth: 0 25 | 26 | - name: Set up Go - ${{ matrix.go }} 27 | uses: actions/setup-go@v2 28 | id: go 29 | with: 30 | go-version: ${{ matrix.go }} 31 | 32 | - name: Verify modules 33 | run: | 34 | go mod verify 35 | 36 | - name: Verify format 37 | run: | 38 | make fmt 39 | git diff --exit-code 40 | 41 | - name: Set up controller-gen 42 | run: | 43 | go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.19.0 44 | 45 | - name: Generate RBAC file 46 | run: | 47 | go generate 48 | 49 | - name: Regenerate role 50 | run: | 51 | controller-gen rbac:roleName=multicluster-engine-operator-role paths="./..." 52 | 53 | - name: Check if files have changed 54 | run: | 55 | git diff 56 | FILES_CHANGED=$(git diff --name-only | wc -l) 57 | if [ "$FILES_CHANGED" != "0" ]; then echo "Remember to run go generate to update rbac"; exit 1; fi; -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Binaries for programs and plugins 3 | *.exe 4 | *.exe~ 5 | *.dll 6 | *.so 7 | *.dylib 8 | *.pyc 9 | testbin/* 10 | .DS_STORE 11 | .vscode/* 12 | venv 13 | 14 | bin/ 15 | 16 | darwin-amd64/ 17 | linux-amd64/ 18 | env-vars.txt 19 | helm3.tar.gz 20 | # Test binary, build with `go test -c` 21 | *.test 22 | 23 | # Output of the go coverage tool, specifically when used with LiteIDE 24 | *.out 25 | 26 | # Kubernetes Generated files - skip generated files, except for vendored files 27 | vendor/ 28 | !vendor/**/zz_generated.* 29 | 30 | # editor and IDE paraphernalia 31 | .idea 32 | *.swp 33 | *.swo 34 | *~ 35 | 36 | 37 | #function test results 38 | test/function_tests/results/* 39 | 40 | test/mock-component-image/bin 41 | test/mock-component-image/scripts/_pycache_ 42 | hack/bundle-automation/tmp/ 43 | 44 | # Ignore partial workflow directory 45 | workflow/ 46 | -------------------------------------------------------------------------------- /COMPONENT_NAME: -------------------------------------------------------------------------------- 1 | backplane-operator 2 | -------------------------------------------------------------------------------- /COMPONENT_VERSION: -------------------------------------------------------------------------------- 1 | 2.11.0 2 | -------------------------------------------------------------------------------- /DCO: -------------------------------------------------------------------------------- 1 | Developer Certificate of Origin 2 | Version 1.1 3 | 4 | Copyright (C) 2004, 2006 The Linux Foundation and its contributors. 5 | 1 Letterman Drive 6 | Suite D4700 7 | San Francisco, CA, 94129 8 | 9 | Everyone is permitted to copy and distribute verbatim copies of this 10 | license document, but changing it is not allowed. 11 | 12 | 13 | Developer's Certificate of Origin 1.1 14 | 15 | By making a contribution to this project, I certify that: 16 | 17 | (a) The contribution was created in whole or in part by me and I 18 | have the right to submit it under the open source license 19 | indicated in the file; or 20 | 21 | (b) The contribution is based upon previous work that, to the best 22 | of my knowledge, is covered under an appropriate open source 23 | license and I have the right under that license to submit that 24 | work with modifications, whether created in whole or in part 25 | by me, under the same open source license (unless I am 26 | permitted to submit under a different license), as indicated 27 | in the file; or 28 | 29 | (c) The contribution was provided directly to me by some other 30 | person who certified (a), (b) or (c) and I have not modified 31 | it. 32 | 33 | (d) I understand and agree that this project and the contribution 34 | are public and that a record of the contribution (including all 35 | personal information I submit with it, including my sign-off) is 36 | maintained indefinitely and may be redistributed consistent with 37 | this project or the open source license(s) involved. -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # Build the backplane-operator binary 2 | FROM golang:1.24 as builder 3 | 4 | ARG LDFLAGS 5 | 6 | WORKDIR /workspace 7 | # Copy the Go Modules manifests 8 | COPY go.mod go.mod 9 | COPY go.sum go.sum 10 | # cache deps before building and copying source so that we don't need to re-download as much 11 | # and so that source changes don't invalidate our downloaded layer 12 | RUN go mod download 13 | 14 | # Copy the go source 15 | COPY main.go main.go 16 | COPY api/ api/ 17 | COPY controllers/ controllers/ 18 | COPY pkg/ pkg/ 19 | 20 | # Build 21 | RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -ldflags "${LDFLAGS}" -o backplane-operator main.go 22 | 23 | # Use distroless as minimal base image to package the manager binary 24 | # Refer to https://github.com/GoogleContainerTools/distroless for more details 25 | FROM registry.access.redhat.com/ubi9/ubi-minimal:latest 26 | WORKDIR /app 27 | COPY --from=builder /workspace/backplane-operator . 28 | COPY --from=builder /workspace/pkg/templates pkg/templates 29 | 30 | USER 65532:65532 31 | 32 | ENTRYPOINT ["/app/backplane-operator"] 33 | -------------------------------------------------------------------------------- /Makefile.prow: -------------------------------------------------------------------------------- 1 | -include /opt/build-harness/Makefile.prow 2 | -include Makefile.dev -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- 1 | approvers: 2 | - cameronmwall 3 | - dislbenn 4 | - gparvin 5 | - ngraham20 6 | 7 | reviewers: 8 | - cameronmwall 9 | - dislbenn 10 | - gparvin 11 | - ngraham20 12 | -------------------------------------------------------------------------------- /PROJECT: -------------------------------------------------------------------------------- 1 | domain: open-cluster-management.io 2 | layout: 3 | - go.kubebuilder.io/v4 4 | plugins: 5 | manifests.sdk.operatorframework.io/v2: {} 6 | scorecard.sdk.operatorframework.io/v2: {} 7 | projectName: multicluster-engine 8 | repo: github.com/stolostron/backplane-operator 9 | resources: 10 | - api: 11 | crdVersion: v1alpha1 12 | namespaced: false 13 | controller: true 14 | domain: openshift.io 15 | group: multicluster 16 | kind: MultiClusterEngine 17 | path: github.com/stolostron/backplane-operator/api/v1 18 | version: v1 19 | webhooks: 20 | defaulting: true 21 | validation: true 22 | webhookVersion: v1 23 | version: "3" 24 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Backplane Operator 2 | 3 | Operator for managing installation of Backplane components 4 | 5 | ## Prerequisites 6 | 7 | - Go v1.24.0+ 8 | - kubectl 1.19+ 9 | - Operator-sdk v1.17.0+ 10 | - Docker or Podman 11 | - Connection to an existing Kubernetes cluster 12 | 13 | ## Installation 14 | 15 | Before deploying, the CRDs need to be installed onto the cluster. 16 | 17 | ```bash 18 | make install 19 | ``` 20 | 21 | ### Outside the Cluster 22 | 23 | The operator can be run locally against the configured Kubernetes cluster in ~/.kube/config with the following command: 24 | 25 | ```bash 26 | make run 27 | ``` 28 | 29 | ### Inside the Cluster 30 | 31 | The operator can also run inside the cluster as a Deployment. To do that first build the container image and push to an accessible image registry: 32 | 33 | 1. Build the image: 34 | 35 | ```bash 36 | make docker-build IMG=/: 37 | # or 38 | make podman-build IMG=/: 39 | ``` 40 | 41 | 2. Push the image: 42 | 43 | ```bash 44 | make docker-push IMG=/: 45 | # or 46 | make podman-push IMG=/: 47 | ``` 48 | 49 | 3. Deploy the Operator: 50 | 51 | ```bash 52 | make deploy IMG=/: 53 | ``` 54 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | [comment]: # ( Copyright Contributors to the Open Cluster Management project ) 2 | 3 | If a security issue is found you can disclose it confidentially by contacting Red Hat's Product Security team. Details at https://access.redhat.com/security/team/contact 4 | -------------------------------------------------------------------------------- /api/v1/groupversion_info.go: -------------------------------------------------------------------------------- 1 | // Copyright Contributors to the Open Cluster Management project 2 | 3 | /* 4 | Copyright 2021. 5 | 6 | Licensed under the Apache License, Version 2.0 (the "License"); 7 | you may not use this file except in compliance with the License. 8 | You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, software 13 | distributed under the License is distributed on an "AS IS" BASIS, 14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | See the License for the specific language governing permissions and 16 | limitations under the License. 17 | */ 18 | 19 | // Package v1 contains API Schema definitions for the multiclusterengine v1 API group 20 | // +kubebuilder:object:generate=true 21 | // +groupName=multicluster.openshift.io 22 | package v1 23 | 24 | import ( 25 | "k8s.io/apimachinery/pkg/runtime/schema" 26 | "sigs.k8s.io/controller-runtime/pkg/scheme" 27 | ) 28 | 29 | var ( 30 | // GroupVersion is group version used to register these objects 31 | GroupVersion = schema.GroupVersion{Group: "multicluster.openshift.io", Version: "v1"} 32 | 33 | // SchemeBuilder is used to add go types to the GroupVersionKind scheme 34 | SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} 35 | 36 | // AddToScheme adds the types in this group-version to the given scheme. 37 | AddToScheme = SchemeBuilder.AddToScheme 38 | ) 39 | -------------------------------------------------------------------------------- /build/Dockerfile.prow: -------------------------------------------------------------------------------- 1 | # Build the backplane-operator binary 2 | FROM registry.ci.openshift.org/stolostron/builder:go1.24-linux AS builder 3 | 4 | WORKDIR /workspace 5 | # Copy the Go Modules manifests 6 | COPY go.mod go.mod 7 | COPY go.sum go.sum 8 | # cache deps before building and copying source so that we don't need to re-download as much 9 | # and so that source changes don't invalidate our downloaded layer 10 | RUN go mod download 11 | 12 | # Copy the go source 13 | COPY main.go main.go 14 | COPY api/ api/ 15 | COPY controllers/ controllers/ 16 | COPY pkg/ pkg/ 17 | 18 | # Build 19 | RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o backplane-operator main.go 20 | 21 | # Use distroless as minimal base image to package the manager binary 22 | # Refer to https://github.com/GoogleContainerTools/distroless for more details 23 | FROM registry.access.redhat.com/ubi9/ubi-minimal:latest 24 | WORKDIR /app 25 | COPY --from=builder /workspace/backplane-operator . 26 | COPY --from=builder /workspace/pkg/templates pkg/templates 27 | 28 | USER 65532:65532 29 | 30 | ENTRYPOINT ["/app/backplane-operator"] 31 | -------------------------------------------------------------------------------- /build/Dockerfile.rhtap: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | FROM registry.access.redhat.com/ubi9/ubi-minimal:latest as cloner 4 | 5 | RUN microdnf install -y git findutils 6 | COPY hack/scripts hack/scripts 7 | 8 | # Build the backplane-operator binary 9 | FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_9_1.24 AS builder 10 | 11 | WORKDIR /workspace 12 | # Copy the Go Modules manifests 13 | COPY go.mod go.mod 14 | COPY go.sum go.sum 15 | 16 | # Copy the go source 17 | COPY main.go main.go 18 | COPY api/ api/ 19 | COPY controllers/ controllers/ 20 | COPY pkg/ pkg/ 21 | 22 | # Build 23 | RUN CGO_ENABLED=1 go build -mod=readonly -o backplane-operator main.go 24 | 25 | FROM registry.access.redhat.com/ubi9/ubi-minimal:latest 26 | 27 | LABEL org.label-schema.vendor="Red Hat" \ 28 | org.label-schema.name="backplane-operator" \ 29 | org.label-schema.description="Installer operator for Red Hat multicluster engine for Kubernetes" \ 30 | name="multicluster-engine/backplane-rhel9-operator" \ 31 | summary="MultiClusterEngine installer for Red Hat multicluster engine for Kubernetes" \ 32 | description="Installer operator for Red Hat multicluster engine for Kubernetes" \ 33 | io.k8s.display-name="MultiClusterEngine operator" \ 34 | io.k8s.description="Installer operator for Red Hat multicluster engine for Kubernetes" \ 35 | com.redhat.component="multicluster-engine-operator-container" \ 36 | io.openshift.tags="data,images" 37 | 38 | WORKDIR /app 39 | COPY --from=builder /workspace/backplane-operator . 40 | COPY --from=builder /workspace/pkg/templates pkg/templates 41 | 42 | USER 65532:65532 43 | 44 | ENTRYPOINT ["/app/backplane-operator"] 45 | LABEL url="https://github.com/stolostron/backplane-operator" 46 | -------------------------------------------------------------------------------- /build/Dockerfile.test.prow: -------------------------------------------------------------------------------- 1 | # Build the backplane-operator binary 2 | FROM registry.ci.openshift.org/stolostron/builder:go1.24-linux AS builder 3 | 4 | WORKDIR /workspace 5 | 6 | COPY api/ api/ 7 | COPY test/function_tests/ test/function_tests/ 8 | COPY go.mod go.mod 9 | COPY go.sum go.sum 10 | 11 | RUN go install github.com/onsi/ginkgo/v2/ginkgo@latest 12 | RUN ginkgo build test/function_tests/backplane_operator_install_test 13 | 14 | FROM registry.access.redhat.com/ubi9/ubi-minimal:latest 15 | 16 | ENV KUBECONFIG "/opt/.kube/config" 17 | ENV RESOURCE_DIR "resources" 18 | 19 | USER root 20 | WORKDIR /test 21 | 22 | COPY --from=builder /workspace/test/function_tests/backplane_operator_install_test/backplane_operator_install_test.test backplane_operator_install_test/backplane_operator_install_test.test 23 | COPY --from=builder /workspace/test/function_tests/resources/ resources/ 24 | 25 | CMD ["/test/backplane_operator_install_test/backplane_operator_install_test.test" , "-ginkgo.v"] 26 | -------------------------------------------------------------------------------- /bundle.Dockerfile: -------------------------------------------------------------------------------- 1 | FROM scratch 2 | 3 | # Core bundle labels. 4 | LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 5 | LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ 6 | LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ 7 | LABEL operators.operatorframework.io.bundle.package.v1=multicluster-engine 8 | LABEL operators.operatorframework.io.bundle.channels.v1=stable 9 | LABEL operators.operatorframework.io.bundle.channel.default.v1=stable 10 | LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.41.1 11 | LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 12 | LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v4 13 | 14 | # Labels for testing. 15 | LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 16 | LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ 17 | 18 | # Copy files to locations specified by labels. 19 | COPY bundle/manifests /manifests/ 20 | COPY bundle/metadata /metadata/ 21 | COPY bundle/tests/scorecard /tests/scorecard/ 22 | -------------------------------------------------------------------------------- /bundle/manifests/multicluster-engine-operator-config_v1_configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | controller_manager_config.yaml: | 4 | apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 5 | kind: ControllerManagerConfig 6 | health: 7 | healthProbeBindAddress: :8081 8 | metrics: 9 | bindAddress: 127.0.0.1:8080 10 | webhook: 11 | port: 9443 12 | leaderElection: 13 | leaderElect: true 14 | resourceName: 797f9276.open-cluster-management.io 15 | kind: ConfigMap 16 | metadata: 17 | name: multicluster-engine-operator-config 18 | -------------------------------------------------------------------------------- /bundle/manifests/multicluster-engine-operator-webhook-service_v1_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | annotations: 5 | service.beta.openshift.io/serving-cert-secret-name: multicluster-engine-operator-webhook 6 | creationTimestamp: null 7 | name: multicluster-engine-operator-webhook-service 8 | spec: 9 | ports: 10 | - port: 443 11 | targetPort: 9443 12 | selector: 13 | control-plane: backplane-operator 14 | status: 15 | loadBalancer: {} 16 | -------------------------------------------------------------------------------- /bundle/metadata/annotations.yaml: -------------------------------------------------------------------------------- 1 | annotations: 2 | # Core bundle annotations. 3 | operators.operatorframework.io.bundle.mediatype.v1: registry+v1 4 | operators.operatorframework.io.bundle.manifests.v1: manifests/ 5 | operators.operatorframework.io.bundle.metadata.v1: metadata/ 6 | operators.operatorframework.io.bundle.package.v1: multicluster-engine 7 | operators.operatorframework.io.bundle.channels.v1: stable 8 | operators.operatorframework.io.bundle.channel.default.v1: stable 9 | operators.operatorframework.io.metrics.builder: operator-sdk-v1.41.1 10 | operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 11 | operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v4 12 | 13 | # Annotations for testing. 14 | operators.operatorframework.io.test.mediatype.v1: scorecard+v1 15 | operators.operatorframework.io.test.config.v1: tests/scorecard/ 16 | -------------------------------------------------------------------------------- /config/crd/bases/multicluster.openshift.io_internalenginecomponents.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | controller-gen.kubebuilder.io/version: v0.19.0 7 | name: internalenginecomponents.multicluster.openshift.io 8 | spec: 9 | group: multicluster.openshift.io 10 | names: 11 | kind: InternalEngineComponent 12 | listKind: InternalEngineComponentList 13 | plural: internalenginecomponents 14 | singular: internalenginecomponent 15 | scope: Namespaced 16 | versions: 17 | - name: v1 18 | schema: 19 | openAPIV3Schema: 20 | properties: 21 | apiVersion: 22 | description: |- 23 | APIVersion defines the versioned schema of this representation of an object. 24 | Servers should convert recognized schemas to the latest internal value, and 25 | may reject unrecognized values. 26 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 27 | type: string 28 | kind: 29 | description: |- 30 | Kind is a string value representing the REST resource this object represents. 31 | Servers may infer this from the endpoint the client submits requests to. 32 | Cannot be updated. 33 | In CamelCase. 34 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 35 | type: string 36 | metadata: 37 | type: object 38 | spec: 39 | type: object 40 | type: object 41 | served: true 42 | storage: true 43 | -------------------------------------------------------------------------------- /config/crd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # This kustomization.yaml is not intended to be run by itself, 2 | # since it depends on service name and namespace that are out of this kustomize package. 3 | # It should be run by config/default 4 | resources: 5 | - bases/multicluster.openshift.io_multiclusterengines.yaml 6 | #+kubebuilder:scaffold:crdkustomizeresource 7 | 8 | patchesStrategicMerge: 9 | # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. 10 | # patches here are for enabling the conversion webhook for each CRD 11 | #- patches/webhook_in_backplaneconfigs.yaml 12 | #+kubebuilder:scaffold:crdkustomizewebhookpatch 13 | 14 | # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix. 15 | # patches here are for enabling the CA injection for each CRD 16 | #- patches/cainjection_in_backplaneconfigs.yaml 17 | #+kubebuilder:scaffold:crdkustomizecainjectionpatch 18 | 19 | # the following config is for teaching kustomize how to do kustomization for CRDs. 20 | configurations: 21 | - kustomizeconfig.yaml 22 | -------------------------------------------------------------------------------- /config/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | version: v1 8 | group: apiextensions.k8s.io 9 | path: spec/conversion/webhook/clientConfig/service/name 10 | 11 | namespace: 12 | - kind: CustomResourceDefinition 13 | version: v1 14 | group: apiextensions.k8s.io 15 | path: spec/conversion/webhook/clientConfig/service/namespace 16 | create: false 17 | 18 | varReference: 19 | - path: metadata/annotations 20 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_backplaneconfigs.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: backplaneconfigs.backplane.open-cluster-management.io 8 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_backplaneconfigs.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: multiclusterengines.multicluster.openshift.io 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /config/default/manager_auth_proxy_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch inject a sidecar container which is a HTTP proxy for the 2 | # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: controller-manager 7 | namespace: system 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: kube-rbac-proxy 13 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 14 | args: 15 | - "--secure-listen-address=0.0.0.0:8443" 16 | - "--upstream=http://127.0.0.1:8080/" 17 | - "--logtostderr=true" 18 | - "--v=10" 19 | ports: 20 | - containerPort: 8443 21 | name: https 22 | - name: manager 23 | args: 24 | - "--health-probe-bind-address=:8081" 25 | - "--metrics-bind-address=127.0.0.1:8080" 26 | - "--leader-elect" 27 | -------------------------------------------------------------------------------- /config/default/manager_config_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | args: 12 | - "--config=controller_manager_config.yaml" 13 | volumeMounts: 14 | - name: manager-config 15 | mountPath: /controller_manager_config.yaml 16 | subPath: controller_manager_config.yaml 17 | volumes: 18 | - name: manager-config 19 | configMap: 20 | name: manager-config 21 | -------------------------------------------------------------------------------- /config/manager/controller_manager_config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 2 | kind: ControllerManagerConfig 3 | health: 4 | healthProbeBindAddress: :8081 5 | metrics: 6 | bindAddress: 127.0.0.1:8080 7 | webhook: 8 | port: 9443 9 | leaderElection: 10 | leaderElect: true 11 | resourceName: 797f9276.open-cluster-management.io 12 | -------------------------------------------------------------------------------- /config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | 4 | generatorOptions: 5 | disableNameSuffixHash: true 6 | 7 | configMapGenerator: 8 | - files: 9 | - controller_manager_config.yaml 10 | name: multicluster-engine-operator-config 11 | apiVersion: kustomize.config.k8s.io/v1beta1 12 | kind: Kustomization 13 | images: 14 | - name: controller 15 | newName: quay.io/stolostron/backplane-operator 16 | newTag: latest 17 | -------------------------------------------------------------------------------- /config/manifests/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # These resources constitute the fully configured set of manifests 2 | # used to generate the 'manifests/' directory in a bundle. 3 | resources: 4 | - bases/multicluster-engine.clusterserviceversion.yaml 5 | - ../default 6 | - ../samples 7 | - ../scorecard 8 | 9 | # [WEBHOOK] To enable webhooks, uncomment all the sections with [WEBHOOK] prefix. 10 | # Do NOT uncomment sections with prefix [CERTMANAGER], as OLM does not support cert-manager. 11 | # These patches remove the unnecessary "cert" volume and its manager container volumeMount. 12 | #patchesJson6902: 13 | #- target: 14 | # group: apps 15 | # version: v1 16 | # kind: Deployment 17 | # name: controller-manager 18 | # namespace: system 19 | # patch: |- 20 | # # Remove the manager container's "cert" volumeMount, since OLM will create and mount a set of certs. 21 | # # Update the indices in this path if adding or removing containers/volumeMounts in the manager's Deployment. 22 | # - op: remove 23 | # path: /spec/template/spec/containers/1/volumeMounts/0 24 | # # Remove the "cert" volume, since OLM will create and mount a set of certs. 25 | # # Update the indices in this path if adding or removing volumes in the manager's Deployment. 26 | # - op: remove 27 | # path: /spec/template/spec/volumes/0 28 | -------------------------------------------------------------------------------- /config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: controller-manager 8 | name: controller-manager-metrics-monitor 9 | namespace: system 10 | spec: 11 | endpoints: 12 | - path: /metrics 13 | port: https 14 | scheme: https 15 | bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 16 | tlsConfig: 17 | insecureSkipVerify: true 18 | selector: 19 | matchLabels: 20 | control-plane: controller-manager 21 | -------------------------------------------------------------------------------- /config/rbac/auth_proxy_client_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-reader 5 | rules: 6 | - nonResourceURLs: 7 | - "/metrics" 8 | verbs: 9 | - get 10 | -------------------------------------------------------------------------------- /config/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: proxy-role 5 | rules: 6 | - apiGroups: 7 | - authentication.k8s.io 8 | resources: 9 | - tokenreviews 10 | verbs: 11 | - create 12 | - apiGroups: 13 | - authorization.k8s.io 14 | resources: 15 | - subjectaccessreviews 16 | verbs: 17 | - create 18 | -------------------------------------------------------------------------------- /config/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: controller-manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /config/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: controller-manager-metrics-service 7 | namespace: system 8 | spec: 9 | ports: 10 | - name: https 11 | port: 8443 12 | targetPort: https 13 | selector: 14 | control-plane: controller-manager 15 | -------------------------------------------------------------------------------- /config/rbac/backplaneconfig_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit backplaneconfigs. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: backplaneconfig-editor-role 6 | rules: 7 | - apiGroups: 8 | - backplane.open-cluster-management.io 9 | resources: 10 | - backplaneconfigs 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - backplane.open-cluster-management.io 21 | resources: 22 | - backplaneconfigs/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/backplaneconfig_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view backplaneconfigs. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: backplaneconfig-viewer-role 6 | rules: 7 | - apiGroups: 8 | - backplane.open-cluster-management.io 9 | resources: 10 | - backplaneconfigs 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - backplane.open-cluster-management.io 17 | resources: 18 | - backplaneconfigs/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | # All RBAC will be applied under this service account in 3 | # the deployment namespace. You may comment out this resource 4 | # if your manager will use a service account that exists at 5 | # runtime. Be sure to update RoleBinding and ClusterRoleBinding 6 | # subjects if changing service account names. 7 | - service_account.yaml 8 | - role.yaml 9 | - role_binding.yaml 10 | - leader_election_role.yaml 11 | - leader_election_role_binding.yaml 12 | # Comment the following 4 lines if you want to disable 13 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 14 | # which protects your /metrics endpoint. 15 | # - auth_proxy_service.yaml 16 | # - auth_proxy_role.yaml 17 | # - auth_proxy_role_binding.yaml 18 | # - auth_proxy_client_clusterrole.yaml 19 | -------------------------------------------------------------------------------- /config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: multicluster-engine-operator-leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - coordination.k8s.io 21 | resources: 22 | - leases 23 | verbs: 24 | - get 25 | - list 26 | - watch 27 | - create 28 | - update 29 | - patch 30 | - delete 31 | - apiGroups: 32 | - "" 33 | resources: 34 | - events 35 | verbs: 36 | - create 37 | - patch 38 | -------------------------------------------------------------------------------- /config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: multicluster-engine-operator-leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: multicluster-engine-operator-leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: multicluster-engine-operator 12 | namespace: system 13 | -------------------------------------------------------------------------------- /config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: multicluster-engine-operator-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: multicluster-engine-operator-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: multicluster-engine-operator 12 | namespace: system 13 | -------------------------------------------------------------------------------- /config/rbac/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: multicluster-engine-operator 5 | namespace: system 6 | -------------------------------------------------------------------------------- /config/samples/kustomization.yaml: -------------------------------------------------------------------------------- 1 | ## Append samples you want in your CSV to this file as resources ## 2 | resources: 3 | - multicluster_v1_multiclusterengine.yaml 4 | #+kubebuilder:scaffold:manifestskustomizesamples 5 | -------------------------------------------------------------------------------- /config/samples/multicluster_v1_multiclusterengine.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: multicluster.openshift.io/v1 2 | kind: MultiClusterEngine 3 | metadata: 4 | name: multiclusterengine 5 | spec: {} 6 | -------------------------------------------------------------------------------- /config/scorecard/bases/config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: scorecard.operatorframework.io/v1alpha3 2 | kind: Configuration 3 | metadata: 4 | name: config 5 | stages: 6 | - parallel: true 7 | tests: [] 8 | -------------------------------------------------------------------------------- /config/scorecard/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - bases/config.yaml 3 | patchesJson6902: 4 | - path: patches/basic.config.yaml 5 | target: 6 | group: scorecard.operatorframework.io 7 | version: v1alpha3 8 | kind: Configuration 9 | name: config 10 | - path: patches/olm.config.yaml 11 | target: 12 | group: scorecard.operatorframework.io 13 | version: v1alpha3 14 | kind: Configuration 15 | name: config 16 | #+kubebuilder:scaffold:patchesJson6902 17 | -------------------------------------------------------------------------------- /config/scorecard/patches/basic.config.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /stages/0/tests/- 3 | value: 4 | entrypoint: 5 | - scorecard-test 6 | - basic-check-spec 7 | image: quay.io/operator-framework/scorecard-test:v1.9.0 8 | labels: 9 | suite: basic 10 | test: basic-check-spec-test 11 | -------------------------------------------------------------------------------- /config/scorecard/patches/olm.config.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /stages/0/tests/- 3 | value: 4 | entrypoint: 5 | - scorecard-test 6 | - olm-bundle-validation 7 | image: quay.io/operator-framework/scorecard-test:v1.9.0 8 | labels: 9 | suite: olm 10 | test: olm-bundle-validation-test 11 | - op: add 12 | path: /stages/0/tests/- 13 | value: 14 | entrypoint: 15 | - scorecard-test 16 | - olm-crds-have-validation 17 | image: quay.io/operator-framework/scorecard-test:v1.9.0 18 | labels: 19 | suite: olm 20 | test: olm-crds-have-validation-test 21 | - op: add 22 | path: /stages/0/tests/- 23 | value: 24 | entrypoint: 25 | - scorecard-test 26 | - olm-crds-have-resources 27 | image: quay.io/operator-framework/scorecard-test:v1.9.0 28 | labels: 29 | suite: olm 30 | test: olm-crds-have-resources-test 31 | - op: add 32 | path: /stages/0/tests/- 33 | value: 34 | entrypoint: 35 | - scorecard-test 36 | - olm-spec-descriptors 37 | image: quay.io/operator-framework/scorecard-test:v1.9.0 38 | labels: 39 | suite: olm 40 | test: olm-spec-descriptors-test 41 | - op: add 42 | path: /stages/0/tests/- 43 | value: 44 | entrypoint: 45 | - scorecard-test 46 | - olm-status-descriptors 47 | image: quay.io/operator-framework/scorecard-test:v1.9.0 48 | labels: 49 | suite: olm 50 | test: olm-status-descriptors-test 51 | -------------------------------------------------------------------------------- /config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - service.yaml 3 | -------------------------------------------------------------------------------- /config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: multicluster-engine-operator-webhook-service 5 | namespace: system 6 | annotations: 7 | "service.beta.openshift.io/serving-cert-secret-name": "multicluster-engine-operator-webhook" 8 | spec: 9 | ports: 10 | - port: 443 11 | targetPort: 9443 12 | selector: 13 | control-plane: backplane-operator -------------------------------------------------------------------------------- /controllers/common.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2024 Red Hat, Inc. 2 | // Copyright Contributors to the Open Cluster Management project 3 | 4 | package controllers 5 | 6 | // CacheSpec ... 7 | type CacheSpec struct { 8 | ImageOverrides map[string]string 9 | ImageOverridesCM string 10 | ImageRepository string 11 | TemplateOverrides map[string]string 12 | TemplateOverridesCM string 13 | } 14 | -------------------------------------------------------------------------------- /docs/README.md: -------------------------------------------------------------------------------- 1 | ## Available Overrides / Development Tools 2 | 3 | ### Override Image Values 4 | 5 | See [Overriding Images](override-images.md ) for details about modifying images at runtime 6 | 7 | ### Disable MCE Operator 8 | 9 | Once installed, the mce operator will monitor changes in the cluster that affect an instance of the mce and reconcile deviations to maintain desired state. To stop the operator from making these changes you can apply an annotation to the mce instance. 10 | ```bash 11 | kubectl annotate mce installer.multicluster.openshift.io/pause=true 12 | ``` 13 | 14 | Remove or edit this annotation to resume operator reconciliation 15 | ```bash 16 | kubectl annotate mce installer.multicluster.openshift.io/pause- --overwrite 17 | ``` 18 | 19 | ### Skip OCP Version Requirement 20 | 21 | The operator defines a minimum version of OCP it can run in to avoid unexpected behavior. If the OCP environment is below this threshold then the MCE instance will report failure early on. This requirement can be ignored in the following two ways 22 | 23 | 1. Set `DISABLE_OCP_MIN_VERSION` as an environment variable. The presence of this variable in the container the operator runs will skip the check. 24 | 25 | 2. Set `installer.multicluster.openshift.io/ignore-ocp-version` annotation in the MCE instance. 26 | ```bash 27 | kubectl annotate mce installer.multicluster.openshift.io/ignore-ocp-version=true 28 | ``` -------------------------------------------------------------------------------- /docs/examples/image-override.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "image-name": "discovery-operator", 4 | "image-version": "0.2", 5 | "image-tag": "0.2-5bf12929112cdb5d94856a847583f84718c2033e", 6 | "git-sha256": "5bf12929112cdb5d94856a847583f84718c2033e", 7 | "git-repository": "stolostron/discovery", 8 | "image-remote": "quay.io/stolostron", 9 | "image-remote-src": "registry.ci.openshift.org/stolostron", 10 | "image-digest": "sha256:9dc4d072dcd06eda3fda19a15f4b84677fbbbde2a476b4817272cde4724f02cc", 11 | "image-key": "discovery_operator" 12 | } 13 | ] -------------------------------------------------------------------------------- /docs/override-crds.md: -------------------------------------------------------------------------------- 1 | ## Modify CRDs deployed by operator 2 | 3 | The MCE operator deploys several CRDs as soon as the container starts up. This happens outside the lifecycle of any multiclusterengine resource, so it can't be disabled via configuration. The MCE requires some of these CRDs in order to run properly, but in some cases it may be desirable to use a different version of the CRD. 4 | 5 | The MCE operator will always overwrite the existing CRD on startup by applying the version it has saved. To prevent this add an annotation on the CRD so the operator will not reapply it if it is already present. 6 | 7 | Run the following example to annotate an existing multiclusterengine and prevent overwrite 8 | 9 | ```bash 10 | kubectl annotate crd multiclusterengine.openshift.io/ignore="" 11 | ``` 12 | 13 | To remove this annotation 14 | ```bash 15 | kubectl annotate crd multiclusterengine.openshift.io/ignore- --overwrite 16 | ``` 17 | -------------------------------------------------------------------------------- /hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ -------------------------------------------------------------------------------- /hack/bundle-automation/chart-templates/Chart.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2021 Red Hat, Inc. 2 | # Copyright Contributors to the Open Cluster Management project 3 | 4 | apiVersion: v2 5 | appVersion: 2.7.0 6 | description: A Helm chart for Kubernetes 7 | name: test 8 | type: application 9 | version: 2.7.0 10 | -------------------------------------------------------------------------------- /hack/bundle-automation/chart-templates/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2021 Red Hat, Inc. 2 | # Copyright Contributors to the Open Cluster Management project 3 | 4 | apiVersion: rbac.authorization.k8s.io/v1 5 | kind: ClusterRole 6 | metadata: 7 | name: "" 8 | rules: {} -------------------------------------------------------------------------------- /hack/bundle-automation/chart-templates/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Copyright (c) 2021 Red Hat, Inc. 3 | # Copyright Contributors to the Open Cluster Management project 4 | 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: ClusterRoleBinding 7 | metadata: 8 | name: "" 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: "" 13 | subjects: 14 | - kind: ServiceAccount 15 | name: "{{ .Chart.Name }}" 16 | namespace: "{{ .Values.global.namespace }}" -------------------------------------------------------------------------------- /hack/bundle-automation/chart-templates/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Copyright (c) 2021 Red Hat, Inc. 3 | # Copyright Contributors to the Open Cluster Management project 4 | 5 | apiVersion: apps/v1 6 | kind: Deployment 7 | metadata: 8 | name: "" 9 | spec: {} -------------------------------------------------------------------------------- /hack/bundle-automation/chart-templates/templates/deploymentspec.yaml: -------------------------------------------------------------------------------- 1 | affinity: 2 | podAntiAffinity: 3 | preferredDuringSchedulingIgnoredDuringExecution: 4 | - weight: 70 5 | podAffinityTerm: 6 | topologyKey: topology.kubernetes.io/zone 7 | labelSelector: 8 | matchExpressions: 9 | - key: ocm-antiaffinity-selector 10 | operator: In 11 | values: 12 | - "" 13 | - weight: 35 14 | podAffinityTerm: 15 | topologyKey: kubernetes.io/hostname 16 | labelSelector: 17 | matchExpressions: 18 | - key: ocm-antiaffinity-selector 19 | operator: In 20 | values: 21 | - "" 22 | -------------------------------------------------------------------------------- /hack/bundle-automation/chart-templates/templates/mutatingwebhookconfiguration.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2025 Red Hat, Inc. 2 | # Copyright Contributors to the Open Cluster Management project 3 | 4 | apiVersion: admissionregistration.k8s.io/v1 5 | kind: MutatingWebhookConfiguration 6 | metadata: 7 | name: "" 8 | webhooks: [] 9 | -------------------------------------------------------------------------------- /hack/bundle-automation/chart-templates/templates/role.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2021 Red Hat, Inc. 2 | # Copyright Contributors to the Open Cluster Management project 3 | 4 | # permissions to do leader election. 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: Role 7 | metadata: 8 | name: "" 9 | rules: {} -------------------------------------------------------------------------------- /hack/bundle-automation/chart-templates/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Copyright (c) 2021 Red Hat, Inc. 3 | # Copyright Contributors to the Open Cluster Management project 4 | 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: RoleBinding 7 | metadata: 8 | name: "" 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: Role 12 | name: "" 13 | subjects: 14 | - kind: ServiceAccount 15 | name: "" 16 | namespace: '{{ .Values.global.namespace }}' -------------------------------------------------------------------------------- /hack/bundle-automation/chart-templates/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Copyright (c) 2021 Red Hat, Inc. 3 | # Copyright Contributors to the Open Cluster Management project 4 | 5 | apiVersion: v1 6 | kind: ServiceAccount 7 | metadata: 8 | name: "" -------------------------------------------------------------------------------- /hack/bundle-automation/chart-templates/templates/validatingwebhookconfiguration.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2025 Red Hat, Inc. 2 | # Copyright Contributors to the Open Cluster Management project 3 | 4 | apiVersion: admissionregistration.k8s.io/v1 5 | kind: ValidatingWebhookConfiguration 6 | metadata: 7 | name: "" 8 | webhooks: [] 9 | -------------------------------------------------------------------------------- /hack/bundle-automation/chart-templates/values.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2021 Red Hat, Inc. 2 | # Copyright Contributors to the Open Cluster Management project 3 | 4 | global: 5 | deployOnOCP: true 6 | imageOverrides: {} 7 | namespace: default 8 | pullSecret: null 9 | templateOverrides: {} 10 | hubconfig: 11 | nodeSelector: null 12 | ocpVersion: 4.12.0 13 | proxyConfigs: {} 14 | replicaCount: 1 15 | tolerations: [] 16 | org: open-cluster-management 17 | -------------------------------------------------------------------------------- /hack/bundle-automation/chart-values/managed-serviceaccount/overwriteValues.yaml: -------------------------------------------------------------------------------- 1 | # Image of the managed service-account instances 2 | image: org/repo/managed-serviceaccount 3 | tag: tag 4 | agentInstallAll: false 5 | featureGates: 6 | ephemeralIdentity: true 7 | agentImagePullSecret: "" 8 | enableAddOnDeploymentConfig: true 9 | hubDeployMode: AddOnTemplate 10 | global: {} 11 | -------------------------------------------------------------------------------- /hack/bundle-automation/csv_linter_rules.yaml: -------------------------------------------------------------------------------- 1 | disallowedFields: 2 | - spec.apiservicedefinitions 3 | - spec.webhookdefinitions 4 | noOpFields: 5 | - apiVersion 6 | - spec.annotations 7 | - spec.customresourcedefinitions 8 | - spec.description 9 | - spec.displayName 10 | - spec.icon 11 | - spec.installModes 12 | - spec.keywords 13 | - spec.labels 14 | - spec.links 15 | - spec.maintainers 16 | - spec.maturity 17 | - spec.minKubeVersion 18 | - spec.nativeAPIs 19 | - spec.provider 20 | - spec.replaces 21 | - spec.selector 22 | - spec.version 23 | - spec.skips 24 | - spec.relatedImages 25 | - spec.install.strategy 26 | requiredFields: 27 | - kind 28 | - metadata.name 29 | - metadata.annotations.description 30 | - spec.install.spec.clusterPermissions 31 | - spec.install.spec.deployments 32 | optionalFields: 33 | - spec.install.spec.permissions 34 | -------------------------------------------------------------------------------- /hack/bundle-automation/requirements.txt: -------------------------------------------------------------------------------- 1 | chardet 2 | coloredlogs 3 | gitpython 4 | inquirer 5 | packaging 6 | pyyaml 7 | requests 8 | semver 9 | urllib3 10 | -------------------------------------------------------------------------------- /hack/catalog/catalogsource.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | apiVersion: operators.coreos.com/v1alpha1 4 | kind: CatalogSource 5 | metadata: 6 | name: backplane-operator-catalog 7 | namespace: default 8 | spec: 9 | displayName: Backplane Operator 10 | publisher: Red Hat 11 | sourceType: grpc 12 | image: "quay.io/stolostron/cmb-custom-registry:v0.0.1" 13 | updateStrategy: 14 | registryPoll: 15 | interval: 10m 16 | -------------------------------------------------------------------------------- /hack/catalog/kustomization.yaml: -------------------------------------------------------------------------------- 1 | namespace: backplane-operator-system 2 | 3 | resources: 4 | - catalogsource.yaml 5 | - operatorgroup.yaml 6 | - subscription.yaml -------------------------------------------------------------------------------- /hack/catalog/operatorgroup.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Copyright Contributors to the Open Cluster Management project 3 | 4 | apiVersion: operators.coreos.com/v1 5 | kind: OperatorGroup 6 | metadata: 7 | name: default 8 | spec: 9 | targetNamespaces: 10 | - "backplane-operator-system" -------------------------------------------------------------------------------- /hack/catalog/subscription.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | apiVersion: operators.coreos.com/v1alpha1 4 | kind: Subscription 5 | metadata: 6 | name: backplane-operator 7 | spec: 8 | channel: stable-1.0 9 | installPlanApproval: Automatic 10 | name: cluster-management-backplane 11 | source: backplane-operator-catalog 12 | sourceNamespace: backplane-operator-system -------------------------------------------------------------------------------- /hack/prereqs/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | # kustomization.yaml 4 | apiVersion: kustomize.config.k8s.io/v1beta1 5 | kind: Kustomization 6 | 7 | generatorOptions: 8 | disableNameSuffixHash: true 9 | 10 | # namespace to deploy all Resources to 11 | namespace: backplane-operator-system 12 | 13 | # list of Resource Config to be Applied 14 | resources: 15 | - oc.yaml 16 | -------------------------------------------------------------------------------- /hack/prereqs/oc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorCondition 3 | metadata: 4 | name: multicluster-engine.v2.7.0 5 | namespace: backplane-operator-system 6 | -------------------------------------------------------------------------------- /hack/prereqs/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: multicluster-engine-operator-webhook 5 | namespace: backplane-operator-system 6 | annotations: 7 | type: kubernetes.io/tls 8 | data: 9 | # ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM5akNDQWQ2Z0F3SUJBZ0lRTkdJZ24yM3BQYVpNbk9MUjJnVmZHakFOQmdrcWhraUc5dzBCQVFzRkFEQVYKTVJNd0VRWURWUVFERXdwRmVHRnRjR3hsSUVOQk1CNFhEVEl3TURreU5ERTFOREEwTVZvWERUSXdNVEl5TXpFMQpOREEwTVZvd0ZURVRNQkVHQTFVRUF4TUtSWGhoYlhCc1pTQkRRVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBS2F3RzVoMzlreHdyNEl0WCtHaDNYVWQrdTVJc2ZlSFdoTTc4TTRQTmZFeXhQMXoKRmNLN1d0MHJFMkwwNUppYmQ4ZjNpb3k5OXNnQ3I4OEw2SWxYZTB0RnkzNysxenJ4TFluR2hDQnZzZjltd0hLbgpIVTEvNERwQjROZkhPbFllNE9tbHVoNE9HdmZINU1EbDh5OWZGMjhXRXVBQ2dwdmpCUWxvRDNlVjJ5UmJvQ2kyCmtSTDJWYTFZL0FQZEpWK21VYkFvZmg0bllmUmNLRTJsSUg0RG5ZdXFPU3JaaituZUQ2M2RTSktxcHQ5K2luN2YKNHljZ2pQYU93MmdyKzhLK291QTlSQTV1VDI3SVNJcUJDcEV6elRqbVBUUWNvUTYxZGF0aDZkc1lsTEU4aWZWUwp4RWZuVEdQKy94M0FXQXR4eU5lanVuZGFXbVNFL3h5OHh0K0FxblVDQXdFQUFhTkNNRUF3RGdZRFZSMFBBUUgvCkJBUURBZ0trTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRkowNkc5eEc2V1VBTHB6T3JYaHAKV2dsTm5qMkFNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUI3ZG9CZnBLR3o4VlRQSnc0YXhpdisybzJpMHE1SQpSRzU2UE81WnhKQktZQlRROElHQmFOSm1yeGtmNTJCV0ttUGp4cXlNSGRwWjVBU00zOUJkZVUzRGtEWHp4RkgwCjM5RU12UnhIUERyMGQ4cTFFbndQT0xZY1hzNjJhYjdidE11cTJUMFNNZzRYMkY5VmNKTW5YdjlrNnA0VGZNR3MKVThCQnJhVGhUZm53ejBsWXMyblFjdzNmZjZ1bG1wWlk4K3BTak1aVDNJZHZOMFA4Y2hOdUlmUFRHWDJmSlo2NQpxcUUrelRoU3hIeXFTOTVoczhsd1lRRUhGQlVsalRnMCtQZThXL0hOSXZBOU9TYWw1U3UvdlhydmcxN04xdHVyCk5XcWRyZU5OVm1ubXMvTFJodmthWTBGblRvbFNBRkNXWS9GSDY5ZzRPcThiMHVyK3JVMHZOZFFXCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 10 | ca.crt: "" 11 | tls.key: "" 12 | tls.crt: "" -------------------------------------------------------------------------------- /hack/scripts/upstream-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright Contributors to the Open Cluster Management project 3 | 4 | set -e 5 | 6 | _IMAGE_NAME="cmb-custom-registry" 7 | _WEB_REPO="https://quay.io/repository/stolostron/${_IMAGE_NAME}?tab=tags" 8 | _REPO="quay.io/stolostron/${_IMAGE_NAME}" 9 | 10 | # This is needed for the deploy 11 | echo "* Testing connection" 12 | HOST_URL=`oc -n openshift-console get routes console -o jsonpath='{.status.ingress[0].routerCanonicalHostname}'` 13 | if [ $? -ne 0 ]; then 14 | echo "ERROR: Make sure you are logged into an OpenShift Container Platform before running this script" 15 | exit 2 16 | fi 17 | #Shorten to the basedomain 18 | HOST_URL=${HOST_URL/apps./} 19 | echo "* Using baseDomain: ${HOST_URL}" 20 | VER=`oc version | grep "Client Version:"` 21 | echo "* oc CLI ${VER}" 22 | 23 | printf "Find snapshot tags @ ${_WEB_REPO}\nEnter SNAPSHOT TAG: \n" 24 | read -e -r SNAPSHOT_CHOICE 25 | 26 | if [[ ! -n "${SNAPSHOT_CHOICE}" ]]; then 27 | echo "ERROR: Make sure you are provide a valid SNAPSHOT" 28 | exit 1 29 | else 30 | echo "SNAPSHOT_CHOICE is set to ${SNAPSHOT_CHOICE}" 31 | fi 32 | 33 | IMG="${_REPO}:${SNAPSHOT_CHOICE}" yq eval -i '.spec.image = env(IMG)' hack/catalog/catalogsource.yaml 34 | oc create ns backplane-operator-system --dry-run=client -o yaml | oc apply -f - 35 | oc apply -k hack/catalog/ 36 | 37 | 38 | _attempts=0 39 | until oc apply -k config/samples >/dev/null 2>&1 40 | do 41 | echo "INFO: Waiting for API to become available ..." 42 | _attempts=$((_attempts+1)) 43 | if [ $_attempts -gt 10 ]; then 44 | echo "ERROR: cluster manager backplane subscription did not become available in time" 45 | exit 1 46 | fi 47 | sleep 10 48 | done 49 | 50 | echo "backplaneconfig installed succussfully" -------------------------------------------------------------------------------- /hack/subscriptions/cluster-manager.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | apiVersion: operators.coreos.com/v1alpha1 4 | kind: Subscription 5 | metadata: 6 | name: cluster-manager-operator 7 | spec: 8 | channel: stable 9 | installPlanApproval: Automatic 10 | name: cluster-manager 11 | source: community-operators 12 | sourceNamespace: openshift-marketplace -------------------------------------------------------------------------------- /hack/subscriptions/hive.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | apiVersion: operators.coreos.com/v1alpha1 4 | kind: Subscription 5 | metadata: 6 | name: hive-operator 7 | spec: 8 | channel: alpha 9 | installPlanApproval: Automatic 10 | name: hive-operator 11 | source: community-operators 12 | sourceNamespace: openshift-marketplace -------------------------------------------------------------------------------- /hack/subscriptions/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - hive.yaml 5 | - cluster-manager.yaml 6 | - operator-group.yaml 7 | 8 | namespace: backplane-operator-system -------------------------------------------------------------------------------- /hack/subscriptions/operator-group.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Copyright Contributors to the Open Cluster Management project 3 | 4 | apiVersion: operators.coreos.com/v1 5 | kind: OperatorGroup 6 | metadata: 7 | name: default 8 | spec: {} -------------------------------------------------------------------------------- /hack/unit-test-crds/route.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | # name must match the spec fields below, and be in the form: . 6 | name: routes.route.openshift.io 7 | spec: 8 | # group name to use for REST API: /apis// 9 | group: route.openshift.io 10 | # list of versions supported by this CustomResourceDefinition 11 | versions: 12 | - name: v1 13 | # Each version can be enabled/disabled by Served flag. 14 | served: true 15 | # One and only one version must be marked as the storage version. 16 | storage: true 17 | schema: 18 | openAPIV3Schema: 19 | type: object 20 | x-kubernetes-preserve-unknown-fields: true 21 | additionalPrinterColumns: 22 | - name: Host 23 | type: string 24 | jsonPath: .status.ingress[0].host 25 | - name: Admitted 26 | type: string 27 | jsonPath: .status.ingress[0].conditions[?(@.type=="Admitted")].status 28 | - name: Service 29 | type: string 30 | jsonPath: .spec.to.name 31 | - name: TLS 32 | type: string 33 | jsonPath: .spec.tls.type 34 | subresources: 35 | # enable spec/status 36 | status: {} 37 | # either Namespaced or Cluster 38 | scope: Namespaced 39 | names: 40 | # plural name to be used in the URL: /apis/// 41 | plural: routes 42 | # singular name to be used as an alias on the CLI and for display 43 | singular: route 44 | # kind is normally the CamelCased singular type. Your resource manifests use this. 45 | kind: Route 46 | -------------------------------------------------------------------------------- /pkg/hive/hiveconfig.go: -------------------------------------------------------------------------------- 1 | // Copyright Contributors to the Open Cluster Management project 2 | 3 | package hive 4 | 5 | import ( 6 | v1 "github.com/stolostron/backplane-operator/api/v1" 7 | "github.com/stolostron/backplane-operator/pkg/utils" 8 | "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" 9 | ) 10 | 11 | func HiveConfig(bpc *v1.MultiClusterEngine) *unstructured.Unstructured { 12 | 13 | cm := &unstructured.Unstructured{ 14 | Object: map[string]interface{}{ 15 | "apiVersion": "hive.openshift.io/v1", 16 | "kind": "HiveConfig", 17 | "metadata": map[string]interface{}{ 18 | "name": "hive", 19 | }, 20 | "spec": map[string]interface{}{}, 21 | }, 22 | } 23 | 24 | utils.AddBackplaneConfigLabels(cm, bpc.GetName()) 25 | 26 | return cm 27 | } 28 | -------------------------------------------------------------------------------- /pkg/manifest/manifest.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2024 Red Hat, Inc. 2 | // Copyright Contributors to the Open Cluster Management project 3 | 4 | package manifest 5 | 6 | // ManifestImage contains details for a specific image version 7 | type ManifestImage struct { 8 | ImageKey string `json:"image-key"` 9 | ImageName string `json:"image-name"` 10 | ImageVersion string `json:"image-version"` 11 | 12 | // remote registry where image is stored 13 | ImageRemote string `json:"image-remote"` 14 | 15 | // immutable sha version identifier 16 | ImageDigest string `json:"image-digest"` 17 | 18 | ImageTag string `json:"image-tag"` 19 | } 20 | 21 | type ManifestTemplate struct { 22 | TemplateOverrides map[string]interface{} `json:"templateOverrides" yaml:"templateOverrides"` 23 | } 24 | -------------------------------------------------------------------------------- /pkg/manifest/manifest_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2024 Red Hat, Inc. 2 | // Copyright Contributors to the Open Cluster Management project 3 | 4 | package manifest 5 | -------------------------------------------------------------------------------- /pkg/messages/messages.go: -------------------------------------------------------------------------------- 1 | // Copyright Contributors to the Open Cluster Management project 2 | 3 | package messages 4 | 5 | const ( 6 | // SkippingExternallyManaged is logged when a component is skipped due to external management 7 | SkippingExternallyManaged = "Skipping component reconciliation - externally managed" 8 | ) 9 | -------------------------------------------------------------------------------- /pkg/rendering/addon.go: -------------------------------------------------------------------------------- 1 | // Copyright Contributors to the Open Cluster Management project 2 | 3 | package renderer 4 | 5 | import ( 6 | v1 "github.com/stolostron/backplane-operator/api/v1" 7 | "github.com/stolostron/backplane-operator/pkg/utils" 8 | 9 | // metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 10 | "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" 11 | // addonv1alpha1 "open-cluster-management.io/api/addon/v1alpha1" 12 | ) 13 | 14 | func RenderHypershiftAddon(mce *v1.MultiClusterEngine) (*unstructured.Unstructured, error) { 15 | addon := &unstructured.Unstructured{ 16 | Object: map[string]interface{}{ 17 | "apiVersion": "addon.open-cluster-management.io/v1alpha1", 18 | "kind": "ManagedClusterAddOn", 19 | "metadata": map[string]interface{}{ 20 | "name": "hypershift-addon", 21 | "namespace": mce.Spec.LocalClusterName, 22 | }, 23 | "spec": map[string]interface{}{ 24 | "installNamespace": "open-cluster-management-agent-addon", 25 | }, 26 | }, 27 | } 28 | 29 | utils.AddBackplaneConfigLabels(addon, mce.GetName()) 30 | 31 | return addon, nil 32 | } 33 | -------------------------------------------------------------------------------- /pkg/rendering/addon_test.go: -------------------------------------------------------------------------------- 1 | // Copyright Contributors to the Open Cluster Management project 2 | 3 | package renderer 4 | 5 | import ( 6 | "testing" 7 | 8 | v1 "github.com/stolostron/backplane-operator/api/v1" 9 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 10 | ) 11 | 12 | func TestRenderHypershiftAddon(t *testing.T) { 13 | mce := &v1.MultiClusterEngine{ 14 | ObjectMeta: metav1.ObjectMeta{ 15 | Name: "test-mce", 16 | }, 17 | Spec: v1.MultiClusterEngineSpec{}, 18 | } 19 | t.Run("Adds MCE labels to resource", func(t *testing.T) { 20 | got, err := RenderHypershiftAddon(mce) 21 | if err != nil { 22 | t.Errorf("RenderHypershiftAddon() error = %v, wantErr %v", err, nil) 23 | return 24 | } 25 | if got.GetLabels()["backplaneconfig.name"] != mce.Name { 26 | t.Errorf("RenderHypershiftAddon() did not return a resouce with MCE labels") 27 | } 28 | }) 29 | } 30 | -------------------------------------------------------------------------------- /pkg/templates/charts/always/rbac-aggregates/Chart.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Red Hat, Inc. 2 | # Copyright Contributors to the Open Cluster Management project 3 | 4 | apiVersion: v2 5 | appVersion: 2.7.0 6 | description: Manages RBAC aggregate roles 7 | name: rbac-aggregates 8 | type: application 9 | version: 2.7.0 10 | -------------------------------------------------------------------------------- /pkg/templates/charts/always/rbac-aggregates/templates/clusterrole-admin-assisted-install.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRole 5 | metadata: 6 | labels: 7 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 8 | rbac.authorization.k8s.io/aggregate-to-ocm-cluster-manager-admin: "true" 9 | name: multicluster-engine:assisted-installer:admin-aggregate 10 | rules: 11 | - apiGroups: [ "metal3.io" ] 12 | resources: [ "baremetalhosts" ] 13 | verbs: ["create", "get", "list", "watch", "update", "delete", "deletecollection", "patch"] 14 | - apiGroups: [ "agent-install.openshift.io" ] 15 | resources: [ "agents", "infraenvs" ] 16 | verbs: ["create", "get", "list", "watch", "update", "delete", "deletecollection", "patch"] 17 | - apiGroups: [ "extensions.hive.openshift.io" ] 18 | resources: [ "agentclusterinstalls" ] 19 | verbs: ["create", "get", "list", "watch", "update", "delete", "deletecollection", "patch"] 20 | -------------------------------------------------------------------------------- /pkg/templates/charts/always/rbac-aggregates/templates/clusterrole-admin-discovery.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRole 5 | metadata: 6 | labels: 7 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 8 | rbac.authorization.k8s.io/aggregate-to-ocm-cluster-manager-admin: "true" 9 | name: multicluster-engine:discovery:admin-aggregate 10 | rules: 11 | - apiGroups: ["discovery.open-cluster-management.io"] 12 | resources: ["discoveryconfigs", "discoveredclusters"] 13 | verbs: ["get", "list", "watch", "update","delete", "deletecollection", "patch"] -------------------------------------------------------------------------------- /pkg/templates/charts/always/rbac-aggregates/templates/clusterrole-admin-managed-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRole 5 | metadata: 6 | labels: 7 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 8 | rbac.authorization.k8s.io/aggregate-to-ocm-cluster-manager-admin: "true" 9 | name: multicluster-engine:managed-serviceaccount:admin-aggregate 10 | rules: 11 | - apiGroups: ["authentication.open-cluster-management.io"] 12 | resources: ["managedserviceaccounts"] 13 | verbs: ["create", "get", "list", "watch", "update", "delete", "deletecollection", "patch"] -------------------------------------------------------------------------------- /pkg/templates/charts/always/rbac-aggregates/templates/clusterrole-clusteradmin-assisted-install.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRole 5 | metadata: 6 | labels: 7 | rbac.authorization.k8s.io/aggregate-to-ocm-cluster-manager-admin: "true" 8 | name: multicluster-engine:assisted-installer:cluster-manager-admin-aggregate 9 | rules: 10 | - apiGroups: [ "metal3.io" ] 11 | resources: [ "baremetalhosts" ] 12 | verbs: ["create", "get", "list", "watch", "update", "delete", "deletecollection", "patch"] 13 | - apiGroups: [ "agent-install.openshift.io" ] 14 | resources: [ "agents", "infraenvs" ] 15 | verbs: ["create", "get", "list", "watch", "update", "delete", "deletecollection", "patch"] 16 | -------------------------------------------------------------------------------- /pkg/templates/charts/always/rbac-aggregates/templates/clusterrole-clusteradmin-discovery.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRole 5 | metadata: 6 | labels: 7 | rbac.authorization.k8s.io/aggregate-to-ocm-cluster-manager-admin: "true" 8 | name: multicluster-engine:discovery:cluster-manager-admin-aggregate 9 | rules: 10 | - apiGroups: ["discovery.open-cluster-management.io"] 11 | resources: ["discoveryconfigs", "discoveredclusters"] 12 | verbs: ["create","get", "list", "watch", "update", "delete", "deletecollection", "patch"] -------------------------------------------------------------------------------- /pkg/templates/charts/always/rbac-aggregates/templates/clusterrole-clusteradmin-foundation.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRole 5 | metadata: 6 | labels: 7 | rbac.authorization.k8s.io/aggregate-to-ocm-cluster-manager-admin: "true" 8 | name: multicluster-engine:foundation:cluster-manager-admin-aggregate 9 | rules: 10 | - apiGroups: [""] 11 | resources: ["namespaces"] 12 | verbs: ["create","get", "list", "watch", "update", "delete", "deletecollection", "patch"] 13 | - apiGroups: ["certificates.k8s.io"] 14 | resources: ["certificatesigningrequests"] 15 | verbs: ["create","get", "list", "watch"] 16 | - apiGroups: ["certificates.k8s.io"] 17 | resources: ["certificatesigningrequests/approval"] 18 | verbs: ["update"] 19 | - apiGroups: ["certificates.k8s.io"] 20 | resources: ["signers"] 21 | verbs: ["approve"] 22 | - apiGroups: ["register.open-cluster-management.io"] 23 | resources: ["managedclusters/accept"] 24 | verbs: ["update"] 25 | - apiGroups: [""] 26 | resources: ["configmaps","endpoints","secrets","serviceaccounts","services","pods","pods/log"] 27 | verbs: ["create", "get", "list", "watch", "update", "delete", "deletecollection", "patch"] 28 | - apiGroups: ["apps"] 29 | resources: ["daemonsets","deployments","replicasets","statefulsets"] 30 | verbs: ["create","get", "list", "watch", "update", "delete", "deletecollection", "patch"] 31 | - apiGroups: ["rbac.authorization.k8s.io"] 32 | resources: ["clusterroles","clusterrolebindings","roles","rolebindings"] 33 | verbs: ["create","get", "list", "watch", "update", "delete", "deletecollection", "patch"] -------------------------------------------------------------------------------- /pkg/templates/charts/always/rbac-aggregates/templates/clusterrole-clusteradmin-managed-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRole 5 | metadata: 6 | labels: 7 | rbac.authorization.k8s.io/aggregate-to-ocm-cluster-manager-admin: "true" 8 | name: multicluster-engine:managed-serviceaccount:cluster-manager-admin-aggregate 9 | rules: 10 | - apiGroups: ["authentication.open-cluster-management.io"] 11 | resources: ["managedserviceaccounts"] 12 | verbs: ["create", "get", "list", "watch", "update", "delete", "deletecollection", "patch"] -------------------------------------------------------------------------------- /pkg/templates/charts/always/rbac-aggregates/templates/clusterrole-edit-assisted-install.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRole 5 | metadata: 6 | labels: 7 | rbac.authorization.k8s.io/aggregate-to-edit: "true" 8 | name: multicluster-engine:assisted-installer:edit-aggregate 9 | rules: 10 | - apiGroups: [ "metal3.io" ] 11 | resources: [ "baremetalhosts" ] 12 | verbs: ["get", "list", "watch", "update", "patch"] 13 | - apiGroups: [ "agent-install.openshift.io" ] 14 | resources: [ "agents", "infraenvs" ] 15 | verbs: ["get", "list", "watch", "update", "patch"] 16 | - apiGroups: [ "extensions.hive.openshift.io" ] 17 | resources: [ "agentclusterinstalls" ] 18 | verbs: ["get", "list", "watch", "update", "patch"] 19 | -------------------------------------------------------------------------------- /pkg/templates/charts/always/rbac-aggregates/templates/clusterrole-edit-discovery.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRole 5 | metadata: 6 | labels: 7 | rbac.authorization.k8s.io/aggregate-to-edit: "true" 8 | name: multicluster-engine:discovery:edit-aggregate 9 | rules: 10 | - apiGroups: ["discovery.open-cluster-management.io"] 11 | resources: ["discoveryconfigs", "discoveredclusters"] 12 | verbs: ["get", "list", "watch", "update", "patch"] -------------------------------------------------------------------------------- /pkg/templates/charts/always/rbac-aggregates/templates/clusterrole-edit-managed-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRole 5 | metadata: 6 | labels: 7 | rbac.authorization.k8s.io/aggregate-to-edit: "true" 8 | name: multicluster-engine:managed-serviceaccount:edit-aggregate 9 | rules: 10 | - apiGroups: ["authentication.open-cluster-management.io"] 11 | resources: ["managedserviceaccounts"] 12 | verbs: ["get", "list", "watch", "update", "patch"] -------------------------------------------------------------------------------- /pkg/templates/charts/always/rbac-aggregates/templates/clusterrole-view-assisted-install.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRole 5 | metadata: 6 | labels: 7 | rbac.authorization.k8s.io/aggregate-to-view: "true" 8 | name: multicluster-engine:assisted-installer:view-aggregate 9 | rules: 10 | - apiGroups: ["submarineraddon.open-cluster-management.io"] 11 | resources: ["submarinerconfigs", "submarinerconfigs/status"] 12 | verbs: ["get", "list", "watch"] 13 | - apiGroups: [ "metal3.io" ] 14 | resources: [ "baremetalhosts" ] 15 | verbs: ["get", "list", "watch"] 16 | - apiGroups: [ "agent-install.openshift.io" ] 17 | resources: [ "agents", "infraenvs" ] 18 | verbs: ["get", "list", "watch"] 19 | - apiGroups: [ "extensions.hive.openshift.io" ] 20 | resources: [ "agentclusterinstalls" ] 21 | verbs: ["get", "list", "watch"] 22 | -------------------------------------------------------------------------------- /pkg/templates/charts/always/rbac-aggregates/templates/clusterrole-view-discovery.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRole 5 | metadata: 6 | labels: 7 | rbac.authorization.k8s.io/aggregate-to-view: "true" 8 | name: multicluster-engine:discovery:view-aggregate 9 | rules: 10 | - apiGroups: ["discovery.open-cluster-management.io"] 11 | resources: ["discoveryconfigs", "discoveredclusters"] 12 | verbs: ["get", "list", "watch"] 13 | -------------------------------------------------------------------------------- /pkg/templates/charts/always/rbac-aggregates/templates/clusterrole-view-managed-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRole 5 | metadata: 6 | labels: 7 | rbac.authorization.k8s.io/aggregate-to-view: "true" 8 | name: multicluster-engine:managed-serviceaccount:view-aggregate 9 | rules: 10 | - apiGroups: ["authentication.open-cluster-management.io"] 11 | resources: ["managedserviceaccounts"] 12 | verbs: ["get", "list", "watch"] 13 | -------------------------------------------------------------------------------- /pkg/templates/charts/always/rbac-aggregates/unused/clusterrole-edit-unused.yaml: -------------------------------------------------------------------------------- 1 | # # Copyright Contributors to the Open Cluster Management project 2 | 3 | # apiVersion: rbac.authorization.k8s.io/v1 4 | # kind: ClusterRole 5 | # metadata: 6 | # labels: 7 | # rbac.authorization.k8s.io/aggregate-to-edit: "true" 8 | # name: multicluster-engine:policy:edit-aggregate 9 | # rules: 10 | # - apiGroups: ["policy.open-cluster-management.io"] 11 | # resources: ["policies","policies/status","placementbindings","policyautomations", "policysets"] 12 | # verbs: ["get", "list", "watch", "update", "patch"] 13 | # - apiGroups: ["wgpolicyk8s.io"] 14 | # resources: ["policyreports"] 15 | # verbs: ["get", "list", "watch"] 16 | # - apiGroups: ["apps.open-cluster-management.io"] 17 | # resources: [ "deployables", "deployables/status", "placementrules", "placementrules/status", "channels", "channels/status", "subscriptions", "subscriptions/status"] 18 | # verbs: ["get", "list", "watch", "update", "patch"] 19 | # - apiGroups: ["app.k8s.io"] 20 | # resources: [ "applications", "applications/status"] 21 | # verbs: ["get", "list", "watch", "update", "patch"] 22 | # - apiGroups: ["argoproj.io"] 23 | # resources: [ "applications", "applications/status"] 24 | # verbs: ["get", "list", "watch", "update", "patch"] 25 | 26 | # --- 27 | 28 | # # Copyright Contributors to the Open Cluster Management project 29 | 30 | # apiVersion: rbac.authorization.k8s.io/v1 31 | # kind: ClusterRole 32 | # metadata: 33 | # labels: 34 | # rbac.authorization.k8s.io/aggregate-to-edit: "true" 35 | # name: multicluster-engine:submariner:edit-aggregate 36 | # rules: 37 | # - apiGroups: ["submarineraddon.open-cluster-management.io"] 38 | # resources: ["submarinerconfigs", "submarinerconfigs/status"] 39 | # verbs: ["get", "list", "watch", "update", "patch"] -------------------------------------------------------------------------------- /pkg/templates/charts/always/rbac-aggregates/unused/clusterrole-view-unused.yaml: -------------------------------------------------------------------------------- 1 | # # Copyright Contributors to the Open Cluster Management project 2 | 3 | # apiVersion: rbac.authorization.k8s.io/v1 4 | # kind: ClusterRole 5 | # metadata: 6 | # labels: 7 | # rbac.authorization.k8s.io/aggregate-to-view: "true" 8 | # name: multicluster-engine:grc:view-aggregate 9 | # rules: 10 | # - apiGroups: ["apps.open-cluster-management.io"] 11 | # resources: [ "deployables", "deployables/status", "placementrules", "placementrules/status", "channels", "channels/status", "subscriptions", "subscriptions/status"] 12 | # verbs: ["get", "list", "watch"] 13 | # - apiGroups: ["app.k8s.io"] 14 | # resources: [ "applications", "applications/status"] 15 | # verbs: ["get", "list", "watch"] 16 | # - apiGroups: ["argoproj.io"] 17 | # resources: [ "applications", "applications/status"] 18 | # verbs: ["get", "list", "watch"] 19 | # - apiGroups: ["policy.open-cluster-management.io"] 20 | # resources: ["policies","policies/status","placementbindings","policyautomations", "policysets"] 21 | # verbs: ["get", "list", "watch"] 22 | # - apiGroups: ["wgpolicyk8s.io"] 23 | # resources: ["policyreports"] 24 | # verbs: ["get", "list", "watch"] 25 | 26 | # --- 27 | # # Copyright Contributors to the Open Cluster Management project 28 | 29 | # apiVersion: rbac.authorization.k8s.io/v1 30 | # kind: ClusterRole 31 | # metadata: 32 | # labels: 33 | # rbac.authorization.k8s.io/aggregate-to-view: "true" 34 | # name: multicluster-engine:submariner:view-aggregate 35 | # rules: 36 | # - apiGroups: ["submarineraddon.open-cluster-management.io"] 37 | # resources: ["submarinerconfigs", "submarinerconfigs/status"] 38 | # verbs: ["get", "list", "watch"] -------------------------------------------------------------------------------- /pkg/templates/charts/always/rbac-aggregates/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | imageOverrides: [] 3 | pullSecret: null 4 | hubconfig: 5 | nodeSelector: null 6 | proxyConfigs: {} 7 | replicaCount: 1 8 | tolerations: [] 9 | org: open-cluster-management 10 | -------------------------------------------------------------------------------- /pkg/templates/charts/hosted/server-foundation/Chart.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Red Hat, Inc. 2 | # Copyright Contributors to the Open Cluster Management project 3 | 4 | apiVersion: v2 5 | appVersion: 2.7.0 6 | description: server foundation components. 7 | name: server-foundation 8 | type: application 9 | version: 2.7.0 10 | -------------------------------------------------------------------------------- /pkg/templates/charts/hosted/server-foundation/templates/managedcluster-import-role_binding.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | kind: ClusterRoleBinding 4 | apiVersion: rbac.authorization.k8s.io/v1 5 | metadata: 6 | name: {{ .Values.org }}:{{ .Chart.Name }}:managedcluster-import-controller-v2 7 | subjects: 8 | - kind: ServiceAccount 9 | name: managedcluster-import-controller-v2 10 | namespace: '{{ .Values.global.namespace }}' 11 | roleRef: 12 | kind: ClusterRole 13 | name: {{ .Values.org }}:{{ .Chart.Name }}:managedcluster-import-controller-v2 14 | apiGroup: rbac.authorization.k8s.io -------------------------------------------------------------------------------- /pkg/templates/charts/hosted/server-foundation/templates/managedcluster-import-service_account.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: managedcluster-import-controller-v2 7 | -------------------------------------------------------------------------------- /pkg/templates/charts/hosted/server-foundation/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | imageOverrides: 3 | multicloud_manager: quay.io/test/test:test 4 | pullSecret: "" 5 | namespace: default 6 | hubconfig: 7 | nodeSelector: {} 8 | proxyConfigs: {} 9 | replicaCount: 1 10 | tolerations: [] 11 | org: open-cluster-management 12 | -------------------------------------------------------------------------------- /pkg/templates/charts/hosting/server-foundation/Chart.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Red Hat, Inc. 2 | # Copyright Contributors to the Open Cluster Management project 3 | 4 | apiVersion: v2 5 | appVersion: 2.7.0 6 | description: server foundation components. 7 | name: server-foundation 8 | type: application 9 | version: 2.7.0 -------------------------------------------------------------------------------- /pkg/templates/charts/hosting/server-foundation/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | imageOverrides: 3 | multicloud_manager: quay.io/test/test:test 4 | pullSecret: "" 5 | namespace: default 6 | hubconfig: 7 | nodeSelector: {} 8 | proxyConfigs: {} 9 | replicaCount: 1 10 | tolerations: [] 11 | org: open-cluster-management 12 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/assisted-service/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: 2.7.0 3 | description: The Infrastructure Operator for Red Hat OpenShift is responsible for 4 | managing the deployment of the Assisted Service. 5 | name: assisted-service 6 | type: application 7 | version: 2.7.0 8 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/assisted-service/templates/assisted-service-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: '{{ .Values.org }}:{{ .Chart.Name }}:assisted-service' 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: '{{ .Values.org }}:{{ .Chart.Name }}:assisted-service' 9 | subjects: 10 | - kind: ServiceAccount 11 | name: assisted-service 12 | namespace: '{{ .Values.global.namespace }}' 13 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/assisted-service/templates/assisted-service-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: '{{ .Values.org }}:{{ .Chart.Name }}:assisted-service' 5 | namespace: '{{ .Values.global.namespace }}' 6 | rules: 7 | - apiGroups: 8 | - '' 9 | resources: 10 | - configmaps 11 | verbs: 12 | - create 13 | - apiGroups: 14 | - '' 15 | resourceNames: 16 | - assisted-service-baseiso-helper 17 | - assisted-service-leader-election-helper 18 | - assisted-service-migration-helper 19 | resources: 20 | - configmaps 21 | verbs: 22 | - get 23 | - update 24 | - delete 25 | - apiGroups: 26 | - coordination.k8s.io 27 | resources: 28 | - leases 29 | verbs: 30 | - create 31 | - get 32 | - update 33 | - delete 34 | - apiGroups: 35 | - '' 36 | - coordination.k8s.io 37 | resources: 38 | - configmaps 39 | - leases 40 | verbs: 41 | - get 42 | - list 43 | - watch 44 | - create 45 | - update 46 | - patch 47 | - delete 48 | - apiGroups: 49 | - '' 50 | resources: 51 | - configmaps/status 52 | verbs: 53 | - get 54 | - update 55 | - patch 56 | - apiGroups: 57 | - '' 58 | resources: 59 | - events 60 | verbs: 61 | - create 62 | - patch 63 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/assisted-service/templates/assisted-service-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: '{{ .Values.org }}:{{ .Chart.Name }}:assisted-service' 5 | namespace: '{{ .Values.global.namespace }}' 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: Role 9 | name: '{{ .Values.org }}:{{ .Chart.Name }}:assisted-service' 10 | subjects: 11 | - kind: ServiceAccount 12 | name: assisted-service 13 | namespace: '{{ .Values.global.namespace }}' 14 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/assisted-service/templates/assisted-service-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: assisted-service 5 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/assisted-service/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | deployOnOCP: true 3 | imageOverrides: 4 | assisted_image_service: '' 5 | assisted_installer: '' 6 | assisted_installer_agent: '' 7 | assisted_installer_controller: '' 8 | assisted_service_9: '' 9 | postgresql_12: '' 10 | namespace: default 11 | pullSecret: null 12 | templateOverrides: {} 13 | hubconfig: 14 | nodeSelector: null 15 | ocpVersion: 4.12.0 16 | proxyConfigs: {} 17 | replicaCount: 1 18 | tolerations: [] 19 | org: open-cluster-management 20 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-k8s/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: cluster-api 3 | description: Cluster API 4 | type: application 5 | version: "4.20" 6 | appVersion: "4.20" 7 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-k8s/templates/capi-aggregated-manager-role-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | aggregationRule: 2 | clusterRoleSelectors: 3 | - matchLabels: 4 | cluster.x-k8s.io/aggregate-to-manager: 'true' 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: ClusterRole 7 | metadata: 8 | labels: 9 | cluster.x-k8s.io/provider: cluster-api 10 | name: capi-aggregated-manager-role 11 | rules: [] 12 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-k8s/templates/capi-leader-election-role-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | labels: 5 | cluster.x-k8s.io/provider: cluster-api 6 | name: capi-leader-election-role 7 | namespace: '{{ default "{{ .Values.global.namespace }}" .Values.global.namespace }}' 8 | rules: 9 | - apiGroups: 10 | - '' 11 | resources: 12 | - events 13 | verbs: 14 | - create 15 | - apiGroups: 16 | - coordination.k8s.io 17 | resources: 18 | - leases 19 | verbs: 20 | - get 21 | - list 22 | - watch 23 | - create 24 | - update 25 | - patch 26 | - delete 27 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-k8s/templates/capi-leader-election-rolebinding-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | labels: 5 | cluster.x-k8s.io/provider: cluster-api 6 | name: capi-leader-election-rolebinding 7 | namespace: '{{ default "{{ .Values.global.namespace }}" .Values.global.namespace }}' 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: Role 11 | name: capi-leader-election-role 12 | subjects: 13 | - kind: ServiceAccount 14 | name: capi-manager 15 | namespace: '{{ default "{{ .Values.global.namespace }}" .Values.global.namespace }}' 16 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-k8s/templates/capi-manager-rolebinding-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | labels: 5 | cluster.x-k8s.io/provider: cluster-api 6 | name: capi-manager-rolebinding 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: ClusterRole 10 | name: capi-aggregated-manager-role 11 | subjects: 12 | - kind: ServiceAccount 13 | name: capi-manager 14 | namespace: '{{ default "{{ .Values.global.namespace }}" .Values.global.namespace }}' 15 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-k8s/templates/capi-manager-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | labels: 5 | cluster.x-k8s.io/provider: cluster-api 6 | name: capi-manager 7 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-k8s/templates/capi-selfsigned-issuer-issuer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Issuer 3 | metadata: 4 | labels: 5 | cluster.x-k8s.io/provider: cluster-api 6 | name: capi-selfsigned-issuer 7 | namespace: '{{ .Values.global.namespace }}' 8 | spec: 9 | selfSigned: {} 10 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-k8s/templates/capi-serving-cert-certificate.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Certificate 3 | metadata: 4 | labels: 5 | cluster.x-k8s.io/provider: cluster-api 6 | name: capi-serving-cert 7 | namespace: '{{ .Values.global.namespace }}' 8 | spec: 9 | commonName: capi-webhook-service.{{ .Values.global.namespace }}.svc 10 | dnsNames: 11 | - capi-webhook-service.{{ .Values.global.namespace }}.svc 12 | - capi-webhook-service.{{ .Values.global.namespace }}.svc.cluster.local 13 | issuerRef: 14 | kind: Issuer 15 | name: capi-selfsigned-issuer 16 | secretName: capi-webhook-service-cert 17 | subject: 18 | organizations: 19 | - k8s-sig-cluster-lifecycle 20 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-k8s/templates/capi-webhook-service-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | cluster.x-k8s.io/provider: cluster-api 6 | name: capi-webhook-service 7 | namespace: '{{ default "{{ .Values.global.namespace }}" .Values.global.namespace }}' 8 | spec: 9 | ports: 10 | - port: 443 11 | targetPort: webhook-server 12 | selector: 13 | cluster.x-k8s.io/provider: cluster-api 14 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-k8s/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | deployOnOCP: true 3 | imageOverrides: 4 | ose_cluster_api_rhel9: '' 5 | namespace: default 6 | pullSecret: null 7 | templateOverrides: {} 8 | hubconfig: 9 | nodeSelector: null 10 | ocpVersion: 4.12.0 11 | proxyConfigs: {} 12 | replicaCount: 1 13 | tolerations: [] 14 | org: open-cluster-management 15 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-aws/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: 2.10.0-1 3 | description: Cluster API provider for AWS 4 | name: cluster-api-provider-aws 5 | type: application 6 | version: '2.10' 7 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-aws/templates/capa-controller-manager-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | annotations: 5 | iam.amazonaws.com/role: '' 6 | labels: 7 | cluster.x-k8s.io/provider: infrastructure-aws 8 | control-plane: controller-manager 9 | name: capa-controller-manager 10 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-aws/templates/capa-leader-elect-role-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | labels: 5 | cluster.x-k8s.io/provider: infrastructure-aws 6 | name: capa-leader-elect-role 7 | namespace: '{{ default "capa-system" .Values.global.namespace }}' 8 | rules: 9 | - apiGroups: 10 | - '' 11 | resources: 12 | - configmaps 13 | verbs: 14 | - get 15 | - list 16 | - watch 17 | - create 18 | - update 19 | - patch 20 | - delete 21 | - apiGroups: 22 | - '' 23 | resources: 24 | - configmaps/status 25 | verbs: 26 | - get 27 | - update 28 | - patch 29 | - apiGroups: 30 | - '' 31 | resources: 32 | - events 33 | verbs: 34 | - create 35 | - apiGroups: 36 | - coordination.k8s.io 37 | resources: 38 | - leases 39 | verbs: 40 | - get 41 | - list 42 | - watch 43 | - create 44 | - update 45 | - patch 46 | - delete 47 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-aws/templates/capa-leader-elect-rolebinding-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | labels: 5 | cluster.x-k8s.io/provider: infrastructure-aws 6 | name: capa-leader-elect-rolebinding 7 | namespace: '{{ default "capa-system" .Values.global.namespace }}' 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: Role 11 | name: capa-leader-elect-role 12 | subjects: 13 | - kind: ServiceAccount 14 | name: capa-controller-manager 15 | namespace: '{{ default "capa-system" .Values.global.namespace }}' 16 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-aws/templates/capa-manager-bootstrap-credentials-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | labels: 5 | cluster.open-cluster-management.io/backup: '' 6 | cluster.x-k8s.io/provider: infrastructure-aws 7 | name: capa-manager-bootstrap-credentials 8 | namespace: '{{ default "capa-system" .Values.global.namespace }}' 9 | type: Opaque 10 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-aws/templates/capa-manager-rolebinding-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | labels: 5 | cluster.x-k8s.io/provider: infrastructure-aws 6 | name: capa-manager-rolebinding 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: ClusterRole 10 | name: capa-manager-role 11 | subjects: 12 | - kind: ServiceAccount 13 | name: capa-controller-manager 14 | namespace: '{{ default "capa-system" .Values.global.namespace }}' 15 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-aws/templates/capa-metrics-service-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | cluster.x-k8s.io/provider: infrastructure-aws 6 | name: capa-metrics-service 7 | namespace: '{{ default "capa-system" .Values.global.namespace }}' 8 | spec: 9 | ports: 10 | - port: 8080 11 | protocol: TCP 12 | targetPort: metrics 13 | selector: 14 | cluster.x-k8s.io/provider: infrastructure-aws 15 | type: ClusterIP 16 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-aws/templates/capa-system-namespace.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Source: cluster-api-provider-aws/templates/v1_namespace_capa-system.yaml 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | labels: 7 | cluster.x-k8s.io/provider: infrastructure-aws 8 | name: capa-system 9 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-aws/templates/capa-webhook-service-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | annotations: 5 | service.beta.openshift.io/serving-cert-secret-name: capa-webhook-service-cert 6 | labels: 7 | cluster.x-k8s.io/provider: infrastructure-aws 8 | name: capa-webhook-service 9 | namespace: '{{ default "capa-system" .Values.global.namespace }}' 10 | spec: 11 | ports: 12 | - port: 443 13 | targetPort: webhook-server 14 | selector: 15 | cluster.x-k8s.io/provider: infrastructure-aws 16 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-aws/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | deployOnOCP: true 3 | imageOverrides: 4 | cluster_api_provider_aws_rhel9: '' 5 | namespace: default 6 | pullSecret: null 7 | templateOverrides: {} 8 | hubconfig: 9 | nodeSelector: null 10 | ocpVersion: 4.12.0 11 | proxyConfigs: {} 12 | replicaCount: 1 13 | tolerations: [] 14 | org: open-cluster-management 15 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-metal3-k8s/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: cluster-api-provider-metal3 3 | description: Cluster API provider for Metal3 4 | type: application 5 | version: "4.20" 6 | appVersion: "4.20" 7 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-metal3-k8s/templates/capm3-capm3fasttrack-configmap-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | CAPM3_FAST_TRACK: ${CAPM3_FAST_TRACK:='false'} 4 | kind: ConfigMap 5 | metadata: 6 | labels: 7 | cluster.x-k8s.io/provider: infrastructure-metal3 8 | name: capm3-capm3fasttrack-configmap 9 | namespace: '{{ default "{{ .Values.global.namespace }}" .Values.global.namespace }}' 10 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-metal3-k8s/templates/capm3-leader-election-role-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | labels: 5 | cluster.x-k8s.io/provider: infrastructure-metal3 6 | name: capm3-leader-election-role 7 | namespace: '{{ default "{{ .Values.global.namespace }}" .Values.global.namespace }}' 8 | rules: 9 | - apiGroups: 10 | - '' 11 | resources: 12 | - events 13 | verbs: 14 | - create 15 | - apiGroups: 16 | - coordination.k8s.io 17 | resources: 18 | - leases 19 | verbs: 20 | - get 21 | - list 22 | - watch 23 | - create 24 | - update 25 | - patch 26 | - delete 27 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-metal3-k8s/templates/capm3-leader-election-rolebinding-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | labels: 5 | cluster.x-k8s.io/provider: infrastructure-metal3 6 | name: capm3-leader-election-rolebinding 7 | namespace: '{{ default "{{ .Values.global.namespace }}" .Values.global.namespace }}' 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: Role 11 | name: capm3-leader-election-role 12 | subjects: 13 | - kind: ServiceAccount 14 | name: capm3-manager 15 | namespace: '{{ default "{{ .Values.global.namespace }}" .Values.global.namespace }}' 16 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-metal3-k8s/templates/capm3-manager-rolebinding-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | labels: 5 | cluster.x-k8s.io/provider: infrastructure-metal3 6 | name: capm3-manager-rolebinding 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: ClusterRole 10 | name: capm3-manager-role 11 | subjects: 12 | - kind: ServiceAccount 13 | name: capm3-manager 14 | namespace: '{{ default "{{ .Values.global.namespace }}" .Values.global.namespace }}' 15 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-metal3-k8s/templates/capm3-manager-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | labels: 5 | cluster.x-k8s.io/provider: infrastructure-metal3 6 | name: capm3-manager 7 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-metal3-k8s/templates/capm3-selfsigned-issuer-issuer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Issuer 3 | metadata: 4 | labels: 5 | cluster.x-k8s.io/provider: infrastructure-metal3 6 | name: capm3-selfsigned-issuer 7 | namespace: '{{ .Values.global.namespace }}' 8 | spec: 9 | selfSigned: {} 10 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-metal3-k8s/templates/capm3-serving-cert-certificate.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Certificate 3 | metadata: 4 | labels: 5 | cluster.x-k8s.io/provider: infrastructure-metal3 6 | name: capm3-serving-cert 7 | namespace: '{{ .Values.global.namespace }}' 8 | spec: 9 | commonName: capm3-webhook-service.{{ .Values.global.namespace }}.svc 10 | dnsNames: 11 | - capm3-webhook-service.{{ .Values.global.namespace }}.svc 12 | - capm3-webhook-service.{{ .Values.global.namespace }}.svc.cluster.local 13 | issuerRef: 14 | kind: Issuer 15 | name: capm3-selfsigned-issuer 16 | secretName: capm3-webhook-service-cert 17 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-metal3-k8s/templates/capm3-webhook-service-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | cluster.x-k8s.io/provider: infrastructure-metal3 6 | name: capm3-webhook-service 7 | namespace: '{{ default "{{ .Values.global.namespace }}" .Values.global.namespace }}' 8 | spec: 9 | ports: 10 | - port: 443 11 | targetPort: webhook-server 12 | selector: 13 | cluster.x-k8s.io/provider: infrastructure-metal3 14 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-metal3-k8s/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | deployOnOCP: true 3 | imageOverrides: 4 | ose_baremetal_cluster_api_controllers_rhel9: '' 5 | namespace: default 6 | pullSecret: null 7 | templateOverrides: {} 8 | hubconfig: 9 | nodeSelector: null 10 | ocpVersion: 4.12.0 11 | proxyConfigs: {} 12 | replicaCount: 1 13 | tolerations: [] 14 | org: open-cluster-management 15 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-metal3/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: '4.20' 3 | description: Cluster API provider for Metal3 4 | name: cluster-api-provider-metal3 5 | type: application 6 | version: '2.10' 7 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-metal3/templates/capm3-capm3fasttrack-configmap-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | CAPM3_FAST_TRACK: ${CAPM3_FAST_TRACK:='false'} 4 | kind: ConfigMap 5 | metadata: 6 | labels: 7 | cluster.x-k8s.io/provider: infrastructure-metal3 8 | name: capm3-capm3fasttrack-configmap 9 | namespace: '{{ default "capm3-system" .Values.global.namespace }}' 10 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-metal3/templates/capm3-leader-election-role-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | labels: 5 | cluster.x-k8s.io/provider: infrastructure-metal3 6 | name: capm3-leader-election-role 7 | namespace: '{{ default "capm3-system" .Values.global.namespace }}' 8 | rules: 9 | - apiGroups: 10 | - '' 11 | resources: 12 | - events 13 | verbs: 14 | - create 15 | - apiGroups: 16 | - coordination.k8s.io 17 | resources: 18 | - leases 19 | verbs: 20 | - get 21 | - list 22 | - watch 23 | - create 24 | - update 25 | - patch 26 | - delete 27 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-metal3/templates/capm3-leader-election-rolebinding-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | labels: 5 | cluster.x-k8s.io/provider: infrastructure-metal3 6 | name: capm3-leader-election-rolebinding 7 | namespace: '{{ default "capm3-system" .Values.global.namespace }}' 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: Role 11 | name: capm3-leader-election-role 12 | subjects: 13 | - kind: ServiceAccount 14 | name: capm3-manager 15 | namespace: '{{ default "capm3-system" .Values.global.namespace }}' 16 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-metal3/templates/capm3-manager-rolebinding-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | labels: 5 | cluster.x-k8s.io/provider: infrastructure-metal3 6 | name: capm3-manager-rolebinding 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: ClusterRole 10 | name: capm3-manager-role 11 | subjects: 12 | - kind: ServiceAccount 13 | name: capm3-manager 14 | namespace: '{{ default "capm3-system" .Values.global.namespace }}' 15 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-metal3/templates/capm3-manager-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | labels: 5 | cluster.x-k8s.io/provider: infrastructure-metal3 6 | name: capm3-manager 7 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-metal3/templates/capm3-system-namespace.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Source: cluster-api-provider-metal3/templates/v1_namespace_capm3-system.yaml 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | labels: 7 | cluster.x-k8s.io/provider: infrastructure-metal3 8 | pod-security.kubernetes.io/enforce: restricted 9 | name: capm3-system 10 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-metal3/templates/capm3-webhook-service-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | annotations: 5 | service.beta.openshift.io/serving-cert-secret-name: capm3-webhook-service-cert 6 | labels: 7 | cluster.x-k8s.io/provider: infrastructure-metal3 8 | name: capm3-webhook-service 9 | namespace: '{{ default "capm3-system" .Values.global.namespace }}' 10 | spec: 11 | ports: 12 | - port: 443 13 | targetPort: webhook-server 14 | selector: 15 | cluster.x-k8s.io/provider: infrastructure-metal3 16 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-metal3/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | deployOnOCP: true 3 | imageOverrides: 4 | ose_baremetal_cluster_api_controllers_rhel9: '' 5 | namespace: default 6 | pullSecret: null 7 | templateOverrides: {} 8 | hubconfig: 9 | nodeSelector: null 10 | ocpVersion: 4.12.0 11 | proxyConfigs: {} 12 | replicaCount: 1 13 | tolerations: [] 14 | org: open-cluster-management 15 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-openshift-assisted-k8s/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: cluster-api-provider-openshift-assisted 3 | description: Cluster API Bootstrap and Controlplane providers for OpenShift Assisted Installer 4 | type: application 5 | version: "2.10" 6 | appVersion: "2.10" 7 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-openshift-assisted-k8s/templates/capoa-bootstrap-cert-certificate.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Certificate 3 | metadata: 4 | name: capoa-bootstrap-cert 5 | namespace: '{{ .Values.global.namespace }}' 6 | spec: 7 | commonName: capoa-bootstrap-webhook-service.{{ .Values.global.namespace }}.svc 8 | dnsNames: 9 | - capoa-bootstrap-webhook-service.{{ .Values.global.namespace }}.svc 10 | duration: 8760h 11 | issuerRef: 12 | kind: Issuer 13 | name: capoa-bootstrap-selfsigned-issuer 14 | renewBefore: 360h 15 | secretName: capoa-bootstrap-webhook-cert-secret 16 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-openshift-assisted-k8s/templates/capoa-bootstrap-controller-manager-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: capoa-bootstrap-controller-manager 5 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-openshift-assisted-k8s/templates/capoa-bootstrap-leader-election-role-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: capoa-bootstrap-leader-election-role 5 | namespace: '{{ default "{{ .Values.global.namespace }}" .Values.global.namespace }}' 6 | rules: 7 | - apiGroups: 8 | - '' 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - coordination.k8s.io 21 | resources: 22 | - leases 23 | verbs: 24 | - get 25 | - list 26 | - watch 27 | - create 28 | - update 29 | - patch 30 | - delete 31 | - apiGroups: 32 | - '' 33 | resources: 34 | - events 35 | verbs: 36 | - create 37 | - patch 38 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-openshift-assisted-k8s/templates/capoa-bootstrap-leader-election-rolebinding-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: capoa-bootstrap-leader-election-rolebinding 5 | namespace: '{{ default "{{ .Values.global.namespace }}" .Values.global.namespace }}' 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: Role 9 | name: capoa-bootstrap-leader-election-role 10 | subjects: 11 | - kind: ServiceAccount 12 | name: capoa-bootstrap-controller-manager 13 | namespace: '{{ default "{{ .Values.global.namespace }}" .Values.global.namespace }}' 14 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-openshift-assisted-k8s/templates/capoa-bootstrap-manager-rolebinding-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: capoa-bootstrap-manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: capoa-bootstrap-manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: capoa-bootstrap-controller-manager 12 | namespace: '{{ default "{{ .Values.global.namespace }}" .Values.global.namespace }}' 13 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-openshift-assisted-k8s/templates/capoa-bootstrap-selfsigned-issuer-issuer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Issuer 3 | metadata: 4 | name: capoa-bootstrap-selfsigned-issuer 5 | namespace: '{{ .Values.global.namespace }}' 6 | spec: 7 | selfSigned: {} 8 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-openshift-assisted-k8s/templates/capoa-bootstrap-validating-webhook-configuration-validatingwebhookconfiguration.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: admissionregistration.k8s.io/v1 2 | kind: ValidatingWebhookConfiguration 3 | metadata: 4 | annotations: 5 | cert-manager.io/inject-ca-from: '{{ .Values.global.namespace }}/capoa-bootstrap-cert' 6 | name: capoa-bootstrap-validating-webhook-configuration 7 | webhooks: 8 | - admissionReviewVersions: 9 | - v1 10 | clientConfig: 11 | service: 12 | name: capoa-bootstrap-webhook-service 13 | namespace: '{{ default "{{ .Values.global.namespace }}" .Values.global.namespace }}' 14 | path: /validate-bootstrap-cluster-x-k8s-io-v1alpha1-openshiftassistedconfig 15 | failurePolicy: Fail 16 | name: validation.openshiftassistedconfig.bootstrap.cluster.x-k8s.io 17 | rules: 18 | - apiGroups: 19 | - bootstrap.cluster.x-k8s.io 20 | apiVersions: 21 | - v1alpha1 22 | operations: 23 | - CREATE 24 | - UPDATE 25 | - DELETE 26 | resources: 27 | - openshiftassistedconfigs 28 | sideEffects: None 29 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-openshift-assisted-k8s/templates/capoa-bootstrap-webhook-service-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: capoa-bootstrap-webhook-service 5 | namespace: '{{ default "{{ .Values.global.namespace }}" .Values.global.namespace }}' 6 | spec: 7 | ports: 8 | - port: 443 9 | protocol: TCP 10 | targetPort: 9443 11 | selector: 12 | control-plane: capoa-bootstrap-controller-manager 13 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-openshift-assisted-k8s/templates/capoa-controlplane-controller-manager-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: capoa-controlplane-controller-manager 5 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-openshift-assisted-k8s/templates/capoa-controlplane-leader-election-role-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: capoa-controlplane-leader-election-role 5 | namespace: '{{ default "{{ .Values.global.namespace }}" .Values.global.namespace }}' 6 | rules: 7 | - apiGroups: 8 | - '' 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - coordination.k8s.io 21 | resources: 22 | - leases 23 | verbs: 24 | - get 25 | - list 26 | - watch 27 | - create 28 | - update 29 | - patch 30 | - delete 31 | - apiGroups: 32 | - '' 33 | resources: 34 | - events 35 | verbs: 36 | - create 37 | - patch 38 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-openshift-assisted-k8s/templates/capoa-controlplane-leader-election-rolebinding-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: capoa-controlplane-leader-election-rolebinding 5 | namespace: '{{ default "{{ .Values.global.namespace }}" .Values.global.namespace }}' 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: Role 9 | name: capoa-controlplane-leader-election-role 10 | subjects: 11 | - kind: ServiceAccount 12 | name: capoa-controlplane-controller-manager 13 | namespace: '{{ default "{{ .Values.global.namespace }}" .Values.global.namespace }}' 14 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-openshift-assisted-k8s/templates/capoa-controlplane-manager-rolebinding-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: capoa-controlplane-manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: capoa-controlplane-manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: capoa-controlplane-controller-manager 12 | namespace: '{{ default "{{ .Values.global.namespace }}" .Values.global.namespace }}' 13 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-openshift-assisted-k8s/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | deployOnOCP: true 3 | imageOverrides: 4 | cluster_api_provider_openshift_assisted_bootstrap: '' 5 | cluster_api_provider_openshift_assisted_control_plane: '' 6 | namespace: default 7 | pullSecret: null 8 | templateOverrides: {} 9 | hubconfig: 10 | nodeSelector: null 11 | ocpVersion: 4.12.0 12 | proxyConfigs: {} 13 | replicaCount: 1 14 | tolerations: [] 15 | org: open-cluster-management 16 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-openshift-assisted/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: '2.10' 3 | description: Cluster API Bootstrap and Controlplane providers for OpenShift Assisted Installer 4 | name: cluster-api-provider-openshift-assisted 5 | type: application 6 | version: '2.10' 7 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-openshift-assisted/templates/capoa-bootstrap-controller-manager-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: capoa-bootstrap-controller-manager 5 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-openshift-assisted/templates/capoa-bootstrap-leader-election-role-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: capoa-bootstrap-leader-election-role 5 | namespace: '{{ default "capoa-bootstrap-system" .Values.global.namespace }}' 6 | rules: 7 | - apiGroups: 8 | - '' 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - coordination.k8s.io 21 | resources: 22 | - leases 23 | verbs: 24 | - get 25 | - list 26 | - watch 27 | - create 28 | - update 29 | - patch 30 | - delete 31 | - apiGroups: 32 | - '' 33 | resources: 34 | - events 35 | verbs: 36 | - create 37 | - patch 38 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-openshift-assisted/templates/capoa-bootstrap-leader-election-rolebinding-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: capoa-bootstrap-leader-election-rolebinding 5 | namespace: '{{ default "capoa-bootstrap-system" .Values.global.namespace }}' 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: Role 9 | name: capoa-bootstrap-leader-election-role 10 | subjects: 11 | - kind: ServiceAccount 12 | name: capoa-bootstrap-controller-manager 13 | namespace: '{{ default "capoa-bootstrap-system" .Values.global.namespace }}' 14 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-openshift-assisted/templates/capoa-bootstrap-manager-rolebinding-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: capoa-bootstrap-manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: capoa-bootstrap-manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: capoa-bootstrap-controller-manager 12 | namespace: '{{ default "capoa-bootstrap-system" .Values.global.namespace }}' 13 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-openshift-assisted/templates/capoa-bootstrap-system-namespace.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Source: cluster-api-provider-openshift-assisted/templates/v1_namespace_capoa-bootstrap-system.yaml 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: capoa-bootstrap-system 7 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-openshift-assisted/templates/capoa-bootstrap-validating-webhook-configuration-validatingwebhookconfiguration.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: admissionregistration.k8s.io/v1 2 | kind: ValidatingWebhookConfiguration 3 | metadata: 4 | annotations: 5 | service.beta.openshift.io/inject-cabundle: 'true' 6 | name: capoa-bootstrap-validating-webhook-configuration 7 | webhooks: 8 | - admissionReviewVersions: 9 | - v1 10 | clientConfig: 11 | service: 12 | name: capoa-bootstrap-webhook-service 13 | namespace: '{{ default "capoa-bootstrap-system" .Values.global.namespace }}' 14 | path: /validate-bootstrap-cluster-x-k8s-io-v1alpha1-openshiftassistedconfig 15 | failurePolicy: Fail 16 | name: validation.openshiftassistedconfig.bootstrap.cluster.x-k8s.io 17 | rules: 18 | - apiGroups: 19 | - bootstrap.cluster.x-k8s.io 20 | apiVersions: 21 | - v1alpha1 22 | operations: 23 | - CREATE 24 | - UPDATE 25 | - DELETE 26 | resources: 27 | - openshiftassistedconfigs 28 | sideEffects: None 29 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-openshift-assisted/templates/capoa-bootstrap-webhook-service-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | annotations: 5 | service.beta.openshift.io/serving-cert-secret-name: capoa-bootstrap-webhook-cert-secret 6 | name: capoa-bootstrap-webhook-service 7 | namespace: '{{ default "capoa-bootstrap-system" .Values.global.namespace }}' 8 | spec: 9 | ports: 10 | - port: 443 11 | protocol: TCP 12 | targetPort: 9443 13 | selector: 14 | control-plane: capoa-bootstrap-controller-manager 15 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-openshift-assisted/templates/capoa-controlplane-controller-manager-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: capoa-controlplane-controller-manager 5 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-openshift-assisted/templates/capoa-controlplane-leader-election-role-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: capoa-controlplane-leader-election-role 5 | namespace: '{{ default "capoa-controlplane-system" .Values.global.namespace }}' 6 | rules: 7 | - apiGroups: 8 | - '' 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - coordination.k8s.io 21 | resources: 22 | - leases 23 | verbs: 24 | - get 25 | - list 26 | - watch 27 | - create 28 | - update 29 | - patch 30 | - delete 31 | - apiGroups: 32 | - '' 33 | resources: 34 | - events 35 | verbs: 36 | - create 37 | - patch 38 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-openshift-assisted/templates/capoa-controlplane-leader-election-rolebinding-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: capoa-controlplane-leader-election-rolebinding 5 | namespace: '{{ default "capoa-controlplane-system" .Values.global.namespace }}' 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: Role 9 | name: capoa-controlplane-leader-election-role 10 | subjects: 11 | - kind: ServiceAccount 12 | name: capoa-controlplane-controller-manager 13 | namespace: '{{ default "capoa-controlplane-system" .Values.global.namespace }}' 14 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-openshift-assisted/templates/capoa-controlplane-manager-rolebinding-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: capoa-controlplane-manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: capoa-controlplane-manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: capoa-controlplane-controller-manager 12 | namespace: '{{ default "capoa-controlplane-system" .Values.global.namespace }}' 13 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-openshift-assisted/templates/capoa-controlplane-system-namespace.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Source: cluster-api-provider-openshift-assisted/templates/v1_namespace_capoa-controlplane-system.yaml 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: capoa-controlplane-system 7 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api-provider-openshift-assisted/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | deployOnOCP: true 3 | imageOverrides: 4 | cluster_api_provider_openshift_assisted_bootstrap: '' 5 | cluster_api_provider_openshift_assisted_control_plane: '' 6 | namespace: default 7 | pullSecret: null 8 | templateOverrides: {} 9 | hubconfig: 10 | nodeSelector: null 11 | ocpVersion: 4.12.0 12 | proxyConfigs: {} 13 | replicaCount: 1 14 | tolerations: [] 15 | org: open-cluster-management 16 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: '4.20' 3 | description: Cluster API 4 | name: cluster-api 5 | type: application 6 | version: '2.10' 7 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api/templates/capi-aggregated-manager-role-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | aggregationRule: 2 | clusterRoleSelectors: 3 | - matchLabels: 4 | cluster.x-k8s.io/aggregate-to-manager: 'true' 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: ClusterRole 7 | metadata: 8 | labels: 9 | cluster.x-k8s.io/provider: cluster-api 10 | name: capi-aggregated-manager-role 11 | rules: [] 12 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api/templates/capi-leader-election-role-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | labels: 5 | cluster.x-k8s.io/provider: cluster-api 6 | name: capi-leader-election-role 7 | namespace: '{{ default "capi-system" .Values.global.namespace }}' 8 | rules: 9 | - apiGroups: 10 | - '' 11 | resources: 12 | - events 13 | verbs: 14 | - create 15 | - apiGroups: 16 | - coordination.k8s.io 17 | resources: 18 | - leases 19 | verbs: 20 | - get 21 | - list 22 | - watch 23 | - create 24 | - update 25 | - patch 26 | - delete 27 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api/templates/capi-leader-election-rolebinding-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | labels: 5 | cluster.x-k8s.io/provider: cluster-api 6 | name: capi-leader-election-rolebinding 7 | namespace: '{{ default "capi-system" .Values.global.namespace }}' 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: Role 11 | name: capi-leader-election-role 12 | subjects: 13 | - kind: ServiceAccount 14 | name: capi-manager 15 | namespace: '{{ default "capi-system" .Values.global.namespace }}' 16 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api/templates/capi-manager-rolebinding-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | labels: 5 | cluster.x-k8s.io/provider: cluster-api 6 | name: capi-manager-rolebinding 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: ClusterRole 10 | name: capi-aggregated-manager-role 11 | subjects: 12 | - kind: ServiceAccount 13 | name: capi-manager 14 | namespace: '{{ default "capi-system" .Values.global.namespace }}' 15 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api/templates/capi-manager-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | labels: 5 | cluster.x-k8s.io/provider: cluster-api 6 | name: capi-manager 7 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api/templates/capi-system-namespace.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Source: cluster-api/templates/v1_namespace_capi-system.yaml 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | labels: 7 | cluster.x-k8s.io/provider: cluster-api 8 | control-plane: controller-manager 9 | name: capi-system 10 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api/templates/capi-webhook-service-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | annotations: 5 | service.beta.openshift.io/serving-cert-secret-name: capi-webhook-service-cert 6 | labels: 7 | cluster.x-k8s.io/provider: cluster-api 8 | name: capi-webhook-service 9 | namespace: '{{ default "capi-system" .Values.global.namespace }}' 10 | spec: 11 | ports: 12 | - port: 443 13 | targetPort: webhook-server 14 | selector: 15 | cluster.x-k8s.io/provider: cluster-api 16 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api/templates/mce-capi-webhook-config-configuration-mutatingwebhookconfiguration.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: admissionregistration.k8s.io/v1 2 | kind: MutatingWebhookConfiguration 3 | metadata: 4 | annotations: 5 | service.beta.openshift.io/inject-cabundle: 'true' 6 | creationTimestamp: null 7 | name: mce-capi-webhook-config-configuration 8 | webhooks: 9 | - admissionReviewVersions: 10 | - v1 11 | - v1beta1 12 | - v1alpha1 13 | clientConfig: 14 | service: 15 | name: mce-capi-webhook-config-service 16 | namespace: '{{ default "capi-system" .Values.global.namespace }}' 17 | path: /mutate 18 | port: 9443 19 | failurePolicy: Fail 20 | name: mce-capi-webhook-config.x-k8s.io 21 | rules: 22 | - apiGroups: 23 | - cluster.x-k8s.io 24 | - ipam.cluster.x-k8s.io 25 | - runtime.cluster.x-k8s.io 26 | - addons.cluster.x-k8s.io 27 | apiVersions: 28 | - v1beta1 29 | operations: 30 | - CREATE 31 | - UPDATE 32 | resources: 33 | - '*' 34 | scope: Namespaced 35 | sideEffects: None 36 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api/templates/mce-capi-webhook-config-service-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | annotations: 5 | service.beta.openshift.io/serving-cert-secret-name: mce-capi-webhook-config-service-cert 6 | labels: 7 | app: mce-capi-webhook-config 8 | name: mce-capi-webhook-config-service 9 | namespace: '{{ default "capi-system" .Values.global.namespace }}' 10 | spec: 11 | ports: 12 | - port: 9443 13 | targetPort: 9443 14 | selector: 15 | app: mce-capi-webhook-config 16 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api/templates/mce-labeling-manager-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | labels: 5 | cluster.x-k8s.io/provider: cluster-api 6 | name: mce-labeling-manager 7 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api/templates/mce-labeling-role-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | labels: 5 | cluster.x-k8s.io/aggregate-to-manager: 'true' 6 | cluster.x-k8s.io/provider: cluster-api 7 | name: mce-labeling-role 8 | rules: 9 | - apiGroups: 10 | - '' 11 | resources: 12 | - namespaces 13 | verbs: 14 | - get 15 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api/templates/mce-labeling-rolebinding-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | labels: 5 | cluster.x-k8s.io/provider: cluster-api 6 | name: mce-labeling-rolebinding 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: ClusterRole 10 | name: mce-labeling-role 11 | subjects: 12 | - kind: ServiceAccount 13 | name: mce-labeling-manager 14 | namespace: '{{ default "capi-system" .Values.global.namespace }}' 15 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-api/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | deployOnOCP: true 3 | imageOverrides: 4 | mce_capi_webhook_config_rhel9: '' 5 | ose_cluster_api_rhel9: '' 6 | namespace: default 7 | pullSecret: null 8 | templateOverrides: {} 9 | hubconfig: 10 | nodeSelector: null 11 | ocpVersion: 4.12.0 12 | proxyConfigs: {} 13 | replicaCount: 1 14 | tolerations: [] 15 | org: open-cluster-management 16 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-lifecycle/Chart.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Red Hat, Inc. 2 | # Copyright Contributors to the Open Cluster Management project 3 | 4 | apiVersion: v2 5 | appVersion: 2.7.0 6 | description: cluster lifecycle components. 7 | name: cluster-lifecycle 8 | type: application 9 | version: 2.7.0 10 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-curator-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Copyright Contributors to the Open Cluster Management project 3 | --- 4 | {{- if .Values.global.deployOnOCP }} 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: ClusterRoleBinding 7 | metadata: 8 | name: {{ .Values.org }}.cluster-lifecycle.cluster-curator 9 | subjects: 10 | - kind: ServiceAccount 11 | name: cluster-curator 12 | namespace: {{ .Values.global.namespace }} ## CHANGE: ACM namespace 13 | roleRef: 14 | kind: ClusterRole 15 | name: {{ .Values.org }}.cluster-lifecycle.cluster-curator 16 | apiGroup: rbac.authorization.k8s.io 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-curator-service_account.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | --- 3 | {{- if .Values.global.deployOnOCP }} 4 | apiVersion: v1 5 | kind: ServiceAccount 6 | metadata: 7 | name: cluster-curator 8 | {{- end }} 9 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-image-set-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | --- 3 | {{- if .Values.global.deployOnOCP }} 4 | apiVersion: rbac.authorization.k8s.io/v1 5 | kind: ClusterRole 6 | metadata: 7 | name: {{ .Values.org }}.cluster-lifecycle.cluster-image-set 8 | rules: 9 | - apiGroups: 10 | - hive.openshift.io 11 | resources: 12 | - clusterimagesets 13 | verbs: 14 | - get 15 | - list 16 | - watch 17 | - create 18 | - update 19 | - patch 20 | - delete 21 | - apiGroups: 22 | - "" 23 | resources: 24 | - configmaps 25 | verbs: 26 | - get 27 | - list 28 | - watch 29 | - create 30 | - update 31 | - patch 32 | - delete 33 | - apiGroups: 34 | - "" 35 | resources: 36 | - configmaps/status 37 | verbs: 38 | - get 39 | - update 40 | - patch 41 | - apiGroups: 42 | - "" 43 | resources: 44 | - events 45 | verbs: 46 | - create 47 | - apiGroups: 48 | - "" 49 | resources: 50 | - secrets 51 | verbs: 52 | - list 53 | - get 54 | - watch 55 | - apiGroups: 56 | - coordination.k8s.io 57 | resources: 58 | - leases 59 | verbs: 60 | - get 61 | - create 62 | - update 63 | {{- end }} 64 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-image-set-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Copyright Contributors to the Open Cluster Management project 3 | --- 4 | {{- if .Values.global.deployOnOCP }} 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: ClusterRoleBinding 7 | metadata: 8 | name: {{ .Values.org }}.cluster-lifecycle.cluster-image-set 9 | subjects: 10 | - kind: ServiceAccount 11 | name: cluster-image-set 12 | namespace: {{ .Values.global.namespace }} ## CHANGE: ACM namespace 13 | roleRef: 14 | kind: ClusterRole 15 | name: {{ .Values.org }}.cluster-lifecycle.cluster-image-set 16 | apiGroup: rbac.authorization.k8s.io 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-image-set-service_account.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | --- 3 | {{- if .Values.global.deployOnOCP }} 4 | apiVersion: v1 5 | kind: ServiceAccount 6 | metadata: 7 | name: cluster-image-set 8 | {{- end }} 9 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-lifecycle/templates/clusterclaims-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Copyright Contributors to the Open Cluster Management project 3 | --- 4 | {{- if .Values.global.deployOnOCP }} 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: ClusterRoleBinding 7 | metadata: 8 | name: {{ .Values.org }}.cluster-lifecycle.clusterclaims 9 | subjects: 10 | - kind: ServiceAccount 11 | name: clusterclaims 12 | namespace: {{ .Values.global.namespace }} ## CHANGE: ACM namespace 13 | roleRef: 14 | kind: ClusterRole 15 | name: {{ .Values.org }}.cluster-lifecycle.clusterclaims 16 | apiGroup: rbac.authorization.k8s.io 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-lifecycle/templates/clusterclaims-service_account.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Copyright Contributors to the Open Cluster Management project 3 | --- 4 | {{- if .Values.global.deployOnOCP }} 5 | apiVersion: v1 6 | kind: ServiceAccount 7 | metadata: 8 | name: clusterclaims 9 | {{- end }} 10 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-lifecycle/templates/clusterrole-clustermanageradmin.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | {{- if .Values.global.deployOnOCP }} 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRole 5 | metadata: 6 | labels: 7 | managed.openshift.io/aggregate-to-dedicated-admins: cluster 8 | name: open-cluster-management:cluster-manager-admin 9 | aggregationRule: 10 | clusterRoleSelectors: 11 | - matchLabels: 12 | rbac.authorization.k8s.io/aggregate-to-ocm-cluster-manager-admin: 'true' 13 | rules: [] 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-lifecycle/templates/metrics-clusterrole_binding.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRoleBinding 5 | metadata: 6 | name: {{ .Values.org }}:cluster-lifecycle:clusterlifecycle-state-metrics-v2 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: ClusterRole 10 | name: {{ .Values.org }}:cluster-lifecycle:clusterlifecycle-state-metrics-v2 11 | subjects: 12 | - kind: ServiceAccount 13 | name: clusterlifecycle-state-metrics-v2 14 | namespace: {{ .Values.global.namespace }} -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-lifecycle/templates/metrics-clusterrolebinding-prom.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | {{- if .Values.global.deployOnOCP }} 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRoleBinding 5 | metadata: 6 | name: {{ .Values.org }}:cluster-lifecycle:clusterlifecycle-state-metrics-prometheus-v2 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: ClusterRole 10 | name: {{ .Values.org }}:cluster-lifecycle:clusterlifecycle-state-metrics-v2 11 | subjects: 12 | - kind: ServiceAccount 13 | name: prometheus-k8s 14 | namespace: openshift-monitoring 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-lifecycle/templates/metrics-prometheusrule.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | {{- if .Values.global.deployOnOCP }} 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: PrometheusRule 5 | metadata: 6 | name: clusterlifecycle-state-metrics-v2.rules 7 | namespace: {{ .Values.global.namespace }} 8 | spec: 9 | groups: 10 | - name: acm_managed_cluster_worker_cores.rules 11 | rules: 12 | - expr: max by (hub_cluster_id, managed_cluster_id) (acm_managed_cluster_worker_cores) 13 | record: 'acm_managed_cluster_worker_cores:max' 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-lifecycle/templates/metrics-service.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | apiVersion: v1 4 | kind: Service 5 | metadata: 6 | name: clusterlifecycle-state-metrics-v2 7 | labels: 8 | clc-app: clusterlifecycle-state-metrics-v2 9 | annotations: 10 | service.beta.openshift.io/serving-cert-secret-name: clusterlifecycle-state-metrics-certs 11 | spec: 12 | type: ClusterIP 13 | ports: 14 | - name: https 15 | port: 8443 16 | targetPort: 8443 17 | protocol: TCP 18 | selector: 19 | app: clusterlifecycle-state-metrics-v2 -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-lifecycle/templates/metrics-service_account.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: clusterlifecycle-state-metrics-v2 -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-lifecycle/templates/metrics-servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | {{- if .Values.global.deployOnOCP }} 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | name: clusterlifecycle-state-metrics-v2 7 | namespace: {{ .Values.global.namespace }} 8 | spec: 9 | endpoints: 10 | - interval: 60s 11 | port: https 12 | scheme: https 13 | scrapeTimeout: 10s 14 | bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 15 | tlsConfig: 16 | insecureSkipVerify: true 17 | jobLabel: clc-app 18 | selector: 19 | matchLabels: 20 | clc-app: clusterlifecycle-state-metrics-v2 21 | namespaceSelector: 22 | matchNames: 23 | - {{ .Values.global.namespace }} 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-lifecycle/templates/provider-credential-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | --- 3 | {{- if .Values.global.deployOnOCP }} 4 | apiVersion: rbac.authorization.k8s.io/v1 5 | kind: ClusterRole 6 | metadata: 7 | name: {{ .Values.org }}.cluster-lifecycle.provider-credential 8 | rules: 9 | 10 | # New Rules added to ClusterInstaller 11 | # Leader Lock requires configmaps(create&get) and pods(get) 12 | - apiGroups: [""] 13 | resources: ["secrets"] 14 | verbs: ["get","list","update","watch","patch"] 15 | 16 | # Leader election 17 | - apiGroups: 18 | - "" 19 | - coordination.k8s.io 20 | resources: 21 | - configmaps 22 | - leases 23 | verbs: 24 | - get 25 | - list 26 | - watch 27 | - create 28 | - update 29 | - patch 30 | - delete 31 | - apiGroups: 32 | - "" 33 | resources: 34 | - events 35 | verbs: 36 | - create 37 | - patch 38 | {{- end }} 39 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-lifecycle/templates/provider-credential-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | --- 3 | {{- if .Values.global.deployOnOCP }} 4 | apiVersion: rbac.authorization.k8s.io/v1 5 | kind: ClusterRoleBinding 6 | metadata: 7 | name: {{ .Values.org }}.cluster-lifecycle.provider-credential 8 | subjects: 9 | - kind: ServiceAccount 10 | name: provider-credential 11 | namespace: {{ .Values.global.namespace }} 12 | roleRef: 13 | kind: ClusterRole 14 | name: {{ .Values.org }}.cluster-lifecycle.provider-credential 15 | apiGroup: rbac.authorization.k8s.io 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-lifecycle/templates/provider-credential-service_account.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | --- 3 | {{- if .Values.global.deployOnOCP }} 4 | apiVersion: v1 5 | kind: ServiceAccount 6 | metadata: 7 | name: provider-credential 8 | {{- end }} 9 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-lifecycle/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | imageOverrides: 3 | cluster_curator_controller: quay.io/test/test:test 4 | cluster_image_set_controller: quay.io/test/test:test 5 | clusterclaims_controller: quay.io/test/test:test 6 | clusterlifecycle_state_metrics: quay.io/test/test:test 7 | provider_credential_controller: quay.io/test/test:test 8 | templateOverrides: {} 9 | pullSecret: "" 10 | namespace: default 11 | deployOnOCP: "" 12 | hubconfig: 13 | nodeSelector: {} 14 | proxyConfigs: {} 15 | replicaCount: 1 16 | tolerations: [] 17 | ocpVersion: "4.12.0" 18 | org: open-cluster-management 19 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-manager/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: 2.7.0 3 | description: Manages the installation and upgrade of the ClusterManager. 4 | name: cluster-manager 5 | type: application 6 | version: 2.7.0 7 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-manager/templates/cluster-manager-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: '{{ .Values.org }}:{{ .Chart.Name }}:cluster-manager' 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: '{{ .Values.org }}:{{ .Chart.Name }}:cluster-manager' 9 | subjects: 10 | - kind: ServiceAccount 11 | name: cluster-manager 12 | namespace: '{{ .Values.global.namespace }}' 13 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-manager/templates/cluster-manager-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: cluster-manager 5 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-manager/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | deployOnOCP: true 3 | imageOverrides: 4 | registration_operator: '' 5 | namespace: default 6 | pullSecret: null 7 | templateOverrides: {} 8 | hubconfig: 9 | nodeSelector: null 10 | ocpVersion: 4.12.0 11 | proxyConfigs: {} 12 | replicaCount: 1 13 | tolerations: [] 14 | org: open-cluster-management 15 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-proxy-addon/Chart.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Red Hat, Inc. 2 | # Copyright Contributors to the Open Cluster Management project 3 | 4 | apiVersion: v1 5 | appVersion: 2.7.0 6 | category: "Development" 7 | description: Helm chart for ACM cluster-proxy-addon 8 | keywords: 9 | - acm 10 | - cluster-proxy 11 | name: cluster-proxy-addon 12 | verified: "RHACM" 13 | version: 2.7.0 14 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-proxy-addon/templates/anp-route.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: route.openshift.io/v1 2 | kind: Route 3 | metadata: 4 | name: cluster-proxy-addon-anp 5 | labels: 6 | chart: cluster-proxy-addon-2.1.0 7 | component: cluster-proxy-addon-anp-server 8 | annotations: 9 | haproxy.router.openshift.io/timeout: 60s 10 | haproxy.router.openshift.io/balance: roundrobin 11 | spec: 12 | host: cluster-proxy-anp.{{ .Values.hubconfig.clusterIngressDomain }} 13 | port: 14 | targetPort: anp-port 15 | tls: 16 | termination: passthrough 17 | to: 18 | kind: Service 19 | name: cluster-proxy-addon-anp 20 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-proxy-addon/templates/anp-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: cluster-proxy-addon-anp 5 | labels: 6 | chart: cluster-proxy-addon-2.1.0 7 | component: cluster-proxy-addon-anp-server 8 | spec: 9 | ports: 10 | - name: anp-port 11 | port: 8091 12 | protocol: TCP 13 | selector: 14 | proxy.open-cluster-management.io/component-name: proxy-server 15 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-proxy-addon/templates/clustermanagementaddon.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: addon.open-cluster-management.io/v1alpha1 2 | kind: ClusterManagementAddOn 3 | metadata: 4 | annotations: 5 | addon.open-cluster-management.io/lifecycle: addon-manager 6 | name: cluster-proxy 7 | spec: 8 | addOnMeta: 9 | displayName: cluster-proxy 10 | description: cluster-proxy 11 | installStrategy: 12 | placements: 13 | - name: global 14 | namespace: open-cluster-management-global-set 15 | rolloutStrategy: 16 | type: All 17 | type: Placements 18 | supportedConfigs: 19 | - group: proxy.open-cluster-management.io 20 | resource: managedproxyconfigurations 21 | defaultConfig: 22 | name: cluster-proxy 23 | - group: addon.open-cluster-management.io 24 | resource: addondeploymentconfigs 25 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-proxy-addon/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: {{ .Values.org }}:{{ .Chart.Name }}:addon-manager 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: {{ .Values.org }}:{{ .Chart.Name }}:addon-manager 9 | subjects: 10 | - kind: ServiceAccount 11 | name: cluster-proxy 12 | namespace: '{{ .Values.global.namespace }}' 13 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-proxy-addon/templates/managedproxyconfiguration.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: proxy.open-cluster-management.io/v1alpha1 2 | kind: ManagedProxyConfiguration 3 | metadata: 4 | name: cluster-proxy 5 | spec: 6 | authentication: 7 | dump: 8 | secrets: {} 9 | signer: 10 | type: SelfSigned 11 | proxyServer: 12 | image: '{{ .Values.global.imageOverrides.cluster_proxy }}' 13 | namespace: '{{ .Values.global.namespace }}' 14 | replicas: {{ .Values.hubconfig.replicaCount }} 15 | entrypoint: 16 | type: Hostname 17 | hostname: 18 | value: cluster-proxy-anp.{{ .Values.hubconfig.clusterIngressDomain }} 19 | port: 443 20 | additionalArgs: 21 | - "--keepalive-time=30s" # Use this to keep connection from proxy-agent stay alive 22 | nodePlacement: 23 | {{- with .Values.hubconfig.tolerations }} 24 | tolerations: 25 | {{- range . }} 26 | - {{ if .Key }} key: {{ .Key }} {{- end }} 27 | {{ if .Operator }} operator: {{ .Operator }} {{- end }} 28 | {{ if .Value }} value: {{ .Value }} {{- end }} 29 | {{ if .Effect }} effect: {{ .Effect }} {{- end }} 30 | {{ if .TolerationSeconds }} tolerationSeconds: {{ .TolerationSeconds }} {{- end }} 31 | {{- end }} 32 | {{- end }} 33 | {{- with .Values.hubconfig.nodeSelector }} 34 | nodeSelector: 35 | {{ toYaml . | indent 8 }} 36 | {{- end }} 37 | proxyAgent: 38 | image: '{{ .Values.global.imageOverrides.cluster_proxy }}' 39 | replicas: 1 40 | imagePullSecrets: 41 | - "open-cluster-management-image-pull-credentials" 42 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-proxy-addon/templates/role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: open-cluster-management:cluster-proxy-addon:addon-manager 5 | namespace: '{{ .Values.global.namespace }}' 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - services 11 | - events 12 | - serviceaccounts 13 | verbs: 14 | - "*" 15 | - apiGroups: 16 | - "apps" 17 | resources: 18 | - deployments 19 | - deployments/scale 20 | verbs: 21 | - "*" 22 | - apiGroups: 23 | - "" 24 | resources: 25 | - configmaps 26 | verbs: 27 | - get 28 | - create 29 | - update 30 | - patch 31 | - apiGroups: 32 | - coordination.k8s.io 33 | resources: 34 | - leases 35 | verbs: 36 | - get 37 | - create 38 | - update 39 | - patch 40 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-proxy-addon/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: open-cluster-management:cluster-proxy-addon:addon-manager 5 | namespace: '{{ .Values.global.namespace }}' 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: Role 9 | name: open-cluster-management:cluster-proxy-addon:addon-manager 10 | subjects: 11 | - kind: ServiceAccount 12 | name: cluster-proxy 13 | namespace: '{{ .Values.global.namespace }}' 14 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-proxy-addon/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: cluster-proxy 5 | namespace: '{{ .Values.global.namespace }}' 6 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-proxy-addon/templates/user-route.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: route.openshift.io/v1 2 | kind: Route 3 | metadata: 4 | name: cluster-proxy-addon-user 5 | labels: 6 | chart: cluster-proxy-addon-2.1.0 7 | component: cluster-proxy-addon-user 8 | annotations: 9 | openshift.io/host.generated: "true" 10 | spec: 11 | host: cluster-proxy-user.{{ .Values.hubconfig.clusterIngressDomain }} 12 | port: 13 | targetPort: user-port 14 | tls: 15 | termination: reencrypt 16 | insecureEdgeTerminationPolicy: Redirect 17 | to: 18 | kind: Service 19 | name: cluster-proxy-addon-user 20 | 21 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-proxy-addon/templates/user-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: cluster-proxy-addon-user 5 | labels: 6 | chart: cluster-proxy-addon-2.1.0 7 | component: cluster-proxy-addon-user 8 | annotations: 9 | service.alpha.openshift.io/serving-cert-secret-name: cluster-proxy-user-serving-cert 10 | spec: 11 | ports: 12 | - name: user-port 13 | port: 9092 14 | protocol: TCP 15 | selector: 16 | component: cluster-proxy-addon-user 17 | chart: cluster-proxy-addon-2.1.0 18 | 19 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/cluster-proxy-addon/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | pullPolicy: Always 3 | namespace: default 4 | pullSecret: null 5 | imageOverrides: 6 | cluster_proxy: "" 7 | templateOverrides: {} 8 | hubconfig: 9 | nodeSelector: null 10 | replicaCount: 1 11 | proxyConfigs: {} 12 | tolerations: [] 13 | ocpVersion: "4.12.0" 14 | org: open-cluster-management 15 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/console-mce/Chart.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Red Hat, Inc. 2 | # Copyright Contributors to the Open Cluster Management project 3 | 4 | apiVersion: v1 5 | appVersion: 2.7.0 6 | category: "Development" 7 | description: Helm chart for console plugin for multicluster engine for Kubernetes 8 | keywords: 9 | - ui 10 | kubeVersion: ">=1.10.0-0" 11 | name: console-mce 12 | version: 2.7.0 13 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/console-mce/templates/clusterimageset-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | kind: ClusterRole 4 | apiVersion: rbac.authorization.k8s.io/v1 5 | metadata: 6 | name: open-cluster-management:console:aggregate-clusterimagesets-readonly 7 | labels: 8 | # Add these permissions to the "view" default role. 9 | rbac.authorization.k8s.io/aggregate-to-view: "true" 10 | rbac.authorization.k8s.io/aggregate-to-edit: "true" 11 | rules: 12 | - apiGroups: ["hive.openshift.io"] 13 | resources: ["clusterimagesets"] 14 | verbs: ["get", "list", "watch"] 15 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/console-mce/templates/clusterimageset-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRoleBinding 5 | metadata: 6 | name: open-cluster-management:console:readonly-clusterimagesets 7 | subjects: 8 | - kind: Group 9 | name: system:authenticated 10 | apiGroup: rbac.authorization.k8s.io 11 | roleRef: 12 | kind: ClusterRole 13 | name: open-cluster-management:console:aggregate-clusterimagesets-readonly 14 | apiGroup: rbac.authorization.k8s.io 15 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/console-mce/templates/console-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | kind: ClusterRoleBinding 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: {{ .Values.org }}:{{ .Chart.Name }}:clusterrolebinding 6 | subjects: 7 | - kind: ServiceAccount 8 | name: console-mce 9 | namespace: {{ .Values.global.namespace }} 10 | roleRef: 11 | kind: ClusterRole 12 | name: {{ .Values.org }}:{{ .Chart.Name }}:clusterrole 13 | apiGroup: rbac.authorization.k8s.io 14 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/console-mce/templates/console-configmap.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: console-mce-config 6 | data: 7 | LOG_LEVEL: info 8 | ansibleIntegration: disabled 9 | singleNodeOpenshift: disabled 10 | awsPrivateWizardStep: enabled 11 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/console-mce/templates/console-metrics-monitor-role.yaml: -------------------------------------------------------------------------------- 1 | kind: Role 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: console-metrics-monitor 5 | rules: 6 | - verbs: 7 | - get 8 | - list 9 | - watch 10 | apiGroups: 11 | - '' 12 | resources: 13 | - pods 14 | - services 15 | - endpoints 16 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/console-mce/templates/console-metrics-monitor-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | kind: RoleBinding 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: console-metrics-monitor 5 | subjects: 6 | - kind: ServiceAccount 7 | name: prometheus-k8s 8 | namespace: openshift-monitoring 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: Role 12 | name: console-metrics-monitor 13 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/console-mce/templates/console-plugin.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | apiVersion: console.openshift.io/v1 3 | kind: ConsolePlugin 4 | metadata: 5 | name: mce 6 | spec: 7 | displayName: Red Hat MultiCluster Engine 8 | backend: 9 | service: 10 | basePath: /plugin/ 11 | name: console-mce-console 12 | namespace: {{ .Values.global.namespace }} 13 | port: 3000 14 | type: Service 15 | i18n: 16 | loadType: Preload 17 | proxy: 18 | - alias: console 19 | authorization: UserToken 20 | endpoint: 21 | service: 22 | name: console-mce-console 23 | namespace: {{ .Values.global.namespace }} 24 | port: 3000 25 | type: Service 26 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/console-mce/templates/console-prometheus-rules.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PrometheusRule 4 | metadata: 5 | name: acm-console-prometheus-rules 6 | namespace: {{ .Values.global.namespace }} 7 | spec: 8 | groups: 9 | - name: acm-console.rules 10 | rules: 11 | - expr: sum by (page) (acm_console_page_count) 12 | record: 'acm_console_page_count:sum' 13 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/console-mce/templates/console-service.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | annotations: 6 | service.beta.openshift.io/serving-cert-secret-name: console-mce-console-certs 7 | name: console-mce-console 8 | labels: 9 | app: console-mce 10 | spec: 11 | ports: 12 | - port: 3000 13 | targetPort: 3000 14 | protocol: TCP 15 | name: http 16 | selector: 17 | app: console-mce 18 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/console-mce/templates/console-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: console-mce 6 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/console-mce/templates/console-servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | name: console-mce-monitor 5 | namespace: {{ .Values.global.namespace }} 6 | spec: 7 | endpoints: 8 | - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 9 | interval: 60s 10 | port: http 11 | scheme: https 12 | scrapeTimeout: 10s 13 | tlsConfig: 14 | ca: {} 15 | cert: {} 16 | insecureSkipVerify: true 17 | jobLabel: console-mce-console 18 | namespaceSelector: 19 | matchNames: 20 | - {{ .Values.global.namespace }} 21 | selector: 22 | matchLabels: 23 | app: console-mce 24 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/console-mce/values.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | # Default values for console-mce-chart 4 | # This is a YAML-formatted file. 5 | # Declare variables to be passed into your templates. 6 | 7 | global: 8 | imageOverrides: 9 | console_mce: "" 10 | templateOverrides: {} 11 | # Available template overrides: 12 | # console_mce_deployment_container_memory_request: 13 | # console_mce_deployment_container_memory_limit: 14 | # console_mce_deployment_container_cpu_request: 15 | # console_mce_deployment_container_cpu_limit: 16 | pullPolicy: Always 17 | namespace: default 18 | pullSecret: null 19 | hubconfig: 20 | nodeSelector: null 21 | proxyConfigs: {} 22 | replicaCount: 1 23 | tolerations: [] 24 | ocpVersion: "4.12.0" 25 | org: open-cluster-management 26 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/discovery-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: 2.7.0 3 | description: This operator discovers OpenShift Conatiner Platform clusters which are 4 | not yet under management by Open Cluster Management. 5 | name: discovery-operator 6 | type: application 7 | version: 2.7.0 8 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/discovery-operator/templates/discovery-operator-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: '{{ .Values.org }}:{{ .Chart.Name }}:discovery-operator' 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: '{{ .Values.org }}:{{ .Chart.Name }}:discovery-operator' 9 | subjects: 10 | - kind: ServiceAccount 11 | name: discovery-operator 12 | namespace: '{{ .Values.global.namespace }}' 13 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/discovery-operator/templates/discovery-operator-metrics-reader_rbac.authorization.k8s.io_v1_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | creationTimestamp: null 5 | name: '{{ .Values.org }}:{{ .Chart.Name }}:discovery-operator-metrics-reader' 6 | namespace: '{{ .Values.global.namespace }}' 7 | rules: 8 | - apiGroups: 9 | - '' 10 | resources: 11 | - pods 12 | - services 13 | - endpoints 14 | verbs: 15 | - get 16 | - list 17 | - watch 18 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/discovery-operator/templates/discovery-operator-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: '{{ .Values.org }}:{{ .Chart.Name }}:discovery-operator' 5 | namespace: '{{ .Values.global.namespace }}' 6 | rules: 7 | - apiGroups: 8 | - '' 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - '' 21 | resources: 22 | - configmaps/status 23 | verbs: 24 | - get 25 | - update 26 | - patch 27 | - apiGroups: 28 | - '' 29 | resources: 30 | - events 31 | verbs: 32 | - create 33 | - patch 34 | - apiGroups: 35 | - coordination.k8s.io 36 | resources: 37 | - leases 38 | verbs: 39 | - get 40 | - list 41 | - watch 42 | - create 43 | - update 44 | - patch 45 | - delete 46 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/discovery-operator/templates/discovery-operator-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: '{{ .Values.org }}:{{ .Chart.Name }}:discovery-operator' 5 | namespace: '{{ .Values.global.namespace }}' 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: Role 9 | name: '{{ .Values.org }}:{{ .Chart.Name }}:discovery-operator' 10 | subjects: 11 | - kind: ServiceAccount 12 | name: discovery-operator 13 | namespace: '{{ .Values.global.namespace }}' 14 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/discovery-operator/templates/discovery-operator-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: discovery-operator 5 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/discovery-operator/templates/discovery-operator-webhook_v1_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | annotations: 5 | service.beta.openshift.io/serving-cert-secret-name: discovery-operator-webhook-service 6 | creationTimestamp: null 7 | name: discovery-operator-webhook-service 8 | namespace: '{{ .Values.global.namespace }}' 9 | spec: 10 | ports: 11 | - port: 443 12 | protocol: TCP 13 | targetPort: 9443 14 | selector: 15 | app: discovery-operator 16 | status: 17 | loadBalancer: {} 18 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/discovery-operator/templates/discovery-operator_v1_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | creationTimestamp: null 5 | name: discovery-operator 6 | namespace: '{{ .Values.global.namespace }}' 7 | spec: 8 | ports: 9 | - name: metrics 10 | port: 8080 11 | protocol: TCP 12 | targetPort: 8080 13 | selector: 14 | app: discovery-operator 15 | type: ClusterIP 16 | status: 17 | loadBalancer: {} 18 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/discovery-operator/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | deployOnOCP: true 3 | imageOverrides: 4 | discovery_operator: '' 5 | namespace: default 6 | pullSecret: null 7 | templateOverrides: {} 8 | hubconfig: 9 | nodeSelector: null 10 | ocpVersion: 4.12.0 11 | proxyConfigs: {} 12 | replicaCount: 1 13 | tolerations: [] 14 | org: open-cluster-management 15 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/hive-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: 2.7.0 3 | description: OpenShift cluster provisioning and management at scale. 4 | name: hive-operator 5 | type: application 6 | version: 2.7.0 7 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/hive-operator/templates/hive-operator-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: '{{ .Values.org }}:{{ .Chart.Name }}:hive-operator' 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: '{{ .Values.org }}:{{ .Chart.Name }}:hive-operator' 9 | subjects: 10 | - kind: ServiceAccount 11 | name: hive-operator 12 | namespace: '{{ .Values.global.namespace }}' 13 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/hive-operator/templates/hive-operator-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: hive-operator 5 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/hive-operator/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | deployOnOCP: true 3 | imageOverrides: 4 | openshift_hive: '' 5 | namespace: default 6 | pullSecret: null 7 | templateOverrides: {} 8 | hubconfig: 9 | nodeSelector: null 10 | ocpVersion: 4.12.0 11 | proxyConfigs: {} 12 | replicaCount: 1 13 | tolerations: [] 14 | org: open-cluster-management 15 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/hypershift/Chart.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Red Hat, Inc. 2 | # Copyright Contributors to the Open Cluster Management project 3 | 4 | apiVersion: v2 5 | appVersion: 2.7.0 6 | description: HyperShift is a middleware for hosting OpenShift control planes at scale that solves for cost and time to provision, as well as portability cross cloud with strong separation of concerns between management and workloads. Clusters are fully compliant OpenShift Container Platform (OCP) clusters and are compatible with standard OCP and Kubernetes toolchains. 7 | name: hypershift 8 | type: application 9 | version: 2.7.0 10 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/hypershift/templates/hypershift-addon-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: hypershift-operator-imagestream 5 | namespace: {{ .Values.global.namespace }} 6 | data: 7 | imagestream: | 8 | kind: ImageStream 9 | apiVersion: image.openshift.io/v1 10 | metadata: 11 | name: hypershift-operator-imagestream 12 | spec: 13 | lookupPolicy: 14 | local: false 15 | tags: 16 | - name: cluster-api-provider-agent 17 | annotations: 18 | io.openshift.build.commit.id: dd6353f609dc9e7bfd0312ce4b2c8d3dac5d749e 19 | io.openshift.build.source-location: https://github.com/openshift/cluster-api-provider-agent 20 | from: 21 | kind: DockerImage 22 | name: {{ .Values.global.imageOverrides.cluster_api_provider_agent }} 23 | - name: cluster-api-provider-kubevirt 24 | annotations: 25 | io.openshift.build.commit.id: 'dbdc825088513dc962ba2103efe2c1a4eb3cf524' 26 | io.openshift.build.source-location: https://github.com/openshift/cluster-api-provider-kubevirt 27 | from: 28 | kind: DockerImage 29 | name: {{ .Values.global.imageOverrides.cluster_api_provider_kubevirt }} 30 | - name: hypershift-operator 31 | annotations: 32 | io.openshift.build.commit.id: '' 33 | io.openshift.build.source-location: https://github.com/openshift/hypershift 34 | from: 35 | kind: DockerImage 36 | name: {{ .Values.global.imageOverrides.hypershift_operator }} 37 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/hypershift/templates/hypershift-addon-deploymentconfig.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: addon.open-cluster-management.io/v1alpha1 2 | kind: AddOnDeploymentConfig 3 | metadata: 4 | name: hypershift-addon-deploy-config 5 | namespace: {{ .Values.global.namespace }} 6 | spec: 7 | customizedVariables: 8 | - name: hcMaxNumber 9 | value: "80" 10 | - name: hcThresholdNumber 11 | value: "60" 12 | {{- if not .Values.global.deployOnOCP }} 13 | - name: disableMetrics 14 | value: "true" 15 | - name: disableHOManagement 16 | value: "true" 17 | - name: aroHcp 18 | value: "true" 19 | - name: autoImportDisabled 20 | value: "true" 21 | {{- end }} 22 | nodePlacement: 23 | {{- with .Values.hubconfig.tolerations }} 24 | tolerations: 25 | {{- range . }} 26 | - {{ if .Key }} key: {{ .Key }} {{- end }} 27 | {{ if .Operator }} operator: {{ .Operator }} {{- end }} 28 | {{ if .Value }} value: {{ .Value }} {{- end }} 29 | {{ if .Effect }} effect: {{ .Effect }} {{- end }} 30 | {{ if .TolerationSeconds }} tolerationSeconds: {{ .TolerationSeconds }} {{- end }} 31 | {{- end }} 32 | {{- end }} 33 | {{- with .Values.hubconfig.nodeSelector }} 34 | nodeSelector: 35 | {{ toYaml . | indent 6 }} 36 | {{- end }} 37 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/hypershift/templates/hypershift-addon-manager-clustermanagementaddon.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: addon.open-cluster-management.io/v1alpha1 2 | kind: ClusterManagementAddOn 3 | metadata: 4 | name: hypershift-addon 5 | spec: 6 | addOnMeta: 7 | displayName: Hypershift Addon Agent 8 | description: Installs the Hypershift operator and monitors hosted clusters 9 | supportedConfigs: 10 | - group: addon.open-cluster-management.io 11 | resource: addondeploymentconfigs 12 | defaultConfig: 13 | name: hypershift-addon-deploy-config 14 | namespace: {{ .Values.global.namespace }} -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/hypershift/templates/hypershift-addon-manager-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | kind: ClusterRoleBinding 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: {{ .Values.org }}:{{ .Chart.Name }}:hypershift-addon-manager 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: {{ .Values.org }}:{{ .Chart.Name }}:hypershift-addon-manager 9 | subjects: 10 | - kind: ServiceAccount 11 | name: hypershift-addon-manager-sa 12 | namespace: {{ .Values.global.namespace }} 13 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/hypershift/templates/hypershift-addon-manager-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | kind: ServiceAccount 2 | apiVersion: v1 3 | metadata: 4 | name: hypershift-addon-manager-sa 5 | namespace: {{ .Values.global.namespace }} 6 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/hypershift/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | imageOverrides: 3 | hypershift_addon_operator: "" 4 | cluster_api: "" 5 | cluster_api_provider_agent: "" 6 | hypershift_operator: "" 7 | cluster_api_provider_kubevirt: "" 8 | kube_rbac_proxy_mce: "registry.redhat.io/openshift4/ose-kube-rbac-proxy:v4.10" 9 | templateOverrides: {} 10 | namespace: default 11 | pullSecret: null 12 | deployOnOCP: "" 13 | hubconfig: 14 | nodeSelector: null 15 | proxyConfigs: {} 16 | replicaCount: 1 17 | tolerations: [] 18 | ocpVersion: "4.12.0" 19 | org: open-cluster-management 20 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/image-based-install-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: 2.7.0 3 | description: A Helm chart for Kubernetes 4 | name: image-based-install-operator 5 | type: application 6 | version: 2.7.0 7 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/image-based-install-operator/templates/image-based-install-config_v1_route.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: route.openshift.io/v1 2 | kind: Route 3 | metadata: 4 | namespace: '{{ .Values.global.namespace }}' 5 | name: images 6 | spec: 7 | port: 8 | targetPort: config-server 9 | to: 10 | kind: Service 11 | name: image-based-install-config 12 | weight: 100 13 | wildcardPolicy: None 14 | tls: 15 | insecureEdgeTerminationPolicy: Redirect 16 | termination: reencrypt -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/image-based-install-operator/templates/image-based-install-config_v1_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | annotations: 5 | service.beta.openshift.io/serving-cert-secret-name: ibi-config-serving-certs 6 | creationTimestamp: null 7 | name: image-based-install-config 8 | namespace: '{{ .Values.global.namespace }}' 9 | spec: 10 | ports: 11 | - name: config-server 12 | port: 8000 13 | protocol: TCP 14 | targetPort: 0 15 | selector: 16 | app: image-based-install-operator 17 | status: 18 | loadBalancer: {} 19 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/image-based-install-operator/templates/image-based-install-operator-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: '{{ .Values.org }}:{{ .Chart.Name }}:image-based-install-operator' 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: '{{ .Values.org }}:{{ .Chart.Name }}:image-based-install-operator' 9 | subjects: 10 | - kind: ServiceAccount 11 | name: image-based-install-operator 12 | namespace: '{{ .Values.global.namespace }}' 13 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/image-based-install-operator/templates/image-based-install-operator-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: '{{ .Values.org }}:{{ .Chart.Name }}:image-based-install-operator' 5 | namespace: '{{ .Values.global.namespace }}' 6 | rules: 7 | - apiGroups: 8 | - '' 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - coordination.k8s.io 21 | resources: 22 | - leases 23 | verbs: 24 | - get 25 | - list 26 | - watch 27 | - create 28 | - update 29 | - patch 30 | - delete 31 | - apiGroups: 32 | - '' 33 | resources: 34 | - events 35 | verbs: 36 | - create 37 | - patch 38 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/image-based-install-operator/templates/image-based-install-operator-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: '{{ .Values.org }}:{{ .Chart.Name }}:image-based-install-operator' 5 | namespace: '{{ .Values.global.namespace }}' 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: Role 9 | name: '{{ .Values.org }}:{{ .Chart.Name }}:image-based-install-operator' 10 | subjects: 11 | - kind: ServiceAccount 12 | name: image-based-install-operator 13 | namespace: '{{ .Values.global.namespace }}' 14 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/image-based-install-operator/templates/image-based-install-operator-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: image-based-install-operator 5 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/image-based-install-operator/templates/image-based-install-webhook_v1_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | annotations: 5 | service.beta.openshift.io/serving-cert-secret-name: ibi-webhook-serving-certs 6 | creationTimestamp: null 7 | name: image-based-install-webhook 8 | namespace: '{{ .Values.global.namespace }}' 9 | spec: 10 | ports: 11 | - port: 443 12 | protocol: TCP 13 | targetPort: 9443 14 | selector: 15 | app: image-based-install-operator 16 | status: 17 | loadBalancer: {} 18 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/image-based-install-operator/templates/imageclusterinstalls.extensions.hive.openshift.io-validatingwebhookconfiguration.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: admissionregistration.k8s.io/v1 2 | kind: ValidatingWebhookConfiguration 3 | metadata: 4 | annotations: 5 | service.beta.openshift.io/inject-cabundle: 'true' 6 | name: imageclusterinstalls.extensions.hive.openshift.io 7 | webhooks: 8 | - admissionReviewVersions: 9 | - v1 10 | clientConfig: 11 | service: 12 | name: image-based-install-webhook 13 | namespace: '{{ default "system" .Values.global.namespace }}' 14 | path: /validate-extensions-hive-openshift-io-v1alpha1-imageclusterinstall 15 | failurePolicy: Fail 16 | name: imageclusterinstalls.extensions.hive.openshift.io 17 | rules: 18 | - apiGroups: 19 | - extensions.hive.openshift.io 20 | apiVersions: 21 | - v1alpha1 22 | operations: 23 | - CREATE 24 | - UPDATE 25 | resources: 26 | - imageclusterinstalls 27 | sideEffects: None 28 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/image-based-install-operator/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | deployOnOCP: true 3 | imageOverrides: 4 | image_based_install_operator: '' 5 | namespace: default 6 | pullSecret: null 7 | templateOverrides: {} 8 | hubconfig: 9 | nodeSelector: null 10 | ocpVersion: 4.12.0 11 | proxyConfigs: {} 12 | replicaCount: 1 13 | tolerations: [] 14 | org: open-cluster-management 15 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/managed-serviceaccount/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: 1.0.0 3 | description: A Helm chart for Managed ServiceAccount Addon 4 | name: managed-serviceaccount 5 | type: application 6 | version: '2.10' 7 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/managed-serviceaccount/templates/managed-serviceaccount-addon-agent-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: managed-serviceaccount-addon-agent 5 | rules: 6 | - apiGroups: 7 | - '' 8 | resources: 9 | - secrets 10 | verbs: 11 | - get 12 | - list 13 | - watch 14 | - create 15 | - update 16 | - apiGroups: 17 | - authentication.open-cluster-management.io 18 | resources: 19 | - managedserviceaccounts 20 | verbs: 21 | - get 22 | - list 23 | - watch 24 | - update 25 | - patch 26 | - delete 27 | - apiGroups: 28 | - authentication.open-cluster-management.io 29 | resources: 30 | - managedserviceaccounts/status 31 | verbs: 32 | - get 33 | - update 34 | - patch 35 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/managed-serviceaccount/templates/managed-serviceaccount-clustermanagementaddon.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: addon.open-cluster-management.io/v1alpha1 2 | kind: ClusterManagementAddOn 3 | metadata: 4 | annotations: 5 | addon.open-cluster-management.io/lifecycle: addon-manager 6 | name: managed-serviceaccount 7 | spec: 8 | addOnMeta: 9 | description: managed-serviceaccount 10 | displayName: managed-serviceaccount 11 | installStrategy: 12 | placements: 13 | - name: global 14 | namespace: open-cluster-management-global-set 15 | rolloutStrategy: 16 | type: All 17 | type: Placements 18 | supportedConfigs: 19 | - group: addon.open-cluster-management.io 20 | resource: addondeploymentconfigs 21 | - defaultConfig: 22 | name: managed-serviceaccount-2.10 23 | group: addon.open-cluster-management.io 24 | resource: addontemplates 25 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/managed-serviceaccount/templates/open-cluster-management-addon-manager-managed-serviceaccount-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: open-cluster-management-addon-manager-managed-serviceaccount 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: managed-serviceaccount-addon-agent 9 | subjects: 10 | - kind: ServiceAccount 11 | name: addon-manager-controller-sa 12 | namespace: open-cluster-management-hub 13 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/managed-serviceaccount/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | deployOnOCP: true 3 | imageOverrides: 4 | managed_serviceaccount: '' 5 | namespace: default 6 | pullSecret: null 7 | templateOverrides: {} 8 | hubconfig: 9 | nodeSelector: null 10 | ocpVersion: 4.12.0 11 | proxyConfigs: {} 12 | replicaCount: 1 13 | tolerations: [] 14 | org: open-cluster-management 15 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/server-foundation/Chart.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Red Hat, Inc. 2 | # Copyright Contributors to the Open Cluster Management project 3 | 4 | apiVersion: v2 5 | appVersion: 2.7.0 6 | description: server foundation components. 7 | name: server-foundation 8 | type: application 9 | version: 2.7.0 10 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/server-foundation/templates/clusterrole-foundation-agent.yaml: -------------------------------------------------------------------------------- 1 | kind: ClusterRole 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: managed-cluster-workmgr 5 | rules: 6 | - apiGroups: ["","events.k8s.io"] 7 | resources: ["events"] 8 | verbs: ["create", "update", "patch"] 9 | - apiGroups: ["action.open-cluster-management.io"] 10 | resources: ["managedclusteractions"] 11 | verbs: ["get", "list", "watch"] 12 | - apiGroups: ["action.open-cluster-management.io"] 13 | resources: ["managedclusteractions/status"] 14 | verbs: ["update", "patch"] 15 | - apiGroups: ["internal.open-cluster-management.io"] 16 | resources: ["managedclusterinfos"] 17 | verbs: ["get", "list", "watch"] 18 | - apiGroups: ["internal.open-cluster-management.io"] 19 | resources: ["managedclusterinfos/status"] 20 | verbs: ["update", "patch"] 21 | - apiGroups: ["view.open-cluster-management.io"] 22 | resources: ["managedclusterviews"] 23 | verbs: ["get", "list", "watch"] 24 | - apiGroups: ["view.open-cluster-management.io"] 25 | resources: ["managedclusterviews/status"] 26 | verbs: ["update", "patch"] 27 | - apiGroups: ["proxy.open-cluster-management.io"] 28 | resources: ["clusterstatuses/aggregator"] 29 | verbs: ["get", "create"] 30 | - apiGroups: ["coordination.k8s.io"] 31 | resources: ["leases"] 32 | verbs: ["get", "list", "watch", "update","create","patch"] 33 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/server-foundation/templates/clusterrolebinding-foundation.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRoleBinding 5 | metadata: 6 | name: open-cluster-management:backplane:foundation 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: ClusterRole 10 | name: open-cluster-management:backplane:foundation 11 | subjects: 12 | - kind: ServiceAccount 13 | name: ocm-foundation-sa 14 | namespace: {{ .Values.global.namespace }} -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/server-foundation/templates/inject-admin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: server-foundation-inject-admin 5 | labels: 6 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 7 | rules: 8 | - apiGroups: ["hive.openshift.io"] 9 | resources: ["clusterdeployments", "clusterpools", "clusterclaims", "machinepools"] 10 | verbs: ["*"] 11 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/server-foundation/templates/inject-view.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: server-foundation-inject-view 5 | labels: 6 | rbac.authorization.k8s.io/aggregate-to-view: "true" 7 | rules: 8 | - apiGroups: ["hive.openshift.io"] 9 | resources: ["clusterdeployments", "clusterpools", "clusterclaims", "machinepools"] 10 | verbs: ["get", "list", "watch"] 11 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/server-foundation/templates/managedcluster-import-agent-registration-bootstrap-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: open-cluster-management:managedcluster:bootstrap:agent-registration 5 | rules: 6 | - apiGroups: 7 | - "" 8 | resources: 9 | - configmaps 10 | verbs: 11 | - get 12 | - apiGroups: 13 | - certificates.k8s.io 14 | resources: 15 | - certificatesigningrequests 16 | verbs: 17 | - create 18 | - get 19 | - list 20 | - watch 21 | - apiGroups: 22 | - cluster.open-cluster-management.io 23 | resources: 24 | - managedclusters 25 | verbs: 26 | - get 27 | - create 28 | - update 29 | - apiGroups: # this is needed for creating managed cluster from agent-side. 30 | - "cluster.open-cluster-management.io" 31 | resources: 32 | - "managedclustersets/join" 33 | verbs: 34 | - "create" 35 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/server-foundation/templates/managedcluster-import-agent-registration-bootstrap-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | kind: ClusterRoleBinding 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: 'open-cluster-management:managedcluster:bootstrap:agent-registration' 5 | subjects: 6 | - kind: ServiceAccount 7 | name: agent-registration-bootstrap 8 | namespace: '{{ .Values.global.namespace }}' 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: 'open-cluster-management:managedcluster:bootstrap:agent-registration' 13 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/server-foundation/templates/managedcluster-import-agent-registration-bootstrap-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: "agent-registration-bootstrap" 5 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/server-foundation/templates/managedcluster-import-agent-registration-client-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: managedcluster-import-controller-agent-registration-client 5 | rules: 6 | - nonResourceURLs: ["/agent-registration/*"] 7 | verbs: ["get"] 8 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/server-foundation/templates/managedcluster-import-agent-registration-route.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.deployOnOCP }} 2 | apiVersion: route.openshift.io/v1 3 | kind: Route 4 | metadata: 5 | name: agent-registration 6 | annotations: 7 | openshift.io/host.generated: "true" 8 | spec: 9 | port: 10 | targetPort: agentregistration 11 | tls: 12 | termination: reencrypt 13 | insecureEdgeTerminationPolicy: Redirect 14 | to: 15 | kind: Service 16 | name: agent-registration 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/server-foundation/templates/managedcluster-import-agent-registration-service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.deployOnOCP }} 2 | kind: Service 3 | apiVersion: v1 4 | metadata: 5 | name: agent-registration 6 | annotations: 7 | service.alpha.openshift.io/serving-cert-secret-name: managedcluster-import-agent-registration-serving-cert 8 | spec: 9 | ports: 10 | - protocol: TCP 11 | port: 9091 12 | targetPort: 9091 13 | name: agentregistration 14 | type: ClusterIP 15 | selector: 16 | app: managedcluster-import-controller-v2 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/server-foundation/templates/managedcluster-import-config-configmap.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | {{- if .Values.global.eusUpgrading }} 4 | apiVersion: v1 5 | data: 6 | autoImportStrategy: ImportAndSync 7 | kind: ConfigMap 8 | metadata: 9 | name: import-controller-config 10 | annotations: 11 | installer.multicluster.openshift.io/is-editable: "true" 12 | labels: 13 | cluster.open-cluster-management.io/backup: "true" 14 | {{- end }} -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/server-foundation/templates/managedcluster-import-role_binding.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | kind: ClusterRoleBinding 4 | apiVersion: rbac.authorization.k8s.io/v1 5 | metadata: 6 | name: {{ .Values.org }}:{{ .Chart.Name }}:managedcluster-import-controller-v2 7 | subjects: 8 | - kind: ServiceAccount 9 | name: managedcluster-import-controller-v2 10 | namespace: '{{ .Values.global.namespace }}' 11 | roleRef: 12 | kind: ClusterRole 13 | name: {{ .Values.org }}:{{ .Chart.Name }}:managedcluster-import-controller-v2 14 | apiGroup: rbac.authorization.k8s.io -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/server-foundation/templates/managedcluster-import-service_account.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: managedcluster-import-controller-v2 7 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/server-foundation/templates/ocm-clusterview-api-svc-v1alpha1.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.deployOnOCP }} 2 | apiVersion: apiregistration.k8s.io/v1 3 | kind: APIService 4 | metadata: 5 | name: v1alpha1.clusterview.open-cluster-management.io 6 | annotations: 7 | service.beta.openshift.io/inject-cabundle: "true" 8 | spec: 9 | service: 10 | namespace: {{ .Values.global.namespace }} 11 | name: ocm-proxyserver 12 | group: clusterview.open-cluster-management.io 13 | version: v1alpha1 14 | groupPriorityMinimum: 10 15 | versionPriority: 20 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/server-foundation/templates/ocm-clusterview-api-svc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.deployOnOCP }} 2 | apiVersion: apiregistration.k8s.io/v1 3 | kind: APIService 4 | metadata: 5 | name: v1.clusterview.open-cluster-management.io 6 | annotations: 7 | service.beta.openshift.io/inject-cabundle: "true" 8 | spec: 9 | service: 10 | namespace: {{ .Values.global.namespace }} 11 | name: ocm-proxyserver 12 | group: clusterview.open-cluster-management.io 13 | version: v1 14 | groupPriorityMinimum: 10 15 | versionPriority: 20 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/server-foundation/templates/ocm-proxyserver-api-svc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.deployOnOCP }} 2 | apiVersion: apiregistration.k8s.io/v1 3 | kind: APIService 4 | metadata: 5 | name: v1beta1.proxy.open-cluster-management.io 6 | annotations: 7 | service.beta.openshift.io/inject-cabundle: "true" 8 | spec: 9 | service: 10 | namespace: {{ .Values.global.namespace }} 11 | name: ocm-proxyserver 12 | group: proxy.open-cluster-management.io 13 | version: v1beta1 14 | groupPriorityMinimum: 10000 15 | versionPriority: 20 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/server-foundation/templates/ocm-proxyserver-svc.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2021 Red Hat, Inc. 2 | # Copyright Contributors to the Open Cluster Management project 3 | {{- if .Values.global.deployOnOCP }} 4 | apiVersion: v1 5 | kind: Service 6 | metadata: 7 | name: ocm-proxyserver 8 | labels: 9 | control-plane: ocm-proxyserver 10 | ocm-antiaffinity-selector: ocm-proxyserver 11 | annotations: 12 | service.beta.openshift.io/serving-cert-secret-name: ocm-proxyserver 13 | spec: 14 | ports: 15 | - port: 443 16 | targetPort: 6443 17 | name: secure 18 | protocol: TCP 19 | selector: 20 | control-plane: ocm-proxyserver 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/server-foundation/templates/ocm-webhook-svc.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2021 Red Hat, Inc. 2 | # Copyright Contributors to the Open Cluster Management project 3 | 4 | apiVersion: v1 5 | kind: Service 6 | metadata: 7 | name: ocm-webhook 8 | labels: 9 | control-plane: ocm-webhook 10 | ocm-antiaffinity-selector: ocm-webhook 11 | annotations: 12 | service.beta.openshift.io/serving-cert-secret-name: ocm-webhook 13 | spec: 14 | ports: 15 | - port: 443 16 | targetPort: 8000 17 | protocol: TCP 18 | selector: 19 | control-plane: ocm-webhook -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/server-foundation/templates/serviceaccount-foundation.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: ocm-foundation-sa -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/server-foundation/templates/webhook-mutating-config.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | apiVersion: admissionregistration.k8s.io/v1 4 | kind: MutatingWebhookConfiguration 5 | metadata: 6 | annotations: 7 | service.beta.openshift.io/inject-cabundle: "true" 8 | labels: 9 | app: ocm-webhook 10 | name: ocm-mutating-webhook 11 | webhooks: 12 | - admissionReviewVersions: 13 | - v1 14 | clientConfig: 15 | {{- if not .Values.global.deployOnOCP }} 16 | caBundle: {{ .Values.global.servingCertCABundle }} 17 | {{- end }} 18 | service: 19 | name: ocm-webhook 20 | namespace: {{ .Values.global.namespace }} 21 | path: /mutating 22 | port: 443 23 | name: ocm.mutating.webhook.admission.open-cluster-management.io 24 | sideEffects: None 25 | rules: 26 | - apiGroups: 27 | - apps.open-cluster-management.io 28 | apiVersions: 29 | - v1 30 | operations: 31 | - CREATE 32 | resources: 33 | - deployables 34 | - channels 35 | - subscriptions 36 | - placementrules 37 | scope: '*' 38 | - apiGroups: 39 | - app.k8s.io 40 | apiVersions: 41 | - v1beta1 42 | operations: 43 | - CREATE 44 | - UPDATE 45 | resources: 46 | - applications 47 | scope: '*' 48 | - apiGroups: 49 | - hive.openshift.io 50 | operations: 51 | - CREATE 52 | apiVersions: 53 | - "v1" 54 | resources: 55 | - clusterdeployments 56 | - clusterpools 57 | - clusterclaims 58 | scope: '*' -------------------------------------------------------------------------------- /pkg/templates/charts/toggle/server-foundation/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | imageOverrides: 3 | multicloud_manager: quay.io/test/test:test 4 | templateOverrides: {} 5 | pullSecret: "" 6 | namespace: default 7 | deployOnOCP: "" 8 | servingCertCABundle: "" 9 | upgrading: false 10 | eusUpgrading: false 11 | hubconfig: 12 | nodeSelector: {} 13 | proxyConfigs: {} 14 | replicaCount: 1 15 | tolerations: [] 16 | ocpVersion: "4.12.0" 17 | org: open-cluster-management 18 | -------------------------------------------------------------------------------- /pkg/templates/clustermanagementaddons/workmanager.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: addon.open-cluster-management.io/v1alpha1 2 | kind: ClusterManagementAddOn 3 | metadata: 4 | name: work-manager 5 | annotations: 6 | addon.open-cluster-management.io/lifecycle: addon-manager 7 | spec: 8 | addOnMeta: 9 | displayName: work-manager 10 | description: "work-manager provides action, view and rbac settings" 11 | installStrategy: 12 | type: Placements 13 | placements: 14 | - name: global 15 | namespace: open-cluster-management-global-set 16 | rolloutStrategy: 17 | type: All 18 | supportedConfigs: 19 | - group: addon.open-cluster-management.io 20 | resource: addondeploymentconfigs 21 | -------------------------------------------------------------------------------- /pkg/templates/crds/internal/internal-engine-component.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | # name must match the spec fields below, and be in the form: . 5 | name: internalenginecomponents.multicluster.openshift.io 6 | spec: 7 | # group name to use for REST API: /apis// 8 | group: multicluster.openshift.io 9 | # list of versions supported by this CustomResourceDefinition 10 | versions: 11 | - name: v1 12 | # Each version can be enabled/disabled by Served flag. 13 | served: true 14 | # One and only one version must be marked as the storage version. 15 | storage: true 16 | schema: 17 | openAPIV3Schema: 18 | type: object 19 | properties: 20 | spec: 21 | type: object 22 | # either Namespaced or Cluster 23 | scope: Namespaced 24 | names: 25 | # plural name to be used in the URL: /apis/// 26 | plural: internalenginecomponents 27 | # singular name to be used as an alias on the CLI and for display 28 | singular: internalenginecomponent 29 | # kind is normally the CamelCased singular type. Your resource manifests use this. 30 | kind: InternalEngineComponent 31 | # shortNames allow shorter string to match your resource on the CLI 32 | shortNames: 33 | - iec -------------------------------------------------------------------------------- /pkg/utils/defaults.go: -------------------------------------------------------------------------------- 1 | // Copyright Contributors to the Open Cluster Management project 2 | 3 | package utils 4 | 5 | import ( 6 | "time" 7 | ) 8 | 9 | const ( 10 | /* 11 | ErrorRefreshInterval is used for handling critical errors that require immediate attention. 12 | */ 13 | ErrorRefreshInterval = 30 * time.Second 14 | 15 | /* 16 | FastRefreshInterval is useful for rapidly changing environments where frequent updates are needed. 17 | */ 18 | FastRefreshInterval = 1 * time.Minute 19 | 20 | /* 21 | ShortRefreshInterval is ideal for frequently changing or moderately critical state requiring timely updates. 22 | */ 23 | ShortRefreshInterval = 5 * time.Minute 24 | 25 | /* 26 | WarningRefreshInterval is suitable for addressing warnings or non-critical issues that should still be addressed 27 | relatively promptly. 28 | */ 29 | WarningRefreshInterval = 1 * time.Minute 30 | 31 | /* 32 | DefaultRefreshInterval serves as a fallback for any other conditions not explicitly covered by the above 33 | intervals. 34 | */ 35 | DefaultRefreshInterval = 20 * time.Minute 36 | ) 37 | -------------------------------------------------------------------------------- /pkg/utils/local_cluster.go: -------------------------------------------------------------------------------- 1 | // Copyright Contributors to the Open Cluster Management project 2 | package utils 3 | 4 | import ( 5 | corev1 "k8s.io/api/core/v1" 6 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 7 | "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" 8 | ) 9 | 10 | const ( 11 | // DefaultLocalClusterName name of the hub cluster managedcluster resource 12 | DefaultLocalClusterName = "local-cluster" 13 | 14 | // AnnotationNodeSelector key name of nodeSelector annotation synced from mch 15 | AnnotationNodeSelector = "open-cluster-management/nodeSelector" 16 | AnnotationTolerations = "open-cluster-management/tolerations" 17 | ) 18 | 19 | func NewManagedCluster(name string) *unstructured.Unstructured { 20 | managedCluster := &unstructured.Unstructured{ 21 | Object: map[string]interface{}{ 22 | "apiVersion": "cluster.open-cluster-management.io/v1", 23 | "kind": "ManagedCluster", 24 | "metadata": map[string]interface{}{ 25 | "name": name, 26 | "labels": map[string]interface{}{ 27 | "local-cluster": "true", 28 | "cloud": "auto-detect", 29 | "vendor": "auto-detect", 30 | "velero.io/exclude-from-backup": "true", 31 | }, 32 | }, 33 | "spec": map[string]interface{}{ 34 | "hubAcceptsClient": true, 35 | }, 36 | }, 37 | } 38 | return managedCluster 39 | } 40 | 41 | func NewLocalNamespace(name string) *corev1.Namespace { 42 | return &corev1.Namespace{ 43 | ObjectMeta: metav1.ObjectMeta{ 44 | Name: name, 45 | }, 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /pkg/version/base.go: -------------------------------------------------------------------------------- 1 | // Copyright Contributors to the Open Cluster Management project 2 | 3 | package version 4 | 5 | // Base version information. 6 | // 7 | // This is the fallback data used when version information from git is not 8 | // provided via go ldflags (via Makefile). 9 | var ( 10 | // Output of "git describe". The prerequisite is that the branch should be 11 | // tagged using the correct versioning strategy. 12 | gitVersion = "v0.0.1-alpha.0" 13 | // SHA1 from git, output of $(git rev-parse HEAD) 14 | gitCommit = "unknown" 15 | // State of git tree, either "clean" or "dirty" 16 | gitTreeState = "unknown" 17 | // Build date in ISO8601 format, output of $(date -u +'%Y-%m-%dT%H:%M:%SZ') 18 | buildDate = "unknown" 19 | ) 20 | -------------------------------------------------------------------------------- /pkg/version/version_test.go: -------------------------------------------------------------------------------- 1 | // Copyright Contributors to the Open Cluster Management project 2 | 3 | package version 4 | 5 | import ( 6 | "fmt" 7 | "testing" 8 | ) 9 | 10 | func Test_ValidOCPVersion(t *testing.T) { 11 | tests := []struct { 12 | name string 13 | ocpVersion string 14 | envVar string 15 | wantErr bool 16 | }{ 17 | { 18 | name: "above min", 19 | ocpVersion: "4.99.99", 20 | wantErr: false, 21 | }, 22 | { 23 | name: "below min", 24 | ocpVersion: "4.9.99", 25 | wantErr: true, 26 | }, 27 | { 28 | name: "below min ignored", 29 | ocpVersion: "4.9.99", 30 | envVar: "DISABLE_OCP_MIN_VERSION", 31 | wantErr: false, 32 | }, 33 | { 34 | name: "no version found", 35 | ocpVersion: "", 36 | wantErr: true, 37 | }, 38 | { 39 | name: "dev version passing", 40 | ocpVersion: fmt.Sprintf("%s-dev", MinimumOCPVersion), 41 | wantErr: false, 42 | }, 43 | { 44 | name: "exact version", 45 | ocpVersion: MinimumOCPVersion, 46 | wantErr: false, 47 | }, 48 | } 49 | for _, tt := range tests { 50 | t.Run(tt.name, func(t *testing.T) { 51 | if tt.envVar != "" { 52 | t.Setenv(tt.envVar, "true") 53 | } 54 | if err := ValidOCPVersion(tt.ocpVersion); (err != nil) != tt.wantErr { 55 | t.Errorf("validOCPVersion() error = %v, wantErr %v", err, tt.wantErr) 56 | } 57 | }) 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /sonar-project.properties: -------------------------------------------------------------------------------- 1 | sonar.projectKey=open-cluster-management_backplane-operator 2 | sonar.projectName=backplane-operator 3 | sonar.sources=. 4 | sonar.exclusions=**/*_test.go,**/*_generated*.go,**/*_generated/**,**/vendor/**,test/**,mock-component-image/**,**.py,main.go,**/rbac.go,**/*.yaml,**/*.yml 5 | sonar.tests=. 6 | sonar.test.inclusions=**/*_test.go 7 | sonar.test.exclusions=**/*_generated*.go,**/*_generated/**,**/vendor/**,test/** 8 | sonar.go.tests.reportPaths=report.json 9 | sonar.coverage.exclusions=**/hosted.go 10 | sonar.go.coverage.reportPaths=coverage.out 11 | sonar.externalIssuesReportPaths=gosec.json 12 | -------------------------------------------------------------------------------- /test/function_tests/resources/managedcluster.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.open-cluster-management.io/v1 2 | kind: ManagedCluster 3 | metadata: 4 | name: mock-managedcluster 5 | spec: {} -------------------------------------------------------------------------------- /test/function_tests/resources/multiclusterhub.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Contributors to the Open Cluster Management project 2 | 3 | apiVersion: operator.open-cluster-management.io/v1 4 | kind: MultiClusterHub 5 | metadata: 6 | name: multiclusterhub 7 | namespace: backplane-operator-system 8 | spec: {} -------------------------------------------------------------------------------- /test/function_tests/run_tests.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright (c) 2021 Red Hat, Inc. 3 | # Copyright Contributors to the Open Cluster Management project 4 | 5 | 6 | 7 | echo "Starting Backplane Functional Tests ..." 8 | echo "" 9 | 10 | if [ -z "$TEST_MODE" ]; then 11 | echo "TEST_MODE not exported. Must be of type 'install'" 12 | exit 1 13 | fi 14 | 15 | 16 | 17 | if [[ "$TEST_MODE" == "install" ]]; then 18 | echo "Beginning Backplane Tests ..." 19 | echo "" 20 | ginkgo -tags functional -v --slowSpecThreshold=600 test/function_tests/backplane_operator_install_test 21 | fi 22 | -------------------------------------------------------------------------------- /test/unit-test-crds/cluster-api-provider-aws/awsclusters.infrastructure.cluster.x-k8s.io.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: awsclusters.infrastructure.cluster.x-k8s.io 5 | spec: 6 | group: infrastructure.cluster.x-k8s.io 7 | names: 8 | kind: AWSCluster 9 | listKind: AWSClusterList 10 | plural: awsclusters 11 | singular: awscluster 12 | scope: Namespaced 13 | versions: 14 | - name: v1beta1 15 | served: true 16 | storage: true 17 | schema: 18 | openAPIV3Schema: 19 | type: object 20 | properties: 21 | spec: 22 | type: object 23 | status: 24 | type: object 25 | -------------------------------------------------------------------------------- /test/unit-test-crds/cluster-api/clusters.cluster.x-k8s.io.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: clusters.cluster.x-k8s.io 5 | spec: 6 | group: cluster.x-k8s.io 7 | names: 8 | kind: Cluster 9 | listKind: ClusterList 10 | plural: clusters 11 | singular: cluster 12 | scope: Namespaced 13 | versions: 14 | - name: v1beta1 15 | served: true 16 | storage: true 17 | schema: 18 | openAPIV3Schema: 19 | type: object 20 | properties: 21 | spec: 22 | type: object 23 | status: 24 | type: object 25 | --------------------------------------------------------------------------------