Artifactory Operator v1.1.0 published

2026-01-21 05:06:56 -06:00 · 2020-10-02 20:25:06 -07:00
parent c49b583510
commit 2cdddcf59d
21 changed files with 1912 additions and 65 deletions
--- a/Openshift4/operator/artifactory-ha-operator/config/rbac/namespace.yaml
+++ b/Openshift4/operator/artifactory-ha-operator/config/rbac/namespace.yaml
@@ -0,0 +1,4 @@
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: jfrog-artifactory
--- a/Openshift4/operator/artifactory-ha-operator/config/rbac/openshiftartifactoryha_editor_role.yaml
+++ b/Openshift4/operator/artifactory-ha-operator/config/rbac/openshiftartifactoryha_editor_role.yaml
@@ -0,0 +1,24 @@
+# permissions for end users to edit openshiftartifactoryhas.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: openshiftartifactoryha-editor-role
+rules:
+- apiGroups:
+  - cache.jfrog.com
+  resources:
+  - openshiftartifactoryhas
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - cache.jfrog.com
+  resources:
+  - openshiftartifactoryhas/status
+  verbs:
+  - get
--- a/Openshift4/operator/artifactory-ha-operator/config/rbac/openshiftartifactoryha_viewer_role.yaml
+++ b/Openshift4/operator/artifactory-ha-operator/config/rbac/openshiftartifactoryha_viewer_role.yaml
@@ -0,0 +1,20 @@
+# permissions for end users to view openshiftartifactoryhas.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: openshiftartifactoryha-viewer-role
+rules:
+- apiGroups:
+  - cache.jfrog.com
+  resources:
+  - openshiftartifactoryhas
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - cache.jfrog.com
+  resources:
+  - openshiftartifactoryhas/status
+  verbs:
+  - get
--- a/Openshift4/operator/artifactory-ha-operator/config/rbac/project.yaml
+++ b/Openshift4/operator/artifactory-ha-operator/config/rbac/project.yaml
@@ -0,0 +1,89 @@
+apiVersion: template.openshift.io/v1
+kind: Template
+metadata:
+  creationTimestamp: null
+  name: project-request
+objects:
+- apiVersion: project.openshift.io/v1
+  kind: Project
+  metadata:
+    annotations:
+      openshift.io/description: JFrog Artifactory
+      openshift.io/display-name: jfrog-artifactory
+      openshift.io/requester: integrations@jfrog.com
+    creationTimestamp: null
+    name: jfrog-artifactory
+  spec: {}
+  status: {}
+- apiVersion: rbac.authorization.k8s.io/v1
+  kind: RoleBinding
+  metadata:
+    annotations:
+      openshift.io/description: Allows all pods in this namespace to pull images from
+        this namespace.  It is auto-managed by a controller; remove subjects to disable.
+    creationTimestamp: null
+    name: system:image-pullers
+    namespace: jfrog-artifactory
+  roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: ClusterRole
+    name: system:image-puller
+  subjects:
+  - apiGroup: rbac.authorization.k8s.io
+    kind: Group
+    name: system:serviceaccounts:jfrog-artifactory
+- apiVersion: rbac.authorization.k8s.io/v1
+  kind: RoleBinding
+  metadata:
+    annotations:
+      openshift.io/description: Allows builds in this namespace to push images to
+        this namespace.  It is auto-managed by a controller; remove subjects to disable.
+    creationTimestamp: null
+    name: system:image-builders
+    namespace: jfrog-artifactory
+  roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: ClusterRole
+    name: system:image-builder
+  subjects:
+  - kind: ServiceAccount
+    name: builder
+    namespace: jfrog-artifactory
+- apiVersion: rbac.authorization.k8s.io/v1
+  kind: RoleBinding
+  metadata:
+    annotations:
+      openshift.io/description: Allows deploymentconfigs in this namespace to rollout
+        pods in this namespace.  It is auto-managed by a controller; remove subjects
+        to disable.
+    creationTimestamp: null
+    name: system:deployers
+    namespace: jfrog-artifactory
+  roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: ClusterRole
+    name: system:deployer
+  subjects:
+  - kind: ServiceAccount
+    name: deployer
+    namespace: jfrog-artifactory
+- apiVersion: rbac.authorization.k8s.io/v1
+  kind: RoleBinding
+  metadata:
+    creationTimestamp: null
+    name: admin
+    namespace: jfrog-artifactory
+  roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: ClusterRole
+    name: admin
+  subjects:
+  - apiGroup: rbac.authorization.k8s.io
+    kind: User
+    name: kubeadmin
+parameters:
+- name: PROJECT_NAME
+- name: PROJECT_DISPLAYNAME
+- name: PROJECT_DESCRIPTION
+- name: PROJECT_ADMIN_USER
+- name: PROJECT_REQUESTING_USER
--- a/Openshift4/operator/artifactory-ha-operator/config/rbac/role.yaml
+++ b/Openshift4/operator/artifactory-ha-operator/config/rbac/role.yaml
@@ -1,31 +1,119 @@
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
+kind: Role
 metadata:
-  name: manager-role
+  creationTimestamp: null
+  name: artifactory-ha-operator
 rules:
-##
-## Base operator rules
-##
-# We need to get namespaces so the operator can read namespaces to ensure they exist
 - apiGroups:
-  - ""
+    - ""
  resources:
-  - namespaces
+    - pods
+    - services
+    - services/finalizers
+    - endpoints
+    - persistentvolumeclaims
+    - events
+    - configmaps
+    - secrets
+    - serviceaccounts
  verbs:
-  - get
-# We need to manage Helm release secrets
+    - create
+    - delete
+    - get
+    - list
+    - patch
+    - update
+    - watch
 - apiGroups:
-  - ""
+    - apps
  resources:
-  - secrets
+    - deployments
+    - daemonsets
+    - replicasets
+    - statefulsets
  verbs:
-  - "*"
-# We need to create events on CRs about things happening during reconciliation
+    - create
+    - delete
+    - get
+    - list
+    - patch
+    - update
+    - watch
 - apiGroups:
-  - ""
+    - ""
  resources:
-  - events
+    - namespaces
  verbs:
-  - create
-
-# +kubebuilder:scaffold:rules
+    - get
+- apiGroups:
+    - ""
+  resourceNames:
+    - artifactory-ha-operator
+  resources:
+    - '*'
+  verbs:
+    - '*'
+- apiGroups:
+    - ""
+  resources:
+    - events
+  verbs:
+    - create
+- apiGroups:
+    - monitoring.coreos.com
+  resources:
+    - servicemonitors
+  verbs:
+    - get
+    - create
+- apiGroups:
+    - apps
+  resourceNames:
+    - artifactory-ha-operator
+  resources:
+    - deployments/finalizers
+  verbs:
+    - update
+- apiGroups:
+    - ""
+  resources:
+    - pods
+  verbs:
+    - get
+- apiGroups:
+    - apps
+  resources:
+    - replicasets
+    - deployments
+  verbs:
+    - get
+- apiGroups:
+    - charts.helm.k8s.io
+  resources:
+    - '*'
+  verbs:
+    - create
+    - delete
+    - get
+    - list
+    - patch
+    - update
+    - watch
+- apiGroups:
+    - networking.k8s.io
+  resources:
+    - '*'
+  verbs:
+    - '*'
+- apiGroups:
+    - policy
+  resources:
+    - '*'
+  verbs:
+    - '*'
+- apiGroups:
+    - 'rbac.authorization.k8s.io'
+  resources:
+    - '*'
+  verbs:
+    - '*'
--- a/Openshift4/operator/artifactory-ha-operator/config/rbac/role_binding.yaml
+++ b/Openshift4/operator/artifactory-ha-operator/config/rbac/role_binding.yaml
@@ -1,12 +1,11 @@
+kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
 metadata:
-  name: manager-rolebinding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: manager-role
+  name: artifactory-ha-operator
 subjects:
 - kind: ServiceAccount
-  name: default
-  namespace: system
+  name: artifactory-ha-operator
+roleRef:
+  kind: Role
+  name: artifactory-ha-operator
+  apiGroup: rbac.authorization.k8s.io
--- a/Openshift4/operator/artifactory-ha-operator/config/rbac/service_account.yaml
+++ b/Openshift4/operator/artifactory-ha-operator/config/rbac/service_account.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: artifactory-ha-operator