Skip to content

Commit

Permalink
⚠️ Move .spec.install.namespace and .spec.install.serviceAccount
Browse files Browse the repository at this point in the history
…to `.spec.namespace` and `.spec.serviceAccount` (#1439)

* move namespace and serviceAccount fields to spec root

Signed-off-by: everettraven <everettraven@gmail.com>

* address comments, make verify

Signed-off-by: everettraven <everettraven@gmail.com>

* fix e2e failures

Signed-off-by: everettraven <everettraven@gmail.com>

---------

Signed-off-by: everettraven <everettraven@gmail.com>
  • Loading branch information
everettraven authored Nov 11, 2024
1 parent 6c2be08 commit aaa0e00
Show file tree
Hide file tree
Showing 13 changed files with 270 additions and 277 deletions.
74 changes: 33 additions & 41 deletions api/v1alpha1/clusterextension_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,34 @@ const (

// ClusterExtensionSpec defines the desired state of ClusterExtension
type ClusterExtensionSpec struct {
// namespace is a reference to a Kubernetes namespace.
// This is the namespace in which the provided ServiceAccount must exist.
// It also designates the default namespace where namespace-scoped resources
// for the extension are applied to the cluster.
// Some extensions may contain namespace-scoped resources to be applied in other namespaces.
// This namespace must exist.
//
// namespace is required, immutable, and follows the DNS label standard
// as defined in [RFC 1123]. It must contain only lowercase alphanumeric characters or hyphens (-),
// start and end with an alphanumeric character, and be no longer than 63 characters
//
// [RFC 1123]: https://tools.ietf.org/html/rfc1123
//
// +kubebuilder:validation:MaxLength:=63
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="namespace is immutable"
// +kubebuilder:validation:XValidation:rule="self.matches(\"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$\")",message="namespace must be a valid DNS1123 label"
// +kubebuilder:validation:Required
Namespace string `json:"namespace"`

// serviceAccount is a reference to a ServiceAccount used to perform all interactions
// with the cluster that are required to manage the extension.
// The ServiceAccount must be configured with the necessary permissions to perform these interactions.
// The ServiceAccount must exist in the namespace referenced in the spec.
// serviceAccount is required.
//
// +kubebuilder:validation:Required
ServiceAccount ServiceAccountReference `json:"serviceAccount"`

// source is a required field which selects the installation source of content
// for this ClusterExtension. Selection is performed by setting the sourceType.
//
Expand All @@ -59,18 +87,11 @@ type ClusterExtensionSpec struct {
// +kubebuilder:validation:Required
Source SourceConfig `json:"source"`

// install is a required field used to configure the installation options
// for the ClusterExtension such as the installation namespace,
// the service account and the pre-flight check configuration.
// install is an optional field used to configure the installation options
// for the ClusterExtension such as the pre-flight check configuration.
//
// Below is a minimal example of an installation definition (in yaml):
// install:
// namespace: example-namespace
// serviceAccount:
// name: example-sa
//
// +kubebuilder:validation:Required
Install ClusterExtensionInstallConfig `json:"install"`
// +optional
Install *ClusterExtensionInstallConfig `json:"install,omitempty"`
}

const SourceTypeCatalog = "Catalog"
Expand Down Expand Up @@ -104,38 +125,9 @@ type SourceConfig struct {
// ClusterExtensionInstallConfig is a union which selects the clusterExtension installation config.
// ClusterExtensionInstallConfig requires the namespace and serviceAccount which should be used for the installation of packages.
//
// +kubebuilder:validation:XValidation:rule="has(self.preflight)",message="at least one of [preflight] are required when install is specified"
// +union
type ClusterExtensionInstallConfig struct {
// namespace designates the kubernetes Namespace where bundle content
// for the package, referenced in the 'packageName' field, will be applied and the necessary
// service account can be found.
// The bundle may contain cluster-scoped resources or resources that are
// applied to other Namespaces. This Namespace is expected to exist.
//
// namespace is required, immutable, and follows the DNS label standard
// as defined in [RFC 1123]. It must contain only lowercase alphanumeric characters or hyphens (-),
// start and end with an alphanumeric character, and be no longer than 63 characters
//
// [RFC 1123]: https://tools.ietf.org/html/rfc1123
//
// +kubebuilder:validation:MaxLength:=63
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="namespace is immutable"
// +kubebuilder:validation:XValidation:rule="self.matches(\"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$\")",message="namespace must be a valid DNS1123 label. It must contain only lowercase alphanumeric characters or hyphens (-), start and end with an alphanumeric character, and be no longer than 63 characters"
// +kubebuilder:validation:Required
Namespace string `json:"namespace"`

// serviceAccount is a required reference to a ServiceAccount that exists
// in the installNamespace which is used to install and
// manage the content for the package specified in the packageName field.
//
// In order to successfully install and manage the content for the package,
// the ServiceAccount provided via this field should be configured with the
// appropriate permissions to perform the necessary operations on all the
// resources that are included in the bundle of content being applied.
//
// +kubebuilder:validation:Required
ServiceAccount ServiceAccountReference `json:"serviceAccount"`

// preflight is an optional field that can be used to configure the checks that are
// run before installation or upgrade of the content for the package specified in the packageName field.
//
Expand Down
8 changes: 6 additions & 2 deletions api/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion cmd/manager/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -197,7 +197,7 @@ func main() {
helmclient.StorageDriverMapper(action.ChunkedStorageDriverMapper(coreClient, mgr.GetAPIReader(), systemNamespace)),
helmclient.ClientNamespaceMapper(func(obj client.Object) (string, error) {
ext := obj.(*ocv1alpha1.ClusterExtension)
return ext.Spec.Install.Namespace, nil
return ext.Spec.Namespace, nil
}),
helmclient.ClientRestConfigMapper(clientRestConfigMapper),
)
Expand Down
146 changes: 68 additions & 78 deletions config/base/crd/bases/olm.operatorframework.io_clusterextensions.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -58,39 +58,9 @@ spec:
properties:
install:
description: |-
install is a required field used to configure the installation options
for the ClusterExtension such as the installation namespace,
the service account and the pre-flight check configuration.
Below is a minimal example of an installation definition (in yaml):
install:
namespace: example-namespace
serviceAccount:
name: example-sa
install is an optional field used to configure the installation options
for the ClusterExtension such as the pre-flight check configuration.
properties:
namespace:
description: |-
namespace designates the kubernetes Namespace where bundle content
for the package, referenced in the 'packageName' field, will be applied and the necessary
service account can be found.
The bundle may contain cluster-scoped resources or resources that are
applied to other Namespaces. This Namespace is expected to exist.
namespace is required, immutable, and follows the DNS label standard
as defined in [RFC 1123]. It must contain only lowercase alphanumeric characters or hyphens (-),
start and end with an alphanumeric character, and be no longer than 63 characters
[RFC 1123]: https://tools.ietf.org/html/rfc1123
maxLength: 63
type: string
x-kubernetes-validations:
- message: namespace is immutable
rule: self == oldSelf
- message: namespace must be a valid DNS1123 label. It must contain
only lowercase alphanumeric characters or hyphens (-), start
and end with an alphanumeric character, and be no longer than
63 characters
rule: self.matches("^[a-z0-9]([-a-z0-9]*[a-z0-9])?$")
preflight:
description: |-
preflight is an optional field that can be used to configure the checks that are
Expand Down Expand Up @@ -133,58 +103,77 @@ spec:
- message: at least one of [crdUpgradeSafety] are required when
preflight is specified
rule: has(self.crdUpgradeSafety)
serviceAccount:
type: object
x-kubernetes-validations:
- message: at least one of [preflight] are required when install is
specified
rule: has(self.preflight)
namespace:
description: |-
namespace is a reference to a Kubernetes namespace.
This is the namespace in which the provided ServiceAccount must exist.
It also designates the default namespace where namespace-scoped resources
for the extension are applied to the cluster.
Some extensions may contain namespace-scoped resources to be applied in other namespaces.
This namespace must exist.
namespace is required, immutable, and follows the DNS label standard
as defined in [RFC 1123]. It must contain only lowercase alphanumeric characters or hyphens (-),
start and end with an alphanumeric character, and be no longer than 63 characters
[RFC 1123]: https://tools.ietf.org/html/rfc1123
maxLength: 63
type: string
x-kubernetes-validations:
- message: namespace is immutable
rule: self == oldSelf
- message: namespace must be a valid DNS1123 label
rule: self.matches("^[a-z0-9]([-a-z0-9]*[a-z0-9])?$")
serviceAccount:
description: |-
serviceAccount is a reference to a ServiceAccount used to perform all interactions
with the cluster that are required to manage the extension.
The ServiceAccount must be configured with the necessary permissions to perform these interactions.
The ServiceAccount must exist in the namespace referenced in the spec.
serviceAccount is required.
properties:
name:
description: |-
serviceAccount is a required reference to a ServiceAccount that exists
in the installNamespace which is used to install and
manage the content for the package specified in the packageName field.
In order to successfully install and manage the content for the package,
the ServiceAccount provided via this field should be configured with the
appropriate permissions to perform the necessary operations on all the
resources that are included in the bundle of content being applied.
properties:
name:
description: |-
name is a required, immutable reference to the name of the ServiceAccount
to be used for installation and management of the content for the package
specified in the packageName field.
name is a required, immutable reference to the name of the ServiceAccount
to be used for installation and management of the content for the package
specified in the packageName field.
This ServiceAccount must exist in the installNamespace.
This ServiceAccount must exist in the installNamespace.
name follows the DNS subdomain standard as defined in [RFC 1123].
It must contain only lowercase alphanumeric characters,
hyphens (-) or periods (.), start and end with an alphanumeric character,
and be no longer than 253 characters.
name follows the DNS subdomain standard as defined in [RFC 1123].
It must contain only lowercase alphanumeric characters,
hyphens (-) or periods (.), start and end with an alphanumeric character,
and be no longer than 253 characters.
Some examples of valid values are:
- some-serviceaccount
- 123-serviceaccount
- 1-serviceaccount-2
- someserviceaccount
- some.serviceaccount
Some examples of valid values are:
- some-serviceaccount
- 123-serviceaccount
- 1-serviceaccount-2
- someserviceaccount
- some.serviceaccount
Some examples of invalid values are:
- -some-serviceaccount
- some-serviceaccount-
Some examples of invalid values are:
- -some-serviceaccount
- some-serviceaccount-
[RFC 1123]: https://tools.ietf.org/html/rfc1123
maxLength: 253
type: string
x-kubernetes-validations:
- message: name is immutable
rule: self == oldSelf
- message: name must be a valid DNS1123 subdomain. It must
contain only lowercase alphanumeric characters, hyphens
(-) or periods (.), start and end with an alphanumeric
character, and be no longer than 253 characters
rule: self.matches("^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$")
required:
- name
type: object
[RFC 1123]: https://tools.ietf.org/html/rfc1123
maxLength: 253
type: string
x-kubernetes-validations:
- message: name is immutable
rule: self == oldSelf
- message: name must be a valid DNS1123 subdomain. It must contain
only lowercase alphanumeric characters, hyphens (-) or periods
(.), start and end with an alphanumeric character, and be
no longer than 253 characters
rule: self.matches("^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$")
required:
- namespace
- serviceAccount
- name
type: object
source:
description: |-
Expand Down Expand Up @@ -468,7 +457,8 @@ spec:
rule: 'has(self.sourceType) && self.sourceType == ''Catalog'' ?
has(self.catalog) : !has(self.catalog)'
required:
- install
- namespace
- serviceAccount
- source
type: object
status:
Expand Down
7 changes: 3 additions & 4 deletions config/samples/olm_v1alpha1_clusterextension.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -272,12 +272,11 @@ kind: ClusterExtension
metadata:
name: argocd
spec:
namespace: argocd
serviceAccount:
name: argocd-installer
source:
sourceType: Catalog
catalog:
packageName: argocd-operator
version: 0.6.0
install:
namespace: argocd
serviceAccount:
name: argocd-installer
Loading

0 comments on commit aaa0e00

Please sign in to comment.