diff --git a/Makefile b/Makefile index 894c04b6..69414b17 100644 --- a/Makefile +++ b/Makefile @@ -278,7 +278,7 @@ $(HELMIFY): $(LOCALBIN) .PHONY: helm helm: manifests kustomize license helmify - $(KUSTOMIZE) build config/helm | $(HELMIFY) -crd-dir charts/atlas-operator + $(KUSTOMIZE) build config/helm | $(HELMIFY) -crd-dir -generate-defaults -image-pull-secrets charts/atlas-operator .PHONY: cli-gen cli-gen: generate manifests helm license diff --git a/charts/atlas-operator/crds/atlasmigration-crd.yaml b/charts/atlas-operator/crds/atlasmigration-crd.yaml new file mode 100644 index 00000000..be361800 --- /dev/null +++ b/charts/atlas-operator/crds/atlasmigration-crd.yaml @@ -0,0 +1,345 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: atlasmigrations.db.atlasgo.io +spec: + group: db.atlasgo.io + names: + kind: AtlasMigration + listKind: AtlasMigrationList + plural: atlasmigrations + singular: atlasmigration + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].reason + name: Reason + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: AtlasMigration is the Schema for the atlasmigrations API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AtlasMigrationSpec defines the desired state of AtlasMigration + properties: + baseline: + description: BaselineVersion defines the baseline version of the database + on the first migration. + type: string + cloud: + description: Cloud defines the Atlas Cloud configuration. + properties: + project: + type: string + tokenFrom: + description: TokenFrom defines a reference to a secret key that + contains the Atlas Cloud Token + properties: + secretKeyRef: + description: SecretKeyRef references to the key of a secret + in the same namespace. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + url: + type: string + type: object + credentials: + description: Credentials defines the credentials to use when connecting + to the database. Used instead of URL or URLFrom. + properties: + database: + type: string + host: + type: string + hostFrom: + description: Secret defines a secret key reference. + properties: + secretKeyRef: + description: SecretKeyRef defines the secret key reference + to use for the user. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + parameters: + additionalProperties: + type: string + type: object + password: + type: string + passwordFrom: + description: Secret defines a secret key reference. + properties: + secretKeyRef: + description: SecretKeyRef defines the secret key reference + to use for the user. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + port: + type: integer + scheme: + type: string + user: + type: string + userFrom: + description: Secret defines a secret key reference. + properties: + secretKeyRef: + description: SecretKeyRef defines the secret key reference + to use for the user. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + dir: + description: Dir defines the directory to use for migrations as a + configmap key reference. + properties: + configMapRef: + description: ConfigMapRef defines the configmap to use for migrations + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + local: + additionalProperties: + type: string + description: Local defines the local migration directory. + type: object + remote: + description: Remote defines the Atlas Cloud migration directory. + properties: + name: + type: string + tag: + type: string + type: object + type: object + envName: + description: EnvName sets the environment name used for reporting + runs to Atlas Cloud. + type: string + execOrder: + default: linear + description: ExecOrder controls how Atlas computes and executes pending + migration files to the database. + enum: + - linear + - linear-skip + - non-linear + type: string + revisionsSchema: + description: RevisionsSchema defines the schema that revisions table + resides in + type: string + url: + description: URL of the target database schema. + type: string + urlFrom: + description: URLs may be defined as a secret key reference. + properties: + secretKeyRef: + description: SecretKeyRef defines the secret key reference to + use for the user. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - dir + type: object + status: + description: AtlasMigrationStatus defines the observed state of AtlasMigration + properties: + conditions: + description: Conditions represent the latest available observations + of an object's state. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastApplied: + description: LastApplied is the unix timestamp of the most recent + successful versioned migration. + format: int64 + type: integer + lastAppliedVersion: + description: LastAppliedVersion is the version of the most recent + successful versioned migration. + type: string + lastDeploymentUrl: + description: LastDeploymentURL is the Deployment URL of the most recent + successful versioned migration. + type: string + observed_hash: + description: ObservedHash is the hash of the most recent successful + versioned migration. + type: string + required: + - lastApplied + - observed_hash + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/atlas-operator/crds/atlasschema-crd.yaml b/charts/atlas-operator/crds/atlasschema-crd.yaml new file mode 100644 index 00000000..03c54ffe --- /dev/null +++ b/charts/atlas-operator/crds/atlasschema-crd.yaml @@ -0,0 +1,378 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: atlasschemas.db.atlasgo.io +spec: + group: db.atlasgo.io + names: + kind: AtlasSchema + listKind: AtlasSchemaList + plural: atlasschemas + singular: atlasschema + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].reason + name: Reason + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: AtlasSchema is the Schema for the atlasschemas API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AtlasSchemaSpec defines the desired state of AtlasSchema + properties: + credentials: + description: Credentials defines the credentials to use when connecting + to the database. Used instead of URL or URLFrom. + properties: + database: + type: string + host: + type: string + hostFrom: + description: Secret defines a secret key reference. + properties: + secretKeyRef: + description: SecretKeyRef defines the secret key reference + to use for the user. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + parameters: + additionalProperties: + type: string + type: object + password: + type: string + passwordFrom: + description: Secret defines a secret key reference. + properties: + secretKeyRef: + description: SecretKeyRef defines the secret key reference + to use for the user. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + port: + type: integer + scheme: + type: string + user: + type: string + userFrom: + description: Secret defines a secret key reference. + properties: + secretKeyRef: + description: SecretKeyRef defines the secret key reference + to use for the user. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + devURL: + description: DevURL is the URL of the database to use for normalization + and calculations. If not specified, the operator will spin up a + temporary database container to use for these operations. + type: string + devURLFrom: + description: DevURLFrom is a reference to a secret containing the + URL of the database to use for normalization and calculations. + properties: + secretKeyRef: + description: SecretKeyRef defines the secret key reference to + use for the user. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + exclude: + description: Exclude a list of glob patterns used to filter existing + resources being taken into account. + items: + type: string + type: array + policy: + description: Policy defines the policies to apply when managing the + schema change lifecycle. + properties: + diff: + description: Diff defines the diff policies to apply when planning + schema changes. + properties: + skip: + description: SkipChanges represents the skip changes policy. + properties: + add_column: + type: boolean + add_foreign_key: + type: boolean + add_index: + type: boolean + add_schema: + type: boolean + add_table: + type: boolean + drop_column: + type: boolean + drop_foreign_key: + type: boolean + drop_index: + type: boolean + drop_schema: + type: boolean + drop_table: + type: boolean + modify_column: + type: boolean + modify_foreign_key: + type: boolean + modify_index: + type: boolean + modify_schema: + type: boolean + modify_table: + type: boolean + type: object + type: object + lint: + description: Lint defines the linting policies to apply before + applying the schema. + properties: + destructive: + description: CheckConfig defines the configuration of a linting + check. + properties: + error: + type: boolean + type: object + type: object + type: object + schema: + description: Desired Schema of the target. + properties: + configMapKeyRef: + description: Selects a key from a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + hcl: + type: string + sql: + type: string + type: object + schemas: + description: The names of the schemas (named databases) on the target + database to be managed. + items: + type: string + type: array + url: + description: URL of the target database schema. + type: string + urlFrom: + description: URLs may be defined as a secret key reference. + properties: + secretKeyRef: + description: SecretKeyRef defines the secret key reference to + use for the user. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + status: + description: AtlasSchemaStatus defines the observed state of AtlasSchema + properties: + conditions: + description: Conditions represent the latest available observations + of an object's state. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + last_applied: + description: LastApplied is the unix timestamp of the most recent + successful schema apply operation. + format: int64 + type: integer + observed_hash: + description: ObservedHash is the hash of the most recently applied + schema. + type: string + required: + - last_applied + - observed_hash + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/atlas-operator/templates/deployment.yaml b/charts/atlas-operator/templates/deployment.yaml index 2f14f588..fa282fdb 100644 --- a/charts/atlas-operator/templates/deployment.yaml +++ b/charts/atlas-operator/templates/deployment.yaml @@ -1,7 +1,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "atlas-operator.fullname" . }} + name: {{ include "atlas-operator.fullname" . }}-controller-manager labels: app.kubernetes.io/component: manager app.kubernetes.io/created-by: atlas-operator @@ -9,7 +9,7 @@ metadata: control-plane: controller-manager {{- include "atlas-operator.labels" . | nindent 4 }} spec: - replicas: {{ .Values.replicaCount }} + replicas: {{ .Values.controllerManager.replicas }} selector: matchLabels: control-plane: controller-manager @@ -19,15 +19,20 @@ spec: labels: control-plane: controller-manager {{- include "atlas-operator.selectorLabels" . | nindent 8 }} - {{- with .Values.podAnnotations }} annotations: - {{- toYaml . | nindent 8 }} kubectl.kubernetes.io/default-container: manager - {{- end }} spec: containers: - - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} + - args: {{- toYaml .Values.controllerManager.manager.args | nindent 8 }} + command: + - /manager + env: + - name: PREWARM_DEVDB + value: {{ quote .Values.controllerManager.manager.env.prewarmDevdb }} + - name: KUBERNETES_CLUSTER_DOMAIN + value: {{ quote .Values.kubernetesClusterDomain }} + image: {{ .Values.controllerManager.manager.image.repository }}:{{ .Values.controllerManager.manager.image.tag + | default .Chart.AppVersion }} livenessProbe: httpGet: path: /healthz @@ -41,30 +46,12 @@ spec: port: 8081 initialDelaySeconds: 5 periodSeconds: 10 - resources: - {{- toYaml .Values.resources | nindent 12 }} - securityContext: - {{- toYaml .Values.containerSecurityContext | nindent 12 }} - env: - - name: PREWARM_DEVDB - value: "{{ .Values.prewarmDevDB }}" - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} + resources: {{- toYaml .Values.controllerManager.manager.resources | nindent 10 + }} + securityContext: {{- toYaml .Values.controllerManager.manager.containerSecurityContext + | nindent 10 }} + imagePullSecrets: {{ .Values.imagePullSecrets | default list | toJson }} securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - serviceAccountName: {{ include "atlas-operator.serviceAccountName" . }} - terminationGracePeriodSeconds: 10 - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} + runAsNonRoot: true + serviceAccountName: {{ include "atlas-operator.fullname" . }}-controller-manager + terminationGracePeriodSeconds: 10 \ No newline at end of file diff --git a/charts/atlas-operator/templates/leader-election-rbac.yaml b/charts/atlas-operator/templates/leader-election-rbac.yaml index fc38101b..c065c403 100644 --- a/charts/atlas-operator/templates/leader-election-rbac.yaml +++ b/charts/atlas-operator/templates/leader-election-rbac.yaml @@ -1,8 +1,7 @@ -{{- if .Values.rbac.create -}} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ include "atlas-operator.leaderElectionRole" . }} + name: {{ include "atlas-operator.fullname" . }}-leader-election-role labels: app.kubernetes.io/component: rbac app.kubernetes.io/created-by: atlas-operator @@ -44,7 +43,7 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ include "atlas-operator.leaderElectionRole" . }}-binding + name: {{ include "atlas-operator.fullname" . }}-leader-election-rolebinding labels: app.kubernetes.io/component: rbac app.kubernetes.io/created-by: atlas-operator @@ -53,9 +52,8 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: '{{ include "atlas-operator.leaderElectionRole" . }}' + name: '{{ include "atlas-operator.fullname" . }}-leader-election-role' subjects: - kind: ServiceAccount - name: '{{ include "atlas-operator.serviceAccountName" . }}' - namespace: '{{ .Release.Namespace }}' -{{- end }} + name: '{{ include "atlas-operator.fullname" . }}-controller-manager' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/charts/atlas-operator/templates/manager-rbac.yaml b/charts/atlas-operator/templates/manager-rbac.yaml index 4a7a0296..6b9b7439 100644 --- a/charts/atlas-operator/templates/manager-rbac.yaml +++ b/charts/atlas-operator/templates/manager-rbac.yaml @@ -1,8 +1,7 @@ -{{- if .Values.rbac.create -}} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ include "atlas-operator.managerRoleName" . }} + name: {{ include "atlas-operator.fullname" . }}-manager-role labels: {{- include "atlas-operator.labels" . | nindent 4 }} rules: @@ -100,7 +99,7 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ include "atlas-operator.managerRoleName" . }}-binding + name: {{ include "atlas-operator.fullname" . }}-manager-rolebinding labels: app.kubernetes.io/component: rbac app.kubernetes.io/created-by: atlas-operator @@ -109,9 +108,8 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: '{{ include "atlas-operator.managerRoleName" . }}' + name: '{{ include "atlas-operator.fullname" . }}-manager-role' subjects: - kind: ServiceAccount - name: '{{ include "atlas-operator.serviceAccountName" . }}' - namespace: '{{ .Release.Namespace }}' -{{- end }} + name: '{{ include "atlas-operator.fullname" . }}-controller-manager' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/charts/atlas-operator/templates/serviceaccount.yaml b/charts/atlas-operator/templates/serviceaccount.yaml index 902f40a0..4715bd0d 100644 --- a/charts/atlas-operator/templates/serviceaccount.yaml +++ b/charts/atlas-operator/templates/serviceaccount.yaml @@ -1,15 +1,11 @@ -{{- if .Values.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "atlas-operator.serviceAccountName" . }} + name: {{ include "atlas-operator.fullname" . }}-controller-manager labels: app.kubernetes.io/component: rbac app.kubernetes.io/created-by: atlas-operator app.kubernetes.io/part-of: atlas-operator {{- include "atlas-operator.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} + {{- toYaml .Values.controllerManager.serviceAccount.annotations | nindent 4 }} \ No newline at end of file diff --git a/charts/atlas-operator/values.yaml b/charts/atlas-operator/values.yaml index 38ae71bf..8da380ea 100644 --- a/charts/atlas-operator/values.yaml +++ b/charts/atlas-operator/values.yaml @@ -1,46 +1,27 @@ -# Default values for atlas-operator. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: arigaio/atlas-operator - pullPolicy: IfNotPresent - tag: "" - -rbac: - create: true - +controllerManager: + manager: + args: + - --leader-elect + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsUser: 1000 + env: + prewarmDevdb: "true" + image: + repository: arigaio/atlas-operator + tag: latest + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + replicas: 1 + serviceAccount: + annotations: {} imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - create: true - annotations: {} - name: "" - -podAnnotations: {} - -podSecurityContext: - runAsNonRoot: true - -securityContext: - runAsUser: 1000 - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - -resources: {} - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -# By default, the operator will recreate devdb pods after migration -# Set this to true to keep the devdb pods around. -prewarmDevDB: true \ No newline at end of file +kubernetesClusterDomain: cluster.local