From 5c2db1e8bcf59c2da344b7e35e0c3ea0dfbb6849 Mon Sep 17 00:00:00 2001 From: "Hossein Pursultani (Operator Release)" Date: Thu, 2 Nov 2023 20:15:44 +1100 Subject: [PATCH 1/2] Add GitLab Operator 0.25.1 Signed-off-by: Hossein Pursultani (Operator Release) --- .../manifests/apps.gitlab.com_gitlabs.yaml | 150 +++++ ...er-manager-metrics-service_v1_service.yaml | 16 + ...c.authorization.k8s.io_v1_clusterrole.yaml | 10 + ...ator-kubernetes.clusterserviceversion.yaml | 629 ++++++++++++++++++ ...c.authorization.k8s.io_v1_clusterrole.yaml | 35 + ...rization.k8s.io_v1_clusterrolebinding.yaml | 13 + ...b-prometheus-server_v1_serviceaccount.yaml | 5 + .../gitlab-webhook-service_v1_service.yaml | 14 + .../0.25.1/metadata/annotations.yaml | 15 + .../0.25.1/tests/scorecard/config.yaml | 70 ++ 10 files changed, 957 insertions(+) create mode 100644 operators/gitlab-operator-kubernetes/0.25.1/manifests/apps.gitlab.com_gitlabs.yaml create mode 100644 operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-controller-manager-metrics-service_v1_service.yaml create mode 100644 operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml create mode 100644 operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-operator-kubernetes.clusterserviceversion.yaml create mode 100644 operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-prometheus-server_rbac.authorization.k8s.io_v1_clusterrole.yaml create mode 100644 operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-prometheus-server_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml create mode 100644 operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-prometheus-server_v1_serviceaccount.yaml create mode 100644 operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-webhook-service_v1_service.yaml create mode 100644 operators/gitlab-operator-kubernetes/0.25.1/metadata/annotations.yaml create mode 100644 operators/gitlab-operator-kubernetes/0.25.1/tests/scorecard/config.yaml diff --git a/operators/gitlab-operator-kubernetes/0.25.1/manifests/apps.gitlab.com_gitlabs.yaml b/operators/gitlab-operator-kubernetes/0.25.1/manifests/apps.gitlab.com_gitlabs.yaml new file mode 100644 index 0000000000..431b36386e --- /dev/null +++ b/operators/gitlab-operator-kubernetes/0.25.1/manifests/apps.gitlab.com_gitlabs.yaml @@ -0,0 +1,150 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: gitlabs.apps.gitlab.com +spec: + group: apps.gitlab.com + names: + kind: GitLab + listKind: GitLabList + plural: gitlabs + shortNames: + - gl + singular: gitlab + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: STATUS + type: string + - jsonPath: .status.version + name: VERSION + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: GitLab is a complete DevOps platform, delivered in a single application. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of the desired behavior of a GitLab instance. + properties: + chart: + description: The specification of GitLab Chart that is used to deploy + the instance. + properties: + values: + description: ChartValues is the set of Helm values that is used + to render the GitLab Chart. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: ChartVersion is the semantic version of the GitLab + Chart. + pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ + type: string + type: object + type: object + status: + description: Most recently observed status of the GitLab instance. It + is read-only to the user. + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + phase: + type: string + version: + type: string + required: + - conditions + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-controller-manager-metrics-service_v1_service.yaml b/operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-controller-manager-metrics-service_v1_service.yaml new file mode 100644 index 0000000000..99004c8226 --- /dev/null +++ b/operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-controller-manager-metrics-service_v1_service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + control-plane: controller-manager + name: gitlab-controller-manager-metrics-service +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 0000000000..06320d3622 --- /dev/null +++ b/operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,10 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: gitlab-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-operator-kubernetes.clusterserviceversion.yaml b/operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-operator-kubernetes.clusterserviceversion.yaml new file mode 100644 index 0000000000..cec7bc4fb8 --- /dev/null +++ b/operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-operator-kubernetes.clusterserviceversion.yaml @@ -0,0 +1,629 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "apps.gitlab.com/v1beta1", + "kind": "GitLab", + "metadata": { + "name": "gitlab", + "namespace": "gitlab-system" + }, + "spec": { + "chart": { + "values": { + "certmanager": { + "install": false + }, + "global": { + "hosts": { + "domain": "example.com", + "hostSuffix": null + }, + "ingress": { + "configureCertmanager": false, + "tls": { + "secretName": null + } + } + } + }, + "version": "7.5.1" + } + } + } + ] + capabilities: Seamless Upgrades + categories: Integration & Delivery, Developer Tools + certified: "true" + containerImage: registry.gitlab.com/gitlab-org/cloud-native/gitlab-operator:0.25.1 + createdAt: "2020-03-11T13:29:00Z" + description: The GitLab operator is responsible for managing the full lifecycle of GitLab instances in your Kubernetes or Openshift container platforms. + operatorframework.io/suggested-namespace: gitlab-system + operators.operatorframework.io/builder: operator-sdk-v1.25.0 + operators.operatorframework.io/project_layout: unknown + repository: https://gitlab.com/gitlab-org/cloud-native/gitlab-operator + olm.properties: '[{"type": "olm.maxOpenShiftVersion", "value": "4.13"}]' + name: gitlab-operator-kubernetes.v0.25.1 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: GitLab is a complete DevOps platform, delivered in a single application + displayName: GitLab + kind: GitLab + name: gitlabs.apps.gitlab.com + resources: + - kind: ServiceAccount + name: gitlab-app-nonroot + version: v1 + - kind: ServiceAccount + name: gitlab-app-anyuid + version: v1 + - kind: ServiceAccount + name: gitlab-manager + version: v1 + - kind: ServiceAccount + name: gitlab-nginx-ingress + version: v1 + - kind: Service + name: gitlab-controller-manager-metrics-service + version: v1 + - kind: Service + name: gitlab-webhook-service + version: v1 + - kind: Deployment + name: gitlab-controller-manager + version: apps/v1 + - kind: IngressClass + name: gitlab-nginx + version: v1 + version: v1beta1 + description: | + # Overview + + The GitLab operator is responsible for managing the full lifecycle of GitLab instances in your Kubernetes or Openshift container platforms. + + [Documentation](https://docs.gitlab.com/charts/installation/operator.html) + + The operator, while new and still actively being developed, aims to: + - ease installation and configuration of GitLab instances + - offer seamless upgrades from version to version + + ## GitLab + + GitLab is a complete open-source DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate and build software. From idea to production, GitLab helps teams improve cycle time from weeks to minutes, reduce development process costs and decrease time to market while increasing developer productivity. + + Built on Open Source, GitLab delivers new innovations and features on the same day of every month by leveraging contributions from a passionate, global community of thousands of developers and millions of users. Over 100,000 of the world’s most demanding organizations trust GitLab to deliver great software at new speeds. + + If you would like to enable advanced DevOps capabilities and activate enterprise features such as security, risk, and compliance capabilities, please contact our sales team to purchase an enterprise license. + + # Prerequisites + + Please visit [Prerequisites](https://docs.gitlab.com/charts/installation/operator.html#prerequisites) section of GitLab Operator Documentation. + + ## IngressClass + + Cluster-wide `IngressClass` should be created prior to Operator setup, as OLM does not currently support this object type: + + ```yaml + apiVersion: networking.k8s.io/v1 + kind: IngressClass + metadata: + # Ensure this value matches `spec.chart.values.global.ingress.class` + # in the GitLab CR on the next step. + name: gitlab-nginx + spec: + controller: k8s.io/ingress-nginx + ``` + displayName: GitLab + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAABJQAAAReCAMAAAC2B5qlAAABDlBMVEVHcEzwWSfsUijpTSjnSyjiQynlSCnpTijtVSjxWyfvVyjvVyjvWCjsUyjkRSntUyjrUCjqTyjqUCjwWCfuVijmSSnlRyn1YSfwWCjrUSjuVCjqTijuVifrUijpTijsUijnSyjuVif0cifwWCj8oyb8oyb8jyb8bSb8iSb8jib8gSb0Xyf8lSb8oCb8dyb7ayb6aSb8nCb8cCb8jSb8kib8lib8iCb8fib8dCb8mSb8jCb8lCb8nSb8jCbuVSj8kib4ZSf8iyb8iyb8hSb8kSb8iibrUSj2Yyf8myb8iib8kCb8eyb8mib8kib8kCb8mCb8gCb8jib8lib8lyb8kCb8lCb8kSb8iSb8kCb8kCYx+jFhAAAAWnRSTlMALq/o////8cJKulc8pv+cz9zWZJL4+xAfkoficUrCuPB87f8Q////H5L//9////////+H////////cNb7ZP/P//9X/8BK///3PK//8y6m7y6c5+t8yLh8yN3b2h1aAAAhEElEQVR4AezdB24ryRWF4VI4yiKVKenl9/a/RyMZhZ6RQLftUddtfd8WiPSDXec2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAT+vg8Og4ycnp2XkbFudnpydJjo8uDtqawcFRuqPLNiQuJz/TVVstuN5k4qwNiLNMbLZtpeAmf3XbhsNt/uqsrRIc5u/u2mC4y98dthWC+7zloQ2Fbd5y39YHHvOWp10bCLunvOWxrQ5s87brNhAO87ZtWxs4zdse20B4zNuO2srAQd5z3obBed7z3NYFrvOeszYMzvKebVsXOMp79FuBetNvrM5z3nfVGL7e9Bur/e/Nl3k1602/scp6028F6k2/od4S6xgF6i3ZtfVDvfl+sky9JS9t3VBv3Wkbjw9c1zzpALtEvxX9wLXbtNWAh0S/Vf3AtXttawFfEv1Wp97W32+wSVfgwzz1tvJ+g9d0VT7MU2/r7zeMPvswr0C96TfU2zj9pt70G+qtUr+pt+RrWzfUW/eljUa9rfb4DDxlv82usajdJvs9tRWAr9lj9FNLPnDtLlt9cJfU7jcfuHY3bR1Qb1X+2FFv6+83uEznw7wC9bb2foObdD7MK1Bv+g31Nka/qTf9hnor12/qLfnWykO91e839dZ9b+XhPsbw/cbuJNFvuI9R7GGVD1zdDmUNfqSr87DKB65uh6LehEGBv0jr3w6Fq8xx34am3ur3GxymK/BhnnrTb6i3MfpNvek31Nu4D6vUm9uhqLc6/abe3A6l/sJq/X5TbxM/W124jzF+v3GfuZ5bTXCduc4aH+4sc21bTXCUzh871f8irX87FJ4z33kblOeJ9fsNtpnvR2OBetNvqLcC/abe9BvqrcbDKvWW7Fp5qLf6D6vUW/fSikO91e839Vb/dijuY5ToN/Wm33AfY5x+4yIzlL49A7f575y2AXmeWP/2DPR6qz+M4Xli/dsz8JquwDCG54n6DfVW4cM89abfUG8eVg1Vb/oN9eZhVYl6S341qF9v+q1IvbkdioVV/TZSvek33Mco02+eJ3ZfG9Rxk9TvN88T3Z5BvVXoN88T3Z6hnsv8bx7aojxPdHsG9WYYYwFfEv2GevPHTrl602+oNw+rhqo3/YZ687CqRL0l3xvUX1jVb1XqTb9hYVW/Fau35FuDCn4klfrN80T9hnrTbwM4yXxuz1DSVbL2fvM80e0ZKjlMZxhjWHeZcnsG9eaPnQofuOo31JsP8xaoN/2GevOwqkC96TcsrOq3YvWW/GxQf2FVv9WoN7dDcR9Dvw1Qb26HYmFVvy3gOPPZLqak50S/VR6XsV2M+xj6bQFnmXJ7BvWm36p94KrfUG/JeWOAcRn9hnrzYd4C9abfsLDqYVWBenN7BgurHlZVq7dk16D+wqp+K19v3UuD+gur+q1+vek3Ctgkn6bfjMt0DQb1mhTrN88TbRej3vRbgXEZt2dQb/qtwLiM2zOoN8MYQ9SbfsNGj4dVA9WbfsPCqodVBepNv1HAfToPqz5VvSVfG4znJtFvxevN7VDUm34rMC6j37Cwqt+KjMt09w0q1Jt+KzAuY7sY9abfCozL2C5Gvem3AcZl3J7BRo9hjAL1pt+w0TPVWLre9BsWVj2sKlZvybcGIzlM52HVJ6y35HuDAvXmw7wC9abfsLCq3wqMy+g31Jt+G2Aa1HYx6m2AfvOBq+1i1NsS/cbXTNguRr0V6TfToPoNGz31+029JT9bfVhYrT+Mod66g1YANnqqPaxSb/Vvz8BRugIf5qk3/YaF1QLDGOpNv6Heluk306D6DfWm3wZwnAnbxai3Av1mXMZ2MeqtQL+ZBrVdjI0e/TbA80T9ho2e6sMY6i3ZtfKw0VN/2FC9dS+tAGz01BnGUG/1b89Ar7cCwxjqTb+h3goMY6g3/YZ6K9BvxmX0G+qtQL8Zl7F9hXr7n/uN60zYLsZGT4F+U2+2i7HRU2AYQ73V6je4z4RhDPWWfG0wzEaPYUP1ltw1GKDe9Jt6028M4DJdpWEM9abfUG+GMQaoN/2GejNsOIDnTTrbV6i3pfuNh0zYLsYrzwL9ZhrUdjE2egr0m2lQ/YaNnqrDGOpNvzGAw3SGMdSb7WKGqjfDhupt6X6Dq0S/qbcCt2dQb+WGMdSbfkO91X9Ypd70G+rNsOF8vzJhuxivPAv0m2lQ28V45Vm53zxPtF2MjZ6JX+0/xtfkk/QbbNMZxlBvtosXx1Gi39Sb7WKG8ZwJw4bqzXYxA9SbflNv+g31Nr/f1Jt+Q70ZxhjCfaLf8MqzwLChaVDbxXjlWeBhleeJhbeLYRP9ZhrUdjHjeE1nGEO92b5aHLeJflNvtotRb4YNx6k328Wot/n9pt70G+qtYL+pN/2Geqvfb+pNv2FhdeJHY4+LRL/hladhQ9OgtosZ4JWnYUPToAu+nYbLTBimd9hh2dszcJPOMIZ6s32FejOMMaPe9BvqzbCherNdvDD1pt/Um35Dvem3ffWm31Bv+k29LdxveOVp2FC92S7GK0/DhvvtNulW/XYarjJhmN5hB9vFy+Iw0W8OO9i+Qr0Zxphfb/oN9WYYQ73ZvmKQejNsqN70G+pNv+2vN/2GetNv6k2/seB3wvpNvek3fCes3/Y4yQyVt4vhOVOGDYf0NTOU3i6GbSYM0zvsYLt4WRylM4xhXMb2FerNMMbMerN9hXozbKjebF8tSb3pN/Wm31Bv+m1Pvek3fCes39SbfsN3wm/2G8fJJ+k32ES/Oexgu5hxvCb6zWEH28WM4zb7GMYwLmO7GPVmmH7iPP/m7TTqzTCGerN9hXrTb3vqzfYV6s2woXr7gH6DX4l+U2/6Dd8Jz+839abf8MpTvznssF8aLPCdsH5zlu9DtovhJtFvDjvYLka9Gaaf4yCdt9OoN8P0zvJ5O416M4wxYL15O41668OG6k2/4Tthw4bqTb/hO2H9tq/e9Bu+E9Zv6k2/4Tth/dZtM777Bh/5nbB+c5Zvj5v2SaDeot92m3S+vUe96Tdn+bydRr0Zxhj1LJ+306i3ZKfe9Bv+aTZsqN70G74T1m976k2/4Z9m/abePqzf4DlVvDjLp9/wnbB+c5Zvph8NFq83/WZcpntssP56029f0/n2HvWm35zl8+096q3r1Fu8nWbtdqnkq3rTb/hO2LCheptJv/G/+P2nlJ+f1J9Sfjf4F3v3ldW4/2xRvB5oHnn9DYA+FhjLgAAbB3LOnXv+M7m3w/pXJ5IsyyV/92cOhL10pCrtrVpZkyy8SdJC1iQtrRhQ1qrUzhpk7U2S1rIGaUurBpTVkfJu1hzrb5K0kTVHV1LHUBZySZsF/RbbYtYcxaakvOz2HtjSN9v0W2zLWXPs6JstKw3U2zc9+q0a1FtPEv2GCeT6oU+/VYF66+uH3MoD9fZNvps1xTL1FtduLol+w8T19s2gyBpig3oLqxhIqqLfQL1JDdpQLlJvUbUk0W+YxFBObfqNeptMW65UvwEj/apLv1Fvk+jK0W+YuN7Cbijpt6WsGYpcvxob8Gp7+t0O/RbRfqNWk25owGsd6A89+i2gw6wRjvSHkQGvNdaf+vRbOdRbX45+KwnHchNtKOk36q2b6y/HVhqot4ZtKA+pt7irSXdgpYF6a9qGcol6C7uapN+qQb25k6wB9qm3UE7k6LfScKp/69Jv1Fv51ST9VhXqzeUF/Ua9lV1N0m/l4UyP2aHf4jjP4hvI0W8Vot7cEf0WxkUDV5Pu1F4OuNTj+vRbFOtZdG097tJeDLjSE/Iu/Ua9lV9NujN7KeBarokbygvqLe5q0l1bCaDemrmhpN5C2Jaj3ypCvTV0Q3lOvcVdTborKwHUW7kNJf1Gvd3I0W+Twa1cQzeU1Fu41ST9Vh7u9LwB/Ua9lVhN0m+l4F4u7IaSfluLv5qk32pAvbk2/Ua9lVtNugcDStRbyA0l/bbQ4NWke2fA897LldlQ0m/UW7Gpl7k34Hkf9ELbWWDr1Fvc1aT7aMCzVuSavKFcoN5mpqcXW7HJgXpzN1lca9Rb3NWke29ARfX2yIaSfqPednO93AcDnvFWrzGg36g356tJ+g3VWdWrHNFvv6PeWnL0GyrQkQu7oaTfNuKvJuk3VF5vcTeU9Nti41eT7j8Dqqg3t1nQb7Vbbvxq0q0aUEW9Od9Q0m/U245erWPAU3K9Xi8LapF6C7uadDn9hqdsyTV/Q7lMvdWrrzK2DKim3ly+m4W0Qb0FWE3W12+g3twgo9+ot2KgUnIDHvVJJbXoN+qtJUe/oSIjldVOvd+ot7Yc/Ybq6y3uhpJ+W8oi6srRb6jKUC7shpJ+2w+7mgzQb6De3Db9VpPDOVlNupEB1dWb66Xbb9RbT5MYG/BPx5pMP9V+o976mszQAOcO5OZlQ3lIvdWgm2syBwY4N1Z5YY8uLVFv9awmY/QbqLf4G8p96i3uatIdG/C3z5pcO71+o95O5IL0G6g3102t36i3rhz9hiqdyYXdUNJv51kwRS5Hv6FKp6rEDv02VRcRV5MB+w3Um+ul1G8coTySC9VvoN5cP51+o976qsqZ/Q74IjdfG8oL6i3uatKd2u+AS7k521BSb3FXk+7SfgNcyc3bhvKcepuSbVXoyoBfXatKJ/RbCvV2oipd26+AW1WqS7/Nf73dyNFvqNqdqpUX9FuAeguymqTfUMK9XNgNJf22lgUykKPfwqLe3BH9Nt/1diRHvwVGvbk+/Va1hfgHlei3cKg3l3fpt4qtxV9N0m8hUG/xN5Tr1Fvc1aR7sJ+AFbn53FAuUG9xV5Punf0AvJebzw3lGvVWpZ6m495+AD5oSrr02zzW242m5IN9B7zVtOQF/TZ/9baba1pW7BtgVVMzoN/mr94Gmpr39g3QkQu7oaTfNuIfVKLf4qLeXJt+q8Zi/NUk/VY96i3uhpJ+W46/mqTfIqPe3KCg3+an3opNOfqtUag3t52FsEi9hV1Nuvw/A1bl5nlDuUy9xV1NulUDOpq6myyADeot7mrSdQzI5aJuKOm3xfleTbrckodPqsGAfpuDeisGqsGWpQ4j1eGIfmt+vbVUB/oNuVzUDSX9tjTnq0lHv2EoF3ZDSb/tB1hNytFvzUW9uc2CfivvMMhqkn5rPurNbdNvTa63HTn6rdGoN9ej35pbbz3V56s5UG/zvaE8pN5K6qtGI0sZxqpRvpvN2BL1FnY16caWMBzLpbCh3Kfe4q4m3dDShQPVq0W/NbHeWqrXgYF6q02bfmtevZ2oLvQbzuTCbijpt/NEVpPu2FKFU7mwG0r67SKbpSJX7Q4M1Jvibijpt/V4q0n6rfmoN9ej35pUb0eqGf1GvdWvn83QBfUWdzVJv2Esl8yGknqLc1DpcZcG6q16QY8unVNvcVeT7sxShGvNSot+a0a9tTQrp5YiXMoltKGk3oKuJuk33GmGuvH7jXq70QxdWXpwLxd2Q0m/rSW1mnTXlh7capZ2ovcb9TbQrNBv1FvcDSX9tpDYapJ+o95mqB+536i3tmpGv+GjXFobynXqLe5q0j1YaiCX2oZygXqLu5p0lhjsyaW2oVyj3p6zrbrxUVy8VwAnMfuNejtRAPcGvhAQbUNJvy2ks5rkTRMcKIK8iNdv1FuRK4KOgYdv0TaU9NtGOqtJHr/hQTEc0W+PW0zo0wD8UsJHBdGn3x61nNBqkl9KGCmIvBup36i3bq4gOgaeviW0oVyk3v6t2FQUpwZefUtoQ7lMvQVbTfLyG4ZyCW4oN6i3f+ppVlh0460C6cboN+rtRoFYanCrOPIiQr9Rb7u54ri11OCLAhlE6DfqbaBAri01uFIkR/Tbn5aSXU3y5Un6LYQ2/faH/dRWk0wnsSoXb0NJvx1m9eoqlC1LEMZyCW4oF6m3YKtJjpngk0LZnmW/UW87CuWTgZdyk9tQHlJv0VaT7qOlCXe5QrnJarVEvf1PX6Hkd5YobMmlt6Hcp958NUm8ObCgdIOZ9Bv1VgwUBbtJdBRxQ0m/LSW8mtTIwG+laBtK+u083dWkDgyJuw+4oaTfLtJdTd4bkjfMFchmQb/9v/W0Diq5fM8AW/mY6oZyn3oLtpr8sGLfANcKpJfV5oJ6y45CphtwfJnmhpJ66yuOy2MDPOH+j737Sk7j+eIo3g8Uj7x6AXg0GNQDjIgSJigQnbP3v5B/Dj9ZqRl6boc5n118q07de554Q09SKeuqr7dMJ964eq0qD/dc6Ao2lJv411so1aS+UMAfdtsKPl2Kf70FUk2+e68eAm6r11CuK73ebng8CZIl+YYywP3WCaSaFIiTgNaXqjWU4a83kWqSOAkkS4Pq7rdatapJTZwUCJKlkdv9Fv96WxEnIRStq8QL41RCt6rrrZ14YUGcJIBkKayGslbN9ZZp4iSEZPeuOk+XOuGvt2CryY/icRJIlgJoKLuVXG+DxAM/FBBastSu4H6rVaWanBEnIcRkKYt/v7lYb4fEvfOWAgJMlvp55fZbz+dqkjgJJEvDqu23elq+qfs46U4BoSZLo4rtt6bn1SRxEkiWxtXab734q0n9TQHyyVJQDWW9Sust08RJIFnyvaFsVmi95X3iJJAsed9Q9iq03gbESacDydKN/H6Ldb2NiJNsAMlSVpX91oy6mtSfFSJBsqRz+f0W43qbaOIkxKO1cN9QRr/fGjFXkwuFmJAsrSqx3+YhP1QiTpKH3Uf3DWXc+20ZbTX5saUQGZIlncW/3xqhV5PESfJwOYu0oWzGu97cV5OzayUMJEvhN5TL6NfbgDgJsdrrKBvKRuTrbUScBJKlsBrKedzrbUychJi9XkTYUC7DX2/i1SRxEkiWpjHvt0Y8D5WIk+ThvaNkaRXxflsHWE0SJ4FkqR3vfttEVU0SJ8nD21lkDWUj1ieUGXESSJaCbCjnka63vE+chMr4oBN5g7Qkm0jX2zCRp9+o2IFkSaChjHO9jVzESTsFVClZOqTlWMe43lxUk98VUK1kSecR7rdNNKcB9KUCqpYsTSPcb91YqsmvLQVUL1laRbff1rFUk3sFVDJZase23zppGW6Ik0CyFHZDGdl6y4iTxIBkqZ9Htd9qaQlyTZwEkqXAG8pNVOttSJwkCSRLo9S+bkzrbUWcBJIlHXxDWYtnvY2JkwDVEk2W9CS1rhPNess0cRIgnSxNo9lv3bKqSeIk4HoW9tOlWiTrbUCcBLhIltpx7LdOmdUkcRLwWcs3lGHvt15q2SERoy8UQLJUZkPpYL/Vy64miZOAhXxDGfB+a6aWTRMptwoIxDcdakPZC3+9rYiTAJfJ0ji1qx76emsnQr60FBCSH4E2lM3A11umiZMAt8nSNA97v/WCrCa3xEkIUOs8yIayHvR6E6omr5huIFkSayib8utNqpokTgLuZJKlLOD91guvmnxHnASSJamGUn6/NVKLJtqPOAkgWRoGu9/m0tUkcRIgkiyNQt1vS/mHSsRJwI/AGspGmOut7VGcBJAs6UmQ+20eVDVJnASSJTcN5TLE9Zb3k7ItmG4gWXLUUDYCXG8D3+IkgGTpJrVlHt56GyUl+0icBJIldw3lMrj1dvAwTgJIlnQe2H5rhFJNzgrFSQDJ0jCw/bZ2fRqAOAnYJ6VahbXfNkFUk5o4CSRL7hvKRkhPKNvexkkAyZLO3O836fWWScdJAMmSfEO5cbbe5KtJ4iRgt/W/oQxnvQ2Jk4DTLbxvKNehrLcRcZINwKX2vKHcBLLexsRJdgCtr543lGGst4n2P04CSJamQey3tVA16T5OAkiWViHst45UNek+TgJIltoB7Leuxw+VFq9UNQFvtKOG0v1+q/lZTRIngWTJ24Zy4/t6y3VJcVJLVRnwPSnFID1V1/f1NpSMkwCSJfcNZc3v9bYqJ066VkA5SJYO6Yk6Xq+3MXESEFiypHOf91vXx4dK+rMCUF6yNPV4v9XEq0n3cRJAsrTyd791PKwmFwpAyclS29v91pOvJt3HSQDJks483W91F9Wk+zgJIFnq537ut6ZANSkQJwEkS8INZc/P9TYlTgLCTZZG6SnqPq63lWCcBGDvVUPZ9HC9tYmTgKCTJT3xb7/1PKomt3cKgGiyNPVuv9VPqibF4yQAF9qbp0tN39bbILFJ/1QA5JOlttB+E1hvN27iJAC38g2l2H5rpIUdEpt+KDcAkqV+7tN+m59eTcrHSQBaX+QbSpn9tvSimjw/droB2HvRUDb8WW9nbuMkANfbxJqx8H4rYb21XcdJAFpX7hvKpS/rLdMexkkAyZL806WGH+st7/sQJwHYvXPdUM79WG8DT+IkALeOG8qlF+ttlFiyV74ASJYyD/ZbQ6iaJE4CAkiW+rn7/bZOi5joGOMkgGRp6H6/bRxWk/qN8gtAsjRyvt+67qrJ7U75BiBZGjveb2t31eQvBUAgWZJoKDdu11uWWKAvFQCBZEmmoSxhvQlXk19byj4At44ayrXL9TaMO04CSJZuHO63jZNqcisQJwEkS6INpbv1No4+TgJIlnTuar+t5atJ4iQggGRp6Gq/deQfKhEnASEkSytH+60rXk0SJwFhJEtjJ/utJlNNysdJAHYfhZ8ubVyst4w4CQjHrWxD2XWw3vI+cRIQkMuZaENZk19vQ+IkILBkSbKh7Iivt1VyiiumGyBvr+Uayq70ehtXLE4CSJZ0LrvfanIPld45ipMAvF4kxU1l91tHrJokTgICTZZWovutJ1RNzpzGSQDen5AstQX3Wz09wk0l4ySAZElncvutKVJN6r1yDsDbmURD2RNbb7muapwEkCwNUnN1qfU2JE4CgvdBl99QNgXW2ynVpL5QAMJPlg6l7LcT1lu70nESQLKkc4n9Vi+9mrxVcQBIlqYS+61pXk0SJwFVT5ZW5vut/PU2SIr40lLxAEiW2qXvt4Z5NUmcBJAs6azs/TZPzRyIk/4BIFnq5yXvt2WJ1eTVKwUgtmTJtKFslLvepsRJAMnSv41K3W/z0qrJd58UgCiTJbOGclnmemsTJwEkS/+jJ+Xtt0ZJ1eTsrQIQbbJk1lDOLaw3k2qSOAkgWTorbb8ty6gm9QcFICjXxyZL7bL2W2pgRJwEkCyZNJQW9tvavJokTgLi9llbbygL7LdN+qKJJk4CSJaKNZSNMp5QTomTgKpY2G4o5yWstzPiJKA6vh21jMbpSzb211ubOAmoktZHuw2l9fWWaeIkoFp+WH26tLa83vI+cdLTAJKlM8v7bWOxmtzeqSgAaJ1bbCjtrrcRcdLzAJKlzOZ+q6XPG5tPt58qIgDutuYNpcX91rFVTX4kTqoskCwNLe63rqXTAD9UdQEkSyNr+61moZokTgJIlsa29lvHSjV53lJxAvDDxsGArqX1lhEnAbieWWgoa8XXm3k1SZwEkCyZNpQdK+ttmJhYECf9E0CydGNjv3WLV5PESQDJknlDWTt9vY2Jk44CkCzp3GC/FV5vmSZOOg5AsjQ8eb/1DKtJ4iQAJsnS6sT9VjevJomTAPwwbCiL77dm+pSbl8fjZwWAZMm4oeydtN4y4iQA5smSUUNZP2G95Tp5wS/iJIBk6biGsnnCehsSJz0BwG5bsKHsFV9vq+R5X5+OkwCQLB2K7rd6kWqSOAnApS7UUDYN1luBanL7fJwEgGRpWnC/Lc2ryXtxEgDsjRtK8/3WMKkmiZMAFEiW2kX229ygmjSIkwCQLBk2lL0C6+1gGCcBwBt9bEPZOHq95dpGnASAZGmQPmJ+9HqbHhEnAcD34xrK5bHrbWUrTgJAsnQ4br81jnqotL1WjwCA1leDhtJkv82PqSZ/txQAHJksTY/ab0vzalK/UQBwfLJ0dsx+Sx8YJI97R5wEoFiy1Dbfb2vjavKXAoBiyZLOjPfbxrCanBEnASieLPVz0/3WTe+b6MfjpJYCgOLJ0sBwv62NqklNnATgxGRplN63MVtvZxbiJAAkSwYNpdF6a5cUJwEgWdKT9J61wXrLdFlxEgCSpanBfru/3vK+xTgJAMnS8w3ly+ttYC1OAoAL/VhD+fx+q6V/NSo1TgJAsqSzF/Zb5141aTdOAoDb5xvK59fbRJcdJwEgWRo+t9/urbd8aj1OAoDWl2cays1z6+3szzjplQIA+8nSOP2f7jPrrV1OnAQA19snG8rak+st+yNO2ilLAKB19dTTpc5T6y3vlxknASBZeryh7D613ob34qRLZRUA7N493lDWHl9vI8k4CQDJUvbnfru/3sbJ/+m9AoCSk6V+/th+692rJuXiJAAkS8NH9lv9kWrySiROAkCyNHq435p/qSb/3t492AgQBGAYnejiLeJs27b7L+ZujQKW70WLCv7ky0y7cRIgWcobyu36eqtVk+/fAaClZCk/MGCmsd42u4iTAMlS3lDO1dfbbv77/CK0CZAsLdb323ZeTXYTJwGSpbtyv+Xr7Sbbdp8BoPVkabOy3+Yq1eTzQwBoP1na2C3323V+oVJncRIgWToo9ltUVJMbewGgo2TpJt9vl3k1KU4COkyW4oZyO1tvd/H7fQDoMFmKG8ooWW+bHcdJAC9fSUN5Ga+3uJr8FScBnSdLi0vX8Xo76UGcBHB6/t9QRtHSjTgJ6Euy9HZ5udqXOAngdWd7d6c3cRLA7eKNOAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/gAkfH+FBWMSNQAAAABJRU5ErkJggg== + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - security.openshift.io + resourceNames: + - anyuid + resources: + - securitycontextconstraints + verbs: + - use + serviceAccountName: gitlab-app-anyuid + - rules: + - apiGroups: + - security.openshift.io + resourceNames: + - nonroot + resources: + - securitycontextconstraints + verbs: + - use + serviceAccountName: gitlab-app-nonroot + - rules: + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - apps + resources: + - deployments + - daemonsets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps.gitlab.com + resources: + - gitlabs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps.gitlab.com + resources: + - gitlabs/finalizers + verbs: + - update + - apiGroups: + - apps.gitlab.com + resources: + - gitlabs/status + verbs: + - get + - patch + - update + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - batch + resources: + - cronjobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - cert-manager.io + resources: + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - persistentvolumeclaims + - secrets + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - prometheuses + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + serviceAccountName: gitlab-manager + - rules: + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + verbs: + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + serviceAccountName: gitlab-nginx-ingress + deployments: + - label: + control-plane: controller-manager + name: gitlab-controller-manager + spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + strategy: {} + template: + metadata: + labels: + control-plane: controller-manager + spec: + containers: + - args: + - --metrics-addr=127.0.0.1:8080 + - --enable-leader-election + - --zap-devel=true + command: + - /manager + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: GITLAB_MANAGER_SERVICE_ACCOUNT + value: gitlab-manager + - name: GITLAB_APP_ANYUID_SERVICE_ACCOUNT + value: gitlab-app-anyuid + - name: GITLAB_APP_NONROOT_SERVICE_ACCOUNT + value: gitlab-app-nonroot + - name: NGINX_SERVICE_ACCOUNT + value: gitlab-nginx-ingress + - name: PROMETHEUS_SERVICE_ACCOUNT + value: gitlab-prometheus-server + image: registry.gitlab.com/gitlab-org/cloud-native/gitlab-operator:0.25.1 + livenessProbe: + httpGet: + path: /liveness + port: health-port + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 6060 + name: health-port + readinessProbe: + httpGet: + path: /readiness + port: health-port + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 200m + memory: 300Mi + requests: + cpu: 200m + memory: 100Mi + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.1 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: {} + serviceAccountName: gitlab-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert + permissions: + - rules: + - apiGroups: + - "" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: gitlab-manager + - rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - security.openshift.io + resourceNames: + - gitlab-nginx-ingress-scc + resources: + - securitycontextconstraints + verbs: + - use + serviceAccountName: gitlab-nginx-ingress + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - GitLab + - DevOps + - CI/CD + - DAST + - SAST + links: + - name: GitLab Docs + url: https://docs.gitlab.com/ + - name: GitLab Operator Documentation + url: https://docs.gitlab.com/charts/installation/operator.html + - name: GitLab and Kubernetes + url: https://about.gitlab.com/solutions/kubernetes/ + - name: Gitlab Reference Architecture + url: https://docs.gitlab.com/ee/administration/reference_architectures/ + - name: GitLab Contact Sales + url: https://about.gitlab.com/sales/ + maintainers: + - email: distribution@gitlab.com + name: GitLab Distribution Team + maturity: alpha + minKubeVersion: 1.19.0 + provider: + name: GitLab Inc + url: https://about.gitlab.com/ + version: 0.25.1 + webhookdefinitions: + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: gitlab-controller-manager + failurePolicy: Fail + generateName: vgitlab.kb.io + rules: + - apiGroups: + - apps.gitlab.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - gitlabs + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-apps-gitlab-com-v1beta1-gitlab diff --git a/operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-prometheus-server_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-prometheus-server_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 0000000000..0ccd7e7e04 --- /dev/null +++ b/operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-prometheus-server_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: gitlab-prometheus-server +rules: +- apiGroups: + - "" + resources: + - nodes + - nodes/proxy + - nodes/metrics + - services + - endpoints + - pods + - ingresses + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses/status + - ingresses + verbs: + - get + - list + - watch +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-prometheus-server_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml b/operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-prometheus-server_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml new file mode 100644 index 0000000000..06afc70ad0 --- /dev/null +++ b/operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-prometheus-server_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + name: gitlab-prometheus-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gitlab-prometheus-server +subjects: +- kind: ServiceAccount + name: gitlab-prometheus-server + namespace: gitlab-system diff --git a/operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-prometheus-server_v1_serviceaccount.yaml b/operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-prometheus-server_v1_serviceaccount.yaml new file mode 100644 index 0000000000..957b7c001e --- /dev/null +++ b/operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-prometheus-server_v1_serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + creationTimestamp: null + name: gitlab-prometheus-server diff --git a/operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-webhook-service_v1_service.yaml b/operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-webhook-service_v1_service.yaml new file mode 100644 index 0000000000..ce80847678 --- /dev/null +++ b/operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-webhook-service_v1_service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + name: gitlab-webhook-service +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/gitlab-operator-kubernetes/0.25.1/metadata/annotations.yaml b/operators/gitlab-operator-kubernetes/0.25.1/metadata/annotations.yaml new file mode 100644 index 0000000000..924afd3d4b --- /dev/null +++ b/operators/gitlab-operator-kubernetes/0.25.1/metadata/annotations.yaml @@ -0,0 +1,15 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: gitlab-operator-kubernetes + operators.operatorframework.io.bundle.channels.v1: stable,unstable + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.metrics.builder: operator-sdk-v1.25.0 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: unknown + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ + com.redhat.openshift.versions: v4.10-v4.13 diff --git a/operators/gitlab-operator-kubernetes/0.25.1/tests/scorecard/config.yaml b/operators/gitlab-operator-kubernetes/0.25.1/tests/scorecard/config.yaml new file mode 100644 index 0000000000..21f1d101ef --- /dev/null +++ b/operators/gitlab-operator-kubernetes/0.25.1/tests/scorecard/config.yaml @@ -0,0 +1,70 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-crds-have-resources-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-status-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {} From 0740ee9b7f90fa8fab17d203b3b74b969ed7e7b5 Mon Sep 17 00:00:00 2001 From: Hossein Date: Thu, 2 Nov 2023 09:17:25 +0000 Subject: [PATCH 2/2] Pin the operator manifests --- ...ator-kubernetes.clusterserviceversion.yaml | 1045 +++++++++-------- 1 file changed, 526 insertions(+), 519 deletions(-) diff --git a/operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-operator-kubernetes.clusterserviceversion.yaml b/operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-operator-kubernetes.clusterserviceversion.yaml index cec7bc4fb8..8130bc01fd 100644 --- a/operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-operator-kubernetes.clusterserviceversion.yaml +++ b/operators/gitlab-operator-kubernetes/0.25.1/manifests/gitlab-operator-kubernetes.clusterserviceversion.yaml @@ -38,7 +38,7 @@ metadata: capabilities: Seamless Upgrades categories: Integration & Delivery, Developer Tools certified: "true" - containerImage: registry.gitlab.com/gitlab-org/cloud-native/gitlab-operator:0.25.1 + containerImage: registry.gitlab.com/gitlab-org/cloud-native/gitlab-operator@sha256:4aa6f8407e8d6cc6a09053214a49857bbe74b2d2a01b623edb0448c4eb696bbc createdAt: "2020-03-11T13:29:00Z" description: The GitLab operator is responsible for managing the full lifecycle of GitLab instances in your Kubernetes or Openshift container platforms. operatorframework.io/suggested-namespace: gitlab-system @@ -52,36 +52,36 @@ spec: apiservicedefinitions: {} customresourcedefinitions: owned: - - description: GitLab is a complete DevOps platform, delivered in a single application - displayName: GitLab - kind: GitLab - name: gitlabs.apps.gitlab.com - resources: - - kind: ServiceAccount - name: gitlab-app-nonroot - version: v1 - - kind: ServiceAccount - name: gitlab-app-anyuid - version: v1 - - kind: ServiceAccount - name: gitlab-manager - version: v1 - - kind: ServiceAccount - name: gitlab-nginx-ingress - version: v1 - - kind: Service - name: gitlab-controller-manager-metrics-service - version: v1 - - kind: Service - name: gitlab-webhook-service - version: v1 - - kind: Deployment - name: gitlab-controller-manager - version: apps/v1 - - kind: IngressClass - name: gitlab-nginx - version: v1 - version: v1beta1 + - description: GitLab is a complete DevOps platform, delivered in a single application + displayName: GitLab + kind: GitLab + name: gitlabs.apps.gitlab.com + resources: + - kind: ServiceAccount + name: gitlab-app-nonroot + version: v1 + - kind: ServiceAccount + name: gitlab-app-anyuid + version: v1 + - kind: ServiceAccount + name: gitlab-manager + version: v1 + - kind: ServiceAccount + name: gitlab-nginx-ingress + version: v1 + - kind: Service + name: gitlab-controller-manager-metrics-service + version: v1 + - kind: Service + name: gitlab-webhook-service + version: v1 + - kind: Deployment + name: gitlab-controller-manager + version: apps/v1 + - kind: IngressClass + name: gitlab-nginx + version: v1 + version: v1beta1 description: | # Overview @@ -121,485 +121,485 @@ spec: ``` displayName: GitLab icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAABJQAAAReCAMAAAC2B5qlAAABDlBMVEVHcEzwWSfsUijpTSjnSyjiQynlSCnpTijtVSjxWyfvVyjvVyjvWCjsUyjkRSntUyjrUCjqTyjqUCjwWCfuVijmSSnlRyn1YSfwWCjrUSjuVCjqTijuVifrUijpTijsUijnSyjuVif0cifwWCj8oyb8oyb8jyb8bSb8iSb8jib8gSb0Xyf8lSb8oCb8dyb7ayb6aSb8nCb8cCb8jSb8kib8lib8iCb8fib8dCb8mSb8jCb8lCb8nSb8jCbuVSj8kib4ZSf8iyb8iyb8hSb8kSb8iibrUSj2Yyf8myb8iib8kCb8eyb8mib8kib8kCb8mCb8gCb8jib8lib8lyb8kCb8lCb8kSb8iSb8kCb8kCYx+jFhAAAAWnRSTlMALq/o////8cJKulc8pv+cz9zWZJL4+xAfkoficUrCuPB87f8Q////H5L//9////////+H////////cNb7ZP/P//9X/8BK///3PK//8y6m7y6c5+t8yLh8yN3b2h1aAAAhEElEQVR4AezdB24ryRWF4VI4yiKVKenl9/a/RyMZhZ6RQLftUddtfd8WiPSDXec2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAT+vg8Og4ycnp2XkbFudnpydJjo8uDtqawcFRuqPLNiQuJz/TVVstuN5k4qwNiLNMbLZtpeAmf3XbhsNt/uqsrRIc5u/u2mC4y98dthWC+7zloQ2Fbd5y39YHHvOWp10bCLunvOWxrQ5s87brNhAO87ZtWxs4zdse20B4zNuO2srAQd5z3obBed7z3NYFrvOeszYMzvKebVsXOMp79FuBetNvrM5z3nfVGL7e9Bur/e/Nl3k1602/scp6028F6k2/od4S6xgF6i3ZtfVDvfl+sky9JS9t3VBv3Wkbjw9c1zzpALtEvxX9wLXbtNWAh0S/Vf3AtXttawFfEv1Wp97W32+wSVfgwzz1tvJ+g9d0VT7MU2/r7zeMPvswr0C96TfU2zj9pt70G+qtUr+pt+RrWzfUW/eljUa9rfb4DDxlv82usajdJvs9tRWAr9lj9FNLPnDtLlt9cJfU7jcfuHY3bR1Qb1X+2FFv6+83uEznw7wC9bb2foObdD7MK1Bv+g31Nka/qTf9hnor12/qLfnWykO91e839dZ9b+XhPsbw/cbuJNFvuI9R7GGVD1zdDmUNfqSr87DKB65uh6LehEGBv0jr3w6Fq8xx34am3ur3GxymK/BhnnrTb6i3MfpNvek31Nu4D6vUm9uhqLc6/abe3A6l/sJq/X5TbxM/W124jzF+v3GfuZ5bTXCduc4aH+4sc21bTXCUzh871f8irX87FJ4z33kblOeJ9fsNtpnvR2OBetNvqLcC/abe9BvqrcbDKvWW7Fp5qLf6D6vUW/fSikO91e839Vb/dijuY5ToN/Wm33AfY5x+4yIzlL49A7f575y2AXmeWP/2DPR6qz+M4Xli/dsz8JquwDCG54n6DfVW4cM89abfUG8eVg1Vb/oN9eZhVYl6S341qF9v+q1IvbkdioVV/TZSvek33Mco02+eJ3ZfG9Rxk9TvN88T3Z5BvVXoN88T3Z6hnsv8bx7aojxPdHsG9WYYYwFfEv2GevPHTrl602+oNw+rhqo3/YZ687CqRL0l3xvUX1jVb1XqTb9hYVW/Fau35FuDCn4klfrN80T9hnrTbwM4yXxuz1DSVbL2fvM80e0ZKjlMZxhjWHeZcnsG9eaPnQofuOo31JsP8xaoN/2GevOwqkC96TcsrOq3YvWW/GxQf2FVv9WoN7dDcR9Dvw1Qb26HYmFVvy3gOPPZLqak50S/VR6XsV2M+xj6bQFnmXJ7BvWm36p94KrfUG/JeWOAcRn9hnrzYd4C9abfsLDqYVWBenN7BgurHlZVq7dk16D+wqp+K19v3UuD+gur+q1+vek3Ctgkn6bfjMt0DQb1mhTrN88TbRej3vRbgXEZt2dQb/qtwLiM2zOoN8MYQ9SbfsNGj4dVA9WbfsPCqodVBepNv1HAfToPqz5VvSVfG4znJtFvxevN7VDUm34rMC6j37Cwqt+KjMt09w0q1Jt+KzAuY7sY9abfCozL2C5Gvem3AcZl3J7BRo9hjAL1pt+w0TPVWLre9BsWVj2sKlZvybcGIzlM52HVJ6y35HuDAvXmw7wC9abfsLCq3wqMy+g31Jt+G2Aa1HYx6m2AfvOBq+1i1NsS/cbXTNguRr0V6TfToPoNGz31+029JT9bfVhYrT+Mod66g1YANnqqPaxSb/Vvz8BRugIf5qk3/YaF1QLDGOpNv6Heluk306D6DfWm3wZwnAnbxai3Av1mXMZ2MeqtQL+ZBrVdjI0e/TbA80T9ho2e6sMY6i3ZtfKw0VN/2FC9dS+tAGz01BnGUG/1b89Ar7cCwxjqTb+h3goMY6g3/YZ6K9BvxmX0G+qtQL8Zl7F9hXr7n/uN60zYLsZGT4F+U2+2i7HRU2AYQ73V6je4z4RhDPWWfG0wzEaPYUP1ltw1GKDe9Jt6028M4DJdpWEM9abfUG+GMQaoN/2GejNsOIDnTTrbV6i3pfuNh0zYLsYrzwL9ZhrUdjE2egr0m2lQ/YaNnqrDGOpNvzGAw3SGMdSb7WKGqjfDhupt6X6Dq0S/qbcCt2dQb+WGMdSbfkO91X9Ypd70G+rNsOF8vzJhuxivPAv0m2lQ28V45Vm53zxPtF2MjZ6JX+0/xtfkk/QbbNMZxlBvtosXx1Gi39Sb7WKG8ZwJw4bqzXYxA9SbflNv+g31Nr/f1Jt+Q70ZxhjCfaLf8MqzwLChaVDbxXjlWeBhleeJhbeLYRP9ZhrUdjHjeE1nGEO92b5aHLeJflNvtotRb4YNx6k328Wot/n9pt70G+qtYL+pN/2Geqvfb+pNv2FhdeJHY4+LRL/hladhQ9OgtosZ4JWnYUPToAu+nYbLTBimd9hh2dszcJPOMIZ6s32FejOMMaPe9BvqzbCherNdvDD1pt/Um35Dvem3ffWm31Bv+k29LdxveOVp2FC92S7GK0/DhvvtNulW/XYarjJhmN5hB9vFy+Iw0W8OO9i+Qr0Zxphfb/oN9WYYQ73ZvmKQejNsqN70G+pNv+2vN/2GetNv6k2/seB3wvpNvek3fCes3/Y4yQyVt4vhOVOGDYf0NTOU3i6GbSYM0zvsYLt4WRylM4xhXMb2FerNMMbMerN9hXozbKjebF8tSb3pN/Wm31Bv+m1Pvek3fCes39SbfsN3wm/2G8fJJ+k32ES/Oexgu5hxvCb6zWEH28WM4zb7GMYwLmO7GPVmmH7iPP/m7TTqzTCGerN9hXrTb3vqzfYV6s2woXr7gH6DX4l+U2/6Dd8Jz+839abf8MpTvznssF8aLPCdsH5zlu9DtovhJtFvDjvYLka9Gaaf4yCdt9OoN8P0zvJ5O416M4wxYL15O41668OG6k2/4Tthw4bqTb/hO2H9tq/e9Bu+E9Zv6k2/4Tth/dZtM777Bh/5nbB+c5Zvj5v2SaDeot92m3S+vUe96Tdn+bydRr0Zxhj1LJ+306i3ZKfe9Bv+aTZsqN70G74T1m976k2/4Z9m/abePqzf4DlVvDjLp9/wnbB+c5Zvph8NFq83/WZcpntssP56029f0/n2HvWm35zl8+096q3r1Fu8nWbtdqnkq3rTb/hO2LCheptJv/G/+P2nlJ+f1J9Sfjf4F3v3ldW4/2xRvB5oHnn9DYA+FhjLgAAbB3LOnXv+M7m3w/pXJ5IsyyV/92cOhL10pCrtrVpZkyy8SdJC1iQtrRhQ1qrUzhpk7U2S1rIGaUurBpTVkfJu1hzrb5K0kTVHV1LHUBZySZsF/RbbYtYcxaakvOz2HtjSN9v0W2zLWXPs6JstKw3U2zc9+q0a1FtPEv2GCeT6oU+/VYF66+uH3MoD9fZNvps1xTL1FtduLol+w8T19s2gyBpig3oLqxhIqqLfQL1JDdpQLlJvUbUk0W+YxFBObfqNeptMW65UvwEj/apLv1Fvk+jK0W+YuN7Cbijpt6WsGYpcvxob8Gp7+t0O/RbRfqNWk25owGsd6A89+i2gw6wRjvSHkQGvNdaf+vRbOdRbX45+KwnHchNtKOk36q2b6y/HVhqot4ZtKA+pt7irSXdgpYF6a9qGcol6C7uapN+qQb25k6wB9qm3UE7k6LfScKp/69Jv1Fv51ST9VhXqzeUF/Ua9lV1N0m/l4UyP2aHf4jjP4hvI0W8Vot7cEf0WxkUDV5Pu1F4OuNTj+vRbFOtZdG097tJeDLjSE/Iu/Ua9lV9NujN7KeBarokbygvqLe5q0l1bCaDemrmhpN5C2Jaj3ypCvTV0Q3lOvcVdTborKwHUW7kNJf1Gvd3I0W+Twa1cQzeU1Fu41ST9Vh7u9LwB/Ua9lVhN0m+l4F4u7IaSfluLv5qk32pAvbk2/Ua9lVtNugcDStRbyA0l/bbQ4NWke2fA897LldlQ0m/UW7Gpl7k34Hkf9ELbWWDr1Fvc1aT7aMCzVuSavKFcoN5mpqcXW7HJgXpzN1lca9Rb3NWke29ARfX2yIaSfqPednO93AcDnvFWrzGg36g356tJ+g3VWdWrHNFvv6PeWnL0GyrQkQu7oaTfNuKvJuk3VF5vcTeU9Nti41eT7j8Dqqg3t1nQb7Vbbvxq0q0aUEW9Od9Q0m/U245erWPAU3K9Xi8LapF6C7uadDn9hqdsyTV/Q7lMvdWrrzK2DKim3ly+m4W0Qb0FWE3W12+g3twgo9+ot2KgUnIDHvVJJbXoN+qtJUe/oSIjldVOvd+ot7Yc/Ybq6y3uhpJ+W8oi6srRb6jKUC7shpJ+2w+7mgzQb6De3Db9VpPDOVlNupEB1dWb66Xbb9RbT5MYG/BPx5pMP9V+o976mszQAOcO5OZlQ3lIvdWgm2syBwY4N1Z5YY8uLVFv9awmY/QbqLf4G8p96i3uatIdG/C3z5pcO71+o95O5IL0G6g3102t36i3rhz9hiqdyYXdUNJv51kwRS5Hv6FKp6rEDv02VRcRV5MB+w3Um+ul1G8coTySC9VvoN5cP51+o976qsqZ/Q74IjdfG8oL6i3uatKd2u+AS7k521BSb3FXk+7SfgNcyc3bhvKcepuSbVXoyoBfXatKJ/RbCvV2oipd26+AW1WqS7/Nf73dyNFvqNqdqpUX9FuAeguymqTfUMK9XNgNJf22lgUykKPfwqLe3BH9Nt/1diRHvwVGvbk+/Va1hfgHlei3cKg3l3fpt4qtxV9N0m8hUG/xN5Tr1Fvc1aR7sJ+AFbn53FAuUG9xV5Punf0AvJebzw3lGvVWpZ6m495+AD5oSrr02zzW242m5IN9B7zVtOQF/TZ/9baba1pW7BtgVVMzoN/mr94Gmpr39g3QkQu7oaTfNuIfVKLf4qLeXJt+q8Zi/NUk/VY96i3uhpJ+W46/mqTfIqPe3KCg3+an3opNOfqtUag3t52FsEi9hV1Nuvw/A1bl5nlDuUy9xV1NulUDOpq6myyADeot7mrSdQzI5aJuKOm3xfleTbrckodPqsGAfpuDeisGqsGWpQ4j1eGIfmt+vbVUB/oNuVzUDSX9tjTnq0lHv2EoF3ZDSb/tB1hNytFvzUW9uc2CfivvMMhqkn5rPurNbdNvTa63HTn6rdGoN9ej35pbbz3V56s5UG/zvaE8pN5K6qtGI0sZxqpRvpvN2BL1FnY16caWMBzLpbCh3Kfe4q4m3dDShQPVq0W/NbHeWqrXgYF6q02bfmtevZ2oLvQbzuTCbijpt/NEVpPu2FKFU7mwG0r67SKbpSJX7Q4M1Jvibijpt/V4q0n6rfmoN9ej35pUb0eqGf1GvdWvn83QBfUWdzVJv2Esl8yGknqLc1DpcZcG6q16QY8unVNvcVeT7sxShGvNSot+a0a9tTQrp5YiXMoltKGk3oKuJuk33GmGuvH7jXq70QxdWXpwLxd2Q0m/rSW1mnTXlh7capZ2ovcb9TbQrNBv1FvcDSX9tpDYapJ+o95mqB+536i3tmpGv+GjXFobynXqLe5q0j1YaiCX2oZygXqLu5p0lhjsyaW2oVyj3p6zrbrxUVy8VwAnMfuNejtRAPcGvhAQbUNJvy2ks5rkTRMcKIK8iNdv1FuRK4KOgYdv0TaU9NtGOqtJHr/hQTEc0W+PW0zo0wD8UsJHBdGn3x61nNBqkl9KGCmIvBup36i3bq4gOgaeviW0oVyk3v6t2FQUpwZefUtoQ7lMvQVbTfLyG4ZyCW4oN6i3f+ppVlh0460C6cboN+rtRoFYanCrOPIiQr9Rb7u54ri11OCLAhlE6DfqbaBAri01uFIkR/Tbn5aSXU3y5Un6LYQ2/faH/dRWk0wnsSoXb0NJvx1m9eoqlC1LEMZyCW4oF6m3YKtJjpngk0LZnmW/UW87CuWTgZdyk9tQHlJv0VaT7qOlCXe5QrnJarVEvf1PX6Hkd5YobMmlt6Hcp958NUm8ObCgdIOZ9Bv1VgwUBbtJdBRxQ0m/LSW8mtTIwG+laBtK+u083dWkDgyJuw+4oaTfLtJdTd4bkjfMFchmQb/9v/W0Diq5fM8AW/mY6oZyn3oLtpr8sGLfANcKpJfV5oJ6y45CphtwfJnmhpJ66yuOy2MDPOH+j737Sk7j+eIo3g8Uj7x6AXg0GNQDjIgSJigQnbP3v5B/Dj9ZqRl6boc5n118q07de554Q09SKeuqr7dMJ964eq0qD/dc6Ao2lJv411so1aS+UMAfdtsKPl2Kf70FUk2+e68eAm6r11CuK73ebng8CZIl+YYywP3WCaSaFIiTgNaXqjWU4a83kWqSOAkkS4Pq7rdatapJTZwUCJKlkdv9Fv96WxEnIRStq8QL41RCt6rrrZ14YUGcJIBkKayGslbN9ZZp4iSEZPeuOk+XOuGvt2CryY/icRJIlgJoKLuVXG+DxAM/FBBastSu4H6rVaWanBEnIcRkKYt/v7lYb4fEvfOWAgJMlvp55fZbz+dqkjgJJEvDqu23elq+qfs46U4BoSZLo4rtt6bn1SRxEkiWxtXab734q0n9TQHyyVJQDWW9Sust08RJIFnyvaFsVmi95X3iJJAsed9Q9iq03gbESacDydKN/H6Ldb2NiJNsAMlSVpX91oy6mtSfFSJBsqRz+f0W43qbaOIkxKO1cN9QRr/fGjFXkwuFmJAsrSqx3+YhP1QiTpKH3Uf3DWXc+20ZbTX5saUQGZIlncW/3xqhV5PESfJwOYu0oWzGu97cV5OzayUMJEvhN5TL6NfbgDgJsdrrKBvKRuTrbUScBJKlsBrKedzrbUychJi9XkTYUC7DX2/i1SRxEkiWpjHvt0Y8D5WIk+ThvaNkaRXxflsHWE0SJ4FkqR3vfttEVU0SJ8nD21lkDWUj1ieUGXESSJaCbCjnka63vE+chMr4oBN5g7Qkm0jX2zCRp9+o2IFkSaChjHO9jVzESTsFVClZOqTlWMe43lxUk98VUK1kSecR7rdNNKcB9KUCqpYsTSPcb91YqsmvLQVUL1laRbff1rFUk3sFVDJZase23zppGW6Ik0CyFHZDGdl6y4iTxIBkqZ9Htd9qaQlyTZwEkqXAG8pNVOttSJwkCSRLo9S+bkzrbUWcBJIlHXxDWYtnvY2JkwDVEk2W9CS1rhPNess0cRIgnSxNo9lv3bKqSeIk4HoW9tOlWiTrbUCcBLhIltpx7LdOmdUkcRLwWcs3lGHvt15q2SERoy8UQLJUZkPpYL/Vy64miZOAhXxDGfB+a6aWTRMptwoIxDcdakPZC3+9rYiTAJfJ0ji1qx76emsnQr60FBCSH4E2lM3A11umiZMAt8nSNA97v/WCrCa3xEkIUOs8yIayHvR6E6omr5huIFkSayib8utNqpokTgLuZJKlLOD91guvmnxHnASSJamGUn6/NVKLJtqPOAkgWRoGu9/m0tUkcRIgkiyNQt1vS/mHSsRJwI/AGspGmOut7VGcBJAs6UmQ+20eVDVJnASSJTcN5TLE9Zb3k7ItmG4gWXLUUDYCXG8D3+IkgGTpJrVlHt56GyUl+0icBJIldw3lMrj1dvAwTgJIlnQe2H5rhFJNzgrFSQDJ0jCw/bZ2fRqAOAnYJ6VahbXfNkFUk5o4CSRL7hvKRkhPKNvexkkAyZLO3O836fWWScdJAMmSfEO5cbbe5KtJ4iRgt/W/oQxnvQ2Jk4DTLbxvKNehrLcRcZINwKX2vKHcBLLexsRJdgCtr543lGGst4n2P04CSJamQey3tVA16T5OAkiWViHst45UNek+TgJIltoB7Leuxw+VFq9UNQFvtKOG0v1+q/lZTRIngWTJ24Zy4/t6y3VJcVJLVRnwPSnFID1V1/f1NpSMkwCSJfcNZc3v9bYqJ066VkA5SJYO6Yk6Xq+3MXESEFiypHOf91vXx4dK+rMCUF6yNPV4v9XEq0n3cRJAsrTyd791PKwmFwpAyclS29v91pOvJt3HSQDJks483W91F9Wk+zgJIFnq537ut6ZANSkQJwEkS8INZc/P9TYlTgLCTZZG6SnqPq63lWCcBGDvVUPZ9HC9tYmTgKCTJT3xb7/1PKomt3cKgGiyNPVuv9VPqibF4yQAF9qbp0tN39bbILFJ/1QA5JOlttB+E1hvN27iJAC38g2l2H5rpIUdEpt+KDcAkqV+7tN+m59eTcrHSQBaX+QbSpn9tvSimjw/droB2HvRUDb8WW9nbuMkANfbxJqx8H4rYb21XcdJAFpX7hvKpS/rLdMexkkAyZL806WGH+st7/sQJwHYvXPdUM79WG8DT+IkALeOG8qlF+ttlFiyV74ASJYyD/ZbQ6iaJE4CAkiW+rn7/bZOi5joGOMkgGRp6H6/bRxWk/qN8gtAsjRyvt+67qrJ7U75BiBZGjveb2t31eQvBUAgWZJoKDdu11uWWKAvFQCBZEmmoSxhvQlXk19byj4At44ayrXL9TaMO04CSJZuHO63jZNqcisQJwEkS6INpbv1No4+TgJIlnTuar+t5atJ4iQggGRp6Gq/deQfKhEnASEkSytH+60rXk0SJwFhJEtjJ/utJlNNysdJAHYfhZ8ubVyst4w4CQjHrWxD2XWw3vI+cRIQkMuZaENZk19vQ+IkILBkSbKh7Iivt1VyiiumGyBvr+Uayq70ehtXLE4CSJZ0LrvfanIPld45ipMAvF4kxU1l91tHrJokTgICTZZWovutJ1RNzpzGSQDen5AstQX3Wz09wk0l4ySAZElncvutKVJN6r1yDsDbmURD2RNbb7muapwEkCwNUnN1qfU2JE4CgvdBl99QNgXW2ynVpL5QAMJPlg6l7LcT1lu70nESQLKkc4n9Vi+9mrxVcQBIlqYS+61pXk0SJwFVT5ZW5vut/PU2SIr40lLxAEiW2qXvt4Z5NUmcBJAs6azs/TZPzRyIk/4BIFnq5yXvt2WJ1eTVKwUgtmTJtKFslLvepsRJAMnSv41K3W/z0qrJd58UgCiTJbOGclnmemsTJwEkS/+jJ+Xtt0ZJ1eTsrQIQbbJk1lDOLaw3k2qSOAkgWTorbb8ty6gm9QcFICjXxyZL7bL2W2pgRJwEkCyZNJQW9tvavJokTgLi9llbbygL7LdN+qKJJk4CSJaKNZSNMp5QTomTgKpY2G4o5yWstzPiJKA6vh21jMbpSzb211ubOAmoktZHuw2l9fWWaeIkoFp+WH26tLa83vI+cdLTAJKlM8v7bWOxmtzeqSgAaJ1bbCjtrrcRcdLzAJKlzOZ+q6XPG5tPt58qIgDutuYNpcX91rFVTX4kTqoskCwNLe63rqXTAD9UdQEkSyNr+61moZokTgJIlsa29lvHSjV53lJxAvDDxsGArqX1lhEnAbieWWgoa8XXm3k1SZwEkCyZNpQdK+ttmJhYECf9E0CydGNjv3WLV5PESQDJknlDWTt9vY2Jk44CkCzp3GC/FV5vmSZOOg5AsjQ8eb/1DKtJ4iQAJsnS6sT9VjevJomTAPwwbCiL77dm+pSbl8fjZwWAZMm4oeydtN4y4iQA5smSUUNZP2G95Tp5wS/iJIBk6biGsnnCehsSJz0BwG5bsKHsFV9vq+R5X5+OkwCQLB2K7rd6kWqSOAnApS7UUDYN1luBanL7fJwEgGRpWnC/Lc2ryXtxEgDsjRtK8/3WMKkmiZMAFEiW2kX229ygmjSIkwCQLBk2lL0C6+1gGCcBwBt9bEPZOHq95dpGnASAZGmQPmJ+9HqbHhEnAcD34xrK5bHrbWUrTgJAsnQ4br81jnqotL1WjwCA1leDhtJkv82PqSZ/txQAHJksTY/ab0vzalK/UQBwfLJ0dsx+Sx8YJI97R5wEoFiy1Dbfb2vjavKXAoBiyZLOjPfbxrCanBEnASieLPVz0/3WTe+b6MfjpJYCgOLJ0sBwv62NqklNnATgxGRplN63MVtvZxbiJAAkSwYNpdF6a5cUJwEgWdKT9J61wXrLdFlxEgCSpanBfru/3vK+xTgJAMnS8w3ly+ttYC1OAoAL/VhD+fx+q6V/NSo1TgJAsqSzF/Zb5141aTdOAoDb5xvK59fbRJcdJwEgWRo+t9/urbd8aj1OAoDWl2cays1z6+3szzjplQIA+8nSOP2f7jPrrV1OnAQA19snG8rak+st+yNO2ilLAKB19dTTpc5T6y3vlxknASBZeryh7D613ob34qRLZRUA7N493lDWHl9vI8k4CQDJUvbnfru/3sbJ/+m9AoCSk6V+/th+692rJuXiJAAkS8NH9lv9kWrySiROAkCyNHq435p/qSb/3t492AgQBGAYnejiLeJs27b7L+ZujQKW70WLCv7ky0y7cRIgWcobyu36eqtVk+/fAaClZCk/MGCmsd42u4iTAMlS3lDO1dfbbv77/CK0CZAsLdb323ZeTXYTJwGSpbtyv+Xr7Sbbdp8BoPVkabOy3+Yq1eTzQwBoP1na2C3323V+oVJncRIgWToo9ltUVJMbewGgo2TpJt9vl3k1KU4COkyW4oZyO1tvd/H7fQDoMFmKG8ooWW+bHcdJAC9fSUN5Ga+3uJr8FScBnSdLi0vX8Xo76UGcBHB6/t9QRtHSjTgJ6Euy9HZ5udqXOAngdWd7d6c3cRLA7eKNOAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/gAkfH+FBWMSNQAAAABJRU5ErkJggg== - mediatype: image/png + - base64data: iVBORw0KGgoAAAANSUhEUgAABJQAAAReCAMAAAC2B5qlAAABDlBMVEVHcEzwWSfsUijpTSjnSyjiQynlSCnpTijtVSjxWyfvVyjvVyjvWCjsUyjkRSntUyjrUCjqTyjqUCjwWCfuVijmSSnlRyn1YSfwWCjrUSjuVCjqTijuVifrUijpTijsUijnSyjuVif0cifwWCj8oyb8oyb8jyb8bSb8iSb8jib8gSb0Xyf8lSb8oCb8dyb7ayb6aSb8nCb8cCb8jSb8kib8lib8iCb8fib8dCb8mSb8jCb8lCb8nSb8jCbuVSj8kib4ZSf8iyb8iyb8hSb8kSb8iibrUSj2Yyf8myb8iib8kCb8eyb8mib8kib8kCb8mCb8gCb8jib8lib8lyb8kCb8lCb8kSb8iSb8kCb8kCYx+jFhAAAAWnRSTlMALq/o////8cJKulc8pv+cz9zWZJL4+xAfkoficUrCuPB87f8Q////H5L//9////////+H////////cNb7ZP/P//9X/8BK///3PK//8y6m7y6c5+t8yLh8yN3b2h1aAAAhEElEQVR4AezdB24ryRWF4VI4yiKVKenl9/a/RyMZhZ6RQLftUddtfd8WiPSDXec2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAT+vg8Og4ycnp2XkbFudnpydJjo8uDtqawcFRuqPLNiQuJz/TVVstuN5k4qwNiLNMbLZtpeAmf3XbhsNt/uqsrRIc5u/u2mC4y98dthWC+7zloQ2Fbd5y39YHHvOWp10bCLunvOWxrQ5s87brNhAO87ZtWxs4zdse20B4zNuO2srAQd5z3obBed7z3NYFrvOeszYMzvKebVsXOMp79FuBetNvrM5z3nfVGL7e9Bur/e/Nl3k1602/scp6028F6k2/od4S6xgF6i3ZtfVDvfl+sky9JS9t3VBv3Wkbjw9c1zzpALtEvxX9wLXbtNWAh0S/Vf3AtXttawFfEv1Wp97W32+wSVfgwzz1tvJ+g9d0VT7MU2/r7zeMPvswr0C96TfU2zj9pt70G+qtUr+pt+RrWzfUW/eljUa9rfb4DDxlv82usajdJvs9tRWAr9lj9FNLPnDtLlt9cJfU7jcfuHY3bR1Qb1X+2FFv6+83uEznw7wC9bb2foObdD7MK1Bv+g31Nka/qTf9hnor12/qLfnWykO91e839dZ9b+XhPsbw/cbuJNFvuI9R7GGVD1zdDmUNfqSr87DKB65uh6LehEGBv0jr3w6Fq8xx34am3ur3GxymK/BhnnrTb6i3MfpNvek31Nu4D6vUm9uhqLc6/abe3A6l/sJq/X5TbxM/W124jzF+v3GfuZ5bTXCduc4aH+4sc21bTXCUzh871f8irX87FJ4z33kblOeJ9fsNtpnvR2OBetNvqLcC/abe9BvqrcbDKvWW7Fp5qLf6D6vUW/fSikO91e839Vb/dijuY5ToN/Wm33AfY5x+4yIzlL49A7f575y2AXmeWP/2DPR6qz+M4Xli/dsz8JquwDCG54n6DfVW4cM89abfUG8eVg1Vb/oN9eZhVYl6S341qF9v+q1IvbkdioVV/TZSvek33Mco02+eJ3ZfG9Rxk9TvN88T3Z5BvVXoN88T3Z6hnsv8bx7aojxPdHsG9WYYYwFfEv2GevPHTrl602+oNw+rhqo3/YZ687CqRL0l3xvUX1jVb1XqTb9hYVW/Fau35FuDCn4klfrN80T9hnrTbwM4yXxuz1DSVbL2fvM80e0ZKjlMZxhjWHeZcnsG9eaPnQofuOo31JsP8xaoN/2GevOwqkC96TcsrOq3YvWW/GxQf2FVv9WoN7dDcR9Dvw1Qb26HYmFVvy3gOPPZLqak50S/VR6XsV2M+xj6bQFnmXJ7BvWm36p94KrfUG/JeWOAcRn9hnrzYd4C9abfsLDqYVWBenN7BgurHlZVq7dk16D+wqp+K19v3UuD+gur+q1+vek3Ctgkn6bfjMt0DQb1mhTrN88TbRej3vRbgXEZt2dQb/qtwLiM2zOoN8MYQ9SbfsNGj4dVA9WbfsPCqodVBepNv1HAfToPqz5VvSVfG4znJtFvxevN7VDUm34rMC6j37Cwqt+KjMt09w0q1Jt+KzAuY7sY9abfCozL2C5Gvem3AcZl3J7BRo9hjAL1pt+w0TPVWLre9BsWVj2sKlZvybcGIzlM52HVJ6y35HuDAvXmw7wC9abfsLCq3wqMy+g31Jt+G2Aa1HYx6m2AfvOBq+1i1NsS/cbXTNguRr0V6TfToPoNGz31+029JT9bfVhYrT+Mod66g1YANnqqPaxSb/Vvz8BRugIf5qk3/YaF1QLDGOpNv6Heluk306D6DfWm3wZwnAnbxai3Av1mXMZ2MeqtQL+ZBrVdjI0e/TbA80T9ho2e6sMY6i3ZtfKw0VN/2FC9dS+tAGz01BnGUG/1b89Ar7cCwxjqTb+h3goMY6g3/YZ6K9BvxmX0G+qtQL8Zl7F9hXr7n/uN60zYLsZGT4F+U2+2i7HRU2AYQ73V6je4z4RhDPWWfG0wzEaPYUP1ltw1GKDe9Jt6028M4DJdpWEM9abfUG+GMQaoN/2GejNsOIDnTTrbV6i3pfuNh0zYLsYrzwL9ZhrUdjE2egr0m2lQ/YaNnqrDGOpNvzGAw3SGMdSb7WKGqjfDhupt6X6Dq0S/qbcCt2dQb+WGMdSbfkO91X9Ypd70G+rNsOF8vzJhuxivPAv0m2lQ28V45Vm53zxPtF2MjZ6JX+0/xtfkk/QbbNMZxlBvtosXx1Gi39Sb7WKG8ZwJw4bqzXYxA9SbflNv+g31Nr/f1Jt+Q70ZxhjCfaLf8MqzwLChaVDbxXjlWeBhleeJhbeLYRP9ZhrUdjHjeE1nGEO92b5aHLeJflNvtotRb4YNx6k328Wot/n9pt70G+qtYL+pN/2Geqvfb+pNv2FhdeJHY4+LRL/hladhQ9OgtosZ4JWnYUPToAu+nYbLTBimd9hh2dszcJPOMIZ6s32FejOMMaPe9BvqzbCherNdvDD1pt/Um35Dvem3ffWm31Bv+k29LdxveOVp2FC92S7GK0/DhvvtNulW/XYarjJhmN5hB9vFy+Iw0W8OO9i+Qr0Zxphfb/oN9WYYQ73ZvmKQejNsqN70G+pNv+2vN/2GetNv6k2/seB3wvpNvek3fCes3/Y4yQyVt4vhOVOGDYf0NTOU3i6GbSYM0zvsYLt4WRylM4xhXMb2FerNMMbMerN9hXozbKjebF8tSb3pN/Wm31Bv+m1Pvek3fCes39SbfsN3wm/2G8fJJ+k32ES/Oexgu5hxvCb6zWEH28WM4zb7GMYwLmO7GPVmmH7iPP/m7TTqzTCGerN9hXrTb3vqzfYV6s2woXr7gH6DX4l+U2/6Dd8Jz+839abf8MpTvznssF8aLPCdsH5zlu9DtovhJtFvDjvYLka9Gaaf4yCdt9OoN8P0zvJ5O416M4wxYL15O41668OG6k2/4Tthw4bqTb/hO2H9tq/e9Bu+E9Zv6k2/4Tth/dZtM777Bh/5nbB+c5Zvj5v2SaDeot92m3S+vUe96Tdn+bydRr0Zxhj1LJ+306i3ZKfe9Bv+aTZsqN70G74T1m976k2/4Z9m/abePqzf4DlVvDjLp9/wnbB+c5Zvph8NFq83/WZcpntssP56029f0/n2HvWm35zl8+096q3r1Fu8nWbtdqnkq3rTb/hO2LCheptJv/G/+P2nlJ+f1J9Sfjf4F3v3ldW4/2xRvB5oHnn9DYA+FhjLgAAbB3LOnXv+M7m3w/pXJ5IsyyV/92cOhL10pCrtrVpZkyy8SdJC1iQtrRhQ1qrUzhpk7U2S1rIGaUurBpTVkfJu1hzrb5K0kTVHV1LHUBZySZsF/RbbYtYcxaakvOz2HtjSN9v0W2zLWXPs6JstKw3U2zc9+q0a1FtPEv2GCeT6oU+/VYF66+uH3MoD9fZNvps1xTL1FtduLol+w8T19s2gyBpig3oLqxhIqqLfQL1JDdpQLlJvUbUk0W+YxFBObfqNeptMW65UvwEj/apLv1Fvk+jK0W+YuN7Cbijpt6WsGYpcvxob8Gp7+t0O/RbRfqNWk25owGsd6A89+i2gw6wRjvSHkQGvNdaf+vRbOdRbX45+KwnHchNtKOk36q2b6y/HVhqot4ZtKA+pt7irSXdgpYF6a9qGcol6C7uapN+qQb25k6wB9qm3UE7k6LfScKp/69Jv1Fv51ST9VhXqzeUF/Ua9lV1N0m/l4UyP2aHf4jjP4hvI0W8Vot7cEf0WxkUDV5Pu1F4OuNTj+vRbFOtZdG097tJeDLjSE/Iu/Ua9lV9NujN7KeBarokbygvqLe5q0l1bCaDemrmhpN5C2Jaj3ypCvTV0Q3lOvcVdTborKwHUW7kNJf1Gvd3I0W+Twa1cQzeU1Fu41ST9Vh7u9LwB/Ua9lVhN0m+l4F4u7IaSfluLv5qk32pAvbk2/Ua9lVtNugcDStRbyA0l/bbQ4NWke2fA897LldlQ0m/UW7Gpl7k34Hkf9ELbWWDr1Fvc1aT7aMCzVuSavKFcoN5mpqcXW7HJgXpzN1lca9Rb3NWke29ARfX2yIaSfqPednO93AcDnvFWrzGg36g356tJ+g3VWdWrHNFvv6PeWnL0GyrQkQu7oaTfNuKvJuk3VF5vcTeU9Nti41eT7j8Dqqg3t1nQb7Vbbvxq0q0aUEW9Od9Q0m/U245erWPAU3K9Xi8LapF6C7uadDn9hqdsyTV/Q7lMvdWrrzK2DKim3ly+m4W0Qb0FWE3W12+g3twgo9+ot2KgUnIDHvVJJbXoN+qtJUe/oSIjldVOvd+ot7Yc/Ybq6y3uhpJ+W8oi6srRb6jKUC7shpJ+2w+7mgzQb6De3Db9VpPDOVlNupEB1dWb66Xbb9RbT5MYG/BPx5pMP9V+o976mszQAOcO5OZlQ3lIvdWgm2syBwY4N1Z5YY8uLVFv9awmY/QbqLf4G8p96i3uatIdG/C3z5pcO71+o95O5IL0G6g3102t36i3rhz9hiqdyYXdUNJv51kwRS5Hv6FKp6rEDv02VRcRV5MB+w3Um+ul1G8coTySC9VvoN5cP51+o976qsqZ/Q74IjdfG8oL6i3uatKd2u+AS7k521BSb3FXk+7SfgNcyc3bhvKcepuSbVXoyoBfXatKJ/RbCvV2oipd26+AW1WqS7/Nf73dyNFvqNqdqpUX9FuAeguymqTfUMK9XNgNJf22lgUykKPfwqLe3BH9Nt/1diRHvwVGvbk+/Va1hfgHlei3cKg3l3fpt4qtxV9N0m8hUG/xN5Tr1Fvc1aR7sJ+AFbn53FAuUG9xV5Punf0AvJebzw3lGvVWpZ6m495+AD5oSrr02zzW242m5IN9B7zVtOQF/TZ/9baba1pW7BtgVVMzoN/mr94Gmpr39g3QkQu7oaTfNuIfVKLf4qLeXJt+q8Zi/NUk/VY96i3uhpJ+W46/mqTfIqPe3KCg3+an3opNOfqtUag3t52FsEi9hV1Nuvw/A1bl5nlDuUy9xV1NulUDOpq6myyADeot7mrSdQzI5aJuKOm3xfleTbrckodPqsGAfpuDeisGqsGWpQ4j1eGIfmt+vbVUB/oNuVzUDSX9tjTnq0lHv2EoF3ZDSb/tB1hNytFvzUW9uc2CfivvMMhqkn5rPurNbdNvTa63HTn6rdGoN9ej35pbbz3V56s5UG/zvaE8pN5K6qtGI0sZxqpRvpvN2BL1FnY16caWMBzLpbCh3Kfe4q4m3dDShQPVq0W/NbHeWqrXgYF6q02bfmtevZ2oLvQbzuTCbijpt/NEVpPu2FKFU7mwG0r67SKbpSJX7Q4M1Jvibijpt/V4q0n6rfmoN9ej35pUb0eqGf1GvdWvn83QBfUWdzVJv2Esl8yGknqLc1DpcZcG6q16QY8unVNvcVeT7sxShGvNSot+a0a9tTQrp5YiXMoltKGk3oKuJuk33GmGuvH7jXq70QxdWXpwLxd2Q0m/rSW1mnTXlh7capZ2ovcb9TbQrNBv1FvcDSX9tpDYapJ+o95mqB+536i3tmpGv+GjXFobynXqLe5q0j1YaiCX2oZygXqLu5p0lhjsyaW2oVyj3p6zrbrxUVy8VwAnMfuNejtRAPcGvhAQbUNJvy2ks5rkTRMcKIK8iNdv1FuRK4KOgYdv0TaU9NtGOqtJHr/hQTEc0W+PW0zo0wD8UsJHBdGn3x61nNBqkl9KGCmIvBup36i3bq4gOgaeviW0oVyk3v6t2FQUpwZefUtoQ7lMvQVbTfLyG4ZyCW4oN6i3f+ppVlh0460C6cboN+rtRoFYanCrOPIiQr9Rb7u54ri11OCLAhlE6DfqbaBAri01uFIkR/Tbn5aSXU3y5Un6LYQ2/faH/dRWk0wnsSoXb0NJvx1m9eoqlC1LEMZyCW4oF6m3YKtJjpngk0LZnmW/UW87CuWTgZdyk9tQHlJv0VaT7qOlCXe5QrnJarVEvf1PX6Hkd5YobMmlt6Hcp958NUm8ObCgdIOZ9Bv1VgwUBbtJdBRxQ0m/LSW8mtTIwG+laBtK+u083dWkDgyJuw+4oaTfLtJdTd4bkjfMFchmQb/9v/W0Diq5fM8AW/mY6oZyn3oLtpr8sGLfANcKpJfV5oJ6y45CphtwfJnmhpJ66yuOy2MDPOH+j737Sk7j+eIo3g8Uj7x6AXg0GNQDjIgSJigQnbP3v5B/Dj9ZqRl6boc5n118q07de554Q09SKeuqr7dMJ964eq0qD/dc6Ao2lJv411so1aS+UMAfdtsKPl2Kf70FUk2+e68eAm6r11CuK73ebng8CZIl+YYywP3WCaSaFIiTgNaXqjWU4a83kWqSOAkkS4Pq7rdatapJTZwUCJKlkdv9Fv96WxEnIRStq8QL41RCt6rrrZ14YUGcJIBkKayGslbN9ZZp4iSEZPeuOk+XOuGvt2CryY/icRJIlgJoKLuVXG+DxAM/FBBastSu4H6rVaWanBEnIcRkKYt/v7lYb4fEvfOWAgJMlvp55fZbz+dqkjgJJEvDqu23elq+qfs46U4BoSZLo4rtt6bn1SRxEkiWxtXab734q0n9TQHyyVJQDWW9Sust08RJIFnyvaFsVmi95X3iJJAsed9Q9iq03gbESacDydKN/H6Ldb2NiJNsAMlSVpX91oy6mtSfFSJBsqRz+f0W43qbaOIkxKO1cN9QRr/fGjFXkwuFmJAsrSqx3+YhP1QiTpKH3Uf3DWXc+20ZbTX5saUQGZIlncW/3xqhV5PESfJwOYu0oWzGu97cV5OzayUMJEvhN5TL6NfbgDgJsdrrKBvKRuTrbUScBJKlsBrKedzrbUychJi9XkTYUC7DX2/i1SRxEkiWpjHvt0Y8D5WIk+ThvaNkaRXxflsHWE0SJ4FkqR3vfttEVU0SJ8nD21lkDWUj1ieUGXESSJaCbCjnka63vE+chMr4oBN5g7Qkm0jX2zCRp9+o2IFkSaChjHO9jVzESTsFVClZOqTlWMe43lxUk98VUK1kSecR7rdNNKcB9KUCqpYsTSPcb91YqsmvLQVUL1laRbff1rFUk3sFVDJZase23zppGW6Ik0CyFHZDGdl6y4iTxIBkqZ9Htd9qaQlyTZwEkqXAG8pNVOttSJwkCSRLo9S+bkzrbUWcBJIlHXxDWYtnvY2JkwDVEk2W9CS1rhPNess0cRIgnSxNo9lv3bKqSeIk4HoW9tOlWiTrbUCcBLhIltpx7LdOmdUkcRLwWcs3lGHvt15q2SERoy8UQLJUZkPpYL/Vy64miZOAhXxDGfB+a6aWTRMptwoIxDcdakPZC3+9rYiTAJfJ0ji1qx76emsnQr60FBCSH4E2lM3A11umiZMAt8nSNA97v/WCrCa3xEkIUOs8yIayHvR6E6omr5huIFkSayib8utNqpokTgLuZJKlLOD91guvmnxHnASSJamGUn6/NVKLJtqPOAkgWRoGu9/m0tUkcRIgkiyNQt1vS/mHSsRJwI/AGspGmOut7VGcBJAs6UmQ+20eVDVJnASSJTcN5TLE9Zb3k7ItmG4gWXLUUDYCXG8D3+IkgGTpJrVlHt56GyUl+0icBJIldw3lMrj1dvAwTgJIlnQe2H5rhFJNzgrFSQDJ0jCw/bZ2fRqAOAnYJ6VahbXfNkFUk5o4CSRL7hvKRkhPKNvexkkAyZLO3O836fWWScdJAMmSfEO5cbbe5KtJ4iRgt/W/oQxnvQ2Jk4DTLbxvKNehrLcRcZINwKX2vKHcBLLexsRJdgCtr543lGGst4n2P04CSJamQey3tVA16T5OAkiWViHst45UNek+TgJIltoB7Leuxw+VFq9UNQFvtKOG0v1+q/lZTRIngWTJ24Zy4/t6y3VJcVJLVRnwPSnFID1V1/f1NpSMkwCSJfcNZc3v9bYqJ066VkA5SJYO6Yk6Xq+3MXESEFiypHOf91vXx4dK+rMCUF6yNPV4v9XEq0n3cRJAsrTyd791PKwmFwpAyclS29v91pOvJt3HSQDJks483W91F9Wk+zgJIFnq537ut6ZANSkQJwEkS8INZc/P9TYlTgLCTZZG6SnqPq63lWCcBGDvVUPZ9HC9tYmTgKCTJT3xb7/1PKomt3cKgGiyNPVuv9VPqibF4yQAF9qbp0tN39bbILFJ/1QA5JOlttB+E1hvN27iJAC38g2l2H5rpIUdEpt+KDcAkqV+7tN+m59eTcrHSQBaX+QbSpn9tvSimjw/droB2HvRUDb8WW9nbuMkANfbxJqx8H4rYb21XcdJAFpX7hvKpS/rLdMexkkAyZL806WGH+st7/sQJwHYvXPdUM79WG8DT+IkALeOG8qlF+ttlFiyV74ASJYyD/ZbQ6iaJE4CAkiW+rn7/bZOi5joGOMkgGRp6H6/bRxWk/qN8gtAsjRyvt+67qrJ7U75BiBZGjveb2t31eQvBUAgWZJoKDdu11uWWKAvFQCBZEmmoSxhvQlXk19byj4At44ayrXL9TaMO04CSJZuHO63jZNqcisQJwEkS6INpbv1No4+TgJIlnTuar+t5atJ4iQggGRp6Gq/deQfKhEnASEkSytH+60rXk0SJwFhJEtjJ/utJlNNysdJAHYfhZ8ubVyst4w4CQjHrWxD2XWw3vI+cRIQkMuZaENZk19vQ+IkILBkSbKh7Iivt1VyiiumGyBvr+Uayq70ehtXLE4CSJZ0LrvfanIPld45ipMAvF4kxU1l91tHrJokTgICTZZWovutJ1RNzpzGSQDen5AstQX3Wz09wk0l4ySAZElncvutKVJN6r1yDsDbmURD2RNbb7muapwEkCwNUnN1qfU2JE4CgvdBl99QNgXW2ynVpL5QAMJPlg6l7LcT1lu70nESQLKkc4n9Vi+9mrxVcQBIlqYS+61pXk0SJwFVT5ZW5vut/PU2SIr40lLxAEiW2qXvt4Z5NUmcBJAs6azs/TZPzRyIk/4BIFnq5yXvt2WJ1eTVKwUgtmTJtKFslLvepsRJAMnSv41K3W/z0qrJd58UgCiTJbOGclnmemsTJwEkS/+jJ+Xtt0ZJ1eTsrQIQbbJk1lDOLaw3k2qSOAkgWTorbb8ty6gm9QcFICjXxyZL7bL2W2pgRJwEkCyZNJQW9tvavJokTgLi9llbbygL7LdN+qKJJk4CSJaKNZSNMp5QTomTgKpY2G4o5yWstzPiJKA6vh21jMbpSzb211ubOAmoktZHuw2l9fWWaeIkoFp+WH26tLa83vI+cdLTAJKlM8v7bWOxmtzeqSgAaJ1bbCjtrrcRcdLzAJKlzOZ+q6XPG5tPt58qIgDutuYNpcX91rFVTX4kTqoskCwNLe63rqXTAD9UdQEkSyNr+61moZokTgJIlsa29lvHSjV53lJxAvDDxsGArqX1lhEnAbieWWgoa8XXm3k1SZwEkCyZNpQdK+ttmJhYECf9E0CydGNjv3WLV5PESQDJknlDWTt9vY2Jk44CkCzp3GC/FV5vmSZOOg5AsjQ8eb/1DKtJ4iQAJsnS6sT9VjevJomTAPwwbCiL77dm+pSbl8fjZwWAZMm4oeydtN4y4iQA5smSUUNZP2G95Tp5wS/iJIBk6biGsnnCehsSJz0BwG5bsKHsFV9vq+R5X5+OkwCQLB2K7rd6kWqSOAnApS7UUDYN1luBanL7fJwEgGRpWnC/Lc2ryXtxEgDsjRtK8/3WMKkmiZMAFEiW2kX229ygmjSIkwCQLBk2lL0C6+1gGCcBwBt9bEPZOHq95dpGnASAZGmQPmJ+9HqbHhEnAcD34xrK5bHrbWUrTgJAsnQ4br81jnqotL1WjwCA1leDhtJkv82PqSZ/txQAHJksTY/ab0vzalK/UQBwfLJ0dsx+Sx8YJI97R5wEoFiy1Dbfb2vjavKXAoBiyZLOjPfbxrCanBEnASieLPVz0/3WTe+b6MfjpJYCgOLJ0sBwv62NqklNnATgxGRplN63MVtvZxbiJAAkSwYNpdF6a5cUJwEgWdKT9J61wXrLdFlxEgCSpanBfru/3vK+xTgJAMnS8w3ly+ttYC1OAoAL/VhD+fx+q6V/NSo1TgJAsqSzF/Zb5141aTdOAoDb5xvK59fbRJcdJwEgWRo+t9/urbd8aj1OAoDWl2cays1z6+3szzjplQIA+8nSOP2f7jPrrV1OnAQA19snG8rak+st+yNO2ilLAKB19dTTpc5T6y3vlxknASBZeryh7D613ob34qRLZRUA7N493lDWHl9vI8k4CQDJUvbnfru/3sbJ/+m9AoCSk6V+/th+692rJuXiJAAkS8NH9lv9kWrySiROAkCyNHq435p/qSb/3t492AgQBGAYnejiLeJs27b7L+ZujQKW70WLCv7ky0y7cRIgWcobyu36eqtVk+/fAaClZCk/MGCmsd42u4iTAMlS3lDO1dfbbv77/CK0CZAsLdb323ZeTXYTJwGSpbtyv+Xr7Sbbdp8BoPVkabOy3+Yq1eTzQwBoP1na2C3323V+oVJncRIgWToo9ltUVJMbewGgo2TpJt9vl3k1KU4COkyW4oZyO1tvd/H7fQDoMFmKG8ooWW+bHcdJAC9fSUN5Ga+3uJr8FScBnSdLi0vX8Xo76UGcBHB6/t9QRtHSjTgJ6Euy9HZ5udqXOAngdWd7d6c3cRLA7eKNOAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/gAkfH+FBWMSNQAAAABJRU5ErkJggg== + mediatype: image/png install: spec: clusterPermissions: - - rules: - - apiGroups: - - security.openshift.io - resourceNames: - - anyuid - resources: - - securitycontextconstraints - verbs: - - use - serviceAccountName: gitlab-app-anyuid - - rules: - - apiGroups: - - security.openshift.io - resourceNames: - - nonroot - resources: - - securitycontextconstraints - verbs: - - use - serviceAccountName: gitlab-app-nonroot - - rules: - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - apps - resources: - - deployments - - daemonsets - - statefulsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - apps.gitlab.com - resources: - - gitlabs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - apps.gitlab.com - resources: - - gitlabs/finalizers - verbs: - - update - - apiGroups: - - apps.gitlab.com - resources: - - gitlabs/status - verbs: - - get - - patch - - update - - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - batch - resources: - - cronjobs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - batch - resources: - - jobs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - cert-manager.io - resources: - - certificates - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - cert-manager.io - resources: - - issuers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - namespaces - - persistentvolumeclaims - - secrets - - serviceaccounts - - services - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - monitoring.coreos.com - resources: - - prometheuses - - servicemonitors - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - serviceAccountName: gitlab-manager - - rules: - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - verbs: - - list - - watch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch - serviceAccountName: gitlab-nginx-ingress + - rules: + - apiGroups: + - security.openshift.io + resourceNames: + - anyuid + resources: + - securitycontextconstraints + verbs: + - use + serviceAccountName: gitlab-app-anyuid + - rules: + - apiGroups: + - security.openshift.io + resourceNames: + - nonroot + resources: + - securitycontextconstraints + verbs: + - use + serviceAccountName: gitlab-app-nonroot + - rules: + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - apps + resources: + - deployments + - daemonsets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps.gitlab.com + resources: + - gitlabs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps.gitlab.com + resources: + - gitlabs/finalizers + verbs: + - update + - apiGroups: + - apps.gitlab.com + resources: + - gitlabs/status + verbs: + - get + - patch + - update + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - batch + resources: + - cronjobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - cert-manager.io + resources: + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - persistentvolumeclaims + - secrets + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - prometheuses + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + serviceAccountName: gitlab-manager + - rules: + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + verbs: + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + serviceAccountName: gitlab-nginx-ingress deployments: - - label: - control-plane: controller-manager - name: gitlab-controller-manager - spec: - replicas: 1 - selector: - matchLabels: + - label: + control-plane: controller-manager + name: gitlab-controller-manager + spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + strategy: {} + template: + metadata: + labels: control-plane: controller-manager - strategy: {} - template: - metadata: - labels: - control-plane: controller-manager - spec: - containers: - - args: - - --metrics-addr=127.0.0.1:8080 - - --enable-leader-election - - --zap-devel=true - command: - - /manager - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.annotations['olm.targetNamespaces'] - - name: GITLAB_MANAGER_SERVICE_ACCOUNT - value: gitlab-manager - - name: GITLAB_APP_ANYUID_SERVICE_ACCOUNT - value: gitlab-app-anyuid - - name: GITLAB_APP_NONROOT_SERVICE_ACCOUNT - value: gitlab-app-nonroot - - name: NGINX_SERVICE_ACCOUNT - value: gitlab-nginx-ingress - - name: PROMETHEUS_SERVICE_ACCOUNT - value: gitlab-prometheus-server - image: registry.gitlab.com/gitlab-org/cloud-native/gitlab-operator:0.25.1 - livenessProbe: - httpGet: - path: /liveness - port: health-port - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - - containerPort: 6060 - name: health-port - readinessProbe: - httpGet: - path: /readiness - port: health-port - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 200m - memory: 300Mi - requests: - cpu: 200m - memory: 100Mi - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.1 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: https - protocol: TCP - resources: {} - serviceAccountName: gitlab-manager - terminationGracePeriodSeconds: 10 - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: webhook-server-cert + spec: + containers: + - args: + - --metrics-addr=127.0.0.1:8080 + - --enable-leader-election + - --zap-devel=true + command: + - /manager + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: GITLAB_MANAGER_SERVICE_ACCOUNT + value: gitlab-manager + - name: GITLAB_APP_ANYUID_SERVICE_ACCOUNT + value: gitlab-app-anyuid + - name: GITLAB_APP_NONROOT_SERVICE_ACCOUNT + value: gitlab-app-nonroot + - name: NGINX_SERVICE_ACCOUNT + value: gitlab-nginx-ingress + - name: PROMETHEUS_SERVICE_ACCOUNT + value: gitlab-prometheus-server + image: registry.gitlab.com/gitlab-org/cloud-native/gitlab-operator@sha256:4aa6f8407e8d6cc6a09053214a49857bbe74b2d2a01b623edb0448c4eb696bbc + livenessProbe: + httpGet: + path: /liveness + port: health-port + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 6060 + name: health-port + readinessProbe: + httpGet: + path: /readiness + port: health-port + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 200m + memory: 300Mi + requests: + cpu: 200m + memory: 100Mi + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy@sha256:928e64203edad8f1bba23593c7be04f0f8410c6e4feb98d9e9c2d00a8ff59048 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: {} + serviceAccountName: gitlab-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert permissions: - - rules: - - apiGroups: - - "" - - coordination.k8s.io - resources: - - configmaps - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - serviceAccountName: gitlab-manager - - rules: - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - update - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - apiGroups: - - security.openshift.io - resourceNames: - - gitlab-nginx-ingress-scc - resources: - - securitycontextconstraints - verbs: - - use - serviceAccountName: gitlab-nginx-ingress + - rules: + - apiGroups: + - "" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: gitlab-manager + - rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - security.openshift.io + resourceNames: + - gitlab-nginx-ingress-scc + resources: + - securitycontextconstraints + verbs: + - use + serviceAccountName: gitlab-nginx-ingress strategy: deployment installModes: - - supported: true - type: OwnNamespace - - supported: false - type: SingleNamespace - - supported: false - type: MultiNamespace - - supported: false - type: AllNamespaces + - supported: true + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces keywords: - - GitLab - - DevOps - - CI/CD - - DAST - - SAST + - GitLab + - DevOps + - CI/CD + - DAST + - SAST links: - - name: GitLab Docs - url: https://docs.gitlab.com/ - - name: GitLab Operator Documentation - url: https://docs.gitlab.com/charts/installation/operator.html - - name: GitLab and Kubernetes - url: https://about.gitlab.com/solutions/kubernetes/ - - name: Gitlab Reference Architecture - url: https://docs.gitlab.com/ee/administration/reference_architectures/ - - name: GitLab Contact Sales - url: https://about.gitlab.com/sales/ + - name: GitLab Docs + url: https://docs.gitlab.com/ + - name: GitLab Operator Documentation + url: https://docs.gitlab.com/charts/installation/operator.html + - name: GitLab and Kubernetes + url: https://about.gitlab.com/solutions/kubernetes/ + - name: Gitlab Reference Architecture + url: https://docs.gitlab.com/ee/administration/reference_architectures/ + - name: GitLab Contact Sales + url: https://about.gitlab.com/sales/ maintainers: - - email: distribution@gitlab.com - name: GitLab Distribution Team + - email: distribution@gitlab.com + name: GitLab Distribution Team maturity: alpha minKubeVersion: 1.19.0 provider: @@ -607,23 +607,30 @@ spec: url: https://about.gitlab.com/ version: 0.25.1 webhookdefinitions: - - admissionReviewVersions: - - v1 - containerPort: 443 - deploymentName: gitlab-controller-manager - failurePolicy: Fail - generateName: vgitlab.kb.io - rules: - - apiGroups: - - apps.gitlab.com - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - gitlabs - sideEffects: None - targetPort: 9443 - type: ValidatingAdmissionWebhook - webhookPath: /validate-apps-gitlab-com-v1beta1-gitlab + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: gitlab-controller-manager + failurePolicy: Fail + generateName: vgitlab.kb.io + rules: + - apiGroups: + - apps.gitlab.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - gitlabs + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-apps-gitlab-com-v1beta1-gitlab + relatedImages: + - name: cloud-native/gitlab-operator-4aa6f8407e8d6cc6a09053214a49857bbe74b2d2a01b623edb0448c4eb696bbc-annotation + image: registry.gitlab.com/gitlab-org/cloud-native/gitlab-operator@sha256:4aa6f8407e8d6cc6a09053214a49857bbe74b2d2a01b623edb0448c4eb696bbc + - name: manager + image: registry.gitlab.com/gitlab-org/cloud-native/gitlab-operator@sha256:4aa6f8407e8d6cc6a09053214a49857bbe74b2d2a01b623edb0448c4eb696bbc + - name: kube-rbac-proxy + image: gcr.io/kubebuilder/kube-rbac-proxy@sha256:928e64203edad8f1bba23593c7be04f0f8410c6e4feb98d9e9c2d00a8ff59048