From f9df80191873240636f3f201c71c37f30d504d36 Mon Sep 17 00:00:00 2001 From: Adam Kaplan Date: Thu, 18 Jul 2024 22:57:45 -0400 Subject: [PATCH] Set makefile variables - Set default channels. We use the legacy "alpha" channel, can migrate to "candidate" and "stable" channels. - regenerate rbac --- Makefile | 8 +- config/rbac/role.yaml | 346 +++++++++++++++++++++++++++++++++++++++++- 2 files changed, 349 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 54e1aa1a..006b58ad 100644 --- a/Makefile +++ b/Makefile @@ -3,13 +3,14 @@ # To re-generate a bundle for another specific version without changing the standard setup, you can: # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) # - use environment variables to overwrite this value (e.g export VERSION=0.0.2) -VERSION ?= 0.0.1 +VERSION ?= 0.14.0-rc0 # CHANNELS define the bundle channels used in the bundle. # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable") # To re-generate a bundle for other specific channels without changing the standard setup, you can: # - use the CHANNELS as arg of the bundle target (e.g make bundle CHANNELS=candidate,fast,stable) # - use environment variables to overwrite this value (e.g export CHANNELS="candidate,fast,stable") +CHANNELS = "alpha,candidate,stable" ifneq ($(origin CHANNELS), undefined) BUNDLE_CHANNELS := --channels=$(CHANNELS) endif @@ -19,6 +20,7 @@ endif # To re-generate a bundle for any other default channel without changing the default setup, you can: # - use the DEFAULT_CHANNEL as arg of the bundle target (e.g make bundle DEFAULT_CHANNEL=stable) # - use environment variables to overwrite this value (e.g export DEFAULT_CHANNEL="stable") +DEFAULT_CHANNEL=stable ifneq ($(origin DEFAULT_CHANNEL), undefined) BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL) endif @@ -29,7 +31,7 @@ BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL) # # For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both # shipwright.io/shipwright-operator-bundle:$VERSION and shipwright.io/shipwright-operator-catalog:$VERSION. -IMAGE_TAG_BASE ?= shipwright.io/shipwright-operator +IMAGE_TAG_BASE ?= ghcr.io/shipwright-io/operator/operator # BUNDLE_IMG defines the image:tag used for the bundle. # You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=/:) @@ -51,7 +53,7 @@ endif OPERATOR_SDK_VERSION ?= v1.35.0 # Image URL to use all building/pushing image targets -IMG ?= controller:latest +IMG ?= $(IMAGE_TAG_BASE):v$(VERSION) # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. ENVTEST_K8S_VERSION = 1.28.3 diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 26dda899..600eb5e8 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -5,9 +5,144 @@ metadata: name: manager-role rules: - apiGroups: - - operator.shipwright.io + - admissionregistration.k8s.io resources: - - shipwrightbuilds + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - admissionregistration.k8s.io/v1beta1 + resources: + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resourceNames: + - buildruns.shipwright.io + - builds.shipwright.io + - buildstrategies.shipwright.io + - clusterbuildstrategies.shipwright.io + resources: + - customresourcedefinitions + verbs: + - delete + - patch + - update +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - get + - list + - watch +- apiGroups: + - apps + resourceNames: + - shipwright-build-controller + resources: + - deployments + verbs: + - delete + - patch + - update +- apiGroups: + - apps + resourceNames: + - shipwright-build-webhook + resources: + - deployments + verbs: + - delete + - patch + - update +- apiGroups: + - apps + resourceNames: + - shipwright-build-controller + resources: + - deployments/finalizers + verbs: + - update +- apiGroups: + - apps + resourceNames: + - shipwright-build-webhook + resources: + - deployments/finalizers + verbs: + - update +- apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - create + - get + - list + - watch +- apiGroups: + - cert-manager.io + resourceNames: + - shipwright-build-webhook-cert + resources: + - certificates + verbs: + - delete + - patch + - update +- apiGroups: + - cert-manager.io + resources: + - issuers + verbs: + - create + - get + - list + - watch +- apiGroups: + - cert-manager.io + resourceNames: + - selfsigned-issuer + resources: + - issuers + verbs: + - delete + - patch + - update +- apiGroups: + - "" + resources: + - configmaps + - events + - limitranges + - namespaces + - pods + - secrets + - services verbs: - create - delete @@ -16,6 +151,57 @@ rules: - patch - update - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - watch +- apiGroups: + - "" + resourceNames: + - shipwright-build-controller + resources: + - serviceaccounts + verbs: + - delete + - patch + - update +- apiGroups: + - "" + resourceNames: + - shipwright-build-webhook + resources: + - serviceaccounts + verbs: + - delete + - patch + - update +- apiGroups: + - operator.shipwright.io + resources: + - shipwrightbuilds + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - operator.shipwright.io resources: @@ -30,3 +216,159 @@ rules: - get - patch - update +- apiGroups: + - operator.tekton.dev + resources: + - tektonconfigs + verbs: + - create + - get + - list +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + verbs: + - create + - get + - list + - watch +- apiGroups: + - rbac.authorization.k8s.io + resourceNames: + - shipwright-build-controller + resources: + - clusterrolebindings + verbs: + - delete + - patch + - update +- apiGroups: + - rbac.authorization.k8s.io + resourceNames: + - shipwright-build-webhook + resources: + - clusterrolebindings + verbs: + - delete + - patch + - update +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + verbs: + - create + - get + - list + - watch +- apiGroups: + - rbac.authorization.k8s.io + resourceNames: + - shipwright-build-aggregate-edit + resources: + - clusterroles + verbs: + - delete + - patch + - update +- apiGroups: + - rbac.authorization.k8s.io + resourceNames: + - shipwright-build-aggregate-view + resources: + - clusterroles + verbs: + - delete + - patch + - update +- apiGroups: + - rbac.authorization.k8s.io + resourceNames: + - shipwright-build-controller + resources: + - clusterroles + verbs: + - delete + - patch + - update +- apiGroups: + - rbac.authorization.k8s.io + resourceNames: + - shipwright-build-webhook + resources: + - clusterroles + verbs: + - delete + - patch + - update +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - get + - list + - watch +- apiGroups: + - rbac.authorization.k8s.io + resourceNames: + - shipwright-build-controller + resources: + - rolebindings + verbs: + - delete + - patch + - update +- apiGroups: + - rbac.authorization.k8s.io + resourceNames: + - shipwright-build-webhook + resources: + - rolebindings + verbs: + - delete + - patch + - update +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - get + - list + - watch +- apiGroups: + - rbac.authorization.k8s.io + resourceNames: + - shipwright-build-controller + resources: + - roles + verbs: + - delete + - patch + - update +- apiGroups: + - rbac.authorization.k8s.io + resourceNames: + - shipwright-build-webhook + resources: + - roles + verbs: + - delete + - patch + - update +- apiGroups: + - shipwright.io + resources: + - clusterbuildstrategies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch