parent
a5bb300570
commit
3246a15442
11 changed files with 255 additions and 189 deletions
26
operator/olm-assembly.xml
Normal file
26
operator/olm-assembly.xml
Normal file
|
@ -0,0 +1,26 @@
|
|||
<assembly>
|
||||
|
||||
<id>olm</id>
|
||||
|
||||
<formats>
|
||||
<format>zip</format>
|
||||
</formats>
|
||||
|
||||
<includeBaseDirectory>false</includeBaseDirectory>
|
||||
|
||||
<fileSets>
|
||||
<fileSet>
|
||||
<directory>${project.build.directory}/bundle/keycloak-operator</directory>
|
||||
<outputDirectory></outputDirectory>
|
||||
<includes>
|
||||
<include>**/**</include>
|
||||
</includes>
|
||||
<excludes>
|
||||
</excludes>
|
||||
</fileSet>
|
||||
</fileSets>
|
||||
|
||||
<files>
|
||||
</files>
|
||||
|
||||
</assembly>
|
|
@ -1,14 +0,0 @@
|
|||
FROM scratch
|
||||
|
||||
# Core bundle labels.
|
||||
LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1
|
||||
LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
|
||||
LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
|
||||
LABEL operators.operatorframework.io.bundle.package.v1=keycloak-operator
|
||||
LABEL operators.operatorframework.io.bundle.channels.v1=fast
|
||||
LABEL operators.operatorframework.io.bundle.channel.default.v1=fast
|
||||
LABEL com.redhat.openshift.versions=v4.6
|
||||
|
||||
# Copy files to locations specified by labels.
|
||||
COPY manifests /manifests/
|
||||
COPY metadata /metadata/
|
File diff suppressed because one or more lines are too long
|
@ -1,9 +0,0 @@
|
|||
annotations:
|
||||
# Core bundle annotations.
|
||||
operators.operatorframework.io.bundle.mediatype.v1: registry+v1
|
||||
operators.operatorframework.io.bundle.manifests.v1: manifests/
|
||||
operators.operatorframework.io.bundle.metadata.v1: metadata/
|
||||
operators.operatorframework.io.bundle.package.v1: keycloak-operator
|
||||
operators.operatorframework.io.bundle.channels.v1: fast
|
||||
operators.operatorframework.io.bundle.channel.default.v1: fast
|
||||
com.redhat.openshift.versions: "v4.6"
|
|
@ -67,6 +67,10 @@
|
|||
<groupId>io.quarkiverse.operatorsdk</groupId>
|
||||
<artifactId>quarkus-operator-sdk</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>io.quarkiverse.operatorsdk</groupId>
|
||||
<artifactId>quarkus-operator-sdk-bundle-generator</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>io.quarkus</groupId>
|
||||
<artifactId>quarkus-resteasy-jackson</artifactId>
|
||||
|
@ -277,7 +281,7 @@
|
|||
<artifactId>maven-assembly-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>assemble</id>
|
||||
<id>assemble-quarkus</id>
|
||||
<phase>package</phase>
|
||||
<goals>
|
||||
<goal>single</goal>
|
||||
|
@ -290,6 +294,20 @@
|
|||
<workDirectory>${project.build.directory}/assembly/work</workDirectory>
|
||||
</configuration>
|
||||
</execution>
|
||||
<execution>
|
||||
<id>assemble-bundle</id>
|
||||
<phase>package</phase>
|
||||
<goals>
|
||||
<goal>single</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<descriptors>
|
||||
<descriptor>olm-assembly.xml</descriptor>
|
||||
</descriptors>
|
||||
<appendAssemblyId>true</appendAssemblyId>
|
||||
<workDirectory>${project.build.directory}/bundle-assembly/work</workDirectory>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
|
|
|
@ -1,40 +1,76 @@
|
|||
#!/bin/bash
|
||||
set -euxo pipefail
|
||||
|
||||
# Ex: 21.0.0
|
||||
VERSION=$1
|
||||
# Ex: 20.0.0
|
||||
# Ex: NONE [if no replaces]
|
||||
REPLACES_VERSION=$2
|
||||
# Ex: keycloak/keycloak-operator:999.0.0-SNAPSHOT
|
||||
OPERATOR_DOCKER_IMAGE=$3
|
||||
|
||||
CREATED_AT=$(date "+%D %T")
|
||||
|
||||
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
||||
|
||||
{ set +x; } 2>/dev/null
|
||||
echo ""
|
||||
echo "Creating OLM bundle for version $VERSION replacing version $REPLACES_VERSION"
|
||||
echo ""
|
||||
set -x
|
||||
|
||||
rm -rf $SCRIPT_DIR/../olm/$VERSION
|
||||
mkdir -p $SCRIPT_DIR/../olm/$VERSION
|
||||
cd "$SCRIPT_DIR"
|
||||
|
||||
cp -r $SCRIPT_DIR/../olm-base/* $SCRIPT_DIR/../olm/$VERSION
|
||||
rm -rf ../olm/$VERSION
|
||||
mkdir -p ../olm/$VERSION
|
||||
|
||||
# Inject RBAC rules
|
||||
yq ea '.rules as $item ireduce ({}; .rules += $item)' $SCRIPT_DIR/../target/kubernetes/kubernetes.yml | \
|
||||
yq ea -i 'select(fileIndex==0).spec.install.spec.permissions[0] = select(fileIndex==1) | select(fileIndex==0)' $SCRIPT_DIR/../olm/$VERSION/manifests/clusterserviceversion.yaml - && \
|
||||
yq ea -i '.spec.install.spec.permissions[0].serviceAccountName = "keycloak-operator"' $SCRIPT_DIR/../olm/$VERSION/manifests/clusterserviceversion.yaml && \
|
||||
yq ea -i ".metadata.annotations.containerImage = \"$OPERATOR_DOCKER_IMAGE:$VERSION\"" $SCRIPT_DIR/../olm/$VERSION/manifests/clusterserviceversion.yaml && \
|
||||
yq ea -i ".metadata.annotations.createdAt = \"$CREATED_AT\"" $SCRIPT_DIR/../olm/$VERSION/manifests/clusterserviceversion.yaml && \
|
||||
yq ea -i ".metadata.name = \"keycloak-operator.v$VERSION\"" $SCRIPT_DIR/../olm/$VERSION/manifests/clusterserviceversion.yaml && \
|
||||
yq ea -i ".spec.install.spec.deployments[0].spec.template.spec.containers[0].image = \"$OPERATOR_DOCKER_IMAGE:$VERSION\"" $SCRIPT_DIR/../olm/$VERSION/manifests/clusterserviceversion.yaml && \
|
||||
yq ea 'select(.spec.template.spec.containers[0].env) | .spec.template.spec.containers[0].env[-1]' $SCRIPT_DIR/../target/kubernetes/kubernetes.yml | \
|
||||
yq ea -i 'select(fileIndex==0).spec.install.spec.deployments[0].spec.template.spec.containers[0].env += select(fileIndex==1) | select(fileIndex==0)' $SCRIPT_DIR/../olm/$VERSION/manifests/clusterserviceversion.yaml - && \
|
||||
yq ea -i ".spec.version = \"$VERSION\"" $SCRIPT_DIR/../olm/$VERSION/manifests/clusterserviceversion.yaml
|
||||
# Extract the files generated by Quarkus during the maven build
|
||||
unzip -q -d ../olm/$VERSION ../target/keycloak-operator-*-olm.zip
|
||||
|
||||
# Find the CSV YAML
|
||||
CSV_PATH="$(find "../olm/$VERSION" -type f -name '*.clusterserviceversion.yaml')"
|
||||
|
||||
# Insert operator image coordinate
|
||||
yq ea -i ".metadata.annotations.containerImage = \"$OPERATOR_DOCKER_IMAGE:$VERSION\"" "$CSV_PATH"
|
||||
yq ea -i ".spec.install.spec.deployments[0].spec.template.spec.containers[0].image = \"$OPERATOR_DOCKER_IMAGE:$VERSION\"" "$CSV_PATH"
|
||||
|
||||
# Edit the CSV version, replaces, etc.
|
||||
|
||||
yq ea -i ".metadata.annotations.createdAt = \"$(date "+%D %T")\"" "$CSV_PATH"
|
||||
yq ea -i ".spec.version = \"$VERSION\"" "$CSV_PATH"
|
||||
yq ea -i ".metadata.name = \"keycloak-operator.v$VERSION\"" "$CSV_PATH"
|
||||
yq ea -i '.metadata.namespace = "placeholder"' "$CSV_PATH"
|
||||
|
||||
if [[ $REPLACES_VERSION = "NONE" ]]
|
||||
then
|
||||
yq ea -i "del(.spec.replaces)" $SCRIPT_DIR/../olm/$VERSION/manifests/clusterserviceversion.yaml
|
||||
yq ea -i "del(.spec.replaces)" "$CSV_PATH"
|
||||
else
|
||||
yq ea -i ".spec.replaces = \"keycloak-operator.v$REPLACES_VERSION\"" $SCRIPT_DIR/../olm/$VERSION/manifests/clusterserviceversion.yaml
|
||||
yq ea -i ".spec.replaces = \"keycloak-operator.v$REPLACES_VERSION\"" "$CSV_PATH"
|
||||
fi
|
||||
|
||||
mv $SCRIPT_DIR/../olm/$VERSION/manifests/clusterserviceversion.yaml "$SCRIPT_DIR/../olm/$VERSION/manifests/keycloak-operator.v$VERSION.clusterserviceversion.yaml"
|
||||
# Mangle the YAML to make it look more like it did before. The bundle extension
|
||||
# isn't configurable enough to do this itself. No one seems to have the
|
||||
# expertise to say if the changes it makes are ok or not.
|
||||
yq ea -i "del(.spec.install.spec.deployments[0].spec.selector.matchLabels)" "$CSV_PATH"
|
||||
yq ea -i "del(.spec.install.spec.deployments[0].spec.template.metadata.labels)" "$CSV_PATH"
|
||||
yq ea -i "del(.spec.install.spec.deployments[0].spec.template.metadata.annotations)" "$CSV_PATH"
|
||||
yq ea -i "del(.spec.install.spec.deployments[0].spec.template.metadata.namespace)" "$CSV_PATH"
|
||||
yq ea -i "del(.spec.install.spec.deployments[0].spec.template.namespace)" "$CSV_PATH"
|
||||
yq ea -i "del(.spec.install.spec.deployments[0].spec.template.spec.containers[0].ports)" "$CSV_PATH"
|
||||
yq ea -i "del(.spec.install.spec.deployments[0].spec.template.spec.containers[0].livenessProbe)" "$CSV_PATH"
|
||||
yq ea -i "del(.spec.install.spec.deployments[0].spec.template.spec.containers[0].readinessProbe)" "$CSV_PATH"
|
||||
yq ea -i "del(.spec.install.spec.deployments[0].spec.template.spec.containers[0].startupProbe)" "$CSV_PATH"
|
||||
yq ea -i 'del(.spec.install.spec.deployments[0].spec.template.spec.containers[0].env[] | select(.name == "KUBERNETES_NAMESPACE"))' "$CSV_PATH"
|
||||
|
||||
cp target/kubernetes/*.keycloak.org-v1.yml olm/$VERSION/manifests
|
||||
yq ea -i '.spec.install.spec.deployments[0].spec.template.spec.containers[0].resources = {}' "$CSV_PATH"
|
||||
yq ea -i '.spec.install.spec.deployments[0].spec.strategy = {}' "$CSV_PATH"
|
||||
yq ea -i '.spec.apiservicedefinitions = {}' "$CSV_PATH"
|
||||
|
||||
yq ea -i '.spec.install.spec.deployments[0].spec.selector.matchLabels.name = "keycloak-operator"' "$CSV_PATH"
|
||||
yq ea -i '.spec.install.spec.deployments[0].spec.template.metadata.labels.name = "keycloak-operator"' "$CSV_PATH"
|
||||
|
||||
yq ea -i '.spec.install.spec.deployments[0].spec.template.spec.containers[0].env += [{"name": "QUARKUS_OPERATOR_SDK_NAMESPACES", "valueFrom": {"fieldRef": {"fieldPath": "metadata.annotations['"'"'olm.targetNamespaces'"'"']"}}}]' "$CSV_PATH"
|
||||
yq ea -i '.spec.install.spec.deployments[0].spec.template.spec.containers[0].env += [{"name": "POD_NAME", "valueFrom": {"fieldRef": {"fieldPath": "metadata.name"}}}]' "$CSV_PATH"
|
||||
yq ea -i '.spec.install.spec.deployments[0].spec.template.spec.containers[0].env += [{"name": "OPERATOR_NAME", "value": "keycloak-operator"}]' "$CSV_PATH"
|
||||
|
||||
{ set +x; } 2>/dev/null
|
||||
echo ""
|
||||
echo "Created OLM bundle ok!"
|
||||
|
|
|
@ -0,0 +1,139 @@
|
|||
/*
|
||||
* Copyright 2021 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.keycloak.operator.controllers;
|
||||
|
||||
import io.quarkiverse.operatorsdk.bundle.runtime.CSVMetadata;
|
||||
import io.quarkiverse.operatorsdk.bundle.runtime.SharedCSVMetadata;
|
||||
|
||||
@CSVMetadata(
|
||||
version = "KCOP_NEXT",
|
||||
name = "keycloak-operator",
|
||||
replaces = "keycloak-operator.KCOP_PREVIOUS",
|
||||
displayName = "Keycloak Operator",
|
||||
provider = @CSVMetadata.Provider(
|
||||
name = "Red Hat"
|
||||
),
|
||||
maturity = "stable",
|
||||
keywords = {
|
||||
"Keycloak",
|
||||
"Identity",
|
||||
"Access"
|
||||
},
|
||||
maintainers = {
|
||||
@CSVMetadata.Maintainer(
|
||||
email = "keycloak-dev@googlegroups.com",
|
||||
name = "Keycloak DEV mailing list"
|
||||
)
|
||||
},
|
||||
links = {
|
||||
@CSVMetadata.Link(
|
||||
url = "https://www.keycloak.org/docs/latest/server_installation/index.html#_operator",
|
||||
name = "Documentation"
|
||||
),
|
||||
@CSVMetadata.Link(
|
||||
url = "https://www.keycloak.org/",
|
||||
name = "Keycloak"
|
||||
),
|
||||
@CSVMetadata.Link(
|
||||
url = "https://keycloak.discourse.group/",
|
||||
name = "Keycloak Discourse"
|
||||
)
|
||||
},
|
||||
installModes = {
|
||||
@CSVMetadata.InstallMode(
|
||||
type = "OwnNamespace",
|
||||
supported = true
|
||||
),
|
||||
@CSVMetadata.InstallMode(
|
||||
type = "SingleNamespace",
|
||||
supported = true
|
||||
),
|
||||
@CSVMetadata.InstallMode(
|
||||
type = "MultiNamespace",
|
||||
supported = false
|
||||
),
|
||||
@CSVMetadata.InstallMode(
|
||||
type = "AllNamespaces",
|
||||
supported = false
|
||||
)
|
||||
},
|
||||
annotations = @CSVMetadata.Annotations(
|
||||
containerImage = "KCOP_IMAGE_PULL_URL:KCOP_NEXT",
|
||||
repository = "https://github.com/keycloak/keycloak",
|
||||
capabilities = "Deep Insights",
|
||||
categories = "Security",
|
||||
certified = false,
|
||||
almExamples =
|
||||
"[\n" +
|
||||
" {\n" +
|
||||
" \"apiVersion\": \"k8s.keycloak.org/v2alpha1\",\n" +
|
||||
" \"kind\": \"Keycloak\",\n" +
|
||||
" \"metadata\": {\n" +
|
||||
" \"name\": \"example-keycloak\",\n" +
|
||||
" \"labels\": {\n" +
|
||||
" \"app\": \"sso\"\n" +
|
||||
" }\n" +
|
||||
" },\n" +
|
||||
" \"spec\": {\n" +
|
||||
" \"instances\": 1,\n" +
|
||||
" \"hostname\": \"example.org\",\n" +
|
||||
" \"tlsSecret\": \"my-tls-secret\"\n" +
|
||||
" }\n" +
|
||||
" },\n" +
|
||||
" {\n" +
|
||||
" \"apiVersion\": \"k8s.keycloak.org/v2alpha1\",\n" +
|
||||
" \"kind\": \"KeycloakRealmImport\",\n" +
|
||||
" \"metadata\": {\n" +
|
||||
" \"name\": \"example-keycloak-realm-import\",\n" +
|
||||
" \"labels\": {\n" +
|
||||
" \"app\": \"sso\"\n" +
|
||||
" }\n" +
|
||||
" },\n" +
|
||||
" \"spec\": {\n" +
|
||||
" \"keycloakCRName\": \"example-keycloak\",\n" +
|
||||
" \"realm\": {}\n" +
|
||||
" }\n" +
|
||||
" }\n" +
|
||||
"]",
|
||||
others = {
|
||||
@CSVMetadata.Annotations.Annotation(
|
||||
name = "support",
|
||||
value = "Red Hat"
|
||||
),
|
||||
@CSVMetadata.Annotations.Annotation(
|
||||
name = "description",
|
||||
value = "An Operator for installing and managing Keycloak"
|
||||
)
|
||||
}
|
||||
),
|
||||
description =
|
||||
"A Kubernetes Operator based on the Operator SDK for installing and managing Keycloak.\n" +
|
||||
"\n" +
|
||||
"Keycloak lets you add authentication to applications and secure services with minimum fuss. No need to deal with storing users or authenticating users. It's all available out of the box.\n" +
|
||||
"\n" +
|
||||
"The operator can deploy and manage Keycloak instances on Kubernetes and OpenShift.\n" +
|
||||
"The following features are supported:\n" +
|
||||
"\n" +
|
||||
"* Install Keycloak to a namespace\n" +
|
||||
"* Import Keycloak Realms\n",
|
||||
icon = @CSVMetadata.Icon(
|
||||
fileName = "KeycloakController.icon.png",
|
||||
mediatype = "image/png"
|
||||
)
|
||||
)
|
||||
public class KeycloakSharedCsvMetadata implements SharedCSVMetadata {
|
||||
}
|
|
@ -22,10 +22,15 @@ import io.fabric8.kubernetes.model.annotation.Group;
|
|||
import io.fabric8.kubernetes.model.annotation.Plural;
|
||||
import io.fabric8.kubernetes.model.annotation.ShortNames;
|
||||
import io.fabric8.kubernetes.model.annotation.Version;
|
||||
import io.quarkiverse.operatorsdk.bundle.runtime.CSVMetadata;
|
||||
import io.sundr.builder.annotations.Buildable;
|
||||
import io.sundr.builder.annotations.BuildableReference;
|
||||
import org.keycloak.operator.Constants;
|
||||
|
||||
@CSVMetadata(
|
||||
description="Represents a Keycloak Instance",
|
||||
displayName="Keycloak"
|
||||
)
|
||||
@Group(Constants.CRDS_GROUP)
|
||||
@Version(Constants.CRDS_VERSION)
|
||||
@ShortNames(Constants.SHORT_NAME)
|
||||
|
|
|
@ -23,7 +23,7 @@ import io.fabric8.kubernetes.model.annotation.Group;
|
|||
import io.fabric8.kubernetes.model.annotation.Version;
|
||||
import io.sundr.builder.annotations.Buildable;
|
||||
import io.sundr.builder.annotations.BuildableReference;
|
||||
|
||||
import io.quarkiverse.operatorsdk.bundle.runtime.CSVMetadata;
|
||||
import org.keycloak.operator.Constants;
|
||||
import org.keycloak.representations.idm.ComponentExportRepresentation;
|
||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||
|
@ -31,6 +31,10 @@ import org.keycloak.representations.idm.GroupRepresentation;
|
|||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
|
||||
|
||||
@CSVMetadata(
|
||||
description="Represents a Keycloak Realm Import",
|
||||
displayName="KeycloakRealmImport"
|
||||
)
|
||||
@Group(Constants.CRDS_GROUP)
|
||||
@Version(Constants.CRDS_VERSION)
|
||||
@Buildable(editableEnabled = false, builderPackage = "io.fabric8.kubernetes.api.builder",
|
||||
|
|
BIN
operator/src/main/kubernetes/KeycloakController.icon.png
Normal file
BIN
operator/src/main/kubernetes/KeycloakController.icon.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 22 KiB |
|
@ -10,3 +10,7 @@ operator.keycloak.image-pull-policy=Always
|
|||
# https://quarkus.io/guides/deploying-to-kubernetes#environment-variables-from-keyvalue-pairs
|
||||
quarkus.kubernetes.env.vars.operator-keycloak-image=${operator.keycloak.image}
|
||||
quarkus.openshift.env.vars.operator-keycloak-image=${operator.keycloak.image}
|
||||
|
||||
# Bundle config
|
||||
quarkus.operator-sdk.bundle.package-name=keycloak-operator
|
||||
quarkus.operator-sdk.bundle.channels=fast
|
||||
|
|
Loading…
Reference in a new issue