Kustomise files for daily (#256)

Author: idlewis

deploy/kustomize/daily/README.adoc

@@ -0,0 +1,43 @@
+= Installing the Runtime Component Operator using kustomize
+
+This directory contains kustomize files that can be used to install the operator
+in your cluster in various different configurations, and also some example overlays
+which show how the installation can be customized
+
+== base
+The simplest configuration will install the operator into the default namespace, and the operator
+will watch for RuntimeComponent instances only in its own namespace. To install, run:
+`kubectl apply -k base`
+and to uninstall, run:
+`kubectl delete -k base`
+
+== examples/watch-own-namespace
+This example overlay demonstrates how to modify the base configuration to install/watch a
+namespace other than 'default'. The example installs the operator to a namespace called
+'rco-ns' which should already exist. To install, run `kubectl apply -k examples/watch-own-namespace`
+
+== overlays/watch-another-namespace
+This overlay installs the operator into the namespace 'rco-ns', but configures it to
+watch for RuntimeComponent instances in a different namespace called 'rco-watched-ns'. As
+this overlay install resources into two different namespaces, the namespace must not be specified
+in the kustomize.yaml file. To install, run `kubectl apply -k overlays/watch-another-namespace`
+
+
+== examples/watch-another-namespace
+This example overlay builds on the previous one, but demonstrates how to change the
+install and watched namespaces. In this case, the operator is installed into 'rco-ns2'
+and it will watch for resources in 'rco-watched-ns2'. To install run `kubectl apply -k
+examples/watch-another-namespace`
+
+== overlays/watch-all-namespaces
+This overlay installs the operator into the default namespace, but configures it
+to watch for RuntimeComponent instances in any namespace. Compared to the base,
+this requires additional ClusterRoles and ClusterRoleBindings. To install run:
+`kubectl apply -k overlays/watch-all-namespaces`
+
+== examples/watch-all-namespaces
+This example overlay builds on the previous one, and demonstrates how to change
+which namespace the operator is installed into. In this example, the operator
+is installed into a namespace called 'rco-ns', and will still watch for
+RuntimeComponent instances in any namespace. To install, run:
+`kubectl apply -k examples/watch-all-namespaces`

deploy/kustomize/daily/base/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: default
+
+resources:
+  - runtime-component-crd.yaml
+  - runtime-component-operator.yaml
+

deploy/kustomize/daily/base/runtime-component-crd.yaml

@@ -0,0 +1,240 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: runtime-component-operator
+    app.kubernetes.io/managed-by: olm
+    app.kubernetes.io/name: runtime-component-operator
+  name: rco-controller-manager
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/instance: runtime-component-operator
+    app.kubernetes.io/managed-by: olm
+    app.kubernetes.io/name: runtime-component-operator
+  name: rco-leader-election-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - configmaps/status
+  verbs:
+  - get
+  - update
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: runtime-component-operator
+    app.kubernetes.io/managed-by: olm
+    app.kubernetes.io/name: runtime-component-operator
+  name: rco-manager-role
+rules:
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - statefulsets
+  verbs:
+  - '*'
+- apiGroups:
+  - apps
+  resources:
+  - deployments/finalizers
+  - statefulsets
+  verbs:
+  - update
+- apiGroups:
+  - autoscaling
+  resources:
+  - horizontalpodautoscalers
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - secrets
+  - serviceaccounts
+  - services
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - pods/exec
+  verbs:
+  - '*'
+- apiGroups:
+  - image.openshift.io
+  resources:
+  - imagestreams
+  - imagestreamtags
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - servicemonitors
+  verbs:
+  - '*'
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  verbs:
+  - '*'
+- apiGroups:
+  - rc.app.stacks
+  resources:
+  - runtimecomponents
+  - runtimecomponents/finalizers
+  - runtimecomponents/status
+  verbs:
+  - '*'
+- apiGroups:
+  - rc.app.stacks
+  resources:
+  - runtimeoperations
+  - runtimeoperations/finalizers
+  - runtimeoperations/status
+  verbs:
+  - '*'
+- apiGroups:
+  - route.openshift.io
+  resources:
+  - routes
+  - routes/custom-host
+  verbs:
+  - '*'
+- apiGroups:
+  - serving.knative.dev
+  resources:
+  - services
+  verbs:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: runtime-component-operator
+    app.kubernetes.io/managed-by: olm
+    app.kubernetes.io/name: runtime-component-operator
+  name: rco-leader-election-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: rco-leader-election-role
+subjects:
+- kind: ServiceAccount
+  name: rco-controller-manager
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: runtime-component-operator
+    app.kubernetes.io/managed-by: olm
+    app.kubernetes.io/name: runtime-component-operator
+  name: rco-manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: rco-manager-role
+subjects:
+- kind: ServiceAccount
+  name: rco-controller-manager
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/instance: runtime-component-operator
+    app.kubernetes.io/managed-by: olm
+    app.kubernetes.io/name: runtime-component-operator
+    control-plane: controller-manager
+  name: rco-controller-manager
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: runtime-component-operator
+      app.kubernetes.io/managed-by: olm
+      app.kubernetes.io/name: runtime-component-operator
+      control-plane: controller-manager
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/instance: runtime-component-operator
+        app.kubernetes.io/managed-by: olm
+        app.kubernetes.io/name: runtime-component-operator
+        control-plane: controller-manager
+    spec:
+      containers:
+      - args:
+        - --enable-leader-election
+        command:
+        - /manager
+        env:
+        - name: OPERATOR_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: WATCH_NAMESPACE
+          value: default
+#          valueFrom:
+#            fieldRef:
+#              fieldPath: metadata.annotations['olm.targetNamespaces']
+        image: applicationstacks/operator:daily
+        imagePullPolicy: Always
+        name: manager
+        resources:
+          limits:
+            cpu: 200m
+            memory: 256Mi
+          requests:
+            cpu: 100m
+            memory: 20Mi
+      serviceAccountName: rco-controller-manager
+      terminationGracePeriodSeconds: 10

deploy/kustomize/daily/base/runtime-component-operator.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: rco-ns
+
+bases:
+- ../../overlays/watch-all-namespaces
+
+patchesStrategicMerge:
+- rco-ns.yaml

deploy/kustomize/daily/examples/watch-all-namespaces/kustomization.yaml

@@ -0,0 +1,19 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rco-leader-election-cluster-rolebinding
+subjects:
+- kind: ServiceAccount
+  name: rco-controller-manager
+  namespace: rco-ns
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rco-manager-cluster-rolebinding
+subjects:
+- kind: ServiceAccount
+  name: rco-controller-manager
+  namespace: rco-ns
+---

deploy/kustomize/daily/examples/watch-all-namespaces/rco-ns.yaml

@@ -0,0 +1,12 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+
+bases:
+- ../../overlays/watch-another-namespace
+
+patchesStrategicMerge:
+- rco-deployment.yaml
+- rco-roles.yaml
+- rco-sa.yaml
+- watched-roles.yaml

deploy/kustomize/daily/examples/watch-another-namespace/kustomization.yaml

@@ -0,0 +1,13 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rco-controller-manager
+  namespace: rco-ns2
+spec:
+  template:
+    spec:
+      containers:
+        - name: manager
+          env:
+            - name: WATCH_NAMESPACE
+              value: rco-watched-ns2

deploy/kustomize/daily/examples/watch-another-namespace/rco-deployment.yaml

@@ -0,0 +1,31 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: rco-leader-election-role
+  namespace: rco-ns2
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: rco-manager-role
+  namespace: rco-ns2
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: rco-leader-election-rolebinding
+  namespace: rco-ns2
+subjects:
+- kind: ServiceAccount
+  name: rco-controller-manager
+  namespace: rco-ns2
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: rco-manager-rolebinding
+  namespace: rco-ns2
+subjects:
+- kind: ServiceAccount
+  name: rco-controller-manager
+  namespace: rco-ns2

deploy/kustomize/daily/examples/watch-another-namespace/rco-roles.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rco-controller-manager
+  namespace: rco-ns2