Skip to content

Commit

Permalink
Address review feedback #2
Browse files Browse the repository at this point in the history 
Signed-off-by: rashmigottipati <chowdary.grashmi@gmail.com>
  • Loading branch information
@rashmigottipati
rashmigottipati committed Apr 13, 2021
1 parent 50ba1dd commit 1b46178
Showing 1 changed file with 43 additions and 13 deletions.
56 changes: 43 additions & 13 deletions website/content/en/docs/upgrading-sdk-version/v1.6.0.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ To add this option your project you will need to:
- manager_config_patch.yaml
```
- Update the `config/manager/kustomization.yaml` by adding:
```yaml
```yaml
generatorOptions:
disableNameSuffixHash: true
Expand All @@ -29,14 +29,15 @@ To add this option your project you will need to:
- name: controller
newName: quay.io/example/memcached-operator
newTag: v0.0.1
```
```

_See [#4701](https://github.com/operator-framework/operator-sdk/pull/4701) for more details._

## (ansible/v1, helm/v1) Add Role rules for leader election.

Add the rule for the `apiGroups` `coordination.k8s.io` and the resource `leases` in config/rbac/leader_election_role.yaml:
```yaml rules:
```yaml
rules:
- apiGroups:
- ""
- coordination.k8s.io
Expand Down Expand Up @@ -100,7 +101,8 @@ _See [#4660](https://github.com/operator-framework/operator-sdk/pull/4660) for m
## (ansible/v1, helm/v1) Add `securityContext`'s to your manager's Deployment.

In `config/manager/manager.yaml`, add the following security contexts:
```yaml spec:
```yaml
spec:
...
template:
...
Expand All @@ -119,7 +121,7 @@ _See [#4655](https://github.com/operator-framework/operator-sdk/pull/4655) for m

OLM does [not yet support cert-manager](https://olm.operatorframework.io/docs/advanced-tasks/adding-admission-and-conversion-webhooks/#certificate-authority-requirements), so a JSON patch was added to remove this volume and mount such that OLM can itself create and manage certs for your Operator.
In `config/manifests/kustomization.yaml`, add the following:
```yaml
```yaml
patchesJson6902:
- target:
group: apps
Expand Down Expand Up @@ -202,17 +204,36 @@ _See [#4406](https://github.com/operator-framework/operator-sdk/pull/4406) for m
## (go/v2, go/v3, ansible/v1, helm/v1) Changed `BUNDLE_IMG` and added `IMAGE_TAG_BASE` Makefile variables

The following Makefile changes were made to allow `make bundle-build bundle-push catalog-build catalog-push` and encode image repo/namespace information in the Makefile by default:
```diff +IMAGE_TAG_BASE ?= <registry>/<operator name> + -BUNDLE_IMG ?= controller-bundle:$(VERSION) +BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION) ```
```diff
+IMAGE_TAG_BASE ?= <registry>/<operator name>
+
-BUNDLE_IMG ?= controller-bundle:$(VERSION) +BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION)
```

For example, if `IMAGE_TAG_BASE ?= foo/bar-operator` then running `make bundle-build bundle-push catalog-build catalog-push` would build `foo/bar-operator-bundle:v0.0.1` and `foo/bar-operator-catalog:v0.0.1` then push them to the `docker.io/foo` namespaced registry.

_See [#4406](https://github.com/operator-framework/operator-sdk/pull/4406) for more details._

## (ansible/v1, helm/v1) Add a `system:controller-manager` ServiceAccount to your project.
## (ansible/v1, helm/v1) Add the `controller-manager` ServiceAccount to your project.

A non-default ServiceAccount `controller-manager` is scaffolded on `operator-sdk init`, to improve security for operators installed in shared namespaces. To add this ServiceAccount to your project, do the following: ```sh # Create the ServiceAccount. cat <<EOF > config/rbac/service_account.yaml apiVersion: v1 kind: ServiceAccount metadata:
A non-default ServiceAccount `controller-manager` is scaffolded on `operator-sdk init`, to improve security for operators installed in shared namespaces. To add this ServiceAccount to your project, do the following: ```sh
# Create the ServiceAccount.
cat <<EOF > config/rbac/service_account.yaml apiVersion: v1
kind: ServiceAccount
metadata:
name: controller-manager
namespace: system
EOF # Add it to the list of RBAC resources. echo "- service_account.yaml" >> config/rbac/kustomization.yaml # Update all RoleBinding and ClusterRoleBinding subjects that reference the operator's ServiceAccount. find config/rbac -name *_binding.yaml -exec sed -i -E 's/ name: default/ name: controller-manager/g' {} \; # Add the ServiceAccount name to the manager Deployment's spec.template.spec.serviceAccountName. sed -i -E 's/([ ]+)(terminationGracePeriodSeconds:)/\1serviceAccountName: controller-manager\n\1\2/g' config/manager/manager.yaml ``` The changes should look like: ```diff # config/manager/manager.yaml
EOF
# Add it to the list of RBAC resources.
echo "- service_account.yaml" >> config/rbac/kustomization.yaml
# Update all RoleBinding and ClusterRoleBinding subjects that reference the operator's ServiceAccount.
find config/rbac -name *_binding.yaml -exec sed -i -E 's/ name: default/ name: controller-manager/g' {} \; # Add the ServiceAccount name to the manager Deployment's spec.template.spec.serviceAccountName. sed -i -E 's/([ ]+)(terminationGracePeriodSeconds:)/\1serviceAccountName: controller-manager\n\1\2/g' config/manager/manager.yaml
```

The changes should look like:

```diff
# config/manager/manager.yaml
requests:
cpu: 100m
memory: 20Mi
Expand All @@ -222,7 +243,8 @@ EOF # Add it to the list of RBAC resources. echo "- service_account.yaml" >> con
name: proxy-role
subjects:
- kind: ServiceAccount
- name: default + name: controller-manager
- name: default
+ name: controller-manager
namespace: system
# config/rbac/kustomization.yaml
resources:
Expand All @@ -234,14 +256,22 @@ EOF # Add it to the list of RBAC resources. echo "- service_account.yaml" >> con
name: leader-election-role
subjects:
- kind: ServiceAccount
- name: default + name: controller-manager
- name: default
+ name: controller-manager
namespace: system
# config/rbac/role_binding.yaml
name: manager-role
subjects:
- kind: ServiceAccount
- name: default + name: controller-manager
- name: default
+ name: controller-manager
namespace: system
# config/rbac/service_account.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller-manager + namespace: system ```
# config/rbac/service_account.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: controller-manager
+ namespace: system
```

_See [#4653](https://github.com/operator-framework/operator-sdk/pull/4653) for more details._

0 comments on commit 1b46178

Please sign in to comment.