diff --git a/main.go b/main.go index aca13a78c..3f1f47549 100644 --- a/main.go +++ b/main.go @@ -270,6 +270,10 @@ func main() { Name: "ocm-webhook", HostNames: []string{fmt.Sprintf("ocm-webhook.%s.svc", operatorNamespace)}, }, + { + Name: "clusterlifecycle-state-metrics-certs", + HostNames: []string{fmt.Sprintf("clusterlifecycle-state-metrics-v2.%s.svc", operatorNamespace)}, + }, }).Start(ctx) if err = (&mcewebhook.Reconciler{ diff --git a/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-curator-clusterrole.yaml b/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-curator-clusterrole.yaml index 159edaf60..a37c76acb 100644 --- a/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-curator-clusterrole.yaml +++ b/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-curator-clusterrole.yaml @@ -1,5 +1,6 @@ # Copyright Contributors to the Open Cluster Management project --- +{{- if .Values.global.deployOnOCP }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -112,3 +113,4 @@ rules: - delete - update - list +{{- end }} diff --git a/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-curator-controller-deployment.yaml b/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-curator-controller-deployment.yaml index 3935ae204..d8c07df16 100644 --- a/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-curator-controller-deployment.yaml +++ b/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-curator-controller-deployment.yaml @@ -1,6 +1,6 @@ # Copyright Contributors to the Open Cluster Management project. - +{{- if .Values.global.deployOnOCP }} apiVersion: apps/v1 kind: Deployment metadata: @@ -111,4 +111,5 @@ spec: {{ if .Effect }} effect: {{ .Effect }} {{- end }} {{ if .TolerationSeconds }} tolerationSeconds: {{ .TolerationSeconds }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} +{{- end }} diff --git a/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-curator-rolebinding.yaml b/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-curator-rolebinding.yaml index 93e4ed398..a311f2fdf 100644 --- a/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-curator-rolebinding.yaml +++ b/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-curator-rolebinding.yaml @@ -1,6 +1,7 @@ # Copyright Contributors to the Open Cluster Management project --- +{{- if .Values.global.deployOnOCP }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -12,4 +13,5 @@ subjects: roleRef: kind: ClusterRole name: {{ .Values.org }}.cluster-lifecycle.cluster-curator - apiGroup: rbac.authorization.k8s.io \ No newline at end of file + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-curator-service_account.yaml b/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-curator-service_account.yaml index 0096f6100..0265753a9 100644 --- a/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-curator-service_account.yaml +++ b/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-curator-service_account.yaml @@ -1,6 +1,8 @@ # Copyright Contributors to the Open Cluster Management project --- +{{- if .Values.global.deployOnOCP }} apiVersion: v1 kind: ServiceAccount metadata: - name: cluster-curator \ No newline at end of file + name: cluster-curator +{{- end }} diff --git a/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-image-set-clusterrole.yaml b/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-image-set-clusterrole.yaml index 15680865a..61bcd4e6f 100644 --- a/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-image-set-clusterrole.yaml +++ b/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-image-set-clusterrole.yaml @@ -1,5 +1,6 @@ # Copyright Contributors to the Open Cluster Management project --- +{{- if .Values.global.deployOnOCP }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -59,3 +60,4 @@ rules: - get - create - update +{{- end }} diff --git a/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-image-set-deployment.yaml b/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-image-set-deployment.yaml index 1fb2dc4aa..feb600963 100644 --- a/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-image-set-deployment.yaml +++ b/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-image-set-deployment.yaml @@ -1,6 +1,6 @@ # Copyright Contributors to the Open Cluster Management project. - +{{- if .Values.global.deployOnOCP }} apiVersion: apps/v1 kind: Deployment metadata: @@ -123,3 +123,4 @@ spec: {{ if .TolerationSeconds }} tolerationSeconds: {{ .TolerationSeconds }} {{- end }} {{- end }} {{- end }} +{{- end }} diff --git a/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-image-set-rolebinding.yaml b/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-image-set-rolebinding.yaml index 771088dcb..a29fbc17d 100644 --- a/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-image-set-rolebinding.yaml +++ b/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-image-set-rolebinding.yaml @@ -1,6 +1,7 @@ # Copyright Contributors to the Open Cluster Management project --- +{{- if .Values.global.deployOnOCP }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -13,3 +14,4 @@ roleRef: kind: ClusterRole name: {{ .Values.org }}.cluster-lifecycle.cluster-image-set apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-image-set-service_account.yaml b/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-image-set-service_account.yaml index 9dae7cdac..e57cddd77 100644 --- a/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-image-set-service_account.yaml +++ b/pkg/templates/charts/toggle/cluster-lifecycle/templates/cluster-image-set-service_account.yaml @@ -1,6 +1,8 @@ # Copyright Contributors to the Open Cluster Management project --- +{{- if .Values.global.deployOnOCP }} apiVersion: v1 kind: ServiceAccount metadata: name: cluster-image-set +{{- end }} diff --git a/pkg/templates/charts/toggle/cluster-lifecycle/templates/clusterclaims-clusterrole.yaml b/pkg/templates/charts/toggle/cluster-lifecycle/templates/clusterclaims-clusterrole.yaml index 28d5c53b3..975b3aec4 100644 --- a/pkg/templates/charts/toggle/cluster-lifecycle/templates/clusterclaims-clusterrole.yaml +++ b/pkg/templates/charts/toggle/cluster-lifecycle/templates/clusterclaims-clusterrole.yaml @@ -1,5 +1,6 @@ # Copyright Contributors to the Open Cluster Management project --- +{{- if .Values.global.deployOnOCP }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -89,4 +90,5 @@ rules: resources: - events verbs: - - create \ No newline at end of file + - create +{{- end }} diff --git a/pkg/templates/charts/toggle/cluster-lifecycle/templates/clusterclaims-controller-deployment.yaml b/pkg/templates/charts/toggle/cluster-lifecycle/templates/clusterclaims-controller-deployment.yaml index 11fbdfb1e..9664e2440 100644 --- a/pkg/templates/charts/toggle/cluster-lifecycle/templates/clusterclaims-controller-deployment.yaml +++ b/pkg/templates/charts/toggle/cluster-lifecycle/templates/clusterclaims-controller-deployment.yaml @@ -1,5 +1,5 @@ # Copyright Contributors to the Open Cluster Management project. - +{{- if .Values.global.deployOnOCP }} apiVersion: apps/v1 kind: Deployment metadata: @@ -137,4 +137,5 @@ spec: {{ if .Effect }} effect: {{ .Effect }} {{- end }} {{ if .TolerationSeconds }} tolerationSeconds: {{ .TolerationSeconds }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} +{{- end }} diff --git a/pkg/templates/charts/toggle/cluster-lifecycle/templates/clusterclaims-rolebinding.yaml b/pkg/templates/charts/toggle/cluster-lifecycle/templates/clusterclaims-rolebinding.yaml index 508498c87..8d576659d 100644 --- a/pkg/templates/charts/toggle/cluster-lifecycle/templates/clusterclaims-rolebinding.yaml +++ b/pkg/templates/charts/toggle/cluster-lifecycle/templates/clusterclaims-rolebinding.yaml @@ -1,6 +1,7 @@ # Copyright Contributors to the Open Cluster Management project --- +{{- if .Values.global.deployOnOCP }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -12,4 +13,5 @@ subjects: roleRef: kind: ClusterRole name: {{ .Values.org }}.cluster-lifecycle.clusterclaims - apiGroup: rbac.authorization.k8s.io \ No newline at end of file + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/pkg/templates/charts/toggle/cluster-lifecycle/templates/clusterclaims-service_account.yaml b/pkg/templates/charts/toggle/cluster-lifecycle/templates/clusterclaims-service_account.yaml index 3447accb3..99ae8d056 100644 --- a/pkg/templates/charts/toggle/cluster-lifecycle/templates/clusterclaims-service_account.yaml +++ b/pkg/templates/charts/toggle/cluster-lifecycle/templates/clusterclaims-service_account.yaml @@ -1,7 +1,9 @@ # Copyright Contributors to the Open Cluster Management project --- +{{- if .Values.global.deployOnOCP }} apiVersion: v1 kind: ServiceAccount metadata: - name: clusterclaims \ No newline at end of file + name: clusterclaims +{{- end }} diff --git a/pkg/templates/charts/toggle/cluster-lifecycle/templates/clusterrole-clustermanageradmin.yaml b/pkg/templates/charts/toggle/cluster-lifecycle/templates/clusterrole-clustermanageradmin.yaml index 2689d1102..ad70cdec1 100644 --- a/pkg/templates/charts/toggle/cluster-lifecycle/templates/clusterrole-clustermanageradmin.yaml +++ b/pkg/templates/charts/toggle/cluster-lifecycle/templates/clusterrole-clustermanageradmin.yaml @@ -1,5 +1,5 @@ # Copyright Contributors to the Open Cluster Management project - +{{- if .Values.global.deployOnOCP }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -11,3 +11,4 @@ aggregationRule: - matchLabels: rbac.authorization.k8s.io/aggregate-to-ocm-cluster-manager-admin: 'true' rules: [] +{{- end }} diff --git a/pkg/templates/charts/toggle/cluster-lifecycle/templates/metrics-clusterrole.yaml b/pkg/templates/charts/toggle/cluster-lifecycle/templates/metrics-clusterrole.yaml index 6d1a9ac73..78e7ebb6a 100644 --- a/pkg/templates/charts/toggle/cluster-lifecycle/templates/metrics-clusterrole.yaml +++ b/pkg/templates/charts/toggle/cluster-lifecycle/templates/metrics-clusterrole.yaml @@ -15,6 +15,12 @@ rules: - update - get - delete +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get # Allow hub to monitor and update status of csr - apiGroups: ["hive.openshift.io"] resources: ["clusterdeployments"] diff --git a/pkg/templates/charts/toggle/cluster-lifecycle/templates/metrics-clusterrolebinding-prom.yaml b/pkg/templates/charts/toggle/cluster-lifecycle/templates/metrics-clusterrolebinding-prom.yaml index 6326d77bd..9578731eb 100644 --- a/pkg/templates/charts/toggle/cluster-lifecycle/templates/metrics-clusterrolebinding-prom.yaml +++ b/pkg/templates/charts/toggle/cluster-lifecycle/templates/metrics-clusterrolebinding-prom.yaml @@ -1,5 +1,5 @@ # Copyright Contributors to the Open Cluster Management project - +{{- if .Values.global.deployOnOCP }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -11,4 +11,5 @@ roleRef: subjects: - kind: ServiceAccount name: prometheus-k8s - namespace: openshift-monitoring \ No newline at end of file + namespace: openshift-monitoring +{{- end }} diff --git a/pkg/templates/charts/toggle/cluster-lifecycle/templates/metrics-deployment.yaml b/pkg/templates/charts/toggle/cluster-lifecycle/templates/metrics-deployment.yaml index a3c9831f4..9932b9569 100644 --- a/pkg/templates/charts/toggle/cluster-lifecycle/templates/metrics-deployment.yaml +++ b/pkg/templates/charts/toggle/cluster-lifecycle/templates/metrics-deployment.yaml @@ -101,10 +101,12 @@ spec: name: certs readOnly: true securityContext: + {{- if .Values.global.deployOnOCP }} {{- if semverCompare ">=4.11.0" .Values.hubconfig.ocpVersion }} seccompProfile: type: RuntimeDefault {{- end }} + {{- end }} volumes: - name: certs secret: diff --git a/pkg/templates/charts/toggle/cluster-lifecycle/templates/metrics-prometheusrule.yaml b/pkg/templates/charts/toggle/cluster-lifecycle/templates/metrics-prometheusrule.yaml index 3d539a050..af83b3f20 100644 --- a/pkg/templates/charts/toggle/cluster-lifecycle/templates/metrics-prometheusrule.yaml +++ b/pkg/templates/charts/toggle/cluster-lifecycle/templates/metrics-prometheusrule.yaml @@ -1,5 +1,5 @@ # Copyright Contributors to the Open Cluster Management project - +{{- if .Values.global.deployOnOCP }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: @@ -10,4 +10,5 @@ spec: - name: acm_managed_cluster_worker_cores.rules rules: - expr: max by (hub_cluster_id, managed_cluster_id) (acm_managed_cluster_worker_cores) - record: 'acm_managed_cluster_worker_cores:max' \ No newline at end of file + record: 'acm_managed_cluster_worker_cores:max' +{{- end }} diff --git a/pkg/templates/charts/toggle/cluster-lifecycle/templates/metrics-servicemonitor.yaml b/pkg/templates/charts/toggle/cluster-lifecycle/templates/metrics-servicemonitor.yaml index b7f3dafbd..5bf55e6fd 100644 --- a/pkg/templates/charts/toggle/cluster-lifecycle/templates/metrics-servicemonitor.yaml +++ b/pkg/templates/charts/toggle/cluster-lifecycle/templates/metrics-servicemonitor.yaml @@ -1,5 +1,5 @@ # Copyright Contributors to the Open Cluster Management project - +{{- if .Values.global.deployOnOCP }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: @@ -20,4 +20,5 @@ spec: clc-app: clusterlifecycle-state-metrics-v2 namespaceSelector: matchNames: - - {{ .Values.global.namespace }} \ No newline at end of file + - {{ .Values.global.namespace }} +{{- end }} diff --git a/pkg/templates/charts/toggle/cluster-lifecycle/templates/provider-credential-clusterrole.yaml b/pkg/templates/charts/toggle/cluster-lifecycle/templates/provider-credential-clusterrole.yaml index 09ed34252..cdde9b2b2 100644 --- a/pkg/templates/charts/toggle/cluster-lifecycle/templates/provider-credential-clusterrole.yaml +++ b/pkg/templates/charts/toggle/cluster-lifecycle/templates/provider-credential-clusterrole.yaml @@ -1,5 +1,6 @@ # Copyright Contributors to the Open Cluster Management project --- +{{- if .Values.global.deployOnOCP }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -33,4 +34,5 @@ rules: - events verbs: - create - - patch \ No newline at end of file + - patch +{{- end }} diff --git a/pkg/templates/charts/toggle/cluster-lifecycle/templates/provider-credential-clusterrolebinding.yaml b/pkg/templates/charts/toggle/cluster-lifecycle/templates/provider-credential-clusterrolebinding.yaml index 072673626..deb39e947 100644 --- a/pkg/templates/charts/toggle/cluster-lifecycle/templates/provider-credential-clusterrolebinding.yaml +++ b/pkg/templates/charts/toggle/cluster-lifecycle/templates/provider-credential-clusterrolebinding.yaml @@ -1,5 +1,6 @@ # Copyright Contributors to the Open Cluster Management project --- +{{- if .Values.global.deployOnOCP }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -11,4 +12,5 @@ subjects: roleRef: kind: ClusterRole name: {{ .Values.org }}.cluster-lifecycle.provider-credential - apiGroup: rbac.authorization.k8s.io \ No newline at end of file + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/pkg/templates/charts/toggle/cluster-lifecycle/templates/provider-credential-controller-deployment.yaml b/pkg/templates/charts/toggle/cluster-lifecycle/templates/provider-credential-controller-deployment.yaml index 773575bb1..27cc4674a 100644 --- a/pkg/templates/charts/toggle/cluster-lifecycle/templates/provider-credential-controller-deployment.yaml +++ b/pkg/templates/charts/toggle/cluster-lifecycle/templates/provider-credential-controller-deployment.yaml @@ -1,4 +1,5 @@ # Copyright Contributors to the Open Cluster Management project +{{- if .Values.global.deployOnOCP }} apiVersion: apps/v1 kind: Deployment metadata: @@ -132,4 +133,4 @@ spec: {{ if .TolerationSeconds }} tolerationSeconds: {{ .TolerationSeconds }} {{- end }} {{- end }} {{- end }} - \ No newline at end of file +{{- end }} diff --git a/pkg/templates/charts/toggle/cluster-lifecycle/templates/provider-credential-service_account.yaml b/pkg/templates/charts/toggle/cluster-lifecycle/templates/provider-credential-service_account.yaml index 7e14ef8b6..f32cb1198 100644 --- a/pkg/templates/charts/toggle/cluster-lifecycle/templates/provider-credential-service_account.yaml +++ b/pkg/templates/charts/toggle/cluster-lifecycle/templates/provider-credential-service_account.yaml @@ -1,6 +1,8 @@ # Copyright Contributors to the Open Cluster Management project --- +{{- if .Values.global.deployOnOCP }} apiVersion: v1 kind: ServiceAccount metadata: - name: provider-credential \ No newline at end of file + name: provider-credential +{{- end }} diff --git a/pkg/templates/charts/toggle/cluster-lifecycle/values.yaml b/pkg/templates/charts/toggle/cluster-lifecycle/values.yaml index a3534e174..e2dd39fe6 100644 --- a/pkg/templates/charts/toggle/cluster-lifecycle/values.yaml +++ b/pkg/templates/charts/toggle/cluster-lifecycle/values.yaml @@ -9,6 +9,7 @@ global: pullSecret: "" namespace: default hubSize: Small + deployOnOCP: "" hubconfig: nodeSelector: {} proxyConfigs: {} diff --git a/pkg/templates/rbac_gen.go b/pkg/templates/rbac_gen.go index d56cbd26f..18d155212 100644 --- a/pkg/templates/rbac_gen.go +++ b/pkg/templates/rbac_gen.go @@ -35,6 +35,7 @@ package main //+kubebuilder:rbac:groups="",resources=events,verbs=create;patch //+kubebuilder:rbac:groups="",resources=namespaces,verbs=create;get;list;watch //+kubebuilder:rbac:groups="",resources=namespaces,verbs=delete +//+kubebuilder:rbac:groups="",resources=namespaces,verbs=get //+kubebuilder:rbac:groups="",resources=namespaces;secrets,verbs=create;get;list;update;watch //+kubebuilder:rbac:groups="",resources=namespaces;secrets;pods;pods/portforward,verbs=* //+kubebuilder:rbac:groups="",resources=nodes,verbs=get;list;watch diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go index bed9ef8b2..afb3f171f 100644 --- a/pkg/utils/utils.go +++ b/pkg/utils/utils.go @@ -69,6 +69,7 @@ var nonOCPComponents = []string{ backplanev1.HyperShift, backplanev1.HypershiftLocalHosting, backplanev1.LocalCluster, + backplanev1.ClusterLifecycle, } var GlobalDeployOnOCP = true