From 7349e7ec1df3973f56c417dfec98e907215f54bc Mon Sep 17 00:00:00 2001 From: Jiri Sztuka Date: Thu, 20 Aug 2020 11:08:19 +0200 Subject: [PATCH] init --- ...dhatcop.redhat.io_resourcelockers_crd.yaml | 325 +++++++++++++++++ ...operator.v0.1.0.clusterserviceversion.yaml | 274 ++++++++++++++ ...dhatcop.redhat.io_resourcelockers_crd.yaml | 325 +++++++++++++++++ ...operator.v0.1.1.clusterserviceversion.yaml | 183 ++++++++++ ...dhatcop.redhat.io_resourcelockers_crd.yaml | 325 +++++++++++++++++ ...operator.v0.1.2.clusterserviceversion.yaml | 264 ++++++++++++++ ...dhatcop.redhat.io_resourcelockers_crd.yaml | 340 ++++++++++++++++++ ...operator.v0.1.3.clusterserviceversion.yaml | 183 ++++++++++ ...dhatcop.redhat.io_resourcelockers_crd.yaml | 340 ++++++++++++++++++ ...operator.v0.1.4.clusterserviceversion.yaml | 308 ++++++++++++++++ .../resource-locker-operator.package.yaml | 5 + 11 files changed, 2872 insertions(+) create mode 100644 community-operators/resource-locker-operator/0.1.0/redhatcop.redhat.io_resourcelockers_crd.yaml create mode 100644 community-operators/resource-locker-operator/0.1.0/resource-locker-operator.v0.1.0.clusterserviceversion.yaml create mode 100644 community-operators/resource-locker-operator/0.1.1/redhatcop.redhat.io_resourcelockers_crd.yaml create mode 100644 community-operators/resource-locker-operator/0.1.1/resource-locker-operator.v0.1.1.clusterserviceversion.yaml create mode 100644 community-operators/resource-locker-operator/0.1.2/redhatcop.redhat.io_resourcelockers_crd.yaml create mode 100644 community-operators/resource-locker-operator/0.1.2/resource-locker-operator.v0.1.2.clusterserviceversion.yaml create mode 100644 community-operators/resource-locker-operator/0.1.3/redhatcop.redhat.io_resourcelockers_crd.yaml create mode 100644 community-operators/resource-locker-operator/0.1.3/resource-locker-operator.v0.1.3.clusterserviceversion.yaml create mode 100644 community-operators/resource-locker-operator/0.1.4/redhatcop.redhat.io_resourcelockers_crd.yaml create mode 100644 community-operators/resource-locker-operator/0.1.4/resource-locker-operator.v0.1.4.clusterserviceversion.yaml create mode 100644 community-operators/resource-locker-operator/resource-locker-operator.package.yaml diff --git a/community-operators/resource-locker-operator/0.1.0/redhatcop.redhat.io_resourcelockers_crd.yaml b/community-operators/resource-locker-operator/0.1.0/redhatcop.redhat.io_resourcelockers_crd.yaml new file mode 100644 index 0000000000..47ff495c70 --- /dev/null +++ b/community-operators/resource-locker-operator/0.1.0/redhatcop.redhat.io_resourcelockers_crd.yaml @@ -0,0 +1,325 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: resourcelockers.redhatcop.redhat.io +spec: + group: redhatcop.redhat.io + names: + kind: ResourceLocker + listKind: ResourceLockerList + plural: resourcelockers + singular: resourcelocker + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: ResourceLocker is the Schema for the resourcelockers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ResourceLockerSpec defines the desired state of ResourceLocker + properties: + patches: + description: Patches is a list of pacthes that should be encforced at + runtime. + items: + description: Patch describe a pacth to be enforced at runtim + properties: + patchTemplate: + description: PatchTemplate is a go template that will be resolved + using the SourceObjectRefs as parameters. The result must be + a valid patch based on the pacth type and the target object. + type: string + patchType: + description: PatchType is the type of patch to be applied, one + of "application/json-patch+json"'"application/merge-patch+json","application/strategic-merge-patch+json","application/apply-patch+yaml" + enum: + - application/json-patch+json + - application/merge-patch+json + - application/strategic-merge-patch+json + - application/apply-patch+yaml + type: string + sourceObjectRefs: + description: SourceObject refs is an arrays of refereces to source + objects that will be used as input for the template processing + items: + description: ObjectReference contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this pod). + This syntax is chosen only to have some well-defined way + of referencing a part of an object. TODO: this design + is not final and this field is subject to change in the + future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + targetObjectRef: + description: TargetObjectRef is a reference to the object to which + the pacth should be applied. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + required: + - patchTemplate + - targetObjectRef + type: object + type: array + resources: + description: Resources is a list of resource manifests that should be + locked into the specified configuration + items: + properties: + excludedPaths: + items: + type: string + type: array + object: + type: object + required: + - object + type: object + type: array + serviceAccountRef: + description: ServiceAccountRef is the service account to be used to + run the controllers associated with this configuration + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: object + status: + description: ResourceLockerStatus defines the observed state of ResourceLocker + properties: + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about the transition. + type: string + patchStatuses: + items: + properties: + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + objectReference: + description: the name of the locked configuration + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + status: + description: Status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of deployment condition. + enum: + - Enforcing + - Failure + type: string + required: + - objectReference + - status + type: object + type: array + resourceStatuses: + items: + properties: + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + objectReference: + description: the name of the locked configuration + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + status: + description: Status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of deployment condition. + enum: + - Enforcing + - Failure + type: string + required: + - objectReference + - status + type: object + type: array + status: + description: Status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of deployment condition. + enum: + - Success + - Failure + type: string + required: + - status + - type + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/community-operators/resource-locker-operator/0.1.0/resource-locker-operator.v0.1.0.clusterserviceversion.yaml b/community-operators/resource-locker-operator/0.1.0/resource-locker-operator.v0.1.0.clusterserviceversion.yaml new file mode 100644 index 0000000000..5198335c91 --- /dev/null +++ b/community-operators/resource-locker-operator/0.1.0/resource-locker-operator.v0.1.0.clusterserviceversion.yaml @@ -0,0 +1,274 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "redhatcop.redhat.io/v1alpha1", + "kind": "ResourceLocker", + "metadata": { + "name": "test-simple-resource" + }, + "spec": { + "resources": [ + { + "object": { + "apiVersion": "v1", + "kind": "ResourceQuota", + "metadata": { + "name": "small-size", + "namespace": "resource-locker-test" + }, + "spec": { + "hard": { + "requests.cpu": "4", + "requests.memory": "2Gi" + } + } + } + } + ], + "serviceAccountRef": { + "name": "default" + } + } + }, + { + "apiVersion": "redhatcop.redhat.io/v1alpha1", + "kind": "ResourceLocker", + "metadata": { + "name": "test-simple-patch" + }, + "spec": { + "serviceAccountRef": { + "name": "default" + }, + "patches": [ + { + "targetObjectRef": { + "apiVersion": "v1", + "kind": "ServiceAccount", + "name": "test", + "namespace": "resource-locker-test" + }, + "patchTemplate": "metadata:\n annotations:\n hello: bye\n", + "patchType": "application/strategic-merge-patch+json" + } + ] + } + }, + { + "apiVersion": "redhatcop.redhat.io/v1alpha1", + "kind": "ResourceLocker", + "metadata": { + "name": "test-complex-patch" + }, + "spec": { + "serviceAccountRef": { + "name": "default" + }, + "patches": [ + { + "targetObjectRef": { + "apiVersion": "v1", + "kind": "ServiceAccount", + "name": "test", + "namespace": "resource-locker-test" + }, + "patchTemplate": "metadata:\n annotations:\n {{ (index . 0).metadata.name }}: {{ (index . 1).metadata.name }}\n", + "patchType": "application/strategic-merge-patch+json", + "sourceObjectRefs": [ + { + "apiVersion": "v1", + "kind": "Namespace", + "name": "resource-locker-test" + }, + { + "apiVersion": "v1", + "kind": "ServiceAccount", + "name": "default", + "namespace": "resource-locker-test" + } + ] + } + ] + } + } + ] + capabilities: Deep Insights + categories: Security + certified: "false" + containerImage: quay.io/redhat-cop/resource-locker-operator:latest + createdAt: 11/14/2019 + description: This operator provides a facility lock resources and / or patches into the state described by its custom resource preventing any drifts. + repository: https://github.com/redhat-cop/resource-locker-operator + support: Best Effort + name: resource-locker-operator.v0.1.0 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - kind: ResourceLocker + name: resourcelockers.redhatcop.redhat.io + version: v1alpha1 + displayName: Resource Locker + description: represent the desire to lock a set of resources and / or patches into the state described by this custom resource preventing any drifts. + description: | + The resource locker operator allows you to specify a set of configurations that the operator will "keep in place" (lock) preventing any drifts. + Two types of configurations may be specified: + + * Resources. This will instruct the operator to create and enforce the specified resource. In this case the operator "owns" the created resources. + * Patches to resources. This will instruct the operator to patch- and enforce the change on- a pre-existing resource. In this case the operator does not "own" the resource. + + Locked resources are defined with the `ResourceLocker` CRD. Here is the high-level structure of this CRD: + + ```yaml + apiVersion: redhatcop.redhat.io/v1alpha1 + kind: ResourceLocker + metadata: + name: test-simple-resource + spec: + resources: + - object: + apiVersion: v1 + ... + patches: + - targetObjectRef: + ... + patchTemplate: | + metadata: + annotations: + hello: bye + ... + serviceAccountRef: + name: default + ``` + + It contains: + + * `resources`: representing an array of resources + * `patches`: representing an array of patches + * `serviceAccountRef`: a reference to a service account define din the same namespace as the ResourceLocker CR, that will be used to create the resources and apply the patches. If not specified the service account will be defaulted to: `default` + + For each ResourceLocker a manager is dynamically allocated. For each resource and patch a controller with the needed watches is created and associated with the previously created manager. + + displayName: Resource Locker Operator + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAMAAADDpiTIAAAAA3NCSVQICAjb4U/gAAAACXBIWXMAAH85AAB/OQGCGULUAAAAGXRFWHRTb2Z0d2FyZQB3d3cuaW5rc2NhcGUub3Jnm+48GgAAAtlQTFRF////AQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACsX3ZHQAAAPJ0Uk5TAAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNGR0hJSktMTU5PUFFSVFVWV1hZWltcXV5fYGFiY2VmZ2hpamtsbW5vcHFyc3V2d3h5ent9fn+AgYKDhIaIiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaaoqaqsra6vsLGys7S1tre4ubq7vL6/wMLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u/w8fLz9PX29/j5+vv8/f4+bBGbAAAiuUlEQVQYGe3BjWNV5YEm8OfmA3KDMDAINKQO2zYkr1aCxEIqXQQMbHQdAgi3KowobgSkbqoOBHGFqoyMIKsmfIywytbqAlXjkg7gkMXo8CEszSYETacmaIAbQmJuvMnzF+xQq0U8Ce977rnnfc+95/cDkkZGdv70uaXlz73y+p5399V8eLz+k5bzHdFox/mWT+qPf1iz7909r7/yXHnp3On52RnwJYrUMdMWPbVj7+GmDiroaDq8d8dTi6aNSYXPo0YWhlZU7D3VzZh0n9pbsSJUOBI+7xhUuHjDvrN01Nl9GxYXDoLPbCk5c558o76XcdJb/8aTc3JS4DNR1tz1NR10QUfN+rlZ8BkkJb90RyNd1bijND8FPv0G3baqKkwtwlWrbhsEnz6BgvL3otQq+l55QQA+DYbO29ZMIzRvmzcUPjcFJqw8EKVBogdWTgjA54qBs7Y200DNW2cNhC/O0u/Y3kZjtW2/Ix2+uEmbueUcDXduy8w0+OIgtejlVnpC68tFqfA5q3DTGXrImU2F8Dlm6LKj9Jyjy4bC54Qp2zvpSZ3bp8AXo2vLTtLDTpZdC59tgaKdEXpcZGdRAD47MpfWMyHUL82ET9WoNa1MGK1rRsGnQlR2MaF0VQr4ZE3d08uE07tnKnwSUufXMkHVzk+Fr3/pD55mAjv9YDp8fUu9r5EJrvG+VPispdxdxyRQd3cKfN8VmHuCSeLE3AB8V5h1hEnkyCz4LldcyyRTWwzf126sZhKqvhG+S4ZvijIpRTcNhy/t4XNMWuceTkOSm3GCSe3EDCSznN1MertzkKyGPBOhj5FnhiAp3dVM358034Xkk72Lvm/sykZyCZS20XeZttIAkkjefvqusD8PySK9vIu6XPz4g6pXn1/7xOOPLHlgwbyS4qKi4pJ5Cx5Y8sjjT6x9/tWqDz6+SF26ytORFCYdo9s6jv92Y9n8ovHZGbiqjOzxRfPLNv72eAfddmwSEl/m+h6659O9FStChSNhy8jC0IqKvZ/SPT3rM5HgJpykOy4e2rx8+nA4YPj05ZsPXaQ7Tk5AIgs8GmH8fb5r9eycFDgqJWf26l2fM/4ijwaQsEZXM97qtt6fh7jJu39rHeOtejQS1OxWxlOk5tmSEYi7ESXP1kQYT62zkYgyKxhHDRtvD8I1wds3NjCOKjKRcG6uY7x88c7ysXDd2OXvfMF4qbsZiSXwWDfjo35DcRCaBIs31DM+uh8LIIEMe5txUb82H5rlr61nXLw9DAnjpkbGQePTBTBCwdONjIPGm5AgFnbScU3rJsEgk9Y10XGdC5EIBmyi09orJwdgmMDkynY6bdMAeF72QTrs/cXXwEjXLH6fDjuYDY+b2kJHnX9hPAw2/oXzdFTLVHha2Zd00oGFQRguuPAAnfRlGbwruJMO6qq8AZ5wQ2UXHbQzCI8aUUPntK4ZBc8YtaaVzqkZAU/KPUXHNCzNhKdkLm2gY07lwoOmnKVTDs5JgeekzDlIp5ydAs8JddEhb02GR01+iw7pCsFjVvTSGdW3wMNuqaYzelfAS9Iq6IwD0+Bx0w7QGRVp8IzBVXTEoRlIADMO0RFVg+ERWUfohMN3IkHceZhOOJIFTxjTQAc0hQJIGIFQEx3QMAYekNvE2HWsDiKhBFd3MHZNuTDeuBbG7rXrkHCue42xaxkHw008y5jVTkZCmlzLmJ2dCKPdeoGxal4UQIIKLGpmrC7cCoPN7GSMousGI4ENXhdljDpnwlizI4zRkZ8gwf3kCGMUmQ1D3RtlbLpWpiHhpa3sYmyi98JI9/YwNvvzkBTy9jM2PffCQLOjjEnbQwEkicBDbYxJdDaMMzPCmOz+PpLI93czJpGZMMytnYxF52IkmcWdjEXnrTDKxAuMxclxSDrjTjIWFybCIOPOMhbbByEJDdrOWJwdB2PktjAGHfcjSd3fwRi05MIQY5oYgxM/RtL68QnGoGkMjJDVwBhsy0QSy9zGGDRkwQCDj9C+iwuR5BZepH1HBkO7tCra99H1SHrXf0T7qtKgWwXt2xyED8HNtK8Cmq2gbe33wPcn97TTthXQKtRLu47mwfdneUdpV28IGk3pol0vZcD3jYyXaFfXFGiTe5Y2dS+A71sWdNOms7nQZMQp2tQ+A74rzGinTadGQItgDW36bCJ83zHxM9pUE4QOO2nT6Vz4LOSepk07oUEZbTo2Gj5Lo4/RpjK4buqXtGf/UPj6MHQ/7flyKlyW3UJ73syAr08Zb9Kelmy4asBB2lOZCl8/Uitoz8EBcNMm2rMGvqtYQ3s2wUULaUvPMviualkPbVkI19zUSTsi8+CTMC9COzpvgkuGNdKOC0XwSSm6QDsah8EVgbdpx5kC+CQVnKEdbwfghsdoR2MOfNJyGmnHY3DBzd20oTELPgVZjbSh+2bEXWYdbTiTA5+SnDO0oS4T8VZBGy4UwKeo4AJtqECczaYNkSL4lBVFaMNsxNXoVqrrmQefDfN6qK51NOIoUE0blsFnyzLaUB1A/DxKG9bAZ9Ma2vAo4mZChOoq4LOtkuoiExAnmSep7s1U+GxLfZPqTmYiPtZT3f4M+GKQsZ/q1iMuJvVQ2bGh8MVk6DEq65mEOEg/RmWnR8MXo9GnqexYOpxXTmWf5cIXs9zPqKwcjsvroqr2ifA5YGI7VXXlwWGB/VTVPQM+R8zopqr9ATirlMoWwOeQBVRWCkdlt1HVS/A55iWqasuGk3ZR1dEM+ByTcZSqdsFBd1FVex58Dsprp6q74JghzVR1D3yOuoeqmofAKc9Q1Wb4HLaZqp6BQ3IiVPRRED6HBT+iokgOnLGbii5eD5/jrr9IRbvhiBlUtRC+OFhIVTPggLQTVLQNvrjYRkUn0hC7h6noRCZ8cZF5gooeRsyGn6Oajh/DFyc/7qCac8MRq01UdD98cXM/FW1CjG6MUs12+OJoO9VEb0Rsqqnm5CD44mjQSaqpRkyKqaZzHHxxNa6TaooRi1qqWQxfnC2mmlrEYBbV7IYv7nZTzSzYFjhCJW3fhy/uvt9GJUcCsGsu1TwEnwseopq5sCnlBJXsD8DngsB+KjmRAnvuppKuPPhckddFJXfDltQ6KlkJn0tWUkldKuy4j0qOpMHnkrQjVHIfbEhvpIroT+AhA26Ys+Ift/z6nfeOHn3vnV9v+ccVs69Ph4f8JEoVjelQ9yCVrINHDJz233b/vyi/48u6XatvHQCPWEclD0JZ6mmqaB4MD0j9j6t+9wX70VldPjkFHjC4mSpOp0LVfCpZBPON/4dmSvjjs+NgvkVUMh+qaqmiNgDDjfrlUUo7UjYKhgvUUkUtFE2lkskw2394sYtKul4cA7NNppKpULOHKl6D0XK3fUll3Vt+BKO9RhV7oET0UkHHdTDY37zWQ1ui27NhsOs6qKBXQEUlVayGudIfu0jb2n+ZBnOtpopKKBjVRQVNQRhr6gnG5KNbYaxgExV0jYK8NVQRgqmG/BNj9k9DYKoQVayBtMxWKjgcgKFubqAD6ifAUIHDVNCaCVlLqeJOGOrhCB3RtQSGupMqlkJSoJ4KDsFMQ9+gY/7nEJjpEBXUByCniCpmwEjXnaSDjo2GkWZQRRHk7KSCAzDSDX+go06PhZEOUMFOSLk2QgXTYKKfnqXDPrsZJppGBZFrIaOMCqphouIOOu5CEUxUTQVlkHGSCm6BgaZ3MQ46fwYD3UIFJyFhChW8BQNNaGNcnLsRBnqLCqbg6rZTwWSYJ+cM4+SPY2CeyVSwHVc1tJPyDsI83zvFuKkbAfMcpLzOobiaZVQwB8YZ8D4lRf9Yu+vFVate3FX7xyglvZcG48yhgmW4mqOU15AC42yghN7/8/cTs1LwjdSswvL3eynhGRgnpYHyjuIqCqlgKYwzh1cVeee/ZMFC9pL/3c2r6b0DxllKBYXo3ybKa82EaX4Q5lX8a2gw+vRX9xzlVbReB9NktlLeJvQr9QzlrYFp0mvZv4/vCaBfKff9gf37l1SYZg3lnUlFf4oor2sUTPM4+3XulwNxVRmPh9mvX8A0o7oorwj9eZnyKmGa6y6yH13PDIOU4esj7EdbFkxTSXkvox9prZR3A0zzG/bjk5sgbeK/sR+vwjQ3UF5rGvo2k/IOwDTF7Md7I6Egq4b9mA7THKC8mejbFspbCMMMbGDftgyAkoH/xL793zQYZiHlbUGf0s9R2vkgDFPKPkV/AWX/Nco+3QfDBM9T2rl09OUOynsBhkk7zb50zoANMzrZl7oUGOYFyrsDfdlOeeNhmL9jn34OW37OPs2HYcZT3nb0YWAbpb0Pw6T8nn35FWz6FftyNADDvE9pbQNhbRblLYZh5rEvuwKwKbCLfflbGGYx5c2Cta2U1n4NDHOAffhoMGwb/BH7sBeGuaad0rbCUqCZ0iphmB+yD60/QAx+0EprPdkwTCWlNQdgZQLlTYZhnmAfZiEms9iHx2CYyZQ3AVZWUlpTAIapp7X9iNF+WjsOwwSaKG0lrBygtHUwzC3sw08Ro5+yDxNgmHWUdgAWhkYpbRIMs4nWfoOY/YbW/gGGmURp0aH4rnmU1gjTNNDSl3mIWd6XtHQcpmmktHn4rm2U9jQM8ze09hIc8BKtjYJhnqa0bfiOQDOlFcAwi2jpiyw4IOsLWvo5DFNAac0BXKmA0uphmh209L/giF20VAnT1FNaAa5UTmlrYZo/0tLfwRGLaOkUTLOW0spxpfcoLR+G+SEtRYfDESN6aGk0DJNPae/hCoOilFUP09xBS7+DQ/bTUhFMU09Z0UH4ttsobQNMU0ZLD8MhZbS0BKbZQGm34dtWUVoxTPMyLV0Hh/yIlp6HaYopbRW+rYqyvgjCNPto5QM45jitVME0wS8oqwrfkhKmrHdgnGZa2QbHvEYrp2GcdygrnILL5VPacpgmg5Z+Bceso5WeFJhmOaXl43KllDYWphlFSw/DMWW09FcwzVhKK8XldlBWA4yTQ0tz4ZgQLX0fxmmgrB24XCNlbYRxJtDSz+CYW2npehhnI2U14jJZlHY7jHMrLf0QjsmhpUkwzu2UloW/mEtZkSCMcwctBeGYTFoqgnGCEcqai79YT1k1MM88WmmHg9pp5W9hnhrKWo+/qKGsZ2GeEK2E4aAwrZTAPM9SVg2+kdJBWSUwT4hWwnBQmFZKYJ4SyupIwddyKG0EzBOilTAcFKaVEphnBKXl4GtzKKsOBgrRShgOCtNKCQxUR1lz8LUnKWsrDBSilTAcFKaVEhhoK2U9ia+9QVn3w0AhWgnDQWFaKYGB7qesN/C1esrKg4FCtBKGg8K0UgID5VFWPf5sUC8lfQ4ThWglDAeFaaUEJvqcknoH4SuFlLULJgrRShgOCtNKCUy0i7IK8ZXFlLUaJgrRShgOCtNKCUy0mrIW4ysbKGs2TBSilTAcFKaVEphoNmVtwFf2UVYOTBSilTAcFKaVEpgoh7L24StnKeliCkwUopUwHBSmlRKYKOUiJZ3Fn4ykrEMwUohWwnBQmFZKYKRDlDUSlxRS1mYYKUQrYTgoTCslMNJmyirEJSHKWg4jhWglDAeFaaUERlpOWSFcsoKypsNIIVoJw0FhWimBkaZT1gpcUkFZw2GkEK2E4aAwrZTASMMpqwKX7KWkT2GmEK2E4aAwrZTATJ9S0l5ccoqS9sJMIVoJw0FhWimBmfZS0in8u9RuSqqAmUK0EoaDwrRSAjNVUFJ3KoAxlLUCZgrRShgOCtNKCcy0grLGAJhGWSGYKUQrYTgoTCslMFOIsqYBWERZhTBTiFbCcFCYVkpgpkLKWgTgKcoaCTOFaCUMB4VppQRmGklZTwHYQUkdMFSIVsJwUJhWSmCoDkraAWAvJR2HoUK0EoaDwrRSAkMdp6S9AA5T0m9hqBCthOGgMK2UwFC/paTDAJooaSMMFaKVMBwUppUSGGojJTUB6KCkMhgqRCthOChMKyUwVBkldQAZlDUfhgrRShgOCtNKCQw1n7IykE1ZRTBUiFbCcFCYVkpgqCLKykY+ZY2HKTKnPPI/Toa/0UFLYQfRUkf4Gyd3/OJnQZhiPGXlYzplZcMQ/7mZRvq3/wRDZFPWdMylrAwYYcgWGqtyMIyQQVlzUUpJF2GEkadpsNMjYYSLlFSKckr6GEZ4k0Z7E0b4mJLK8RwlfQAT3EPD3QMTfEBJz+EVSqqCAb53joY79z0YoIqSXsHrlPQqDFBK45XCAK9S0uvYQ0nPwwCVNF4lDPA8Je3Bu5S0FgY4TOMdhgHWUtK72EdJT0C/gd00XvdA6PcEJe1DDSU9Dv1y6QG50O9xSqrBh5T0CPQT9AAB/R6hpA9xnJKWQD9BDxDQbwklHUc9JT0A/QQ9QEC/ByipHp9Q0gLoJ+gBAvotoKRP0EJJ86CfoAcI6DePklpwnpJKoJ+gBwjoV0JJ59FBScXQT9ADBPQrpqQORCmpCPoJeoCAfkWUFEWUkoqgn6AHCOhXRElRdFBSMfQT9AAB/YopqQPnKakE+gl6gIB+JZR0Hi2UNA/6CXqAgH7zKKkFn1DSAugn6AEC+i2gpE9QT0kPQD9BDxDQ7wFKqsdxSloC/QQ9QEC/JZR0HB9S0iPQT9ADBPR7hJI+RA0lPQ79BD1AQL/HKakG+yjpCegn6AEC+j1BSfvwLiWthX6CHiCg31pKehd7KOl56CfoAQL6PU9Je/A6Jb0K/QQ9QEC/VynpdbxCSVXQT9ADBPSroqRX8BwlfQD9BD1AQL8PKOk5lFPSx9BP0AME9PuYkspRSkkXoZ+gBwjod5GSSjGXsjKgnaAHCGiXQVlzMZ2ysqGdoAcIaJdNWdORT1njoZ2gBwhoN56y8pFNWUXQTtADBLQroqxsZFDWfGgn6AEC2s2nrAygg5LKoJ2gBwhoV0ZJHQCaKGkjtBP0AAHtNlJSE4DDlPRbaCfoAQLa/ZaSDgPYS0nHoZ2gBwhod5yS9gLYQUkd0E7QAwS066CkHQCeoqyR0E3QAwR0G0lZTwFYRFmF0E3QAwR0K6SsRQCmUVYIugl6gIBuIcqaBmAMZa2AboIeIKDbCsoaAyC1m5IqoJugBwjoVkFJ3an4d6coaS90E/QAAd32UtIpXLKXkj6FboIeIKDbp5S0F5dUUNZwaCboAQKaDaesClyygrKmQzNBDxDQbDplrcAlIcpaDs0EPUBAs+WUFcIlhZS1GZoJeoCAZpspqxCXjKSsQ9BM0AMENDtEWSPxJ2cp6WIK9BL0AAG9Ui5S0ll8ZR9l5UAvQQ8Q0CuHsvbhKxsoazb0EvQAAb1mU9YGfGUxZa2GXoIeIKDXaspajK8UUtYu6CXoAQJ67aKsQnxlUC8lfQ69BD1AQK/PKal3EP6snrLyoJWgBwholUdZ9fjaG5R1P7QS9AABre6nrDfwtScpayu0EvQAAa22UtaT+NocyqqDVoIeIKBVHWXNwddyKG0EdBL0AAGdRlBaDr6W0kFZJdBJ0AMEdCqhrI4UfKOGsp6FToIeIKDTs5RVg79YT1k10EnQAwR0qqGs9fiLuZQVCUIjQQ8Q0CgYoay5+IssSrsdGgl6gIBGt1NaFi7TSFkboZGgBwhotJGyGnG5HZTVAI0EPUBAowbK2oHLlVLaWOgj6AEC+oyltFJcLp/SlkMfQQ8Q0Gc5peXjcilhynoH+gh6gIA+71BWOAXfUkVZXwShjaAHCGgT/IKyqvBtqyitGNoIeoCANsWUtgrfdhulbYA2gh4goM0GSrsN3zYoSln10EbQAwS0qaes6CBc4T1Ky4cugh4goEs+pb2HK5VT2lroIugBArqspbRyXKmA0uqhi6AHCOhST2kFuFKgmdIKoImgBwhoUkBpzQF8xzZKexqaCHqAgCZPU9o2fNc8SmuEJoIeIKBJI6XNw3cNjVLaJOgh6AECekyitOhQWDhAaeugh6AHCOixjtIOwMpKSmsKQAtBDxDQItBEaSthZQLlTYYWgh4goMVkypsAK4FmSquEFoIeIKBFJaU1B2BpK6W1XwMdBD1AQIdr2iltK6zNorzF0EHQAwR0WEx5s2BtYBulvQ8dBD1AQIf3Ka1tIPqwnfLGQwNBDxDQYDzlbUdf7qC8F6CBoAcIaPAC5d2BvqSfo7TzQbhP0AME3Bc8T2nn0tGnLZS3EO4T9AAB9y2kvC3o20zKOwD3CXqAgPsOUN5M9C2tlfJugOsEPUDAdTdQXmsa+vEy5VXCdYIeIOC6Ssp7Gf0poryuUXCboAcIuG1UF+UVoT+pZyhvDdwm6AECbltDeWdS0a9NlNeaCZcJeoCAyzJbKW8T+ldIBUvhMkEPEHDZUiooxFUcpbyGFLhL0AME3JXSQHlHcTXLqGAO3CXoAQLumkMFy3A1Qzsp7yDcJegBAu46SHmdQ3FV26lgMlwl6AECrppMBdtxdVOo4C24StADBFz1FhVMgYSTVHAL3CToAQJuuoUKTkJGGRVUw02CHiDgpmoqKIOMayNUMA0uEvQAARdNo4LItZCykwoOwEWCHiDgogNUsBNyiqhiBtwj6AEC7plBFUWQE6ingkNwj6AHCLjnEBXUByBpKVXcCdcIeoCAa+6kiqWQldlKBYcDcMtYesBYuCVwmApaMyFtDVWE4JYBERovMgBuCVHFGsgb1UUFTUG4pZbGq4Vbgk1U0DUKCiqpYjXc8iKN9yLcspoqKqFC9FJBx3VwyQM03gNwyXUdVNAroGQPVbwGlwz7lIb7dBhc8hpV7IGaqVQyGS65k4a7Ey6ZTCVToaiWKmoDcMl2Gm07XBKopYpaqJpPJYvgkmEnaLATw+CSRVQyH6pST1NF82C4ZOAzPTRUzzMD4ZLBzVRxOhXKHqSSdXDNLb+nkX5/C1yzjkoehLr0RqqI3gzXBMaG1v3z743yz+tCYwNwzU+iVNGYDhvuo5LDafC5JO0IldwHO1LrqOTv4XPJSiqpS4Utd1PJF2Phc0VeF5XcDXtSTlDJvgB8Lgjsp5ITKbBpLtUshs8FD1HNXNgVOEIl4Sz44u77bVRyJADbZlHNb+CLu91UMwsxqKWav4MvzhZTTS1iUUw1HdfDF1fjOqmmGDGppprjQfjiaNBJqqlGbG6MUs0W+OLoFaqJ3ogYbaKie+GLm/uoaBNiNfwc1bTnwRcnN3RQzbnhiNnDVHQ0A764CB6noocRu7QTVPQyfHGxmYpOpMEBM6gqBF8c3ENVM+CI3VR0YSx8jsttp6LdcEZOhIoOD4TPYRlHqCiSA4c8Q1X/HT6HvURVz8ApQ5qp6i74HDWfqpqHwDF3UVXbj+Bz0I/aqOouOGgXVX0wAD7HDPyQqnbBSdltVLUBPsdspKq2bDiqlMrmw+eQ+VRWCmcF9lNV13T4HDG9i6r2B+CwvC6qarsJPgfc1EZVXXlwXDmVtfwIvpj9qIXKyuG89GNU1jAKvhiNaqCyY+mIg0k9VPavQ+CLyZB/pbKeSYiL9VT3u4HwxWDg76huPeIj8yTVvZ4Cn20pr1PdyUzEyYQI1b0In20vUl1kAuLmUdrwJHw2PUkbHkX8BKppwxL4bFlCG6oDiKPRrVTXcxd8NtzVQ3WtoxFXs2lD5Db4lN0WoQ2zEWcVtOFCAXyKCi7QhgrEW2YdbTiTA5+SnDO0oS4TcXdzN204lQWfgqxTtKH7ZrjgMdrRmAOftJxG2vEY3BB4m3acKYBPUsEZ2vF2AK4Y1kg7LhTBJ6XoAu1oHAaX3NRJOyLz4JMwL0I7Om+CaxbSlp5l8F3Vsh7ashAu2kR71sB3FWtozya4acBB2lOZCl8/Uitoz8EBcFV2C+15MwO+PmW8SXtasuGyqV/Snv1D4evD0P2058upcF0ZbTo2Gj5Lo4/RpjJosJM2nc6Fz0Luadq0EzoEa2jTZxPh+46Jn9GmmiC0GHGKNrXPgO8KM9pp06kR0CT3LG3qXgDftyzopk1nc6HNlC7a9VIGfN/IeIl2dU2BRqFe2nUkF74/yz1Cu3pD0GoFbbvwc/j+5OcXaNsKaFZB+17OgA8ZL9O+CuiWVkX7juYh6eUdpX1VadBu8BHa1343ktzd7bTvyGAYIKuBMagMIokFKxmDhiwYYUwTY3AsD0kr7xhj0DQGhshtYQza70WSuredMWjJhTHGnWUsNgeRhIKbGYuz42CQiRcYi48Eko74iLG4MBFGubWTsbi4AElmwUXGovNWGGZmhDH59SgkkVG/ZkwiM2Gc2VHG5NwiJI1F5xiT6GwY6N4exmbvD5AUfrCXsem5F0a6N8rYdJSlIuGllnUwNtF7YajZEcbo/XwkuPz3GaPIbBhrZidj1L02Ewksc203Y9Q5Ewa79QJj9Ye7A0hQgbv/wFhduBVGm3iWMauZhIQ0qYYxOzsRhhvXwpj1bs9Gwsne3suYtYyD8XKbGLuLq4JIKMFVFxm7plx4wJgGOuCTUAAJIxD6hA5oGANPyDpCJxy+EwnizsN0wpEseMTgKjri0AwkgBmH6IiqwfCMtAo648A0eNy0A3RGRRq8ZEUvnVF9Czzslmo6o3cFPCbURYe8NRkeNfktOqQrBM+ZcpZOOTgnBZ6TMucgnXJ2Cjwo9xQd07A0E56SubSBjjmVC08aUUPntK4ZBc8YtaaVzqkZAY8K7qSDuipvgCfcUNlFB+0MwrvKvqSTDiwMwnDBhQfopC/L4GlTW+io8y+Mh8HGv3CejmqZCo/LPkiHvb/4GhjpmsXv02EHs+F5AzbRae2VkwMwTGByZTudtmkAEsHCTjquad0kGGTSuiY6rnMhEsRNjYyDxqcLYISCpxsZB403IWEMe5txUb82H5rlr61nXLw9DAkk8Fg346N+Q3EQmgSLN9QzProfCyCx3FzHePnineVj4bqxy9/5gvFSdzMSTmYF46hh4+1BuCZ4+8YGxlFFJhLR7FbGU6Tm2ZIRiLsRJc/WRBhPrbORoEZXM97qtt6fh7jJu39rHeOtejQSVuDRCOPv811PlPwwAEcFfljyxK7PGX+RRwNIZBNO0h0X/uXFh342BA4Y8rOHXvyXC3THyQlIcJnre+ia3sY9G8rmFPw1bPnrgjllG/Y09tI1PeszkfgmHaPbLhzbvaFsftH47AxcVUb2+KL5ZRt2H7tAtx2bhKSQXt5FXS5+/EHVq8+vfeLxR5Y8sGBeSXFRUXHJvAUPLHnk8SfWPv9q1QcfX6QuXeXpSBZ5++m7wv48JJFAaRt9l2krDSC5ZO+i7xu7spF87mqm70+a70JSGvJMhD5GnhmCZJWzm0lvdw6S2YwTTGonZiDJpT18jknr3MNp8A3fFGVSim4aDt8lN1YzCVXfCN/XimuZZGqL4bvcrCNMIkdmwXeFwNwTTBIn5gbg+66Uu+uYBOruToHPWup9jUxwjfelwte39AdPM4GdfjAdvv6lzq9lgqqdnwqfhKl7eplwevdMhU+WqOxiQumqFPCpGLWmlQmjdc0o+FRlLq1nQqhfmgmfHYGinRF6XGRnUQA+264tO0kPO1l2LXwxmrK9k57UuX0KfE4YuuwoPefosqHwOaZw0xl6yJlNhfA5K7Xo5VZ6QuvLRanwxUHazC3naLhzW2amwRc36Xdsb6Ox2rbfkQ5fnA2ctbWZBmreOmsgfK4ITFh5IEqDRA+snBCAz01D521rphGat80bCp8GgYLy96LUKvpeeUEAPn0G3baqKkwtwlWrbhsEn34p+aU7Gumqxh2l+SnwGSRr7vqaDrqgo2b93Cz4TJSSM+fJN+p7GSe99W88OScnBT6zDSpcvGHfWTrq7L4NiwsHwecdIwtDKyr2nupmTLpP7a1YESocCZ9HpY6ZtuipHXsPN3VQQUfT4b07nlo0bUwqfIkiIzt/+tzS8udeeX3Pu/tqPjxe/0nL+Y5otON8yyf1xz+s2ffuntdfea68dO70/OwMJI3/DwYnnV0gVKhrAAAAAElFTkSuQmCC + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - redhatcop.redhat.io + resources: + - resourcelockers + verbs: + - '*' + - apiGroups: + - "" + resources: + - serviceaccounts + - secrets + verbs: + - get + - list + serviceAccountName: resource-locker-operator + deployments: + - name: resource-locker-operator + spec: + replicas: 1 + selector: + matchLabels: + name: resource-locker-operator + strategy: {} + template: + metadata: + labels: + name: resource-locker-operator + spec: + containers: + - command: + - resource-locker-operator + env: + - name: WATCH_NAMESPACE + value: "" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: resource-locker-operator + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: quay.io/redhat-cop/resource-locker-operator:v0.1.0 + imagePullPolicy: Always + name: resource-locker-operator + resources: {} + serviceAccountName: resource-locker-operator + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + verbs: + - '*' + - apiGroups: + - "" + resources: + - services + verbs: + - '*' + - apiGroups: + - apps + resources: + - replicasets + - deployments + verbs: + - get + - list + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - apps + resourceNames: + - resource-locker-operator + resources: + - deployments/finalizers + verbs: + - update + serviceAccountName: resource-locker-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + maturity: alpha + links: + - name: repository + url: https://github.com/redhat-cop/resource-locker-operator + - name: conatinerImage + url: https://quay.io/redhat-cop/resource-locker-operator:latest + maintainers: + - email: rspazzol@redhat.com + name: Raffaele Spazzoli + provider: + name: Containers & PaaS CoP + version: 0.1.0 diff --git a/community-operators/resource-locker-operator/0.1.1/redhatcop.redhat.io_resourcelockers_crd.yaml b/community-operators/resource-locker-operator/0.1.1/redhatcop.redhat.io_resourcelockers_crd.yaml new file mode 100644 index 0000000000..47ff495c70 --- /dev/null +++ b/community-operators/resource-locker-operator/0.1.1/redhatcop.redhat.io_resourcelockers_crd.yaml @@ -0,0 +1,325 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: resourcelockers.redhatcop.redhat.io +spec: + group: redhatcop.redhat.io + names: + kind: ResourceLocker + listKind: ResourceLockerList + plural: resourcelockers + singular: resourcelocker + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: ResourceLocker is the Schema for the resourcelockers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ResourceLockerSpec defines the desired state of ResourceLocker + properties: + patches: + description: Patches is a list of pacthes that should be encforced at + runtime. + items: + description: Patch describe a pacth to be enforced at runtim + properties: + patchTemplate: + description: PatchTemplate is a go template that will be resolved + using the SourceObjectRefs as parameters. The result must be + a valid patch based on the pacth type and the target object. + type: string + patchType: + description: PatchType is the type of patch to be applied, one + of "application/json-patch+json"'"application/merge-patch+json","application/strategic-merge-patch+json","application/apply-patch+yaml" + enum: + - application/json-patch+json + - application/merge-patch+json + - application/strategic-merge-patch+json + - application/apply-patch+yaml + type: string + sourceObjectRefs: + description: SourceObject refs is an arrays of refereces to source + objects that will be used as input for the template processing + items: + description: ObjectReference contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this pod). + This syntax is chosen only to have some well-defined way + of referencing a part of an object. TODO: this design + is not final and this field is subject to change in the + future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + targetObjectRef: + description: TargetObjectRef is a reference to the object to which + the pacth should be applied. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + required: + - patchTemplate + - targetObjectRef + type: object + type: array + resources: + description: Resources is a list of resource manifests that should be + locked into the specified configuration + items: + properties: + excludedPaths: + items: + type: string + type: array + object: + type: object + required: + - object + type: object + type: array + serviceAccountRef: + description: ServiceAccountRef is the service account to be used to + run the controllers associated with this configuration + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: object + status: + description: ResourceLockerStatus defines the observed state of ResourceLocker + properties: + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about the transition. + type: string + patchStatuses: + items: + properties: + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + objectReference: + description: the name of the locked configuration + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + status: + description: Status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of deployment condition. + enum: + - Enforcing + - Failure + type: string + required: + - objectReference + - status + type: object + type: array + resourceStatuses: + items: + properties: + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + objectReference: + description: the name of the locked configuration + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + status: + description: Status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of deployment condition. + enum: + - Enforcing + - Failure + type: string + required: + - objectReference + - status + type: object + type: array + status: + description: Status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of deployment condition. + enum: + - Success + - Failure + type: string + required: + - status + - type + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/community-operators/resource-locker-operator/0.1.1/resource-locker-operator.v0.1.1.clusterserviceversion.yaml b/community-operators/resource-locker-operator/0.1.1/resource-locker-operator.v0.1.1.clusterserviceversion.yaml new file mode 100644 index 0000000000..1f209ad19f --- /dev/null +++ b/community-operators/resource-locker-operator/0.1.1/resource-locker-operator.v0.1.1.clusterserviceversion.yaml @@ -0,0 +1,183 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "redhatcop.redhat.io/v1alpha1", + "kind": "ResourceLocker", + "metadata": { + "name": "example-resourcelocker" + }, + "spec": { + "size": 3 + } + } + ] + capabilities: Deep Insights + categories: Security + certified: "false" + containerImage: quay.io/redhat-cop/resource-locker-operator:latest + createdAt: 11/14/2019 + description: This operator provides a facility to lock resources and / or patches + into the state described by its custom resource preventing any drifts. + repository: https://github.com/redhat-cop/resource-locker-operator + support: Best Effort + name: resource-locker-operator.v0.1.1 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: represent the desire to lock a set of resources and / or patches + into the state described by this custom resource preventing any drifts. + displayName: Resource Locker + kind: ResourceLocker + name: resourcelockers.redhatcop.redhat.io + version: v1alpha1 + description: "The resource locker operator allows you to specify a set of configurations + that the operator will \"keep in place\" (lock) preventing any drifts. \nTwo types + of configurations may be specified:\n\n* Resources. This will instruct the operator + to create and enforce the specified resource. In this case the operator \"owns\" + the created resources.\n* Patches to resources. This will instruct the operator + to patch- and enforce the change on- a pre-existing resource. In this case the + operator does not \"own\" the resource.\n\nLocked resources are defined with the + `ResourceLocker` CRD. Here is the high-level structure of this CRD:\n\n```yaml\napiVersion: + redhatcop.redhat.io/v1alpha1\nkind: ResourceLocker\nmetadata:\n name: test-simple-resource\nspec:\n + \ resources:\n - object:\n apiVersion: v1\n ...\n patches:\n - targetObjectRef:\n + \ ...\n patchTemplate: |\n metadata:\n annotations:\n hello: + bye\n ...\n serviceAccountRef:\n name: default\n```\n\nIt contains:\n\n* + `resources`: representing an array of resources\n* `patches`: representing an + array of patches\n* `serviceAccountRef`: a reference to a service account define + din the same namespace as the ResourceLocker CR, that will be used to create the + resources and apply the patches. If not specified the service account will be + defaulted to: `default`\n\nFor each ResourceLocker a manager is dynamically allocated. + For each resource and patch a controller with the needed watches is created and + associated with the previously created manager. \n" + displayName: Resource Locker Operator + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAMAAADDpiTIAAAAA3NCSVQICAjb4U/gAAAACXBIWXMAAH85AAB/OQGCGULUAAAAGXRFWHRTb2Z0d2FyZQB3d3cuaW5rc2NhcGUub3Jnm+48GgAAAtlQTFRF////AQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACsX3ZHQAAAPJ0Uk5TAAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNGR0hJSktMTU5PUFFSVFVWV1hZWltcXV5fYGFiY2VmZ2hpamtsbW5vcHFyc3V2d3h5ent9fn+AgYKDhIaIiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaaoqaqsra6vsLGys7S1tre4ubq7vL6/wMLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u/w8fLz9PX29/j5+vv8/f4+bBGbAAAiuUlEQVQYGe3BjWNV5YEm8OfmA3KDMDAINKQO2zYkr1aCxEIqXQQMbHQdAgi3KowobgSkbqoOBHGFqoyMIKsmfIywytbqAlXjkg7gkMXo8CEszSYETacmaIAbQmJuvMnzF+xQq0U8Ce977rnnfc+95/cDkkZGdv70uaXlz73y+p5399V8eLz+k5bzHdFox/mWT+qPf1iz7909r7/yXHnp3On52RnwJYrUMdMWPbVj7+GmDiroaDq8d8dTi6aNSYXPo0YWhlZU7D3VzZh0n9pbsSJUOBI+7xhUuHjDvrN01Nl9GxYXDoLPbCk5c558o76XcdJb/8aTc3JS4DNR1tz1NR10QUfN+rlZ8BkkJb90RyNd1bijND8FPv0G3baqKkwtwlWrbhsEnz6BgvL3otQq+l55QQA+DYbO29ZMIzRvmzcUPjcFJqw8EKVBogdWTgjA54qBs7Y200DNW2cNhC/O0u/Y3kZjtW2/Ix2+uEmbueUcDXduy8w0+OIgtejlVnpC68tFqfA5q3DTGXrImU2F8Dlm6LKj9Jyjy4bC54Qp2zvpSZ3bp8AXo2vLTtLDTpZdC59tgaKdEXpcZGdRAD47MpfWMyHUL82ET9WoNa1MGK1rRsGnQlR2MaF0VQr4ZE3d08uE07tnKnwSUufXMkHVzk+Fr3/pD55mAjv9YDp8fUu9r5EJrvG+VPispdxdxyRQd3cKfN8VmHuCSeLE3AB8V5h1hEnkyCz4LldcyyRTWwzf126sZhKqvhG+S4ZvijIpRTcNhy/t4XNMWuceTkOSm3GCSe3EDCSznN1MertzkKyGPBOhj5FnhiAp3dVM358034Xkk72Lvm/sykZyCZS20XeZttIAkkjefvqusD8PySK9vIu6XPz4g6pXn1/7xOOPLHlgwbyS4qKi4pJ5Cx5Y8sjjT6x9/tWqDz6+SF26ytORFCYdo9s6jv92Y9n8ovHZGbiqjOzxRfPLNv72eAfddmwSEl/m+h6659O9FStChSNhy8jC0IqKvZ/SPT3rM5HgJpykOy4e2rx8+nA4YPj05ZsPXaQ7Tk5AIgs8GmH8fb5r9eycFDgqJWf26l2fM/4ijwaQsEZXM97qtt6fh7jJu39rHeOtejQS1OxWxlOk5tmSEYi7ESXP1kQYT62zkYgyKxhHDRtvD8I1wds3NjCOKjKRcG6uY7x88c7ysXDd2OXvfMF4qbsZiSXwWDfjo35DcRCaBIs31DM+uh8LIIEMe5txUb82H5rlr61nXLw9DAnjpkbGQePTBTBCwdONjIPGm5AgFnbScU3rJsEgk9Y10XGdC5EIBmyi09orJwdgmMDkynY6bdMAeF72QTrs/cXXwEjXLH6fDjuYDY+b2kJHnX9hPAw2/oXzdFTLVHha2Zd00oGFQRguuPAAnfRlGbwruJMO6qq8AZ5wQ2UXHbQzCI8aUUPntK4ZBc8YtaaVzqkZAU/KPUXHNCzNhKdkLm2gY07lwoOmnKVTDs5JgeekzDlIp5ydAs8JddEhb02GR01+iw7pCsFjVvTSGdW3wMNuqaYzelfAS9Iq6IwD0+Bx0w7QGRVp8IzBVXTEoRlIADMO0RFVg+ERWUfohMN3IkHceZhOOJIFTxjTQAc0hQJIGIFQEx3QMAYekNvE2HWsDiKhBFd3MHZNuTDeuBbG7rXrkHCue42xaxkHw008y5jVTkZCmlzLmJ2dCKPdeoGxal4UQIIKLGpmrC7cCoPN7GSMousGI4ENXhdljDpnwlizI4zRkZ8gwf3kCGMUmQ1D3RtlbLpWpiHhpa3sYmyi98JI9/YwNvvzkBTy9jM2PffCQLOjjEnbQwEkicBDbYxJdDaMMzPCmOz+PpLI93czJpGZMMytnYxF52IkmcWdjEXnrTDKxAuMxclxSDrjTjIWFybCIOPOMhbbByEJDdrOWJwdB2PktjAGHfcjSd3fwRi05MIQY5oYgxM/RtL68QnGoGkMjJDVwBhsy0QSy9zGGDRkwQCDj9C+iwuR5BZepH1HBkO7tCra99H1SHrXf0T7qtKgWwXt2xyED8HNtK8Cmq2gbe33wPcn97TTthXQKtRLu47mwfdneUdpV28IGk3pol0vZcD3jYyXaFfXFGiTe5Y2dS+A71sWdNOms7nQZMQp2tQ+A74rzGinTadGQItgDW36bCJ83zHxM9pUE4QOO2nT6Vz4LOSepk07oUEZbTo2Gj5Lo4/RpjK4buqXtGf/UPj6MHQ/7flyKlyW3UJ73syAr08Zb9Kelmy4asBB2lOZCl8/Uitoz8EBcNMm2rMGvqtYQ3s2wUULaUvPMviualkPbVkI19zUSTsi8+CTMC9COzpvgkuGNdKOC0XwSSm6QDsah8EVgbdpx5kC+CQVnKEdbwfghsdoR2MOfNJyGmnHY3DBzd20oTELPgVZjbSh+2bEXWYdbTiTA5+SnDO0oS4T8VZBGy4UwKeo4AJtqECczaYNkSL4lBVFaMNsxNXoVqrrmQefDfN6qK51NOIoUE0blsFnyzLaUB1A/DxKG9bAZ9Ma2vAo4mZChOoq4LOtkuoiExAnmSep7s1U+GxLfZPqTmYiPtZT3f4M+GKQsZ/q1iMuJvVQ2bGh8MVk6DEq65mEOEg/RmWnR8MXo9GnqexYOpxXTmWf5cIXs9zPqKwcjsvroqr2ifA5YGI7VXXlwWGB/VTVPQM+R8zopqr9ATirlMoWwOeQBVRWCkdlt1HVS/A55iWqasuGk3ZR1dEM+ByTcZSqdsFBd1FVex58Dsprp6q74JghzVR1D3yOuoeqmofAKc9Q1Wb4HLaZqp6BQ3IiVPRRED6HBT+iokgOnLGbii5eD5/jrr9IRbvhiBlUtRC+OFhIVTPggLQTVLQNvrjYRkUn0hC7h6noRCZ8cZF5gooeRsyGn6Oajh/DFyc/7qCac8MRq01UdD98cXM/FW1CjG6MUs12+OJoO9VEb0Rsqqnm5CD44mjQSaqpRkyKqaZzHHxxNa6TaooRi1qqWQxfnC2mmlrEYBbV7IYv7nZTzSzYFjhCJW3fhy/uvt9GJUcCsGsu1TwEnwseopq5sCnlBJXsD8DngsB+KjmRAnvuppKuPPhckddFJXfDltQ6KlkJn0tWUkldKuy4j0qOpMHnkrQjVHIfbEhvpIroT+AhA26Ys+Ift/z6nfeOHn3vnV9v+ccVs69Ph4f8JEoVjelQ9yCVrINHDJz233b/vyi/48u6XatvHQCPWEclD0JZ6mmqaB4MD0j9j6t+9wX70VldPjkFHjC4mSpOp0LVfCpZBPON/4dmSvjjs+NgvkVUMh+qaqmiNgDDjfrlUUo7UjYKhgvUUkUtFE2lkskw2394sYtKul4cA7NNppKpULOHKl6D0XK3fUll3Vt+BKO9RhV7oET0UkHHdTDY37zWQ1ui27NhsOs6qKBXQEUlVayGudIfu0jb2n+ZBnOtpopKKBjVRQVNQRhr6gnG5KNbYaxgExV0jYK8NVQRgqmG/BNj9k9DYKoQVayBtMxWKjgcgKFubqAD6ifAUIHDVNCaCVlLqeJOGOrhCB3RtQSGupMqlkJSoJ4KDsFMQ9+gY/7nEJjpEBXUByCniCpmwEjXnaSDjo2GkWZQRRHk7KSCAzDSDX+go06PhZEOUMFOSLk2QgXTYKKfnqXDPrsZJppGBZFrIaOMCqphouIOOu5CEUxUTQVlkHGSCm6BgaZ3MQ46fwYD3UIFJyFhChW8BQNNaGNcnLsRBnqLCqbg6rZTwWSYJ+cM4+SPY2CeyVSwHVc1tJPyDsI83zvFuKkbAfMcpLzOobiaZVQwB8YZ8D4lRf9Yu+vFVate3FX7xyglvZcG48yhgmW4mqOU15AC42yghN7/8/cTs1LwjdSswvL3eynhGRgnpYHyjuIqCqlgKYwzh1cVeee/ZMFC9pL/3c2r6b0DxllKBYXo3ybKa82EaX4Q5lX8a2gw+vRX9xzlVbReB9NktlLeJvQr9QzlrYFp0mvZv4/vCaBfKff9gf37l1SYZg3lnUlFf4oor2sUTPM4+3XulwNxVRmPh9mvX8A0o7oorwj9eZnyKmGa6y6yH13PDIOU4esj7EdbFkxTSXkvox9prZR3A0zzG/bjk5sgbeK/sR+vwjQ3UF5rGvo2k/IOwDTF7Md7I6Egq4b9mA7THKC8mejbFspbCMMMbGDftgyAkoH/xL793zQYZiHlbUGf0s9R2vkgDFPKPkV/AWX/Nco+3QfDBM9T2rl09OUOynsBhkk7zb50zoANMzrZl7oUGOYFyrsDfdlOeeNhmL9jn34OW37OPs2HYcZT3nb0YWAbpb0Pw6T8nn35FWz6FftyNADDvE9pbQNhbRblLYZh5rEvuwKwKbCLfflbGGYx5c2Cta2U1n4NDHOAffhoMGwb/BH7sBeGuaad0rbCUqCZ0iphmB+yD60/QAx+0EprPdkwTCWlNQdgZQLlTYZhnmAfZiEms9iHx2CYyZQ3AVZWUlpTAIapp7X9iNF+WjsOwwSaKG0lrBygtHUwzC3sw08Ro5+yDxNgmHWUdgAWhkYpbRIMs4nWfoOY/YbW/gGGmURp0aH4rnmU1gjTNNDSl3mIWd6XtHQcpmmktHn4rm2U9jQM8ze09hIc8BKtjYJhnqa0bfiOQDOlFcAwi2jpiyw4IOsLWvo5DFNAac0BXKmA0uphmh209L/giF20VAnT1FNaAa5UTmlrYZo/0tLfwRGLaOkUTLOW0spxpfcoLR+G+SEtRYfDESN6aGk0DJNPae/hCoOilFUP09xBS7+DQ/bTUhFMU09Z0UH4ttsobQNMU0ZLD8MhZbS0BKbZQGm34dtWUVoxTPMyLV0Hh/yIlp6HaYopbRW+rYqyvgjCNPto5QM45jitVME0wS8oqwrfkhKmrHdgnGZa2QbHvEYrp2GcdygrnILL5VPacpgmg5Z+Bceso5WeFJhmOaXl43KllDYWphlFSw/DMWW09FcwzVhKK8XldlBWA4yTQ0tz4ZgQLX0fxmmgrB24XCNlbYRxJtDSz+CYW2npehhnI2U14jJZlHY7jHMrLf0QjsmhpUkwzu2UloW/mEtZkSCMcwctBeGYTFoqgnGCEcqai79YT1k1MM88WmmHg9pp5W9hnhrKWo+/qKGsZ2GeEK2E4aAwrZTAPM9SVg2+kdJBWSUwT4hWwnBQmFZKYJ4SyupIwddyKG0EzBOilTAcFKaVEphnBKXl4GtzKKsOBgrRShgOCtNKCQxUR1lz8LUnKWsrDBSilTAcFKaVEhhoK2U9ia+9QVn3w0AhWgnDQWFaKYGB7qesN/C1esrKg4FCtBKGg8K0UgID5VFWPf5sUC8lfQ4ThWglDAeFaaUEJvqcknoH4SuFlLULJgrRShgOCtNKCUy0i7IK8ZXFlLUaJgrRShgOCtNKCUy0mrIW4ysbKGs2TBSilTAcFKaVEphoNmVtwFf2UVYOTBSilTAcFKaVEpgoh7L24StnKeliCkwUopUwHBSmlRKYKOUiJZ3Fn4ykrEMwUohWwnBQmFZKYKRDlDUSlxRS1mYYKUQrYTgoTCslMNJmyirEJSHKWg4jhWglDAeFaaUERlpOWSFcsoKypsNIIVoJw0FhWimBkaZT1gpcUkFZw2GkEK2E4aAwrZTASMMpqwKX7KWkT2GmEK2E4aAwrZTATJ9S0l5ccoqS9sJMIVoJw0FhWimBmfZS0in8u9RuSqqAmUK0EoaDwrRSAjNVUFJ3KoAxlLUCZgrRShgOCtNKCcy0grLGAJhGWSGYKUQrYTgoTCslMFOIsqYBWERZhTBTiFbCcFCYVkpgpkLKWgTgKcoaCTOFaCUMB4VppQRmGklZTwHYQUkdMFSIVsJwUJhWSmCoDkraAWAvJR2HoUK0EoaDwrRSAkMdp6S9AA5T0m9hqBCthOGgMK2UwFC/paTDAJooaSMMFaKVMBwUppUSGGojJTUB6KCkMhgqRCthOChMKyUwVBkldQAZlDUfhgrRShgOCtNKCQw1n7IykE1ZRTBUiFbCcFCYVkpgqCLKykY+ZY2HKTKnPPI/Toa/0UFLYQfRUkf4Gyd3/OJnQZhiPGXlYzplZcMQ/7mZRvq3/wRDZFPWdMylrAwYYcgWGqtyMIyQQVlzUUpJF2GEkadpsNMjYYSLlFSKckr6GEZ4k0Z7E0b4mJLK8RwlfQAT3EPD3QMTfEBJz+EVSqqCAb53joY79z0YoIqSXsHrlPQqDFBK45XCAK9S0uvYQ0nPwwCVNF4lDPA8Je3Bu5S0FgY4TOMdhgHWUtK72EdJT0C/gd00XvdA6PcEJe1DDSU9Dv1y6QG50O9xSqrBh5T0CPQT9AAB/R6hpA9xnJKWQD9BDxDQbwklHUc9JT0A/QQ9QEC/ByipHp9Q0gLoJ+gBAvotoKRP0EJJ86CfoAcI6DePklpwnpJKoJ+gBwjoV0JJ59FBScXQT9ADBPQrpqQORCmpCPoJeoCAfkWUFEWUkoqgn6AHCOhXRElRdFBSMfQT9AAB/YopqQPnKakE+gl6gIB+JZR0Hi2UNA/6CXqAgH7zKKkFn1DSAugn6AEC+i2gpE9QT0kPQD9BDxDQ7wFKqsdxSloC/QQ9QEC/JZR0HB9S0iPQT9ADBPR7hJI+RA0lPQ79BD1AQL/HKakG+yjpCegn6AEC+j1BSfvwLiWthX6CHiCg31pKehd7KOl56CfoAQL6PU9Je/A6Jb0K/QQ9QEC/VynpdbxCSVXQT9ADBPSroqRX8BwlfQD9BD1AQL8PKOk5lFPSx9BP0AME9PuYkspRSkkXoZ+gBwjod5GSSjGXsjKgnaAHCGiXQVlzMZ2ysqGdoAcIaJdNWdORT1njoZ2gBwhoN56y8pFNWUXQTtADBLQroqxsZFDWfGgn6AEC2s2nrAygg5LKoJ2gBwhoV0ZJHQCaKGkjtBP0AAHtNlJSE4DDlPRbaCfoAQLa/ZaSDgPYS0nHoZ2gBwhod5yS9gLYQUkd0E7QAwS066CkHQCeoqyR0E3QAwR0G0lZTwFYRFmF0E3QAwR0K6SsRQCmUVYIugl6gIBuIcqaBmAMZa2AboIeIKDbCsoaAyC1m5IqoJugBwjoVkFJ3an4d6coaS90E/QAAd32UtIpXLKXkj6FboIeIKDbp5S0F5dUUNZwaCboAQKaDaesClyygrKmQzNBDxDQbDplrcAlIcpaDs0EPUBAs+WUFcIlhZS1GZoJeoCAZpspqxCXjKSsQ9BM0AMENDtEWSPxJ2cp6WIK9BL0AAG9Ui5S0ll8ZR9l5UAvQQ8Q0CuHsvbhKxsoazb0EvQAAb1mU9YGfGUxZa2GXoIeIKDXaspajK8UUtYu6CXoAQJ67aKsQnxlUC8lfQ69BD1AQK/PKal3EP6snrLyoJWgBwholUdZ9fjaG5R1P7QS9AABre6nrDfwtScpayu0EvQAAa22UtaT+NocyqqDVoIeIKBVHWXNwddyKG0EdBL0AAGdRlBaDr6W0kFZJdBJ0AMEdCqhrI4UfKOGsp6FToIeIKDTs5RVg79YT1k10EnQAwR0qqGs9fiLuZQVCUIjQQ8Q0CgYoay5+IssSrsdGgl6gIBGt1NaFi7TSFkboZGgBwhotJGyGnG5HZTVAI0EPUBAowbK2oHLlVLaWOgj6AEC+oyltFJcLp/SlkMfQQ8Q0Gc5peXjcilhynoH+gh6gIA+71BWOAXfUkVZXwShjaAHCGgT/IKyqvBtqyitGNoIeoCANsWUtgrfdhulbYA2gh4goM0GSrsN3zYoSln10EbQAwS0qaes6CBc4T1Ky4cugh4goEs+pb2HK5VT2lroIugBArqspbRyXKmA0uqhi6AHCOhST2kFuFKgmdIKoImgBwhoUkBpzQF8xzZKexqaCHqAgCZPU9o2fNc8SmuEJoIeIKBJI6XNw3cNjVLaJOgh6AECekyitOhQWDhAaeugh6AHCOixjtIOwMpKSmsKQAtBDxDQItBEaSthZQLlTYYWgh4goMVkypsAK4FmSquEFoIeIKBFJaU1B2BpK6W1XwMdBD1AQIdr2iltK6zNorzF0EHQAwR0WEx5s2BtYBulvQ8dBD1AQIf3Ka1tIPqwnfLGQwNBDxDQYDzlbUdf7qC8F6CBoAcIaPAC5d2BvqSfo7TzQbhP0AME3Bc8T2nn0tGnLZS3EO4T9AAB9y2kvC3o20zKOwD3CXqAgPsOUN5M9C2tlfJugOsEPUDAdTdQXmsa+vEy5VXCdYIeIOC6Ssp7Gf0poryuUXCboAcIuG1UF+UVoT+pZyhvDdwm6AECbltDeWdS0a9NlNeaCZcJeoCAyzJbKW8T+ldIBUvhMkEPEHDZUiooxFUcpbyGFLhL0AME3JXSQHlHcTXLqGAO3CXoAQLumkMFy3A1Qzsp7yDcJegBAu46SHmdQ3FV26lgMlwl6AECrppMBdtxdVOo4C24StADBFz1FhVMgYSTVHAL3CToAQJuuoUKTkJGGRVUw02CHiDgpmoqKIOMayNUMA0uEvQAARdNo4LItZCykwoOwEWCHiDgogNUsBNyiqhiBtwj6AEC7plBFUWQE6ingkNwj6AHCLjnEBXUByBpKVXcCdcIeoCAa+6kiqWQldlKBYcDcMtYesBYuCVwmApaMyFtDVWE4JYBERovMgBuCVHFGsgb1UUFTUG4pZbGq4Vbgk1U0DUKCiqpYjXc8iKN9yLcspoqKqFC9FJBx3VwyQM03gNwyXUdVNAroGQPVbwGlwz7lIb7dBhc8hpV7IGaqVQyGS65k4a7Ey6ZTCVToaiWKmoDcMl2Gm07XBKopYpaqJpPJYvgkmEnaLATw+CSRVQyH6pST1NF82C4ZOAzPTRUzzMD4ZLBzVRxOhXKHqSSdXDNLb+nkX5/C1yzjkoehLr0RqqI3gzXBMaG1v3z743yz+tCYwNwzU+iVNGYDhvuo5LDafC5JO0IldwHO1LrqOTv4XPJSiqpS4Utd1PJF2Phc0VeF5XcDXtSTlDJvgB8Lgjsp5ITKbBpLtUshs8FD1HNXNgVOEIl4Sz44u77bVRyJADbZlHNb+CLu91UMwsxqKWav4MvzhZTTS1iUUw1HdfDF1fjOqmmGDGppprjQfjiaNBJqqlGbG6MUs0W+OLoFaqJ3ogYbaKie+GLm/uoaBNiNfwc1bTnwRcnN3RQzbnhiNnDVHQ0A764CB6noocRu7QTVPQyfHGxmYpOpMEBM6gqBF8c3ENVM+CI3VR0YSx8jsttp6LdcEZOhIoOD4TPYRlHqCiSA4c8Q1X/HT6HvURVz8ApQ5qp6i74HDWfqpqHwDF3UVXbj+Bz0I/aqOouOGgXVX0wAD7HDPyQqnbBSdltVLUBPsdspKq2bDiqlMrmw+eQ+VRWCmcF9lNV13T4HDG9i6r2B+CwvC6qarsJPgfc1EZVXXlwXDmVtfwIvpj9qIXKyuG89GNU1jAKvhiNaqCyY+mIg0k9VPavQ+CLyZB/pbKeSYiL9VT3u4HwxWDg76huPeIj8yTVvZ4Cn20pr1PdyUzEyYQI1b0In20vUl1kAuLmUdrwJHw2PUkbHkX8BKppwxL4bFlCG6oDiKPRrVTXcxd8NtzVQ3WtoxFXs2lD5Db4lN0WoQ2zEWcVtOFCAXyKCi7QhgrEW2YdbTiTA5+SnDO0oS4TcXdzN204lQWfgqxTtKH7ZrjgMdrRmAOftJxG2vEY3BB4m3acKYBPUsEZ2vF2AK4Y1kg7LhTBJ6XoAu1oHAaX3NRJOyLz4JMwL0I7Om+CaxbSlp5l8F3Vsh7ashAu2kR71sB3FWtozya4acBB2lOZCl8/Uitoz8EBcFV2C+15MwO+PmW8SXtasuGyqV/Snv1D4evD0P2058upcF0ZbTo2Gj5Lo4/RpjJosJM2nc6Fz0Luadq0EzoEa2jTZxPh+46Jn9GmmiC0GHGKNrXPgO8KM9pp06kR0CT3LG3qXgDftyzopk1nc6HNlC7a9VIGfN/IeIl2dU2BRqFe2nUkF74/yz1Cu3pD0GoFbbvwc/j+5OcXaNsKaFZB+17OgA8ZL9O+CuiWVkX7juYh6eUdpX1VadBu8BHa1343ktzd7bTvyGAYIKuBMagMIokFKxmDhiwYYUwTY3AsD0kr7xhj0DQGhshtYQza70WSuredMWjJhTHGnWUsNgeRhIKbGYuz42CQiRcYi48Eko74iLG4MBFGubWTsbi4AElmwUXGovNWGGZmhDH59SgkkVG/ZkwiM2Gc2VHG5NwiJI1F5xiT6GwY6N4exmbvD5AUfrCXsem5F0a6N8rYdJSlIuGllnUwNtF7YajZEcbo/XwkuPz3GaPIbBhrZidj1L02Ewksc203Y9Q5Ewa79QJj9Ye7A0hQgbv/wFhduBVGm3iWMauZhIQ0qYYxOzsRhhvXwpj1bs9Gwsne3suYtYyD8XKbGLuLq4JIKMFVFxm7plx4wJgGOuCTUAAJIxD6hA5oGANPyDpCJxy+EwnizsN0wpEseMTgKjri0AwkgBmH6IiqwfCMtAo648A0eNy0A3RGRRq8ZEUvnVF9Czzslmo6o3cFPCbURYe8NRkeNfktOqQrBM+ZcpZOOTgnBZ6TMucgnXJ2Cjwo9xQd07A0E56SubSBjjmVC08aUUPntK4ZBc8YtaaVzqkZAY8K7qSDuipvgCfcUNlFB+0MwrvKvqSTDiwMwnDBhQfopC/L4GlTW+io8y+Mh8HGv3CejmqZCo/LPkiHvb/4GhjpmsXv02EHs+F5AzbRae2VkwMwTGByZTudtmkAEsHCTjquad0kGGTSuiY6rnMhEsRNjYyDxqcLYISCpxsZB403IWEMe5txUb82H5rlr61nXLw9DAkk8Fg346N+Q3EQmgSLN9QzProfCyCx3FzHePnineVj4bqxy9/5gvFSdzMSTmYF46hh4+1BuCZ4+8YGxlFFJhLR7FbGU6Tm2ZIRiLsRJc/WRBhPrbORoEZXM97qtt6fh7jJu39rHeOtejQSVuDRCOPv811PlPwwAEcFfljyxK7PGX+RRwNIZBNO0h0X/uXFh342BA4Y8rOHXvyXC3THyQlIcJnre+ia3sY9G8rmFPw1bPnrgjllG/Y09tI1PeszkfgmHaPbLhzbvaFsftH47AxcVUb2+KL5ZRt2H7tAtx2bhKSQXt5FXS5+/EHVq8+vfeLxR5Y8sGBeSXFRUXHJvAUPLHnk8SfWPv9q1QcfX6QuXeXpSBZ5++m7wv48JJFAaRt9l2krDSC5ZO+i7xu7spF87mqm70+a70JSGvJMhD5GnhmCZJWzm0lvdw6S2YwTTGonZiDJpT18jknr3MNp8A3fFGVSim4aDt8lN1YzCVXfCN/XimuZZGqL4bvcrCNMIkdmwXeFwNwTTBIn5gbg+66Uu+uYBOruToHPWup9jUxwjfelwte39AdPM4GdfjAdvv6lzq9lgqqdnwqfhKl7eplwevdMhU+WqOxiQumqFPCpGLWmlQmjdc0o+FRlLq1nQqhfmgmfHYGinRF6XGRnUQA+264tO0kPO1l2LXwxmrK9k57UuX0KfE4YuuwoPefosqHwOaZw0xl6yJlNhfA5K7Xo5VZ6QuvLRanwxUHazC3naLhzW2amwRc36Xdsb6Ox2rbfkQ5fnA2ctbWZBmreOmsgfK4ITFh5IEqDRA+snBCAz01D521rphGat80bCp8GgYLy96LUKvpeeUEAPn0G3baqKkwtwlWrbhsEn34p+aU7Gumqxh2l+SnwGSRr7vqaDrqgo2b93Cz4TJSSM+fJN+p7GSe99W88OScnBT6zDSpcvGHfWTrq7L4NiwsHwecdIwtDKyr2nupmTLpP7a1YESocCZ9HpY6ZtuipHXsPN3VQQUfT4b07nlo0bUwqfIkiIzt/+tzS8udeeX3Pu/tqPjxe/0nL+Y5otON8yyf1xz+s2ffuntdfea68dO70/OwMJI3/DwYnnV0gVKhrAAAAAElFTkSuQmCC + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - redhatcop.redhat.io + resources: + - resourcelockers + - resourcelockers/status + verbs: + - '*' + - apiGroups: + - "" + resources: + - serviceaccounts + - secrets + verbs: + - get + - list + - watch + serviceAccountName: resource-locker-operator + deployments: + - name: resource-locker-operator + spec: + replicas: 1 + selector: + matchLabels: + name: resource-locker-operator + strategy: {} + template: + metadata: + labels: + name: resource-locker-operator + spec: + containers: + - command: + - resource-locker-operator + env: + - name: WATCH_NAMESPACE + value: "" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPERATOR_NAME + value: resource-locker-operator + image: quay.io/redhat-cop/resource-locker-operator:v0.1.1 + imagePullPolicy: Always + name: resource-locker-operator + resources: {} + serviceAccountName: resource-locker-operator + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + verbs: + - '*' + - apiGroups: + - "" + resources: + - services + - services/finalizers + verbs: + - '*' + - apiGroups: + - apps + resources: + - replicasets + - deployments + verbs: + - get + - list + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - apps + resourceNames: + - resource-locker-operator + resources: + - deployments/finalizers + verbs: + - update + serviceAccountName: resource-locker-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + links: + - name: repository + url: https://github.com/redhat-cop/resource-locker-operator + - name: conatinerImage + url: https://quay.io/redhat-cop/resource-locker-operator:latest + maintainers: + - email: rspazzol@redhat.com + name: Raffaele Spazzoli + maturity: alpha + provider: + name: Containers & PaaS CoP + replaces: resource-locker-operator.v0.1.0 + version: 0.1.1 + keywords: + - resource_management + - enforcing + - patches diff --git a/community-operators/resource-locker-operator/0.1.2/redhatcop.redhat.io_resourcelockers_crd.yaml b/community-operators/resource-locker-operator/0.1.2/redhatcop.redhat.io_resourcelockers_crd.yaml new file mode 100644 index 0000000000..47ff495c70 --- /dev/null +++ b/community-operators/resource-locker-operator/0.1.2/redhatcop.redhat.io_resourcelockers_crd.yaml @@ -0,0 +1,325 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: resourcelockers.redhatcop.redhat.io +spec: + group: redhatcop.redhat.io + names: + kind: ResourceLocker + listKind: ResourceLockerList + plural: resourcelockers + singular: resourcelocker + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: ResourceLocker is the Schema for the resourcelockers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ResourceLockerSpec defines the desired state of ResourceLocker + properties: + patches: + description: Patches is a list of pacthes that should be encforced at + runtime. + items: + description: Patch describe a pacth to be enforced at runtim + properties: + patchTemplate: + description: PatchTemplate is a go template that will be resolved + using the SourceObjectRefs as parameters. The result must be + a valid patch based on the pacth type and the target object. + type: string + patchType: + description: PatchType is the type of patch to be applied, one + of "application/json-patch+json"'"application/merge-patch+json","application/strategic-merge-patch+json","application/apply-patch+yaml" + enum: + - application/json-patch+json + - application/merge-patch+json + - application/strategic-merge-patch+json + - application/apply-patch+yaml + type: string + sourceObjectRefs: + description: SourceObject refs is an arrays of refereces to source + objects that will be used as input for the template processing + items: + description: ObjectReference contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this pod). + This syntax is chosen only to have some well-defined way + of referencing a part of an object. TODO: this design + is not final and this field is subject to change in the + future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + targetObjectRef: + description: TargetObjectRef is a reference to the object to which + the pacth should be applied. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + required: + - patchTemplate + - targetObjectRef + type: object + type: array + resources: + description: Resources is a list of resource manifests that should be + locked into the specified configuration + items: + properties: + excludedPaths: + items: + type: string + type: array + object: + type: object + required: + - object + type: object + type: array + serviceAccountRef: + description: ServiceAccountRef is the service account to be used to + run the controllers associated with this configuration + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: object + status: + description: ResourceLockerStatus defines the observed state of ResourceLocker + properties: + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about the transition. + type: string + patchStatuses: + items: + properties: + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + objectReference: + description: the name of the locked configuration + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + status: + description: Status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of deployment condition. + enum: + - Enforcing + - Failure + type: string + required: + - objectReference + - status + type: object + type: array + resourceStatuses: + items: + properties: + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + objectReference: + description: the name of the locked configuration + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + status: + description: Status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of deployment condition. + enum: + - Enforcing + - Failure + type: string + required: + - objectReference + - status + type: object + type: array + status: + description: Status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of deployment condition. + enum: + - Success + - Failure + type: string + required: + - status + - type + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/community-operators/resource-locker-operator/0.1.2/resource-locker-operator.v0.1.2.clusterserviceversion.yaml b/community-operators/resource-locker-operator/0.1.2/resource-locker-operator.v0.1.2.clusterserviceversion.yaml new file mode 100644 index 0000000000..d5d1870047 --- /dev/null +++ b/community-operators/resource-locker-operator/0.1.2/resource-locker-operator.v0.1.2.clusterserviceversion.yaml @@ -0,0 +1,264 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "redhatcop.redhat.io/v1alpha1", + "kind": "ResourceLocker", + "metadata": { + "name": "test-simple-resource" + }, + "spec": { + "resources": [ + { + "object": { + "apiVersion": "v1", + "kind": "ResourceQuota", + "metadata": { + "name": "small-size", + "namespace": "resource-locker-test" + }, + "spec": { + "hard": { + "requests.cpu": "4", + "requests.memory": "2Gi" + } + } + } + } + ], + "serviceAccountRef": { + "name": "default" + } + } + }, + { + "apiVersion": "redhatcop.redhat.io/v1alpha1", + "kind": "ResourceLocker", + "metadata": { + "name": "test-simple-patch" + }, + "spec": { + "serviceAccountRef": { + "name": "default" + }, + "patches": [ + { + "targetObjectRef": { + "apiVersion": "v1", + "kind": "ServiceAccount", + "name": "test", + "namespace": "resource-locker-test" + }, + "patchTemplate": "metadata:\n annotations:\n hello: bye\n", + "patchType": "application/strategic-merge-patch+json" + } + ] + } + }, + { + "apiVersion": "redhatcop.redhat.io/v1alpha1", + "kind": "ResourceLocker", + "metadata": { + "name": "test-complex-patch" + }, + "spec": { + "serviceAccountRef": { + "name": "default" + }, + "patches": [ + { + "targetObjectRef": { + "apiVersion": "v1", + "kind": "ServiceAccount", + "name": "test", + "namespace": "resource-locker-test" + }, + "patchTemplate": "metadata:\n annotations:\n {{ (index . 0).metadata.name }}: {{ (index . 1).metadata.name }}\n", + "patchType": "application/strategic-merge-patch+json", + "sourceObjectRefs": [ + { + "apiVersion": "v1", + "kind": "Namespace", + "name": "resource-locker-test" + }, + { + "apiVersion": "v1", + "kind": "ServiceAccount", + "name": "default", + "namespace": "resource-locker-test" + } + ] + } + ] + } + } + ] + capabilities: Deep Insights + categories: Security + certified: "false" + containerImage: quay.io/redhat-cop/resource-locker-operator:latest + createdAt: 11/14/2019 + description: This operator provides a facility to lock resources and / or patches + into the state described by its custom resource preventing any drifts. + repository: https://github.com/redhat-cop/resource-locker-operator + support: Best Effort + name: resource-locker-operator.v0.1.2 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: represent the desire to lock a set of resources and / or patches + into the state described by this custom resource preventing any drifts. + displayName: Resource Locker + kind: ResourceLocker + name: resourcelockers.redhatcop.redhat.io + version: v1alpha1 + description: "The resource locker operator allows you to specify a set of configurations + that the operator will \"keep in place\" (lock) preventing any drifts. \nTwo types + of configurations may be specified:\n\n* Resources. This will instruct the operator + to create and enforce the specified resource. In this case the operator \"owns\" + the created resources.\n* Patches to resources. This will instruct the operator + to patch- and enforce the change on- a pre-existing resource. In this case the + operator does not \"own\" the resource.\n\nLocked resources are defined with the + `ResourceLocker` CRD. Here is the high-level structure of this CRD:\n\n```yaml\napiVersion: + redhatcop.redhat.io/v1alpha1\nkind: ResourceLocker\nmetadata:\n name: test-simple-resource\nspec:\n + \ resources:\n - object:\n apiVersion: v1\n ...\n patches:\n - targetObjectRef:\n + \ ...\n patchTemplate: |\n metadata:\n annotations:\n hello: + bye\n ...\n serviceAccountRef:\n name: default\n```\n\nIt contains:\n\n* + `resources`: representing an array of resources\n* `patches`: representing an + array of patches\n* `serviceAccountRef`: a reference to a service account define + din the same namespace as the ResourceLocker CR, that will be used to create the + resources and apply the patches. If not specified the service account will be + defaulted to: `default`\n\nFor each ResourceLocker a manager is dynamically allocated. + For each resource and patch a controller with the needed watches is created and + associated with the previously created manager. \n" + displayName: Resource Locker Operator + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAMAAADDpiTIAAAAA3NCSVQICAjb4U/gAAAACXBIWXMAAH85AAB/OQGCGULUAAAAGXRFWHRTb2Z0d2FyZQB3d3cuaW5rc2NhcGUub3Jnm+48GgAAAtlQTFRF////AQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACsX3ZHQAAAPJ0Uk5TAAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNGR0hJSktMTU5PUFFSVFVWV1hZWltcXV5fYGFiY2VmZ2hpamtsbW5vcHFyc3V2d3h5ent9fn+AgYKDhIaIiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaaoqaqsra6vsLGys7S1tre4ubq7vL6/wMLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u/w8fLz9PX29/j5+vv8/f4+bBGbAAAiuUlEQVQYGe3BjWNV5YEm8OfmA3KDMDAINKQO2zYkr1aCxEIqXQQMbHQdAgi3KowobgSkbqoOBHGFqoyMIKsmfIywytbqAlXjkg7gkMXo8CEszSYETacmaIAbQmJuvMnzF+xQq0U8Ce977rnnfc+95/cDkkZGdv70uaXlz73y+p5399V8eLz+k5bzHdFox/mWT+qPf1iz7909r7/yXHnp3On52RnwJYrUMdMWPbVj7+GmDiroaDq8d8dTi6aNSYXPo0YWhlZU7D3VzZh0n9pbsSJUOBI+7xhUuHjDvrN01Nl9GxYXDoLPbCk5c558o76XcdJb/8aTc3JS4DNR1tz1NR10QUfN+rlZ8BkkJb90RyNd1bijND8FPv0G3baqKkwtwlWrbhsEnz6BgvL3otQq+l55QQA+DYbO29ZMIzRvmzcUPjcFJqw8EKVBogdWTgjA54qBs7Y200DNW2cNhC/O0u/Y3kZjtW2/Ix2+uEmbueUcDXduy8w0+OIgtejlVnpC68tFqfA5q3DTGXrImU2F8Dlm6LKj9Jyjy4bC54Qp2zvpSZ3bp8AXo2vLTtLDTpZdC59tgaKdEXpcZGdRAD47MpfWMyHUL82ET9WoNa1MGK1rRsGnQlR2MaF0VQr4ZE3d08uE07tnKnwSUufXMkHVzk+Fr3/pD55mAjv9YDp8fUu9r5EJrvG+VPispdxdxyRQd3cKfN8VmHuCSeLE3AB8V5h1hEnkyCz4LldcyyRTWwzf126sZhKqvhG+S4ZvijIpRTcNhy/t4XNMWuceTkOSm3GCSe3EDCSznN1MertzkKyGPBOhj5FnhiAp3dVM358034Xkk72Lvm/sykZyCZS20XeZttIAkkjefvqusD8PySK9vIu6XPz4g6pXn1/7xOOPLHlgwbyS4qKi4pJ5Cx5Y8sjjT6x9/tWqDz6+SF26ytORFCYdo9s6jv92Y9n8ovHZGbiqjOzxRfPLNv72eAfddmwSEl/m+h6659O9FStChSNhy8jC0IqKvZ/SPT3rM5HgJpykOy4e2rx8+nA4YPj05ZsPXaQ7Tk5AIgs8GmH8fb5r9eycFDgqJWf26l2fM/4ijwaQsEZXM97qtt6fh7jJu39rHeOtejQS1OxWxlOk5tmSEYi7ESXP1kQYT62zkYgyKxhHDRtvD8I1wds3NjCOKjKRcG6uY7x88c7ysXDd2OXvfMF4qbsZiSXwWDfjo35DcRCaBIs31DM+uh8LIIEMe5txUb82H5rlr61nXLw9DAnjpkbGQePTBTBCwdONjIPGm5AgFnbScU3rJsEgk9Y10XGdC5EIBmyi09orJwdgmMDkynY6bdMAeF72QTrs/cXXwEjXLH6fDjuYDY+b2kJHnX9hPAw2/oXzdFTLVHha2Zd00oGFQRguuPAAnfRlGbwruJMO6qq8AZ5wQ2UXHbQzCI8aUUPntK4ZBc8YtaaVzqkZAU/KPUXHNCzNhKdkLm2gY07lwoOmnKVTDs5JgeekzDlIp5ydAs8JddEhb02GR01+iw7pCsFjVvTSGdW3wMNuqaYzelfAS9Iq6IwD0+Bx0w7QGRVp8IzBVXTEoRlIADMO0RFVg+ERWUfohMN3IkHceZhOOJIFTxjTQAc0hQJIGIFQEx3QMAYekNvE2HWsDiKhBFd3MHZNuTDeuBbG7rXrkHCue42xaxkHw008y5jVTkZCmlzLmJ2dCKPdeoGxal4UQIIKLGpmrC7cCoPN7GSMousGI4ENXhdljDpnwlizI4zRkZ8gwf3kCGMUmQ1D3RtlbLpWpiHhpa3sYmyi98JI9/YwNvvzkBTy9jM2PffCQLOjjEnbQwEkicBDbYxJdDaMMzPCmOz+PpLI93czJpGZMMytnYxF52IkmcWdjEXnrTDKxAuMxclxSDrjTjIWFybCIOPOMhbbByEJDdrOWJwdB2PktjAGHfcjSd3fwRi05MIQY5oYgxM/RtL68QnGoGkMjJDVwBhsy0QSy9zGGDRkwQCDj9C+iwuR5BZepH1HBkO7tCra99H1SHrXf0T7qtKgWwXt2xyED8HNtK8Cmq2gbe33wPcn97TTthXQKtRLu47mwfdneUdpV28IGk3pol0vZcD3jYyXaFfXFGiTe5Y2dS+A71sWdNOms7nQZMQp2tQ+A74rzGinTadGQItgDW36bCJ83zHxM9pUE4QOO2nT6Vz4LOSepk07oUEZbTo2Gj5Lo4/RpjK4buqXtGf/UPj6MHQ/7flyKlyW3UJ73syAr08Zb9Kelmy4asBB2lOZCl8/Uitoz8EBcNMm2rMGvqtYQ3s2wUULaUvPMviualkPbVkI19zUSTsi8+CTMC9COzpvgkuGNdKOC0XwSSm6QDsah8EVgbdpx5kC+CQVnKEdbwfghsdoR2MOfNJyGmnHY3DBzd20oTELPgVZjbSh+2bEXWYdbTiTA5+SnDO0oS4T8VZBGy4UwKeo4AJtqECczaYNkSL4lBVFaMNsxNXoVqrrmQefDfN6qK51NOIoUE0blsFnyzLaUB1A/DxKG9bAZ9Ma2vAo4mZChOoq4LOtkuoiExAnmSep7s1U+GxLfZPqTmYiPtZT3f4M+GKQsZ/q1iMuJvVQ2bGh8MVk6DEq65mEOEg/RmWnR8MXo9GnqexYOpxXTmWf5cIXs9zPqKwcjsvroqr2ifA5YGI7VXXlwWGB/VTVPQM+R8zopqr9ATirlMoWwOeQBVRWCkdlt1HVS/A55iWqasuGk3ZR1dEM+ByTcZSqdsFBd1FVex58Dsprp6q74JghzVR1D3yOuoeqmofAKc9Q1Wb4HLaZqp6BQ3IiVPRRED6HBT+iokgOnLGbii5eD5/jrr9IRbvhiBlUtRC+OFhIVTPggLQTVLQNvrjYRkUn0hC7h6noRCZ8cZF5gooeRsyGn6Oajh/DFyc/7qCac8MRq01UdD98cXM/FW1CjG6MUs12+OJoO9VEb0Rsqqnm5CD44mjQSaqpRkyKqaZzHHxxNa6TaooRi1qqWQxfnC2mmlrEYBbV7IYv7nZTzSzYFjhCJW3fhy/uvt9GJUcCsGsu1TwEnwseopq5sCnlBJXsD8DngsB+KjmRAnvuppKuPPhckddFJXfDltQ6KlkJn0tWUkldKuy4j0qOpMHnkrQjVHIfbEhvpIroT+AhA26Ys+Ift/z6nfeOHn3vnV9v+ccVs69Ph4f8JEoVjelQ9yCVrINHDJz233b/vyi/48u6XatvHQCPWEclD0JZ6mmqaB4MD0j9j6t+9wX70VldPjkFHjC4mSpOp0LVfCpZBPON/4dmSvjjs+NgvkVUMh+qaqmiNgDDjfrlUUo7UjYKhgvUUkUtFE2lkskw2394sYtKul4cA7NNppKpULOHKl6D0XK3fUll3Vt+BKO9RhV7oET0UkHHdTDY37zWQ1ui27NhsOs6qKBXQEUlVayGudIfu0jb2n+ZBnOtpopKKBjVRQVNQRhr6gnG5KNbYaxgExV0jYK8NVQRgqmG/BNj9k9DYKoQVayBtMxWKjgcgKFubqAD6ifAUIHDVNCaCVlLqeJOGOrhCB3RtQSGupMqlkJSoJ4KDsFMQ9+gY/7nEJjpEBXUByCniCpmwEjXnaSDjo2GkWZQRRHk7KSCAzDSDX+go06PhZEOUMFOSLk2QgXTYKKfnqXDPrsZJppGBZFrIaOMCqphouIOOu5CEUxUTQVlkHGSCm6BgaZ3MQ46fwYD3UIFJyFhChW8BQNNaGNcnLsRBnqLCqbg6rZTwWSYJ+cM4+SPY2CeyVSwHVc1tJPyDsI83zvFuKkbAfMcpLzOobiaZVQwB8YZ8D4lRf9Yu+vFVate3FX7xyglvZcG48yhgmW4mqOU15AC42yghN7/8/cTs1LwjdSswvL3eynhGRgnpYHyjuIqCqlgKYwzh1cVeee/ZMFC9pL/3c2r6b0DxllKBYXo3ybKa82EaX4Q5lX8a2gw+vRX9xzlVbReB9NktlLeJvQr9QzlrYFp0mvZv4/vCaBfKff9gf37l1SYZg3lnUlFf4oor2sUTPM4+3XulwNxVRmPh9mvX8A0o7oorwj9eZnyKmGa6y6yH13PDIOU4esj7EdbFkxTSXkvox9prZR3A0zzG/bjk5sgbeK/sR+vwjQ3UF5rGvo2k/IOwDTF7Md7I6Egq4b9mA7THKC8mejbFspbCMMMbGDftgyAkoH/xL793zQYZiHlbUGf0s9R2vkgDFPKPkV/AWX/Nco+3QfDBM9T2rl09OUOynsBhkk7zb50zoANMzrZl7oUGOYFyrsDfdlOeeNhmL9jn34OW37OPs2HYcZT3nb0YWAbpb0Pw6T8nn35FWz6FftyNADDvE9pbQNhbRblLYZh5rEvuwKwKbCLfflbGGYx5c2Cta2U1n4NDHOAffhoMGwb/BH7sBeGuaad0rbCUqCZ0iphmB+yD60/QAx+0EprPdkwTCWlNQdgZQLlTYZhnmAfZiEms9iHx2CYyZQ3AVZWUlpTAIapp7X9iNF+WjsOwwSaKG0lrBygtHUwzC3sw08Ro5+yDxNgmHWUdgAWhkYpbRIMs4nWfoOY/YbW/gGGmURp0aH4rnmU1gjTNNDSl3mIWd6XtHQcpmmktHn4rm2U9jQM8ze09hIc8BKtjYJhnqa0bfiOQDOlFcAwi2jpiyw4IOsLWvo5DFNAac0BXKmA0uphmh209L/giF20VAnT1FNaAa5UTmlrYZo/0tLfwRGLaOkUTLOW0spxpfcoLR+G+SEtRYfDESN6aGk0DJNPae/hCoOilFUP09xBS7+DQ/bTUhFMU09Z0UH4ttsobQNMU0ZLD8MhZbS0BKbZQGm34dtWUVoxTPMyLV0Hh/yIlp6HaYopbRW+rYqyvgjCNPto5QM45jitVME0wS8oqwrfkhKmrHdgnGZa2QbHvEYrp2GcdygrnILL5VPacpgmg5Z+Bceso5WeFJhmOaXl43KllDYWphlFSw/DMWW09FcwzVhKK8XldlBWA4yTQ0tz4ZgQLX0fxmmgrB24XCNlbYRxJtDSz+CYW2npehhnI2U14jJZlHY7jHMrLf0QjsmhpUkwzu2UloW/mEtZkSCMcwctBeGYTFoqgnGCEcqai79YT1k1MM88WmmHg9pp5W9hnhrKWo+/qKGsZ2GeEK2E4aAwrZTAPM9SVg2+kdJBWSUwT4hWwnBQmFZKYJ4SyupIwddyKG0EzBOilTAcFKaVEphnBKXl4GtzKKsOBgrRShgOCtNKCQxUR1lz8LUnKWsrDBSilTAcFKaVEhhoK2U9ia+9QVn3w0AhWgnDQWFaKYGB7qesN/C1esrKg4FCtBKGg8K0UgID5VFWPf5sUC8lfQ4ThWglDAeFaaUEJvqcknoH4SuFlLULJgrRShgOCtNKCUy0i7IK8ZXFlLUaJgrRShgOCtNKCUy0mrIW4ysbKGs2TBSilTAcFKaVEphoNmVtwFf2UVYOTBSilTAcFKaVEpgoh7L24StnKeliCkwUopUwHBSmlRKYKOUiJZ3Fn4ykrEMwUohWwnBQmFZKYKRDlDUSlxRS1mYYKUQrYTgoTCslMNJmyirEJSHKWg4jhWglDAeFaaUERlpOWSFcsoKypsNIIVoJw0FhWimBkaZT1gpcUkFZw2GkEK2E4aAwrZTASMMpqwKX7KWkT2GmEK2E4aAwrZTATJ9S0l5ccoqS9sJMIVoJw0FhWimBmfZS0in8u9RuSqqAmUK0EoaDwrRSAjNVUFJ3KoAxlLUCZgrRShgOCtNKCcy0grLGAJhGWSGYKUQrYTgoTCslMFOIsqYBWERZhTBTiFbCcFCYVkpgpkLKWgTgKcoaCTOFaCUMB4VppQRmGklZTwHYQUkdMFSIVsJwUJhWSmCoDkraAWAvJR2HoUK0EoaDwrRSAkMdp6S9AA5T0m9hqBCthOGgMK2UwFC/paTDAJooaSMMFaKVMBwUppUSGGojJTUB6KCkMhgqRCthOChMKyUwVBkldQAZlDUfhgrRShgOCtNKCQw1n7IykE1ZRTBUiFbCcFCYVkpgqCLKykY+ZY2HKTKnPPI/Toa/0UFLYQfRUkf4Gyd3/OJnQZhiPGXlYzplZcMQ/7mZRvq3/wRDZFPWdMylrAwYYcgWGqtyMIyQQVlzUUpJF2GEkadpsNMjYYSLlFSKckr6GEZ4k0Z7E0b4mJLK8RwlfQAT3EPD3QMTfEBJz+EVSqqCAb53joY79z0YoIqSXsHrlPQqDFBK45XCAK9S0uvYQ0nPwwCVNF4lDPA8Je3Bu5S0FgY4TOMdhgHWUtK72EdJT0C/gd00XvdA6PcEJe1DDSU9Dv1y6QG50O9xSqrBh5T0CPQT9AAB/R6hpA9xnJKWQD9BDxDQbwklHUc9JT0A/QQ9QEC/ByipHp9Q0gLoJ+gBAvotoKRP0EJJ86CfoAcI6DePklpwnpJKoJ+gBwjoV0JJ59FBScXQT9ADBPQrpqQORCmpCPoJeoCAfkWUFEWUkoqgn6AHCOhXRElRdFBSMfQT9AAB/YopqQPnKakE+gl6gIB+JZR0Hi2UNA/6CXqAgH7zKKkFn1DSAugn6AEC+i2gpE9QT0kPQD9BDxDQ7wFKqsdxSloC/QQ9QEC/JZR0HB9S0iPQT9ADBPR7hJI+RA0lPQ79BD1AQL/HKakG+yjpCegn6AEC+j1BSfvwLiWthX6CHiCg31pKehd7KOl56CfoAQL6PU9Je/A6Jb0K/QQ9QEC/VynpdbxCSVXQT9ADBPSroqRX8BwlfQD9BD1AQL8PKOk5lFPSx9BP0AME9PuYkspRSkkXoZ+gBwjod5GSSjGXsjKgnaAHCGiXQVlzMZ2ysqGdoAcIaJdNWdORT1njoZ2gBwhoN56y8pFNWUXQTtADBLQroqxsZFDWfGgn6AEC2s2nrAygg5LKoJ2gBwhoV0ZJHQCaKGkjtBP0AAHtNlJSE4DDlPRbaCfoAQLa/ZaSDgPYS0nHoZ2gBwhod5yS9gLYQUkd0E7QAwS066CkHQCeoqyR0E3QAwR0G0lZTwFYRFmF0E3QAwR0K6SsRQCmUVYIugl6gIBuIcqaBmAMZa2AboIeIKDbCsoaAyC1m5IqoJugBwjoVkFJ3an4d6coaS90E/QAAd32UtIpXLKXkj6FboIeIKDbp5S0F5dUUNZwaCboAQKaDaesClyygrKmQzNBDxDQbDplrcAlIcpaDs0EPUBAs+WUFcIlhZS1GZoJeoCAZpspqxCXjKSsQ9BM0AMENDtEWSPxJ2cp6WIK9BL0AAG9Ui5S0ll8ZR9l5UAvQQ8Q0CuHsvbhKxsoazb0EvQAAb1mU9YGfGUxZa2GXoIeIKDXaspajK8UUtYu6CXoAQJ67aKsQnxlUC8lfQ69BD1AQK/PKal3EP6snrLyoJWgBwholUdZ9fjaG5R1P7QS9AABre6nrDfwtScpayu0EvQAAa22UtaT+NocyqqDVoIeIKBVHWXNwddyKG0EdBL0AAGdRlBaDr6W0kFZJdBJ0AMEdCqhrI4UfKOGsp6FToIeIKDTs5RVg79YT1k10EnQAwR0qqGs9fiLuZQVCUIjQQ8Q0CgYoay5+IssSrsdGgl6gIBGt1NaFi7TSFkboZGgBwhotJGyGnG5HZTVAI0EPUBAowbK2oHLlVLaWOgj6AEC+oyltFJcLp/SlkMfQQ8Q0Gc5peXjcilhynoH+gh6gIA+71BWOAXfUkVZXwShjaAHCGgT/IKyqvBtqyitGNoIeoCANsWUtgrfdhulbYA2gh4goM0GSrsN3zYoSln10EbQAwS0qaes6CBc4T1Ky4cugh4goEs+pb2HK5VT2lroIugBArqspbRyXKmA0uqhi6AHCOhST2kFuFKgmdIKoImgBwhoUkBpzQF8xzZKexqaCHqAgCZPU9o2fNc8SmuEJoIeIKBJI6XNw3cNjVLaJOgh6AECekyitOhQWDhAaeugh6AHCOixjtIOwMpKSmsKQAtBDxDQItBEaSthZQLlTYYWgh4goMVkypsAK4FmSquEFoIeIKBFJaU1B2BpK6W1XwMdBD1AQIdr2iltK6zNorzF0EHQAwR0WEx5s2BtYBulvQ8dBD1AQIf3Ka1tIPqwnfLGQwNBDxDQYDzlbUdf7qC8F6CBoAcIaPAC5d2BvqSfo7TzQbhP0AME3Bc8T2nn0tGnLZS3EO4T9AAB9y2kvC3o20zKOwD3CXqAgPsOUN5M9C2tlfJugOsEPUDAdTdQXmsa+vEy5VXCdYIeIOC6Ssp7Gf0poryuUXCboAcIuG1UF+UVoT+pZyhvDdwm6AECbltDeWdS0a9NlNeaCZcJeoCAyzJbKW8T+ldIBUvhMkEPEHDZUiooxFUcpbyGFLhL0AME3JXSQHlHcTXLqGAO3CXoAQLumkMFy3A1Qzsp7yDcJegBAu46SHmdQ3FV26lgMlwl6AECrppMBdtxdVOo4C24StADBFz1FhVMgYSTVHAL3CToAQJuuoUKTkJGGRVUw02CHiDgpmoqKIOMayNUMA0uEvQAARdNo4LItZCykwoOwEWCHiDgogNUsBNyiqhiBtwj6AEC7plBFUWQE6ingkNwj6AHCLjnEBXUByBpKVXcCdcIeoCAa+6kiqWQldlKBYcDcMtYesBYuCVwmApaMyFtDVWE4JYBERovMgBuCVHFGsgb1UUFTUG4pZbGq4Vbgk1U0DUKCiqpYjXc8iKN9yLcspoqKqFC9FJBx3VwyQM03gNwyXUdVNAroGQPVbwGlwz7lIb7dBhc8hpV7IGaqVQyGS65k4a7Ey6ZTCVToaiWKmoDcMl2Gm07XBKopYpaqJpPJYvgkmEnaLATw+CSRVQyH6pST1NF82C4ZOAzPTRUzzMD4ZLBzVRxOhXKHqSSdXDNLb+nkX5/C1yzjkoehLr0RqqI3gzXBMaG1v3z743yz+tCYwNwzU+iVNGYDhvuo5LDafC5JO0IldwHO1LrqOTv4XPJSiqpS4Utd1PJF2Phc0VeF5XcDXtSTlDJvgB8Lgjsp5ITKbBpLtUshs8FD1HNXNgVOEIl4Sz44u77bVRyJADbZlHNb+CLu91UMwsxqKWav4MvzhZTTS1iUUw1HdfDF1fjOqmmGDGppprjQfjiaNBJqqlGbG6MUs0W+OLoFaqJ3ogYbaKie+GLm/uoaBNiNfwc1bTnwRcnN3RQzbnhiNnDVHQ0A764CB6noocRu7QTVPQyfHGxmYpOpMEBM6gqBF8c3ENVM+CI3VR0YSx8jsttp6LdcEZOhIoOD4TPYRlHqCiSA4c8Q1X/HT6HvURVz8ApQ5qp6i74HDWfqpqHwDF3UVXbj+Bz0I/aqOouOGgXVX0wAD7HDPyQqnbBSdltVLUBPsdspKq2bDiqlMrmw+eQ+VRWCmcF9lNV13T4HDG9i6r2B+CwvC6qarsJPgfc1EZVXXlwXDmVtfwIvpj9qIXKyuG89GNU1jAKvhiNaqCyY+mIg0k9VPavQ+CLyZB/pbKeSYiL9VT3u4HwxWDg76huPeIj8yTVvZ4Cn20pr1PdyUzEyYQI1b0In20vUl1kAuLmUdrwJHw2PUkbHkX8BKppwxL4bFlCG6oDiKPRrVTXcxd8NtzVQ3WtoxFXs2lD5Db4lN0WoQ2zEWcVtOFCAXyKCi7QhgrEW2YdbTiTA5+SnDO0oS4TcXdzN204lQWfgqxTtKH7ZrjgMdrRmAOftJxG2vEY3BB4m3acKYBPUsEZ2vF2AK4Y1kg7LhTBJ6XoAu1oHAaX3NRJOyLz4JMwL0I7Om+CaxbSlp5l8F3Vsh7ashAu2kR71sB3FWtozya4acBB2lOZCl8/Uitoz8EBcFV2C+15MwO+PmW8SXtasuGyqV/Snv1D4evD0P2058upcF0ZbTo2Gj5Lo4/RpjJosJM2nc6Fz0Luadq0EzoEa2jTZxPh+46Jn9GmmiC0GHGKNrXPgO8KM9pp06kR0CT3LG3qXgDftyzopk1nc6HNlC7a9VIGfN/IeIl2dU2BRqFe2nUkF74/yz1Cu3pD0GoFbbvwc/j+5OcXaNsKaFZB+17OgA8ZL9O+CuiWVkX7juYh6eUdpX1VadBu8BHa1343ktzd7bTvyGAYIKuBMagMIokFKxmDhiwYYUwTY3AsD0kr7xhj0DQGhshtYQza70WSuredMWjJhTHGnWUsNgeRhIKbGYuz42CQiRcYi48Eko74iLG4MBFGubWTsbi4AElmwUXGovNWGGZmhDH59SgkkVG/ZkwiM2Gc2VHG5NwiJI1F5xiT6GwY6N4exmbvD5AUfrCXsem5F0a6N8rYdJSlIuGllnUwNtF7YajZEcbo/XwkuPz3GaPIbBhrZidj1L02Ewksc203Y9Q5Ewa79QJj9Ye7A0hQgbv/wFhduBVGm3iWMauZhIQ0qYYxOzsRhhvXwpj1bs9Gwsne3suYtYyD8XKbGLuLq4JIKMFVFxm7plx4wJgGOuCTUAAJIxD6hA5oGANPyDpCJxy+EwnizsN0wpEseMTgKjri0AwkgBmH6IiqwfCMtAo648A0eNy0A3RGRRq8ZEUvnVF9Czzslmo6o3cFPCbURYe8NRkeNfktOqQrBM+ZcpZOOTgnBZ6TMucgnXJ2Cjwo9xQd07A0E56SubSBjjmVC08aUUPntK4ZBc8YtaaVzqkZAY8K7qSDuipvgCfcUNlFB+0MwrvKvqSTDiwMwnDBhQfopC/L4GlTW+io8y+Mh8HGv3CejmqZCo/LPkiHvb/4GhjpmsXv02EHs+F5AzbRae2VkwMwTGByZTudtmkAEsHCTjquad0kGGTSuiY6rnMhEsRNjYyDxqcLYISCpxsZB403IWEMe5txUb82H5rlr61nXLw9DAkk8Fg346N+Q3EQmgSLN9QzProfCyCx3FzHePnineVj4bqxy9/5gvFSdzMSTmYF46hh4+1BuCZ4+8YGxlFFJhLR7FbGU6Tm2ZIRiLsRJc/WRBhPrbORoEZXM97qtt6fh7jJu39rHeOtejQSVuDRCOPv811PlPwwAEcFfljyxK7PGX+RRwNIZBNO0h0X/uXFh342BA4Y8rOHXvyXC3THyQlIcJnre+ia3sY9G8rmFPw1bPnrgjllG/Y09tI1PeszkfgmHaPbLhzbvaFsftH47AxcVUb2+KL5ZRt2H7tAtx2bhKSQXt5FXS5+/EHVq8+vfeLxR5Y8sGBeSXFRUXHJvAUPLHnk8SfWPv9q1QcfX6QuXeXpSBZ5++m7wv48JJFAaRt9l2krDSC5ZO+i7xu7spF87mqm70+a70JSGvJMhD5GnhmCZJWzm0lvdw6S2YwTTGonZiDJpT18jknr3MNp8A3fFGVSim4aDt8lN1YzCVXfCN/XimuZZGqL4bvcrCNMIkdmwXeFwNwTTBIn5gbg+66Uu+uYBOruToHPWup9jUxwjfelwte39AdPM4GdfjAdvv6lzq9lgqqdnwqfhKl7eplwevdMhU+WqOxiQumqFPCpGLWmlQmjdc0o+FRlLq1nQqhfmgmfHYGinRF6XGRnUQA+264tO0kPO1l2LXwxmrK9k57UuX0KfE4YuuwoPefosqHwOaZw0xl6yJlNhfA5K7Xo5VZ6QuvLRanwxUHazC3naLhzW2amwRc36Xdsb6Ox2rbfkQ5fnA2ctbWZBmreOmsgfK4ITFh5IEqDRA+snBCAz01D521rphGat80bCp8GgYLy96LUKvpeeUEAPn0G3baqKkwtwlWrbhsEn34p+aU7Gumqxh2l+SnwGSRr7vqaDrqgo2b93Cz4TJSSM+fJN+p7GSe99W88OScnBT6zDSpcvGHfWTrq7L4NiwsHwecdIwtDKyr2nupmTLpP7a1YESocCZ9HpY6ZtuipHXsPN3VQQUfT4b07nlo0bUwqfIkiIzt/+tzS8udeeX3Pu/tqPjxe/0nL+Y5otON8yyf1xz+s2ffuntdfea68dO70/OwMJI3/DwYnnV0gVKhrAAAAAElFTkSuQmCC + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - redhatcop.redhat.io + resources: + - resourcelockers + - resourcelockers/status + verbs: + - '*' + - apiGroups: + - "" + resources: + - serviceaccounts + - secrets + verbs: + - get + - list + - watch + serviceAccountName: resource-locker-operator + deployments: + - name: resource-locker-operator + spec: + replicas: 1 + selector: + matchLabels: + name: resource-locker-operator + strategy: {} + template: + metadata: + labels: + name: resource-locker-operator + spec: + containers: + - command: + - resource-locker-operator + env: + - name: WATCH_NAMESPACE + value: "" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPERATOR_NAME + value: resource-locker-operator + image: quay.io/redhat-cop/resource-locker-operator:v0.1.2 + imagePullPolicy: Always + name: resource-locker-operator + resources: {} + serviceAccountName: resource-locker-operator + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + verbs: + - '*' + - apiGroups: + - "" + resources: + - services + - services/finalizers + verbs: + - '*' + - apiGroups: + - apps + resources: + - replicasets + - deployments + verbs: + - get + - list + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - apps + resourceNames: + - resource-locker-operator + resources: + - deployments/finalizers + verbs: + - update + serviceAccountName: resource-locker-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - resource_management + - enforcing + - patches + links: + - name: repository + url: https://github.com/redhat-cop/resource-locker-operator + - name: conatinerImage + url: https://quay.io/redhat-cop/resource-locker-operator:latest + maintainers: + - email: rspazzol@redhat.com + name: Raffaele Spazzoli + maturity: alpha + provider: + name: Containers & PaaS CoP + version: 0.1.2 + replaces: resource-locker-operator.v0.1.1 diff --git a/community-operators/resource-locker-operator/0.1.3/redhatcop.redhat.io_resourcelockers_crd.yaml b/community-operators/resource-locker-operator/0.1.3/redhatcop.redhat.io_resourcelockers_crd.yaml new file mode 100644 index 0000000000..b4571ffaa6 --- /dev/null +++ b/community-operators/resource-locker-operator/0.1.3/redhatcop.redhat.io_resourcelockers_crd.yaml @@ -0,0 +1,340 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: resourcelockers.redhatcop.redhat.io +spec: + group: redhatcop.redhat.io + names: + kind: ResourceLocker + listKind: ResourceLockerList + plural: resourcelockers + singular: resourcelocker + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: ResourceLocker is the Schema for the resourcelockers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ResourceLockerSpec defines the desired state of ResourceLocker + properties: + patches: + description: Patches is a list of patches that should be enforced at + runtime. + items: + description: Patch describe a patch to be enforced at runtime + properties: + id: + description: ID represent a unique identifier for the patch in + the array of patches oc this CR + type: string + patchTemplate: + description: PatchTemplate is a go template that will be resolved + using the SourceObjectRefs as parameters. The result must be + a valid patch based on the patch type and the target object. + type: string + patchType: + description: PatchType is the type of patch to be applied, one + of "application/json-patch+json"'"application/merge-patch+json","application/strategic-merge-patch+json","application/apply-patch+yaml" + kubebuilder:default:="application/strategic-merge-patch+json" + enum: + - application/json-patch+json + - application/merge-patch+json + - application/strategic-merge-patch+json + - application/apply-patch+yaml + type: string + sourceObjectRefs: + description: SourceObject refs is an array of references to source + objects that will be used as input for the template processing + items: + description: 'ObjectReference contains enough information to + let you inspect or modify the referred object. --- New uses + of this type are discouraged because of difficulty describing + its usage when embedded in APIs. 1. Ignored fields. It includes + many fields which are not generally honored. For instance, + ResourceVersion and FieldPath are both very rarely valid in + actual usage. 2. Invalid usage help. It is impossible to + add specific help for individual usage. In most embedded + usages, there are particular restrictions like, "must + refer only to types A and B" or "UID not honored" or "name + must be restricted". Those cannot be well described when + embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, + which makes it hard for users to predict what will happen. 4. + The fields are both imprecise and overly precise. Kind is + not a precise mapping to a URL. This can produce ambiguity during + interpretation and require a REST mapping. In most cases, + the dependency is on the group,resource tuple and the + version of the actual struct is irrelevant. 5. We cannot + easily change it. Because this type is embedded in many locations, + updates to this type will affect numerous schemas. Don''t + make new APIs embed an underspecified API type they do not + control. Instead of using this type, create a locally provided + and used type that is well-focused on your reference. For + example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + .' + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this pod). + This syntax is chosen only to have some well-defined way + of referencing a part of an object. TODO: this design + is not final and this field is subject to change in the + future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + x-kubernetes-list-type: atomic + targetObjectRef: + description: TargetObjectRef is a reference to the object to which + the patch should be applied. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + required: + - id + - patchTemplate + - targetObjectRef + type: object + type: array + x-kubernetes-list-map-keys: + - id + x-kubernetes-list-type: map + resources: + description: Resources is a list of resource manifests that should be + locked into the specified configuration + items: + description: Resource represent a resource to be enforced + properties: + excludedPaths: + items: + type: string + type: array + x-kubernetes-list-type: set + object: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - object + type: object + type: array + x-kubernetes-list-type: atomic + serviceAccountRef: + description: 'ServiceAccountRef is the service account to be used to + run the controllers associated with this configuration kubebuilder:default:="{Name: + "default"}"' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: object + status: + description: ResourceLockerStatus defines the observed state of ResourceLocker + properties: + conditions: + description: ReconcileStatus this is the general status of the main + reconciler + items: + description: "Condition represents an observation of an object's state. + Conditions are an extension mechanism intended to be used when the + details of an observation are not a priori known or would not apply + to all instances of a given Kind. \n Conditions should be added + to explicitly convey properties that users and components care about + rather than requiring those properties to be inferred from other + observations. Once defined, the meaning of a Condition can not be + changed arbitrarily - it becomes part of the API, and has the same + backwards- and forwards-compatibility concerns of any other part + of the API." + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ConditionReason is intended to be a one-word, CamelCase + representation of the category of cause of the current status. + It is intended to be used in concise output, such as one-line + kubectl get output, and in summarizing occurrences of causes. + type: string + status: + type: string + type: + description: "ConditionType is the type of the condition and is + typically a CamelCased word or short phrase. \n Condition types + should indicate state in the \"abnormal-true\" polarity. For + example, if the condition indicates when a policy is invalid, + the \"is valid\" case is probably the norm, so the condition + should be called \"Invalid\"." + type: string + required: + - status + - type + type: object + type: array + lockedPatchStatuses: + additionalProperties: + description: Conditions is a set of Condition instances. + items: + description: "Condition represents an observation of an object's + state. Conditions are an extension mechanism intended to be used + when the details of an observation are not a priori known or would + not apply to all instances of a given Kind. \n Conditions should + be added to explicitly convey properties that users and components + care about rather than requiring those properties to be inferred + from other observations. Once defined, the meaning of a Condition + can not be changed arbitrarily - it becomes part of the API, and + has the same backwards- and forwards-compatibility concerns of + any other part of the API." + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ConditionReason is intended to be a one-word, CamelCase + representation of the category of cause of the current status. + It is intended to be used in concise output, such as one-line + kubectl get output, and in summarizing occurrences of causes. + type: string + status: + type: string + type: + description: "ConditionType is the type of the condition and + is typically a CamelCased word or short phrase. \n Condition + types should indicate state in the \"abnormal-true\" polarity. + For example, if the condition indicates when a policy is invalid, + the \"is valid\" case is probably the norm, so the condition + should be called \"Invalid\"." + type: string + required: + - status + - type + type: object + type: array + description: LockedResourceStatuses contains the reconcile status for + each of the managed resources + type: object + lockedResourceStatuses: + additionalProperties: + description: Conditions is a set of Condition instances. + items: + description: "Condition represents an observation of an object's + state. Conditions are an extension mechanism intended to be used + when the details of an observation are not a priori known or would + not apply to all instances of a given Kind. \n Conditions should + be added to explicitly convey properties that users and components + care about rather than requiring those properties to be inferred + from other observations. Once defined, the meaning of a Condition + can not be changed arbitrarily - it becomes part of the API, and + has the same backwards- and forwards-compatibility concerns of + any other part of the API." + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ConditionReason is intended to be a one-word, CamelCase + representation of the category of cause of the current status. + It is intended to be used in concise output, such as one-line + kubectl get output, and in summarizing occurrences of causes. + type: string + status: + type: string + type: + description: "ConditionType is the type of the condition and + is typically a CamelCased word or short phrase. \n Condition + types should indicate state in the \"abnormal-true\" polarity. + For example, if the condition indicates when a policy is invalid, + the \"is valid\" case is probably the norm, so the condition + should be called \"Invalid\"." + type: string + required: + - status + - type + type: object + type: array + description: LockedResourceStatuses contains the reconcile status for + each of the managed resources + type: object + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/community-operators/resource-locker-operator/0.1.3/resource-locker-operator.v0.1.3.clusterserviceversion.yaml b/community-operators/resource-locker-operator/0.1.3/resource-locker-operator.v0.1.3.clusterserviceversion.yaml new file mode 100644 index 0000000000..15cdf5ac35 --- /dev/null +++ b/community-operators/resource-locker-operator/0.1.3/resource-locker-operator.v0.1.3.clusterserviceversion.yaml @@ -0,0 +1,183 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "redhatcop.redhat.io/v1alpha1", + "kind": "ResourceLocker", + "metadata": { + "name": "example-resourcelocker" + }, + "spec": { + "size": 3 + } + } + ] + capabilities: Deep Insights + categories: Security + certified: "false" + containerImage: quay.io/redhat-cop/resource-locker-operator:latest + createdAt: 11/14/2019 + description: This operator provides a facility to lock resources and / or patches + into the state described by its custom resource preventing any drifts. + repository: https://github.com/redhat-cop/resource-locker-operator + support: Best Effort + name: resource-locker-operator.v0.1.3 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: ResourceLocker is the Schema for the resourcelockers API + kind: ResourceLocker + name: resourcelockers.redhatcop.redhat.io + version: v1alpha1 + description: "The resource locker operator allows you to specify a set of configurations + that the operator will \"keep in place\" (lock) preventing any drifts. \nTwo types + of configurations may be specified:\n\n* Resources. This will instruct the operator + to create and enforce the specified resource. In this case the operator \"owns\" + the created resources.\n* Patches to resources. This will instruct the operator + to patch- and enforce the change on- a pre-existing resource. In this case the + operator does not \"own\" the resource.\n\nLocked resources are defined with the + `ResourceLocker` CRD. Here is the high-level structure of this CRD:\n\n```yaml\napiVersion: + redhatcop.redhat.io/v1alpha1\nkind: ResourceLocker\nmetadata:\n name: test-simple-resource\nspec:\n + \ resources:\n - object:\n apiVersion: v1\n ...\n patches:\n - targetObjectRef:\n + \ ...\n patchTemplate: |\n metadata:\n annotations:\n hello: + bye\n ...\n serviceAccountRef:\n name: default\n```\n\nIt contains:\n\n* + `resources`: representing an array of resources\n* `patches`: representing an + array of patches\n* `serviceAccountRef`: a reference to a service account define + din the same namespace as the ResourceLocker CR, that will be used to create the + resources and apply the patches. If not specified the service account will be + defaulted to: `default`\n\nFor each ResourceLocker a manager is dynamically allocated. + For each resource and patch a controller with the needed watches is created and + associated with the previously created manager. \n" + displayName: Resource Locker Operator + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAMAAADDpiTIAAAAA3NCSVQICAjb4U/gAAAACXBIWXMAAH85AAB/OQGCGULUAAAAGXRFWHRTb2Z0d2FyZQB3d3cuaW5rc2NhcGUub3Jnm+48GgAAAtlQTFRF////AQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACsX3ZHQAAAPJ0Uk5TAAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNGR0hJSktMTU5PUFFSVFVWV1hZWltcXV5fYGFiY2VmZ2hpamtsbW5vcHFyc3V2d3h5ent9fn+AgYKDhIaIiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaaoqaqsra6vsLGys7S1tre4ubq7vL6/wMLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u/w8fLz9PX29/j5+vv8/f4+bBGbAAAiuUlEQVQYGe3BjWNV5YEm8OfmA3KDMDAINKQO2zYkr1aCxEIqXQQMbHQdAgi3KowobgSkbqoOBHGFqoyMIKsmfIywytbqAlXjkg7gkMXo8CEszSYETacmaIAbQmJuvMnzF+xQq0U8Ce977rnnfc+95/cDkkZGdv70uaXlz73y+p5399V8eLz+k5bzHdFox/mWT+qPf1iz7909r7/yXHnp3On52RnwJYrUMdMWPbVj7+GmDiroaDq8d8dTi6aNSYXPo0YWhlZU7D3VzZh0n9pbsSJUOBI+7xhUuHjDvrN01Nl9GxYXDoLPbCk5c558o76XcdJb/8aTc3JS4DNR1tz1NR10QUfN+rlZ8BkkJb90RyNd1bijND8FPv0G3baqKkwtwlWrbhsEnz6BgvL3otQq+l55QQA+DYbO29ZMIzRvmzcUPjcFJqw8EKVBogdWTgjA54qBs7Y200DNW2cNhC/O0u/Y3kZjtW2/Ix2+uEmbueUcDXduy8w0+OIgtejlVnpC68tFqfA5q3DTGXrImU2F8Dlm6LKj9Jyjy4bC54Qp2zvpSZ3bp8AXo2vLTtLDTpZdC59tgaKdEXpcZGdRAD47MpfWMyHUL82ET9WoNa1MGK1rRsGnQlR2MaF0VQr4ZE3d08uE07tnKnwSUufXMkHVzk+Fr3/pD55mAjv9YDp8fUu9r5EJrvG+VPispdxdxyRQd3cKfN8VmHuCSeLE3AB8V5h1hEnkyCz4LldcyyRTWwzf126sZhKqvhG+S4ZvijIpRTcNhy/t4XNMWuceTkOSm3GCSe3EDCSznN1MertzkKyGPBOhj5FnhiAp3dVM358034Xkk72Lvm/sykZyCZS20XeZttIAkkjefvqusD8PySK9vIu6XPz4g6pXn1/7xOOPLHlgwbyS4qKi4pJ5Cx5Y8sjjT6x9/tWqDz6+SF26ytORFCYdo9s6jv92Y9n8ovHZGbiqjOzxRfPLNv72eAfddmwSEl/m+h6659O9FStChSNhy8jC0IqKvZ/SPT3rM5HgJpykOy4e2rx8+nA4YPj05ZsPXaQ7Tk5AIgs8GmH8fb5r9eycFDgqJWf26l2fM/4ijwaQsEZXM97qtt6fh7jJu39rHeOtejQS1OxWxlOk5tmSEYi7ESXP1kQYT62zkYgyKxhHDRtvD8I1wds3NjCOKjKRcG6uY7x88c7ysXDd2OXvfMF4qbsZiSXwWDfjo35DcRCaBIs31DM+uh8LIIEMe5txUb82H5rlr61nXLw9DAnjpkbGQePTBTBCwdONjIPGm5AgFnbScU3rJsEgk9Y10XGdC5EIBmyi09orJwdgmMDkynY6bdMAeF72QTrs/cXXwEjXLH6fDjuYDY+b2kJHnX9hPAw2/oXzdFTLVHha2Zd00oGFQRguuPAAnfRlGbwruJMO6qq8AZ5wQ2UXHbQzCI8aUUPntK4ZBc8YtaaVzqkZAU/KPUXHNCzNhKdkLm2gY07lwoOmnKVTDs5JgeekzDlIp5ydAs8JddEhb02GR01+iw7pCsFjVvTSGdW3wMNuqaYzelfAS9Iq6IwD0+Bx0w7QGRVp8IzBVXTEoRlIADMO0RFVg+ERWUfohMN3IkHceZhOOJIFTxjTQAc0hQJIGIFQEx3QMAYekNvE2HWsDiKhBFd3MHZNuTDeuBbG7rXrkHCue42xaxkHw008y5jVTkZCmlzLmJ2dCKPdeoGxal4UQIIKLGpmrC7cCoPN7GSMousGI4ENXhdljDpnwlizI4zRkZ8gwf3kCGMUmQ1D3RtlbLpWpiHhpa3sYmyi98JI9/YwNvvzkBTy9jM2PffCQLOjjEnbQwEkicBDbYxJdDaMMzPCmOz+PpLI93czJpGZMMytnYxF52IkmcWdjEXnrTDKxAuMxclxSDrjTjIWFybCIOPOMhbbByEJDdrOWJwdB2PktjAGHfcjSd3fwRi05MIQY5oYgxM/RtL68QnGoGkMjJDVwBhsy0QSy9zGGDRkwQCDj9C+iwuR5BZepH1HBkO7tCra99H1SHrXf0T7qtKgWwXt2xyED8HNtK8Cmq2gbe33wPcn97TTthXQKtRLu47mwfdneUdpV28IGk3pol0vZcD3jYyXaFfXFGiTe5Y2dS+A71sWdNOms7nQZMQp2tQ+A74rzGinTadGQItgDW36bCJ83zHxM9pUE4QOO2nT6Vz4LOSepk07oUEZbTo2Gj5Lo4/RpjK4buqXtGf/UPj6MHQ/7flyKlyW3UJ73syAr08Zb9Kelmy4asBB2lOZCl8/Uitoz8EBcNMm2rMGvqtYQ3s2wUULaUvPMviualkPbVkI19zUSTsi8+CTMC9COzpvgkuGNdKOC0XwSSm6QDsah8EVgbdpx5kC+CQVnKEdbwfghsdoR2MOfNJyGmnHY3DBzd20oTELPgVZjbSh+2bEXWYdbTiTA5+SnDO0oS4T8VZBGy4UwKeo4AJtqECczaYNkSL4lBVFaMNsxNXoVqrrmQefDfN6qK51NOIoUE0blsFnyzLaUB1A/DxKG9bAZ9Ma2vAo4mZChOoq4LOtkuoiExAnmSep7s1U+GxLfZPqTmYiPtZT3f4M+GKQsZ/q1iMuJvVQ2bGh8MVk6DEq65mEOEg/RmWnR8MXo9GnqexYOpxXTmWf5cIXs9zPqKwcjsvroqr2ifA5YGI7VXXlwWGB/VTVPQM+R8zopqr9ATirlMoWwOeQBVRWCkdlt1HVS/A55iWqasuGk3ZR1dEM+ByTcZSqdsFBd1FVex58Dsprp6q74JghzVR1D3yOuoeqmofAKc9Q1Wb4HLaZqp6BQ3IiVPRRED6HBT+iokgOnLGbii5eD5/jrr9IRbvhiBlUtRC+OFhIVTPggLQTVLQNvrjYRkUn0hC7h6noRCZ8cZF5gooeRsyGn6Oajh/DFyc/7qCac8MRq01UdD98cXM/FW1CjG6MUs12+OJoO9VEb0Rsqqnm5CD44mjQSaqpRkyKqaZzHHxxNa6TaooRi1qqWQxfnC2mmlrEYBbV7IYv7nZTzSzYFjhCJW3fhy/uvt9GJUcCsGsu1TwEnwseopq5sCnlBJXsD8DngsB+KjmRAnvuppKuPPhckddFJXfDltQ6KlkJn0tWUkldKuy4j0qOpMHnkrQjVHIfbEhvpIroT+AhA26Ys+Ift/z6nfeOHn3vnV9v+ccVs69Ph4f8JEoVjelQ9yCVrINHDJz233b/vyi/48u6XatvHQCPWEclD0JZ6mmqaB4MD0j9j6t+9wX70VldPjkFHjC4mSpOp0LVfCpZBPON/4dmSvjjs+NgvkVUMh+qaqmiNgDDjfrlUUo7UjYKhgvUUkUtFE2lkskw2394sYtKul4cA7NNppKpULOHKl6D0XK3fUll3Vt+BKO9RhV7oET0UkHHdTDY37zWQ1ui27NhsOs6qKBXQEUlVayGudIfu0jb2n+ZBnOtpopKKBjVRQVNQRhr6gnG5KNbYaxgExV0jYK8NVQRgqmG/BNj9k9DYKoQVayBtMxWKjgcgKFubqAD6ifAUIHDVNCaCVlLqeJOGOrhCB3RtQSGupMqlkJSoJ4KDsFMQ9+gY/7nEJjpEBXUByCniCpmwEjXnaSDjo2GkWZQRRHk7KSCAzDSDX+go06PhZEOUMFOSLk2QgXTYKKfnqXDPrsZJppGBZFrIaOMCqphouIOOu5CEUxUTQVlkHGSCm6BgaZ3MQ46fwYD3UIFJyFhChW8BQNNaGNcnLsRBnqLCqbg6rZTwWSYJ+cM4+SPY2CeyVSwHVc1tJPyDsI83zvFuKkbAfMcpLzOobiaZVQwB8YZ8D4lRf9Yu+vFVate3FX7xyglvZcG48yhgmW4mqOU15AC42yghN7/8/cTs1LwjdSswvL3eynhGRgnpYHyjuIqCqlgKYwzh1cVeee/ZMFC9pL/3c2r6b0DxllKBYXo3ybKa82EaX4Q5lX8a2gw+vRX9xzlVbReB9NktlLeJvQr9QzlrYFp0mvZv4/vCaBfKff9gf37l1SYZg3lnUlFf4oor2sUTPM4+3XulwNxVRmPh9mvX8A0o7oorwj9eZnyKmGa6y6yH13PDIOU4esj7EdbFkxTSXkvox9prZR3A0zzG/bjk5sgbeK/sR+vwjQ3UF5rGvo2k/IOwDTF7Md7I6Egq4b9mA7THKC8mejbFspbCMMMbGDftgyAkoH/xL793zQYZiHlbUGf0s9R2vkgDFPKPkV/AWX/Nco+3QfDBM9T2rl09OUOynsBhkk7zb50zoANMzrZl7oUGOYFyrsDfdlOeeNhmL9jn34OW37OPs2HYcZT3nb0YWAbpb0Pw6T8nn35FWz6FftyNADDvE9pbQNhbRblLYZh5rEvuwKwKbCLfflbGGYx5c2Cta2U1n4NDHOAffhoMGwb/BH7sBeGuaad0rbCUqCZ0iphmB+yD60/QAx+0EprPdkwTCWlNQdgZQLlTYZhnmAfZiEms9iHx2CYyZQ3AVZWUlpTAIapp7X9iNF+WjsOwwSaKG0lrBygtHUwzC3sw08Ro5+yDxNgmHWUdgAWhkYpbRIMs4nWfoOY/YbW/gGGmURp0aH4rnmU1gjTNNDSl3mIWd6XtHQcpmmktHn4rm2U9jQM8ze09hIc8BKtjYJhnqa0bfiOQDOlFcAwi2jpiyw4IOsLWvo5DFNAac0BXKmA0uphmh209L/giF20VAnT1FNaAa5UTmlrYZo/0tLfwRGLaOkUTLOW0spxpfcoLR+G+SEtRYfDESN6aGk0DJNPae/hCoOilFUP09xBS7+DQ/bTUhFMU09Z0UH4ttsobQNMU0ZLD8MhZbS0BKbZQGm34dtWUVoxTPMyLV0Hh/yIlp6HaYopbRW+rYqyvgjCNPto5QM45jitVME0wS8oqwrfkhKmrHdgnGZa2QbHvEYrp2GcdygrnILL5VPacpgmg5Z+Bceso5WeFJhmOaXl43KllDYWphlFSw/DMWW09FcwzVhKK8XldlBWA4yTQ0tz4ZgQLX0fxmmgrB24XCNlbYRxJtDSz+CYW2npehhnI2U14jJZlHY7jHMrLf0QjsmhpUkwzu2UloW/mEtZkSCMcwctBeGYTFoqgnGCEcqai79YT1k1MM88WmmHg9pp5W9hnhrKWo+/qKGsZ2GeEK2E4aAwrZTAPM9SVg2+kdJBWSUwT4hWwnBQmFZKYJ4SyupIwddyKG0EzBOilTAcFKaVEphnBKXl4GtzKKsOBgrRShgOCtNKCQxUR1lz8LUnKWsrDBSilTAcFKaVEhhoK2U9ia+9QVn3w0AhWgnDQWFaKYGB7qesN/C1esrKg4FCtBKGg8K0UgID5VFWPf5sUC8lfQ4ThWglDAeFaaUEJvqcknoH4SuFlLULJgrRShgOCtNKCUy0i7IK8ZXFlLUaJgrRShgOCtNKCUy0mrIW4ysbKGs2TBSilTAcFKaVEphoNmVtwFf2UVYOTBSilTAcFKaVEpgoh7L24StnKeliCkwUopUwHBSmlRKYKOUiJZ3Fn4ykrEMwUohWwnBQmFZKYKRDlDUSlxRS1mYYKUQrYTgoTCslMNJmyirEJSHKWg4jhWglDAeFaaUERlpOWSFcsoKypsNIIVoJw0FhWimBkaZT1gpcUkFZw2GkEK2E4aAwrZTASMMpqwKX7KWkT2GmEK2E4aAwrZTATJ9S0l5ccoqS9sJMIVoJw0FhWimBmfZS0in8u9RuSqqAmUK0EoaDwrRSAjNVUFJ3KoAxlLUCZgrRShgOCtNKCcy0grLGAJhGWSGYKUQrYTgoTCslMFOIsqYBWERZhTBTiFbCcFCYVkpgpkLKWgTgKcoaCTOFaCUMB4VppQRmGklZTwHYQUkdMFSIVsJwUJhWSmCoDkraAWAvJR2HoUK0EoaDwrRSAkMdp6S9AA5T0m9hqBCthOGgMK2UwFC/paTDAJooaSMMFaKVMBwUppUSGGojJTUB6KCkMhgqRCthOChMKyUwVBkldQAZlDUfhgrRShgOCtNKCQw1n7IykE1ZRTBUiFbCcFCYVkpgqCLKykY+ZY2HKTKnPPI/Toa/0UFLYQfRUkf4Gyd3/OJnQZhiPGXlYzplZcMQ/7mZRvq3/wRDZFPWdMylrAwYYcgWGqtyMIyQQVlzUUpJF2GEkadpsNMjYYSLlFSKckr6GEZ4k0Z7E0b4mJLK8RwlfQAT3EPD3QMTfEBJz+EVSqqCAb53joY79z0YoIqSXsHrlPQqDFBK45XCAK9S0uvYQ0nPwwCVNF4lDPA8Je3Bu5S0FgY4TOMdhgHWUtK72EdJT0C/gd00XvdA6PcEJe1DDSU9Dv1y6QG50O9xSqrBh5T0CPQT9AAB/R6hpA9xnJKWQD9BDxDQbwklHUc9JT0A/QQ9QEC/ByipHp9Q0gLoJ+gBAvotoKRP0EJJ86CfoAcI6DePklpwnpJKoJ+gBwjoV0JJ59FBScXQT9ADBPQrpqQORCmpCPoJeoCAfkWUFEWUkoqgn6AHCOhXRElRdFBSMfQT9AAB/YopqQPnKakE+gl6gIB+JZR0Hi2UNA/6CXqAgH7zKKkFn1DSAugn6AEC+i2gpE9QT0kPQD9BDxDQ7wFKqsdxSloC/QQ9QEC/JZR0HB9S0iPQT9ADBPR7hJI+RA0lPQ79BD1AQL/HKakG+yjpCegn6AEC+j1BSfvwLiWthX6CHiCg31pKehd7KOl56CfoAQL6PU9Je/A6Jb0K/QQ9QEC/VynpdbxCSVXQT9ADBPSroqRX8BwlfQD9BD1AQL8PKOk5lFPSx9BP0AME9PuYkspRSkkXoZ+gBwjod5GSSjGXsjKgnaAHCGiXQVlzMZ2ysqGdoAcIaJdNWdORT1njoZ2gBwhoN56y8pFNWUXQTtADBLQroqxsZFDWfGgn6AEC2s2nrAygg5LKoJ2gBwhoV0ZJHQCaKGkjtBP0AAHtNlJSE4DDlPRbaCfoAQLa/ZaSDgPYS0nHoZ2gBwhod5yS9gLYQUkd0E7QAwS066CkHQCeoqyR0E3QAwR0G0lZTwFYRFmF0E3QAwR0K6SsRQCmUVYIugl6gIBuIcqaBmAMZa2AboIeIKDbCsoaAyC1m5IqoJugBwjoVkFJ3an4d6coaS90E/QAAd32UtIpXLKXkj6FboIeIKDbp5S0F5dUUNZwaCboAQKaDaesClyygrKmQzNBDxDQbDplrcAlIcpaDs0EPUBAs+WUFcIlhZS1GZoJeoCAZpspqxCXjKSsQ9BM0AMENDtEWSPxJ2cp6WIK9BL0AAG9Ui5S0ll8ZR9l5UAvQQ8Q0CuHsvbhKxsoazb0EvQAAb1mU9YGfGUxZa2GXoIeIKDXaspajK8UUtYu6CXoAQJ67aKsQnxlUC8lfQ69BD1AQK/PKal3EP6snrLyoJWgBwholUdZ9fjaG5R1P7QS9AABre6nrDfwtScpayu0EvQAAa22UtaT+NocyqqDVoIeIKBVHWXNwddyKG0EdBL0AAGdRlBaDr6W0kFZJdBJ0AMEdCqhrI4UfKOGsp6FToIeIKDTs5RVg79YT1k10EnQAwR0qqGs9fiLuZQVCUIjQQ8Q0CgYoay5+IssSrsdGgl6gIBGt1NaFi7TSFkboZGgBwhotJGyGnG5HZTVAI0EPUBAowbK2oHLlVLaWOgj6AEC+oyltFJcLp/SlkMfQQ8Q0Gc5peXjcilhynoH+gh6gIA+71BWOAXfUkVZXwShjaAHCGgT/IKyqvBtqyitGNoIeoCANsWUtgrfdhulbYA2gh4goM0GSrsN3zYoSln10EbQAwS0qaes6CBc4T1Ky4cugh4goEs+pb2HK5VT2lroIugBArqspbRyXKmA0uqhi6AHCOhST2kFuFKgmdIKoImgBwhoUkBpzQF8xzZKexqaCHqAgCZPU9o2fNc8SmuEJoIeIKBJI6XNw3cNjVLaJOgh6AECekyitOhQWDhAaeugh6AHCOixjtIOwMpKSmsKQAtBDxDQItBEaSthZQLlTYYWgh4goMVkypsAK4FmSquEFoIeIKBFJaU1B2BpK6W1XwMdBD1AQIdr2iltK6zNorzF0EHQAwR0WEx5s2BtYBulvQ8dBD1AQIf3Ka1tIPqwnfLGQwNBDxDQYDzlbUdf7qC8F6CBoAcIaPAC5d2BvqSfo7TzQbhP0AME3Bc8T2nn0tGnLZS3EO4T9AAB9y2kvC3o20zKOwD3CXqAgPsOUN5M9C2tlfJugOsEPUDAdTdQXmsa+vEy5VXCdYIeIOC6Ssp7Gf0poryuUXCboAcIuG1UF+UVoT+pZyhvDdwm6AECbltDeWdS0a9NlNeaCZcJeoCAyzJbKW8T+ldIBUvhMkEPEHDZUiooxFUcpbyGFLhL0AME3JXSQHlHcTXLqGAO3CXoAQLumkMFy3A1Qzsp7yDcJegBAu46SHmdQ3FV26lgMlwl6AECrppMBdtxdVOo4C24StADBFz1FhVMgYSTVHAL3CToAQJuuoUKTkJGGRVUw02CHiDgpmoqKIOMayNUMA0uEvQAARdNo4LItZCykwoOwEWCHiDgogNUsBNyiqhiBtwj6AEC7plBFUWQE6ingkNwj6AHCLjnEBXUByBpKVXcCdcIeoCAa+6kiqWQldlKBYcDcMtYesBYuCVwmApaMyFtDVWE4JYBERovMgBuCVHFGsgb1UUFTUG4pZbGq4Vbgk1U0DUKCiqpYjXc8iKN9yLcspoqKqFC9FJBx3VwyQM03gNwyXUdVNAroGQPVbwGlwz7lIb7dBhc8hpV7IGaqVQyGS65k4a7Ey6ZTCVToaiWKmoDcMl2Gm07XBKopYpaqJpPJYvgkmEnaLATw+CSRVQyH6pST1NF82C4ZOAzPTRUzzMD4ZLBzVRxOhXKHqSSdXDNLb+nkX5/C1yzjkoehLr0RqqI3gzXBMaG1v3z743yz+tCYwNwzU+iVNGYDhvuo5LDafC5JO0IldwHO1LrqOTv4XPJSiqpS4Utd1PJF2Phc0VeF5XcDXtSTlDJvgB8Lgjsp5ITKbBpLtUshs8FD1HNXNgVOEIl4Sz44u77bVRyJADbZlHNb+CLu91UMwsxqKWav4MvzhZTTS1iUUw1HdfDF1fjOqmmGDGppprjQfjiaNBJqqlGbG6MUs0W+OLoFaqJ3ogYbaKie+GLm/uoaBNiNfwc1bTnwRcnN3RQzbnhiNnDVHQ0A764CB6noocRu7QTVPQyfHGxmYpOpMEBM6gqBF8c3ENVM+CI3VR0YSx8jsttp6LdcEZOhIoOD4TPYRlHqCiSA4c8Q1X/HT6HvURVz8ApQ5qp6i74HDWfqpqHwDF3UVXbj+Bz0I/aqOouOGgXVX0wAD7HDPyQqnbBSdltVLUBPsdspKq2bDiqlMrmw+eQ+VRWCmcF9lNV13T4HDG9i6r2B+CwvC6qarsJPgfc1EZVXXlwXDmVtfwIvpj9qIXKyuG89GNU1jAKvhiNaqCyY+mIg0k9VPavQ+CLyZB/pbKeSYiL9VT3u4HwxWDg76huPeIj8yTVvZ4Cn20pr1PdyUzEyYQI1b0In20vUl1kAuLmUdrwJHw2PUkbHkX8BKppwxL4bFlCG6oDiKPRrVTXcxd8NtzVQ3WtoxFXs2lD5Db4lN0WoQ2zEWcVtOFCAXyKCi7QhgrEW2YdbTiTA5+SnDO0oS4TcXdzN204lQWfgqxTtKH7ZrjgMdrRmAOftJxG2vEY3BB4m3acKYBPUsEZ2vF2AK4Y1kg7LhTBJ6XoAu1oHAaX3NRJOyLz4JMwL0I7Om+CaxbSlp5l8F3Vsh7ashAu2kR71sB3FWtozya4acBB2lOZCl8/Uitoz8EBcFV2C+15MwO+PmW8SXtasuGyqV/Snv1D4evD0P2058upcF0ZbTo2Gj5Lo4/RpjJosJM2nc6Fz0Luadq0EzoEa2jTZxPh+46Jn9GmmiC0GHGKNrXPgO8KM9pp06kR0CT3LG3qXgDftyzopk1nc6HNlC7a9VIGfN/IeIl2dU2BRqFe2nUkF74/yz1Cu3pD0GoFbbvwc/j+5OcXaNsKaFZB+17OgA8ZL9O+CuiWVkX7juYh6eUdpX1VadBu8BHa1343ktzd7bTvyGAYIKuBMagMIokFKxmDhiwYYUwTY3AsD0kr7xhj0DQGhshtYQza70WSuredMWjJhTHGnWUsNgeRhIKbGYuz42CQiRcYi48Eko74iLG4MBFGubWTsbi4AElmwUXGovNWGGZmhDH59SgkkVG/ZkwiM2Gc2VHG5NwiJI1F5xiT6GwY6N4exmbvD5AUfrCXsem5F0a6N8rYdJSlIuGllnUwNtF7YajZEcbo/XwkuPz3GaPIbBhrZidj1L02Ewksc203Y9Q5Ewa79QJj9Ye7A0hQgbv/wFhduBVGm3iWMauZhIQ0qYYxOzsRhhvXwpj1bs9Gwsne3suYtYyD8XKbGLuLq4JIKMFVFxm7plx4wJgGOuCTUAAJIxD6hA5oGANPyDpCJxy+EwnizsN0wpEseMTgKjri0AwkgBmH6IiqwfCMtAo648A0eNy0A3RGRRq8ZEUvnVF9Czzslmo6o3cFPCbURYe8NRkeNfktOqQrBM+ZcpZOOTgnBZ6TMucgnXJ2Cjwo9xQd07A0E56SubSBjjmVC08aUUPntK4ZBc8YtaaVzqkZAY8K7qSDuipvgCfcUNlFB+0MwrvKvqSTDiwMwnDBhQfopC/L4GlTW+io8y+Mh8HGv3CejmqZCo/LPkiHvb/4GhjpmsXv02EHs+F5AzbRae2VkwMwTGByZTudtmkAEsHCTjquad0kGGTSuiY6rnMhEsRNjYyDxqcLYISCpxsZB403IWEMe5txUb82H5rlr61nXLw9DAkk8Fg346N+Q3EQmgSLN9QzProfCyCx3FzHePnineVj4bqxy9/5gvFSdzMSTmYF46hh4+1BuCZ4+8YGxlFFJhLR7FbGU6Tm2ZIRiLsRJc/WRBhPrbORoEZXM97qtt6fh7jJu39rHeOtejQSVuDRCOPv811PlPwwAEcFfljyxK7PGX+RRwNIZBNO0h0X/uXFh342BA4Y8rOHXvyXC3THyQlIcJnre+ia3sY9G8rmFPw1bPnrgjllG/Y09tI1PeszkfgmHaPbLhzbvaFsftH47AxcVUb2+KL5ZRt2H7tAtx2bhKSQXt5FXS5+/EHVq8+vfeLxR5Y8sGBeSXFRUXHJvAUPLHnk8SfWPv9q1QcfX6QuXeXpSBZ5++m7wv48JJFAaRt9l2krDSC5ZO+i7xu7spF87mqm70+a70JSGvJMhD5GnhmCZJWzm0lvdw6S2YwTTGonZiDJpT18jknr3MNp8A3fFGVSim4aDt8lN1YzCVXfCN/XimuZZGqL4bvcrCNMIkdmwXeFwNwTTBIn5gbg+66Uu+uYBOruToHPWup9jUxwjfelwte39AdPM4GdfjAdvv6lzq9lgqqdnwqfhKl7eplwevdMhU+WqOxiQumqFPCpGLWmlQmjdc0o+FRlLq1nQqhfmgmfHYGinRF6XGRnUQA+264tO0kPO1l2LXwxmrK9k57UuX0KfE4YuuwoPefosqHwOaZw0xl6yJlNhfA5K7Xo5VZ6QuvLRanwxUHazC3naLhzW2amwRc36Xdsb6Ox2rbfkQ5fnA2ctbWZBmreOmsgfK4ITFh5IEqDRA+snBCAz01D521rphGat80bCp8GgYLy96LUKvpeeUEAPn0G3baqKkwtwlWrbhsEn34p+aU7Gumqxh2l+SnwGSRr7vqaDrqgo2b93Cz4TJSSM+fJN+p7GSe99W88OScnBT6zDSpcvGHfWTrq7L4NiwsHwecdIwtDKyr2nupmTLpP7a1YESocCZ9HpY6ZtuipHXsPN3VQQUfT4b07nlo0bUwqfIkiIzt/+tzS8udeeX3Pu/tqPjxe/0nL+Y5otON8yyf1xz+s2ffuntdfea68dO70/OwMJI3/DwYnnV0gVKhrAAAAAElFTkSuQmCC + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - redhatcop.redhat.io + resources: + - resourcelockers + - resourcelockers/status + verbs: + - '*' + - apiGroups: + - "" + resources: + - serviceaccounts + - secrets + verbs: + - get + - list + - watch + serviceAccountName: resource-locker-operator + deployments: + - name: resource-locker-operator + spec: + replicas: 1 + selector: + matchLabels: + name: resource-locker-operator + strategy: {} + template: + metadata: + labels: + name: resource-locker-operator + spec: + containers: + - command: + - resource-locker-operator + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPERATOR_NAME + value: resource-locker-operator + image: quay.io/redhat-cop/resource-locker-operator:v0.1.3 + imagePullPolicy: Always + name: resource-locker-operator + resources: {} + serviceAccountName: resource-locker-operator + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + verbs: + - '*' + - apiGroups: + - "" + resources: + - services + - services/finalizers + verbs: + - '*' + - apiGroups: + - apps + resources: + - replicasets + - deployments + verbs: + - get + - list + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - apps + resourceNames: + - resource-locker-operator + resources: + - deployments/finalizers + verbs: + - update + serviceAccountName: resource-locker-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - resource_management + - enforcing + - patches + links: + - name: repository + url: https://github.com/redhat-cop/resource-locker-operator + - name: conatinerImage + url: https://quay.io/redhat-cop/resource-locker-operator:latest + maintainers: + - email: rspazzol@redhat.com + name: Raffaele Spazzoli + maturity: alpha + provider: + name: Containers & PaaS CoP + replaces: resource-locker-operator.v0.1.2 + version: 0.1.3 diff --git a/community-operators/resource-locker-operator/0.1.4/redhatcop.redhat.io_resourcelockers_crd.yaml b/community-operators/resource-locker-operator/0.1.4/redhatcop.redhat.io_resourcelockers_crd.yaml new file mode 100644 index 0000000000..b4571ffaa6 --- /dev/null +++ b/community-operators/resource-locker-operator/0.1.4/redhatcop.redhat.io_resourcelockers_crd.yaml @@ -0,0 +1,340 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: resourcelockers.redhatcop.redhat.io +spec: + group: redhatcop.redhat.io + names: + kind: ResourceLocker + listKind: ResourceLockerList + plural: resourcelockers + singular: resourcelocker + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: ResourceLocker is the Schema for the resourcelockers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ResourceLockerSpec defines the desired state of ResourceLocker + properties: + patches: + description: Patches is a list of patches that should be enforced at + runtime. + items: + description: Patch describe a patch to be enforced at runtime + properties: + id: + description: ID represent a unique identifier for the patch in + the array of patches oc this CR + type: string + patchTemplate: + description: PatchTemplate is a go template that will be resolved + using the SourceObjectRefs as parameters. The result must be + a valid patch based on the patch type and the target object. + type: string + patchType: + description: PatchType is the type of patch to be applied, one + of "application/json-patch+json"'"application/merge-patch+json","application/strategic-merge-patch+json","application/apply-patch+yaml" + kubebuilder:default:="application/strategic-merge-patch+json" + enum: + - application/json-patch+json + - application/merge-patch+json + - application/strategic-merge-patch+json + - application/apply-patch+yaml + type: string + sourceObjectRefs: + description: SourceObject refs is an array of references to source + objects that will be used as input for the template processing + items: + description: 'ObjectReference contains enough information to + let you inspect or modify the referred object. --- New uses + of this type are discouraged because of difficulty describing + its usage when embedded in APIs. 1. Ignored fields. It includes + many fields which are not generally honored. For instance, + ResourceVersion and FieldPath are both very rarely valid in + actual usage. 2. Invalid usage help. It is impossible to + add specific help for individual usage. In most embedded + usages, there are particular restrictions like, "must + refer only to types A and B" or "UID not honored" or "name + must be restricted". Those cannot be well described when + embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, + which makes it hard for users to predict what will happen. 4. + The fields are both imprecise and overly precise. Kind is + not a precise mapping to a URL. This can produce ambiguity during + interpretation and require a REST mapping. In most cases, + the dependency is on the group,resource tuple and the + version of the actual struct is irrelevant. 5. We cannot + easily change it. Because this type is embedded in many locations, + updates to this type will affect numerous schemas. Don''t + make new APIs embed an underspecified API type they do not + control. Instead of using this type, create a locally provided + and used type that is well-focused on your reference. For + example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + .' + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this pod). + This syntax is chosen only to have some well-defined way + of referencing a part of an object. TODO: this design + is not final and this field is subject to change in the + future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + x-kubernetes-list-type: atomic + targetObjectRef: + description: TargetObjectRef is a reference to the object to which + the patch should be applied. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + required: + - id + - patchTemplate + - targetObjectRef + type: object + type: array + x-kubernetes-list-map-keys: + - id + x-kubernetes-list-type: map + resources: + description: Resources is a list of resource manifests that should be + locked into the specified configuration + items: + description: Resource represent a resource to be enforced + properties: + excludedPaths: + items: + type: string + type: array + x-kubernetes-list-type: set + object: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - object + type: object + type: array + x-kubernetes-list-type: atomic + serviceAccountRef: + description: 'ServiceAccountRef is the service account to be used to + run the controllers associated with this configuration kubebuilder:default:="{Name: + "default"}"' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: object + status: + description: ResourceLockerStatus defines the observed state of ResourceLocker + properties: + conditions: + description: ReconcileStatus this is the general status of the main + reconciler + items: + description: "Condition represents an observation of an object's state. + Conditions are an extension mechanism intended to be used when the + details of an observation are not a priori known or would not apply + to all instances of a given Kind. \n Conditions should be added + to explicitly convey properties that users and components care about + rather than requiring those properties to be inferred from other + observations. Once defined, the meaning of a Condition can not be + changed arbitrarily - it becomes part of the API, and has the same + backwards- and forwards-compatibility concerns of any other part + of the API." + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ConditionReason is intended to be a one-word, CamelCase + representation of the category of cause of the current status. + It is intended to be used in concise output, such as one-line + kubectl get output, and in summarizing occurrences of causes. + type: string + status: + type: string + type: + description: "ConditionType is the type of the condition and is + typically a CamelCased word or short phrase. \n Condition types + should indicate state in the \"abnormal-true\" polarity. For + example, if the condition indicates when a policy is invalid, + the \"is valid\" case is probably the norm, so the condition + should be called \"Invalid\"." + type: string + required: + - status + - type + type: object + type: array + lockedPatchStatuses: + additionalProperties: + description: Conditions is a set of Condition instances. + items: + description: "Condition represents an observation of an object's + state. Conditions are an extension mechanism intended to be used + when the details of an observation are not a priori known or would + not apply to all instances of a given Kind. \n Conditions should + be added to explicitly convey properties that users and components + care about rather than requiring those properties to be inferred + from other observations. Once defined, the meaning of a Condition + can not be changed arbitrarily - it becomes part of the API, and + has the same backwards- and forwards-compatibility concerns of + any other part of the API." + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ConditionReason is intended to be a one-word, CamelCase + representation of the category of cause of the current status. + It is intended to be used in concise output, such as one-line + kubectl get output, and in summarizing occurrences of causes. + type: string + status: + type: string + type: + description: "ConditionType is the type of the condition and + is typically a CamelCased word or short phrase. \n Condition + types should indicate state in the \"abnormal-true\" polarity. + For example, if the condition indicates when a policy is invalid, + the \"is valid\" case is probably the norm, so the condition + should be called \"Invalid\"." + type: string + required: + - status + - type + type: object + type: array + description: LockedResourceStatuses contains the reconcile status for + each of the managed resources + type: object + lockedResourceStatuses: + additionalProperties: + description: Conditions is a set of Condition instances. + items: + description: "Condition represents an observation of an object's + state. Conditions are an extension mechanism intended to be used + when the details of an observation are not a priori known or would + not apply to all instances of a given Kind. \n Conditions should + be added to explicitly convey properties that users and components + care about rather than requiring those properties to be inferred + from other observations. Once defined, the meaning of a Condition + can not be changed arbitrarily - it becomes part of the API, and + has the same backwards- and forwards-compatibility concerns of + any other part of the API." + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ConditionReason is intended to be a one-word, CamelCase + representation of the category of cause of the current status. + It is intended to be used in concise output, such as one-line + kubectl get output, and in summarizing occurrences of causes. + type: string + status: + type: string + type: + description: "ConditionType is the type of the condition and + is typically a CamelCased word or short phrase. \n Condition + types should indicate state in the \"abnormal-true\" polarity. + For example, if the condition indicates when a policy is invalid, + the \"is valid\" case is probably the norm, so the condition + should be called \"Invalid\"." + type: string + required: + - status + - type + type: object + type: array + description: LockedResourceStatuses contains the reconcile status for + each of the managed resources + type: object + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/community-operators/resource-locker-operator/0.1.4/resource-locker-operator.v0.1.4.clusterserviceversion.yaml b/community-operators/resource-locker-operator/0.1.4/resource-locker-operator.v0.1.4.clusterserviceversion.yaml new file mode 100644 index 0000000000..9fb62274ee --- /dev/null +++ b/community-operators/resource-locker-operator/0.1.4/resource-locker-operator.v0.1.4.clusterserviceversion.yaml @@ -0,0 +1,308 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "redhatcop.redhat.io/v1alpha1", + "kind": "ResourceLocker", + "metadata": { + "name": "combined" + }, + "spec": { + "patches": [ + { + "id": "patch1", + "patchTemplate": "metadata:\n annotations:\n {{ (index . 0).metadata.name }}: {{ (index . 1).metadata.name }}\n", + "patchType": "application/strategic-merge-patch+json", + "sourceObjectRefs": [ + { + "apiVersion": "v1", + "kind": "Namespace", + "name": "resource-locker-test" + }, + { + "apiVersion": "v1", + "kind": "ServiceAccount", + "name": "default", + "namespace": "resource-locker-test" + } + ], + "targetObjectRef": { + "apiVersion": "v1", + "kind": "ServiceAccount", + "name": "test", + "namespace": "resource-locker-test" + } + }, + { + "id": "patch2", + "patchTemplate": "metadata:\n annotations:\n {{ (index . 0) }}: {{ (index . 1) }}\n", + "patchType": "application/strategic-merge-patch+json", + "sourceObjectRefs": [ + { + "apiVersion": "v1", + "fieldPath": "$.metadata.uid", + "kind": "Namespace", + "name": "resource-locker-test" + }, + { + "apiVersion": "v1", + "fieldPath": "$.metadata.uid", + "kind": "ServiceAccount", + "name": "default", + "namespace": "resource-locker-test" + } + ], + "targetObjectRef": { + "apiVersion": "v1", + "kind": "ServiceAccount", + "name": "test", + "namespace": "resource-locker-test" + } + } + ], + "resources": [ + { + "object": { + "apiVersion": "networking.k8s.io/v1", + "kind": "NetworkPolicy", + "metadata": { + "name": "allow-from-same-namespace", + "namespace": "resource-locker-test" + }, + "spec": { + "ingress": [ + { + "from": [ + { + "podSelector": {} + } + ] + } + ], + "podSelector": {} + } + } + }, + { + "object": { + "apiVersion": "networking.k8s.io/v1", + "kind": "NetworkPolicy", + "metadata": { + "name": "allow-from-default-namespace", + "namespace": "resource-locker-test" + }, + "spec": { + "ingress": [ + { + "from": [ + { + "namespaceSelector": { + "matchLabels": { + "name": "default" + } + } + } + ] + } + ], + "podSelector": {} + } + } + } + ], + "serviceAccountRef": { + "name": "default" + } + } + } + ] + capabilities: Deep Insights + categories: Security + certified: "false" + containerImage: quay.io/redhat-cop/resource-locker-operator:latest + createdAt: 11/14/2019 + description: This operator provides a facility to lock resources and / or patches + into the state described by its custom resource preventing any drifts. + repository: https://github.com/redhat-cop/resource-locker-operator + support: Best Effort + name: resource-locker-operator.v0.1.4 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: ResourceLocker is the Schema for the resourcelockers API + kind: ResourceLocker + name: resourcelockers.redhatcop.redhat.io + version: v1alpha1 + description: | + The resource locker operator allows you to specify a set of configurations that the operator will "keep in place" (lock) preventing any drifts. + Two types of configurations may be specified: + + * Resources. This will instruct the operator to create and enforce the specified resource. In this case the operator "owns" the created resources. + * Patches to resources. This will instruct the operator to patch- and enforce the change on- a pre-existing resource. In this case the operator does not "own" the resource. + + Locked resources are defined with the `ResourceLocker` CRD. Here is the high-level structure of this CRD: + + ```yaml + apiVersion: redhatcop.redhat.io/v1alpha1 + kind: ResourceLocker + metadata: + name: test-simple-resource + spec: + resources: + - object: + apiVersion: v1 + ... + patches: + - targetObjectRef: + ... + patchTemplate: | + metadata: + annotations: + ciao: hello + ... + serviceAccountRef: + name: default + ``` + + It contains: + + * `resources`: representing an array of resources + * `patches`: representing an array of patches + * `serviceAccountRef`: a reference to a service account defined in the same namespace as the ResourceLocker CR, that will be used to create the resources and apply the patches. If not specified the service account will be defaulted to: `default` + + For each ResourceLocker a manager is dynamically allocated. For each resource and patch a controller with the needed watches is created and associated with the previously created manager. + + **Note**: creating a `ResourceLocker` CR will not work without due preparation (of the service account in particular). Follow these [instructions](https://github.com/redhat-cop/resource-locker-operator/blob/master/EXAMPLES.md) for a step by step walkthrough of the needed prerequisites to make this operator work. + displayName: Resource Locker Operator + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAMAAADDpiTIAAAAA3NCSVQICAjb4U/gAAAACXBIWXMAAH85AAB/OQGCGULUAAAAGXRFWHRTb2Z0d2FyZQB3d3cuaW5rc2NhcGUub3Jnm+48GgAAAtlQTFRF////AQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACAQACsX3ZHQAAAPJ0Uk5TAAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNGR0hJSktMTU5PUFFSVFVWV1hZWltcXV5fYGFiY2VmZ2hpamtsbW5vcHFyc3V2d3h5ent9fn+AgYKDhIaIiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaaoqaqsra6vsLGys7S1tre4ubq7vL6/wMLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u/w8fLz9PX29/j5+vv8/f4+bBGbAAAiuUlEQVQYGe3BjWNV5YEm8OfmA3KDMDAINKQO2zYkr1aCxEIqXQQMbHQdAgi3KowobgSkbqoOBHGFqoyMIKsmfIywytbqAlXjkg7gkMXo8CEszSYETacmaIAbQmJuvMnzF+xQq0U8Ce977rnnfc+95/cDkkZGdv70uaXlz73y+p5399V8eLz+k5bzHdFox/mWT+qPf1iz7909r7/yXHnp3On52RnwJYrUMdMWPbVj7+GmDiroaDq8d8dTi6aNSYXPo0YWhlZU7D3VzZh0n9pbsSJUOBI+7xhUuHjDvrN01Nl9GxYXDoLPbCk5c558o76XcdJb/8aTc3JS4DNR1tz1NR10QUfN+rlZ8BkkJb90RyNd1bijND8FPv0G3baqKkwtwlWrbhsEnz6BgvL3otQq+l55QQA+DYbO29ZMIzRvmzcUPjcFJqw8EKVBogdWTgjA54qBs7Y200DNW2cNhC/O0u/Y3kZjtW2/Ix2+uEmbueUcDXduy8w0+OIgtejlVnpC68tFqfA5q3DTGXrImU2F8Dlm6LKj9Jyjy4bC54Qp2zvpSZ3bp8AXo2vLTtLDTpZdC59tgaKdEXpcZGdRAD47MpfWMyHUL82ET9WoNa1MGK1rRsGnQlR2MaF0VQr4ZE3d08uE07tnKnwSUufXMkHVzk+Fr3/pD55mAjv9YDp8fUu9r5EJrvG+VPispdxdxyRQd3cKfN8VmHuCSeLE3AB8V5h1hEnkyCz4LldcyyRTWwzf126sZhKqvhG+S4ZvijIpRTcNhy/t4XNMWuceTkOSm3GCSe3EDCSznN1MertzkKyGPBOhj5FnhiAp3dVM358034Xkk72Lvm/sykZyCZS20XeZttIAkkjefvqusD8PySK9vIu6XPz4g6pXn1/7xOOPLHlgwbyS4qKi4pJ5Cx5Y8sjjT6x9/tWqDz6+SF26ytORFCYdo9s6jv92Y9n8ovHZGbiqjOzxRfPLNv72eAfddmwSEl/m+h6659O9FStChSNhy8jC0IqKvZ/SPT3rM5HgJpykOy4e2rx8+nA4YPj05ZsPXaQ7Tk5AIgs8GmH8fb5r9eycFDgqJWf26l2fM/4ijwaQsEZXM97qtt6fh7jJu39rHeOtejQS1OxWxlOk5tmSEYi7ESXP1kQYT62zkYgyKxhHDRtvD8I1wds3NjCOKjKRcG6uY7x88c7ysXDd2OXvfMF4qbsZiSXwWDfjo35DcRCaBIs31DM+uh8LIIEMe5txUb82H5rlr61nXLw9DAnjpkbGQePTBTBCwdONjIPGm5AgFnbScU3rJsEgk9Y10XGdC5EIBmyi09orJwdgmMDkynY6bdMAeF72QTrs/cXXwEjXLH6fDjuYDY+b2kJHnX9hPAw2/oXzdFTLVHha2Zd00oGFQRguuPAAnfRlGbwruJMO6qq8AZ5wQ2UXHbQzCI8aUUPntK4ZBc8YtaaVzqkZAU/KPUXHNCzNhKdkLm2gY07lwoOmnKVTDs5JgeekzDlIp5ydAs8JddEhb02GR01+iw7pCsFjVvTSGdW3wMNuqaYzelfAS9Iq6IwD0+Bx0w7QGRVp8IzBVXTEoRlIADMO0RFVg+ERWUfohMN3IkHceZhOOJIFTxjTQAc0hQJIGIFQEx3QMAYekNvE2HWsDiKhBFd3MHZNuTDeuBbG7rXrkHCue42xaxkHw008y5jVTkZCmlzLmJ2dCKPdeoGxal4UQIIKLGpmrC7cCoPN7GSMousGI4ENXhdljDpnwlizI4zRkZ8gwf3kCGMUmQ1D3RtlbLpWpiHhpa3sYmyi98JI9/YwNvvzkBTy9jM2PffCQLOjjEnbQwEkicBDbYxJdDaMMzPCmOz+PpLI93czJpGZMMytnYxF52IkmcWdjEXnrTDKxAuMxclxSDrjTjIWFybCIOPOMhbbByEJDdrOWJwdB2PktjAGHfcjSd3fwRi05MIQY5oYgxM/RtL68QnGoGkMjJDVwBhsy0QSy9zGGDRkwQCDj9C+iwuR5BZepH1HBkO7tCra99H1SHrXf0T7qtKgWwXt2xyED8HNtK8Cmq2gbe33wPcn97TTthXQKtRLu47mwfdneUdpV28IGk3pol0vZcD3jYyXaFfXFGiTe5Y2dS+A71sWdNOms7nQZMQp2tQ+A74rzGinTadGQItgDW36bCJ83zHxM9pUE4QOO2nT6Vz4LOSepk07oUEZbTo2Gj5Lo4/RpjK4buqXtGf/UPj6MHQ/7flyKlyW3UJ73syAr08Zb9Kelmy4asBB2lOZCl8/Uitoz8EBcNMm2rMGvqtYQ3s2wUULaUvPMviualkPbVkI19zUSTsi8+CTMC9COzpvgkuGNdKOC0XwSSm6QDsah8EVgbdpx5kC+CQVnKEdbwfghsdoR2MOfNJyGmnHY3DBzd20oTELPgVZjbSh+2bEXWYdbTiTA5+SnDO0oS4T8VZBGy4UwKeo4AJtqECczaYNkSL4lBVFaMNsxNXoVqrrmQefDfN6qK51NOIoUE0blsFnyzLaUB1A/DxKG9bAZ9Ma2vAo4mZChOoq4LOtkuoiExAnmSep7s1U+GxLfZPqTmYiPtZT3f4M+GKQsZ/q1iMuJvVQ2bGh8MVk6DEq65mEOEg/RmWnR8MXo9GnqexYOpxXTmWf5cIXs9zPqKwcjsvroqr2ifA5YGI7VXXlwWGB/VTVPQM+R8zopqr9ATirlMoWwOeQBVRWCkdlt1HVS/A55iWqasuGk3ZR1dEM+ByTcZSqdsFBd1FVex58Dsprp6q74JghzVR1D3yOuoeqmofAKc9Q1Wb4HLaZqp6BQ3IiVPRRED6HBT+iokgOnLGbii5eD5/jrr9IRbvhiBlUtRC+OFhIVTPggLQTVLQNvrjYRkUn0hC7h6noRCZ8cZF5gooeRsyGn6Oajh/DFyc/7qCac8MRq01UdD98cXM/FW1CjG6MUs12+OJoO9VEb0Rsqqnm5CD44mjQSaqpRkyKqaZzHHxxNa6TaooRi1qqWQxfnC2mmlrEYBbV7IYv7nZTzSzYFjhCJW3fhy/uvt9GJUcCsGsu1TwEnwseopq5sCnlBJXsD8DngsB+KjmRAnvuppKuPPhckddFJXfDltQ6KlkJn0tWUkldKuy4j0qOpMHnkrQjVHIfbEhvpIroT+AhA26Ys+Ift/z6nfeOHn3vnV9v+ccVs69Ph4f8JEoVjelQ9yCVrINHDJz233b/vyi/48u6XatvHQCPWEclD0JZ6mmqaB4MD0j9j6t+9wX70VldPjkFHjC4mSpOp0LVfCpZBPON/4dmSvjjs+NgvkVUMh+qaqmiNgDDjfrlUUo7UjYKhgvUUkUtFE2lkskw2394sYtKul4cA7NNppKpULOHKl6D0XK3fUll3Vt+BKO9RhV7oET0UkHHdTDY37zWQ1ui27NhsOs6qKBXQEUlVayGudIfu0jb2n+ZBnOtpopKKBjVRQVNQRhr6gnG5KNbYaxgExV0jYK8NVQRgqmG/BNj9k9DYKoQVayBtMxWKjgcgKFubqAD6ifAUIHDVNCaCVlLqeJOGOrhCB3RtQSGupMqlkJSoJ4KDsFMQ9+gY/7nEJjpEBXUByCniCpmwEjXnaSDjo2GkWZQRRHk7KSCAzDSDX+go06PhZEOUMFOSLk2QgXTYKKfnqXDPrsZJppGBZFrIaOMCqphouIOOu5CEUxUTQVlkHGSCm6BgaZ3MQ46fwYD3UIFJyFhChW8BQNNaGNcnLsRBnqLCqbg6rZTwWSYJ+cM4+SPY2CeyVSwHVc1tJPyDsI83zvFuKkbAfMcpLzOobiaZVQwB8YZ8D4lRf9Yu+vFVate3FX7xyglvZcG48yhgmW4mqOU15AC42yghN7/8/cTs1LwjdSswvL3eynhGRgnpYHyjuIqCqlgKYwzh1cVeee/ZMFC9pL/3c2r6b0DxllKBYXo3ybKa82EaX4Q5lX8a2gw+vRX9xzlVbReB9NktlLeJvQr9QzlrYFp0mvZv4/vCaBfKff9gf37l1SYZg3lnUlFf4oor2sUTPM4+3XulwNxVRmPh9mvX8A0o7oorwj9eZnyKmGa6y6yH13PDIOU4esj7EdbFkxTSXkvox9prZR3A0zzG/bjk5sgbeK/sR+vwjQ3UF5rGvo2k/IOwDTF7Md7I6Egq4b9mA7THKC8mejbFspbCMMMbGDftgyAkoH/xL793zQYZiHlbUGf0s9R2vkgDFPKPkV/AWX/Nco+3QfDBM9T2rl09OUOynsBhkk7zb50zoANMzrZl7oUGOYFyrsDfdlOeeNhmL9jn34OW37OPs2HYcZT3nb0YWAbpb0Pw6T8nn35FWz6FftyNADDvE9pbQNhbRblLYZh5rEvuwKwKbCLfflbGGYx5c2Cta2U1n4NDHOAffhoMGwb/BH7sBeGuaad0rbCUqCZ0iphmB+yD60/QAx+0EprPdkwTCWlNQdgZQLlTYZhnmAfZiEms9iHx2CYyZQ3AVZWUlpTAIapp7X9iNF+WjsOwwSaKG0lrBygtHUwzC3sw08Ro5+yDxNgmHWUdgAWhkYpbRIMs4nWfoOY/YbW/gGGmURp0aH4rnmU1gjTNNDSl3mIWd6XtHQcpmmktHn4rm2U9jQM8ze09hIc8BKtjYJhnqa0bfiOQDOlFcAwi2jpiyw4IOsLWvo5DFNAac0BXKmA0uphmh209L/giF20VAnT1FNaAa5UTmlrYZo/0tLfwRGLaOkUTLOW0spxpfcoLR+G+SEtRYfDESN6aGk0DJNPae/hCoOilFUP09xBS7+DQ/bTUhFMU09Z0UH4ttsobQNMU0ZLD8MhZbS0BKbZQGm34dtWUVoxTPMyLV0Hh/yIlp6HaYopbRW+rYqyvgjCNPto5QM45jitVME0wS8oqwrfkhKmrHdgnGZa2QbHvEYrp2GcdygrnILL5VPacpgmg5Z+Bceso5WeFJhmOaXl43KllDYWphlFSw/DMWW09FcwzVhKK8XldlBWA4yTQ0tz4ZgQLX0fxmmgrB24XCNlbYRxJtDSz+CYW2npehhnI2U14jJZlHY7jHMrLf0QjsmhpUkwzu2UloW/mEtZkSCMcwctBeGYTFoqgnGCEcqai79YT1k1MM88WmmHg9pp5W9hnhrKWo+/qKGsZ2GeEK2E4aAwrZTAPM9SVg2+kdJBWSUwT4hWwnBQmFZKYJ4SyupIwddyKG0EzBOilTAcFKaVEphnBKXl4GtzKKsOBgrRShgOCtNKCQxUR1lz8LUnKWsrDBSilTAcFKaVEhhoK2U9ia+9QVn3w0AhWgnDQWFaKYGB7qesN/C1esrKg4FCtBKGg8K0UgID5VFWPf5sUC8lfQ4ThWglDAeFaaUEJvqcknoH4SuFlLULJgrRShgOCtNKCUy0i7IK8ZXFlLUaJgrRShgOCtNKCUy0mrIW4ysbKGs2TBSilTAcFKaVEphoNmVtwFf2UVYOTBSilTAcFKaVEpgoh7L24StnKeliCkwUopUwHBSmlRKYKOUiJZ3Fn4ykrEMwUohWwnBQmFZKYKRDlDUSlxRS1mYYKUQrYTgoTCslMNJmyirEJSHKWg4jhWglDAeFaaUERlpOWSFcsoKypsNIIVoJw0FhWimBkaZT1gpcUkFZw2GkEK2E4aAwrZTASMMpqwKX7KWkT2GmEK2E4aAwrZTATJ9S0l5ccoqS9sJMIVoJw0FhWimBmfZS0in8u9RuSqqAmUK0EoaDwrRSAjNVUFJ3KoAxlLUCZgrRShgOCtNKCcy0grLGAJhGWSGYKUQrYTgoTCslMFOIsqYBWERZhTBTiFbCcFCYVkpgpkLKWgTgKcoaCTOFaCUMB4VppQRmGklZTwHYQUkdMFSIVsJwUJhWSmCoDkraAWAvJR2HoUK0EoaDwrRSAkMdp6S9AA5T0m9hqBCthOGgMK2UwFC/paTDAJooaSMMFaKVMBwUppUSGGojJTUB6KCkMhgqRCthOChMKyUwVBkldQAZlDUfhgrRShgOCtNKCQw1n7IykE1ZRTBUiFbCcFCYVkpgqCLKykY+ZY2HKTKnPPI/Toa/0UFLYQfRUkf4Gyd3/OJnQZhiPGXlYzplZcMQ/7mZRvq3/wRDZFPWdMylrAwYYcgWGqtyMIyQQVlzUUpJF2GEkadpsNMjYYSLlFSKckr6GEZ4k0Z7E0b4mJLK8RwlfQAT3EPD3QMTfEBJz+EVSqqCAb53joY79z0YoIqSXsHrlPQqDFBK45XCAK9S0uvYQ0nPwwCVNF4lDPA8Je3Bu5S0FgY4TOMdhgHWUtK72EdJT0C/gd00XvdA6PcEJe1DDSU9Dv1y6QG50O9xSqrBh5T0CPQT9AAB/R6hpA9xnJKWQD9BDxDQbwklHUc9JT0A/QQ9QEC/ByipHp9Q0gLoJ+gBAvotoKRP0EJJ86CfoAcI6DePklpwnpJKoJ+gBwjoV0JJ59FBScXQT9ADBPQrpqQORCmpCPoJeoCAfkWUFEWUkoqgn6AHCOhXRElRdFBSMfQT9AAB/YopqQPnKakE+gl6gIB+JZR0Hi2UNA/6CXqAgH7zKKkFn1DSAugn6AEC+i2gpE9QT0kPQD9BDxDQ7wFKqsdxSloC/QQ9QEC/JZR0HB9S0iPQT9ADBPR7hJI+RA0lPQ79BD1AQL/HKakG+yjpCegn6AEC+j1BSfvwLiWthX6CHiCg31pKehd7KOl56CfoAQL6PU9Je/A6Jb0K/QQ9QEC/VynpdbxCSVXQT9ADBPSroqRX8BwlfQD9BD1AQL8PKOk5lFPSx9BP0AME9PuYkspRSkkXoZ+gBwjod5GSSjGXsjKgnaAHCGiXQVlzMZ2ysqGdoAcIaJdNWdORT1njoZ2gBwhoN56y8pFNWUXQTtADBLQroqxsZFDWfGgn6AEC2s2nrAygg5LKoJ2gBwhoV0ZJHQCaKGkjtBP0AAHtNlJSE4DDlPRbaCfoAQLa/ZaSDgPYS0nHoZ2gBwhod5yS9gLYQUkd0E7QAwS066CkHQCeoqyR0E3QAwR0G0lZTwFYRFmF0E3QAwR0K6SsRQCmUVYIugl6gIBuIcqaBmAMZa2AboIeIKDbCsoaAyC1m5IqoJugBwjoVkFJ3an4d6coaS90E/QAAd32UtIpXLKXkj6FboIeIKDbp5S0F5dUUNZwaCboAQKaDaesClyygrKmQzNBDxDQbDplrcAlIcpaDs0EPUBAs+WUFcIlhZS1GZoJeoCAZpspqxCXjKSsQ9BM0AMENDtEWSPxJ2cp6WIK9BL0AAG9Ui5S0ll8ZR9l5UAvQQ8Q0CuHsvbhKxsoazb0EvQAAb1mU9YGfGUxZa2GXoIeIKDXaspajK8UUtYu6CXoAQJ67aKsQnxlUC8lfQ69BD1AQK/PKal3EP6snrLyoJWgBwholUdZ9fjaG5R1P7QS9AABre6nrDfwtScpayu0EvQAAa22UtaT+NocyqqDVoIeIKBVHWXNwddyKG0EdBL0AAGdRlBaDr6W0kFZJdBJ0AMEdCqhrI4UfKOGsp6FToIeIKDTs5RVg79YT1k10EnQAwR0qqGs9fiLuZQVCUIjQQ8Q0CgYoay5+IssSrsdGgl6gIBGt1NaFi7TSFkboZGgBwhotJGyGnG5HZTVAI0EPUBAowbK2oHLlVLaWOgj6AEC+oyltFJcLp/SlkMfQQ8Q0Gc5peXjcilhynoH+gh6gIA+71BWOAXfUkVZXwShjaAHCGgT/IKyqvBtqyitGNoIeoCANsWUtgrfdhulbYA2gh4goM0GSrsN3zYoSln10EbQAwS0qaes6CBc4T1Ky4cugh4goEs+pb2HK5VT2lroIugBArqspbRyXKmA0uqhi6AHCOhST2kFuFKgmdIKoImgBwhoUkBpzQF8xzZKexqaCHqAgCZPU9o2fNc8SmuEJoIeIKBJI6XNw3cNjVLaJOgh6AECekyitOhQWDhAaeugh6AHCOixjtIOwMpKSmsKQAtBDxDQItBEaSthZQLlTYYWgh4goMVkypsAK4FmSquEFoIeIKBFJaU1B2BpK6W1XwMdBD1AQIdr2iltK6zNorzF0EHQAwR0WEx5s2BtYBulvQ8dBD1AQIf3Ka1tIPqwnfLGQwNBDxDQYDzlbUdf7qC8F6CBoAcIaPAC5d2BvqSfo7TzQbhP0AME3Bc8T2nn0tGnLZS3EO4T9AAB9y2kvC3o20zKOwD3CXqAgPsOUN5M9C2tlfJugOsEPUDAdTdQXmsa+vEy5VXCdYIeIOC6Ssp7Gf0poryuUXCboAcIuG1UF+UVoT+pZyhvDdwm6AECbltDeWdS0a9NlNeaCZcJeoCAyzJbKW8T+ldIBUvhMkEPEHDZUiooxFUcpbyGFLhL0AME3JXSQHlHcTXLqGAO3CXoAQLumkMFy3A1Qzsp7yDcJegBAu46SHmdQ3FV26lgMlwl6AECrppMBdtxdVOo4C24StADBFz1FhVMgYSTVHAL3CToAQJuuoUKTkJGGRVUw02CHiDgpmoqKIOMayNUMA0uEvQAARdNo4LItZCykwoOwEWCHiDgogNUsBNyiqhiBtwj6AEC7plBFUWQE6ingkNwj6AHCLjnEBXUByBpKVXcCdcIeoCAa+6kiqWQldlKBYcDcMtYesBYuCVwmApaMyFtDVWE4JYBERovMgBuCVHFGsgb1UUFTUG4pZbGq4Vbgk1U0DUKCiqpYjXc8iKN9yLcspoqKqFC9FJBx3VwyQM03gNwyXUdVNAroGQPVbwGlwz7lIb7dBhc8hpV7IGaqVQyGS65k4a7Ey6ZTCVToaiWKmoDcMl2Gm07XBKopYpaqJpPJYvgkmEnaLATw+CSRVQyH6pST1NF82C4ZOAzPTRUzzMD4ZLBzVRxOhXKHqSSdXDNLb+nkX5/C1yzjkoehLr0RqqI3gzXBMaG1v3z743yz+tCYwNwzU+iVNGYDhvuo5LDafC5JO0IldwHO1LrqOTv4XPJSiqpS4Utd1PJF2Phc0VeF5XcDXtSTlDJvgB8Lgjsp5ITKbBpLtUshs8FD1HNXNgVOEIl4Sz44u77bVRyJADbZlHNb+CLu91UMwsxqKWav4MvzhZTTS1iUUw1HdfDF1fjOqmmGDGppprjQfjiaNBJqqlGbG6MUs0W+OLoFaqJ3ogYbaKie+GLm/uoaBNiNfwc1bTnwRcnN3RQzbnhiNnDVHQ0A764CB6noocRu7QTVPQyfHGxmYpOpMEBM6gqBF8c3ENVM+CI3VR0YSx8jsttp6LdcEZOhIoOD4TPYRlHqCiSA4c8Q1X/HT6HvURVz8ApQ5qp6i74HDWfqpqHwDF3UVXbj+Bz0I/aqOouOGgXVX0wAD7HDPyQqnbBSdltVLUBPsdspKq2bDiqlMrmw+eQ+VRWCmcF9lNV13T4HDG9i6r2B+CwvC6qarsJPgfc1EZVXXlwXDmVtfwIvpj9qIXKyuG89GNU1jAKvhiNaqCyY+mIg0k9VPavQ+CLyZB/pbKeSYiL9VT3u4HwxWDg76huPeIj8yTVvZ4Cn20pr1PdyUzEyYQI1b0In20vUl1kAuLmUdrwJHw2PUkbHkX8BKppwxL4bFlCG6oDiKPRrVTXcxd8NtzVQ3WtoxFXs2lD5Db4lN0WoQ2zEWcVtOFCAXyKCi7QhgrEW2YdbTiTA5+SnDO0oS4TcXdzN204lQWfgqxTtKH7ZrjgMdrRmAOftJxG2vEY3BB4m3acKYBPUsEZ2vF2AK4Y1kg7LhTBJ6XoAu1oHAaX3NRJOyLz4JMwL0I7Om+CaxbSlp5l8F3Vsh7ashAu2kR71sB3FWtozya4acBB2lOZCl8/Uitoz8EBcFV2C+15MwO+PmW8SXtasuGyqV/Snv1D4evD0P2058upcF0ZbTo2Gj5Lo4/RpjJosJM2nc6Fz0Luadq0EzoEa2jTZxPh+46Jn9GmmiC0GHGKNrXPgO8KM9pp06kR0CT3LG3qXgDftyzopk1nc6HNlC7a9VIGfN/IeIl2dU2BRqFe2nUkF74/yz1Cu3pD0GoFbbvwc/j+5OcXaNsKaFZB+17OgA8ZL9O+CuiWVkX7juYh6eUdpX1VadBu8BHa1343ktzd7bTvyGAYIKuBMagMIokFKxmDhiwYYUwTY3AsD0kr7xhj0DQGhshtYQza70WSuredMWjJhTHGnWUsNgeRhIKbGYuz42CQiRcYi48Eko74iLG4MBFGubWTsbi4AElmwUXGovNWGGZmhDH59SgkkVG/ZkwiM2Gc2VHG5NwiJI1F5xiT6GwY6N4exmbvD5AUfrCXsem5F0a6N8rYdJSlIuGllnUwNtF7YajZEcbo/XwkuPz3GaPIbBhrZidj1L02Ewksc203Y9Q5Ewa79QJj9Ye7A0hQgbv/wFhduBVGm3iWMauZhIQ0qYYxOzsRhhvXwpj1bs9Gwsne3suYtYyD8XKbGLuLq4JIKMFVFxm7plx4wJgGOuCTUAAJIxD6hA5oGANPyDpCJxy+EwnizsN0wpEseMTgKjri0AwkgBmH6IiqwfCMtAo648A0eNy0A3RGRRq8ZEUvnVF9Czzslmo6o3cFPCbURYe8NRkeNfktOqQrBM+ZcpZOOTgnBZ6TMucgnXJ2Cjwo9xQd07A0E56SubSBjjmVC08aUUPntK4ZBc8YtaaVzqkZAY8K7qSDuipvgCfcUNlFB+0MwrvKvqSTDiwMwnDBhQfopC/L4GlTW+io8y+Mh8HGv3CejmqZCo/LPkiHvb/4GhjpmsXv02EHs+F5AzbRae2VkwMwTGByZTudtmkAEsHCTjquad0kGGTSuiY6rnMhEsRNjYyDxqcLYISCpxsZB403IWEMe5txUb82H5rlr61nXLw9DAkk8Fg346N+Q3EQmgSLN9QzProfCyCx3FzHePnineVj4bqxy9/5gvFSdzMSTmYF46hh4+1BuCZ4+8YGxlFFJhLR7FbGU6Tm2ZIRiLsRJc/WRBhPrbORoEZXM97qtt6fh7jJu39rHeOtejQSVuDRCOPv811PlPwwAEcFfljyxK7PGX+RRwNIZBNO0h0X/uXFh342BA4Y8rOHXvyXC3THyQlIcJnre+ia3sY9G8rmFPw1bPnrgjllG/Y09tI1PeszkfgmHaPbLhzbvaFsftH47AxcVUb2+KL5ZRt2H7tAtx2bhKSQXt5FXS5+/EHVq8+vfeLxR5Y8sGBeSXFRUXHJvAUPLHnk8SfWPv9q1QcfX6QuXeXpSBZ5++m7wv48JJFAaRt9l2krDSC5ZO+i7xu7spF87mqm70+a70JSGvJMhD5GnhmCZJWzm0lvdw6S2YwTTGonZiDJpT18jknr3MNp8A3fFGVSim4aDt8lN1YzCVXfCN/XimuZZGqL4bvcrCNMIkdmwXeFwNwTTBIn5gbg+66Uu+uYBOruToHPWup9jUxwjfelwte39AdPM4GdfjAdvv6lzq9lgqqdnwqfhKl7eplwevdMhU+WqOxiQumqFPCpGLWmlQmjdc0o+FRlLq1nQqhfmgmfHYGinRF6XGRnUQA+264tO0kPO1l2LXwxmrK9k57UuX0KfE4YuuwoPefosqHwOaZw0xl6yJlNhfA5K7Xo5VZ6QuvLRanwxUHazC3naLhzW2amwRc36Xdsb6Ox2rbfkQ5fnA2ctbWZBmreOmsgfK4ITFh5IEqDRA+snBCAz01D521rphGat80bCp8GgYLy96LUKvpeeUEAPn0G3baqKkwtwlWrbhsEn34p+aU7Gumqxh2l+SnwGSRr7vqaDrqgo2b93Cz4TJSSM+fJN+p7GSe99W88OScnBT6zDSpcvGHfWTrq7L4NiwsHwecdIwtDKyr2nupmTLpP7a1YESocCZ9HpY6ZtuipHXsPN3VQQUfT4b07nlo0bUwqfIkiIzt/+tzS8udeeX3Pu/tqPjxe/0nL+Y5otON8yyf1xz+s2ffuntdfea68dO70/OwMJI3/DwYnnV0gVKhrAAAAAElFTkSuQmCC + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - redhatcop.redhat.io + resources: + - resourcelockers + - resourcelockers/status + verbs: + - '*' + - apiGroups: + - "" + resources: + - serviceaccounts + - secrets + verbs: + - get + - list + - watch + serviceAccountName: resource-locker-operator + deployments: + - name: resource-locker-operator + spec: + replicas: 1 + selector: + matchLabels: + name: resource-locker-operator + strategy: {} + template: + metadata: + labels: + name: resource-locker-operator + spec: + containers: + - command: + - resource-locker-operator + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPERATOR_NAME + value: resource-locker-operator + image: quay.io/redhat-cop/resource-locker-operator:v0.1.4 + imagePullPolicy: Always + name: resource-locker-operator + resources: {} + serviceAccountName: resource-locker-operator + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + verbs: + - '*' + - apiGroups: + - "" + resources: + - services + - services/finalizers + verbs: + - '*' + - apiGroups: + - apps + resources: + - replicasets + - deployments + verbs: + - get + - list + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - apps + resourceNames: + - resource-locker-operator + resources: + - deployments/finalizers + verbs: + - update + serviceAccountName: resource-locker-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - resource_management + - enforcing + - patches + links: + - name: repository + url: https://github.com/redhat-cop/resource-locker-operator + - name: conatinerImage + url: https://quay.io/redhat-cop/resource-locker-operator:latest + maintainers: + - email: rspazzol@redhat.com + name: Raffaele Spazzoli + maturity: alpha + provider: + name: Red Hat Community of Practice + replaces: resource-locker-operator.v0.1.3 + version: 0.1.4 diff --git a/community-operators/resource-locker-operator/resource-locker-operator.package.yaml b/community-operators/resource-locker-operator/resource-locker-operator.package.yaml new file mode 100644 index 0000000000..8d614fbb00 --- /dev/null +++ b/community-operators/resource-locker-operator/resource-locker-operator.package.yaml @@ -0,0 +1,5 @@ +channels: +- currentCSV: resource-locker-operator.v0.1.4 + name: alpha +defaultChannel: alpha +packageName: resource-locker-operator