k8s-operatorhub · framework-automation · Jul 23, 2024 · Jul 23, 2024
diff --git a/operators/ack-acmpca-controller/0.0.15/bundle.Dockerfile b/operators/ack-acmpca-controller/0.0.15/bundle.Dockerfile
@@ -0,0 +1,21 @@
+FROM scratch
+
+# Core bundle labels.
+LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1
+LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
+LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
+LABEL operators.operatorframework.io.bundle.package.v1=ack-acmpca-controller
+LABEL operators.operatorframework.io.bundle.channels.v1=alpha
+LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha
+LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.28.0
+LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
+LABEL operators.operatorframework.io.metrics.project_layout=unknown
+
+# Labels for testing.
+LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1
+LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/
+
+# Copy files to locations specified by labels.
+COPY bundle/manifests /manifests/
+COPY bundle/metadata /metadata/
+COPY bundle/tests/scorecard /tests/scorecard/
diff --git a/...s/ack-acmpca-controller/0.0.15/manifests/ack-acmpca-controller.clusterserviceversion.yaml b/...s/ack-acmpca-controller/0.0.15/manifests/ack-acmpca-controller.clusterserviceversion.yaml
@@ -0,0 +1,344 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: ClusterServiceVersion
+metadata:
+ annotations:
+ alm-examples: |-
+ [
+ {
+ "apiVersion": "acmpca.services.k8s.aws/v1alpha1",
+ "kind": "CertificateAuthority",
+ "metadata": {
+ "name": "example"
+ },
+ "spec": {}
+ }
+ ]
+ capabilities: Basic Install
+ categories: Cloud Provider
+ certified: "false"
+ containerImage: public.ecr.aws/aws-controllers-k8s/acmpca-controller:0.0.15
+ createdAt: "2024-07-23T21:44:36Z"
+ description: AWS ACM PCA controller is a service controller for managing ACM PCA
+ resources in Kubernetes
+ operatorframework.io/suggested-namespace: ack-system
+ operators.operatorframework.io/builder: operator-sdk-v1.28.0
+ operators.operatorframework.io/project_layout: unknown
+ repository: https://github.com/aws-controllers-k8s
+ support: Community
+ labels:
+ operatorframework.io/arch.amd64: supported
+ operatorframework.io/arch.arm64: supported
+ operatorframework.io/os.linux: supported
+ name: ack-acmpca-controller.v0.0.15
+ namespace: placeholder
+spec:
+ apiservicedefinitions: {}
+ customresourcedefinitions:
+ owned:
+ - description: CertificateAuthority represents the state of an AWS acmpca CertificateAuthority
+ resource.
+ displayName: CertificateAuthority
+ kind: CertificateAuthority
+ name: certificateauthorities.acmpca.services.k8s.aws
+ version: v1alpha1
+ - description: CertificateAuthorityActivation represents the state of an AWS acmpca
+ CertificateAuthorityActivation resource.
+ displayName: CertificateAuthorityActivation
+ kind: CertificateAuthorityActivation
+ name: certificateauthorityactivations.acmpca.services.k8s.aws
+ version: v1alpha1
+ - description: Certificate represents the state of an AWS acmpca Certificate resource.
+ displayName: Certificate
+ kind: Certificate
+ name: certificates.acmpca.services.k8s.aws
+ version: v1alpha1
+ description: |-
+ Manage Amazon ACM PCA resources in AWS from within your Kubernetes cluster.
+
+ **About Amazon ACM PCA**
+
+ AWS Private CA enables creation of private certificate authority (CA) hierarchies, including root and subordinate CAs, without the investment and maintenance costs of operating an on-premises CA. Your private CAs can issue end-entity X.509 certificates useful in scenarios including:
+ - Creating encrypted TLS communication channels
+ - Authenticating users, computers, API endpoints, and IoT devices
+ - Cryptographically signing code
+ - Implementing Online Certificate Status Protocol (OCSP) for obtaining certificate revocation status
+
+ **About the AWS Controllers for Kubernetes**
+
+ This controller is a component of the [AWS Controller for Kubernetes](https://github.com/aws/aws-controllers-k8s) project. This project is currently in **developer preview**.
+
+ **Pre-Installation Steps**
+
+ Please follow the following link: [Red Hat OpenShift](https://aws-controllers-k8s.github.io/community/docs/user-docs/openshift/)
+ displayName: AWS Controllers for Kubernetes - Amazon ACM PCA
+ icon:
+ - base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDE5LjAuMSwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IiB2aWV3Qm94PSIwIDAgMzA0IDE4MiIgc3R5bGU9ImVuYWJsZS1iYWNrZ3JvdW5kOm5ldyAwIDAgMzA0IDE4MjsiIHhtbDpzcGFjZT0icHJlc2VydmUiPgo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgoJLnN0MHtmaWxsOiMyNTJGM0U7fQoJLnN0MXtmaWxsLXJ1bGU6ZXZlbm9kZDtjbGlwLXJ1bGU6ZXZlbm9kZDtmaWxsOiNGRjk5MDA7fQo8L3N0eWxlPgo8Zz4KCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04Ni40LDY2LjRjMCwzLjcsMC40LDYuNywxLjEsOC45YzAuOCwyLjIsMS44LDQuNiwzLjIsNy4yYzAuNSwwLjgsMC43LDEuNiwwLjcsMi4zYzAsMS0wLjYsMi0xLjksM2wtNi4zLDQuMiAgIGMtMC45LDAuNi0xLjgsMC45LTIuNiwwLjljLTEsMC0yLTAuNS0zLTEuNEM3Ni4yLDkwLDc1LDg4LjQsNzQsODYuOGMtMS0xLjctMi0zLjYtMy4xLTUuOWMtNy44LDkuMi0xNy42LDEzLjgtMjkuNCwxMy44ICAgYy04LjQsMC0xNS4xLTIuNC0yMC03LjJjLTQuOS00LjgtNy40LTExLjItNy40LTE5LjJjMC04LjUsMy0xNS40LDkuMS0yMC42YzYuMS01LjIsMTQuMi03LjgsMjQuNS03LjhjMy40LDAsNi45LDAuMywxMC42LDAuOCAgIGMzLjcsMC41LDcuNSwxLjMsMTEuNSwyLjJ2LTcuM2MwLTcuNi0xLjYtMTIuOS00LjctMTZjLTMuMi0zLjEtOC42LTQuNi0xNi4zLTQuNmMtMy41LDAtNy4xLDAuNC0xMC44LDEuM2MtMy43LDAuOS03LjMsMi0xMC44LDMuNCAgIGMtMS42LDAuNy0yLjgsMS4xLTMuNSwxLjNjLTAuNywwLjItMS4yLDAuMy0xLjYsMC4zYy0xLjQsMC0yLjEtMS0yLjEtMy4xdi00LjljMC0xLjYsMC4yLTIuOCwwLjctMy41YzAuNS0wLjcsMS40LTEuNCwyLjgtMi4xICAgYzMuNS0xLjgsNy43LTMuMywxMi42LTQuNWM0LjktMS4zLDEwLjEtMS45LDE1LjYtMS45YzExLjksMCwyMC42LDIuNywyNi4yLDguMWM1LjUsNS40LDguMywxMy42LDguMywyNC42VjY2LjR6IE00NS44LDgxLjYgICBjMy4zLDAsNi43LTAuNiwxMC4zLTEuOGMzLjYtMS4yLDYuOC0zLjQsOS41LTYuNGMxLjYtMS45LDIuOC00LDMuNC02LjRjMC42LTIuNCwxLTUuMywxLTguN3YtNC4yYy0yLjktMC43LTYtMS4zLTkuMi0xLjcgICBjLTMuMi0wLjQtNi4zLTAuNi05LjQtMC42Yy02LjcsMC0xMS42LDEuMy0xNC45LDRjLTMuMywyLjctNC45LDYuNS00LjksMTEuNWMwLDQuNywxLjIsOC4yLDMuNywxMC42ICAgQzM3LjcsODAuNCw0MS4yLDgxLjYsNDUuOCw4MS42eiBNMTI2LjEsOTIuNGMtMS44LDAtMy0wLjMtMy44LTFjLTAuOC0wLjYtMS41LTItMi4xLTMuOUw5Ni43LDEwLjJjLTAuNi0yLTAuOS0zLjMtMC45LTQgICBjMC0xLjYsMC44LTIuNSwyLjQtMi41aDkuOGMxLjksMCwzLjIsMC4zLDMuOSwxYzAuOCwwLjYsMS40LDIsMiwzLjlsMTYuOCw2Ni4ybDE1LjYtNjYuMmMwLjUtMiwxLjEtMy4zLDEuOS0zLjljMC44LTAuNiwyLjItMSw0LTEgICBoOGMxLjksMCwzLjIsMC4zLDQsMWMwLjgsMC42LDEuNSwyLDEuOSwzLjlsMTUuOCw2N2wxNy4zLTY3YzAuNi0yLDEuMy0zLjMsMi0zLjljMC44LTAuNiwyLjEtMSwzLjktMWg5LjNjMS42LDAsMi41LDAuOCwyLjUsMi41ICAgYzAsMC41LTAuMSwxLTAuMiwxLjZjLTAuMSwwLjYtMC4zLDEuNC0wLjcsMi41bC0yNC4xLDc3LjNjLTAuNiwyLTEuMywzLjMtMi4xLDMuOWMtMC44LDAuNi0yLjEsMS0zLjgsMWgtOC42Yy0xLjksMC0zLjItMC4zLTQtMSAgIGMtMC44LTAuNy0xLjUtMi0xLjktNEwxNTYsMjNsLTE1LjQsNjQuNGMtMC41LDItMS4xLDMuMy0xLjksNGMtMC44LDAuNy0yLjIsMS00LDFIMTI2LjF6IE0yNTQuNiw5NS4xYy01LjIsMC0xMC40LTAuNi0xNS40LTEuOCAgIGMtNS0xLjItOC45LTIuNS0xMS41LTRjLTEuNi0wLjktMi43LTEuOS0zLjEtMi44Yy0wLjQtMC45LTAuNi0xLjktMC42LTIuOHYtNS4xYzAtMi4xLDAuOC0zLjEsMi4zLTMuMWMwLjYsMCwxLjIsMC4xLDEuOCwwLjMgICBjMC42LDAuMiwxLjUsMC42LDIuNSwxYzMuNCwxLjUsNy4xLDIuNywxMSwzLjVjNCwwLjgsNy45LDEuMiwxMS45LDEuMmM2LjMsMCwxMS4yLTEuMSwxNC42LTMuM2MzLjQtMi4yLDUuMi01LjQsNS4yLTkuNSAgIGMwLTIuOC0wLjktNS4xLTIuNy03Yy0xLjgtMS45LTUuMi0zLjYtMTAuMS01LjJMMjQ2LDUyYy03LjMtMi4zLTEyLjctNS43LTE2LTEwLjJjLTMuMy00LjQtNS05LjMtNS0xNC41YzAtNC4yLDAuOS03LjksMi43LTExLjEgICBjMS44LTMuMiw0LjItNiw3LjItOC4yYzMtMi4zLDYuNC00LDEwLjQtNS4yYzQtMS4yLDguMi0xLjcsMTIuNi0xLjdjMi4yLDAsNC41LDAuMSw2LjcsMC40YzIuMywwLjMsNC40LDAuNyw2LjUsMS4xICAgYzIsMC41LDMuOSwxLDUuNywxLjZjMS44LDAuNiwzLjIsMS4yLDQuMiwxLjhjMS40LDAuOCwyLjQsMS42LDMsMi41YzAuNiwwLjgsMC45LDEuOSwwLjksMy4zdjQuN2MwLDIuMS0wLjgsMy4yLTIuMywzLjIgICBjLTAuOCwwLTIuMS0wLjQtMy44LTEuMmMtNS43LTIuNi0xMi4xLTMuOS0xOS4yLTMuOWMtNS43LDAtMTAuMiwwLjktMTMuMywyLjhjLTMuMSwxLjktNC43LDQuOC00LjcsOC45YzAsMi44LDEsNS4yLDMsNy4xICAgYzIsMS45LDUuNywzLjgsMTEsNS41bDE0LjIsNC41YzcuMiwyLjMsMTIuNCw1LjUsMTUuNSw5LjZjMy4xLDQuMSw0LjYsOC44LDQuNiwxNGMwLDQuMy0wLjksOC4yLTIuNiwxMS42ICAgYy0xLjgsMy40LTQuMiw2LjQtNy4zLDguOGMtMy4xLDIuNS02LjgsNC4zLTExLjEsNS42QzI2NC40LDk0LjQsMjU5LjcsOTUuMSwyNTQuNiw5NS4xeiIvPgoJPGc+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI3My41LDE0My43Yy0zMi45LDI0LjMtODAuNywzNy4yLTEyMS44LDM3LjJjLTU3LjYsMC0xMDkuNS0yMS4zLTE0OC43LTU2LjdjLTMuMS0yLjgtMC4zLTYuNiwzLjQtNC40ICAgIGM0Mi40LDI0LjYsOTQuNywzOS41LDE0OC44LDM5LjVjMzYuNSwwLDc2LjYtNy42LDExMy41LTIzLjJDMjc0LjIsMTMzLjYsMjc4LjksMTM5LjcsMjczLjUsMTQzLjd6Ii8+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI4Ny4yLDEyOC4xYy00LjItNS40LTI3LjgtMi42LTM4LjUtMS4zYy0zLjIsMC40LTMuNy0yLjQtMC44LTQuNWMxOC44LTEzLjIsNDkuNy05LjQsNTMuMy01ICAgIGMzLjYsNC41LTEsMzUuNC0xOC42LDUwLjJjLTIuNywyLjMtNS4zLDEuMS00LjEtMS45QzI4Mi41LDE1NS43LDI5MS40LDEzMy40LDI4Ny4yLDEyOC4xeiIvPgoJPC9nPgo8L2c+Cjwvc3ZnPg==
+ mediatype: image/svg+xml
+ install:
+ spec:
+ clusterPermissions:
+ - rules:
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - patch
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - list
+ - patch
+ - watch
+ - apiGroups:
+ - acmpca.services.k8s.aws
+ resources:
+ - certificateauthorities
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - acmpca.services.k8s.aws
+ resources:
+ - certificateauthorities/status
+ verbs:
+ - get
+ - patch
+ - update
+ - apiGroups:
+ - acmpca.services.k8s.aws
+ resources:
+ - certificateauthorityactivations
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - acmpca.services.k8s.aws
+ resources:
+ - certificateauthorityactivations/status
+ verbs:
+ - get
+ - patch
+ - update
+ - apiGroups:
+ - acmpca.services.k8s.aws
+ resources:
+ - certificates
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - acmpca.services.k8s.aws
+ resources:
+ - certificates/status
+ verbs:
+ - get
+ - patch
+ - update
+ - apiGroups:
+ - services.k8s.aws
+ resources:
+ - adoptedresources
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - services.k8s.aws
+ resources:
+ - adoptedresources/status
+ verbs:
+ - get
+ - patch
+ - update
+ - apiGroups:
+ - services.k8s.aws
+ resources:
+ - fieldexports
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - services.k8s.aws
+ resources:
+ - fieldexports/status
+ verbs:
+ - get
+ - patch
+ - update
+ serviceAccountName: ack-acmpca-controller
+ deployments:
+ - label:
+ app.kubernetes.io/name: ack-acmpca-controller
+ app.kubernetes.io/part-of: ack-system
+ name: ack-acmpca-controller
+ spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: ack-acmpca-controller
+ strategy: {}
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: ack-acmpca-controller
+ spec:
+ containers:
+ - args:
+ - --aws-region
+ - $(AWS_REGION)
+ - --aws-endpoint-url
+ - $(AWS_ENDPOINT_URL)
+ - --enable-development-logging=$(ACK_ENABLE_DEVELOPMENT_LOGGING)
+ - --log-level
+ - $(ACK_LOG_LEVEL)
+ - --resource-tags
+ - $(ACK_RESOURCE_TAGS)
+ - --watch-namespace
+ - $(ACK_WATCH_NAMESPACE)
+ - --enable-leader-election=$(ENABLE_LEADER_ELECTION)
+ - --leader-election-namespace
+ - $(LEADER_ELECTION_NAMESPACE)
+ - --reconcile-default-max-concurrent-syncs
+ - $(RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS)
+ command:
+ - ./bin/controller
+ env:
+ - name: ACK_SYSTEM_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ envFrom:
+ - configMapRef:
+ name: ack-acmpca-user-config
+ optional: false
+ - secretRef:
+ name: ack-acmpca-user-secrets
+ optional: true
+ image: public.ecr.aws/aws-controllers-k8s/acmpca-controller:0.0.15
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 8081
+ initialDelaySeconds: 15
+ periodSeconds: 20
+ name: controller
+ ports:
+ - containerPort: 8080
+ name: http
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: 8081
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ resources:
+ limits:
+ cpu: 100m
+ memory: 300Mi
+ requests:
+ cpu: 100m
+ memory: 200Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
+ runAsNonRoot: true
+ dnsPolicy: ClusterFirst
+ securityContext:
+ seccompProfile:
+ type: RuntimeDefault
+ serviceAccountName: ack-acmpca-controller
+ terminationGracePeriodSeconds: 10
+ permissions:
+ - rules:
+ - apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+ serviceAccountName: ack-acmpca-controller
+ strategy: deployment
+ installModes:
+ - supported: true
+ type: OwnNamespace
+ - supported: true
+ type: SingleNamespace
+ - supported: true
+ type: MultiNamespace
+ - supported: true
+ type: AllNamespaces
+ keywords:
+ - acmpca
+ - aws
+ - amazon
+ - ack
+ links:
+ - name: AWS Controllers for Kubernetes
+ url: https://github.com/aws-controllers-k8s/community
+ - name: Documentation
+ url: https://aws-controllers-k8s.github.io/community/
+ - name: Amazon ACM PCA Developer Resources
+ url: https://aws.amazon.com/private-ca/resources
+ maintainers:
+ - email: [email protected]
+ name: acmpca maintainer team
+ maturity: alpha
+ provider:
+ name: Amazon, Inc.
+ url: https://aws.amazon.com
+ version: 0.0.15
diff --git a/operators/ack-acmpca-controller/0.0.15/manifests/ack-acmpca-metrics-service_v1_service.yaml b/operators/ack-acmpca-controller/0.0.15/manifests/ack-acmpca-metrics-service_v1_service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+ creationTimestamp: null
+ name: ack-acmpca-metrics-service
+spec:
+ ports:
+ - name: metricsport
+ port: 8080
+ protocol: TCP
+ targetPort: http
+ selector:
+ app.kubernetes.io/name: ack-acmpca-controller
+ type: NodePort
+status:
+ loadBalancer: {}