build(make): update Makefile targets to support ClusterCryostat (#541)

* build(make): update Make targets to support ClusterCryostat Signed-off-by: Elliott Baron <ebaron@redhat.com> * Make target namespaces customizable Signed-off-by: Elliott Baron <ebaron@redhat.com> --------- Signed-off-by: Elliott Baron <ebaron@redhat.com>
cryostatio · Mar 21, 2023 · 959e986 · 959e986
1 parent 465d6ed
commit 959e986
Show file tree

Hide file tree

Showing 7 changed files with 199 additions and 186 deletions.
diff --git a/Makefile b/Makefile
@@ -43,6 +43,7 @@ USE_IMAGE_DIGESTS ?= false
 ifeq ($(USE_IMAGE_DIGESTS), true)
 	BUNDLE_GEN_FLAGS += --use-image-digests
 endif
+BUNDLE_INSTALL_MODE ?= AllNamespaces
 
 IMAGE_BUILDER ?= podman
 # Image URL to use all building/pushing image targets
@@ -88,6 +89,7 @@ CUSTOM_SCORECARD_VERSION ?= 2.3.0-$(shell date -u '+%Y%m%d%H%M%S')
 export CUSTOM_SCORECARD_IMG ?= $(IMAGE_TAG_BASE)-scorecard:$(CUSTOM_SCORECARD_VERSION)
 
 DEPLOY_NAMESPACE ?= cryostat-operator-system
+TARGET_NAMESPACES ?= $(DEPLOY_NAMESPACE)
 SCORECARD_NAMESPACE ?= cryostat-operator-scorecard
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
@@ -190,6 +192,7 @@ endif
 .PHONY: undeploy
 undeploy:
 	- $(CLUSTER_CLIENT) delete --ignore-not-found=$(ignore-not-found) -f config/samples/operator_v1beta1_cryostat.yaml
+	- $(CLUSTER_CLIENT) delete --ignore-not-found=$(ignore-not-found) -f config/samples/operator_v1beta1_clustercryostat.yaml
 	- $(KUSTOMIZE) build config/default | $(CLUSTER_CLIENT) delete --ignore-not-found=$(ignore-not-found) -f -
 
 # Generate manifests e.g. CRD, RBAC etc.
@@ -311,7 +314,7 @@ bundle-build:
 
 .PHONY: deploy_bundle
 deploy_bundle: check_cert_manager undeploy_bundle
-	operator-sdk run bundle $(BUNDLE_IMG)
+	operator-sdk run bundle --install-mode $(BUNDLE_INSTALL_MODE) $(BUNDLE_IMG)
 ifeq ($(DISABLE_SERVICE_TLS), true)
 	@echo "Disabling TLS for in-cluster communication between Services"
 	@current_ns=`$(CLUSTER_CLIENT) config view --minify -o 'jsonpath={.contexts[0].context.namespace}'` && \
@@ -336,11 +339,22 @@ undeploy_bundle:
 create_cryostat_cr: destroy_cryostat_cr
 	$(CLUSTER_CLIENT) create -f config/samples/operator_v1beta1_cryostat.yaml
 
+.PHONY: create_clustercryostat_cr
+create_clustercryostat_cr: destroy_clustercryostat_cr
+	target_ns_json=$$(jq -nc '$$ARGS.positional' --args -- $(TARGET_NAMESPACES)) && \
+	$(CLUSTER_CLIENT) patch -f config/samples/operator_v1beta1_clustercryostat.yaml --local=true --type=merge \
+	-p "{\"spec\": {\"installNamespace\": \"$(DEPLOY_NAMESPACE)\", \"targetNamespaces\": $$target_ns_json}}" -o yaml | \
+	oc apply -f -
+
 # Undeploy a Cryostat instance
 .PHONY: destroy_cryostat_cr
 destroy_cryostat_cr:
 	- $(CLUSTER_CLIENT) delete --ignore-not-found=$(ignore-not-found) -f config/samples/operator_v1beta1_cryostat.yaml
 
+.PHONY: destroy_clustercryostat_cr
+destroy_clustercryostat_cr:
+	- $(CLUSTER_CLIENT) delete --ignore-not-found=$(ignore-not-found) -f config/samples/operator_v1beta1_clustercryostat.yaml
+
 # Build custom scorecard tests
 .PHONY: custom-scorecard-tests
 custom-scorecard-tests: fmt vet

diff --git a/README.md b/README.md
@@ -53,6 +53,7 @@ kubectl get secret ${CRYOSTAT_NAME}-jmx-auth -o jsonpath='{$.data.CRYOSTAT_RJMX_
 - [`operator-sdk`](https://github.com/operator-framework/operator-sdk) v1.22.2
 - [`cert-manager`](https://github.com/jetstack/cert-manager) v1.7.1+ (Recommended)
 - `podman` or `docker`
+- [`jq`](https://stedolan.github.io/jq/) v1.6+
 - `ginkgo` (Optional)
 
 ## Instructions

diff --git a/bundle/manifests/cryostat-operator.clusterserviceversion.yaml b/bundle/manifests/cryostat-operator.clusterserviceversion.yaml
@@ -857,6 +857,20 @@ spec:
     spec:
       clusterPermissions:
       - rules:
+        - apiGroups:
+          - ""
+          resources:
+          - configmaps
+          - endpoints
+          - events
+          - persistentvolumeclaims
+          - pods
+          - secrets
+          - serviceaccounts
+          - services
+          - services/finalizers
+          verbs:
+          - '*'
         - apiGroups:
           - ""
           resources:
@@ -865,6 +879,27 @@ spec:
           - get
           - list
           - watch
+        - apiGroups:
+          - ""
+          resources:
+          - replicationcontrollers
+          verbs:
+          - get
+        - apiGroups:
+          - apps
+          resources:
+          - daemonsets
+          - deployments
+          - replicasets
+          - statefulsets
+          verbs:
+          - '*'
+        - apiGroups:
+          - apps.openshift.io
+          resources:
+          - deploymentconfigs
+          verbs:
+          - get
         - apiGroups:
           - authentication.k8s.io
           resources:
@@ -877,6 +912,18 @@ spec:
           - selfsubjectaccessreviews
           verbs:
           - create
+        - apiGroups:
+          - cert-manager.io
+          resources:
+          - certificates
+          - issuers
+          verbs:
+          - create
+          - delete
+          - get
+          - list
+          - update
+          - watch
         - apiGroups:
           - config.openshift.io
           resources:
@@ -896,6 +943,12 @@ spec:
           - get
           - list
           - update
+        - apiGroups:
+          - networking.k8s.io
+          resources:
+          - ingresses
+          verbs:
+          - '*'
         - apiGroups:
           - oauth.openshift.io
           resources:
@@ -923,6 +976,26 @@ spec:
           - get
           - patch
           - update
+        - apiGroups:
+          - operator.cryostat.io
+          resources:
+          - cryostats
+          verbs:
+          - '*'
+        - apiGroups:
+          - operator.cryostat.io
+          resources:
+          - cryostats/finalizers
+          verbs:
+          - update
+        - apiGroups:
+          - operator.cryostat.io
+          resources:
+          - cryostats/status
+          verbs:
+          - get
+          - patch
+          - update
         - apiGroups:
           - rbac.authorization.k8s.io
           resources:
@@ -934,6 +1007,25 @@ spec:
           - list
           - update
           - watch
+        - apiGroups:
+          - rbac.authorization.k8s.io
+          resources:
+          - rolebindings
+          - roles
+          verbs:
+          - create
+          - delete
+          - get
+          - list
+          - update
+          - watch
+        - apiGroups:
+          - route.openshift.io
+          resources:
+          - routes
+          - routes/custom-host
+          verbs:
+          - '*'
         serviceAccountName: cryostat-operator-service-account
       deployments:
       - label:
@@ -1036,105 +1128,13 @@ spec:
           verbs:
           - create
           - patch
-        - apiGroups:
-          - ""
-          resources:
-          - configmaps
-          - endpoints
-          - events
-          - persistentvolumeclaims
-          - pods
-          - secrets
-          - serviceaccounts
-          - services
-          - services/finalizers
-          verbs:
-          - '*'
-        - apiGroups:
-          - ""
-          resources:
-          - replicationcontrollers
-          verbs:
-          - get
-        - apiGroups:
-          - apps
-          resources:
-          - daemonsets
-          - deployments
-          - replicasets
-          - statefulsets
-          verbs:
-          - '*'
-        - apiGroups:
-          - apps.openshift.io
-          resources:
-          - deploymentconfigs
-          verbs:
-          - get
-        - apiGroups:
-          - cert-manager.io
-          resources:
-          - certificates
-          - issuers
-          verbs:
-          - create
-          - delete
-          - get
-          - list
-          - update
-          - watch
         - apiGroups:
           - monitoring.coreos.com
           resources:
           - servicemonitors
           verbs:
           - create
           - get
-        - apiGroups:
-          - networking.k8s.io
-          resources:
-          - ingresses
-          verbs:
-          - '*'
-        - apiGroups:
-          - operator.cryostat.io
-          resources:
-          - cryostats
-          verbs:
-          - '*'
-        - apiGroups:
-          - operator.cryostat.io
-          resources:
-          - cryostats/finalizers
-          verbs:
-          - update
-        - apiGroups:
-          - operator.cryostat.io
-          resources:
-          - cryostats/status
-          verbs:
-          - get
-          - patch
-          - update
-        - apiGroups:
-          - rbac.authorization.k8s.io
-          resources:
-          - rolebindings
-          - roles
-          verbs:
-          - create
-          - delete
-          - get
-          - list
-          - update
-          - watch
-        - apiGroups:
-          - route.openshift.io
-          resources:
-          - routes
-          - routes/custom-host
-          verbs:
-          - '*'
         serviceAccountName: cryostat-operator-service-account
     strategy: deployment
   installModes:

diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -48,9 +48,7 @@ spec:
           periodSeconds: 10
         env:
         - name: WATCH_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
+          value: ""
         resources:
           limits:
             cpu: 1000m