-
Notifications
You must be signed in to change notification settings - Fork 533
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
10 changed files
with
1,268 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
FROM scratch | ||
|
||
# Core bundle labels. | ||
LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 | ||
LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ | ||
LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ | ||
LABEL operators.operatorframework.io.bundle.package.v1=ack-kms-controller | ||
LABEL operators.operatorframework.io.bundle.channels.v1=alpha | ||
LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha | ||
LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.19.0+git | ||
LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 | ||
LABEL operators.operatorframework.io.metrics.project_layout=unknown | ||
|
||
# Labels for testing. | ||
LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 | ||
LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ | ||
|
||
# Copy files to locations specified by labels. | ||
COPY bundle/manifests /manifests/ | ||
COPY bundle/metadata /metadata/ | ||
COPY bundle/tests/scorecard /tests/scorecard/ |
301 changes: 301 additions & 0 deletions
301
operators/ack-kms-controller/0.1.3/manifests/ack-kms-controller.clusterserviceversion.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,301 @@ | ||
apiVersion: operators.coreos.com/v1alpha1 | ||
kind: ClusterServiceVersion | ||
metadata: | ||
annotations: | ||
alm-examples: |- | ||
[ | ||
{ | ||
"apiVersion": "kms.services.k8s.aws/v1alpha1", | ||
"kind": "Alias", | ||
"metadata": { | ||
"name": "example" | ||
}, | ||
"spec": {} | ||
}, | ||
{ | ||
"apiVersion": "kms.services.k8s.aws/v1alpha1", | ||
"kind": "Grant", | ||
"metadata": { | ||
"name": "example" | ||
}, | ||
"spec": {} | ||
}, | ||
{ | ||
"apiVersion": "kms.services.k8s.aws/v1alpha1", | ||
"kind": "Key", | ||
"metadata": { | ||
"name": "example" | ||
}, | ||
"spec": {} | ||
} | ||
] | ||
capabilities: Basic Install | ||
categories: Cloud Provider | ||
certified: "false" | ||
containerImage: public.ecr.aws/aws-controllers-k8s/kms-controller:v0.1.3 | ||
createdAt: "2022-11-11 16:59:44" | ||
description: AWS KMS controller is a service controller for managing KMS resources | ||
in Kubernetes | ||
operatorframework.io/suggested-namespace: ack-system | ||
operators.operatorframework.io/builder: operator-sdk-v1.19.0+git | ||
operators.operatorframework.io/project_layout: unknown | ||
repository: https://github.com/aws-controllers-k8s | ||
support: Community | ||
name: ack-kms-controller.v0.1.3 | ||
namespace: placeholder | ||
spec: | ||
apiservicedefinitions: {} | ||
customresourcedefinitions: | ||
owned: | ||
- description: Alias represents the state of an AWS kms Alias resource. | ||
displayName: Alias | ||
kind: Alias | ||
name: aliases.kms.services.k8s.aws | ||
version: v1alpha1 | ||
- description: Grant represents the state of an AWS kms Grant resource. | ||
displayName: Grant | ||
kind: Grant | ||
name: grants.kms.services.k8s.aws | ||
version: v1alpha1 | ||
- description: Key represents the state of an AWS kms Key resource. | ||
displayName: Key | ||
kind: Key | ||
name: keys.kms.services.k8s.aws | ||
version: v1alpha1 | ||
description: |- | ||
Manage Key Management Service (KMS) resources in AWS from within your Kubernetes cluster. | ||
**About Amazon KMS** | ||
AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the cryptographic keys that are used to protect your data. AWS KMS uses hardware security modules (HSM) to protect and validate your AWS KMS keys under the [FIPS 140-2 Cryptographic Module Validation Program](https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/3139), except in the China (Beijing) and China (Ningxia) Regions. | ||
**About the AWS Controllers for Kubernetes** | ||
This controller is a component of the [AWS Controller for Kubernetes](https://github.com/aws/aws-controllers-k8s) project. | ||
**Pre-Installation Steps** | ||
Please follow the following link: [Red Hat OpenShift](https://aws-controllers-k8s.github.io/community/docs/user-docs/openshift/) | ||
displayName: AWS Controllers for Kubernetes - Amazon KMS | ||
icon: | ||
- base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDE5LjAuMSwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IiB2aWV3Qm94PSIwIDAgMzA0IDE4MiIgc3R5bGU9ImVuYWJsZS1iYWNrZ3JvdW5kOm5ldyAwIDAgMzA0IDE4MjsiIHhtbDpzcGFjZT0icHJlc2VydmUiPgo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgoJLnN0MHtmaWxsOiMyNTJGM0U7fQoJLnN0MXtmaWxsLXJ1bGU6ZXZlbm9kZDtjbGlwLXJ1bGU6ZXZlbm9kZDtmaWxsOiNGRjk5MDA7fQo8L3N0eWxlPgo8Zz4KCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04Ni40LDY2LjRjMCwzLjcsMC40LDYuNywxLjEsOC45YzAuOCwyLjIsMS44LDQuNiwzLjIsNy4yYzAuNSwwLjgsMC43LDEuNiwwLjcsMi4zYzAsMS0wLjYsMi0xLjksM2wtNi4zLDQuMiAgIGMtMC45LDAuNi0xLjgsMC45LTIuNiwwLjljLTEsMC0yLTAuNS0zLTEuNEM3Ni4yLDkwLDc1LDg4LjQsNzQsODYuOGMtMS0xLjctMi0zLjYtMy4xLTUuOWMtNy44LDkuMi0xNy42LDEzLjgtMjkuNCwxMy44ICAgYy04LjQsMC0xNS4xLTIuNC0yMC03LjJjLTQuOS00LjgtNy40LTExLjItNy40LTE5LjJjMC04LjUsMy0xNS40LDkuMS0yMC42YzYuMS01LjIsMTQuMi03LjgsMjQuNS03LjhjMy40LDAsNi45LDAuMywxMC42LDAuOCAgIGMzLjcsMC41LDcuNSwxLjMsMTEuNSwyLjJ2LTcuM2MwLTcuNi0xLjYtMTIuOS00LjctMTZjLTMuMi0zLjEtOC42LTQuNi0xNi4zLTQuNmMtMy41LDAtNy4xLDAuNC0xMC44LDEuM2MtMy43LDAuOS03LjMsMi0xMC44LDMuNCAgIGMtMS42LDAuNy0yLjgsMS4xLTMuNSwxLjNjLTAuNywwLjItMS4yLDAuMy0xLjYsMC4zYy0xLjQsMC0yLjEtMS0yLjEtMy4xdi00LjljMC0xLjYsMC4yLTIuOCwwLjctMy41YzAuNS0wLjcsMS40LTEuNCwyLjgtMi4xICAgYzMuNS0xLjgsNy43LTMuMywxMi42LTQuNWM0LjktMS4zLDEwLjEtMS45LDE1LjYtMS45YzExLjksMCwyMC42LDIuNywyNi4yLDguMWM1LjUsNS40LDguMywxMy42LDguMywyNC42VjY2LjR6IE00NS44LDgxLjYgICBjMy4zLDAsNi43LTAuNiwxMC4zLTEuOGMzLjYtMS4yLDYuOC0zLjQsOS41LTYuNGMxLjYtMS45LDIuOC00LDMuNC02LjRjMC42LTIuNCwxLTUuMywxLTguN3YtNC4yYy0yLjktMC43LTYtMS4zLTkuMi0xLjcgICBjLTMuMi0wLjQtNi4zLTAuNi05LjQtMC42Yy02LjcsMC0xMS42LDEuMy0xNC45LDRjLTMuMywyLjctNC45LDYuNS00LjksMTEuNWMwLDQuNywxLjIsOC4yLDMuNywxMC42ICAgQzM3LjcsODAuNCw0MS4yLDgxLjYsNDUuOCw4MS42eiBNMTI2LjEsOTIuNGMtMS44LDAtMy0wLjMtMy44LTFjLTAuOC0wLjYtMS41LTItMi4xLTMuOUw5Ni43LDEwLjJjLTAuNi0yLTAuOS0zLjMtMC45LTQgICBjMC0xLjYsMC44LTIuNSwyLjQtMi41aDkuOGMxLjksMCwzLjIsMC4zLDMuOSwxYzAuOCwwLjYsMS40LDIsMiwzLjlsMTYuOCw2Ni4ybDE1LjYtNjYuMmMwLjUtMiwxLjEtMy4zLDEuOS0zLjljMC44LTAuNiwyLjItMSw0LTEgICBoOGMxLjksMCwzLjIsMC4zLDQsMWMwLjgsMC42LDEuNSwyLDEuOSwzLjlsMTUuOCw2N2wxNy4zLTY3YzAuNi0yLDEuMy0zLjMsMi0zLjljMC44LTAuNiwyLjEtMSwzLjktMWg5LjNjMS42LDAsMi41LDAuOCwyLjUsMi41ICAgYzAsMC41LTAuMSwxLTAuMiwxLjZjLTAuMSwwLjYtMC4zLDEuNC0wLjcsMi41bC0yNC4xLDc3LjNjLTAuNiwyLTEuMywzLjMtMi4xLDMuOWMtMC44LDAuNi0yLjEsMS0zLjgsMWgtOC42Yy0xLjksMC0zLjItMC4zLTQtMSAgIGMtMC44LTAuNy0xLjUtMi0xLjktNEwxNTYsMjNsLTE1LjQsNjQuNGMtMC41LDItMS4xLDMuMy0xLjksNGMtMC44LDAuNy0yLjIsMS00LDFIMTI2LjF6IE0yNTQuNiw5NS4xYy01LjIsMC0xMC40LTAuNi0xNS40LTEuOCAgIGMtNS0xLjItOC45LTIuNS0xMS41LTRjLTEuNi0wLjktMi43LTEuOS0zLjEtMi44Yy0wLjQtMC45LTAuNi0xLjktMC42LTIuOHYtNS4xYzAtMi4xLDAuOC0zLjEsMi4zLTMuMWMwLjYsMCwxLjIsMC4xLDEuOCwwLjMgICBjMC42LDAuMiwxLjUsMC42LDIuNSwxYzMuNCwxLjUsNy4xLDIuNywxMSwzLjVjNCwwLjgsNy45LDEuMiwxMS45LDEuMmM2LjMsMCwxMS4yLTEuMSwxNC42LTMuM2MzLjQtMi4yLDUuMi01LjQsNS4yLTkuNSAgIGMwLTIuOC0wLjktNS4xLTIuNy03Yy0xLjgtMS45LTUuMi0zLjYtMTAuMS01LjJMMjQ2LDUyYy03LjMtMi4zLTEyLjctNS43LTE2LTEwLjJjLTMuMy00LjQtNS05LjMtNS0xNC41YzAtNC4yLDAuOS03LjksMi43LTExLjEgICBjMS44LTMuMiw0LjItNiw3LjItOC4yYzMtMi4zLDYuNC00LDEwLjQtNS4yYzQtMS4yLDguMi0xLjcsMTIuNi0xLjdjMi4yLDAsNC41LDAuMSw2LjcsMC40YzIuMywwLjMsNC40LDAuNyw2LjUsMS4xICAgYzIsMC41LDMuOSwxLDUuNywxLjZjMS44LDAuNiwzLjIsMS4yLDQuMiwxLjhjMS40LDAuOCwyLjQsMS42LDMsMi41YzAuNiwwLjgsMC45LDEuOSwwLjksMy4zdjQuN2MwLDIuMS0wLjgsMy4yLTIuMywzLjIgICBjLTAuOCwwLTIuMS0wLjQtMy44LTEuMmMtNS43LTIuNi0xMi4xLTMuOS0xOS4yLTMuOWMtNS43LDAtMTAuMiwwLjktMTMuMywyLjhjLTMuMSwxLjktNC43LDQuOC00LjcsOC45YzAsMi44LDEsNS4yLDMsNy4xICAgYzIsMS45LDUuNywzLjgsMTEsNS41bDE0LjIsNC41YzcuMiwyLjMsMTIuNCw1LjUsMTUuNSw5LjZjMy4xLDQuMSw0LjYsOC44LDQuNiwxNGMwLDQuMy0wLjksOC4yLTIuNiwxMS42ICAgYy0xLjgsMy40LTQuMiw2LjQtNy4zLDguOGMtMy4xLDIuNS02LjgsNC4zLTExLjEsNS42QzI2NC40LDk0LjQsMjU5LjcsOTUuMSwyNTQuNiw5NS4xeiIvPgoJPGc+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI3My41LDE0My43Yy0zMi45LDI0LjMtODAuNywzNy4yLTEyMS44LDM3LjJjLTU3LjYsMC0xMDkuNS0yMS4zLTE0OC43LTU2LjdjLTMuMS0yLjgtMC4zLTYuNiwzLjQtNC40ICAgIGM0Mi40LDI0LjYsOTQuNywzOS41LDE0OC44LDM5LjVjMzYuNSwwLDc2LjYtNy42LDExMy41LTIzLjJDMjc0LjIsMTMzLjYsMjc4LjksMTM5LjcsMjczLjUsMTQzLjd6Ii8+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI4Ny4yLDEyOC4xYy00LjItNS40LTI3LjgtMi42LTM4LjUtMS4zYy0zLjIsMC40LTMuNy0yLjQtMC44LTQuNWMxOC44LTEzLjIsNDkuNy05LjQsNTMuMy01ICAgIGMzLjYsNC41LTEsMzUuNC0xOC42LDUwLjJjLTIuNywyLjMtNS4zLDEuMS00LjEtMS45QzI4Mi41LDE1NS43LDI5MS40LDEzMy40LDI4Ny4yLDEyOC4xeiIvPgoJPC9nPgo8L2c+Cjwvc3ZnPg== | ||
mediatype: image/svg+xml | ||
install: | ||
spec: | ||
clusterPermissions: | ||
- rules: | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- configmaps | ||
verbs: | ||
- get | ||
- list | ||
- patch | ||
- watch | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- namespaces | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- secrets | ||
verbs: | ||
- get | ||
- list | ||
- patch | ||
- watch | ||
- apiGroups: | ||
- kms.services.k8s.aws | ||
resources: | ||
- aliases | ||
verbs: | ||
- create | ||
- delete | ||
- get | ||
- list | ||
- patch | ||
- update | ||
- watch | ||
- apiGroups: | ||
- kms.services.k8s.aws | ||
resources: | ||
- aliases/status | ||
verbs: | ||
- get | ||
- patch | ||
- update | ||
- apiGroups: | ||
- kms.services.k8s.aws | ||
resources: | ||
- grants | ||
verbs: | ||
- create | ||
- delete | ||
- get | ||
- list | ||
- patch | ||
- update | ||
- watch | ||
- apiGroups: | ||
- kms.services.k8s.aws | ||
resources: | ||
- grants/status | ||
verbs: | ||
- get | ||
- patch | ||
- update | ||
- apiGroups: | ||
- kms.services.k8s.aws | ||
resources: | ||
- keys | ||
verbs: | ||
- create | ||
- delete | ||
- get | ||
- list | ||
- patch | ||
- update | ||
- watch | ||
- apiGroups: | ||
- kms.services.k8s.aws | ||
resources: | ||
- keys/status | ||
verbs: | ||
- get | ||
- patch | ||
- update | ||
- apiGroups: | ||
- services.k8s.aws | ||
resources: | ||
- adoptedresources | ||
verbs: | ||
- create | ||
- delete | ||
- get | ||
- list | ||
- patch | ||
- update | ||
- watch | ||
- apiGroups: | ||
- services.k8s.aws | ||
resources: | ||
- adoptedresources/status | ||
verbs: | ||
- get | ||
- patch | ||
- update | ||
- apiGroups: | ||
- services.k8s.aws | ||
resources: | ||
- fieldexports | ||
verbs: | ||
- create | ||
- delete | ||
- get | ||
- list | ||
- patch | ||
- update | ||
- watch | ||
- apiGroups: | ||
- services.k8s.aws | ||
resources: | ||
- fieldexports/status | ||
verbs: | ||
- get | ||
- patch | ||
- update | ||
serviceAccountName: ack-kms-controller | ||
deployments: | ||
- label: | ||
control-plane: controller | ||
name: ack-kms-controller | ||
spec: | ||
replicas: 1 | ||
selector: | ||
matchLabels: | ||
control-plane: controller | ||
strategy: {} | ||
template: | ||
metadata: | ||
labels: | ||
control-plane: controller | ||
spec: | ||
containers: | ||
- args: | ||
- --aws-region | ||
- $(AWS_REGION) | ||
- --aws-endpoint-url | ||
- $(AWS_ENDPOINT_URL) | ||
- --enable-development-logging | ||
- $(ACK_ENABLE_DEVELOPMENT_LOGGING) | ||
- --log-level | ||
- $(ACK_LOG_LEVEL) | ||
- --resource-tags | ||
- $(ACK_RESOURCE_TAGS) | ||
- --watch-namespace | ||
- $(ACK_WATCH_NAMESPACE) | ||
command: | ||
- ./bin/controller | ||
env: | ||
- name: ACK_SYSTEM_NAMESPACE | ||
valueFrom: | ||
fieldRef: | ||
fieldPath: metadata.namespace | ||
envFrom: | ||
- configMapRef: | ||
name: ack-kms-user-config | ||
optional: false | ||
- secretRef: | ||
name: ack-kms-user-secrets | ||
optional: true | ||
image: public.ecr.aws/aws-controllers-k8s/kms-controller:v0.1.3 | ||
name: controller | ||
ports: | ||
- containerPort: 8080 | ||
name: http | ||
resources: | ||
limits: | ||
cpu: 100m | ||
memory: 300Mi | ||
requests: | ||
cpu: 100m | ||
memory: 200Mi | ||
securityContext: | ||
allowPrivilegeEscalation: false | ||
capabilities: | ||
drop: | ||
- ALL | ||
privileged: false | ||
runAsNonRoot: true | ||
serviceAccountName: ack-kms-controller | ||
terminationGracePeriodSeconds: 10 | ||
strategy: deployment | ||
installModes: | ||
- supported: true | ||
type: AllNamespaces | ||
keywords: | ||
- kms | ||
- aws | ||
- amazon | ||
- ack | ||
links: | ||
- name: AWS Controllers for Kubernetes | ||
url: https://github.com/aws-controllers-k8s/community | ||
- name: Documentation | ||
url: https://aws-controllers-k8s.github.io/community/ | ||
- name: Amazon KMS Developer Resources | ||
url: https://aws.amazon.com/kms/resources/ | ||
maintainers: | ||
- email: ack-maintainers@amazon.com | ||
name: kms maintainer team | ||
maturity: alpha | ||
provider: | ||
name: Amazon, Inc. | ||
url: https://aws.amazon.com | ||
version: 0.1.3 |
16 changes: 16 additions & 0 deletions
16
operators/ack-kms-controller/0.1.3/manifests/ack-kms-metrics-service_v1_service.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
creationTimestamp: null | ||
name: ack-kms-metrics-service | ||
spec: | ||
ports: | ||
- name: metricsport | ||
port: 8080 | ||
protocol: TCP | ||
targetPort: http | ||
selector: | ||
control-plane: controller | ||
type: NodePort | ||
status: | ||
loadBalancer: {} |
16 changes: 16 additions & 0 deletions
16
.../ack-kms-controller/0.1.3/manifests/ack-kms-reader_rbac.authorization.k8s.io_v1_role.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: Role | ||
metadata: | ||
creationTimestamp: null | ||
name: ack-kms-reader | ||
rules: | ||
- apiGroups: | ||
- kms.services.k8s.aws | ||
resources: | ||
- aliases | ||
- grants | ||
- keys | ||
verbs: | ||
- get | ||
- list | ||
- watch |
30 changes: 30 additions & 0 deletions
30
.../ack-kms-controller/0.1.3/manifests/ack-kms-writer_rbac.authorization.k8s.io_v1_role.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: Role | ||
metadata: | ||
creationTimestamp: null | ||
name: ack-kms-writer | ||
rules: | ||
- apiGroups: | ||
- kms.services.k8s.aws | ||
resources: | ||
- aliases | ||
- grants | ||
- keys | ||
verbs: | ||
- create | ||
- delete | ||
- get | ||
- list | ||
- patch | ||
- update | ||
- watch | ||
- apiGroups: | ||
- kms.services.k8s.aws | ||
resources: | ||
- aliases | ||
- grants | ||
- keys | ||
verbs: | ||
- get | ||
- patch | ||
- update |
Oops, something went wrong.