Commit 6626a9c8 authored by Edmund Ochieng's avatar Edmund Ochieng

generate manifests for manual deployment

parent 8ddae37c
......@@ -119,3 +119,10 @@ bundle: manifests
.PHONY: bundle-build
bundle-build:
podman build -f bundle.Dockerfile -t $(BUNDLE_IMG) .
deployment-files: bundle
cp -av bundle/manifests/apps.gitlab.com_*.yaml config/deploy
cp -av bundle/manifests/*_serviceaccount.yaml config/deploy
cp -av bundle/manifests/*_clusterrole.yaml config/deploy
cp -av bundle/manifests/*_clusterrolebinding.yaml config/deploy
for rb in `ls config/deploy/*_clusterrolebinding.yaml`; do echo " namespace: gitlab-operator" >> $$rb; done
\ No newline at end of file
......@@ -22,14 +22,10 @@ spec:
description: GLBackup is the Schema for the glbackups API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
......@@ -37,24 +33,22 @@ spec:
description: GLBackupSpec defines the desired state of GLBackup
properties:
instance:
description: Instance represents the GitLab instance to backup
description: Name of GitLab instance to backup
type: string
restore:
description: 'Restore when set to true the backup defined by ID: will
be restored to the gitlab instance'
description: Restore when set to true the backup defined by
type: boolean
schedule:
description: Schedule defines the time and day to run backup It takes
cron time format
description: Backup schedule in cron format. Leave blank for one time on-demand backup
type: string
skip:
description: Exclusions allows user to exclude components to backup
description: Comma separated list of components to omit from backup
type: string
timestamp:
description: Timestamp defines the prefix of the backup job
description: Prefix for the backup job Can be used when restoring backup
type: string
url:
description: URL defines the address of the backup job
description: The URL of the backup resource to be restored
type: string
required:
- instance
......@@ -63,10 +57,10 @@ spec:
description: GLBackupStatus defines the observed state of GLBackup
properties:
completedAt:
description: Completed returns time backup terminated or completed
description: Displays time the backup completed
type: string
phase:
description: BackupState informs of current backup state
description: Reports status of backup task
enum:
- Running
- Completed
......@@ -74,7 +68,7 @@ spec:
- Failed
type: string
startedAt:
description: StartedAt returns time when backup was initiated
description: Displays time the backup started
type: string
type: object
type: object
......
......@@ -20,14 +20,10 @@ spec:
description: Runner is the Schema for the runners API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
......@@ -57,30 +53,30 @@ spec:
type: string
type: object
gitlab:
description: GitlabResource represents a Gitlab custom resource. Should
only be used to reference Gitlab instance created by the operator
description: GitlabResource represents a Gitlab custom resource. Should only be used to reference Gitlab instance created by the operator
properties:
name:
description: Name of gitlab resource in kubernetes / openshift
description: Name of GitLab instance created by the operator
type: string
url:
description: Gitlab or Continuous Integration URL
description: URL of GitLab instance
type: string
type: object
tags:
description: Tags passes the runner tags
description: List of comma separated tags to be applied to the runner
type: string
token:
description: RegistrationToken is name of secret with the runner-registration-token
key used to register the runner
description: Name of secret containing the runner-registration-token key used to register the runner
type: string
type: object
status:
description: RunnerStatus defines the observed state of Runner
properties:
phase:
description: Reports status of the GitLab Runner instance
type: string
registration:
description: Reports status of GitLab Runner registration
type: string
type: object
type: object
......
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: gitlab-app-role
rules:
- apiGroups:
- security.openshift.io
resourceNames:
- anyuid
resources:
- securitycontextconstraints
verbs:
- use
apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: null
name: gitlab
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: gitlab
rules:
- apiGroups:
- security.openshift.io
resources:
- securitycontextconstraints
resourceNames:
- anyuid
verbs:
- use
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: gitlab
creationTimestamp: null
name: gitlab-app-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: gitlab-app-role
subjects:
- kind: ServiceAccount
name: gitlab
name: gitlab-app
namespace: gitlab-operator
roleRef:
kind: ClusterRole
name: gitlab
apiGroup: rbac.authorization.k8s.io
apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: null
name: gitlab-app
apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: null
name: gitlab-backup
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: gitlab-backup
name: gitlab-backup-role
rules:
- apiGroups:
- ""
......@@ -45,16 +39,3 @@ rules:
- delete
- watch
- list
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: gitlab-backup
subjects:
- kind: ServiceAccount
name: gitlab-backup
namespace: gitlab-operator
roleRef:
kind: ClusterRole
name: gitlab-backup
apiGroup: rbac.authorization.k8s.io
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
creationTimestamp: null
name: gitlab-backup-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: gitlab-backup-role
subjects:
- kind: ServiceAccount
name: gitlab-backup
namespace: gitlab-operator
apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: null
name: gitlab-backup
apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: null
name: gitlab-operator
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: gitlab-operator
subjects:
- kind: ServiceAccount
name: gitlab-operator
namespace: gitlab-operator
roleRef:
kind: ClusterRole
name: gitlab-operator
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: gitlab-operator
name: gitlab-manager-role
rules:
- apiGroups:
- ""
- apps
resources:
- pods
- pods/log
- services
- services/finalizers
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- deployments
verbs:
- create
- delete
......@@ -46,9 +19,6 @@ rules:
- apiGroups:
- apps
resources:
- deployments
- daemonsets
- replicasets
- statefulsets
verbs:
- create
......@@ -59,32 +29,49 @@ rules:
- update
- watch
- apiGroups:
- apps
resourceNames:
- gitlab-operator
- apps.gitlab.com
resources:
- deployments/finalizers
- gitlabs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
- apps.gitlab.com
resources:
- pods
- gitlabs/status
verbs:
- get
- patch
- update
- apiGroups:
- apps
- apps.gitlab.com
resources:
- replicasets
- deployments
- glbackups
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps.gitlab.com
resources:
- glbackups/status
verbs:
- get
- patch
- update
- apiGroups:
- apps.gitlab.com
resources:
- '*'
- runners
- backups
verbs:
- create
- delete
......@@ -94,92 +81,166 @@ rules:
- update
- watch
- apiGroups:
- extensions
- apps.gitlab.com
resources:
- ingresses
- runners/status
verbs:
- create
- list
- get
- watch
- delete
- patch
- update
- apiGroups:
- route.openshift.io
- autoscaling
resources:
- routes
- routes/custom-host
- horizontalpodautoscalers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- delete
- apiGroups:
- monitoring.coreos.com
- batch
resources:
- servicemonitors
- prometheuses
- jobs
verbs:
- list
- create
- delete
- get
- list
- patch
- update
- watch
- delete
- apiGroups:
- batch
- ""
resources:
- jobs
- configmaps
verbs:
- create
- list
- get
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- batch
- ""
resources:
- jobs
- cronjobs
verbs:
- create
- delete
- get
- list
- patch
- update
- delete
- watch
- list
- apiGroups:
- miniocontroller.min.io
- ""
resources:
- minioinstances
- namespaces
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- create
- delete
- update
- get
- list
- patch
- update
- watch
- apiGroups:
- cert-manager.io
- ""
resources:
- issuers
- certificates
- secrets
verbs:
- create
- delete
- get
- list
- delete
- watch
- patch
- update
- watch
- apiGroups:
- k8s.nginx.org
- ""
resources:
- nginxingresscontrollers
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- prometheuses
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- ""
resources:
- events
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
creationTimestamp: null
name: gitlab-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: gitlab-manager-role
subjects:
- kind: ServiceAccount
name: gitlab-manager
namespace: gitlab-operator
apiVersion: v1
kind: ServiceAccount
metadata: