feat(olm): add OLM manifest for 0.4.0

deploy/olm-catalog/hawtio-operator/0.4.0/crd-hawtio.yaml

@@ -0,0 +1,36 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: hawtios.hawt.io
+spec:
+  group: hawt.io
+  names:
+    kind: Hawtio
+    listKind: HawtioList
+    plural: hawtios
+    singular: hawtio
+  scope: Namespaced
+  version: v1alpha1
+  subresources:
+    status: {}
+    scale:
+      specReplicasPath: .spec.replicas
+      statusReplicasPath: .status.replicas
+      labelSelectorPath: .status.labelSelector
+  additionalPrinterColumns:
+    - name: Age
+      description: Creation date
+      type: date
+      JSONPath: .metadata.creationTimestamp
+    - name: URL
+      description: Hawtio console URL
+      type: string
+      JSONPath: .status.URL
+    - name: Image
+      description: Hawtio console image
+      type: string
+      JSONPath: .status.image
+    - name: Phase
+      description: Hawtio console phase
+      type: string
+      JSONPath: .status.phase

deploy/olm-catalog/hawtio-operator/0.4.0/hawtio-operator.v0.4.0.clusterserviceversion.yaml

@@ -0,0 +1,264 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: ClusterServiceVersion
+metadata:
+  name: hawtio-operator.v0.4.0
+  annotations:
+    capabilities: Seamless Upgrades
+    categories: Monitoring
+    certified: "false"
+    description: Hawtio eases the discovery and management of Java applications deployed on OpenShift.
+    containerImage: docker.io/hawtio/operator:0.4.0
+    repository: https://github.com/hawtio/hawtio-operator
+    createdAt: "2021-09-03T14:52:00Z"
+    support: Red Hat
+    alm-examples: |-
+      [{
+        "apiVersion": "hawt.io/v1alpha1",
+        "kind": "Hawtio",
+        "metadata": {
+          "name": "hawtio-online"
+        },
+        "spec": {
+          "replicas": 1,
+          "version": "1.12.0"
+        }
+      }]
+  namespace: placeholder
+spec:
+  displayName: Hawtio Operator
+  maintainers:
+  - email: [email protected]
+    name: The Hawtio team
+  provider:
+    name: Red Hat
+  maturity: alpha
+  version: 0.4.0
+  replaces: hawtio-operator.v0.3.0
+  description: |
+    Hawtio
+    ==============
+
+    The Hawtio console eases the discovery and management of Java applications deployed on OpenShift.
+
+    To secure the communication between the Hawtio console and the Jolokia agents, a client certificate must be generated and mounted into the Hawtio console pod with a secret, to be used for TLS client authentication. This client certificate must be signed using the [service signing certificate](https://docs.openshift.com/container-platform/4.2/authentication/certificates/service-serving-certificate.html) authority private key.
+
+    Here are the steps to be performed prior to the deployment:
+
+    1. First, retrieve the service signing certificate authority keys, by executing the following commmands as a _cluster-admin_ user:
+        ```sh
+        # The CA certificate
+        $ oc get secrets/signing-key -n openshift-service-ca -o "jsonpath={.data['tls\.crt']}" | base64 --decode > ca.crt
+        # The CA private key
+        $ oc get secrets/signing-key -n openshift-service-ca -o "jsonpath={.data['tls\.key']}" | base64 --decode > ca.key
+        ```
+
+    2. Then, generate the client certificate, as documented in [Kubernetes certificates administration](https://kubernetes.io/docs/concepts/cluster-administration/certificates/), using either `easyrsa`, `openssl`, or `cfssl`, e.g., using `openssl`:
+        ```sh
+        # Generate the private key
+        $ openssl genrsa -out server.key 2048
+        # Write the CSR config file
+        $ cat <<EOT >> csr.conf
+        [ req ]
+        default_bits = 2048
+        prompt = no
+        default_md = sha256
+        distinguished_name = dn
+
+        [ dn ]
+        CN = hawtio-online.hawtio.svc
+
+        [ v3_ext ]
+        authorityKeyIdentifier=keyid,issuer:always
+        keyUsage=keyEncipherment,dataEncipherment,digitalSignature
+        extendedKeyUsage=serverAuth,clientAuth
+        EOT
+        # Generate the CSR
+        $ openssl req -new -key server.key -out server.csr -config csr.conf
+        # Issue the signed certificate
+        $ openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 10000 -extensions v3_ext -extfile csr.conf
+        ```
+
+    3. Finally, you can create the secret to be mounted in the Hawtio console pod, from the generated certificate:
+       ```sh
+       $ oc create secret tls hawtio-online-tls-proxying --cert server.crt --key server.key
+       ```
+
+    Note that `CN=hawtio-online.hawtio.svc` must be trusted by the Jolokia agents, for which client certification authentication is enabled. See the `clientPrincipal` parameter from the [Jolokia agent configuration options](https://jolokia.org/reference/html/agents.html#agent-jvm-config).
+  keywords:
+  - Hawtio
+  - Java
+  - Management
+  - Console
+  links:
+    - name: Hawtio Web site
+      url: https://hawt.io
+  icon:
+  - base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDE2LjAuNCwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8IURPQ1RZUEUgc3ZnIFBVQkxJQyAiLS8vVzNDLy9EVEQgU1ZHIDEuMS8vRU4iICJodHRwOi8vd3d3LnczLm9yZy9HcmFwaGljcy9TVkcvMS4xL0RURC9zdmcxMS5kdGQiPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IgogICAgIHdpZHRoPSI2MDBweCIgaGVpZ2h0PSIxOTkuNDlweCIgdmlld0JveD0iMCAwIDYwMCAxOTkuNDkiIGVuYWJsZS1iYWNrZ3JvdW5kPSJuZXcgMCAwIDYwMCAxOTkuNDkiIHhtbDpzcGFjZT0icHJlc2VydmUiPgo8Zz4KCTxnPgoJCTxwYXRoIGZpbGw9IiNDMEMwQzAiIGQ9Ik0xODMuMzA0LDc1LjUwMWMtMTIuOTQ5LDAtMjAsNS4zOTgtMjcuMDE5LDEwLjQ2OVYzNi42NjloLTIyLjI5OXY5NS40N2wyMi4zODMsMjIuMzh2LTUzLjY4MwoJCQljNi41OTMtNS4wMzQsMTEuNTExLTcuMzYxLDIwLjUxNy03LjM2MWM1LjY3MywwLDkuMzc1LDMuMDQ1LDkuMzc1LDExLjQ4NXY1Ni44NjJoMjIuMzgydi01Ni41MQoJCQlDMjA4LjY0Myw4OS4xMzUsMjAzLjA2LDc1LjUwMSwxODMuMzA0LDc1LjUwMXoiLz4KICAgICAgICA8cGF0aCBmaWxsPSIjQzBDMEMwIiBkPSJNMjE1LjQyMiwxMzIuMTkyYzAtMTIuMzUsNi42NzYtMjMuMjc5LDI0Ljg3My0yMy4yNzljMCwwLDI0LjkyOSwwLjE1NiwyNC45MjksMGMwLDAsMC4xNjUtNS4yODIsMC01LjQ0MQoJCQljMC05LjA0OC00LjIyOS0xMC40NjktMTEuMzQ3LTEwLjQ2OWMtNy4zNzgsMC0yOC42NjgsMS4zMjQtMzUuNjQ4LDEuODI3VjgxLjAxN2MxMS4xNzktNC4zNDIsMjIuODUyLTUuNjA2LDM4LjY4LTUuNjc5CgkJCWMxOC4yOC0wLjA3NSwzMC43MDIsNi4yNDEsMzAuNzAyLDI3LjI1NXY1OS4yM2gtMTcuNjcybC00LjcxNC05LjM1Yy0wLjkzMSwxLjg0LTEyLjg0MywxMC41NzItMjUuODExLDEwLjMwOAoJCQljLTE2LjMzNC0wLjQzNy0yMy45OTEtMTEuNTYtMjMuOTkxLTIyLjU5OVYxMzIuMTkyeiBNMjQ1Ljc0MiwxNDQuNzk1YzkuMzYyLDAsMTkuNDgyLTYuNTY4LDE5LjQ4Mi02LjU2OFYxMjIuNjdsLTIwLjUzMiwxLjU4MgoJCQljLTUuOTEsMC41NTMtNi44ODQsNC45MjMtNi44ODQsOC42MzV2NC4xMjVDMjM3LjgwOCwxNDQuMDcsMjQxLjYyNSwxNDQuNzk1LDI0NS43NDIsMTQ0Ljc5NXoiLz4KICAgICAgICA8cGF0aCBmaWxsPSIjQzBDMEMwIiBkPSJNMzExLjk0Miw3Ni45MzdsMTcuMDA4LDU4LjY2N2wxNS4yMDctNTguNjY3aDIyLjI4bC01LjkwNywyMi44NjdsMTQuMDYyLDM1LjhsMTYuNzQ2LTU4LjY2N2gyNC4wMjkKCQkJbC0yNy40MzMsODQuODg2aC0yNS4wMjVsLTEyLjcwMy0zMC43NTJsLTkuNjAyLDMwLjc1MkgzMTUuMTVsLTI3LjE0OS04NC44ODZIMzExLjk0MnoiLz4KICAgICAgICA8cGF0aCBmaWxsPSIjQzBDMEMwIiBkPSJNNDIwLjA2Miw4MS40MTJsMTMuNzA5LTQuNjM0bDMuNzU4LTIzLjY2MmgxOC42MjV2MjMuNjYyaDE4Ljk3N3YxNy4xMDRoLTE4Ljk3N3YzNC4wNDkKCQkJYzAsMTIuNTAzLDIuODgyLDE1LjE3Myw3LjI2NywxNi44MDFjMCwwLDkuNTkyLDMuMzU3LDEwLjcwMywzLjM1N3YxMy43NDloLTE5LjUxM2MtMTIuNTY3LDAtMjAuODQtNy44NDktMjAuODQtMzAuMzg5VjkzLjg4MgoJCQloLTEzLjcwOVY4MS40MTJ6Ii8+CiAgICAgICAgPHBhdGggZmlsbD0iI0MwQzBDMCIgZD0iTTQ4NC42MjMsNTAuMTYyYzAtMi4zOTgsMS4yNzctNCwzLjgzOS00aDE2Ljc4NmMyLjM5NSwwLDMuNTg0LDEuNzY1LDMuNTg0LDR2MTQuMTcxCgkJCWMwLDIuMzk0LTEuMzQ5LDMuNjc4LTMuNTg0LDMuNjc4aC0xNi43ODZjLTIuMjM5LDAtMy44MzktMS40MzYtMy44MzktMy42NzhWNTAuMTYyeiBNNDg1LjQzMSw3Ni45MzdoMjIuMzc2djg0Ljg4NmgtMjIuMzc2CgkJCVY3Ni45Mzd6Ii8+CiAgICAgICAgPHBhdGggZmlsbD0iI0MwQzBDMCIgZD0iTTU1OS42MzcsNzYuMTQyYzI5LjIzMywwLDM4LjcyOSwxMC43MDgsMzguNzI5LDQ0LjQzNWMwLDMxLjQ5Ni05LjA1NSw0Mi4wNDQtMzguNzI5LDQyLjA0NAoJCQljLTI5LjMxMywwLTM4LjcyNi0xMS42Ny0zOC43MjYtNDIuMDQ0QzUyMC45MTEsODUuODkzLDUzMC45NDgsNzYuMTQyLDU1OS42MzcsNzYuMTQyeiBNNTU5LjYzNywxNDQuNjM5CgkJCWMxMi42MTEsMCwxNi4zNS0xLjcxMSwxNi4zNS0yNC4wNjJjMC0yMy43NzItMy4wMS0yNi40NTMtMTYuMzUtMjYuNDUzYy0xMy4yNDMsMC0xNi4zNDIsMi42OTMtMTYuMzQyLDI2LjQ1MwoJCQlDNTQzLjI5NSwxNDIuNTQ0LDU0Ny43NDQsMTQ0LjYzOSw1NTkuNjM3LDE0NC42Mzl6Ii8+Cgk8L2c+CiAgICA8cGF0aCBmaWxsPSIjQzBDMEMwIiBkPSJNMjAuNTc1LDEzMi41MTRjMTEuNzM2LDExLjc0MSwyNy4zNSwxOC4yMTQsNDMuOTUzLDE4LjIxNGMxMS40MDksMCwyMi42MjUtMy4xODcsMzIuNDQxLTkuMjExbDIuMDc3LTEuMjcKCQlsMjEuOTIsMjEuOTI5aDM0LjMzOGwtMzkuMDk5LTM5LjFsMS4yNzQtMi4wNjdjMTUuMDkxLTI0LjU5MywxMS4zOS01Ni4wMDctOC45OTctNzYuMzkzCgkJQzk2Ljc0MiwzMi44NzYsODEuMTI5LDI2LjQwOSw2NC41MjgsMjYuNDA5Yy0xNi42MDQsMC0zMi4yMDYsNi40NjgtNDMuOTQ3LDE4LjIwN0M4LjgzOCw1Ni4zNTgsMi4zNjUsNzEuOTcsMi4zNjUsODguNTY5CgkJQzIuMzY1LDEwNS4xNjcsOC44MzIsMTIwLjc3NSwyMC41NzUsMTMyLjUxNHogTTM3Ljc0NSw2MS43ODVjNy4xNDgtNy4xNTYsMTYuNjYzLTExLjA5NSwyNi43ODMtMTEuMDk1CgkJYzEwLjExNywwLDE5LjYyOSwzLjkzOSwyNi43OCwxMS4wOTVjNy4xNTUsNy4xNTgsMTEuMDk1LDE2LjY2OCwxMS4wOTUsMjYuNzg1YzAsMTAuMTIxLTMuOTQsMTkuNjMtMTEuMDk4LDI2Ljc4MwoJCWMtNy4xNDYsNy4xNTMtMTYuNjYsMTEuMDkyLTI2Ljc3NywxMS4wOTJjLTEwLjEyLDAtMTkuNjM0LTMuOTM4LTI2Ljc4Ni0xMS4wOTJjLTcuMTU0LTcuMTYxLTExLjA5NS0xNi42NjctMTEuMDk1LTI2Ljc4MwoJCUMyNi42NDcsNzguNDUzLDMwLjU4OCw2OC45NDIsMzcuNzQ1LDYxLjc4NXoiLz4KICAgIDxnPgoJCTxwYXRoIGZpbGw9IiNFQzc5MjkiIGQ9Ik04MC4xOTcsOTIuOTI2djAuMDkzYzAuNDY5LDAuODU0LDAuNzMzLDEuODI0LDAuNzQ2LDIuODYyYzAsMy4yNjktMi42NTUsNS45MjItNS45MjUsNS45MjIKCQkJYy0zLjI3LDAtNS45MTgtMi42NTMtNS45MTgtNS45MjJjMC0xLjQ0MiwwLjUxNS0yLjc2NywxLjM3OC0zLjc5NmMwLDAsMTQuNDY0LTIwLjEzNy01Ljc4NS0zMy40OThjMCwwLDUuODc1LDE1Ljg2LTguMTI5LDIyLjUyNwoJCQljMCwwLTMuODY2LDIuNzI5LDAuNC02LjMzNWMwLDAtMTEuODksNi42ODMtMTEuODksMjIuODE0YzAsNy4yOTEsMy43NzYsMTMuNjkxLDkuNDc0LDE3LjM3NgoJCQljLTAuMTc3LTAuNjU4LTAuMjg5LTEuNDExLTAuMjg5LTIuMjk5YzAuMDA2LTYuNDY5LDUuODA0LTE0LjAzMSw3LjU4Ni0xNC4wMTljMCwwLDAuNDUsNy42NjQsMi41MDYsMTEuMjc3CgkJCWMxLjYyLDMuMDU4LDAuNjM2LDYuNDQ0LTEuNTEzLDguMTM4YzAuOTYyLDAuMTM5LDEuOTQ0LDAuMjM0LDIuOTQ3LDAuMjM0YzUuNDY4LDAsMTAuNDQ2LTIuMTIyLDE0LjE0Ny01LjU5MQoJCQljMCwwLTAuMDA2LTAuMDE4LTAuMDA2LTAuMDIzQzg2LjgzMywxMDMuNjA1LDgyLjgyOCw5Ni4yMjQsODAuMTk3LDkyLjkyNnoiLz4KCTwvZz4KPC9nPgo8L3N2Zz4=
+    mediatype: image/svg+xml
+  customresourcedefinitions:
+    owned:
+    - name: hawtios.hawt.io
+      displayName: Hawtio
+      description: A Hawtio Console
+      kind: Hawtio
+      version: v1alpha1
+      specDescriptors:
+        - description: The number of Hawtio pods to deploy
+          displayName: Replicas
+          path: replicas
+          x-descriptors:
+            - 'urn:alm:descriptor:com.tectonic.ui:fieldGroup:Deployment'
+            - 'urn:alm:descriptor:com.tectonic.ui:podCount'
+        - description: The version used for the Hawtio
+          displayName: Version
+          path: version
+          x-descriptors:
+            - 'urn:alm:descriptor:com.tectonic.ui:fieldGroup:Deployment'
+            - 'urn:alm:descriptor:com.tectonic.ui:text'
+  install:
+    spec:
+      deployments:
+      - name: hawtio-operator
+        spec:
+          replicas: 1
+          selector:
+            matchLabels:
+              name: hawtio-operator
+          strategy: {}
+          template:
+            metadata:
+              labels:
+                name: hawtio-operator
+            spec:
+              containers:
+              - command:
+                - hawtio-operator
+                env:
+                - name: WATCH_NAMESPACE
+                  valueFrom:
+                    fieldRef:
+                      fieldPath: metadata.annotations['olm.targetNamespaces']
+                - name: POD_NAME
+                  valueFrom:
+                    fieldRef:
+                      fieldPath: metadata.name
+                - name: OPERATOR_NAME
+                  value: hawtio-operator
+                image: docker.io/hawtio/operator:0.4.0
+                imagePullPolicy: Always
+                name: hawtio-operator
+                ports:
+                - containerPort: 60000
+                  name: metrics
+                resources: {}
+              serviceAccountName: hawtio-operator
+      permissions:
+      - rules:
+        - apiGroups:
+          - ""
+          resources:
+          - secrets
+          - pods
+          verbs:
+          - get
+          - list
+          - watch
+        - apiGroups:
+          - ""
+          resources:
+          - configmaps
+          - serviceaccounts
+          - services
+          verbs:
+          - create
+          - delete
+          - deletecollection
+          - get
+          - list
+          - patch
+          - update
+          - watch
+        - apiGroups:
+          - apps
+          resources:
+          - deployments
+          verbs:
+          - create
+          - delete
+          - deletecollection
+          - get
+          - list
+          - patch
+          - update
+          - watch
+        - apiGroups:
+          - route.openshift.io
+          resources:
+          - routes
+          verbs:
+          - '*'
+        - apiGroups:
+          - route.openshift.io
+          resources:
+          - routes/custom-host
+          verbs:
+          - create
+        - apiGroups:
+          - template.openshift.io
+          resources:
+          - processedtemplates
+          verbs:
+          - '*'
+        - apiGroups:
+          - hawt.io
+          resources:
+          - '*'
+          verbs:
+          - '*'
+        serviceAccountName: hawtio-operator
+      clusterPermissions:
+      - rules:
+        - apiGroups:
+          - oauth.openshift.io
+          resources:
+          - oauthclients
+          verbs:
+          - '*'
+        - apiGroups:
+          - config.openshift.io
+          resources:
+          - clusterversions
+          verbs:
+          - get
+        - apiGroups:
+          - apiextensions.k8s.io
+          resources:
+          - customresourcedefinitions
+          verbs:
+          - get
+          - list
+          - watch
+        - apiGroups:
+          - console.openshift.io
+          resources:
+          - consolelinks
+          - consoleyamlsamples
+          verbs:
+          - create
+          - delete
+          - get
+          - list
+          - patch
+          - update
+          - watch
+        serviceAccountName: hawtio-operator
+    strategy: deployment
+  installModes:
+  - supported: true
+    type: OwnNamespace
+  - supported: true
+    type: SingleNamespace
+  - supported: false
+    type: MultiNamespace
+  - supported: false
+    type: AllNamespaces

deploy/olm-catalog/hawtio-operator/hawtio-operator.package.yaml

@@ -1,5 +1,5 @@
 channels:
-- currentCSV: hawtio-operator.v0.3.0
+- currentCSV: hawtio-operator.v0.4.0
   name: alpha
 defaultChannel: alpha
 packageName: hawtio-operator