Merge pull request #30 from lmilleri/fix-sample

Rename operator part II and fix sample yaml
confidential-containers · Jun 7, 2024 · b7b6f93 · b7b6f93
2 parents 55ccf3a + e400d39
commit b7b6f93
Show file tree

Hide file tree

Showing 20 changed files with 66 additions and 88 deletions.
diff --git a/bundle/manifests/as-config-grpc-sample_v1_configmap.yaml b/bundle/manifests/as-config-grpc-sample_v1_configmap.yaml
diff --git a/bundle/manifests/kbs-config-grpc-sample_v1_configmap.yaml b/bundle/manifests/kbs-config-grpc-sample_v1_configmap.yaml
diff --git a/bundle/manifests/kbs-config-sample_v1_configmap.yaml b/bundle/manifests/kbs-config-sample_v1_configmap.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+data:
+  kbs-config.json: |
+    {
+        "insecure_http" : true,
+        "sockets": ["0.0.0.0:8080"],
+        "auth_public_key": "/etc/auth-secret/kbs.pem",
+        "attestation_token_config": {
+          "attestation_token_type": "CoCo"
+        },
+        "repository_config": {
+          "type": "LocalFs",
+          "dir_path": "/opt/confidential-containers/kbs/repository"
+        },
+        "as_config": {
+          "work_dir": "/opt/confidential-containers/attestation-service",
+          "policy_engine": "opa",
+          "attestation_token_broker": "Simple",
+          "attestation_token_config": {
+            "duration_min": 5
+          },
+          "rvps_config": {
+            "store_type": "LocalJson",
+            "store_config": {
+              "file_path": "/opt/confidential-containers/rvps/reference-values/reference-values.json"
+            }
+          }
+        },
+        "policy_engine_config": {
+          "policy_path": "/opt/confidential-containers/opa/policy.rego"
+        }
+    }
+kind: ConfigMap
+metadata:
+  name: kbs-config-sample
diff --git a/bundle/manifests/rvps-config-grpc-sample_v1_configmap.yaml b/bundle/manifests/rvps-config-grpc-sample_v1_configmap.yaml
diff --git a/...r-manager-metrics-service_v1_service.yaml → ...r-manager-metrics-service_v1_service.yaml b/...r-manager-metrics-service_v1_service.yaml → ...r-manager-metrics-service_v1_service.yaml
diff --git a/....authorization.k8s.io_v1_clusterrole.yaml → ....authorization.k8s.io_v1_clusterrole.yaml b/....authorization.k8s.io_v1_clusterrole.yaml → ....authorization.k8s.io_v1_clusterrole.yaml
diff --git a/...s/kbs-operator.clusterserviceversion.yaml → ...ustee-operator.clusterserviceversion.yaml b/...s/kbs-operator.clusterserviceversion.yaml → ...ustee-operator.clusterserviceversion.yaml
@@ -19,18 +19,15 @@ metadata:
             "namespace": "kbs-operator-system"
           },
           "spec": {
-            "kbsAsConfigMapName": "as-config-grpc",
             "kbsAuthSecretName": "kbs-auth-public-key",
-            "kbsConfigMapName": "kbs-config-grpc",
-            "kbsDeploymentType": "MicroservicesDeployment",
-            "kbsRvpsConfigMapName": "rvps-config-grpc",
-            "kbsRvpsRefValuesConfigMapName": "rvps-reference-values",
-            "kbsServiceType": "ClusterIP"
+            "kbsConfigMapName": "kbs-config",
+            "kbsDeploymentType": "AllInOneDeployment",
+            "kbsRvpsRefValuesConfigMapName": "rvps-reference-values"
           }
         }
       ]
     capabilities: Basic Install
-    createdAt: "2024-04-29T09:43:48Z"
+    createdAt: "2024-06-05T08:47:27Z"
     operators.operatorframework.io/builder: operator-sdk-v1.33.0
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v4
   name: trustee-operator.v0.0.1
@@ -138,7 +135,7 @@ spec:
           - subjectaccessreviews
           verbs:
           - create
-        serviceAccountName: kbs-operator-controller-manager
+        serviceAccountName: trustee-operator-controller-manager
       deployments:
       - label:
           app.kubernetes.io/component: manager
@@ -148,7 +145,7 @@ spec:
           app.kubernetes.io/name: deployment
           app.kubernetes.io/part-of: trustee-operator
           control-plane: controller-manager
-        name: kbs-operator-controller-manager
+        name: trustee-operator-controller-manager
         spec:
           replicas: 1
           selector:
@@ -247,7 +244,7 @@ spec:
                     - ALL
               securityContext:
                 runAsNonRoot: true
-              serviceAccountName: kbs-operator-controller-manager
+              serviceAccountName: trustee-operator-controller-manager
               terminationGracePeriodSeconds: 10
       permissions:
       - rules:
@@ -282,7 +279,7 @@ spec:
           verbs:
           - create
           - patch
-        serviceAccountName: kbs-operator-controller-manager
+        serviceAccountName: trustee-operator-controller-manager
     strategy: deployment
   installModes:
   - supported: false

diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
@@ -6,7 +6,7 @@ namespace: kbs-operator-system
 # "wordpress" becomes "alices-wordpress".
 # Note that it should also match with the prefix (text before '-') of the namespace
 # field above.
-namePrefix: kbs-operator-
+namePrefix: trustee-operator-
 
 # Labels to add to all resources and selectors.
 #commonLabels:

diff --git a/...s/kbs-operator.clusterserviceversion.yaml → ...ustee-operator.clusterserviceversion.yaml b/...s/kbs-operator.clusterserviceversion.yaml → ...ustee-operator.clusterserviceversion.yaml
@@ -15,8 +15,8 @@ spec:
       kind: KbsConfig
       name: kbsconfigs.confidentialcontainers.org
       version: v1alpha1
-  description: Operator to manage the lifecycle of Key Broker Service (KBS)
-  displayName: KBS Operator
+  description: Operator to manage the lifecycle of Trustee
+  displayName: Trustee Operator
   icon:
   - base64data: PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyNTguNTEgMjU4LjUxIj48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2QxZDFkMTt9LmNscy0ye2ZpbGw6IzhkOGQ4Zjt9PC9zdHlsZT48L2RlZnM+PHRpdGxlPkFzc2V0IDQ8L3RpdGxlPjxnIGlkPSJMYXllcl8yIiBkYXRhLW5hbWU9IkxheWVyIDIiPjxnIGlkPSJMYXllcl8xLTIiIGRhdGEtbmFtZT0iTGF5ZXIgMSI+PHBhdGggY2xhc3M9ImNscy0xIiBkPSJNMTI5LjI1LDIwQTEwOS4xLDEwOS4xLDAsMCwxLDIwNi40LDIwNi40LDEwOS4xLDEwOS4xLDAsMSwxLDUyLjExLDUyLjExLDEwOC40NSwxMDguNDUsMCwwLDEsMTI5LjI1LDIwbTAtMjBoMEM1OC4xNiwwLDAsNTguMTYsMCwxMjkuMjVIMGMwLDcxLjA5LDU4LjE2LDEyOS4yNiwxMjkuMjUsMTI5LjI2aDBjNzEuMDksMCwxMjkuMjYtNTguMTcsMTI5LjI2LTEyOS4yNmgwQzI1OC41MSw1OC4xNiwyMDAuMzQsMCwxMjkuMjUsMFoiLz48cGF0aCBjbGFzcz0iY2xzLTIiIGQ9Ik0xNzcuNTQsMTAzLjQxSDE0MS42NkwxNTQuOSw2NS43NmMxLjI1LTQuNC0yLjMzLTguNzYtNy4yMS04Ljc2SDEwMi45M2E3LjMyLDcuMzIsMCwwLDAtNy40LDZsLTEwLDY5LjYxYy0uNTksNC4xNywyLjg5LDcuODksNy40LDcuODloMzYuOUwxMTUuNTUsMTk3Yy0xLjEyLDQuNDEsMi40OCw4LjU1LDcuMjQsOC41NWE3LjU4LDcuNTgsMCwwLDAsNi40Ny0zLjQ4TDE4NCwxMTMuODVDMTg2Ljg2LDEwOS4yNCwxODMuMjksMTAzLjQxLDE3Ny41NCwxMDMuNDFaIi8+PC9nPjwvZz48L3N2Zz4=
     mediatype: image/svg+xml
@@ -39,7 +39,7 @@ spec:
   - attestation-service
   - rvps
   links:
-  - name: Kbs Operator
+  - name: Trustee Operator
     url: https://github.com/confidential-containers/trustee-operator
   maintainers:
   - email: [email protected]

diff --git a/config/manifests/kustomization.yaml b/config/manifests/kustomization.yaml
@@ -1,7 +1,7 @@
 # These resources constitute the fully configured set of manifests
 # used to generate the 'manifests/' directory in a bundle.
 resources:
-- bases/kbs-operator.clusterserviceversion.yaml
+- bases/trustee-operator.clusterserviceversion.yaml
 - ../default
 - ../samples
 - ../scorecard

diff --git a/config/rbac/auth_proxy_service.yaml b/config/rbac/auth_proxy_service.yaml
@@ -6,8 +6,8 @@ metadata:
     app.kubernetes.io/name: service
     app.kubernetes.io/instance: controller-manager-metrics-service
     app.kubernetes.io/component: kube-rbac-proxy
-    app.kubernetes.io/created-by: kbs-operator
-    app.kubernetes.io/part-of: kbs-operator
+    app.kubernetes.io/created-by: trustee-operator
+    app.kubernetes.io/part-of: trustee-operator
     app.kubernetes.io/managed-by: kustomize
   name: controller-manager-metrics-service
   namespace: system

diff --git a/config/rbac/kbsconfig_editor_role.yaml b/config/rbac/kbsconfig_editor_role.yaml
@@ -6,8 +6,8 @@ metadata:
     app.kubernetes.io/name: clusterrole
     app.kubernetes.io/instance: kbsconfig-editor-role
     app.kubernetes.io/component: rbac
-    app.kubernetes.io/created-by: kbs-operator
-    app.kubernetes.io/part-of: kbs-operator
+    app.kubernetes.io/created-by: trustee-operator
+    app.kubernetes.io/part-of: trustee-operator
     app.kubernetes.io/managed-by: kustomize
   name: kbsconfig-editor-role
 rules:

diff --git a/config/rbac/kbsconfig_viewer_role.yaml b/config/rbac/kbsconfig_viewer_role.yaml
@@ -6,8 +6,8 @@ metadata:
     app.kubernetes.io/name: clusterrole
     app.kubernetes.io/instance: kbsconfig-viewer-role
     app.kubernetes.io/component: rbac
-    app.kubernetes.io/created-by: kbs-operator
-    app.kubernetes.io/part-of: kbs-operator
+    app.kubernetes.io/created-by: trustee-operator
+    app.kubernetes.io/part-of: trustee-operator
     app.kubernetes.io/managed-by: kustomize
   name: kbsconfig-viewer-role
 rules:

diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml
@@ -6,8 +6,8 @@ metadata:
     app.kubernetes.io/name: role
     app.kubernetes.io/instance: leader-election-role
     app.kubernetes.io/component: rbac
-    app.kubernetes.io/created-by: kbs-operator
-    app.kubernetes.io/part-of: kbs-operator
+    app.kubernetes.io/created-by: trustee-operator
+    app.kubernetes.io/part-of: trustee-operator
     app.kubernetes.io/managed-by: kustomize
   name: leader-election-role
 rules:

diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml
@@ -5,8 +5,8 @@ metadata:
     app.kubernetes.io/name: rolebinding
     app.kubernetes.io/instance: leader-election-rolebinding
     app.kubernetes.io/component: rbac
-    app.kubernetes.io/created-by: kbs-operator
-    app.kubernetes.io/part-of: kbs-operator
+    app.kubernetes.io/created-by: trustee-operator
+    app.kubernetes.io/part-of: trustee-operator
     app.kubernetes.io/managed-by: kustomize
   name: leader-election-rolebinding
 roleRef:

diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml
@@ -5,8 +5,8 @@ metadata:
     app.kubernetes.io/name: clusterrolebinding
     app.kubernetes.io/instance: manager-rolebinding
     app.kubernetes.io/component: rbac
-    app.kubernetes.io/created-by: kbs-operator
-    app.kubernetes.io/part-of: kbs-operator
+    app.kubernetes.io/created-by: trustee-operator
+    app.kubernetes.io/part-of: trustee-operator
     app.kubernetes.io/managed-by: kustomize
   name: manager-rolebinding
 roleRef:

diff --git a/config/samples/all-in-one/kbsconfig_sample.yaml b/config/samples/all-in-one/kbsconfig_sample.yaml
@@ -4,9 +4,9 @@ metadata:
   labels:
     app.kubernetes.io/name: kbsconfig
     app.kubernetes.io/instance: kbsconfig-sample
-    app.kubernetes.io/part-of: kbs-operator
+    app.kubernetes.io/part-of: trustee-operator
     app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/created-by: kbs-operator
+    app.kubernetes.io/created-by: trustee-operator
   name: kbsconfig-sample
   namespace: kbs-operator-system
 spec:

diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml
@@ -4,6 +4,5 @@ kind: Kustomization
 nameSuffix: -sample
 
 resources:
-  - microservices
-# - all-in-one
+ - all-in-one
 
diff --git a/config/samples/microservices/kbsconfig_sample.yaml b/config/samples/microservices/kbsconfig_sample.yaml
@@ -4,9 +4,9 @@ metadata:
   labels:
     app.kubernetes.io/name: kbsconfig
     app.kubernetes.io/instance: kbsconfig-sample
-    app.kubernetes.io/part-of: kbs-operator
+    app.kubernetes.io/part-of: trustee-operator
     app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/created-by: kbs-operator
+    app.kubernetes.io/created-by: trustee-operator
   name: kbsconfig-sample
   namespace: kbs-operator-system
 spec:

diff --git a/internal/controller/common.go b/internal/controller/common.go
@@ -22,7 +22,7 @@ const (
 	KbsFinalizerName = "kbsconfig.confidentialcontainers.org/finalizer"
 
 	// KBS Deployment name
-	KbsDeploymentName = "kbs-deployment"
+	KbsDeploymentName = "trustee-deployment"
 
 	// KBS operator default namespace
 	KbsOperatorNamespace = "kbs-operator-system"