diff --git a/bundle/manifests/as-config-grpc-sample_v1_configmap.yaml b/bundle/manifests/as-config-grpc-sample_v1_configmap.yaml deleted file mode 100644 index 544f166..0000000 --- a/bundle/manifests/as-config-grpc-sample_v1_configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -data: - as-config.json: | - { - "work_dir": "/opt/confidential-containers/attestation-service", - "policy_engine": "opa", - "rvps_config": { - "remote_addr":"http://127.0.0.1:50003" - }, - "attestation_token_broker": "Simple", - "attestation_token_config": { - "duration_min": 5 - } - } -kind: ConfigMap -metadata: - name: as-config-grpc-sample diff --git a/bundle/manifests/kbs-config-grpc-sample_v1_configmap.yaml b/bundle/manifests/kbs-config-grpc-sample_v1_configmap.yaml deleted file mode 100644 index 5b47cad..0000000 --- a/bundle/manifests/kbs-config-grpc-sample_v1_configmap.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -data: - kbs-config.json: | - { - "insecure_http" : true, - "sockets": ["0.0.0.0:8080"], - "auth_public_key": "/etc/auth-secret/kbs.pem", - "private_key": "/etc/https-key/key.pem", - "certificate": "/etc/https-cert/cert.pem", - "attestation_token_config": { - "attestation_token_type": "CoCo" - }, - "grpc_config" : { - "as_addr": "http://127.0.0.1:50004" - }, - "repository_config": { - "type": "LocalFs", - "dir_path": "/opt/confidential-containers/kbs/repository" - } - } -kind: ConfigMap -metadata: - name: kbs-config-grpc-sample diff --git a/bundle/manifests/kbs-config-sample_v1_configmap.yaml b/bundle/manifests/kbs-config-sample_v1_configmap.yaml new file mode 100644 index 0000000..7de430e --- /dev/null +++ b/bundle/manifests/kbs-config-sample_v1_configmap.yaml @@ -0,0 +1,35 @@ +apiVersion: v1 +data: + kbs-config.json: | + { + "insecure_http" : true, + "sockets": ["0.0.0.0:8080"], + "auth_public_key": "/etc/auth-secret/kbs.pem", + "attestation_token_config": { + "attestation_token_type": "CoCo" + }, + "repository_config": { + "type": "LocalFs", + "dir_path": "/opt/confidential-containers/kbs/repository" + }, + "as_config": { + "work_dir": "/opt/confidential-containers/attestation-service", + "policy_engine": "opa", + "attestation_token_broker": "Simple", + "attestation_token_config": { + "duration_min": 5 + }, + "rvps_config": { + "store_type": "LocalJson", + "store_config": { + "file_path": "/opt/confidential-containers/rvps/reference-values/reference-values.json" + } + } + }, + "policy_engine_config": { + "policy_path": "/opt/confidential-containers/opa/policy.rego" + } + } +kind: ConfigMap +metadata: + name: kbs-config-sample diff --git a/bundle/manifests/rvps-config-grpc-sample_v1_configmap.yaml b/bundle/manifests/rvps-config-grpc-sample_v1_configmap.yaml deleted file mode 100644 index 9a5b01d..0000000 --- a/bundle/manifests/rvps-config-grpc-sample_v1_configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -data: - rvps-config.json: | - { - "address": "0.0.0.0:50003", - "store_type": "LocalJson", - "store_config": { - "file_path": "/opt/confidential-containers/rvps/reference-values/reference-values.json" - } - } -kind: ConfigMap -metadata: - name: rvps-config-grpc-sample diff --git a/bundle/manifests/kbs-operator-controller-manager-metrics-service_v1_service.yaml b/bundle/manifests/trustee-operator-controller-manager-metrics-service_v1_service.yaml similarity index 100% rename from bundle/manifests/kbs-operator-controller-manager-metrics-service_v1_service.yaml rename to bundle/manifests/trustee-operator-controller-manager-metrics-service_v1_service.yaml diff --git a/bundle/manifests/kbs-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/trustee-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml similarity index 100% rename from bundle/manifests/kbs-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml rename to bundle/manifests/trustee-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml diff --git a/bundle/manifests/kbs-operator.clusterserviceversion.yaml b/bundle/manifests/trustee-operator.clusterserviceversion.yaml similarity index 94% rename from bundle/manifests/kbs-operator.clusterserviceversion.yaml rename to bundle/manifests/trustee-operator.clusterserviceversion.yaml index 379227f..fc4498d 100644 --- a/bundle/manifests/kbs-operator.clusterserviceversion.yaml +++ b/bundle/manifests/trustee-operator.clusterserviceversion.yaml @@ -19,18 +19,15 @@ metadata: "namespace": "kbs-operator-system" }, "spec": { - "kbsAsConfigMapName": "as-config-grpc", "kbsAuthSecretName": "kbs-auth-public-key", - "kbsConfigMapName": "kbs-config-grpc", - "kbsDeploymentType": "MicroservicesDeployment", - "kbsRvpsConfigMapName": "rvps-config-grpc", - "kbsRvpsRefValuesConfigMapName": "rvps-reference-values", - "kbsServiceType": "ClusterIP" + "kbsConfigMapName": "kbs-config", + "kbsDeploymentType": "AllInOneDeployment", + "kbsRvpsRefValuesConfigMapName": "rvps-reference-values" } } ] capabilities: Basic Install - createdAt: "2024-04-29T09:43:48Z" + createdAt: "2024-06-05T08:47:27Z" operators.operatorframework.io/builder: operator-sdk-v1.33.0 operators.operatorframework.io/project_layout: go.kubebuilder.io/v4 name: trustee-operator.v0.0.1 @@ -138,7 +135,7 @@ spec: - subjectaccessreviews verbs: - create - serviceAccountName: kbs-operator-controller-manager + serviceAccountName: trustee-operator-controller-manager deployments: - label: app.kubernetes.io/component: manager @@ -148,7 +145,7 @@ spec: app.kubernetes.io/name: deployment app.kubernetes.io/part-of: trustee-operator control-plane: controller-manager - name: kbs-operator-controller-manager + name: trustee-operator-controller-manager spec: replicas: 1 selector: @@ -247,7 +244,7 @@ spec: - ALL securityContext: runAsNonRoot: true - serviceAccountName: kbs-operator-controller-manager + serviceAccountName: trustee-operator-controller-manager terminationGracePeriodSeconds: 10 permissions: - rules: @@ -282,7 +279,7 @@ spec: verbs: - create - patch - serviceAccountName: kbs-operator-controller-manager + serviceAccountName: trustee-operator-controller-manager strategy: deployment installModes: - supported: false diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 903f61a..f9508ad 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -6,7 +6,7 @@ namespace: kbs-operator-system # "wordpress" becomes "alices-wordpress". # Note that it should also match with the prefix (text before '-') of the namespace # field above. -namePrefix: kbs-operator- +namePrefix: trustee-operator- # Labels to add to all resources and selectors. #commonLabels: diff --git a/config/manifests/bases/kbs-operator.clusterserviceversion.yaml b/config/manifests/bases/trustee-operator.clusterserviceversion.yaml similarity index 94% rename from config/manifests/bases/kbs-operator.clusterserviceversion.yaml rename to config/manifests/bases/trustee-operator.clusterserviceversion.yaml index ba5a11f..e4ae693 100644 --- a/config/manifests/bases/kbs-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/trustee-operator.clusterserviceversion.yaml @@ -15,8 +15,8 @@ spec: kind: KbsConfig name: kbsconfigs.confidentialcontainers.org version: v1alpha1 - description: Operator to manage the lifecycle of Key Broker Service (KBS) - displayName: KBS Operator + description: Operator to manage the lifecycle of Trustee + displayName: Trustee Operator icon: - base64data: PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyNTguNTEgMjU4LjUxIj48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2QxZDFkMTt9LmNscy0ye2ZpbGw6IzhkOGQ4Zjt9PC9zdHlsZT48L2RlZnM+PHRpdGxlPkFzc2V0IDQ8L3RpdGxlPjxnIGlkPSJMYXllcl8yIiBkYXRhLW5hbWU9IkxheWVyIDIiPjxnIGlkPSJMYXllcl8xLTIiIGRhdGEtbmFtZT0iTGF5ZXIgMSI+PHBhdGggY2xhc3M9ImNscy0xIiBkPSJNMTI5LjI1LDIwQTEwOS4xLDEwOS4xLDAsMCwxLDIwNi40LDIwNi40LDEwOS4xLDEwOS4xLDAsMSwxLDUyLjExLDUyLjExLDEwOC40NSwxMDguNDUsMCwwLDEsMTI5LjI1LDIwbTAtMjBoMEM1OC4xNiwwLDAsNTguMTYsMCwxMjkuMjVIMGMwLDcxLjA5LDU4LjE2LDEyOS4yNiwxMjkuMjUsMTI5LjI2aDBjNzEuMDksMCwxMjkuMjYtNTguMTcsMTI5LjI2LTEyOS4yNmgwQzI1OC41MSw1OC4xNiwyMDAuMzQsMCwxMjkuMjUsMFoiLz48cGF0aCBjbGFzcz0iY2xzLTIiIGQ9Ik0xNzcuNTQsMTAzLjQxSDE0MS42NkwxNTQuOSw2NS43NmMxLjI1LTQuNC0yLjMzLTguNzYtNy4yMS04Ljc2SDEwMi45M2E3LjMyLDcuMzIsMCwwLDAtNy40LDZsLTEwLDY5LjYxYy0uNTksNC4xNywyLjg5LDcuODksNy40LDcuODloMzYuOUwxMTUuNTUsMTk3Yy0xLjEyLDQuNDEsMi40OCw4LjU1LDcuMjQsOC41NWE3LjU4LDcuNTgsMCwwLDAsNi40Ny0zLjQ4TDE4NCwxMTMuODVDMTg2Ljg2LDEwOS4yNCwxODMuMjksMTAzLjQxLDE3Ny41NCwxMDMuNDFaIi8+PC9nPjwvZz48L3N2Zz4= mediatype: image/svg+xml @@ -39,7 +39,7 @@ spec: - attestation-service - rvps links: - - name: Kbs Operator + - name: Trustee Operator url: https://github.com/confidential-containers/trustee-operator maintainers: - email: cncf-ccontainers-maintainers@lists.cncf.io diff --git a/config/manifests/kustomization.yaml b/config/manifests/kustomization.yaml index d64b7a4..741d309 100644 --- a/config/manifests/kustomization.yaml +++ b/config/manifests/kustomization.yaml @@ -1,7 +1,7 @@ # These resources constitute the fully configured set of manifests # used to generate the 'manifests/' directory in a bundle. resources: -- bases/kbs-operator.clusterserviceversion.yaml +- bases/trustee-operator.clusterserviceversion.yaml - ../default - ../samples - ../scorecard diff --git a/config/rbac/auth_proxy_service.yaml b/config/rbac/auth_proxy_service.yaml index 07d1575..81963f2 100644 --- a/config/rbac/auth_proxy_service.yaml +++ b/config/rbac/auth_proxy_service.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/name: service app.kubernetes.io/instance: controller-manager-metrics-service app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: kbs-operator - app.kubernetes.io/part-of: kbs-operator + app.kubernetes.io/created-by: trustee-operator + app.kubernetes.io/part-of: trustee-operator app.kubernetes.io/managed-by: kustomize name: controller-manager-metrics-service namespace: system diff --git a/config/rbac/kbsconfig_editor_role.yaml b/config/rbac/kbsconfig_editor_role.yaml index ec08d27..e464ce7 100644 --- a/config/rbac/kbsconfig_editor_role.yaml +++ b/config/rbac/kbsconfig_editor_role.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/name: clusterrole app.kubernetes.io/instance: kbsconfig-editor-role app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: kbs-operator - app.kubernetes.io/part-of: kbs-operator + app.kubernetes.io/created-by: trustee-operator + app.kubernetes.io/part-of: trustee-operator app.kubernetes.io/managed-by: kustomize name: kbsconfig-editor-role rules: diff --git a/config/rbac/kbsconfig_viewer_role.yaml b/config/rbac/kbsconfig_viewer_role.yaml index bde3b0c..aa3960f 100644 --- a/config/rbac/kbsconfig_viewer_role.yaml +++ b/config/rbac/kbsconfig_viewer_role.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/name: clusterrole app.kubernetes.io/instance: kbsconfig-viewer-role app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: kbs-operator - app.kubernetes.io/part-of: kbs-operator + app.kubernetes.io/created-by: trustee-operator + app.kubernetes.io/part-of: trustee-operator app.kubernetes.io/managed-by: kustomize name: kbsconfig-viewer-role rules: diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml index fafd40c..6738552 100644 --- a/config/rbac/leader_election_role.yaml +++ b/config/rbac/leader_election_role.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/name: role app.kubernetes.io/instance: leader-election-role app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: kbs-operator - app.kubernetes.io/part-of: kbs-operator + app.kubernetes.io/created-by: trustee-operator + app.kubernetes.io/part-of: trustee-operator app.kubernetes.io/managed-by: kustomize name: leader-election-role rules: diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml index a7df89c..1e5e1ba 100644 --- a/config/rbac/leader_election_role_binding.yaml +++ b/config/rbac/leader_election_role_binding.yaml @@ -5,8 +5,8 @@ metadata: app.kubernetes.io/name: rolebinding app.kubernetes.io/instance: leader-election-rolebinding app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: kbs-operator - app.kubernetes.io/part-of: kbs-operator + app.kubernetes.io/created-by: trustee-operator + app.kubernetes.io/part-of: trustee-operator app.kubernetes.io/managed-by: kustomize name: leader-election-rolebinding roleRef: diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml index 76a18f8..845f678 100644 --- a/config/rbac/role_binding.yaml +++ b/config/rbac/role_binding.yaml @@ -5,8 +5,8 @@ metadata: app.kubernetes.io/name: clusterrolebinding app.kubernetes.io/instance: manager-rolebinding app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: kbs-operator - app.kubernetes.io/part-of: kbs-operator + app.kubernetes.io/created-by: trustee-operator + app.kubernetes.io/part-of: trustee-operator app.kubernetes.io/managed-by: kustomize name: manager-rolebinding roleRef: diff --git a/config/samples/all-in-one/kbsconfig_sample.yaml b/config/samples/all-in-one/kbsconfig_sample.yaml index d6c275b..13712ba 100644 --- a/config/samples/all-in-one/kbsconfig_sample.yaml +++ b/config/samples/all-in-one/kbsconfig_sample.yaml @@ -4,9 +4,9 @@ metadata: labels: app.kubernetes.io/name: kbsconfig app.kubernetes.io/instance: kbsconfig-sample - app.kubernetes.io/part-of: kbs-operator + app.kubernetes.io/part-of: trustee-operator app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/created-by: kbs-operator + app.kubernetes.io/created-by: trustee-operator name: kbsconfig-sample namespace: kbs-operator-system spec: diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml index f625316..1a3a04b 100644 --- a/config/samples/kustomization.yaml +++ b/config/samples/kustomization.yaml @@ -4,6 +4,5 @@ kind: Kustomization nameSuffix: -sample resources: - - microservices -# - all-in-one + - all-in-one diff --git a/config/samples/microservices/kbsconfig_sample.yaml b/config/samples/microservices/kbsconfig_sample.yaml index 4e6c9c6..fbd6e09 100644 --- a/config/samples/microservices/kbsconfig_sample.yaml +++ b/config/samples/microservices/kbsconfig_sample.yaml @@ -4,9 +4,9 @@ metadata: labels: app.kubernetes.io/name: kbsconfig app.kubernetes.io/instance: kbsconfig-sample - app.kubernetes.io/part-of: kbs-operator + app.kubernetes.io/part-of: trustee-operator app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/created-by: kbs-operator + app.kubernetes.io/created-by: trustee-operator name: kbsconfig-sample namespace: kbs-operator-system spec: diff --git a/internal/controller/common.go b/internal/controller/common.go index add7db3..d37b62e 100644 --- a/internal/controller/common.go +++ b/internal/controller/common.go @@ -22,7 +22,7 @@ const ( KbsFinalizerName = "kbsconfig.confidentialcontainers.org/finalizer" // KBS Deployment name - KbsDeploymentName = "kbs-deployment" + KbsDeploymentName = "trustee-deployment" // KBS operator default namespace KbsOperatorNamespace = "kbs-operator-system"