UNCLASSIFIED

Skip to content

GitLab

Commit 4a8192e5 authored by Andy Maksymowicz's avatar Andy Maksymowicz
Browse files

Merge branch 'scottstroud-development-patch-02806' into 'development' 

Updates for @sean.melissari request to externalize manager binary

See merge request dsop/confluent/confluent-component-operator/cp-operator-service-5.5.x!6
parents 84d0663d 0d973679
Pipeline #184877 passed with stages
in 12 minutes and 30 seconds
Hide whitespace changes
Inline Side-by-side
Showing with 21 additions and 840 deletions
Dockerfile
View file @ 4a8192e5
ARG BASE_REGISTRY=registry1.dsop.io
ARG BASE_REGISTRY=registry1.dso.mil
ARG BASE_IMAGE=redhat/ubi/ubi8
ARG BASE_TAG=8.3
FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
WORKDIR /opt/
WORKDIR /opt
USER root
RUN mkdir -p /tmp/untar
COPY cp-operator-service-5.5.3_opt.tar.gz /tmp/untar
COPY --chown=1001:1001 scripts/opt/ /opt/
RUN cd /tmp/untar && tar -xvf cp-operator-service-5.5.3_opt.tar.gz && rm cp-operator-service-5.5.3_opt.tar.gz && \
mv manager /opt/ && mv config /opt/ && cd /opt && rm -Rf /tmp/untar && \
chown -R 1001:1001 /opt/manager /opt/config
ENTRYPOINT ["/opt/manager"]
......
hardening_manifest.yaml
View file @ 4a8192e5
......@@ -11,6 +11,8 @@ tags:
- "5.5.3"
- "5.5.x"
- "5.5"
- "0.364.0"
- "0.364"
# Build args passed to Dockerfile ARGs
args:
......@@ -29,6 +31,14 @@ labels:
mil.dso.ironbank.image.type: "commercial"
mil.dso.ironbank.product.name: "Confluent Platform"
# List of resources to make available to the offline build context
resources:
- filename: cp-operator-service-5.5.3_opt.tar.gz
url: https://ironbank-files.s3.amazonaws.com/cp-operator-service-5.5.3_opt.tar.gz
validation:
type: sha256
value: 4ce9e1ff3e8faee9e54dcf6208c885d8d85e90cc3078b23e685e3c59c26fb81d
# List of project maintainers
maintainers:
- name: "Scott Stroud"
......
scripts/opt/config/crds/cluster_v1alpha1_kafkacluster.yaml deleted 100755 → 0
View file @ 84d0663d
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
labels:
controller-tools.k8s.io: "1.0"
name: kafkaclusters.cluster.confluent.com
spec:
group: cluster.confluent.com
names:
categories:
- all
kind: KafkaCluster
plural: kafkaclusters
shortNames:
- kafka
- broker
scope: Namespaced
subresources:
scale:
specReplicasPath: .spec.replicas
statusReplicasPath: .status.replicas
status: {}
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
authorization:
properties:
rbac:
properties:
ldap:
properties:
address:
type: string
authentication:
properties:
type:
enum:
- tls
- simple
type: string
required:
- type
type: object
configurations:
properties:
groupMemberAttribute:
type: string
groupMemberAttributePattern:
type: string
groupNameAttribute:
type: string
groupObjectClass:
type: string
groupSearchBase:
type: string
userMemberOfAttributePattern:
type: string
userNameAttribute:
type: string
userObjectClass:
type: string
userSearchBase:
type: string
required:
- userNameAttribute
- userObjectClass
type: object
required:
- authentication
- address
- configurations
type: object
mds:
properties:
https:
type: boolean
required:
- https
type: object
required:
- mds
- ldap
type: object
superUsers:
items:
type: string
type: array
type:
enum:
- rbac
- simple
type: string
required:
- type
type: object
configOverrides:
properties:
jvm:
items:
type: string
type: array
log4j:
items:
type: string
type: array
server:
items:
type: string
type: array
type: object
image:
pattern: .+:.+
type: string
initContainers:
items:
properties:
args:
items:
type: string
type: array
command:
items:
type: string
type: array
envVar:
type: object
image:
pattern: .+:.+
type: string
name:
type: string
required:
- name
- image
- command
type: object
type: array
internalKubDomain:
type: string
jvmConfig:
properties:
heapSize:
pattern: ^[0-9]+[M,GB,m,g]{1,2}$
type: string
required:
- heapSize
type: object
metricReporter:
properties:
bootstrapEndpoint:
pattern: .+:[0-9]+
type: string
internal:
type: boolean
publishMs:
format: int64
type: integer
replicationFactor:
exclusiveMinimum: true
format: int32
type: integer
tls:
properties:
authentication:
properties:
principalMappingRules:
items:
type: string
type: array
type:
enum:
- tls
- plain
type: string
required:
- type
type: object
enabled:
type: boolean
required:
- enabled
type: object
required:
- bootstrapEndpoint
- replicationFactor
type: object
network:
properties:
annotations:
type: object
bootstrapPrefix:
maxLength: 100
minLength: 1
pattern: ^[^.]+$
type: string
brokerPrefix:
maxLength: 100
minLength: 1
pattern: ^[^.]+$
type: string
domain:
maxLength: 200
minLength: 1
type: string
type:
enum:
- external
- internal
- route
type: string
required:
- domain
- type
type: object
options:
properties:
acl:
description: ACL enabled or disabled
type: boolean
enterprise:
description: check if using enterprise or non-enterprise image
type: boolean
supers:
pattern: ^(User:[^;]+;)*(User:[^;]+)?$
type: string
type: object
placement:
properties:
disableHostPort:
type: boolean
nodeAffinity:
properties:
key:
maxLength: 64
minLength: 1
type: string
values:
items:
type: string
maxItems: 20
minItems: 1
type: array
required:
- key
- values
type: object
rack:
properties:
topology:
type: string
type: object
type: object
podAnnotations:
type: object
podSecurityContext:
properties:
fsGroup:
format: int64
type: integer
randomUID:
type: boolean
runAsGroup:
format: int64
type: integer
runAsNonRoot:
type: boolean
runAsUser:
format: int64
type: integer
seLinuxOptions:
properties:
level:
type: string
role:
type: string
type:
type: string
user:
type: string
type: object
supplementalGroups:
items:
format: int64
type: integer
type: array
sysctls:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
replicas:
exclusiveMinimum: true
format: int32
type: integer
resources:
properties:
limits:
properties:
cpu:
pattern: ^[0-9\.]+[m]?$
type: string
memory:
pattern: ^[0-9]+[E,P,T,G,M,K,Ei,Pi,Ti,Gi,Mi,Ki]{1,2}$
type: string
required:
- cpu
- memory
type: object
requests:
properties:
cpu:
pattern: ^[0-9\.]+[m]?$
type: string
memory:
pattern: ^[0-9]+[E,P,T,G,M,K,Ei,Pi,Ti,Gi,Mi,Ki]{1,2}$
type: string
required:
- cpu
- memory
type: object
storage:
items:
properties:
capacity:
pattern: ^[0-9]+[E,P,T,G,M,K,Ei,Pi,Ti,Gi,Mi,Ki]{1,2}$
type: string
name:
enum:
- data
- data0
- log
- txnlog
maxLength: 10
minLength: 1
type: string
storageClassName:
type: string
type:
format: int32
type: integer
required:
- capacity
- name
type: object
minItems: 1
type: array
required:
- requests
- storage
type: object
terminationGracePeriodInSecond:
format: int64
minimum: 30
type: integer
tls:
properties:
authentication:
properties:
principalMappingRules:
items:
type: string
type: array
type:
enum:
- tls
- plain
type: string
required:
- type
type: object
enabled:
type: boolean
jmxAuthentication:
properties:
type:
enum:
- tls
type: string
required:
- type
type: object
jmxTLS:
type: boolean
required:
- enabled
type: object
zones:
items:
type: string
type: array
zookeeper:
properties:
endpoint:
pattern: .+:[0-9]+
type: string
required:
- endpoint
type: object
required:
- replicas
- image
- resources
- jvmConfig
- initContainers
type: object
status:
properties:
authenticationType:
type: string
bootstrapEndpoint:
type: string
brokerEndpoints:
type: object
brokerExternalListener:
type: string
brokerInternalListener:
type: string
clientAuthentication:
type: boolean
clusterName:
type: string
currentReplicas:
format: int32
type: integer
externalClient:
type: string
internalClient:
type: string
jmxPort:
format: int32
type: integer
jmxSecurityProtocol:
enum:
- tls
- mtls
type: string
jolokiaPort:
format: int32
type: integer
mdsEndpoint:
type: string
minIsr:
format: int32
type: integer
phase:
type: string
prometheusPort:
format: int32
type: integer
pscVersion:
type: string
readyReplicas:
format: int32
type: integer
reason:
type: string
replicas:
format: int32
type: integer
replicationFactor:
format: int32
type: integer
securityProtocol:
type: string
zookeeperConnect:
type: string
required:
- phase
- replicas
- currentReplicas
- readyReplicas
type: object
version: v1alpha1
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
scripts/opt/config/crds/cluster_v1alpha1_zookeepercluster.yaml deleted 100755 → 0
View file @ 84d0663d
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
labels:
controller-tools.k8s.io: "1.0"
name: zookeeperclusters.cluster.confluent.com
spec:
group: cluster.confluent.com
names:
categories:
- all
kind: ZookeeperCluster
plural: zookeeperclusters
shortNames:
- zk
- zookeeper
scope: Namespaced
subresources:
scale:
specReplicasPath: .spec.replicas
statusReplicasPath: .status.replicas
status: {}
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
configOverrides:
properties:
jvm:
items:
type: string
type: array
log4j:
items:
type: string
type: array
server:
items:
type: string
type: array
type: object
image:
pattern: .+:.+
type: string
initContainers:
items:
properties:
args:
items:
type: string
type: array
command:
items:
type: string
type: array
envVar:
type: object
image:
pattern: .+:.+
type: string
name:
type: string
required:
- name
- image
- command
type: object
type: array
internalKubDomain:
type: string
jvmConfig:
properties:
heapSize:
pattern: ^[0-9]+[M,GB,m,g]{1,2}$
type: string
required:
- heapSize
type: object
placement:
properties:
disableHostPort:
type: boolean
nodeAffinity:
properties:
key:
maxLength: 64
minLength: 1
type: string
values:
items:
type: string
maxItems: 20
minItems: 1
type: array
required:
- key
- values
type: object
rack:
properties:
topology:
type: string
type: object
type: object
podAnnotations:
type: object
podSecurityContext:
properties:
fsGroup:
format: int64
type: integer
randomUID:
type: boolean
runAsGroup:
format: int64
type: integer
runAsNonRoot:
type: boolean
runAsUser:
format: int64
type: integer
seLinuxOptions:
properties:
level:
type: string
role:
type: string
type:
type: string
user:
type: string
type: object
supplementalGroups:
items:
format: int64
type: integer
type: array
sysctls:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
replicas:
exclusiveMinimum: true
format: int32
type: integer
resources:
properties:
limits:
properties:
cpu:
pattern: ^[0-9\.]+[m]?$
type: string
memory:
pattern: ^[0-9]+[E,P,T,G,M,K,Ei,Pi,Ti,Gi,Mi,Ki]{1,2}$
type: string
required:
- cpu
- memory
type: object
requests:
properties:
cpu:
pattern: ^[0-9\.]+[m]?$
type: string
memory:
pattern: ^[0-9]+[E,P,T,G,M,K,Ei,Pi,Ti,Gi,Mi,Ki]{1,2}$
type: string
required:
- cpu
- memory
type: object
storage:
items:
properties:
capacity:
pattern: ^[0-9]+[E,P,T,G,M,K,Ei,Pi,Ti,Gi,Mi,Ki]{1,2}$
type: string
name:
enum:
- data
- data0
- log
- txnlog
maxLength: 10
minLength: 1
type: string
storageClassName:
type: string
type:
format: int32
type: integer
required:
- capacity
- name
type: object
minItems: 1
type: array
required:
- requests
- storage
type: object
terminationGracePeriodInSecond:
format: int64
minimum: 30
type: integer
tls:
properties:
jmxAuthentication:
properties:
type:
enum:
- tls
type: string
required:
- type
type: object
jmxTLS:
type: boolean
type: object
zones:
items:
type: string
type: array
required:
- replicas
- image
- resources
- jvmConfig
- initContainers
type: object
status:
properties:
alternateEndpoint:
type: string
clusterName:
type: string
config:
type: object
currentReplicas:
format: int32
type: integer
endpoints:
type: string
jmxSecurityProtocol:
enum:
- tls
- mtls
type: string
phase:
type: string
readyReplicas:
format: int32
type: integer
reason:
type: string
replicas:
format: int32
type: integer
required:
- phase
- replicas
- currentReplicas
- readyReplicas
type: object
version: v1alpha1
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
scripts/opt/config/crds/operator/operator_v1_physicalstatefulcluster.yaml deleted 100755 → 0
View file @ 84d0663d
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
labels:
controller-tools.k8s.io: "1.0"
name: physicalstatefulclusters.operator.confluent.cloud
spec:
group: operator.confluent.cloud
names:
kind: PhysicalStatefulCluster
plural: physicalstatefulclusters
shortNames:
- psc
scope: Namespaced
validation:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
type: object
status:
type: object
type: object
version: v1
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
scripts/opt/help.1 deleted 100755 → 0
View file @ 84d0663d
This image is a part of the Confluent Platform deployment in the Openshift/Kubernetes.
Information on how to use and configure this image is available at https://docs.confluent.io.
For more information, please contact operator@confluent.io.
scripts/opt/licenses/confluent.txt deleted 100755 → 0
View file @ 84d0663d
Copyright 2019 Confluent, Inc.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

UNCLASSIFIED