Merge branch 'redhat-developer:master' into track_codecov

.github/cherry-pick-bot.yml

@@ -0,0 +1,2 @@
+enabled: true
+preservePullRequestTitle: true

.github/workflow/openshift-ci-automation.yaml

@@ -0,0 +1,24 @@
+name: Trigger openshift-ci automation
+on:
+  create
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Test
+        run: |
+          export BRANCH=${{ github.event.ref }}
+          echo $BRANCH
+          # check if version starts with v or not
+          if [[ $BRANCH = v* ]];then      
+            curl -L \
+              -H "Accept: application/vnd.github+json" \
+              -H "Authorization: Bearer ${{ secrets.ACTIONS_KEY }}" \
+              -H "X-GitHub-Api-Version: 2022-11-28" \
+              https://api.github.com/repos/kamuserbot/release/dispatches \
+              -d '{"event_type":"Trigger workflow for '"$BRANCH"'","client_payload":{"branch":  "'"$BRANCH"'"}}'
+            echo "Request sent!"
+          else 
+            echo "skipping Workflow activation"
+          fi

Makefile

@@ -154,14 +154,17 @@ docker-push: ## Push docker image with the manager.
 ##@ Deployment
 
 install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
-	$(KUSTOMIZE) build config/crd | kubectl apply -f -
+	## TODO: Remove sed usage after all v1alpha1 references are updated to v1beta1 in codebase.
+	## For local testing, conversion webhook defined in crd makes call to webhook for each v1alpha1 reference
+	## causing failures as we don't set up the webhook for local testing.
+	$(KUSTOMIZE) build config/crd | sed '/conversion:/,/- v1beta1/d' |kubectl apply --server-side=true -f -
 
 uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config.
 	$(KUSTOMIZE) build config/crd | kubectl delete --ignore-not-found=true -f -
 
 deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
 	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
-	$(KUSTOMIZE) build config/default | kubectl apply -f -
+	$(KUSTOMIZE) build config/default | kubectl apply --server-side=true -f -
 
 undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config.
 	$(KUSTOMIZE) build config/default | kubectl delete --ignore-not-found=true -f -

README.md

@@ -27,7 +27,7 @@ spec:
 
 ![a relative link](docs/assets/operatorhub-listing.png)
 
-3. Install the operator using the defaults in the wizard, and wait for it to show up in the list of "Installed Operators". If it doesn't install properly, you can check on its status in the "Installed Operators" tab in the `openshift-operators` namespace.
+3. Install the operator in the `openshift-gitops-operator` namesapce using the defaults in the wizard, and optionally, select the checkbox to enable cluster monitoring on the namesapce. Wait for it to show up in the list of "Installed Operators". If it doesn't install properly, you can check on its status in the "Installed Operators" tab in the `openshift-gitops-operator` namespace.
 
 ![a relative link](docs/assets/installed-operator.png)
 

bundle/manifests/gitops-operator.clusterserviceversion.yaml

@@ -137,6 +137,8 @@ metadata:
     containerImage: quay.io/redhat-developer/gitops-operator
     description: Enables teams to adopt GitOps principles for managing cluster configurations
       and application delivery across hybrid multi-cluster Kubernetes environments.
+    operatorframework.io/cluster-monitoring: "true"
+    operatorframework.io/suggested-namespace: openshift-gitops-operator
     operators.openshift.io/infrastructure-features: '["disconnected"]'
     operators.operatorframework.io/builder: operator-sdk-v1.10.0+git
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
@@ -221,6 +223,9 @@ spec:
         name: ""
         version: v1
       version: v1alpha1
+    - kind: ArgoCD
+      name: argocds.argoproj.io
+      version: v1beta1
     - kind: ClusterAnalysisTemplate
       name: clusteranalysistemplates.argoproj.io
       version: v1alpha1
@@ -865,28 +870,34 @@ spec:
           - subjectaccessreviews
           verbs:
           - create
-        serviceAccountName: gitops-operator-controller-manager
+        serviceAccountName: openshift-gitops-operator-controller-manager
       deployments:
-      - name: gitops-operator-controller-manager
+      - name: openshift-gitops-operator-controller-manager
         spec:
           replicas: 1
           selector:
             matchLabels:
-              control-plane: argocd-operator
+              control-plane: gitops-operator
           strategy: {}
           template:
             metadata:
               labels:
-                control-plane: argocd-operator
+                control-plane: gitops-operator
             spec:
               containers:
-              - command:
+              - args:
+                - --health-probe-bind-address=:8081
+                - --metrics-bind-address=127.0.0.1:8080
+                - --leader-elect
+                command:
                 - /usr/local/bin/manager
                 env:
                 - name: ARGOCD_CLUSTER_CONFIG_NAMESPACES
                   value: openshift-gitops
                 - name: OPERATOR_NAME
                   value: gitops-operator
+                - name: ENABLE_CONVERSION_WEBHOOK
+                  value: "true"
                 image: quay.io/redhat-developer/gitops-operator:latest
                 livenessProbe:
                   httpGet:
@@ -895,6 +906,10 @@ spec:
                   initialDelaySeconds: 15
                   periodSeconds: 20
                 name: manager
+                ports:
+                - containerPort: 9443
+                  name: webhook-server
+                  protocol: TCP
                 readinessProbe:
                   httpGet:
                     path: /readyz
@@ -909,10 +924,42 @@ spec:
                     - ALL
                   readOnlyRootFilesystem: true
                   runAsNonRoot: true
+              - args:
+                - --secure-listen-address=0.0.0.0:8443
+                - --upstream=http://127.0.0.1:8080
+                - --tls-cert-file=/etc/tls/private/tls.crt
+                - --tls-private-key-file=/etc/tls/private/tls.key
+                - --logtostderr=true
+                - --allow-paths=/metrics
+                image: registry.redhat.io/openshift4/ose-kube-rbac-proxy@sha256:da5d5061dbc2ec5082cf14b6c600fb5400b83cf91d7ccebfa80680a238d275db
+                name: kube-rbac-proxy
+                ports:
+                - containerPort: 8443
+                  name: metrics
+                resources:
+                  limits:
+                    cpu: 500m
+                    memory: 128Mi
+                  requests:
+                    cpu: 1m
+                    memory: 15Mi
+                securityContext:
+                  allowPrivilegeEscalation: false
+                  capabilities:
+                    drop:
+                    - ALL
+                volumeMounts:
+                - mountPath: /etc/tls/private
+                  name: kube-rbac-proxy-tls
+                  readOnly: true
               securityContext:
                 runAsNonRoot: true
-              serviceAccountName: gitops-operator-controller-manager
+              serviceAccountName: openshift-gitops-operator-controller-manager
               terminationGracePeriodSeconds: 10
+              volumes:
+              - name: kube-rbac-proxy-tls
+                secret:
+                  secretName: kube-rbac-proxy-tls
       permissions:
       - rules:
         - apiGroups:
@@ -946,7 +993,7 @@ spec:
           verbs:
           - create
           - patch
-        serviceAccountName: gitops-operator-controller-manager
+        serviceAccountName: openshift-gitops-operator-controller-manager
     strategy: deployment
   installModes:
   - supported: false
@@ -974,3 +1021,16 @@ spec:
     name: Red Hat Inc
   replaces: gitops-operator.v1.7.3
   version: 1.8.0
+  webhookdefinitions:
+  - admissionReviewVersions:
+    - v1alpha1
+    - v1beta1
+    containerPort: 443
+    conversionCRDs:
+    - argocds.argoproj.io
+    deploymentName: openshift-gitops-operator-controller-manager
+    generateName: cargocds.kb.io
+    sideEffects: None
+    targetPort: 9443
+    type: ConversionWebhook
+    webhookPath: /convert

bundle/manifests/gitops-operator-manager-config_v1_configmap.yaml → bundle/manifests/openshift-gitops-operator-manager-config_v1_configmap.yaml

@@ -14,4 +14,4 @@ data:
       resourceName: 2b63967d.openshift.io
 kind: ConfigMap
 metadata:
-  name: gitops-operator-manager-config
+  name: openshift-gitops-operator-manager-config

bundle/manifests/openshift-gitops-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml

@@ -0,0 +1,19 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    control-plane: gitops-operator
+  name: openshift-gitops-operator-metrics-monitor
+spec:
+  endpoints:
+  - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    interval: 30s
+    path: /metrics
+    port: metrics
+    scheme: https
+    tlsConfig:
+      caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt
+      serverName: openshift-gitops-operator-metrics-service.openshift-gitops-operator.svc
+  selector:
+    matchLabels:
+      control-plane: gitops-operator

bundle/manifests/openshift-gitops-operator-metrics-service_v1_service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    service.beta.openshift.io/serving-cert-secret-name: kube-rbac-proxy-tls
+  creationTimestamp: null
+  labels:
+    control-plane: gitops-operator
+  name: openshift-gitops-operator-metrics-service
+spec:
+  ports:
+  - name: metrics
+    port: 8443
+    targetPort: metrics
+  selector:
+    control-plane: gitops-operator
+  type: ClusterIP
+status:
+  loadBalancer: {}

bundle/manifests/openshift-gitops-operator-prometheus_rbac.authorization.k8s.io_v1_role.yaml

@@ -0,0 +1,16 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  creationTimestamp: null
+  name: openshift-gitops-operator-prometheus
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  - endpoints
+  - pods
+  verbs:
+  - get
+  - list
+  - watch

bundle/manifests/openshift-gitops-operator-prometheus_rbac.authorization.k8s.io_v1_rolebinding.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  creationTimestamp: null
+  name: openshift-gitops-operator-prometheus
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: openshift-gitops-operator-prometheus
+subjects:
+- kind: ServiceAccount
+  name: prometheus-k8s
+  namespace: openshift-monitoring

bundle/manifests/openshift-gitops-operator-webhook-service_v1_service.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  creationTimestamp: null
+  name: openshift-gitops-operator-webhook-service
+spec:
+  ports:
+  - port: 443
+    protocol: TCP
+    targetPort: 9443
+  selector:
+    control-plane: gitops-operator
+status:
+  loadBalancer: {}