From f2536ecb42d09b35bd7e0a02f49b95cbf5f95736 Mon Sep 17 00:00:00 2001 From: Gennady Azarenkov Date: Tue, 7 Jan 2025 00:28:46 +0200 Subject: [PATCH] Optimize and document configuration profiles (#622) * move manager and doc Signed-off-by: gazarenkov * remove namespace on patch Signed-off-by: gazarenkov --------- Signed-off-by: gazarenkov --- .../manager.yaml => manager/deployment.yaml} | 17 +-- config/manager/kustomization.yaml | 5 + .../manifests/backstage.io/kustomization.yaml | 22 --- config/manifests/rhdh/kustomization.yaml | 21 --- .../profile/backstage.io/kustomization.yaml | 120 +--------------- config/profile/backstage.io/namespace.yaml | 12 ++ config/profile/external/kustomization.yaml | 121 +--------------- config/profile/rhdh/kustomization.yaml | 127 ++--------------- config/profile/rhdh/manager.yaml | 129 ------------------ config/profile/rhdh/namespace.yaml | 12 ++ config/profile/rhdh/patches/env-patch.yaml | 20 +++ config/scorecard/kustomization.yaml | 9 +- docs/profiles.md | 53 ++++++- 13 files changed, 119 insertions(+), 549 deletions(-) rename config/{profile/backstage.io/manager.yaml => manager/deployment.yaml} (89%) create mode 100644 config/manager/kustomization.yaml create mode 100644 config/profile/backstage.io/namespace.yaml delete mode 100644 config/profile/rhdh/manager.yaml create mode 100644 config/profile/rhdh/namespace.yaml create mode 100644 config/profile/rhdh/patches/env-patch.yaml diff --git a/config/profile/backstage.io/manager.yaml b/config/manager/deployment.yaml similarity index 89% rename from config/profile/backstage.io/manager.yaml rename to config/manager/deployment.yaml index fdbe9482..787ffe9a 100644 --- a/config/profile/backstage.io/manager.yaml +++ b/config/manager/deployment.yaml @@ -1,21 +1,7 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - control-plane: controller-manager - app.kubernetes.io/name: namespace - app.kubernetes.io/instance: system - app.kubernetes.io/component: manager - app.kubernetes.io/created-by: backstage-operator - app.kubernetes.io/part-of: backstage-operator - app.kubernetes.io/managed-by: kustomize - name: system ---- apiVersion: apps/v1 kind: Deployment metadata: name: controller-manager - namespace: system labels: control-plane: controller-manager app.kubernetes.io/name: deployment @@ -39,7 +25,7 @@ spec: # Required because the operator does not work without a Service Account Token automountServiceAccountToken: true # NOSONAR # Configure the nodeAffinity expression - # according to the platforms which are supported by your solution. + # according to the platforms which are supported by your solution. # It is considered best practice to support multiple architectures. You can # build your manager image using the makefile target docker-buildx. affinity: @@ -116,4 +102,3 @@ spec: - name: default-config configMap: name: default-config - diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml new file mode 100644 index 00000000..0c00d6fb --- /dev/null +++ b/config/manager/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- deployment.yaml diff --git a/config/manifests/backstage.io/kustomization.yaml b/config/manifests/backstage.io/kustomization.yaml index a3f620ac..1a51e798 100644 --- a/config/manifests/backstage.io/kustomization.yaml +++ b/config/manifests/backstage.io/kustomization.yaml @@ -9,25 +9,3 @@ resources: - ../../profile/backstage.io - ../../samples - ../../scorecard - -# [WEBHOOK] To enable webhooks, uncomment all the sections with [WEBHOOK] prefix. -# Do NOT uncomment sections with prefix [CERTMANAGER], as OLM does not support cert-manager. -# These patches remove the unnecessary "cert" volume and its manager container volumeMount. -#patchesJson6902: -#- target: -# group: apps -# version: v1 -# kind: Deployment -# name: controller-manager -# namespace: system -# patch: |- -# # Remove the manager container's "cert" volumeMount, since OLM will create and mount a set of certs. -# # Update the indices in this path if adding or removing containers/volumeMounts in the manager's Deployment. -# - op: remove - -# path: /spec/template/spec/containers/0/volumeMounts/0 -# # Remove the "cert" volume, since OLM will create and mount a set of certs. -# # Update the indices in this path if adding or removing volumes in the manager's Deployment. -# - op: remove -# path: /spec/template/spec/volumes/0 - diff --git a/config/manifests/rhdh/kustomization.yaml b/config/manifests/rhdh/kustomization.yaml index f6db6b35..546f0455 100644 --- a/config/manifests/rhdh/kustomization.yaml +++ b/config/manifests/rhdh/kustomization.yaml @@ -7,24 +7,3 @@ resources: - ../../profile/rhdh - ../../samples - ../../scorecard - -# [WEBHOOK] To enable webhooks, uncomment all the sections with [WEBHOOK] prefix. -# Do NOT uncomment sections with prefix [CERTMANAGER], as OLM does not support cert-manager. -# These patches remove the unnecessary "cert" volume and its manager container volumeMount. -#patchesJson6902: -#- target: -# group: apps -# version: v1 -# kind: Deployment -# name: controller-manager -# namespace: system -# patch: |- -# # Remove the manager container's "cert" volumeMount, since OLM will create and mount a set of certs. -# # Update the indices in this path if adding or removing containers/volumeMounts in the manager's Deployment. -# - op: remove - -# path: /spec/template/spec/containers/0/volumeMounts/0 -# # Remove the "cert" volume, since OLM will create and mount a set of certs. -# # Update the indices in this path if adding or removing volumes in the manager's Deployment. -# - op: remove -# path: /spec/template/spec/volumes/0 diff --git a/config/profile/backstage.io/kustomization.yaml b/config/profile/backstage.io/kustomization.yaml index fa11c7ed..5c74dcea 100644 --- a/config/profile/backstage.io/kustomization.yaml +++ b/config/profile/backstage.io/kustomization.yaml @@ -14,124 +14,8 @@ namePrefix: backstage- resources: - ../../crd - ../../rbac -- manager.yaml -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- ../webhook -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. -#- ../certmanager -# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. -#- ../prometheus - -#patches: -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- path: manager_webhook_patch.yaml - -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. -# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. -# 'CERTMANAGER' needs to be enabled to use ca injection -#- path: webhookcainjection_patch.yaml - -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. -# Uncomment the following replacements to add the cert-manager CA injection annotations -#replacements: -# - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -# fieldPath: .metadata.namespace # namespace of the certificate CR -# targets: -# - select: -# kind: ValidatingWebhookConfiguration -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 0 -# create: true -# - select: -# kind: MutatingWebhookConfiguration -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 0 -# create: true -# - select: -# kind: CustomResourceDefinition -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 0 -# create: true -# - source: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -# fieldPath: .metadata.name -# targets: -# - select: -# kind: ValidatingWebhookConfiguration -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 1 -# create: true -# - select: -# kind: MutatingWebhookConfiguration -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 1 -# create: true -# - select: -# kind: CustomResourceDefinition -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 1 -# create: true -# - source: # Add cert-manager annotation to the webhook Service -# kind: Service -# version: v1 -# name: webhook-service -# fieldPath: .metadata.name # namespace of the service -# targets: -# - select: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# fieldPaths: -# - .spec.dnsNames.0 -# - .spec.dnsNames.1 -# options: -# delimiter: '.' -# index: 0 -# create: true -# - source: -# kind: Service -# version: v1 -# name: webhook-service -# fieldPath: .metadata.namespace # namespace of the service -# targets: -# - select: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# fieldPaths: -# - .spec.dnsNames.0 -# - .spec.dnsNames.1 -# options: -# delimiter: '.' -# index: 1 -# create: true +- ../../manager +- namespace.yaml images: - name: controller diff --git a/config/profile/backstage.io/namespace.yaml b/config/profile/backstage.io/namespace.yaml new file mode 100644 index 00000000..ec639451 --- /dev/null +++ b/config/profile/backstage.io/namespace.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: controller-manager + app.kubernetes.io/name: namespace + app.kubernetes.io/instance: system + app.kubernetes.io/component: manager + app.kubernetes.io/created-by: backstage-operator + app.kubernetes.io/part-of: backstage-operator + app.kubernetes.io/managed-by: kustomize + name: system \ No newline at end of file diff --git a/config/profile/external/kustomization.yaml b/config/profile/external/kustomization.yaml index 9edc800e..57eb66af 100644 --- a/config/profile/external/kustomization.yaml +++ b/config/profile/external/kustomization.yaml @@ -9,126 +9,9 @@ namePrefix: backstage- resources: - ../../crd - ../../rbac -#- ../../manager -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- ../webhook -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. -#- ../certmanager -# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. -#- ../prometheus - -#patches: -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- path: manager_webhook_patch.yaml - -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. -# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. -# 'CERTMANAGER' needs to be enabled to use ca injection -#- path: webhookcainjection_patch.yaml - -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. -# Uncomment the following replacements to add the cert-manager CA injection annotations -#replacements: -# - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -# fieldPath: .metadata.namespace # namespace of the certificate CR -# targets: -# - select: -# kind: ValidatingWebhookConfiguration -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 0 -# create: true -# - select: -# kind: MutatingWebhookConfiguration -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 0 -# create: true -# - select: -# kind: CustomResourceDefinition -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 0 -# create: true -# - source: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -# fieldPath: .metadata.name -# targets: -# - select: -# kind: ValidatingWebhookConfiguration -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 1 -# create: true -# - select: -# kind: MutatingWebhookConfiguration -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 1 -# create: true -# - select: -# kind: CustomResourceDefinition -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 1 -# create: true -# - source: # Add cert-manager annotation to the webhook Service -# kind: Service -# version: v1 -# name: webhook-service -# fieldPath: .metadata.name # namespace of the service -# targets: -# - select: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# fieldPaths: -# - .spec.dnsNames.0 -# - .spec.dnsNames.1 -# options: -# delimiter: '.' -# index: 0 -# create: true -# - source: -# kind: Service -# version: v1 -# name: webhook-service -# fieldPath: .metadata.namespace # namespace of the service -# targets: -# - select: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# fieldPaths: -# - .spec.dnsNames.0 -# - .spec.dnsNames.1 -# options: -# delimiter: '.' -# index: 1 -# create: true +- ../../manager images: - name: controller newName: quay.io/rhdh-community/operator - newTag: 0.4.0 + newTag: 0.5.0 diff --git a/config/profile/rhdh/kustomization.yaml b/config/profile/rhdh/kustomization.yaml index 51e00dd2..8c4a75ca 100644 --- a/config/profile/rhdh/kustomization.yaml +++ b/config/profile/rhdh/kustomization.yaml @@ -14,130 +14,21 @@ namePrefix: rhdh- resources: - ../../crd - ../../rbac -- manager.yaml -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- ../webhook -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. -#- ../certmanager -# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. -#- ../prometheus - -#patches: -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- path: manager_webhook_patch.yaml - -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. -# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. -# 'CERTMANAGER' needs to be enabled to use ca injection -#- path: webhookcainjection_patch.yaml - -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. -# Uncomment the following replacements to add the cert-manager CA injection annotations -#replacements: -# - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -# fieldPath: .metadata.namespace # namespace of the certificate CR -# targets: -# - select: -# kind: ValidatingWebhookConfiguration -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 0 -# create: true -# - select: -# kind: MutatingWebhookConfiguration -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 0 -# create: true -# - select: -# kind: CustomResourceDefinition -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 0 -# create: true -# - source: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -# fieldPath: .metadata.name -# targets: -# - select: -# kind: ValidatingWebhookConfiguration -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 1 -# create: true -# - select: -# kind: MutatingWebhookConfiguration -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 1 -# create: true -# - select: -# kind: CustomResourceDefinition -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 1 -# create: true -# - source: # Add cert-manager annotation to the webhook Service -# kind: Service -# version: v1 -# name: webhook-service -# fieldPath: .metadata.name # namespace of the service -# targets: -# - select: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# fieldPaths: -# - .spec.dnsNames.0 -# - .spec.dnsNames.1 -# options: -# delimiter: '.' -# index: 0 -# create: true -# - source: -# kind: Service -# version: v1 -# name: webhook-service -# fieldPath: .metadata.namespace # namespace of the service -# targets: -# - select: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# fieldPaths: -# - .spec.dnsNames.0 -# - .spec.dnsNames.1 -# options: -# delimiter: '.' -# index: 1 -# create: true +- ../../manager +- namespace.yaml images: - name: controller newName: quay.io/rhdh-community/operator newTag: 0.5.0 +patches: +- path: patches/env-patch.yaml + target: + kind: Deployment + name: controller-manager + + generatorOptions: disableNameSuffixHash: true diff --git a/config/profile/rhdh/manager.yaml b/config/profile/rhdh/manager.yaml deleted file mode 100644 index 621626bd..00000000 --- a/config/profile/rhdh/manager.yaml +++ /dev/null @@ -1,129 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - control-plane: controller-manager - app.kubernetes.io/name: namespace - app.kubernetes.io/instance: system - app.kubernetes.io/component: manager - app.kubernetes.io/created-by: backstage-operator - app.kubernetes.io/part-of: backstage-operator - app.kubernetes.io/managed-by: kustomize - name: operator ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: operator - labels: - control-plane: controller-manager - app.kubernetes.io/name: deployment - app.kubernetes.io/instance: controller-manager - app.kubernetes.io/component: manager - app.kubernetes.io/created-by: backstage-operator - app.kubernetes.io/part-of: backstage-operator - app.kubernetes.io/managed-by: kustomize -spec: - selector: - matchLabels: - control-plane: controller-manager - replicas: 1 - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: manager - labels: - control-plane: controller-manager - spec: - # Required because the operator does not work without a Service Account Token - automountServiceAccountToken: true # NOSONAR - # Configure the nodeAffinity expression - # according to the platforms which are supported by your solution. - # It is considered best practice to support multiple architectures. You can - # build your manager image using the makefile target docker-buildx. - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - amd64 -# - arm64 -# - ppc64le -# - s390x - - key: kubernetes.io/os - operator: In - values: - - linux - securityContext: - runAsNonRoot: true - # (user): For common cases that do not require escalating privileges - # it is recommended to ensure that all your Pods/Containers are restrictive. - # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted - # Please uncomment the following code if your project does NOT have to work on old Kubernetes - # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ). - # seccompProfile: - # type: RuntimeDefault - containers: - - command: - - /manager - args: - - --health-probe-bind-address=:8081 - - --metrics-bind-address=:8443 - - --metrics-secure=true - - --leader-elect - env: - - name: OPERATOR_NAME - value: rhdh-operator - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: RELATED_IMAGE_postgresql - value: quay.io/fedora/postgresql-15:latest - - name: RELATED_IMAGE_backstage - value: quay.io/rhdh/rhdh-hub-rhel9:next - image: controller:latest - name: manager - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - ports: - - name: health - containerPort: 8081 - - name: metrics - containerPort: 8443 - livenessProbe: - httpGet: - path: /healthz - port: health - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /readyz - port: health - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 500m - memory: 1Gi - ephemeral-storage: 20Mi - requests: - cpu: 10m - memory: 128Mi - volumeMounts: - - mountPath: /default-config - name: default-config - serviceAccountName: controller-manager - terminationGracePeriodSeconds: 10 - volumes: - - name: default-config - configMap: - name: default-config diff --git a/config/profile/rhdh/namespace.yaml b/config/profile/rhdh/namespace.yaml new file mode 100644 index 00000000..db987089 --- /dev/null +++ b/config/profile/rhdh/namespace.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: controller-manager + app.kubernetes.io/name: namespace + app.kubernetes.io/instance: system + app.kubernetes.io/component: manager + app.kubernetes.io/created-by: backstage-operator + app.kubernetes.io/part-of: backstage-operator + app.kubernetes.io/managed-by: kustomize + name: operator diff --git a/config/profile/rhdh/patches/env-patch.yaml b/config/profile/rhdh/patches/env-patch.yaml new file mode 100644 index 00000000..4236206e --- /dev/null +++ b/config/profile/rhdh/patches/env-patch.yaml @@ -0,0 +1,20 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager +spec: + template: + spec: + containers: + - name: manager + env: + - name: OPERATOR_NAME + value: rhdh-operator + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: RELATED_IMAGE_postgresql + value: quay.io/fedora/postgresql-15:latest + - name: RELATED_IMAGE_backstage + value: quay.io/rhdh/rhdh-hub-rhel9:next diff --git a/config/scorecard/kustomization.yaml b/config/scorecard/kustomization.yaml index 50cd2d08..61ceb4d7 100644 --- a/config/scorecard/kustomization.yaml +++ b/config/scorecard/kustomization.yaml @@ -1,16 +1,17 @@ resources: - bases/config.yaml -patchesJson6902: +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: - path: patches/basic.config.yaml target: group: scorecard.operatorframework.io - version: v1alpha3 kind: Configuration name: config + version: v1alpha3 - path: patches/olm.config.yaml target: group: scorecard.operatorframework.io - version: v1alpha3 kind: Configuration name: config -#+kubebuilder:scaffold:patchesJson6902 + version: v1alpha3 diff --git a/docs/profiles.md b/docs/profiles.md index 49c6efdd..bb262fa5 100644 --- a/docs/profiles.md +++ b/docs/profiles.md @@ -37,9 +37,58 @@ A Configuration Profile consists of a directory with a specific structure named ## Out-of-the-box Configuration Profiles -As of September 2024, there are two predefined profiles: +As of January 2025, there are three predefined profiles: * **rhdh**: The default profile, applied if no explicit PROFILE is specified. This profile contains configurations for the Red Hat Developer Hub. * **backstage.io**: A simple configuration for a bare Backstage instance, utilizing the image available at https://github.com/backstage/backstage/pkgs/container/backstage. +* **external**: A basis for third-party configurations external to the Backstage repository. + +## Creating a New Profile +User may want to create a new Configuration Profile for a specific use case, such as: +* A custom Backstage Default Configuration by providing a specific default-config directory +* A specific configuration for the Operator controller's deployment by providing patches for the base deployment manifest +* A specific name, labels, or annotations for the Operator namespace by providing a specific namespace manifest +* A specific template for ClusterServiceVersion (CSV) manifests by providing a specific CSV manifest in the config/manifests directory + +To create a new Configuration Profile and make it available for test, integration test, and deployment, create a directory with the profile name under the **./config/profile** directory. The directory should contain the following files: +* **kustomization.yaml**: A Kustomize file defining the resources. See [config/profile/rhdh/kustomization.yaml](RHDH profile) for an example. +* **default-config**: A directory containing the Operator Default Configuration. See the [Default Configuration](configuration.md#default-configuration) section for more information. +* **namespace.yaml**: A Kubernetes manifest file defining the namespace for the Operator. +* Optionally **patches**: A directory containing patches for the Operator deployment. + +To add a custom ClusterServiceVersion (CSV) manifest, create a directory with the profile name under the **./config/manifests** directory. The directory should contain the following files: +* **kustomization.yaml**: A Kustomize file defining the resources. See [config/manifests/rhdh/kustomization.yaml](RHDH manifests) for an example. +* **bases/csv.yaml**: A Kubernetes manifest file defining the ClusterServiceVersion. + +### External Profiles +To create a Configuration Profile external to the Backstage Operator repository, create a directory following the same structure as above, and reference the **external** profile in **kustomization.yaml** through the repository URL. Here is an example: + +```yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: backstage-system + +resources: + - https://github.com/redhat-developer/rhdh-operator/config/profile/external + - namespace.yaml + +namePrefix: backstage- + +generatorOptions: + disableNameSuffixHash: true +configMapGenerator: + - files: + - default-config/deployment.yaml + - default-config/service.yaml + - default-config/app-config.yaml + name: default-config +``` +See more about how to [reference remote target in Kustomize](https://github.com/kubernetes-sigs/kustomize/blob/master/examples/remoteBuild.md). + +To deploy the Operator with the external profile, you can use the following command: -Additionally, there is a third profile, currently a work in progress (TBD), called "external," which is intended to be used as a template for third-party configurations external to the Backstage repository. This serves mostly as a placeholder for the time being. +```bash +kusomize build . | kubectl apply -f - +``` +assuming you have installed Kustomize and run the command from the kustomization.yaml's directory. \ No newline at end of file