layered

gazarenkov · Mar 17, 2024 · 2cda2c1 · 2cda2c1
1 parent a786b66
commit 2cda2c1
Show file tree

Hide file tree

Showing 26 changed files with 300 additions and 2,079 deletions.
diff --git a/Makefile b/Makefile
@@ -231,7 +231,8 @@ GOSEC_FMT ?= sarif  # for other options, see https://github.com/securego/gosec#o
 GOSEC_OUTPUT_FILE ?= gosec.sarif
 
 GINKGO ?= $(LOCALBIN)/ginkgo
-GINKGO_VERSION ?= v2.9.5
+#GINKGO_VERSION ?= v2.9.5
+GINKGO_VERSION ?= v2.16.0
 
 KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
 .PHONY: kustomize

diff --git a/config/manager/default-config/db-statefulset.yaml b/config/manager/default-config/db-statefulset.yaml
@@ -16,7 +16,7 @@ spec:
       name: backstage-db-cr1 # placeholder for 'backstage-psql-<cr-name>'
     spec:
 #      securityContext:
-#        runAsGroup: 26
+#        fsGroup: 26
       automountServiceAccountToken: false
       ## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/
       ## The optional .spec.persistentVolumeClaimRetentionPolicy field controls if and how PVCs are deleted during the lifecycle of a StatefulSet.
@@ -35,8 +35,8 @@ spec:
           image: quay.io/fedora/postgresql-15:latest # will be replaced with the actual image
           imagePullPolicy: IfNotPresent
           securityContext:
-#            runAsUser: 26
-#            runAsGroup: 0
+            runAsUser: 26
+            runAsGroup: 0
             runAsNonRoot: true
             allowPrivilegeEscalation: false
             seccompProfile:

diff --git a/config/manager/default-config/deployment.yaml b/config/manager/default-config/deployment.yaml
@@ -1,7 +1,7 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name:  # placeholder for 'backstage-<cr-name>'
+  name: backstage # placeholder for 'backstage-<cr-name>'
 spec:
   replicas: 1
   selector:
@@ -14,10 +14,8 @@ spec:
     spec:
       automountServiceAccountToken: false
       #Error: EACCES: permission denied, open '/dynamic-plugins-root/backstage-plugin-scaffolder-backend-module-github-dynamic-0.2.2.tgz'
-      securityContext:
-        fsGroup: 1001
-#        runAsUser: 1001
-#        runAsGroup: 1001
+#      securityContext:
+#        fsGroup: 1001
       volumes:
         - ephemeral:
             volumeClaimTemplate:
@@ -53,11 +51,14 @@ spec:
               readOnly: true
               subPath: .npmrc
           workingDir: /opt/app-root/src
-#          resources:
-#            limits:
-#              cpu: 1000m
-#              memory: 2.5Gi
-#              ephemeral-storage: 5Gi
+          resources:
+            requests:
+              cpu: 250m
+              memory: 256Mi
+            limits:
+              cpu: 1000m
+              memory: 2.5Gi
+              ephemeral-storage: 5Gi
       containers:
         - name: backstage-backend
           # image will be replaced by the value of the `RELATED_IMAGE_backstage` env var, if set
@@ -100,8 +101,11 @@ spec:
           volumeMounts:
             - mountPath: /opt/app-root/src/dynamic-plugins-root
               name: dynamic-plugins-root
-#          resources:
-#            limits:
-#              cpu: 1000m
-#              memory: 2.5Gi
-#              ephemeral-storage: 5Gi
+          resources:
+            requests:
+              cpu: 250m
+              memory: 256Mi
+            limits:
+              cpu: 1000m
+              memory: 2.5Gi
+              ephemeral-storage: 5Gi
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
@@ -4,8 +4,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
 - name: controller
-  newName: quay.io/janus-idp/operator
-  newTag: 0.2.0
+  newName: gazarenkov/backstage-operator
 
 generatorOptions:
   disableNameSuffixHash: true

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -9,9 +9,6 @@ rules:
   - ""
   resources:
   - configmaps
-  - persistentvolumeclaims
-  - persistentvolumes
-  - secrets
   - services
   verbs:
   - create
@@ -21,6 +18,24 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumeclaims
+  - persistentvolumes
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+  - delete
+  - patch
+  - update
 - apiGroups:
   - apps
   resources:
@@ -46,7 +61,7 @@ rules:
   - update
   - watch
 - apiGroups:
-  - janus-idp.io
+  - rhdh.redhat.com
   resources:
   - backstages
   verbs:
@@ -58,13 +73,13 @@ rules:
   - update
   - watch
 - apiGroups:
-  - janus-idp.io
+  - rhdh.redhat.com
   resources:
   - backstages/finalizers
   verbs:
   - update
 - apiGroups:
-  - janus-idp.io
+  - rhdh.redhat.com
   resources:
   - backstages/status
   verbs: