Merge branch 'main' of https://github.com/janus-idp/operator into doc

Makefile

@@ -30,7 +30,7 @@ BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL)
 # This variable is used to construct full image tags for bundle and catalog images.
 #
 # For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both
-# backstage.io/backstage-operator-bundle:$VERSION and backstage.io/backstage-operator-catalog:$VERSION.
+# janus-idp.io/backstage-operator-bundle:$VERSION and janus-idp.io/backstage-operator-catalog:$VERSION.
 IMAGE_TAG_BASE ?= quay.io/rhdh/backstage-operator
 
 # BUNDLE_IMG defines the image:tag used for the bundle.
@@ -209,7 +209,7 @@ ADDLICENSE ?= $(LOCALBIN)/addlicense
 
 ## Tool Versions
 KUSTOMIZE_VERSION ?= v3.8.7
-CONTROLLER_TOOLS_VERSION ?= v0.10.0
+CONTROLLER_TOOLS_VERSION ?= v0.11.3
 GOLANGCI_LINT_VERSION ?= v1.49.0
 GOIMPORTS_VERSION ?= v0.15.0
 ADDLICENSE_VERSION ?= v1.1.1
@@ -309,15 +309,16 @@ release-push: $(CONTAINER_ENGINE)-push bundle-push catalog-push ## Push operator
 .PHONY: deploy-olm
 deploy-olm: ## Deploy the operator with OLM
 	kubectl apply -f config/samples/catalog-operator-group.yaml
-	sed "s/{{VERSION}}/$(subst /,\/,$(VERSION))/g" config/samples/catalog-subscription-template.yaml | kubectl apply -f -
+	sed "s/{{VERSION}}/$(subst /,\/,$(VERSION))/g" config/samples/catalog-subscription-template.yaml | sed "s/{{DEFAULT_OLM_NAMESPACE}}/$(subst /,\/,$(DEFAULT_OLM_NAMESPACE))/g" | kubectl apply -f -
 
 .PHONY: undeploy-olm
 undeploy-olm: ## Un-deploy the operator with OLM
 	-kubectl delete subscriptions.operators.coreos.com backstage-operator
 	-kubectl delete operatorgroup backstage-operator-group
-	-kubectl delete clusterserviceversion backstage-operator.v${VERSION}
+	-kubectl delete clusterserviceversion backstage-operator.v$(VERSION)
 
+DEFAULT_OLM_NAMESPACE ?= openshift-marketplace
 .PHONY: catalog-update
-catalog-update: ## Update catalog source in namespace openshift-marketplace
-	-kubectl delete catalogsource backstage-operator -n openshift-marketplace
-	sed "s/{{CATALOG_IMG}}/$(subst /,\/,$(CATALOG_IMG))/g" config/samples/catalog-source-template.yaml | kubectl apply -f -
+catalog-update: ## Update catalog source in the default namespace for catalogsource
+	-kubectl delete catalogsource backstage-operator -n $(DEFAULT_OLM_NAMESPACE)
+	sed "s/{{CATALOG_IMG}}/$(subst /,\/,$(CATALOG_IMG))/g" config/samples/catalog-source-template.yaml | kubectl apply -n $(DEFAULT_OLM_NAMESPACE) -f -

PROJECT

@@ -1,18 +1,18 @@
-domain: backstage.io
+domain: janus-idp.io
 layout:
 - go.kubebuilder.io/v3
 plugins:
   manifests.sdk.operatorframework.io/v2: {}
   scorecard.sdk.operatorframework.io/v2: {}
 projectName: backstage-operator
-repo: backstage.io/backstage-operator
+repo: janus-idp.io/backstage-operator
 resources:
 - api:
     crdVersion: v1
     namespaced: true
   controller: true
-  domain: backstage.io
+  domain: janus-idp.io
   kind: Backstage
-  path: backstage.io/backstage-operator/api/v1alpha1
+  path: janus-idp.io/backstage-operator/api/v1alpha1
   version: v1alpha1
 version: "3"

README.md

@@ -2,7 +2,7 @@
 Operator for deploying Backstage for Janus-IDP.
 
 ## Description
-Implementing https://backstage.io/docs/deployment/k8s/ procedure
+Implementing https://janus-idp.io/docs/deployment/k8s/ procedure
 At first stage CR update does not affect Backstage Objects, just installation (same as Helm)
 TODO: Do we need to continuosly sync the states? Which way if so: from CR to Objects or back or (somehow) back and forth?
 

api/v1alpha1/groupversion_info.go

@@ -16,7 +16,7 @@ limitations under the License.
 
 // Package v1alpha1 contains API Schema definitions for the  v1alpha1 API group
 // +kubebuilder:object:generate=true
-// +groupName=backstage.io
+// +groupName=janus-idp.io
 package v1alpha1
 
 import (
@@ -26,7 +26,7 @@ import (
 
 var (
 	// GroupVersion is group version used to register these objects
-	GroupVersion = schema.GroupVersion{Group: "backstage.io", Version: "v1alpha1"}
+	GroupVersion = schema.GroupVersion{Group: "janus-idp.io", Version: "v1alpha1"}
 
 	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
 	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

bundle/manifests/backstage-controller-manager-metrics-service_v1_service.yaml

@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Service
+metadata:
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/component: kube-rbac-proxy
+    app.kubernetes.io/created-by: backstage-operator
+    app.kubernetes.io/instance: controller-manager-metrics-service
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: service
+    app.kubernetes.io/part-of: backstage-operator
+    control-plane: controller-manager
+  name: backstage-controller-manager-metrics-service
+spec:
+  ports:
+  - name: https
+    port: 8443
+    protocol: TCP
+    targetPort: https
+  selector:
+    control-plane: controller-manager
+status:
+  loadBalancer: {}

bundle/manifests/backstage-default-config_v1_configmap.yaml

@@ -0,0 +1,253 @@
+apiVersion: v1
+data:
+  backend-auth-secret.yaml: |
+    apiVersion: v1
+    kind: Secret
+    metadata:
+      name: # placeholder for '<cr-name>-auth'
+    data:
+    # A random value will be generated for the backend-secret key
+  db-service-hl.yaml: |-
+    apiVersion: v1
+    kind: Service
+    metadata:
+      name: backstage-psql-cr1-hl # placeholder for 'backstage-psql-<cr-name>-hl'
+    spec:
+      selector:
+        janus-idp.io/app:  backstage-psql-cr1 # placeholder for 'backstage-psql-<cr-name>'
+      clusterIP: None
+      ports:
+        - port: 5432
+  db-service.yaml: |
+    apiVersion: v1
+    kind: Service
+    metadata:
+      name: backstage-psql # placeholder for 'backstage-psql-<cr-name>' .NOTE: For the time it is static and linked to Secret-> postgres-secrets -> OSTGRES_HOST
+    spec:
+      selector:
+        janus-idp.io/app:  backstage-psql-cr1 # placeholder for 'backstage-psql-<cr-name>'
+      ports:
+        - port: 5432
+  db-statefulset.yaml: |-
+    apiVersion: apps/v1
+    kind: StatefulSet
+    metadata:
+      name: backstage-psql-cr1 # placeholder for 'backstage-psql-<cr-name>'
+    spec:
+      podManagementPolicy: OrderedReady
+      replicas: 1
+      selector:
+        matchLabels:
+          janus-idp.io/app: backstage-psql-cr1 # placeholder for 'backstage-psql-<cr-name>'
+      serviceName: backstage-psql-cr1-hl # placeholder for 'backstage-psql-<cr-name>-hl'
+      template:
+        metadata:
+          labels:
+            janus-idp.io/app: backstage-psql-cr1 # placeholder for 'backstage-psql-<cr-name>'
+          name: backstage-db-cr1 # placeholder for 'backstage-psql-<cr-name>'
+        spec:
+          persistentVolumeClaimRetentionPolicy:
+            whenDeleted: Retain
+            whenScaled: Retain
+          containers:
+            - env:
+                - name: POSTGRESQL_PORT_NUMBER
+                  value: "5432"
+                - name: POSTGRESQL_VOLUME_DIR
+                  value: /var/lib/pgsql/data
+                - name: PGDATA
+                  value: /var/lib/pgsql/data/userdata
+              envFrom:
+                - secretRef:
+                    name: postgres-secrets
+              image: quay.io/fedora/postgresql-15:latest
+              imagePullPolicy: IfNotPresent
+              securityContext:
+                runAsNonRoot: true
+                allowPrivilegeEscalation: false
+                seccompProfile:
+                  type: RuntimeDefault
+                capabilities:
+                  drop:
+                    - ALL
+              livenessProbe:
+                exec:
+                  command:
+                    - /bin/sh
+                    - -c
+                    - exec pg_isready -U ${POSTGRES_USER} -h 127.0.0.1 -p 5432
+                failureThreshold: 6
+                initialDelaySeconds: 30
+                periodSeconds: 10
+                successThreshold: 1
+                timeoutSeconds: 5
+              name: postgresql
+              ports:
+                - containerPort: 5432
+                  name: tcp-postgresql
+                  protocol: TCP
+              readinessProbe:
+                exec:
+                  command:
+                    - /bin/sh
+                    - -c
+                    - -e
+                    - |
+                      exec pg_isready -U ${POSTGRES_USER} -h 127.0.0.1 -p 5432
+                failureThreshold: 6
+                initialDelaySeconds: 5
+                periodSeconds: 10
+                successThreshold: 1
+                timeoutSeconds: 5
+              resources:
+                requests:
+                  cpu: 250m
+                  memory: 256Mi
+                limits:
+                  memory: 1024Mi
+              volumeMounts:
+                - mountPath: /dev/shm
+                  name: dshm
+                - mountPath: /var/lib/pgsql/data
+                  name: data
+          restartPolicy: Always
+          securityContext: {}
+          serviceAccount: default
+          serviceAccountName: default
+          volumes:
+            - emptyDir:
+                medium: Memory
+              name: dshm
+      updateStrategy:
+        rollingUpdate:
+          partition: 0
+        type: RollingUpdate
+      volumeClaimTemplates:
+        - apiVersion: v1
+          kind: PersistentVolumeClaim
+          metadata:
+            name: data
+          spec:
+            accessModes:
+              - ReadWriteOnce
+            resources:
+              requests:
+                storage: 1Gi
+  deployment.yaml: |-
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+      name: backstage
+    spec:
+      replicas: 1
+      selector:
+        matchLabels:
+          janus-idp.io/app:  # placeholder for 'backstage-<cr-name>'
+      template:
+        metadata:
+          labels:
+            janus-idp.io/app:  # placeholder for 'backstage-<cr-name>'
+        spec:
+          #      serviceAccountName: default
+          volumes:
+            - ephemeral:
+                volumeClaimTemplate:
+                  spec:
+                    accessModes:
+                      - ReadWriteOnce
+                    resources:
+                      requests:
+                        storage: 1Gi
+              name: dynamic-plugins-root
+            - name: dynamic-plugins-npmrc
+              secret:
+                defaultMode: 420
+                optional: true
+                secretName: dynamic-plugins-npmrc
+
+          initContainers:
+            - command:
+                - ./install-dynamic-plugins.sh
+                - /dynamic-plugins-root
+              env:
+                - name: NPM_CONFIG_USERCONFIG
+                  value: /opt/app-root/src/.npmrc.dynamic-plugins
+              image: 'quay.io/janus-idp/backstage-showcase:next'
+              imagePullPolicy: IfNotPresent
+              name: install-dynamic-plugins
+              volumeMounts:
+                - mountPath: /dynamic-plugins-root
+                  name: dynamic-plugins-root
+                - mountPath: /opt/app-root/src/.npmrc.dynamic-plugins
+                  name: dynamic-plugins-npmrc
+                  readOnly: true
+                  subPath: .npmrc
+              workingDir: /opt/app-root/src
+
+          containers:
+            - name: backstage-backend
+              image: quay.io/janus-idp/backstage-showcase:next
+              imagePullPolicy: IfNotPresent
+              args:
+                - "--config"
+                - "dynamic-plugins-root/app-config.dynamic-plugins.yaml"
+              readinessProbe:
+                failureThreshold: 3
+                httpGet:
+                  path: /healthcheck
+                  port: 7007
+                  scheme: HTTP
+                initialDelaySeconds: 30
+                periodSeconds: 10
+                successThreshold: 2
+                timeoutSeconds: 2
+              livenessProbe:
+                failureThreshold: 3
+                httpGet:
+                  path: /healthcheck
+                  port: 7007
+                  scheme: HTTP
+                initialDelaySeconds: 60
+                periodSeconds: 10
+                successThreshold: 1
+                timeoutSeconds: 2
+              ports:
+                - name: http
+                  containerPort: 7007
+              env:
+                - name: APP_CONFIG_backend_listen_port
+                  value: "7007"
+              envFrom:
+                - secretRef:
+                    name: postgres-secrets
+              #            - secretRef:
+              #                name: backstage-secrets
+              volumeMounts:
+                - mountPath: /opt/app-root/src/dynamic-plugins-root
+                  name: dynamic-plugins-root
+  dynamic-plugins-configmap.yaml: |-
+    apiVersion: v1
+    kind: ConfigMap
+    metadata:
+      name: # placeholder for '<cr-name>-dynamic-plugins'
+    data:
+      "dynamic-plugins.yaml": |
+        includes:
+          - dynamic-plugins.default.yaml
+        plugins: []
+  service.yaml: |-
+    apiVersion: v1
+    kind: Service
+    metadata:
+      name: backstage
+    spec:
+      type: NodePort
+      selector:
+        janus-idp.io/app:  # placeholder for 'backstage-<cr-name>'
+      ports:
+        - name: http
+          port: 80
+          targetPort: http
+kind: ConfigMap
+metadata:
+  name: backstage-default-config

bundle/manifests/backstage-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml

@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/component: kube-rbac-proxy
+    app.kubernetes.io/created-by: backstage-operator
+    app.kubernetes.io/instance: metrics-reader
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/part-of: backstage-operator
+  name: backstage-metrics-reader
+rules:
+- nonResourceURLs:
+  - /metrics
+  verbs:
+  - get