From 64f8668b745a508f7daf588feceb45333a83756d Mon Sep 17 00:00:00 2001 From: Vaishnavi Hire Date: Thu, 29 Aug 2024 13:48:29 -0400 Subject: [PATCH] ODH release v2.17.0 (#5051) Signed-off-by: VaishnaviHire --- ...er.opendatahub.io_datascienceclusters.yaml | 738 +++++++ ...ion.opendatahub.io_dscinitializations.yaml | 308 +++ ...atures.opendatahub.io_featuretrackers.yaml | 101 + ...er-manager-metrics-service_v1_service.yaml | 17 + ...c.authorization.k8s.io_v1_clusterrole.yaml | 10 + ...b-operator-webhook-service_v1_service.yaml | 24 + ...atahub-operator.clusterserviceversion.yaml | 1825 +++++++++++++++++ ...c.authorization.k8s.io_v1_clusterrole.yaml | 16 + ...rization.k8s.io_v1_clusterrolebinding.yaml | 13 + .../2.17.0/metadata/annotations.yaml | 18 + .../2.17.0/tests/scorecard/config.yaml | 70 + 11 files changed, 3140 insertions(+) create mode 100644 operators/opendatahub-operator/2.17.0/manifests/datasciencecluster.opendatahub.io_datascienceclusters.yaml create mode 100644 operators/opendatahub-operator/2.17.0/manifests/dscinitialization.opendatahub.io_dscinitializations.yaml create mode 100644 operators/opendatahub-operator/2.17.0/manifests/features.opendatahub.io_featuretrackers.yaml create mode 100644 operators/opendatahub-operator/2.17.0/manifests/opendatahub-operator-controller-manager-metrics-service_v1_service.yaml create mode 100644 operators/opendatahub-operator/2.17.0/manifests/opendatahub-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml create mode 100644 operators/opendatahub-operator/2.17.0/manifests/opendatahub-operator-webhook-service_v1_service.yaml create mode 100644 operators/opendatahub-operator/2.17.0/manifests/opendatahub-operator.clusterserviceversion.yaml create mode 100644 operators/opendatahub-operator/2.17.0/manifests/prometheus-k8s-viewer_rbac.authorization.k8s.io_v1_clusterrole.yaml create mode 100644 operators/opendatahub-operator/2.17.0/manifests/prometheus-k8s-viewer_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml create mode 100644 operators/opendatahub-operator/2.17.0/metadata/annotations.yaml create mode 100644 operators/opendatahub-operator/2.17.0/tests/scorecard/config.yaml diff --git a/operators/opendatahub-operator/2.17.0/manifests/datasciencecluster.opendatahub.io_datascienceclusters.yaml b/operators/opendatahub-operator/2.17.0/manifests/datasciencecluster.opendatahub.io_datascienceclusters.yaml new file mode 100644 index 00000000000..a08a0584158 --- /dev/null +++ b/operators/opendatahub-operator/2.17.0/manifests/datasciencecluster.opendatahub.io_datascienceclusters.yaml @@ -0,0 +1,738 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: datascienceclusters.datasciencecluster.opendatahub.io +spec: + group: datasciencecluster.opendatahub.io + names: + kind: DataScienceCluster + listKind: DataScienceClusterList + plural: datascienceclusters + shortNames: + - dsc + singular: datasciencecluster + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: DataScienceCluster is the Schema for the datascienceclusters + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DataScienceClusterSpec defines the desired state of the cluster. + properties: + components: + description: Override and fine tune specific component configurations. + properties: + codeflare: + description: CodeFlare component configuration. If CodeFlare Operator + has been installed in the cluster, it should be uninstalled + first before enabled component. + properties: + devFlags: + description: Add developer fields + properties: + manifests: + description: List of custom manifests for the given component + items: + properties: + contextDir: + default: manifests + description: contextDir is the relative path to + the folder containing manifests in a repository, + default value "manifests" + type: string + sourcePath: + default: "" + description: 'sourcePath is the subpath within contextDir + where kustomize builds start. Examples include + any sub-folder or path: `base`, `overlays/dev`, + `default`, `odh` etc.' + type: string + uri: + default: "" + description: uri is the URI point to a git repo + with tag/branch. e.g. https://github.com/org/repo/tarball/ + type: string + type: object + type: array + type: object + managementState: + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" + enum: + - Managed + - Removed + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + type: object + dashboard: + description: Dashboard component configuration. + properties: + devFlags: + description: Add developer fields + properties: + manifests: + description: List of custom manifests for the given component + items: + properties: + contextDir: + default: manifests + description: contextDir is the relative path to + the folder containing manifests in a repository, + default value "manifests" + type: string + sourcePath: + default: "" + description: 'sourcePath is the subpath within contextDir + where kustomize builds start. Examples include + any sub-folder or path: `base`, `overlays/dev`, + `default`, `odh` etc.' + type: string + uri: + default: "" + description: uri is the URI point to a git repo + with tag/branch. e.g. https://github.com/org/repo/tarball/ + type: string + type: object + type: array + type: object + managementState: + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" + enum: + - Managed + - Removed + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + type: object + datasciencepipelines: + description: DataServicePipeline component configuration. Require + OpenShift Pipelines Operator to be installed before enable component + properties: + devFlags: + description: Add developer fields + properties: + manifests: + description: List of custom manifests for the given component + items: + properties: + contextDir: + default: manifests + description: contextDir is the relative path to + the folder containing manifests in a repository, + default value "manifests" + type: string + sourcePath: + default: "" + description: 'sourcePath is the subpath within contextDir + where kustomize builds start. Examples include + any sub-folder or path: `base`, `overlays/dev`, + `default`, `odh` etc.' + type: string + uri: + default: "" + description: uri is the URI point to a git repo + with tag/branch. e.g. https://github.com/org/repo/tarball/ + type: string + type: object + type: array + type: object + managementState: + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" + enum: + - Managed + - Removed + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + type: object + kserve: + description: Kserve component configuration. Require OpenShift + Serverless and OpenShift Service Mesh Operators to be installed + before enable component Does not support enabled ModelMeshServing + at the same time + properties: + defaultDeploymentMode: + description: Configures the default deployment mode for Kserve. + This can be set to 'Serverless' or 'RawDeployment'. The + value specified in this field will be used to set the default + deployment mode in the 'inferenceservice-config' configmap + for Kserve. This field is optional. If no default deployment + mode is specified, Kserve will use Serverless mode. + enum: + - Serverless + - RawDeployment + pattern: ^(Serverless|RawDeployment)$ + type: string + devFlags: + description: Add developer fields + properties: + manifests: + description: List of custom manifests for the given component + items: + properties: + contextDir: + default: manifests + description: contextDir is the relative path to + the folder containing manifests in a repository, + default value "manifests" + type: string + sourcePath: + default: "" + description: 'sourcePath is the subpath within contextDir + where kustomize builds start. Examples include + any sub-folder or path: `base`, `overlays/dev`, + `default`, `odh` etc.' + type: string + uri: + default: "" + description: uri is the URI point to a git repo + with tag/branch. e.g. https://github.com/org/repo/tarball/ + type: string + type: object + type: array + type: object + managementState: + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" + enum: + - Managed + - Removed + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + serving: + description: Serving configures the KNative-Serving stack + used for model serving. A Service Mesh (Istio) is prerequisite, + since it is used as networking layer. + properties: + ingressGateway: + description: IngressGateway allows to customize some parameters + for the Istio Ingress Gateway that is bound to KNative-Serving. + properties: + certificate: + description: Certificate specifies configuration of + the TLS certificate securing communication for the + gateway. + properties: + secretName: + description: SecretName specifies the name of + the Kubernetes Secret resource that contains + a TLS certificate secure HTTP communications + for the KNative network. + type: string + type: + default: OpenshiftDefaultIngress + description: 'Type specifies if the TLS certificate + should be generated automatically, or if the + certificate is provided by the user. Allowed + values are: * SelfSigned: A certificate is going + to be generated using an own private key. * + Provided: Pre-existence of the TLS Secret (see + SecretName) with a valid certificate is assumed. + * OpenshiftDefaultIngress: Default ingress certificate + configured for OpenShift' + enum: + - SelfSigned + - Provided + - OpenshiftDefaultIngress + type: string + type: object + domain: + description: Domain specifies the host name for intercepting + incoming requests. Most likely, you will want to + use a wildcard name, like *.example.com. If not + set, the domain of the OpenShift Ingress is used. + If you choose to generate a certificate, this is + the domain used for the certificate request. + type: string + type: object + managementState: + default: Managed + enum: + - Managed + - Unmanaged + - Removed + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + name: + default: knative-serving + description: Name specifies the name of the KNativeServing + resource that is going to be created to instruct the + KNative Operator to deploy KNative serving components. + This resource is created in the "knative-serving" namespace. + type: string + type: object + type: object + kueue: + description: Kueue component configuration. + properties: + devFlags: + description: Add developer fields + properties: + manifests: + description: List of custom manifests for the given component + items: + properties: + contextDir: + default: manifests + description: contextDir is the relative path to + the folder containing manifests in a repository, + default value "manifests" + type: string + sourcePath: + default: "" + description: 'sourcePath is the subpath within contextDir + where kustomize builds start. Examples include + any sub-folder or path: `base`, `overlays/dev`, + `default`, `odh` etc.' + type: string + uri: + default: "" + description: uri is the URI point to a git repo + with tag/branch. e.g. https://github.com/org/repo/tarball/ + type: string + type: object + type: array + type: object + managementState: + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" + enum: + - Managed + - Removed + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + type: object + modelmeshserving: + description: ModelMeshServing component configuration. Does not + support enabled Kserve at the same time + properties: + devFlags: + description: Add developer fields + properties: + manifests: + description: List of custom manifests for the given component + items: + properties: + contextDir: + default: manifests + description: contextDir is the relative path to + the folder containing manifests in a repository, + default value "manifests" + type: string + sourcePath: + default: "" + description: 'sourcePath is the subpath within contextDir + where kustomize builds start. Examples include + any sub-folder or path: `base`, `overlays/dev`, + `default`, `odh` etc.' + type: string + uri: + default: "" + description: uri is the URI point to a git repo + with tag/branch. e.g. https://github.com/org/repo/tarball/ + type: string + type: object + type: array + type: object + managementState: + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" + enum: + - Managed + - Removed + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + type: object + modelregistry: + description: ModelRegistry component configuration. + properties: + devFlags: + description: Add developer fields + properties: + manifests: + description: List of custom manifests for the given component + items: + properties: + contextDir: + default: manifests + description: contextDir is the relative path to + the folder containing manifests in a repository, + default value "manifests" + type: string + sourcePath: + default: "" + description: 'sourcePath is the subpath within contextDir + where kustomize builds start. Examples include + any sub-folder or path: `base`, `overlays/dev`, + `default`, `odh` etc.' + type: string + uri: + default: "" + description: uri is the URI point to a git repo + with tag/branch. e.g. https://github.com/org/repo/tarball/ + type: string + type: object + type: array + type: object + managementState: + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" + enum: + - Managed + - Removed + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + type: object + ray: + description: Ray component configuration. + properties: + devFlags: + description: Add developer fields + properties: + manifests: + description: List of custom manifests for the given component + items: + properties: + contextDir: + default: manifests + description: contextDir is the relative path to + the folder containing manifests in a repository, + default value "manifests" + type: string + sourcePath: + default: "" + description: 'sourcePath is the subpath within contextDir + where kustomize builds start. Examples include + any sub-folder or path: `base`, `overlays/dev`, + `default`, `odh` etc.' + type: string + uri: + default: "" + description: uri is the URI point to a git repo + with tag/branch. e.g. https://github.com/org/repo/tarball/ + type: string + type: object + type: array + type: object + managementState: + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" + enum: + - Managed + - Removed + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + type: object + trainingoperator: + description: Training Operator component configuration. + properties: + devFlags: + description: Add developer fields + properties: + manifests: + description: List of custom manifests for the given component + items: + properties: + contextDir: + default: manifests + description: contextDir is the relative path to + the folder containing manifests in a repository, + default value "manifests" + type: string + sourcePath: + default: "" + description: 'sourcePath is the subpath within contextDir + where kustomize builds start. Examples include + any sub-folder or path: `base`, `overlays/dev`, + `default`, `odh` etc.' + type: string + uri: + default: "" + description: uri is the URI point to a git repo + with tag/branch. e.g. https://github.com/org/repo/tarball/ + type: string + type: object + type: array + type: object + managementState: + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" + enum: + - Managed + - Removed + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + type: object + trustyai: + description: TrustyAI component configuration. + properties: + devFlags: + description: Add developer fields + properties: + manifests: + description: List of custom manifests for the given component + items: + properties: + contextDir: + default: manifests + description: contextDir is the relative path to + the folder containing manifests in a repository, + default value "manifests" + type: string + sourcePath: + default: "" + description: 'sourcePath is the subpath within contextDir + where kustomize builds start. Examples include + any sub-folder or path: `base`, `overlays/dev`, + `default`, `odh` etc.' + type: string + uri: + default: "" + description: uri is the URI point to a git repo + with tag/branch. e.g. https://github.com/org/repo/tarball/ + type: string + type: object + type: array + type: object + managementState: + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" + enum: + - Managed + - Removed + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + type: object + workbenches: + description: Workbenches component configuration. + properties: + devFlags: + description: Add developer fields + properties: + manifests: + description: List of custom manifests for the given component + items: + properties: + contextDir: + default: manifests + description: contextDir is the relative path to + the folder containing manifests in a repository, + default value "manifests" + type: string + sourcePath: + default: "" + description: 'sourcePath is the subpath within contextDir + where kustomize builds start. Examples include + any sub-folder or path: `base`, `overlays/dev`, + `default`, `odh` etc.' + type: string + uri: + default: "" + description: uri is the URI point to a git repo + with tag/branch. e.g. https://github.com/org/repo/tarball/ + type: string + type: object + type: array + type: object + managementState: + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" + enum: + - Managed + - Removed + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + type: object + type: object + type: object + status: + description: DataScienceClusterStatus defines the observed state of DataScienceCluster. + properties: + conditions: + description: Conditions describes the state of the DataScienceCluster + resource. + items: + description: Condition represents the state of the operator's reconciliation + functionality. + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + description: ConditionType is the state of the operator's reconciliation + functionality. + type: string + required: + - status + - type + type: object + type: array + errorMessage: + type: string + installedComponents: + additionalProperties: + type: boolean + description: List of components with status if installed or not + type: object + phase: + description: Phase describes the Phase of DataScienceCluster reconciliation + state This is used by OLM UI to provide status information to the + user + type: string + relatedObjects: + description: RelatedObjects is a list of objects created and maintained + by this operator. Object references will be added to this list after + they have been created AND found in the cluster. + items: + description: "ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many fields + which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. Invalid + usage help. It is impossible to add specific help for individual + usage. In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not honored\" + or \"name must be restricted\". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, which + makes it hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual struct + is irrelevant. 5. We cannot easily change it. Because this type + is embedded in many locations, updates to this type will affect + numerous schemas. Don't make new APIs embed an underspecified + API type they do not control. \n Instead of using this type, create + a locally provided and used type that is well-focused on your + reference. For example, ServiceReferences for admission registration: + https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + release: + description: Version and release type + properties: + name: + type: string + version: + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/opendatahub-operator/2.17.0/manifests/dscinitialization.opendatahub.io_dscinitializations.yaml b/operators/opendatahub-operator/2.17.0/manifests/dscinitialization.opendatahub.io_dscinitializations.yaml new file mode 100644 index 00000000000..a22100a8811 --- /dev/null +++ b/operators/opendatahub-operator/2.17.0/manifests/dscinitialization.opendatahub.io_dscinitializations.yaml @@ -0,0 +1,308 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: dscinitializations.dscinitialization.opendatahub.io +spec: + group: dscinitialization.opendatahub.io + names: + kind: DSCInitialization + listKind: DSCInitializationList + plural: dscinitializations + shortNames: + - dsci + singular: dscinitialization + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Current Phase + jsonPath: .status.phase + name: Phase + type: string + - jsonPath: .metadata.creationTimestamp + name: Created At + type: string + name: v1 + schema: + openAPIV3Schema: + description: DSCInitialization is the Schema for the dscinitializations API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DSCInitializationSpec defines the desired state of DSCInitialization. + properties: + applicationsNamespace: + default: opendatahub + description: Namespace for applications to be installed, non-configurable, + default to "opendatahub" + type: string + devFlags: + description: Internal development useful field to test customizations. + This is not recommended to be used in production environment. + properties: + logmode: + default: production + enum: + - devel + - development + - prod + - production + type: string + manifestsUri: + description: Custom manifests uri for odh-manifests + type: string + type: object + monitoring: + description: Enable monitoring on specified namespace + properties: + managementState: + description: 'Set to one of the following values: - "Managed" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if it + is safe to do so. - "Removed" : the operator is actively managing + the component and will not install it, or if it is installed, + the operator will try to remove it.' + enum: + - Managed + - Removed + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + namespace: + default: opendatahub + description: Namespace for monitoring if it is enabled + type: string + type: object + serviceMesh: + description: Configures Service Mesh as networking layer for Data + Science Clusters components. The Service Mesh is a mandatory prerequisite + for single model serving (KServe) and you should review this configuration + if you are planning to use KServe. For other components, it enhances + user experience; e.g. it provides unified authentication giving + a Single Sign On experience. + properties: + auth: + description: Auth holds configuration of authentication and authorization + services used by Service Mesh in Opendatahub. + properties: + audiences: + default: + - https://kubernetes.default.svc + description: Audiences is a list of the identifiers that the + resource server presented with the token identifies as. + Audience-aware token authenticators will verify that the + token was intended for at least one of the audiences in + this list. If no audiences are provided, the audience will + default to the audience of the Kubernetes apiserver (kubernetes.default.svc). + items: + type: string + type: array + namespace: + description: Namespace where it is deployed. If not provided, + the default is to use '-auth-provider' suffix on the ApplicationsNamespace + of the DSCI. + type: string + type: object + controlPlane: + description: ControlPlane holds configuration of Service Mesh + used by Opendatahub. + properties: + metricsCollection: + default: Istio + description: MetricsCollection specifies if metrics from components + on the Mesh namespace should be collected. Setting the value + to "Istio" will collect metrics from the control plane and + any proxies on the Mesh namespace (like gateway pods). Setting + to "None" will disable metrics collection. + enum: + - Istio + - None + type: string + name: + default: data-science-smcp + description: Name is a name Service Mesh Control Plane. Defaults + to "data-science-smcp". + type: string + namespace: + default: istio-system + description: Namespace is a namespace where Service Mesh is + deployed. Defaults to "istio-system". + type: string + type: object + managementState: + default: Removed + enum: + - Managed + - Unmanaged + - Removed + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + type: object + trustedCABundle: + description: When set to `Managed`, adds odh-trusted-ca-bundle Configmap + to all namespaces that includes cluster-wide Trusted CA Bundle in + .data["ca-bundle.crt"]. Additionally, this fields allows admins + to add custom CA bundles to the configmap using the .CustomCABundle + field. + properties: + customCABundle: + default: "" + description: A custom CA bundle that will be available for all components + in the Data Science Cluster(DSC). This bundle will be stored + in odh-trusted-ca-bundle ConfigMap .data.odh-ca-bundle.crt . + type: string + managementState: + default: Removed + description: managementState indicates whether and how the operator + should manage customized CA bundle + enum: + - Managed + - Removed + - Unmanaged + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + required: + - customCABundle + - managementState + type: object + required: + - applicationsNamespace + type: object + status: + description: DSCInitializationStatus defines the observed state of DSCInitialization. + properties: + conditions: + description: Conditions describes the state of the DSCInitializationStatus + resource + items: + description: Condition represents the state of the operator's reconciliation + functionality. + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + description: ConditionType is the state of the operator's reconciliation + functionality. + type: string + required: + - status + - type + type: object + type: array + errorMessage: + type: string + phase: + description: Phase describes the Phase of DSCInitializationStatus + This is used by OLM UI to provide status information to the user + type: string + relatedObjects: + description: RelatedObjects is a list of objects created and maintained + by this operator. Object references will be added to this list after + they have been created AND found in the cluster + items: + description: "ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many fields + which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. Invalid + usage help. It is impossible to add specific help for individual + usage. In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not honored\" + or \"name must be restricted\". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, which + makes it hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual struct + is irrelevant. 5. We cannot easily change it. Because this type + is embedded in many locations, updates to this type will affect + numerous schemas. Don't make new APIs embed an underspecified + API type they do not control. \n Instead of using this type, create + a locally provided and used type that is well-focused on your + reference. For example, ServiceReferences for admission registration: + https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + release: + description: Version and release type + properties: + name: + type: string + version: + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/opendatahub-operator/2.17.0/manifests/features.opendatahub.io_featuretrackers.yaml b/operators/opendatahub-operator/2.17.0/manifests/features.opendatahub.io_featuretrackers.yaml new file mode 100644 index 00000000000..7ffc31f992b --- /dev/null +++ b/operators/opendatahub-operator/2.17.0/manifests/features.opendatahub.io_featuretrackers.yaml @@ -0,0 +1,101 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: featuretrackers.features.opendatahub.io +spec: + group: features.opendatahub.io + names: + kind: FeatureTracker + listKind: FeatureTrackerList + plural: featuretrackers + singular: featuretracker + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: FeatureTracker represents a cluster-scoped resource in the Data + Science Cluster, specifically designed for monitoring and managing objects + created via the internal Features API. This resource serves a crucial role + in cross-namespace resource management, acting as an owner reference for + various resources. The primary purpose of the FeatureTracker is to enable + efficient garbage collection by Kubernetes. This is essential for ensuring + that resources are automatically cleaned up and reclaimed when they are + no longer required. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FeatureTrackerSpec defines the desired state of FeatureTracker. + properties: + appNamespace: + type: string + source: + description: Source describes the type of object that created the + related Feature to this FeatureTracker. + properties: + name: + type: string + type: + type: string + type: object + type: object + status: + description: FeatureTrackerStatus defines the observed state of FeatureTracker. + properties: + conditions: + items: + description: Condition represents the state of the operator's reconciliation + functionality. + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + description: ConditionType is the state of the operator's reconciliation + functionality. + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase describes the Phase of FeatureTracker reconciliation + state. This is used by OLM UI to provide status information to the + user. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/opendatahub-operator/2.17.0/manifests/opendatahub-operator-controller-manager-metrics-service_v1_service.yaml b/operators/opendatahub-operator/2.17.0/manifests/opendatahub-operator-controller-manager-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..c234bf4b695 --- /dev/null +++ b/operators/opendatahub-operator/2.17.0/manifests/opendatahub-operator-controller-manager-metrics-service_v1_service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + control-plane: controller-manager + name: opendatahub-operator-controller-manager-metrics-service +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: 8080 + selector: + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/opendatahub-operator/2.17.0/manifests/opendatahub-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/opendatahub-operator/2.17.0/manifests/opendatahub-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..52b3319cbcd --- /dev/null +++ b/operators/opendatahub-operator/2.17.0/manifests/opendatahub-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,10 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: opendatahub-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operators/opendatahub-operator/2.17.0/manifests/opendatahub-operator-webhook-service_v1_service.yaml b/operators/opendatahub-operator/2.17.0/manifests/opendatahub-operator-webhook-service_v1_service.yaml new file mode 100644 index 00000000000..71d4a49d17d --- /dev/null +++ b/operators/opendatahub-operator/2.17.0/manifests/opendatahub-operator-webhook-service_v1_service.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + service.beta.openshift.io/inject-cabundle: "true" + service.beta.openshift.io/serving-cert-secret-name: opendatahub-operator-controller-webhook-cert + creationTimestamp: null + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/created-by: opendatahub-operator + app.kubernetes.io/instance: webhook-service + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: service + app.kubernetes.io/part-of: opendatahub-operator + name: opendatahub-operator-webhook-service +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/opendatahub-operator/2.17.0/manifests/opendatahub-operator.clusterserviceversion.yaml b/operators/opendatahub-operator/2.17.0/manifests/opendatahub-operator.clusterserviceversion.yaml new file mode 100644 index 00000000000..c7a38c8bc47 --- /dev/null +++ b/operators/opendatahub-operator/2.17.0/manifests/opendatahub-operator.clusterserviceversion.yaml @@ -0,0 +1,1825 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "datasciencecluster.opendatahub.io/v1", + "kind": "DataScienceCluster", + "metadata": { + "labels": { + "app.kubernetes.io/created-by": "opendatahub-operator", + "app.kubernetes.io/instance": "default", + "app.kubernetes.io/managed-by": "kustomize", + "app.kubernetes.io/name": "datasciencecluster", + "app.kubernetes.io/part-of": "opendatahub-operator" + }, + "name": "default-dsc" + }, + "spec": { + "components": { + "codeflare": { + "managementState": "Managed" + }, + "dashboard": { + "managementState": "Managed" + }, + "datasciencepipelines": { + "managementState": "Managed" + }, + "kserve": { + "managementState": "Managed", + "serving": { + "ingressGateway": { + "certificate": { + "type": "OpenshiftDefaultIngress" + } + }, + "managementState": "Managed", + "name": "knative-serving" + } + }, + "kueue": { + "managementState": "Managed" + }, + "modelmeshserving": { + "managementState": "Managed" + }, + "modelregistry": { + "managementState": "Managed" + }, + "ray": { + "managementState": "Managed" + }, + "trainingoperator": { + "managementState": "Managed" + }, + "trustyai": { + "managementState": "Managed" + }, + "workbenches": { + "managementState": "Managed" + } + } + } + }, + { + "apiVersion": "dscinitialization.opendatahub.io/v1", + "kind": "DSCInitialization", + "metadata": { + "labels": { + "app.kubernetes.io/created-by": "opendatahub-operator", + "app.kubernetes.io/instance": "default", + "app.kubernetes.io/managed-by": "kustomize", + "app.kubernetes.io/name": "dscinitialization", + "app.kubernetes.io/part-of": "opendatahub-operator" + }, + "name": "default-dsci" + }, + "spec": { + "applicationsNamespace": "opendatahub", + "monitoring": { + "managementState": "Managed", + "namespace": "opendatahub" + }, + "serviceMesh": { + "controlPlane": { + "metricsCollection": "Istio", + "name": "data-science-smcp", + "namespace": "istio-system" + }, + "managementState": "Managed" + }, + "trustedCABundle": { + "customCABundle": "", + "managementState": "Managed" + } + } + } + ] + capabilities: Full Lifecycle + categories: AI/Machine Learning, Big Data + certified: "False" + containerImage: quay.io/opendatahub/opendatahub-operator:v2.17.0 + createdAt: "2024-08-29T16:20:11Z" + olm.skipRange: '>=1.0.0 <2.17.0' + operators.operatorframework.io/builder: operator-sdk-v1.31.0 + operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 + repository: https://github.com/opendatahub-io/opendatahub-operator + name: opendatahub-operator.v2.17.0 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: DataScienceCluster is the Schema for the datascienceclusters API. + displayName: Data Science Cluster + kind: DataScienceCluster + name: datascienceclusters.datasciencecluster.opendatahub.io + specDescriptors: + - description: Override and fine tune specific component configurations. + displayName: Components + path: components + version: v1 + - description: DSCInitialization is the Schema for the dscinitializations API. + displayName: DSC Initialization + kind: DSCInitialization + name: dscinitializations.dscinitialization.opendatahub.io + specDescriptors: + - description: Namespace for applications to be installed, non-configurable, + default to "opendatahub" + displayName: Applications Namespace + path: applicationsNamespace + - description: Enable monitoring on specified namespace + displayName: Monitoring + path: monitoring + - description: Configures Service Mesh as networking layer for Data Science + Clusters components. The Service Mesh is a mandatory prerequisite for single + model serving (KServe) and you should review this configuration if you are + planning to use KServe. For other components, it enhances user experience; + e.g. it provides unified authentication giving a Single Sign On experience. + displayName: Service Mesh + path: serviceMesh + - description: When set to `Managed`, adds odh-trusted-ca-bundle Configmap to + all namespaces that includes cluster-wide Trusted CA Bundle in .data["ca-bundle.crt"]. + Additionally, this fields allows admins to add custom CA bundles to the + configmap using the .CustomCABundle field. + displayName: Trusted CABundle + path: trustedCABundle + - description: Internal development useful field to test customizations. This + is not recommended to be used in production environment. + displayName: Dev Flags + path: devFlags + statusDescriptors: + - description: Conditions describes the state of the DSCInitializationStatus + resource + displayName: Conditions + path: conditions + version: v1 + - kind: FeatureTracker + name: featuretrackers.features.opendatahub.io + version: v1 + description: "The Open Data Hub is a machine-learning-as-a-service platform built + on Red Hat's Kubernetes-based OpenShift® Container Platform. Open Data Hub integrates + multiple AI/ML open source components into one operator that can easily be downloaded + and installed by OpenShift users.\n\nOpen Data Hub operator allows users to install + and manage components of the Open Data Hub. Users can mix and match tools from + each project to fulfill the needs of their use case. Each of the projects share + some components, but can be mostly seen as an extension of each other to provide + a complete solution for both novice and skilled enterprise users.\n \n### Components\n\n* + Open Data Hub Dashboard - A web dashboard that displays installed Open Data Hub + components with easy access to component UIs and documentation\n* ODH Notebook + Controller - Secure management of Jupyter Notebook in Kubernetes environments + built on top of Kubeflow Notebook Controller with support for OAuth\n* Jupyter + Notebooks - JupyterLab notebook that provide Python support for GPU workloads\n* + Data Science Pipelines - Pipeline solution for end to end MLOps workflows that + support the Kubeflow Pipelines SDK and Tekton\n* Model Mesh - ModelMesh Serving + is the Controller for managing ModelMesh, a general-purpose model serving management/routing + layer\n* Distributed Workloads(Incubation) - Stack built to make managing distributed + compute infrastructure in the cloud easy and intuitive for Data Scientists. This + stack consists of three components \n Codeflare + , KubeRay and Kueue.\n* Kserve - Kserve is the Controller for for serving machine + learning (ML) models on arbitrary frameworks" + displayName: Open Data Hub Operator + icon: + - base64data:  + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - '*' + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - '*' + resources: + - deployments + verbs: + - '*' + - apiGroups: + - '*' + resources: + - replicasets + verbs: + - '*' + - apiGroups: + - '*' + resources: + - services + verbs: + - '*' + - apiGroups: + - '*' + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - addons.managed.openshift.io + resources: + - addons + verbs: + - get + - apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - delete + - get + - list + - patch + - watch + - apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - '*' + - apiGroups: + - apps + resources: + - deployments/finalizers + verbs: + - '*' + - apiGroups: + - apps + resources: + - replicasets + verbs: + - '*' + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - '*' + - apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - '*' + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - get + - apiGroups: + - authorino.kuadrant.io + resources: + - authconfigs + verbs: + - '*' + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - get + - apiGroups: + - authorization.openshift.io + resources: + - clusterrolebindings + verbs: + - '*' + - apiGroups: + - authorization.openshift.io + resources: + - clusterroles + verbs: + - '*' + - apiGroups: + - authorization.openshift.io + resources: + - rolebindings + verbs: + - '*' + - apiGroups: + - authorization.openshift.io + resources: + - roles + verbs: + - '*' + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - autoscaling.openshift.io + resources: + - machineautoscalers + verbs: + - delete + - get + - list + - patch + - apiGroups: + - autoscaling.openshift.io + resources: + - machinesets + verbs: + - delete + - get + - list + - patch + - apiGroups: + - batch + resources: + - cronjobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - batch + resources: + - jobs + verbs: + - '*' + - apiGroups: + - batch + resources: + - jobs/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - build.openshift.io + resources: + - buildconfigs + verbs: + - create + - delete + - get + - list + - patch + - watch + - apiGroups: + - build.openshift.io + resources: + - buildconfigs/instantiate + verbs: + - create + - delete + - get + - list + - patch + - watch + - apiGroups: + - build.openshift.io + resources: + - builds + verbs: + - create + - delete + - get + - list + - patch + - watch + - apiGroups: + - cert-manager.io + resources: + - certificates + - issuers + verbs: + - create + - patch + - apiGroups: + - config.openshift.io + resources: + - clusterversions + verbs: + - get + - list + - watch + - apiGroups: + - config.openshift.io + resources: + - ingresses + verbs: + - get + - apiGroups: + - console.openshift.io + resources: + - consolelinks + verbs: + - create + - delete + - get + - patch + - apiGroups: + - console.openshift.io + resources: + - odhquickstarts + verbs: + - create + - delete + - get + - list + - patch + - apiGroups: + - controller-runtime.sigs.k8s.io + resources: + - controllermanagerconfigs + verbs: + - create + - delete + - get + - patch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - clusterversions + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - configmaps/status + verbs: + - delete + - get + - patch + - update + - apiGroups: + - "" + resources: + - deployments + verbs: + - '*' + - apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - namespaces/finalizers + verbs: + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - '*' + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - '*' + - apiGroups: + - "" + resources: + - pods + verbs: + - '*' + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - '*' + - apiGroups: + - "" + resources: + - pods/log + verbs: + - '*' + - apiGroups: + - "" + resources: + - rhmis + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - secrets/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - '*' + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - services/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - custom.tekton.dev + resources: + - pipelineloops + verbs: + - '*' + - apiGroups: + - dashboard.opendatahub.io + resources: + - acceleratorprofiles + verbs: + - create + - delete + - get + - list + - patch + - apiGroups: + - dashboard.opendatahub.io + resources: + - odhapplications + verbs: + - create + - delete + - get + - list + - patch + - apiGroups: + - dashboard.opendatahub.io + resources: + - odhdocuments + verbs: + - create + - delete + - get + - list + - patch + - apiGroups: + - datasciencecluster.opendatahub.io + resources: + - datascienceclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - datasciencecluster.opendatahub.io + resources: + - datascienceclusters/finalizers + verbs: + - patch + - update + - apiGroups: + - datasciencecluster.opendatahub.io + resources: + - datascienceclusters/status + verbs: + - get + - patch + - update + - apiGroups: + - datasciencepipelinesapplications.opendatahub.io + resources: + - datasciencepipelinesapplications + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - datasciencepipelinesapplications.opendatahub.io + resources: + - datasciencepipelinesapplications/finalizers + verbs: + - get + - patch + - update + - apiGroups: + - datasciencepipelinesapplications.opendatahub.io + resources: + - datasciencepipelinesapplications/status + verbs: + - get + - patch + - update + - apiGroups: + - dscinitialization.opendatahub.io + resources: + - dscinitializations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - dscinitialization.opendatahub.io + resources: + - dscinitializations/finalizers + verbs: + - delete + - get + - patch + - update + - apiGroups: + - dscinitialization.opendatahub.io + resources: + - dscinitializations/status + verbs: + - delete + - get + - patch + - update + - apiGroups: + - events.k8s.io + resources: + - events + verbs: + - delete + - get + - list + - patch + - watch + - apiGroups: + - extensions + resources: + - deployments + verbs: + - '*' + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - delete + - get + - list + - patch + - watch + - apiGroups: + - extensions + resources: + - replicasets + verbs: + - '*' + - apiGroups: + - features.opendatahub.io + resources: + - featuretrackers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - features.opendatahub.io + resources: + - featuretrackers/status + verbs: + - delete + - get + - patch + - update + - apiGroups: + - image.openshift.io + resources: + - imagestreams + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - image.openshift.io + resources: + - imagestreamtags + verbs: + - get + - apiGroups: + - image.openshift.io + resources: + - registry/metrics + verbs: + - get + - apiGroups: + - integreatly.org + resources: + - rhmis + verbs: + - delete + - get + - list + - patch + - watch + - apiGroups: + - machine.openshift.io + resources: + - machineautoscalers + verbs: + - delete + - get + - list + - patch + - apiGroups: + - machine.openshift.io + resources: + - machinesets + verbs: + - delete + - get + - list + - patch + - apiGroups: + - machinelearning.seldon.io + resources: + - seldondeployments + verbs: + - '*' + - apiGroups: + - maistra.io + resources: + - servicemeshcontrolplanes + verbs: + - create + - get + - list + - patch + - update + - use + - watch + - apiGroups: + - maistra.io + resources: + - servicemeshmemberrolls + verbs: + - create + - get + - list + - patch + - update + - use + - watch + - apiGroups: + - maistra.io + resources: + - servicemeshmembers + verbs: + - create + - get + - list + - patch + - update + - use + - watch + - apiGroups: + - maistra.io + resources: + - servicemeshmembers/finalizers + verbs: + - create + - get + - list + - patch + - update + - use + - watch + - apiGroups: + - modelregistry.opendatahub.io + resources: + - modelregistries + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - modelregistry.opendatahub.io + resources: + - modelregistries/finalizers + verbs: + - get + - update + - apiGroups: + - modelregistry.opendatahub.io + resources: + - modelregistries/status + verbs: + - get + - patch + - update + - apiGroups: + - monitoring.coreos.com + resources: + - alertmanagerconfigs + verbs: + - create + - delete + - deletecollection + - get + - patch + - apiGroups: + - monitoring.coreos.com + resources: + - alertmanagers + verbs: + - create + - delete + - deletecollection + - get + - patch + - apiGroups: + - monitoring.coreos.com + resources: + - alertmanagers/finalizers + verbs: + - create + - delete + - deletecollection + - get + - patch + - apiGroups: + - monitoring.coreos.com + resources: + - alertmanagers/status + verbs: + - create + - delete + - deletecollection + - get + - patch + - apiGroups: + - monitoring.coreos.com + resources: + - podmonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - probes + verbs: + - create + - delete + - deletecollection + - get + - patch + - apiGroups: + - monitoring.coreos.com + resources: + - prometheuses + verbs: + - create + - delete + - deletecollection + - get + - patch + - apiGroups: + - monitoring.coreos.com + resources: + - prometheuses/finalizers + verbs: + - create + - delete + - deletecollection + - get + - patch + - apiGroups: + - monitoring.coreos.com + resources: + - prometheuses/status + verbs: + - create + - delete + - deletecollection + - get + - patch + - apiGroups: + - monitoring.coreos.com + resources: + - prometheusrules + verbs: + - create + - delete + - deletecollection + - get + - patch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - thanosrulers + verbs: + - create + - delete + - deletecollection + - get + - patch + - apiGroups: + - monitoring.coreos.com + resources: + - thanosrulers/finalizers + verbs: + - create + - delete + - deletecollection + - get + - patch + - apiGroups: + - monitoring.coreos.com + resources: + - thanosrulers/status + verbs: + - create + - delete + - deletecollection + - get + - patch + - apiGroups: + - networking.istio.io + resources: + - envoyfilters + verbs: + - '*' + - apiGroups: + - networking.istio.io + resources: + - gateways + verbs: + - '*' + - apiGroups: + - networking.istio.io + resources: + - virtualservices + verbs: + - '*' + - apiGroups: + - networking.istio.io + resources: + - virtualservices/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.istio.io + resources: + - virtualservices/status + verbs: + - delete + - get + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - oauth.openshift.io + resources: + - oauthclients + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - opendatahub.io + resources: + - odhdashboardconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - operator.authorino.kuadrant.io + resources: + - authorinos + verbs: + - '*' + - apiGroups: + - operator.knative.dev + resources: + - knativeservings + verbs: + - '*' + - apiGroups: + - operator.openshift.io + resources: + - consoles + verbs: + - delete + - get + - list + - patch + - watch + - apiGroups: + - operator.openshift.io + resources: + - ingresscontrollers + verbs: + - delete + - get + - list + - patch + - watch + - apiGroups: + - operators.coreos.com + resources: + - catalogsources + verbs: + - get + - list + - watch + - apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + verbs: + - delete + - get + - list + - update + - watch + - apiGroups: + - operators.coreos.com + resources: + - customresourcedefinitions + verbs: + - create + - delete + - get + - patch + - apiGroups: + - operators.coreos.com + resources: + - operatorconditions + verbs: + - get + - list + - watch + - apiGroups: + - operators.coreos.com + resources: + - subscriptions + verbs: + - delete + - get + - list + - watch + - apiGroups: + - ray.io + resources: + - rayclusters + verbs: + - create + - delete + - get + - list + - patch + - apiGroups: + - ray.io + resources: + - rayjobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ray.io + resources: + - rayservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - '*' + - apiGroups: + - route.openshift.io + resources: + - routers/federate + verbs: + - get + - apiGroups: + - route.openshift.io + resources: + - routers/metrics + verbs: + - get + - apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + verbs: + - '*' + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - '*' + - apiGroups: + - security.openshift.io + resourceNames: + - anyuid + resources: + - securitycontextconstraints + verbs: + - '*' + - apiGroups: + - security.openshift.io + resourceNames: + - restricted + resources: + - securitycontextconstraints + verbs: + - '*' + - apiGroups: + - serving.knative.dev + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.knative.dev + resources: + - services/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.knative.dev + resources: + - services/status + verbs: + - delete + - get + - patch + - update + - apiGroups: + - serving.kserve.io + resources: + - clusterservingruntimes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.kserve.io + resources: + - clusterservingruntimes/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.kserve.io + resources: + - clusterservingruntimes/status + verbs: + - delete + - get + - patch + - update + - apiGroups: + - serving.kserve.io + resources: + - inferencegraphs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.kserve.io + resources: + - inferencegraphs/status + verbs: + - delete + - get + - patch + - update + - apiGroups: + - serving.kserve.io + resources: + - inferenceservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.kserve.io + resources: + - inferenceservices/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.kserve.io + resources: + - inferenceservices/status + verbs: + - delete + - get + - patch + - update + - apiGroups: + - serving.kserve.io + resources: + - predictors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.kserve.io + resources: + - predictors/finalizers + verbs: + - get + - patch + - update + - apiGroups: + - serving.kserve.io + resources: + - predictors/status + verbs: + - delete + - get + - patch + - update + - apiGroups: + - serving.kserve.io + resources: + - servingruntimes + verbs: + - '*' + - apiGroups: + - serving.kserve.io + resources: + - servingruntimes/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.kserve.io + resources: + - servingruntimes/status + verbs: + - get + - patch + - update + - apiGroups: + - serving.kserve.io + resources: + - trainedmodels + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.kserve.io + resources: + - trainedmodels/status + verbs: + - delete + - get + - patch + - update + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get + - patch + - apiGroups: + - tekton.dev + resources: + - '*' + verbs: + - '*' + - apiGroups: + - template.openshift.io + resources: + - templates + verbs: + - '*' + - apiGroups: + - trustyai.opendatahub.io + resources: + - trustyaiservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - trustyai.opendatahub.io + resources: + - trustyaiservices/finalizers + verbs: + - update + - apiGroups: + - trustyai.opendatahub.io + resources: + - trustyaiservices/status + verbs: + - get + - patch + - update + - apiGroups: + - user.openshift.io + resources: + - groups + verbs: + - create + - delete + - get + - list + - patch + - watch + - apiGroups: + - user.openshift.io + resources: + - users + verbs: + - delete + - get + - list + - patch + - watch + serviceAccountName: opendatahub-operator-controller-manager + deployments: + - label: + control-plane: controller-manager + name: opendatahub-operator-controller-manager + spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + strategy: {} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + name: opendatahub-operator + spec: + containers: + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=0.0.0.0:8080 + - --leader-elect + command: + - /manager + env: + - name: DISABLE_DSC_CONFIG + value: "true" + - name: OPERATOR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: DEFAULT_MANIFESTS_PATH + value: /opt/manifests + image: quay.io/opendatahub/opendatahub-operator:v2.17.0 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 4Gi + requests: + cpu: 100m + memory: 780Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + serviceAccountName: opendatahub-operator-controller-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: opendatahub-operator-controller-webhook-cert + strategy: deployment + installModes: + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - odh + - notebooks + - serving + - training + - pipelines + - modelmesh + - workbenches + - dashboard + - kserve + - distributed-workloads + links: + - name: Open Data Hub + url: https://opendatahub.io + - name: Open Data Hub Community + url: https://github.com/opendatahub-io/opendatahub-community + maintainers: + - email: opendatahub@redhat.com + name: Open Data Hub Maintainers + maturity: stable + minKubeVersion: 1.25.0 + provider: + name: ODH + selector: + matchLabels: + component: opendatahub-operator + skips: + - opendatahub-operator.v2.9.0 + replaces: opendatahub-operator.v2.16.0 + version: 2.17.0 + webhookdefinitions: + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: opendatahub-operator-controller-manager + failurePolicy: Fail + generateName: operator.opendatahub.io + rules: + - apiGroups: + - datasciencecluster.opendatahub.io + - dscinitialization.opendatahub.io + apiVersions: + - v1 + operations: + - CREATE + - DELETE + resources: + - datascienceclusters + - dscinitializations + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-opendatahub-io-v1 diff --git a/operators/opendatahub-operator/2.17.0/manifests/prometheus-k8s-viewer_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/opendatahub-operator/2.17.0/manifests/prometheus-k8s-viewer_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..3109a48e21d --- /dev/null +++ b/operators/opendatahub-operator/2.17.0/manifests/prometheus-k8s-viewer_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: prometheus-k8s-viewer +rules: +- apiGroups: + - "" + resources: + - pods + - services + - endpoints + verbs: + - get + - watch + - list diff --git a/operators/opendatahub-operator/2.17.0/manifests/prometheus-k8s-viewer_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml b/operators/opendatahub-operator/2.17.0/manifests/prometheus-k8s-viewer_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml new file mode 100644 index 00000000000..e88728f1c53 --- /dev/null +++ b/operators/opendatahub-operator/2.17.0/manifests/prometheus-k8s-viewer_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + name: prometheus-k8s-viewer +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: prometheus-k8s-viewer +subjects: +- kind: ServiceAccount + name: prometheus-k8s + namespace: openshift-monitoring diff --git a/operators/opendatahub-operator/2.17.0/metadata/annotations.yaml b/operators/opendatahub-operator/2.17.0/metadata/annotations.yaml new file mode 100644 index 00000000000..60a4b05ac0c --- /dev/null +++ b/operators/opendatahub-operator/2.17.0/metadata/annotations.yaml @@ -0,0 +1,18 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: opendatahub-operator + operators.operatorframework.io.bundle.channels.v1: fast + operators.operatorframework.io.bundle.channel.default.v1: fast + operators.operatorframework.io.metrics.builder: operator-sdk-v1.31.0 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ + + # OpenShift specific version + com.redhat.openshift.versions: v4.12 diff --git a/operators/opendatahub-operator/2.17.0/tests/scorecard/config.yaml b/operators/opendatahub-operator/2.17.0/tests/scorecard/config.yaml new file mode 100644 index 00000000000..df8ca940938 --- /dev/null +++ b/operators/opendatahub-operator/2.17.0/tests/scorecard/config.yaml @@ -0,0 +1,70 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.31.0 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.24.1 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.24.1 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.24.1 + labels: + suite: olm + test: olm-crds-have-resources-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.24.1 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.24.1 + labels: + suite: olm + test: olm-status-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {}