This is an automated email from the ASF dual-hosted git repository. squakez pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 57163ed7f4a2693143e3fef95a2bcaee1798cf3b Author: Pasquale Congiusti <[email protected]> AuthorDate: Sat Jun 20 09:18:54 2026 +0200 chore(install): multi namespace support Closes #6616 --- .github/actions/release-nightly/action.yml | 6 +- .github/workflows/common.yml | 2 +- .github/workflows/nightly-multi.yml | 4 +- .../pages/installation/advanced/jdk-version.adoc | 2 +- .../ROOT/pages/installation/installation.adoc | 18 +++- docs/modules/ROOT/pages/installation/upgrade.adoc | 4 +- e2e/install/kustomize/all_namespaces_test.go | 4 +- e2e/install/kustomize/multi_namespace_test.go | 98 ++++++++++++++++++++++ e2e/install/kustomize/own_namespace_test.go | 4 +- e2e/install/kustomize/single_namespace_test.go | 4 +- e2e/install/upgrade/upgrade_test.go | 2 +- .../descoped => all-namespaces}/kustomization.yaml | 4 +- .../patch-operator-id.yaml | 0 .../patch-watch-namespace-global.yaml | 0 .../kustomization.yaml | 1 + .../operator/kustomization.yaml | 6 +- .../operator/operator-role-binding-events.yaml} | 23 ++--- .../operator/operator-role-events.yaml} | 29 ++++--- .../operator/patch-envvars.yaml} | 2 +- .../tenant-a-ns-rbac/kustomization.yaml | 2 +- .../patch-rolebinding-subjects.yaml | 2 +- .../tenant-b-ns-rbac}/kustomization.yaml | 6 +- .../patch-rolebinding-subjects.yaml | 2 +- .../own-namespace/kustomization.yaml | 4 +- .../own-namespace/patch-log-level.yaml | 0 .../own-namespace/patch-node-selector.yaml | 0 .../own-namespace/patch-operator-id.yaml | 0 .../own-namespace/patch-ports.yaml | 0 .../own-namespace/patch-resource-requirements.yaml | 0 .../own-namespace/patch-toleration.yaml | 0 .../single-namespace/kustomization.yaml | 0 .../single-namespace/operator/kustomization.yaml | 0 .../single-namespace/operator/patch-envvars.yaml | 0 .../single-namespace/operator/remove-watch-ns.yaml | 0 .../tenant-a-ns-rbac/kustomization.yaml | 2 +- .../patch-rolebinding-subjects.yaml | 0 .../integration/integration_controller.go | 31 ++----- release.adoc | 6 +- script/Makefile | 6 +- 39 files changed, 191 insertions(+), 83 deletions(-) diff --git a/.github/actions/release-nightly/action.yml b/.github/actions/release-nightly/action.yml index d53f4d080..1c86b5a79 100644 --- a/.github/actions/release-nightly/action.yml +++ b/.github/actions/release-nightly/action.yml @@ -60,13 +60,13 @@ runs: - name: Set up QEMU (required by multi platform build) uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 - # + # # IMPORTANT: # Do we really want to run smoke test? # We can skip unless we see the usage of the nightly is widespread and it makes sense to run some smoke # test before releasing # - + # - name: Infra setting # uses: ./.github/actions/infra-setting @@ -178,7 +178,7 @@ runs: Apache Camel K ${{ env.VERSION }} build for testing purposes only (unstable). This nightly release is using an **unsupported** operator image published as `${{ env.IMAGE_NAME }}:${{ env.VERSION }}`. The available platforms are AMD64 and ARM64. ## Kubectl ``` - kubectl apply -k github.com/apache/camel-k/install/overlays/kubernetes/descoped?ref=${{ env.TAG }} + kubectl apply -k github.com/apache/camel-k/install/overlays/all-namespaces?ref=${{ env.TAG }} ``` ## Helm ``` diff --git a/.github/workflows/common.yml b/.github/workflows/common.yml index 65710e118..a6023d5d3 100644 --- a/.github/workflows/common.yml +++ b/.github/workflows/common.yml @@ -101,7 +101,7 @@ jobs: shell: bash run: | kubectl create ns camel-k - kubectl apply -k install/overlays/kubernetes/descoped/ --server-side --force-conflicts + kubectl apply -k install/overlays/all-namespaces/ --server-side --force-conflicts kubectl wait --for=condition=available deployment/camel-k-operator -n camel-k --timeout=60s # Install Apache Kamelets catalog mvn -q dependency:copy -Dartifact=org.apache.camel.kamelets:camel-kamelets:4.18.1:jar -Dmdep.useBaseVersion=true -DoutputDirectory=/tmp diff --git a/.github/workflows/nightly-multi.yml b/.github/workflows/nightly-multi.yml index bb3acc8ee..bca149535 100644 --- a/.github/workflows/nightly-multi.yml +++ b/.github/workflows/nightly-multi.yml @@ -55,7 +55,7 @@ jobs: VERSION="$(make get-version | sed s/-SNAPSHOT//)-nightly" sed -i "s#apache/camel-k:$THIS_VERSION#testcamelk/camel-k:$VERSION#g" install/base/config/manager/operator-deployment.yaml kubectl create ns camel-k - kubectl apply -k install/overlays/kubernetes/descoped/ --server-side --force-conflicts + kubectl apply -k install/overlays/all-namespaces/ --server-side --force-conflicts kubectl wait --for=condition=available deployment/camel-k-operator -n camel-k --timeout=60s # Install Apache Kamelets catalog mvn -q dependency:copy -Dartifact=org.apache.camel.kamelets:camel-kamelets:4.18.1:jar -Dmdep.useBaseVersion=true -DoutputDirectory=/tmp @@ -92,7 +92,7 @@ jobs: VERSION="$(make get-version | sed s/-SNAPSHOT//)-nightly-21-jdk" CUSTOM_IMAGE=testcamelk/camel-k CUSTOM_VERSION=$VERSION make bundle kubectl create ns camel-k - kubectl apply -k install/overlays/kubernetes/descoped/ --server-side --force-conflicts + kubectl apply -k install/overlays/all-namespaces/ --server-side --force-conflicts kubectl wait --for=condition=available deployment/camel-k-operator -n camel-k --timeout=60s # Install Apache Kamelets catalog mvn -q dependency:copy -Dartifact=org.apache.camel.kamelets:camel-kamelets:4.18.1:jar -Dmdep.useBaseVersion=true -DoutputDirectory=/tmp diff --git a/docs/modules/ROOT/pages/installation/advanced/jdk-version.adoc b/docs/modules/ROOT/pages/installation/advanced/jdk-version.adoc index 1c5b93d53..8a7ad980e 100644 --- a/docs/modules/ROOT/pages/installation/advanced/jdk-version.adoc +++ b/docs/modules/ROOT/pages/installation/advanced/jdk-version.adoc @@ -10,7 +10,7 @@ The list of available container images is published in (https://hub.docker.com/r If you want to use a different container image instead of the default, you will need to edit your operator Deployment by replacing the default image with the one you're choosing. You can use the following script in order to change on the fly the value and install a Camel K JDK 21 based operator: ```bash -kustomize build github.com/apache/camel-k/install/overlays/kubernetes/descoped?ref=v2.6.0 | sed 's#docker.io/apache/camel-k:2.6.0#docker.io/apache/camel-k:2.6.0-21-jdk#g' | kubectl apply -f - --server-side -n camel-k +kustomize build github.com/apache/camel-k/install/overlays/all-namespaces?ref=v2.6.0 | sed 's#docker.io/apache/camel-k:2.6.0#docker.io/apache/camel-k:2.6.0-21-jdk#g' | kubectl apply -f - --server-side -n camel-k ``` During the build, you should see the version used in the Maven building log traces: diff --git a/docs/modules/ROOT/pages/installation/installation.adoc b/docs/modules/ROOT/pages/installation/installation.adoc index b848ec1c8..47d74ce7d 100644 --- a/docs/modules/ROOT/pages/installation/installation.adoc +++ b/docs/modules/ROOT/pages/installation/installation.adoc @@ -13,7 +13,7 @@ https://kustomize.io[Kustomize] provides a declarative approach to the configura [subs=attributes+] ---- $ kubectl create ns camel-k -$ kubectl apply -k github.com/apache/camel-k/install/overlays/kubernetes/descoped?ref=v{last-released-version} --server-side +$ kubectl apply -k github.com/apache/camel-k/install/overlays/all-namespaces?ref=v{last-released-version} --server-side ---- You can specify as `ref` parameter the version you're willing to install (ie, `v{last-released-version}`). The command above will install a descoped (global) operator in the camel-k namespace. This is the suggested configuration in order to manage Integrations in all namespaces. @@ -43,6 +43,22 @@ You can edit the `Subscription` custom resource, setting the channel you want to NOTE: Some Kubernetes clusters such as Openshift may let you to perform the same operation from a GUI as well. Refer to the cluster instruction to learn how to perform such action from user interface. +[[installation-topology]] +== Installation topology + +When you decide to install the operator, you can decide to install the following topology: + +* Global operator: a single global operator watching all namespaces. +* Own namespace operator: a namespaces operator watching its own namespace only. +* Single namespace operator: an operator installed in a namespace and watching another namespace. +* Multi namespace operator: an operator installed in a namespace and watching multiple namespaces. + +The namespace(s) to watch is configured via `WATCH_NAMESPACE` variable in the operator `Deployment` resource. You can provide an empty value (watch all namespaces), a single value (watch either the own namespace or any other namespace) or a comma separated value (watching as many namespaces as provided). + +It's important to notice that when running the single or multiple namespace operator, you will need to provide the RBACs which are expected by the operator to run properly. For such a configuration you can take as a reference the `Kustomize` examples available in `/install/overlays/single-namespace/` and `/install/overlays/multi-namespace/`. The last topology is probably the most secure as it will avoid the operator to access to any resource outside those namespaces for which you've prov [...] + +NOTE: OLM only allows own and global installation mode. + [[bootstrap-configuration]] == Setup the operator configuration diff --git a/docs/modules/ROOT/pages/installation/upgrade.adoc b/docs/modules/ROOT/pages/installation/upgrade.adoc index d5e1624e8..01a908c36 100644 --- a/docs/modules/ROOT/pages/installation/upgrade.adoc +++ b/docs/modules/ROOT/pages/installation/upgrade.adoc @@ -12,7 +12,7 @@ If you want to upgrade via https://kustomize.io[Kustomize] you'll need to execut [subs=attributes+] ---- -$ kubectl apply -k github.com/apache/camel-k/install/overlays/kubernetes/descoped?ref=v{last-released-version} --server-side --force-conflicts +$ kubectl apply -k github.com/apache/camel-k/install/overlays/all-namespaces?ref=v{last-released-version} --server-side --force-conflicts ---- [[operatorhub]] @@ -50,7 +50,7 @@ Since Camel K version 2, we're able to run any Camel K runtime version from the ---- kamel run /tmp/Test.java -t camel.runtime-version=1.17.0 -kubectl apply -k github.com/apache/camel-k/install/overlays/kubernetes/descoped?ref=v2.4.0 --server-side --force-conflicts //ie, version 2.4.0 +kubectl apply -k github.com/apache/camel-k/install/overlays/all-namespaces?ref=v2.4.0 --server-side --force-conflicts //ie, version 2.4.0 kamel rebuild test kamel logs test [1] 2023-04-13 13:38:43,648 INFO [org.apa.cam.k.Runtime] (main) Apache Camel K Runtime 1.17.0 diff --git a/e2e/install/kustomize/all_namespaces_test.go b/e2e/install/kustomize/all_namespaces_test.go index 9df5e5e8f..9f25ceb06 100644 --- a/e2e/install/kustomize/all_namespaces_test.go +++ b/e2e/install/kustomize/all_namespaces_test.go @@ -49,12 +49,12 @@ func TestKustomizeDescoped(t *testing.T) { "sed", "-i", fmt.Sprintf("s/namespace: .*/namespace: %s/", ns), - fmt.Sprintf("%s/overlays/kubernetes/descoped/kustomization.yaml", kustomizeDir), + fmt.Sprintf("%s/overlays/all-namespaces/kustomization.yaml", kustomizeDir), )) ExpectExecSucceed(t, g, Kubectl( "apply", "-k", - fmt.Sprintf("%s/overlays/kubernetes/descoped", kustomizeDir), + fmt.Sprintf("%s/overlays/all-namespaces", kustomizeDir), "--server-side", )) diff --git a/e2e/install/kustomize/multi_namespace_test.go b/e2e/install/kustomize/multi_namespace_test.go new file mode 100644 index 000000000..735d4b3e0 --- /dev/null +++ b/e2e/install/kustomize/multi_namespace_test.go @@ -0,0 +1,98 @@ +//go:build integration +// +build integration + +// To enable compilation of this file in Goland, go to "Settings -> Go -> Vendoring & Build Tags -> Custom Tags" and add "integration" + +/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package kustomize + +import ( + "context" + "fmt" + "testing" + "time" + + corev1 "k8s.io/api/core/v1" + + . "github.com/apache/camel-k/v2/e2e/support" + testutil "github.com/apache/camel-k/v2/e2e/support/util" + v1 "github.com/apache/camel-k/v2/pkg/apis/camel/v1" + + . "github.com/onsi/gomega" +) + +func TestKustomizeMultiNamespace(t *testing.T) { + kustomizeDir := testutil.MakeTempCopyDir(t, "../../../install") + + // The operator is expected to be installed in "operators" namespace + // it also expects to reconcile correctly an Integration in namespace "tenant-a" and "tenant-b" + // but it won't reconcile in any other namespaces, for example, "tenant-z" + WithNamedTestNamespace(t, func(ctx context.Context, g *WithT, operatorNs string) { + WithNamedTestNamespace(t, func(ctx context.Context, g *WithT, tenantANs string) { + WithNamedTestNamespace(t, func(ctx context.Context, g *WithT, tenantBNs string) { + // Let's make sure no CRD is yet available in the cluster + // as we must make the procedure to install them accordingly + g.Eventually(CRDs(t)).Should(BeNil(), "No Camel K CRDs should be previously installed for this test") + ExpectExecSucceed(t, g, Kubectl( + "apply", + "-k", + fmt.Sprintf("%s/overlays/multi-namespace", kustomizeDir), + "--server-side", + )) + g.Eventually(OperatorPod(t, ctx, operatorNs)).ShouldNot(BeNil()) + g.Eventually(OperatorPodPhase(t, ctx, operatorNs)).Should(Equal(corev1.PodRunning)) + + WithNamedTestNamespace(t, func(ctx context.Context, g *WithT, tenantNs string) { + // Test a simple integration in "tenant-z" is not reconciled + g.Expect(KamelRun(t, ctx, tenantNs, "files/yaml.yaml").Execute()).To(Succeed()) + g.Consistently(IntegrationPhase(t, ctx, tenantNs, "yaml"), 30*time.Second).Should(BeEmpty()) + }, "tenant-z") + + // Test a simple integration in "tenant-a" is reconciled and runs correctly + g.Expect(KamelRun(t, ctx, tenantANs, "files/yaml.yaml").Execute()).To(Succeed()) + g.Eventually(IntegrationConditionStatus(t, ctx, tenantANs, "yaml", v1.IntegrationConditionReady), TestTimeoutMedium). + Should(Equal(corev1.ConditionTrue)) + g.Eventually(IntegrationLogs(t, ctx, tenantANs, "yaml"), TestTimeoutShort).Should(ContainSubstring("Magicstring!")) + + // Test a simple integration in "tenant-b" is reconciled and runs correctly + g.Expect(KamelRun(t, ctx, tenantBNs, "files/yaml.yaml").Execute()).To(Succeed()) + g.Eventually(IntegrationConditionStatus(t, ctx, tenantBNs, "yaml", v1.IntegrationConditionReady), TestTimeoutMedium). + Should(Equal(corev1.ConditionTrue)) + g.Eventually(IntegrationLogs(t, ctx, tenantBNs, "yaml"), TestTimeoutShort).Should(ContainSubstring("Magicstring!")) + + // Test operator only uninstall + UninstallOperator(t, ctx, g, operatorNs, "../../../") + + g.Eventually(OperatorPod(t, ctx, operatorNs)).Should(BeNil()) + g.Eventually(Integration(t, ctx, "tenant-a", "yaml"), TestTimeoutShort).ShouldNot(BeNil()) + g.Eventually(IntegrationConditionStatus(t, ctx, "tenant-a", "yaml", v1.IntegrationConditionReady), TestTimeoutShort). + Should(Equal(corev1.ConditionTrue)) + g.Eventually(Integration(t, ctx, "tenant-b", "yaml"), TestTimeoutShort).ShouldNot(BeNil()) + g.Eventually(IntegrationConditionStatus(t, ctx, "tenant-b", "yaml", v1.IntegrationConditionReady), TestTimeoutShort). + Should(Equal(corev1.ConditionTrue)) + + // Test CRD uninstall (will remove Integrations as well) + UninstallCRDs(t, ctx, g, "../../../") + + g.Eventually(OperatorPod(t, ctx, operatorNs)).Should(BeNil()) + g.Eventually(CRDs(t)).Should(BeNil()) + }, "tenant-b") + }, "tenant-a") + }, "operators") +} diff --git a/e2e/install/kustomize/own_namespace_test.go b/e2e/install/kustomize/own_namespace_test.go index 82f0a7161..00ab1f95b 100644 --- a/e2e/install/kustomize/own_namespace_test.go +++ b/e2e/install/kustomize/own_namespace_test.go @@ -49,12 +49,12 @@ func TestKustomizeOwnNamespace(t *testing.T) { "sed", "-i", fmt.Sprintf("s/namespace: .*/namespace: %s/", ns), - fmt.Sprintf("%s/overlays/kubernetes/own-namespace/kustomization.yaml", kustomizeDir), + fmt.Sprintf("%s/overlays/own-namespace/kustomization.yaml", kustomizeDir), )) ExpectExecSucceed(t, g, Kubectl( "apply", "-k", - fmt.Sprintf("%s/overlays/kubernetes/own-namespace", kustomizeDir), + fmt.Sprintf("%s/overlays/own-namespace", kustomizeDir), "--server-side", )) diff --git a/e2e/install/kustomize/single_namespace_test.go b/e2e/install/kustomize/single_namespace_test.go index e0229e49a..158401a6f 100644 --- a/e2e/install/kustomize/single_namespace_test.go +++ b/e2e/install/kustomize/single_namespace_test.go @@ -51,7 +51,7 @@ func TestKustomizeSingleNamespace(t *testing.T) { ExpectExecSucceed(t, g, Kubectl( "apply", "-k", - fmt.Sprintf("%s/overlays/kubernetes/single-namespace", kustomizeDir), + fmt.Sprintf("%s/overlays/single-namespace", kustomizeDir), "--server-side", )) g.Eventually(OperatorPod(t, ctx, operatorNs)).ShouldNot(BeNil()) @@ -60,7 +60,7 @@ func TestKustomizeSingleNamespace(t *testing.T) { WithNamedTestNamespace(t, func(ctx context.Context, g *WithT, tenantNs string) { // Test a simple integration in "tenant-b" is not reconciled g.Expect(KamelRun(t, ctx, tenantNs, "files/yaml.yaml").Execute()).To(Succeed()) - g.Consistently(IntegrationPhase(t, ctx, tenantNs, "yaml"), 10*time.Second).Should(BeEmpty()) + g.Consistently(IntegrationPhase(t, ctx, tenantNs, "yaml"), 30*time.Second).Should(BeEmpty()) }, "tenant-b") // Test a simple integration in "tenant-a" is reconciled and runs correctly diff --git a/e2e/install/upgrade/upgrade_test.go b/e2e/install/upgrade/upgrade_test.go index 24c2b1b80..6522791ac 100644 --- a/e2e/install/upgrade/upgrade_test.go +++ b/e2e/install/upgrade/upgrade_test.go @@ -87,7 +87,7 @@ func TestUpgrade(t *testing.T) { // kustomizeCmd := exec.Command( // "kubectl", // "kustomize", - // "github.com/apache/camel-k/install/overlays/kubernetes/descoped?ref=v"+lastVersion, + // "github.com/apache/camel-k/install/overlays/all-namespaces?ref=v"+lastVersion, // ) // output, err := kustomizeCmd.Output() // g.Expect(err).To(BeNil()) diff --git a/install/overlays/kubernetes/descoped/kustomization.yaml b/install/overlays/all-namespaces/kustomization.yaml similarity index 95% rename from install/overlays/kubernetes/descoped/kustomization.yaml rename to install/overlays/all-namespaces/kustomization.yaml index 8ebdff72d..223739fef 100644 --- a/install/overlays/kubernetes/descoped/kustomization.yaml +++ b/install/overlays/all-namespaces/kustomization.yaml @@ -18,8 +18,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../base -- ../../../base/config/rbac/descoped +- ../../base +- ../../base/config/rbac/descoped namespace: camel-k diff --git a/install/overlays/kubernetes/descoped/patch-operator-id.yaml b/install/overlays/all-namespaces/patch-operator-id.yaml similarity index 100% rename from install/overlays/kubernetes/descoped/patch-operator-id.yaml rename to install/overlays/all-namespaces/patch-operator-id.yaml diff --git a/install/overlays/kubernetes/descoped/patch-watch-namespace-global.yaml b/install/overlays/all-namespaces/patch-watch-namespace-global.yaml similarity index 100% copy from install/overlays/kubernetes/descoped/patch-watch-namespace-global.yaml copy to install/overlays/all-namespaces/patch-watch-namespace-global.yaml diff --git a/install/overlays/kubernetes/single-namespace/kustomization.yaml b/install/overlays/multi-namespace/kustomization.yaml similarity index 98% copy from install/overlays/kubernetes/single-namespace/kustomization.yaml copy to install/overlays/multi-namespace/kustomization.yaml index bd6a00ee6..4f0d3d5e6 100644 --- a/install/overlays/kubernetes/single-namespace/kustomization.yaml +++ b/install/overlays/multi-namespace/kustomization.yaml @@ -20,3 +20,4 @@ kind: Kustomization resources: - operator - tenant-a-ns-rbac +- tenant-b-ns-rbac diff --git a/install/overlays/kubernetes/single-namespace/operator/kustomization.yaml b/install/overlays/multi-namespace/operator/kustomization.yaml similarity index 89% copy from install/overlays/kubernetes/single-namespace/operator/kustomization.yaml copy to install/overlays/multi-namespace/operator/kustomization.yaml index 62fa2c867..931deaa90 100644 --- a/install/overlays/kubernetes/single-namespace/operator/kustomization.yaml +++ b/install/overlays/multi-namespace/operator/kustomization.yaml @@ -18,13 +18,13 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: operators -nameSuffix: -tenant-a +nameSuffix: -tenant-ab resources: +# The operator still needs to access several resources in its own namespace - ../../own-namespace patches: - target: kind: Deployment - path: remove-watch-ns.yaml - - path: patch-envvars.yaml + path: patch-envvars.yaml diff --git a/install/overlays/kubernetes/own-namespace/patch-node-selector.yaml b/install/overlays/multi-namespace/operator/operator-role-binding-events.yaml similarity index 76% copy from install/overlays/kubernetes/own-namespace/patch-node-selector.yaml copy to install/overlays/multi-namespace/operator/operator-role-binding-events.yaml index ab289020b..263c804ec 100644 --- a/install/overlays/kubernetes/own-namespace/patch-node-selector.yaml +++ b/install/overlays/multi-namespace/operator/operator-role-binding-events.yaml @@ -15,15 +15,16 @@ # limitations under the License. # --------------------------------------------------------------------------- -apiVersion: apps/v1 -kind: Deployment +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: camel-k-operator -spec: - template: - spec: - nodeSelector: -# -# Add labels for choosing which nodes to assign the deployment -# eg. -# - diskType: ssd + name: camel-monitor-operator-events + labels: + app: "camel-monitor" +subjects: +- kind: ServiceAccount + name: camel-monitor-operator +roleRef: + kind: Role + name: camel-monitor-operator-events + apiGroup: rbac.authorization.k8s.io diff --git a/install/overlays/kubernetes/own-namespace/patch-node-selector.yaml b/install/overlays/multi-namespace/operator/operator-role-events.yaml similarity index 73% copy from install/overlays/kubernetes/own-namespace/patch-node-selector.yaml copy to install/overlays/multi-namespace/operator/operator-role-events.yaml index ab289020b..b6466fcb4 100644 --- a/install/overlays/kubernetes/own-namespace/patch-node-selector.yaml +++ b/install/overlays/multi-namespace/operator/operator-role-events.yaml @@ -15,15 +15,22 @@ # limitations under the License. # --------------------------------------------------------------------------- -apiVersion: apps/v1 -kind: Deployment +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: camel-k-operator -spec: - template: - spec: - nodeSelector: -# -# Add labels for choosing which nodes to assign the deployment -# eg. -# - diskType: ssd + name: camel-monitor-operator-events + labels: + app: "camel-monitor" +rules: +- apiGroups: + # Deprecated: this legacy group is replaced by events.k8s.io from version 0.2.0 onward + - "" + - "events.k8s.io" + resources: + - events + verbs: + - create + - patch + - get + - list + - watch diff --git a/install/overlays/kubernetes/descoped/patch-watch-namespace-global.yaml b/install/overlays/multi-namespace/operator/patch-envvars.yaml similarity index 97% rename from install/overlays/kubernetes/descoped/patch-watch-namespace-global.yaml rename to install/overlays/multi-namespace/operator/patch-envvars.yaml index 69c6ae502..fd349fb78 100644 --- a/install/overlays/kubernetes/descoped/patch-watch-namespace-global.yaml +++ b/install/overlays/multi-namespace/operator/patch-envvars.yaml @@ -19,4 +19,4 @@ path: /spec/template/spec/containers/0/env/0/valueFrom - op: add path: /spec/template/spec/containers/0/env/0/value - value: "" + value: "tenant-a,tenant-b" \ No newline at end of file diff --git a/install/overlays/kubernetes/single-namespace/tenant-a-ns-rbac/kustomization.yaml b/install/overlays/multi-namespace/tenant-a-ns-rbac/kustomization.yaml similarity index 93% copy from install/overlays/kubernetes/single-namespace/tenant-a-ns-rbac/kustomization.yaml copy to install/overlays/multi-namespace/tenant-a-ns-rbac/kustomization.yaml index 0b1aafa9b..74bea0c2a 100644 --- a/install/overlays/kubernetes/single-namespace/tenant-a-ns-rbac/kustomization.yaml +++ b/install/overlays/multi-namespace/tenant-a-ns-rbac/kustomization.yaml @@ -21,7 +21,7 @@ namespace: tenant-a nameSuffix: -tenant-a resources: -- ../../../../base/config/rbac/namespaced +- ../../../base/config/rbac/namespaced patches: - target: diff --git a/install/overlays/kubernetes/single-namespace/tenant-a-ns-rbac/patch-rolebinding-subjects.yaml b/install/overlays/multi-namespace/tenant-a-ns-rbac/patch-rolebinding-subjects.yaml similarity index 96% copy from install/overlays/kubernetes/single-namespace/tenant-a-ns-rbac/patch-rolebinding-subjects.yaml copy to install/overlays/multi-namespace/tenant-a-ns-rbac/patch-rolebinding-subjects.yaml index d60bd2220..917bb1cb8 100644 --- a/install/overlays/kubernetes/single-namespace/tenant-a-ns-rbac/patch-rolebinding-subjects.yaml +++ b/install/overlays/multi-namespace/tenant-a-ns-rbac/patch-rolebinding-subjects.yaml @@ -20,4 +20,4 @@ value: "operators" - op: replace path: /subjects/0/name - value: camel-k-operator-tenant-a \ No newline at end of file + value: camel-k-operator-tenant-ab \ No newline at end of file diff --git a/install/overlays/kubernetes/single-namespace/tenant-a-ns-rbac/kustomization.yaml b/install/overlays/multi-namespace/tenant-b-ns-rbac/kustomization.yaml similarity index 89% copy from install/overlays/kubernetes/single-namespace/tenant-a-ns-rbac/kustomization.yaml copy to install/overlays/multi-namespace/tenant-b-ns-rbac/kustomization.yaml index 0b1aafa9b..32274eb6f 100644 --- a/install/overlays/kubernetes/single-namespace/tenant-a-ns-rbac/kustomization.yaml +++ b/install/overlays/multi-namespace/tenant-b-ns-rbac/kustomization.yaml @@ -17,11 +17,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: tenant-a -nameSuffix: -tenant-a +namespace: tenant-b +nameSuffix: -tenant-b resources: -- ../../../../base/config/rbac/namespaced +- ../../../base/config/rbac/namespaced patches: - target: diff --git a/install/overlays/kubernetes/single-namespace/tenant-a-ns-rbac/patch-rolebinding-subjects.yaml b/install/overlays/multi-namespace/tenant-b-ns-rbac/patch-rolebinding-subjects.yaml similarity index 96% copy from install/overlays/kubernetes/single-namespace/tenant-a-ns-rbac/patch-rolebinding-subjects.yaml copy to install/overlays/multi-namespace/tenant-b-ns-rbac/patch-rolebinding-subjects.yaml index d60bd2220..917bb1cb8 100644 --- a/install/overlays/kubernetes/single-namespace/tenant-a-ns-rbac/patch-rolebinding-subjects.yaml +++ b/install/overlays/multi-namespace/tenant-b-ns-rbac/patch-rolebinding-subjects.yaml @@ -20,4 +20,4 @@ value: "operators" - op: replace path: /subjects/0/name - value: camel-k-operator-tenant-a \ No newline at end of file + value: camel-k-operator-tenant-ab \ No newline at end of file diff --git a/install/overlays/kubernetes/own-namespace/kustomization.yaml b/install/overlays/own-namespace/kustomization.yaml similarity index 94% rename from install/overlays/kubernetes/own-namespace/kustomization.yaml rename to install/overlays/own-namespace/kustomization.yaml index 1e824fa3a..51b84f595 100644 --- a/install/overlays/kubernetes/own-namespace/kustomization.yaml +++ b/install/overlays/own-namespace/kustomization.yaml @@ -18,8 +18,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../base -- ../../../base/config/rbac/namespaced +- ../../base +- ../../base/config/rbac/namespaced namespace: default diff --git a/install/overlays/kubernetes/own-namespace/patch-log-level.yaml b/install/overlays/own-namespace/patch-log-level.yaml similarity index 100% rename from install/overlays/kubernetes/own-namespace/patch-log-level.yaml rename to install/overlays/own-namespace/patch-log-level.yaml diff --git a/install/overlays/kubernetes/own-namespace/patch-node-selector.yaml b/install/overlays/own-namespace/patch-node-selector.yaml similarity index 100% rename from install/overlays/kubernetes/own-namespace/patch-node-selector.yaml rename to install/overlays/own-namespace/patch-node-selector.yaml diff --git a/install/overlays/kubernetes/own-namespace/patch-operator-id.yaml b/install/overlays/own-namespace/patch-operator-id.yaml similarity index 100% rename from install/overlays/kubernetes/own-namespace/patch-operator-id.yaml rename to install/overlays/own-namespace/patch-operator-id.yaml diff --git a/install/overlays/kubernetes/own-namespace/patch-ports.yaml b/install/overlays/own-namespace/patch-ports.yaml similarity index 100% rename from install/overlays/kubernetes/own-namespace/patch-ports.yaml rename to install/overlays/own-namespace/patch-ports.yaml diff --git a/install/overlays/kubernetes/own-namespace/patch-resource-requirements.yaml b/install/overlays/own-namespace/patch-resource-requirements.yaml similarity index 100% rename from install/overlays/kubernetes/own-namespace/patch-resource-requirements.yaml rename to install/overlays/own-namespace/patch-resource-requirements.yaml diff --git a/install/overlays/kubernetes/own-namespace/patch-toleration.yaml b/install/overlays/own-namespace/patch-toleration.yaml similarity index 100% rename from install/overlays/kubernetes/own-namespace/patch-toleration.yaml rename to install/overlays/own-namespace/patch-toleration.yaml diff --git a/install/overlays/kubernetes/single-namespace/kustomization.yaml b/install/overlays/single-namespace/kustomization.yaml similarity index 100% rename from install/overlays/kubernetes/single-namespace/kustomization.yaml rename to install/overlays/single-namespace/kustomization.yaml diff --git a/install/overlays/kubernetes/single-namespace/operator/kustomization.yaml b/install/overlays/single-namespace/operator/kustomization.yaml similarity index 100% rename from install/overlays/kubernetes/single-namespace/operator/kustomization.yaml rename to install/overlays/single-namespace/operator/kustomization.yaml diff --git a/install/overlays/kubernetes/single-namespace/operator/patch-envvars.yaml b/install/overlays/single-namespace/operator/patch-envvars.yaml similarity index 100% rename from install/overlays/kubernetes/single-namespace/operator/patch-envvars.yaml rename to install/overlays/single-namespace/operator/patch-envvars.yaml diff --git a/install/overlays/kubernetes/single-namespace/operator/remove-watch-ns.yaml b/install/overlays/single-namespace/operator/remove-watch-ns.yaml similarity index 100% rename from install/overlays/kubernetes/single-namespace/operator/remove-watch-ns.yaml rename to install/overlays/single-namespace/operator/remove-watch-ns.yaml diff --git a/install/overlays/kubernetes/single-namespace/tenant-a-ns-rbac/kustomization.yaml b/install/overlays/single-namespace/tenant-a-ns-rbac/kustomization.yaml similarity index 93% rename from install/overlays/kubernetes/single-namespace/tenant-a-ns-rbac/kustomization.yaml rename to install/overlays/single-namespace/tenant-a-ns-rbac/kustomization.yaml index 0b1aafa9b..74bea0c2a 100644 --- a/install/overlays/kubernetes/single-namespace/tenant-a-ns-rbac/kustomization.yaml +++ b/install/overlays/single-namespace/tenant-a-ns-rbac/kustomization.yaml @@ -21,7 +21,7 @@ namespace: tenant-a nameSuffix: -tenant-a resources: -- ../../../../base/config/rbac/namespaced +- ../../../base/config/rbac/namespaced patches: - target: diff --git a/install/overlays/kubernetes/single-namespace/tenant-a-ns-rbac/patch-rolebinding-subjects.yaml b/install/overlays/single-namespace/tenant-a-ns-rbac/patch-rolebinding-subjects.yaml similarity index 100% rename from install/overlays/kubernetes/single-namespace/tenant-a-ns-rbac/patch-rolebinding-subjects.yaml rename to install/overlays/single-namespace/tenant-a-ns-rbac/patch-rolebinding-subjects.yaml diff --git a/pkg/controller/integration/integration_controller.go b/pkg/controller/integration/integration_controller.go index 10a8c7c35..387502ba1 100644 --- a/pkg/controller/integration/integration_controller.go +++ b/pkg/controller/integration/integration_controller.go @@ -22,7 +22,6 @@ import ( "fmt" "reflect" - "time" appsv1 "k8s.io/api/apps/v1" batchv1 "k8s.io/api/batch/v1" @@ -41,7 +40,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" - "knative.dev/serving/pkg/apis/serving" servingv1 "knative.dev/serving/pkg/apis/serving/v1" v1 "github.com/apache/camel-k/v2/pkg/apis/camel/v1" @@ -68,7 +66,7 @@ func Add(ctx context.Context, mgr manager.Manager, c client.Client) error { return fmt.Errorf("unable to set up field indexer for status.phase: %w", err) } - return add(ctx, mgr, c, newReconciler(mgr, c)) + return add(mgr, c, newReconciler(mgr, c)) } func newReconciler(mgr manager.Manager, c client.Client) reconcile.Reconciler { @@ -287,7 +285,7 @@ func integrationPlatformEnqueueRequestsFromMapFunc(ctx context.Context, c client return requests } -func add(ctx context.Context, mgr manager.Manager, c client.Client, r reconcile.Reconciler) error { +func add(mgr manager.Manager, c client.Client, r reconcile.Reconciler) error { b := builder.ControllerManagedBy(mgr). Named("integration-controller"). // Watch for changes to primary resource Integration @@ -318,12 +316,9 @@ func add(ctx context.Context, mgr manager.Manager, c client.Client, r reconcile. watchCronJobResources(b) } // Watch for the Knative Services conditionally - if ok, err := kubernetes.IsAPIResourceInstalled(c, servingv1.SchemeGroupVersion.String(), reflect.TypeFor[servingv1.Service]().Name()); err != nil { + err := watchKnativeResources(c, b) + if err != nil { return err - } else if ok { - if err = watchKnativeResources(ctx, c, b); err != nil { - return err - } } return b.Complete(r) @@ -423,7 +418,7 @@ func watchCronJobResources(b *builder.Builder) { b.Owns(&batchv1.CronJob{}, builder.WithPredicates(StatusChangedPredicate{})) } -func watchKnativeResources(ctx context.Context, c client.Client, b *builder.Builder) error { +func watchKnativeResources(c client.Client, b *builder.Builder) error { // Watch for the owned Knative Services conditionally ok, err := kubernetes.IsAPIResourceInstalled(c, servingv1.SchemeGroupVersion.String(), reflect.TypeFor[servingv1.Service]().Name()) if err != nil { @@ -437,19 +432,9 @@ func watchKnativeResources(ctx context.Context, c client.Client, b *builder.Buil return nil } - // Check for permission to watch the Knative Service resource - checkCtx, cancel := context.WithTimeout(ctx, time.Minute) - defer cancel() - if ok, err = kubernetes.CheckSelfPermission(checkCtx, c, serving.GroupName, "services", platform.GetOperatorWatchNamespace(), "", "watch"); err != nil { - return err - } else if ok { - log.Info("KnativeService resources installed in the cluster. RBAC privileges assigned correctly, you can use Knative serving features.") - b.Owns(&servingv1.Service{}, builder.WithPredicates(StatusChangedPredicate{})) - } else { - log.Info("KnativeService resources installed in the cluster. However Camel K operator has not the required RBAC privileges. " + - "You can't use Knative features. Make sure to apply the required RBAC privileges and restart the Camel K Operator Pod to be able " + - "to watch for Camel K managed Knative Services.") - } + log.Info("KnativeService resources installed in the cluster. You can use Knative serving features: " + + "make sure to assign Knative Services RBAC privileges") + b.Owns(&servingv1.Service{}, builder.WithPredicates(StatusChangedPredicate{})) return nil } diff --git a/release.adoc b/release.adoc index fe19cf806..20fa79948 100644 --- a/release.adoc +++ b/release.adoc @@ -85,7 +85,7 @@ Camel K Client 2.0.0 If the version retrieved is the one expected you can run an installation procedure: ``` -kustomize build github.com/apache/camel-k/install/overlays/kubernetes/descoped?ref=v<version> | sed 's#apache/camel-k#camelk/camel-k#g' | kubectl apply -f - --server-side +kustomize build github.com/apache/camel-k/install/overlays/all-namespaces?ref=v<version> | sed 's#apache/camel-k#camelk/camel-k#g' | kubectl apply -f - --server-side ``` Make some test and if all is in order, you can upload the sources and CLIs to the dist/dev repository in ASF the staged artifacts, in order to link them in the release vote communication. @@ -105,7 +105,7 @@ You should also manually add some text to explain how to test the staging artifa This release is on vote. It is using a **staging** operator image published as `docker.io/camelk/camel-k:<version>`. The available platforms are AMD64 and ARM64. You can test it following these instructions: ### Kubectl ``` -kustomize build github.com/apache/camel-k/install/overlays/kubernetes/descoped?ref=v<version> | sed 's#apache/camel-k#camelk/camel-k#g' | kubectl apply -f - --server-side +kustomize build github.com/apache/camel-k/install/overlays/all-namespaces?ref=v<version> | sed 's#apache/camel-k#camelk/camel-k#g' | kubectl apply -f - --server-side ``` ### Helm ``` @@ -223,7 +223,7 @@ You can edit the draft release and set it to final, marking as last release. You Install the operator looking at the official https://camel.apache.org/camel-k/<2.5.x>/installation/installation.html[Camel K operator <version> installation procedure]. ``` -Perform a simple test to verify that everything is in place (running a "Hello World" integration after an installation done with, as an example `kubectl apply -k github.com/apache/camel-k/install/overlays/kubernetes/descoped?ref=v<version> --server-side`). Do a simple final test. +Perform a simple test to verify that everything is in place (running a "Hello World" integration after an installation done with, as an example `kubectl apply -k github.com/apache/camel-k/install/overlays/all-namespaces?ref=v<version> --server-side`). Do a simple final test. === Announce the release diff --git a/script/Makefile b/script/Makefile index f1acf5ed8..be3d147db 100644 --- a/script/Makefile +++ b/script/Makefile @@ -754,7 +754,7 @@ goimport: # START Local installation procedure. Handy for development purpose ##### -KUSTOMIZE_DIR = "install/overlays/kubernetes/descoped" +KUSTOMIZE_DIR = "install/overlays/all-namespaces" DEFAULT_NS = "camel-k" .PHONY: install install-k8s-global install-k8s-ns install-openshift-global install-openshift-ns @@ -800,11 +800,11 @@ endif kubectl apply -k $(KUST_TMP)/$(KUSTOMIZE_DIR) --server-side --force-conflicts install-k8s-global: DEFAULT_NS="camel-k" -install-k8s-global: KUSTOMIZE_DIR="install/overlays/kubernetes/descoped" +install-k8s-global: KUSTOMIZE_DIR="install/overlays/all-namespaces" install-k8s-global: clone-kustomize-dir set-operator-id set-operator-env install-operator install-k8s-ns: DEFAULT_NS="default" -install-k8s-ns: KUSTOMIZE_DIR="install/overlays/kubernetes/own-namespace" +install-k8s-ns: KUSTOMIZE_DIR="install/overlays/own-namespace" install-k8s-ns: clone-kustomize-dir set-operator-id set-operator-env install-operator install-registry: NAMESPACE="camel-k"
