Skip to content

Commit

Permalink
Updates to the Verify Access Operator for the 10.0.7.0 release of the…
Browse files Browse the repository at this point in the history 
… Verify Access product

Signed-off-by: Lachlan Gleeson <[email protected]>
  • Loading branch information
@lachlan-ibm
lachlan-ibm committed Dec 21, 2023
1 parent 14f4895 commit 014c4c4
Show file tree
Hide file tree
Showing 8 changed files with 2,885 additions and 0 deletions.
294 changes: 294 additions & 0 deletions ...operator/23.12.0/manifests/ibm-security-verify-access-operator.clusterserviceversion.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,294 @@
apiVersion: operators.coreos.com/v1alpha1
kind: ClusterServiceVersion
metadata:
annotations:
alm-examples: |-
[
{
"apiVersion": "ibm.com/v1",
"kind": "IBMSecurityVerifyAccess",
"metadata": {
"name": "isva-sample"
},
"spec": {
"image": "icr.io/isva/verify-access-wrp:10.0.7.0",
"instance": "default"
}
}
]
capabilities: Seamless Upgrades
categories: Security
certified: "false"
containerImage: icr.io/isva/verify-access-operator:23.12.0
createdAt: "2023-12-21T02:37:50Z"
description: The IBM Security Verify Access Operator manages the lifecycle of
IBM Security Verify Access worker containers.
operators.operatorframework.io/builder: operator-sdk-v1.33.0
operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
repository: https://github.com/IBM-Security/verify-access-operator
support: IBM
name: ibm-security-verify-access-operator.v23.12.0
namespace: placeholder
spec:
apiservicedefinitions: {}
customresourcedefinitions:
owned:
- description: IBMSecurityVerifyAccess is the Schema for the ibmsecurityverifyaccesses
API.
displayName: IBMSecurity Verify Access
kind: IBMSecurityVerifyAccess
name: ibmsecurityverifyaccesses.ibm.com
resources:
- kind: Deployment
name: ""
version: v1
specDescriptors:
- description: The name of the IBM Security Verify Access image to be used.
displayName: Image
path: image
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- description: The name of the Verify Access instance which is being deployed. This
value is only used for WRP and DSC deployments and is ignored for Runtime
deployments.
displayName: Instance
path: instance
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- description: The number of pods which will be started for the deployment.
displayName: Replicas
path: replicas
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:number
- description: A boolean flag which indicates whether the deployment should
be automatically restarted when a new snapshot is published.
displayName: Auto Restart
path: autoRestart
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
statusDescriptors:
- description: The list of status conditions associated with the custom resource.
displayName: Conditions
path: conditions
x-descriptors:
- urn:alm:descriptor:io.kubernetes.conditions
version: v1
description: |+
In a world of highly fragmented access management environments, [IBM Security Verify Access](https://www.ibm.com/au-en/products/verify-access) helps you simplify your users' access while more securely adopting web, mobile and cloud technologies. This solution helps you strike a balance between usability and security through the use of risk-based access, single sign-on, integrated access management control, identity federation and its mobile multi-factor authentication capability, IBM Verify. Take back control of your access management with IBM Security Verify Access.
The IBM Security Verify Access operator provides lifecycle management of the lightweight containers which are used to protect an environment, namely:
* [Web Reverse Proxy](https://www.ibm.com/docs/en/sva/latest?topic=support-docker-image-verify-access-web-reverse-proxy)
* [Runtime](https://www.ibm.com/docs/en/sva/latest?topic=support-docker-image-verify-access-runtime)
* [Distributed Session Cache](https://www.ibm.com/docs/en/sva/latest?topic=support-docker-image-verify-access-distributed-session-cache)
The operator will manage the deployment of these lightweight IBM Security Verify Access worker containers, and also control the rolling restart of these containers when a configuration snapshot is updated.
See the project [Readme](https://github.com/IBM-Security/verify-access-operator/blob/master/README.md) for further information and details.
displayName: IBM Security Verify Access Operator
icon:
- base64data: iVBORw0KGgoAAAANSUhEUgAAAKAAAACgCAQAAAAhxq+mAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAAAmJLR0QA/4ePzL8AAAAHdElNRQfkAQYXFCksf3+UAAAMEElEQVR42u2ce3RUxRnAf7shT5JAwjvySIKCEKyICgkqCLYKiGBQq6eCini0qBWOeny02sfpMaBWlP6DQm2PwPFUK68KBDiAFTShPJUQIDwEEkASCQnkzSbZ/pHL7N27d3fv3t3sTZf5zT+TzHxzZ76dO49vvjsgkUgkEolEIpFIJBKJRCKRSCQSiUQikUgkEolEIpFIJBKJJNKwWfz8KNK4iQySucw5DnCI+pBLRCx2sphPEVU046SVek6zhgdICqFEBBPDDA7SilMTLvER6SGSiGA68QI/eaiiLbSwlmtDIBHRPEi5F2U4cdLKMlKDlggLUZaoL533GaTEmyliFRspJobu2AGwMYhS9gQlEdHMoVnpORfJI4NoIJoM8rgo+lQBPYOSiGAS2ao0uZk84lUp8eQJRVVzfxASEc0NnFKa/B2ZmrRMvhM96k9BSIQNe/gfST8SlVgBZZq0MgpV+eJMS4QNKxSYQCclVolDk+bgvE6+wCXChhUKrKdZiXUjWpMWTXedfIFLhA0rFFhGrRIbTT9NWj9yRPw0jaYlwoYVCjzBcSU2jKc0c+pTDFPiF9kXhESE476qywx4HWhEIkxYY85K53NuVeLNFFPIebqTQ5aYBBqZw+KgJCKchwLe2QYuEdH4tq2sC9gas+5qs8Z4t+7VsJiMEElEOHaG8TYHqKJFZV9+0KdFOlCJdsf6M5FrVCccRYbORAKVkEgkEkk7Eb5JxE5vrmWn3+2+jWhSyaAv3UkiFmiihp84w0kqceD0Ix/HSI5xjtbwNCs89rNEbmACU9jIDp/5ujGUUdzGYLqSSJwwXTlooI5qSihgBwep9FFGK5OYwJfkU0RNeJTYnnSiPzNZwY84ucAkr/miyGQuGznvY7vWFirZyFwyfZwnTuICTs6xkifpH34Ta+hIZBzzKaJBafpWr7vVTF7nAJf9Ku9KuEwxv/W6+0gVR1ANHOAdxv//uX7EcB1Ps45zqkY386Ju3iRmsFMYq4yHZnYyw4tqXnQrr5x8nmEQsVarxRjJ3MNCDuHQNPgkWTq5M/iQmoCV59oFf6jbD7M4qcnpoIS/MoEulu+9fBBDFs+zxcs4tsTjxMzGKL4y0ffc++FXjPJQShxLvIyfW3mBYR2vL9rpxmSWcIQWLw3VO/S+i6KglHclFHGXR9n3U+3V9HWUvzFFOIVYTjTDeZntKtO6XviWbhq5sRSHRH1OnBQzVlN6Nwp8SlziG15hBDFWqs5OH6axjB90XsNGDrKCCvH3axrZEewLmfqcONnHCM0TXhNp5azgII06ffEEy3mAtGD6otlVUiw/YyITudHtjAzASTUFrCOf0UxQ/lfKJk2uLqxhDf52FUaxAV00/9vEs8oRaGdWUMAkJjGarqrx0k466UyjiPXksz9cR6J2BvAIn1Om2+++ZwFjSAESWC7+v9xDze1PvOr5y0gAUhjDAr7X6YvNlPEvfkV6+46LNhLJYR67dKtQziqeIEP8wsM5raTV8nDY1QfwMLVKDU5zo2hDBk+wknKdn7+JPbzNaJLaY6ljI5OZrNJ9cCO7mEc2iW4PfkPk3E1vSxTYm93i5/2dW1sSyfbSEVqoYA2zGBi6vmgjhbG876Xrl/IZjzDA43FpbBe5fm/RgsHOH0QdttHHI3UAj/AZpR5LfidN7Gch40gNti/aSedZ1lGlcxZWTyFvcouXRekU6pR8ZSrflXCTQ5lSizqm6OaI5RbepJB6j/a1Uk0+z5Fh/ufvz6vs1+13x1lKLn28Fh3N30XuLyyYQK4QzwpRj489/LquYCeNXC/LsSaKeI0BgT86msls1ynwItt4ieFeK9PGMH4QFZhumfoAptOk1OS47l5c3WJvG4JmtjPZT4s1JPKyhyNFC0dYzGS6GejSL4lx5Tszv14IGSAcgB1erEFq2raki3W2pOW8LLxk/ZLMW2IB0BbOs5nnyTK48enJFiE5z6IPKa4QxXxRl830MCTTZhTZrDGK1PIWyZ6ZPWeZOF7hdZXlpJzVrGQHlwxX+h6+UH6tcn7JNlVKPNO5JmT7Dz1snGE5Dar/jOFzegFQywMeOyLvJJNDLlNVS7AG8viL//3K41wQWnewjnEBOm5H8aGQX0tnt7SeHA7Bvtd3OKzxEuzMWpG2KMD3IY47WauylF9ghj+RG1U2kno+MLEEHsIhof4nNWm9KW13BZZ61HmWmAwPcX3A7enFe2JJ5qSIG3xlTuAjVe9719RZwmxR3SKu06T14Wy7K/Csx5J5kLA7OphtokWJzBNzuZNFvpZldwoPvFb+qfJ+N05XNohHLfSYr61RYBQLRWo+XU20KpWlYitR4WF7VD3I1f9KxPY7MMaJEfQC4z1SrVEg3KWq1Z2m2jWUA6o+qOoY6j5yHXcosVY+Yb+Jx9iZSooS38VeU1VtD/awS4mlMNXU1uwg/6BFiY9Re8OqCxvBQCV2jNWYWWwMFL2uhTVUW6cxDdX8WzR/vMfXdsb4ksOilSrrt0uBnRguFsqFHDX1kNsZosSO8R+rtKXLVxxTYkO53VQJx/lWicVyk2s55FJgPEOV2GV2enyRZoQEcsURwdeUWKowLSV8rcQ6kUuCiRJaVI5RQ1wluM5EYumrxOo5ZKqSN4svOWpZJV4ZNbW8R5KpwcEoNmrEZ2HuzV/No8qyfiQj+MZE2YeoVzYV/Yj1dFzqLb7JrRAvYiDYyRPz1JYO+O14T+Ex4+QtUxPJQOGqctK1WHcVZBMGm1aaTBTfj4lKrJl8KqzWlwcV5Iu3YoJ42wKhSfgcRrtsCC4FOoXa7KbGiNvFGFrGBouVpc8GSpVYFreZkI8X2mpyDUMuBTqE22IMaQEXHkeumMM72gRyhcPCMhRLrolv2/uIFqo++3YpsEn8Pgl+bLd6DGekEqtntak5vP1xsFp8U5JtYqeVJd7MUtcg51JgPcVKLJqRAf4+dn4hPoTeK1b9HY+d4ovifvw8wBO3GEaJA7Ri18c9LgW2sk/8O0eMZ8bozVQl1sImzlqtJ6+cZZOYCKYGaKobLMbNOvbpu7Cnqy4QmR/QRP9rcXZ3huFWa8knN3FGqWkDzwQgZ+OPwh6zz9s5j413hQJPMcZw4dezV8gttfAQ0wgJLBN13c1gw3LZHBdy76hffvdx4FZWihXSZmaJacUXXVggLM+VPMZ6H3mTeDoMO5HFPj9vuJelwtn9Y17iooFS01jMvUq8jGns9pYxhnfEgV4Ly3Usa1qSyRNe+E4+8bOCtMoeqKazqg82kGfA6t6DJcLK3sLbvs8mB7JDFO/gC4b4nKvSWKhyiijhFj9V6QgKhFs5KnLX84HPVa+NgSxXGfQLhcnPK/epGtnKXmZ4uC62EcdENqocc6qZ6Xfi6RgKtDNL5UHtYBMTvYzciTxEocov6Cz3+VMfRPOc6mDTySXWM5PBpCiWmyiSyWQan6oceJ3U8aaBtWPHUCDE8UfVSZuTCj5lGpkkK3a+KLpwLY+ymipVrkpmezp46L2gsczmDTencAdnOMApqoAk+pJFhptXVh0LeNfAl2l92GOgecHxIzfzo99cSbzKXLdT6yZOUMxpLgFd6M8w+ruNdpX8mUVcNlaJWB7jmOHf/DRzDPqNdJQeCJDIXOFD6z8cZUZgX5fYyWaljtecNjSwmbsNn/d3JAVCJ+5mi477njbUsYJRZiyIqTzBFrexwj00UsBv6BnAntIazwTv2OjFCxSqZlltqGULj/u60sdf43uRzQRy6EUy8dgAJ43U8BO7WU8BZwhkWdyTbQGs/s1xhDsCMufa6MttTORmepBEHDaglQZqOEchG9jhuzQjvSeKVAaTTk86A/Wc5xQlnDdhtLLCO8sY0fRgEOl0Jx4ndVRwkhKqdE92JBKJRCKRSCQSSbBYdQnIOMZCyPYkNmAbWy1qiyWMUJ3khSJ43pkQ8YxVuW0HG4q9e85HMuPZHxL16d0bc1XQfjcXXUVksKgd7s66qkhiOv/VubfAf9/zfnvbVUdGSO8PvCqJIpM5bAjJDZZhpWMNv6kMJZvRDCaFzsRr7lCt4oiBO1TDTMdSYFuN2m7xvYYemlt8T3DBwC2+EolEIpFIJBKJRCKRSCQSiUQikUgkEolEIpFIJBKJRCKRSCRB8j/lg3vQkTaFgwAAACV0RVh0ZGF0ZTpjcmVhdGUAMjAyMC0wMS0wNlQyMzoyMDo0MS0wNTowME+diI0AAAAldEVYdGRhdGU6bW9kaWZ5ADIwMjAtMDEtMDZUMjM6MjA6NDEtMDU6MDA+wDAxAAAAAElFTkSuQmCC
mediatype: image/png
install:
spec:
clusterPermissions:
- rules:
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ibm.com
resources:
- ibmsecurityverifyaccesses
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ibm.com
resources:
- ibmsecurityverifyaccesses/finalizers
verbs:
- update
- apiGroups:
- ibm.com
resources:
- ibmsecurityverifyaccesses/status
verbs:
- get
- patch
- update
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
serviceAccountName: verify-access-operator-controller-manager
deployments:
- label:
control-plane: controller-manager
name: verify-access-operator-controller-manager
spec:
replicas: 1
selector:
matchLabels:
control-plane: controller-manager
strategy: {}
template:
metadata:
labels:
control-plane: controller-manager
spec:
containers:
- args:
- --secure-listen-address=0.0.0.0:8443
- --upstream=http://127.0.0.1:8080/
- --logtostderr=true
- --v=10
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
name: kube-rbac-proxy
ports:
- containerPort: 8443
name: https
protocol: TCP
resources:
limits:
cpu: 200m
memory: 100Mi
requests:
cpu: 100m
memory: 20Mi
- args:
- --health-probe-bind-address=:8081
- --metrics-bind-address=127.0.0.1:8080
- --leader-elect
command:
- /manager
image: icr.io/isva/verify-access-operator:23.12.0
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
name: manager
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 200m
memory: 200Mi
requests:
cpu: 100m
memory: 20Mi
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true
serviceAccountName: verify-access-operator-controller-manager
terminationGracePeriodSeconds: 10
permissions:
- rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
serviceAccountName: verify-access-operator-controller-manager
strategy: deployment
installModes:
- supported: false
type: OwnNamespace
- supported: false
type: SingleNamespace
- supported: false
type: MultiNamespace
- supported: true
type: AllNamespaces
keywords:
- identity and access
- security
links:
- name: Verify Access Product Information
url: https://www.ibm.com/au-en/products/verify-access
- name: Verify Access Documentation
url: https://www.ibm.com/docs/en/sva
maintainers:
- email: [email protected]
name: Verify Access Development Team
maturity: stable
minKubeVersion: 1.17.0
provider:
name: IBM
url: https://www.ibm.com
version: 23.12.0
Loading

0 comments on commit 014c4c4

Please sign in to comment.