-
Notifications
You must be signed in to change notification settings - Fork 596
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
operator ack-organizations-controller (1.0.0)
- Loading branch information
Showing
8 changed files
with
590 additions
and
0 deletions.
There are no files selected for viewing
21 changes: 21 additions & 0 deletions
21
operators/ack-organizations-controller/1.0.0/bundle.Dockerfile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
FROM scratch | ||
|
||
# Core bundle labels. | ||
LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 | ||
LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ | ||
LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ | ||
LABEL operators.operatorframework.io.bundle.package.v1=ack-organizations-controller | ||
LABEL operators.operatorframework.io.bundle.channels.v1=alpha | ||
LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha | ||
LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.28.0 | ||
LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 | ||
LABEL operators.operatorframework.io.metrics.project_layout=unknown | ||
|
||
# Labels for testing. | ||
LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 | ||
LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ | ||
|
||
# Copy files to locations specified by labels. | ||
COPY bundle/manifests /manifests/ | ||
COPY bundle/metadata /metadata/ | ||
COPY bundle/tests/scorecard /tests/scorecard/ |
259 changes: 259 additions & 0 deletions
259
...ations-controller/1.0.0/manifests/ack-organizations-controller.clusterserviceversion.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,259 @@ | ||
apiVersion: operators.coreos.com/v1alpha1 | ||
kind: ClusterServiceVersion | ||
metadata: | ||
annotations: | ||
alm-examples: |- | ||
[ | ||
{ | ||
"apiVersion": "organizations.services.k8s.aws/v1alpha1", | ||
"kind": "OrganizationalUnit", | ||
"metadata": { | ||
"name": "example" | ||
}, | ||
"spec": {} | ||
} | ||
] | ||
capabilities: Basic Install | ||
categories: Cloud Provider | ||
certified: "false" | ||
containerImage: public.ecr.aws/aws-controllers-k8s/organizations-controller:1.0.0 | ||
createdAt: "2024-12-02T21:24:24Z" | ||
description: AWS Organizations controller is a service controller for managing | ||
Organizations resources in Kubernetes | ||
operatorframework.io/suggested-namespace: ack-system | ||
operators.operatorframework.io/builder: operator-sdk-v1.28.0 | ||
operators.operatorframework.io/project_layout: unknown | ||
repository: https://github.com/aws-controllers-k8s | ||
support: Community | ||
labels: | ||
operatorframework.io/arch.amd64: supported | ||
operatorframework.io/arch.arm64: supported | ||
operatorframework.io/os.linux: supported | ||
name: ack-organizations-controller.v1.0.0 | ||
namespace: placeholder | ||
spec: | ||
apiservicedefinitions: {} | ||
customresourcedefinitions: | ||
owned: | ||
- description: OrganizationalUnit represents the state of an AWS organizations | ||
OrganizationalUnit resource. | ||
displayName: OrganizationalUnit | ||
kind: OrganizationalUnit | ||
name: organizationalunits.organizations.services.k8s.aws | ||
version: v1alpha1 | ||
description: |- | ||
Manage Amazon Organizations resources in AWS from within your Kubernetes cluster. | ||
**About Amazon Organizations** | ||
With AWS Organizations you can perform account management activities at scale by consolidating multiple AWS accounts into a single organization. Consolidating accounts simplifies how you use other AWS services. You can leverage the multi-account management services available in AWS Organizations with select AWS services to perform tasks on all accounts that are members of your organization. | ||
**About the AWS Controllers for Kubernetes** | ||
This controller is a component of the [AWS Controller for Kubernetes](https://github.com/aws/aws-controllers-k8s) project. This project is currently in **developer preview**. | ||
displayName: AWS Controllers for Kubernetes - Amazon Organizations | ||
icon: | ||
- base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDE5LjAuMSwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IiB2aWV3Qm94PSIwIDAgMzA0IDE4MiIgc3R5bGU9ImVuYWJsZS1iYWNrZ3JvdW5kOm5ldyAwIDAgMzA0IDE4MjsiIHhtbDpzcGFjZT0icHJlc2VydmUiPgo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgoJLnN0MHtmaWxsOiMyNTJGM0U7fQoJLnN0MXtmaWxsLXJ1bGU6ZXZlbm9kZDtjbGlwLXJ1bGU6ZXZlbm9kZDtmaWxsOiNGRjk5MDA7fQo8L3N0eWxlPgo8Zz4KCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04Ni40LDY2LjRjMCwzLjcsMC40LDYuNywxLjEsOC45YzAuOCwyLjIsMS44LDQuNiwzLjIsNy4yYzAuNSwwLjgsMC43LDEuNiwwLjcsMi4zYzAsMS0wLjYsMi0xLjksM2wtNi4zLDQuMiAgIGMtMC45LDAuNi0xLjgsMC45LTIuNiwwLjljLTEsMC0yLTAuNS0zLTEuNEM3Ni4yLDkwLDc1LDg4LjQsNzQsODYuOGMtMS0xLjctMi0zLjYtMy4xLTUuOWMtNy44LDkuMi0xNy42LDEzLjgtMjkuNCwxMy44ICAgYy04LjQsMC0xNS4xLTIuNC0yMC03LjJjLTQuOS00LjgtNy40LTExLjItNy40LTE5LjJjMC04LjUsMy0xNS40LDkuMS0yMC42YzYuMS01LjIsMTQuMi03LjgsMjQuNS03LjhjMy40LDAsNi45LDAuMywxMC42LDAuOCAgIGMzLjcsMC41LDcuNSwxLjMsMTEuNSwyLjJ2LTcuM2MwLTcuNi0xLjYtMTIuOS00LjctMTZjLTMuMi0zLjEtOC42LTQuNi0xNi4zLTQuNmMtMy41LDAtNy4xLDAuNC0xMC44LDEuM2MtMy43LDAuOS03LjMsMi0xMC44LDMuNCAgIGMtMS42LDAuNy0yLjgsMS4xLTMuNSwxLjNjLTAuNywwLjItMS4yLDAuMy0xLjYsMC4zYy0xLjQsMC0yLjEtMS0yLjEtMy4xdi00LjljMC0xLjYsMC4yLTIuOCwwLjctMy41YzAuNS0wLjcsMS40LTEuNCwyLjgtMi4xICAgYzMuNS0xLjgsNy43LTMuMywxMi42LTQuNWM0LjktMS4zLDEwLjEtMS45LDE1LjYtMS45YzExLjksMCwyMC42LDIuNywyNi4yLDguMWM1LjUsNS40LDguMywxMy42LDguMywyNC42VjY2LjR6IE00NS44LDgxLjYgICBjMy4zLDAsNi43LTAuNiwxMC4zLTEuOGMzLjYtMS4yLDYuOC0zLjQsOS41LTYuNGMxLjYtMS45LDIuOC00LDMuNC02LjRjMC42LTIuNCwxLTUuMywxLTguN3YtNC4yYy0yLjktMC43LTYtMS4zLTkuMi0xLjcgICBjLTMuMi0wLjQtNi4zLTAuNi05LjQtMC42Yy02LjcsMC0xMS42LDEuMy0xNC45LDRjLTMuMywyLjctNC45LDYuNS00LjksMTEuNWMwLDQuNywxLjIsOC4yLDMuNywxMC42ICAgQzM3LjcsODAuNCw0MS4yLDgxLjYsNDUuOCw4MS42eiBNMTI2LjEsOTIuNGMtMS44LDAtMy0wLjMtMy44LTFjLTAuOC0wLjYtMS41LTItMi4xLTMuOUw5Ni43LDEwLjJjLTAuNi0yLTAuOS0zLjMtMC45LTQgICBjMC0xLjYsMC44LTIuNSwyLjQtMi41aDkuOGMxLjksMCwzLjIsMC4zLDMuOSwxYzAuOCwwLjYsMS40LDIsMiwzLjlsMTYuOCw2Ni4ybDE1LjYtNjYuMmMwLjUtMiwxLjEtMy4zLDEuOS0zLjljMC44LTAuNiwyLjItMSw0LTEgICBoOGMxLjksMCwzLjIsMC4zLDQsMWMwLjgsMC42LDEuNSwyLDEuOSwzLjlsMTUuOCw2N2wxNy4zLTY3YzAuNi0yLDEuMy0zLjMsMi0zLjljMC44LTAuNiwyLjEtMSwzLjktMWg5LjNjMS42LDAsMi41LDAuOCwyLjUsMi41ICAgYzAsMC41LTAuMSwxLTAuMiwxLjZjLTAuMSwwLjYtMC4zLDEuNC0wLjcsMi41bC0yNC4xLDc3LjNjLTAuNiwyLTEuMywzLjMtMi4xLDMuOWMtMC44LDAuNi0yLjEsMS0zLjgsMWgtOC42Yy0xLjksMC0zLjItMC4zLTQtMSAgIGMtMC44LTAuNy0xLjUtMi0xLjktNEwxNTYsMjNsLTE1LjQsNjQuNGMtMC41LDItMS4xLDMuMy0xLjksNGMtMC44LDAuNy0yLjIsMS00LDFIMTI2LjF6IE0yNTQuNiw5NS4xYy01LjIsMC0xMC40LTAuNi0xNS40LTEuOCAgIGMtNS0xLjItOC45LTIuNS0xMS41LTRjLTEuNi0wLjktMi43LTEuOS0zLjEtMi44Yy0wLjQtMC45LTAuNi0xLjktMC42LTIuOHYtNS4xYzAtMi4xLDAuOC0zLjEsMi4zLTMuMWMwLjYsMCwxLjIsMC4xLDEuOCwwLjMgICBjMC42LDAuMiwxLjUsMC42LDIuNSwxYzMuNCwxLjUsNy4xLDIuNywxMSwzLjVjNCwwLjgsNy45LDEuMiwxMS45LDEuMmM2LjMsMCwxMS4yLTEuMSwxNC42LTMuM2MzLjQtMi4yLDUuMi01LjQsNS4yLTkuNSAgIGMwLTIuOC0wLjktNS4xLTIuNy03Yy0xLjgtMS45LTUuMi0zLjYtMTAuMS01LjJMMjQ2LDUyYy03LjMtMi4zLTEyLjctNS43LTE2LTEwLjJjLTMuMy00LjQtNS05LjMtNS0xNC41YzAtNC4yLDAuOS03LjksMi43LTExLjEgICBjMS44LTMuMiw0LjItNiw3LjItOC4yYzMtMi4zLDYuNC00LDEwLjQtNS4yYzQtMS4yLDguMi0xLjcsMTIuNi0xLjdjMi4yLDAsNC41LDAuMSw2LjcsMC40YzIuMywwLjMsNC40LDAuNyw2LjUsMS4xICAgYzIsMC41LDMuOSwxLDUuNywxLjZjMS44LDAuNiwzLjIsMS4yLDQuMiwxLjhjMS40LDAuOCwyLjQsMS42LDMsMi41YzAuNiwwLjgsMC45LDEuOSwwLjksMy4zdjQuN2MwLDIuMS0wLjgsMy4yLTIuMywzLjIgICBjLTAuOCwwLTIuMS0wLjQtMy44LTEuMmMtNS43LTIuNi0xMi4xLTMuOS0xOS4yLTMuOWMtNS43LDAtMTAuMiwwLjktMTMuMywyLjhjLTMuMSwxLjktNC43LDQuOC00LjcsOC45YzAsMi44LDEsNS4yLDMsNy4xICAgYzIsMS45LDUuNywzLjgsMTEsNS41bDE0LjIsNC41YzcuMiwyLjMsMTIuNCw1LjUsMTUuNSw5LjZjMy4xLDQuMSw0LjYsOC44LDQuNiwxNGMwLDQuMy0wLjksOC4yLTIuNiwxMS42ICAgYy0xLjgsMy40LTQuMiw2LjQtNy4zLDguOGMtMy4xLDIuNS02LjgsNC4zLTExLjEsNS42QzI2NC40LDk0LjQsMjU5LjcsOTUuMSwyNTQuNiw5NS4xeiIvPgoJPGc+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI3My41LDE0My43Yy0zMi45LDI0LjMtODAuNywzNy4yLTEyMS44LDM3LjJjLTU3LjYsMC0xMDkuNS0yMS4zLTE0OC43LTU2LjdjLTMuMS0yLjgtMC4zLTYuNiwzLjQtNC40ICAgIGM0Mi40LDI0LjYsOTQuNywzOS41LDE0OC44LDM5LjVjMzYuNSwwLDc2LjYtNy42LDExMy41LTIzLjJDMjc0LjIsMTMzLjYsMjc4LjksMTM5LjcsMjczLjUsMTQzLjd6Ii8+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI4Ny4yLDEyOC4xYy00LjItNS40LTI3LjgtMi42LTM4LjUtMS4zYy0zLjIsMC40LTMuNy0yLjQtMC44LTQuNWMxOC44LTEzLjIsNDkuNy05LjQsNTMuMy01ICAgIGMzLjYsNC41LTEsMzUuNC0xOC42LDUwLjJjLTIuNywyLjMtNS4zLDEuMS00LjEtMS45QzI4Mi41LDE1NS43LDI5MS40LDEzMy40LDI4Ny4yLDEyOC4xeiIvPgoJPC9nPgo8L2c+Cjwvc3ZnPg== | ||
mediatype: image/svg+xml | ||
install: | ||
spec: | ||
clusterPermissions: | ||
- rules: | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- configmaps | ||
- secrets | ||
verbs: | ||
- get | ||
- list | ||
- patch | ||
- watch | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- namespaces | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
- apiGroups: | ||
- organizations.services.k8s.aws | ||
resources: | ||
- organizationalunits | ||
verbs: | ||
- create | ||
- delete | ||
- get | ||
- list | ||
- patch | ||
- update | ||
- watch | ||
- apiGroups: | ||
- organizations.services.k8s.aws | ||
resources: | ||
- organizationalunits/status | ||
verbs: | ||
- get | ||
- patch | ||
- update | ||
- apiGroups: | ||
- services.k8s.aws | ||
resources: | ||
- adoptedresources | ||
- fieldexports | ||
verbs: | ||
- create | ||
- delete | ||
- get | ||
- list | ||
- patch | ||
- update | ||
- watch | ||
- apiGroups: | ||
- services.k8s.aws | ||
resources: | ||
- adoptedresources/status | ||
- fieldexports/status | ||
verbs: | ||
- get | ||
- patch | ||
- update | ||
serviceAccountName: ack-organizations-controller | ||
deployments: | ||
- label: | ||
app.kubernetes.io/name: ack-organizations-controller | ||
app.kubernetes.io/part-of: ack-system | ||
name: ack-organizations-controller | ||
spec: | ||
replicas: 1 | ||
selector: | ||
matchLabels: | ||
app.kubernetes.io/name: ack-organizations-controller | ||
strategy: {} | ||
template: | ||
metadata: | ||
labels: | ||
app.kubernetes.io/name: ack-organizations-controller | ||
spec: | ||
containers: | ||
- args: | ||
- --aws-region | ||
- $(AWS_REGION) | ||
- --aws-endpoint-url | ||
- $(AWS_ENDPOINT_URL) | ||
- --enable-development-logging=$(ACK_ENABLE_DEVELOPMENT_LOGGING) | ||
- --log-level | ||
- $(ACK_LOG_LEVEL) | ||
- --resource-tags | ||
- $(ACK_RESOURCE_TAGS) | ||
- --watch-namespace | ||
- $(ACK_WATCH_NAMESPACE) | ||
- --enable-leader-election=$(ENABLE_LEADER_ELECTION) | ||
- --leader-election-namespace | ||
- $(LEADER_ELECTION_NAMESPACE) | ||
- --reconcile-default-max-concurrent-syncs | ||
- $(RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS) | ||
command: | ||
- ./bin/controller | ||
env: | ||
- name: ACK_SYSTEM_NAMESPACE | ||
valueFrom: | ||
fieldRef: | ||
fieldPath: metadata.namespace | ||
envFrom: | ||
- configMapRef: | ||
name: ack-organizations-user-config | ||
optional: false | ||
- secretRef: | ||
name: ack-organizations-user-secrets | ||
optional: true | ||
image: public.ecr.aws/aws-controllers-k8s/organizations-controller:1.0.0 | ||
livenessProbe: | ||
httpGet: | ||
path: /healthz | ||
port: 8081 | ||
initialDelaySeconds: 15 | ||
periodSeconds: 20 | ||
name: controller | ||
ports: | ||
- containerPort: 8080 | ||
name: http | ||
readinessProbe: | ||
httpGet: | ||
path: /readyz | ||
port: 8081 | ||
initialDelaySeconds: 5 | ||
periodSeconds: 10 | ||
resources: | ||
limits: | ||
cpu: 100m | ||
memory: 300Mi | ||
requests: | ||
cpu: 100m | ||
memory: 200Mi | ||
securityContext: | ||
allowPrivilegeEscalation: false | ||
capabilities: | ||
drop: | ||
- ALL | ||
privileged: false | ||
runAsNonRoot: true | ||
dnsPolicy: ClusterFirst | ||
securityContext: | ||
seccompProfile: | ||
type: RuntimeDefault | ||
serviceAccountName: ack-organizations-controller | ||
terminationGracePeriodSeconds: 10 | ||
permissions: | ||
- rules: | ||
- apiGroups: | ||
- coordination.k8s.io | ||
resources: | ||
- leases | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
- create | ||
- update | ||
- patch | ||
- delete | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- events | ||
verbs: | ||
- create | ||
- patch | ||
serviceAccountName: ack-organizations-controller | ||
strategy: deployment | ||
installModes: | ||
- supported: true | ||
type: OwnNamespace | ||
- supported: true | ||
type: SingleNamespace | ||
- supported: true | ||
type: MultiNamespace | ||
- supported: true | ||
type: AllNamespaces | ||
keywords: | ||
- organizations | ||
- aws | ||
- amazon | ||
- ack | ||
links: | ||
- name: AWS Controllers for Kubernetes | ||
url: https://github.com/aws-controllers-k8s/community | ||
- name: Documentation | ||
url: https://aws-controllers-k8s.github.io/community/ | ||
- name: Amazon Organizations Developer Resources | ||
url: https://aws.amazon.com/organizations/resources/ | ||
maintainers: | ||
- email: [email protected] | ||
name: organizations maintainer team | ||
maturity: alpha | ||
provider: | ||
name: Amazon, Inc. | ||
url: https://aws.amazon.com | ||
version: 1.0.0 |
16 changes: 16 additions & 0 deletions
16
...rganizations-controller/1.0.0/manifests/ack-organizations-metrics-service_v1_service.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
creationTimestamp: null | ||
name: ack-organizations-metrics-service | ||
spec: | ||
ports: | ||
- name: metricsport | ||
port: 8080 | ||
protocol: TCP | ||
targetPort: http | ||
selector: | ||
app.kubernetes.io/name: ack-organizations-controller | ||
type: NodePort | ||
status: | ||
loadBalancer: {} |
14 changes: 14 additions & 0 deletions
14
...ontroller/1.0.0/manifests/ack-organizations-reader_rbac.authorization.k8s.io_v1_role.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: Role | ||
metadata: | ||
creationTimestamp: null | ||
name: ack-organizations-reader | ||
rules: | ||
- apiGroups: | ||
- organizations.services.k8s.aws | ||
resources: | ||
- organizationalunits | ||
verbs: | ||
- get | ||
- list | ||
- watch |
26 changes: 26 additions & 0 deletions
26
...ontroller/1.0.0/manifests/ack-organizations-writer_rbac.authorization.k8s.io_v1_role.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: Role | ||
metadata: | ||
creationTimestamp: null | ||
name: ack-organizations-writer | ||
rules: | ||
- apiGroups: | ||
- organizations.services.k8s.aws | ||
resources: | ||
- organizationalunits | ||
verbs: | ||
- create | ||
- delete | ||
- get | ||
- list | ||
- patch | ||
- update | ||
- watch | ||
- apiGroups: | ||
- organizations.services.k8s.aws | ||
resources: | ||
- organizationalunits | ||
verbs: | ||
- get | ||
- patch | ||
- update |
Oops, something went wrong.