Merge pull request #551 from mbaldessari/ui-poc-pr

Initial UI support

Author: openshift-merge-bot[bot]

.gitignore

@@ -34,3 +34,5 @@
 # Govulncheck stuff
 govulncheck.results
 /database
+
+*Dockerfile

Makefile

@@ -4,13 +4,15 @@
 # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
 # - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
 VERSION ?= 0.0.4
+SUPPORTED_OCP_VERSIONS ?= v4.20-v4.21
 OPERATOR_NAME ?= patterns
 GOFLAGS=-mod=vendor
 REGISTRY ?= localhost
 UPLOADREGISTRY ?= quay.io/validatedpatterns
 GOLANGCI_IMG ?= docker.io/golangci/golangci-lint
 GOLANGCI_VERSION ?= 2.11.3
 
+
 # CI uses a non-writable home dir, make sure .cache is writable
 ifeq ("${HOME}", "/")
 HOME=/tmp
@@ -69,6 +71,13 @@ BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION)
 # Image URL to use all building/pushing image targets
 IMG ?= $(IMAGE_TAG_BASE):$(VERSION)
 OPERATOR_IMG ?= $(OPERATOR_NAME)-operator:$(VERSION)
+
+# always release the console with the same tag as the operator and the other way around!
+# Image base URL of the console plugin
+CONSOLE_PLUGIN_IMAGE_BASE ?= $(IMAGE_TAG_BASE)-console
+CONSOLE_PLUGIN_IMAGE ?= $(CONSOLE_PLUGIN_IMAGE_BASE):$(VERSION)
+CONSOLE_PLUGIN_DOCKERFILE ?= console-plugin.Dockerfile
+
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 ENVTEST_K8S_VERSION = 1.30
 
@@ -205,11 +214,16 @@ uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified
 .PHONY: deploy
 deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
 	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	cd config/console-plugin && $(KUSTOMIZE) edit set image console-plugin=${CONSOLE_PLUGIN_IMAGE}
 	$(KUSTOMIZE) build config/default | kubectl apply -f -
+	$(KUSTOMIZE) build config/console-plugin | kubectl apply -f -
+	$(KUSTOMIZE) build config/pattern-ui-catalog | kubectl apply -f -
 
 .PHONY: undeploy
 undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
 	$(KUSTOMIZE) build config/default | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
+	$(KUSTOMIZE) build config/console-plugin | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
+	$(KUSTOMIZE) build config/pattern-ui-catalog | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
 
 ## Location to install dependencies to
 LOCALBIN ?= $(shell pwd)/bin
@@ -293,6 +307,7 @@ endef
 bundle: manifests kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files.
 	$(OPERATOR_SDK) generate kustomize manifests -q
 	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
+	cd config/console-plugin && $(KUSTOMIZE) edit set image console-plugin=$(CONSOLE_PLUGIN_IMAGE)
 	$(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle $(BUNDLE_GEN_FLAGS)
 	$(MAKE) bundle-fixes bundle-date
 	./hack/set_openshift_minimum_version.sh
@@ -352,6 +367,22 @@ ifneq ($(origin CATALOG_BASE_IMG), undefined)
 FROM_INDEX_OPT := --from-index $(CATALOG_BASE_IMG)
 endif
 
+# Generate Dockerfile using the template. It uses envsubst to replace the value of the version label in the container
+.PHONY: generate-dockerfile-console-plugin
+generate-dockerfile-console-plugin:
+	VERSION=$(VERSION) SUPPORTED_OCP_VERSIONS=$(SUPPORTED_OCP_VERSIONS) envsubst < templates/console-plugin.Dockerfile.template > $(CONSOLE_PLUGIN_DOCKERFILE)
+
+.PHONY: console-build
+console-build: generate-dockerfile-console-plugin ## Build the console image
+	@echo "Building console image with cache optimization..."
+	@podman pull $(CONSOLE_PLUGIN_IMAGE_BASE):latest 2>/dev/null || true
+	podman build -f $(CURPATH)/$(CONSOLE_PLUGIN_DOCKERFILE) -t ${CONSOLE_PLUGIN_IMAGE} .
+	podman tag ${CONSOLE_PLUGIN_IMAGE} $(CONSOLE_PLUGIN_IMAGE_BASE):latest
+
+.PHONY: console-push
+console-push: ## Push the console image
+	podman push $(CONSOLE_PLUGIN_IMAGE)
+
 # Build an OLM catalog image by adding the bundle image to a simple catalog using the
 # operator package manager tool, 'opm'. For more information see:
 # https://olm.operatorframework.io/docs/reference/catalog-templates

TODO.ui

@@ -0,0 +1,23 @@
+- Tie down the RBACs
+- Next to Catalog, can we show the single Pattern CR (reusing the existing UI)?
+- Add one or two screenshots (logo, screenshot, etc)
+- AI based pattern with extra bits (one AI quickstart vs the other quickstart)
+- Can we prettify the install part (maybe poke the pattern CR status?)
+  Or the metadata of the pattern can include some steps
+- Need to think about workflows around the catalog
+- Add some requirements
+- We need to come up with a plan for the versioning of catalogs (i.e. the tags of the catalog container)
+  Default is stable-v1, future operators could switch defaults. Maybe we could show if we're using an
+  outdated tag in the console
+- Test plan
+  - Deploy a pattern via CLI, will it show as installed in the UI catalog
+
+[DONE]
+- Add a button to load the secrets separately ?
+- Did the random secret injection not work?
+- If a pattern is already installed then show it is so in the catalog (or add the uninstall button)
+- Finish job loading to work
+- Make sure we delete the secret used by the secret loading job
+- Fix IE when no secrets
+- Add a description, drop owners (maybe also org)
+- Add where the catalog came from

bundle/manifests/patterns-operator-console-plugin_v1_configmap.yaml

@@ -0,0 +1,23 @@
+apiVersion: v1
+data:
+  nginx.conf: |
+    error_log /dev/stdout info;
+    events {}
+    http {
+      access_log         /dev/stdout;
+      include            /etc/nginx/mime.types;
+      default_type       application/octet-stream;
+      keepalive_timeout  65;
+      server {
+        listen              9443 ssl;
+        listen              [::]:9443 ssl;
+        ssl_certificate     /var/cert/tls.crt;
+        ssl_certificate_key /var/cert/tls.key;
+        root                /usr/share/nginx/html;
+      }
+    }
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/component: patterns-operator-console-plugin
+  name: patterns-operator-console-plugin

bundle/manifests/patterns-operator-console-plugin_v1_service.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    service.beta.openshift.io/serving-cert-secret-name: patterns-operator-console-plugin-cert
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/component: patterns-operator-console-plugin
+  name: patterns-operator-console-plugin
+spec:
+  ports:
+  - name: 9443-tcp
+    port: 9443
+    protocol: TCP
+    targetPort: https
+  selector:
+    app.kubernetes.io/component: patterns-operator-console-plugin
+  sessionAffinity: None
+  type: ClusterIP
+status:
+  loadBalancer: {}

bundle/manifests/patterns-operator-patterns-secret-injector-role_rbac.authorization.k8s.io_v1_clusterrole.yaml

@@ -0,0 +1,48 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  name: patterns-operator-patterns-secret-injector-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - ""
+  resources:
+  - pods/exec
+  verbs:
+  - create
+- apiGroups:
+  - batch
+  resources:
+  - jobs
+  verbs:
+  - get
+  - list
+  - create
+  - update
+  - patch
+  - delete

bundle/manifests/patterns-operator-patterns-secret-injector-rolebinding_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  creationTimestamp: null
+  name: patterns-operator-patterns-secret-injector-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: patterns-operator-patterns-secret-injector-role
+subjects:
+- kind: ServiceAccount
+  name: patterns-operator-patterns-secret-injector
+  namespace: patterns-operator-system

bundle/manifests/patterns-operator-patterns-secret-injector_v1_serviceaccount.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  creationTimestamp: null
+  name: patterns-operator-patterns-secret-injector

bundle/manifests/patterns-operator-secret-injector-role_rbac.authorization.k8s.io_v1_clusterrole.yaml

@@ -0,0 +1,49 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  name: patterns-operator-secret-injector-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - ""
+  resources:
+  - pods/exec
+  verbs:
+  - get
+  - create
+- apiGroups:
+  - batch
+  resources:
+  - jobs
+  verbs:
+  - get
+  - list
+  - create
+  - update
+  - patch
+  - delete

bundle/manifests/patterns-operator-secret-injector-rolebinding_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  creationTimestamp: null
+  name: patterns-operator-secret-injector-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: patterns-operator-secret-injector-role
+subjects:
+- kind: ServiceAccount
+  name: patterns-operator-secret-injector
+  namespace: patterns-operator