-
Notifications
You must be signed in to change notification settings - Fork 579
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
operator ibm-security-verify-access-operator (24.4.0)
- Loading branch information
1 parent
b5849f5
commit f3642d9
Showing
8 changed files
with
2,886 additions
and
0 deletions.
There are no files selected for viewing
295 changes: 295 additions & 0 deletions
295
...-operator/24.4.0/manifests/ibm-security-verify-access-operator.clusterserviceversion.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,295 @@ | ||
apiVersion: operators.coreos.com/v1alpha1 | ||
kind: ClusterServiceVersion | ||
metadata: | ||
annotations: | ||
alm-examples: |- | ||
[ | ||
{ | ||
"apiVersion": "ibm.com/v1", | ||
"kind": "IBMSecurityVerifyAccess", | ||
"metadata": { | ||
"name": "isva-sample" | ||
}, | ||
"spec": { | ||
"image": "icr.io/isva/verify-access-wrp:10.0.7.0", | ||
"instance": "default" | ||
} | ||
} | ||
] | ||
capabilities: Seamless Upgrades | ||
categories: Security | ||
certified: "false" | ||
containerImage: icr.io/isva/verify-access-operator:24.4.0 | ||
createdAt: "2024-04-03T21:25:37Z" | ||
description: The IBM Security Verify Access Operator manages the lifecycle of | ||
IBM Security Verify Access worker containers. | ||
operators.operatorframework.io/builder: operator-sdk-v1.34.1 | ||
operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 | ||
repository: https://github.com/IBM-Security/verify-access-operator | ||
support: IBM | ||
name: ibm-security-verify-access-operator.v24.4.0 | ||
namespace: placeholder | ||
spec: | ||
apiservicedefinitions: {} | ||
customresourcedefinitions: | ||
owned: | ||
- description: IBMSecurityVerifyAccess is the Schema for the ibmsecurityverifyaccesses | ||
API. | ||
displayName: IBMSecurity Verify Access | ||
kind: IBMSecurityVerifyAccess | ||
name: ibmsecurityverifyaccesses.ibm.com | ||
resources: | ||
- kind: Deployment | ||
name: "" | ||
version: v1 | ||
specDescriptors: | ||
- description: The name of the IBM Security Verify Access image to be used. | ||
displayName: Image | ||
path: image | ||
x-descriptors: | ||
- urn:alm:descriptor:com.tectonic.ui:text | ||
- description: The name of the Verify Access instance which is being deployed. This | ||
value is only used for WRP and DSC deployments and is ignored for Runtime | ||
deployments. | ||
displayName: Instance | ||
path: instance | ||
x-descriptors: | ||
- urn:alm:descriptor:com.tectonic.ui:text | ||
- description: The number of pods which will be started for the deployment. | ||
displayName: Replicas | ||
path: replicas | ||
x-descriptors: | ||
- urn:alm:descriptor:com.tectonic.ui:number | ||
- description: A boolean flag which indicates whether the deployment should | ||
be automatically restarted when a new snapshot is published. | ||
displayName: Auto Restart | ||
path: autoRestart | ||
x-descriptors: | ||
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch | ||
statusDescriptors: | ||
- description: The list of status conditions associated with the custom resource. | ||
displayName: Conditions | ||
path: conditions | ||
x-descriptors: | ||
- urn:alm:descriptor:io.kubernetes.conditions | ||
version: v1 | ||
description: |+ | ||
In a world of highly fragmented access management environments, [IBM Security Verify Access](https://www.ibm.com/au-en/products/verify-access) helps you simplify your users' access while more securely adopting web, mobile and cloud technologies. This solution helps you strike a balance between usability and security through the use of risk-based access, single sign-on, integrated access management control, identity federation and its mobile multi-factor authentication capability, IBM Verify. Take back control of your access management with IBM Security Verify Access. | ||
The IBM Security Verify Access operator provides lifecycle management of the lightweight containers which are used to protect an environment, namely: | ||
* [Web Reverse Proxy](https://www.ibm.com/docs/en/sva/latest?topic=support-docker-image-verify-access-web-reverse-proxy) | ||
* [Runtime](https://www.ibm.com/docs/en/sva/latest?topic=support-docker-image-verify-access-runtime) | ||
* [Distributed Session Cache](https://www.ibm.com/docs/en/sva/latest?topic=support-docker-image-verify-access-distributed-session-cache) | ||
The operator will manage the deployment of these lightweight IBM Security Verify Access worker containers, and also control the rolling restart of these containers when a configuration snapshot is updated. | ||
See the project [Readme](https://github.com/IBM-Security/verify-access-operator/blob/master/README.md) for further information and details. | ||
displayName: IBM Security Verify Access Operator | ||
icon: | ||
- base64data: iVBORw0KGgoAAAANSUhEUgAAAKAAAACgCAQAAAAhxq+mAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAAAmJLR0QA/4ePzL8AAAAHdElNRQfkAQYXFCksf3+UAAAMEElEQVR42u2ce3RUxRnAf7shT5JAwjvySIKCEKyICgkqCLYKiGBQq6eCini0qBWOeny02sfpMaBWlP6DQm2PwPFUK68KBDiAFTShPJUQIDwEEkASCQnkzSbZ/pHL7N27d3fv3t3sTZf5zT+TzHxzZ76dO49vvjsgkUgkEolEIpFIJBKJRCKRSCQSiUQikUgkEolEIpFIJBKJJNKwWfz8KNK4iQySucw5DnCI+pBLRCx2sphPEVU046SVek6zhgdICqFEBBPDDA7SilMTLvER6SGSiGA68QI/eaiiLbSwlmtDIBHRPEi5F2U4cdLKMlKDlggLUZaoL533GaTEmyliFRspJobu2AGwMYhS9gQlEdHMoVnpORfJI4NoIJoM8rgo+lQBPYOSiGAS2ao0uZk84lUp8eQJRVVzfxASEc0NnFKa/B2ZmrRMvhM96k9BSIQNe/gfST8SlVgBZZq0MgpV+eJMS4QNKxSYQCclVolDk+bgvE6+wCXChhUKrKdZiXUjWpMWTXedfIFLhA0rFFhGrRIbTT9NWj9yRPw0jaYlwoYVCjzBcSU2jKc0c+pTDFPiF9kXhESE476qywx4HWhEIkxYY85K53NuVeLNFFPIebqTQ5aYBBqZw+KgJCKchwLe2QYuEdH4tq2sC9gas+5qs8Z4t+7VsJiMEElEOHaG8TYHqKJFZV9+0KdFOlCJdsf6M5FrVCccRYbORAKVkEgkEkk7Eb5JxE5vrmWn3+2+jWhSyaAv3UkiFmiihp84w0kqceD0Ix/HSI5xjtbwNCs89rNEbmACU9jIDp/5ujGUUdzGYLqSSJwwXTlooI5qSihgBwep9FFGK5OYwJfkU0RNeJTYnnSiPzNZwY84ucAkr/miyGQuGznvY7vWFirZyFwyfZwnTuICTs6xkifpH34Ta+hIZBzzKaJBafpWr7vVTF7nAJf9Ku9KuEwxv/W6+0gVR1ANHOAdxv//uX7EcB1Ps45zqkY386Ju3iRmsFMYq4yHZnYyw4tqXnQrr5x8nmEQsVarxRjJ3MNCDuHQNPgkWTq5M/iQmoCV59oFf6jbD7M4qcnpoIS/MoEulu+9fBBDFs+zxcs4tsTjxMzGKL4y0ffc++FXjPJQShxLvIyfW3mBYR2vL9rpxmSWcIQWLw3VO/S+i6KglHclFHGXR9n3U+3V9HWUvzFFOIVYTjTDeZntKtO6XviWbhq5sRSHRH1OnBQzVlN6Nwp8SlziG15hBDFWqs5OH6axjB90XsNGDrKCCvH3axrZEewLmfqcONnHCM0TXhNp5azgII06ffEEy3mAtGD6otlVUiw/YyITudHtjAzASTUFrCOf0UxQ/lfKJk2uLqxhDf52FUaxAV00/9vEs8oRaGdWUMAkJjGarqrx0k466UyjiPXksz9cR6J2BvAIn1Om2+++ZwFjSAESWC7+v9xDze1PvOr5y0gAUhjDAr7X6YvNlPEvfkV6+46LNhLJYR67dKtQziqeIEP8wsM5raTV8nDY1QfwMLVKDU5zo2hDBk+wknKdn7+JPbzNaJLaY6ljI5OZrNJ9cCO7mEc2iW4PfkPk3E1vSxTYm93i5/2dW1sSyfbSEVqoYA2zGBi6vmgjhbG876Xrl/IZjzDA43FpbBe5fm/RgsHOH0QdttHHI3UAj/AZpR5LfidN7Gch40gNti/aSedZ1lGlcxZWTyFvcouXRekU6pR8ZSrflXCTQ5lSizqm6OaI5RbepJB6j/a1Uk0+z5Fh/ufvz6vs1+13x1lKLn28Fh3N30XuLyyYQK4QzwpRj489/LquYCeNXC/LsSaKeI0BgT86msls1ynwItt4ieFeK9PGMH4QFZhumfoAptOk1OS47l5c3WJvG4JmtjPZT4s1JPKyhyNFC0dYzGS6GejSL4lx5Tszv14IGSAcgB1erEFq2raki3W2pOW8LLxk/ZLMW2IB0BbOs5nnyTK48enJFiE5z6IPKa4QxXxRl830MCTTZhTZrDGK1PIWyZ6ZPWeZOF7hdZXlpJzVrGQHlwxX+h6+UH6tcn7JNlVKPNO5JmT7Dz1snGE5Dar/jOFzegFQywMeOyLvJJNDLlNVS7AG8viL//3K41wQWnewjnEBOm5H8aGQX0tnt7SeHA7Bvtd3OKzxEuzMWpG2KMD3IY47WauylF9ghj+RG1U2kno+MLEEHsIhof4nNWm9KW13BZZ61HmWmAwPcX3A7enFe2JJ5qSIG3xlTuAjVe9719RZwmxR3SKu06T14Wy7K/Csx5J5kLA7OphtokWJzBNzuZNFvpZldwoPvFb+qfJ+N05XNohHLfSYr61RYBQLRWo+XU20KpWlYitR4WF7VD3I1f9KxPY7MMaJEfQC4z1SrVEg3KWq1Z2m2jWUA6o+qOoY6j5yHXcosVY+Yb+Jx9iZSooS38VeU1VtD/awS4mlMNXU1uwg/6BFiY9Re8OqCxvBQCV2jNWYWWwMFL2uhTVUW6cxDdX8WzR/vMfXdsb4ksOilSrrt0uBnRguFsqFHDX1kNsZosSO8R+rtKXLVxxTYkO53VQJx/lWicVyk2s55FJgPEOV2GV2enyRZoQEcsURwdeUWKowLSV8rcQ6kUuCiRJaVI5RQ1wluM5EYumrxOo5ZKqSN4svOWpZJV4ZNbW8R5KpwcEoNmrEZ2HuzV/No8qyfiQj+MZE2YeoVzYV/Yj1dFzqLb7JrRAvYiDYyRPz1JYO+O14T+Ex4+QtUxPJQOGqctK1WHcVZBMGm1aaTBTfj4lKrJl8KqzWlwcV5Iu3YoJ42wKhSfgcRrtsCC4FOoXa7KbGiNvFGFrGBouVpc8GSpVYFreZkI8X2mpyDUMuBTqE22IMaQEXHkeumMM72gRyhcPCMhRLrolv2/uIFqo++3YpsEn8Pgl+bLd6DGekEqtntak5vP1xsFp8U5JtYqeVJd7MUtcg51JgPcVKLJqRAf4+dn4hPoTeK1b9HY+d4ovifvw8wBO3GEaJA7Ri18c9LgW2sk/8O0eMZ8bozVQl1sImzlqtJ6+cZZOYCKYGaKobLMbNOvbpu7Cnqy4QmR/QRP9rcXZ3huFWa8knN3FGqWkDzwQgZ+OPwh6zz9s5j413hQJPMcZw4dezV8gttfAQ0wgJLBN13c1gw3LZHBdy76hffvdx4FZWihXSZmaJacUXXVggLM+VPMZ6H3mTeDoMO5HFPj9vuJelwtn9Y17iooFS01jMvUq8jGns9pYxhnfEgV4Ly3Usa1qSyRNe+E4+8bOCtMoeqKazqg82kGfA6t6DJcLK3sLbvs8mB7JDFO/gC4b4nKvSWKhyiijhFj9V6QgKhFs5KnLX84HPVa+NgSxXGfQLhcnPK/epGtnKXmZ4uC62EcdENqocc6qZ6Xfi6RgKtDNL5UHtYBMTvYzciTxEocov6Cz3+VMfRPOc6mDTySXWM5PBpCiWmyiSyWQan6oceJ3U8aaBtWPHUCDE8UfVSZuTCj5lGpkkK3a+KLpwLY+ymipVrkpmezp46L2gsczmDTencAdnOMApqoAk+pJFhptXVh0LeNfAl2l92GOgecHxIzfzo99cSbzKXLdT6yZOUMxpLgFd6M8w+ruNdpX8mUVcNlaJWB7jmOHf/DRzDPqNdJQeCJDIXOFD6z8cZUZgX5fYyWaljtecNjSwmbsNn/d3JAVCJ+5mi477njbUsYJRZiyIqTzBFrexwj00UsBv6BnAntIazwTv2OjFCxSqZlltqGULj/u60sdf43uRzQRy6EUy8dgAJ43U8BO7WU8BZwhkWdyTbQGs/s1xhDsCMufa6MttTORmepBEHDaglQZqOEchG9jhuzQjvSeKVAaTTk86A/Wc5xQlnDdhtLLCO8sY0fRgEOl0Jx4ndVRwkhKqdE92JBKJRCKRSCQSSbBYdQnIOMZCyPYkNmAbWy1qiyWMUJ3khSJ43pkQ8YxVuW0HG4q9e85HMuPZHxL16d0bc1XQfjcXXUVksKgd7s66qkhiOv/VubfAf9/zfnvbVUdGSO8PvCqJIpM5bAjJDZZhpWMNv6kMJZvRDCaFzsRr7lCt4oiBO1TDTMdSYFuN2m7xvYYemlt8T3DBwC2+EolEIpFIJBKJRCKRSCQSiUQikUgkEolEIpFIJBKJRCKRSCRB8j/lg3vQkTaFgwAAACV0RVh0ZGF0ZTpjcmVhdGUAMjAyMC0wMS0wNlQyMzoyMDo0MS0wNTowME+diI0AAAAldEVYdGRhdGU6bW9kaWZ5ADIwMjAtMDEtMDZUMjM6MjA6NDEtMDU6MDA+wDAxAAAAAElFTkSuQmCC | ||
mediatype: image/png | ||
install: | ||
spec: | ||
clusterPermissions: | ||
- rules: | ||
- apiGroups: | ||
- apps | ||
resources: | ||
- deployments | ||
verbs: | ||
- create | ||
- delete | ||
- get | ||
- list | ||
- patch | ||
- update | ||
- watch | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- pods | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- secrets | ||
verbs: | ||
- create | ||
- delete | ||
- get | ||
- list | ||
- patch | ||
- update | ||
- watch | ||
- apiGroups: | ||
- ibm.com | ||
resources: | ||
- ibmsecurityverifyaccesses | ||
verbs: | ||
- create | ||
- delete | ||
- get | ||
- list | ||
- patch | ||
- update | ||
- watch | ||
- apiGroups: | ||
- ibm.com | ||
resources: | ||
- ibmsecurityverifyaccesses/finalizers | ||
verbs: | ||
- update | ||
- apiGroups: | ||
- ibm.com | ||
resources: | ||
- ibmsecurityverifyaccesses/status | ||
verbs: | ||
- get | ||
- patch | ||
- update | ||
- apiGroups: | ||
- authentication.k8s.io | ||
resources: | ||
- tokenreviews | ||
verbs: | ||
- create | ||
- apiGroups: | ||
- authorization.k8s.io | ||
resources: | ||
- subjectaccessreviews | ||
verbs: | ||
- create | ||
serviceAccountName: verify-access-operator-controller-manager | ||
deployments: | ||
- label: | ||
control-plane: controller-manager | ||
name: verify-access-operator-controller-manager | ||
spec: | ||
replicas: 1 | ||
selector: | ||
matchLabels: | ||
control-plane: controller-manager | ||
strategy: {} | ||
template: | ||
metadata: | ||
labels: | ||
control-plane: controller-manager | ||
spec: | ||
containers: | ||
- args: | ||
- --secure-listen-address=0.0.0.0:8443 | ||
- --upstream=http://127.0.0.1:8080/ | ||
- --logtostderr=true | ||
- --v=10 | ||
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 | ||
name: kube-rbac-proxy | ||
ports: | ||
- containerPort: 8443 | ||
name: https | ||
protocol: TCP | ||
resources: | ||
limits: | ||
cpu: 200m | ||
memory: 100Mi | ||
requests: | ||
cpu: 100m | ||
memory: 20Mi | ||
- args: | ||
- --health-probe-bind-address=:8081 | ||
- --metrics-bind-address=127.0.0.1:8080 | ||
- --leader-elect | ||
command: | ||
- /manager | ||
image: icr.io/isva/verify-access-operator:24.4.0 | ||
livenessProbe: | ||
httpGet: | ||
path: /healthz | ||
port: 8081 | ||
initialDelaySeconds: 15 | ||
periodSeconds: 20 | ||
name: manager | ||
readinessProbe: | ||
httpGet: | ||
path: /readyz | ||
port: 8081 | ||
initialDelaySeconds: 5 | ||
periodSeconds: 10 | ||
resources: | ||
limits: | ||
cpu: 200m | ||
memory: 200Mi | ||
requests: | ||
cpu: 100m | ||
memory: 20Mi | ||
securityContext: | ||
allowPrivilegeEscalation: false | ||
securityContext: | ||
runAsNonRoot: true | ||
serviceAccountName: verify-access-operator-controller-manager | ||
terminationGracePeriodSeconds: 10 | ||
permissions: | ||
- rules: | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- configmaps | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
- create | ||
- update | ||
- patch | ||
- delete | ||
- apiGroups: | ||
- coordination.k8s.io | ||
resources: | ||
- leases | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
- create | ||
- update | ||
- patch | ||
- delete | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- events | ||
verbs: | ||
- create | ||
- patch | ||
serviceAccountName: verify-access-operator-controller-manager | ||
strategy: deployment | ||
installModes: | ||
- supported: false | ||
type: OwnNamespace | ||
- supported: false | ||
type: SingleNamespace | ||
- supported: false | ||
type: MultiNamespace | ||
- supported: true | ||
type: AllNamespaces | ||
keywords: | ||
- identity and access | ||
- security | ||
links: | ||
- name: Verify Access Product Information | ||
url: https://www.ibm.com/au-en/products/verify-access | ||
- name: Verify Access Documentation | ||
url: https://www.ibm.com/docs/en/sva | ||
maintainers: | ||
- email: [email protected] | ||
name: Verify Access Development Team | ||
maturity: stable | ||
minKubeVersion: 1.17.0 | ||
provider: | ||
name: IBM | ||
url: https://www.ibm.com | ||
version: 24.4.0 | ||
replaces: ibm-security-verify-access-operator.v23.12.0 |
Oops, something went wrong.