NO-ISSUE: Must have changes to reflect prod requirements in manifests…

… files (#48)

Signed-off-by: Ricardo Zanini <[email protected]>

Makefile.prod

@@ -4,6 +4,8 @@
 # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
 # - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
 VERSION ?= 1.33.0
+# TODO: UPDATE THIS TO THE OPERATOR image SHA when releasing
+IMAGE_DIGEST ?= sha256:123456789
 
 # CHANNELS define the bundle channels used in the bundle.
 # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable")
@@ -44,11 +46,11 @@ BUILDER ?= podman
 # USE_IMAGE_DIGESTS defines if images are resolved via tags or digests
 # You can enable this value if you would like to use SHA Based Digests
 # To enable set flag to true
-USE_IMAGE_DIGESTS ?= false
+USE_IMAGE_DIGESTS ?= true
 IMG_TAG_SEP = :
 IMG_VERSION = $(VERSION)
 ifeq ($(USE_IMAGE_DIGESTS), true)
-	BUNDLE_GEN_FLAGS += --use-image-digests
+	#BUNDLE_GEN_FLAGS += --use-image-digests
 	IMG_TAG_SEP = @
 	IMG_VERSION = $(IMAGE_DIGEST)
 endif

bundle.prod/manifests/logic-operator-rhel8-builder-config_v1_configmap.yaml

@@ -1,19 +1,17 @@
 apiVersion: v1
 data:
-  DEFAULT_BUILDER_RESOURCE_NAME: Dockerfile
   DEFAULT_WORKFLOW_EXTENSION: .sw.json
   Dockerfile: "FROM registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8:latest
     AS builder\n\n# variables that can be overridden by the builder\n# To add a Quarkus
     extension to your application\nARG QUARKUS_EXTENSIONS\n# Args to pass to the Quarkus
-    CLI add extension command\nARG QUARKUS_ADD_EXTENSION_ARGS\n# Additional java/mvn arguments to pass to the builder\n
-    ARG MAVEN_ARGS_APPEND\n\n# Copy from build
-    context to skeleton resources project\nCOPY --chmod=644 * ./resources/\n\nRUN
-    /home/kogito/launch/build-app.sh ./resources\n  \n#=============================\n#
-    Runtime Run\n#=============================\nFROM registry.access.redhat.com/ubi9/openjdk-17:latest\n\nENV
-    LANG='en_US.UTF-8' LANGUAGE='en_US:en'\n  \n# We make four distinct layers so
-    if there are application changes the library layers can be re-used\nCOPY --from=builder
-    --chown=185 /home/kogito/serverless-workflow-project/target/quarkus-app/lib/ /deployments/lib/\nCOPY
-    --from=builder --chown=185 /home/kogito/serverless-workflow-project/target/quarkus-app/*.jar
+    CLI add extension command\nARG QUARKUS_ADD_EXTENSION_ARGS\n# Additional java/mvn
+    arguments to pass to the builder\nARG MAVEN_ARGS_APPEND\n\n# Copy from build context
+    to skeleton resources project\nCOPY --chown=1001 . ./resources\n\nRUN /home/kogito/launch/build-app.sh
+    ./resources\n  \n#=============================\n# Runtime Run\n#=============================\nFROM
+    registry.access.redhat.com/ubi8/openjdk-17-runtime:latest\n\nENV LANG='en_US.UTF-8'
+    LANGUAGE='en_US:en'\n  \n# We make four distinct layers so if there are application
+    changes the library layers can be re-used\nCOPY --from=builder --chown=185 /home/kogito/serverless-workflow-project/target/quarkus-app/lib/
+    /deployments/lib/\nCOPY --from=builder --chown=185 /home/kogito/serverless-workflow-project/target/quarkus-app/*.jar
     /deployments/\nCOPY --from=builder --chown=185 /home/kogito/serverless-workflow-project/target/quarkus-app/app/
     /deployments/app/\nCOPY --from=builder --chown=185 /home/kogito/serverless-workflow-project/target/quarkus-app/quarkus/
     /deployments/quarkus/\n\nEXPOSE 8080\nUSER 185\nENV AB_JOLOKIA_OFF=\"\"\nENV JAVA_OPTS=\"-Dquarkus.http.host=0.0.0.0

bundle.prod/manifests/sonataflow.org_sonataflows.yaml

@@ -2102,6 +2102,65 @@ spec:
                 required:
                 - states
                 type: object
+              persistence:
+                description: Persistence defines the database persistence configuration
+                  for the workflow
+                maxProperties: 1
+                properties:
+                  postgresql:
+                    description: Connect configured services to a postgresql database.
+                    maxProperties: 2
+                    minProperties: 2
+                    properties:
+                      jdbcUrl:
+                        description: PostgreSql JDBC URL. Mutually exclusive to serviceRef.
+                          e.g. "jdbc:postgresql://host:port/database?currentSchema=data-index-service"
+                        type: string
+                      secretRef:
+                        description: Secret reference to the database user credentials
+                        properties:
+                          name:
+                            description: Name of the postgresql credentials secret.
+                            type: string
+                          passwordKey:
+                            description: Defaults to POSTGRESQL_PASSWORD
+                            type: string
+                          userKey:
+                            description: Defaults to POSTGRESQL_USER
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      serviceRef:
+                        description: Service reference to postgresql datasource. Mutually
+                          exclusive to jdbcUrl.
+                        properties:
+                          databaseName:
+                            description: Name of postgresql database to be used. Defaults
+                              to "sonataflow"
+                            type: string
+                          databaseSchema:
+                            description: Schema of postgresql database to be used.
+                              Defaults to "data-index-service"
+                            type: string
+                          name:
+                            description: Name of the postgresql k8s service.
+                            type: string
+                          namespace:
+                            description: Namespace of the postgresql k8s service.
+                              Defaults to the SonataFlowPlatform's local namespace.
+                            type: string
+                          port:
+                            description: Port to use when connecting to the postgresql
+                              k8s service. Defaults to 5432.
+                            type: integer
+                        required:
+                        - name
+                        type: object
+                    required:
+                    - secretRef
+                    type: object
+                type: object
               podTemplate:
                 description: PodTemplate describes the deployment details of this
                   SonataFlow instance.
@@ -2986,9 +3045,9 @@ spec:
                       service account token should be automatically mounted.
                     type: boolean
                   container:
-                    description: Container is the Kubernetes container where the workflow
-                      application should run. One can change this attribute in order
-                      to override the defaults provided by the operator.
+                    description: Container is the Kubernetes container where the application
+                      should run. One can change this attribute in order to override
+                      the defaults provided by the operator.
                     properties:
                       args:
                         description: 'Arguments to the entrypoint. The container image''s
@@ -5567,6 +5626,13 @@ spec:
                       - name
                       type: object
                     type: array
+                  deploymentModel:
+                    description: Defines the kind of deployment model for this pod
+                      spec. In dev profile, only "kubernetes" is valid.
+                    enum:
+                    - kubernetes
+                    - knative
+                    type: string
                   dnsConfig:
                     description: Specifies the DNS parameters of a pod. Parameters
                       specified here will be merged to the generated DNS configuration
@@ -7094,6 +7160,8 @@ spec:
                       type: object
                     type: array
                   replicas:
+                    description: Replicas define the number of pods to start by default
+                      for this deployment model. Ignored in "knative" deployment model.
                     format: int32
                     type: integer
                   resourceClaims:
@@ -9287,6 +9355,53 @@ spec:
                       type: object
                     type: array
                 type: object
+              sink:
+                description: Sink describes the sinkBinding details of this SonataFlow
+                  instance.
+                properties:
+                  CACerts:
+                    description: CACerts are Certification Authority (CA) certificates
+                      in PEM format according to https://www.rfc-editor.org/rfc/rfc7468.
+                      If set, these CAs are appended to the set of CAs provided by
+                      the Addressable target, if any.
+                    type: string
+                  ref:
+                    description: Ref points to an Addressable.
+                    properties:
+                      address:
+                        description: Address points to a specific Address Name.
+                        type: string
+                      apiVersion:
+                        description: API version of the referent.
+                        type: string
+                      group:
+                        description: 'Group of the API, without the version of the
+                          group. This can be used as an alternative to the APIVersion,
+                          and then resolved using ResolveGroup. Note: This API is
+                          EXPERIMENTAL and might break anytime. For more details:
+                          https://github.com/knative/eventing/issues/5086'
+                        type: string
+                      kind:
+                        description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      name:
+                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                        type: string
+                      namespace:
+                        description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+                          This is optional field, it gets defaulted to the object
+                          holding it if left out.'
+                        type: string
+                    required:
+                    - kind
+                    - name
+                    type: object
+                  uri:
+                    description: URI can be an absolute URL(non-empty scheme and non-empty
+                      host) pointing to the target or a relative URI. Relative URIs
+                      will be resolved using the base URI retrieved from Ref.
+                    type: string
+                type: object
             required:
             - flow
             type: object
@@ -9350,6 +9465,27 @@ spec:
                 description: keeps track of how many failure recovers a given workflow
                   had so far
                 type: integer
+              services:
+                description: Services displays which platform services are being used
+                  by this workflow
+                properties:
+                  dataIndexRef:
+                    description: DataIndexRef displays information on the cluster-wide
+                      Data Index service
+                    properties:
+                      url:
+                        description: Url displays the base url of the service
+                        type: string
+                    type: object
+                  jobServiceRef:
+                    description: JobServiceRef displays information on the cluster-wide
+                      Job Service
+                    properties:
+                      url:
+                        description: Url displays the base url of the service
+                        type: string
+                    type: object
+                type: object
             type: object
         type: object
     served: true

config/default/prod/controllers_config_patch.yaml

@@ -0,0 +1,18 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+      - name: manager
+        volumeMounts:
+        - name: controllers-config
+          mountPath: /config/controllers_cfg.yaml
+          subPath: controllers_cfg.yaml
+      volumes:
+      - name: controllers-config
+        configMap:
+          name: controllers-config

config/default/prod/kustomization.yaml

@@ -34,6 +34,9 @@ patchesStrategicMerge:
 # through a ComponentConfig type
 #- manager_config_patch.yaml
 
+# Mount the custom controllers config
+- controllers_config_patch.yaml
+
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
 #- manager_webhook_patch.yaml

config/manager/prod/sonataflow_builder_dockerfile.yaml → config/manager/prod/SonataFlow-Builder.containerfile

@@ -16,7 +16,7 @@ RUN /home/kogito/launch/build-app.sh ./resources
 #=============================
 # Runtime Run
 #=============================
-FROM registry.access.redhat.com/ubi9/openjdk-17:latest
+FROM registry.access.redhat.com/ubi8/openjdk-17-runtime:latest
 
 ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'
 

config/manager/prod/controllers_cfg.yaml

@@ -0,0 +1,40 @@
+# The default size of Kaniko PVC when using the internal operator builder manager
+defaultPvcKanikoSize: 1Gi
+# How much time (in seconds) to wait for a devmode workflow to start.
+# This information is used for the controller manager to create new devmode containers and setup the healthcheck probes.
+healthFailureThresholdDevMode: 50
+# Default image used internally by the Operator Managed Kaniko builder to create the warmup pods
+kanikoDefaultWarmerImageTag: gcr.io/kaniko-project/warmer:v1.9.0
+# Default image used internally by the Operator Managed Kaniko builder to create the executor pods
+kanikoExecutorImageTag: gcr.io/kaniko-project/executor:v1.9.0
+# The Jobs Service image to use, if empty the operator will use the default Apache Community one based on the current operator's version
+jobsServicePostgreSQLImageTag: "registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8:1.33.0"
+jobsServiceEphemeralImageTag: "registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8:1.33.0"
+# The Data Index image to use, if empty the operator will use the default Apache Community one based on the current operator's version
+dataIndexPostgreSQLImageTag: "registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8:1.33.0"
+dataIndexEphemeralTag: "registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8:1.33.0"
+# SonataFlow base builder image used in the internal Dockerfile to build workflow applications in preview profile
+# Order of precedence is:
+# 1. SonataFlowPlatform in the given namespace
+# 2. This configuration
+# 3. The FROM in the Dockerfile in the operator's namespace "sonataflow-operator-builder-config" configMap.
+# If 1 or 2, the FROM tag will be replaced by the tag se there.
+# If empty the operator will use the default Apache Community one based on the current operator's version.
+sonataFlowBaseBuilderImageTag: "registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8:1.33.0"
+# The image to use to deploy SonataFlow workflow images in devmode profile.
+# If empty the operator will use the default Apache Community one based on the current operator's version.
+sonataFlowDevModeImageTag: "registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8:1.33.0"
+# The default name of the builder configMap in the operator's namespace
+builderConfigMapName: "logic-operator-rhel8-builder-config"
+# Quarkus extensions required for workflows persistence. These extensions are used by the SonataFlow build system,
+# in cases where the workflow being built has configured postgresql persistence.
+postgreSQLPersistenceExtensions:
+  - groupId: com.redhat.quarkus.platform
+    artifactId: quarkus-jdbc-postgresql
+    version: 3.8.4.redhat-00002
+  - groupId: com.redhat.quarkus.platform
+    artifactId: quarkus-agroal
+    version: 3.8.4.redhat-00002
+  - groupId: org.kie
+    artifactId: kie-addons-quarkus-persistence-jdbc
+    version: 9.100.0.redhat-00004

config/manager/prod/kustomization.yaml

@@ -9,16 +9,18 @@ configMapGenerator:
   - controller_manager_config.yaml
   name: manager-config
 - files:
-  - Dockerfile=sonataflow_builder_dockerfile.yaml
+  - Dockerfile=SonataFlow-Builder.containerfile
   literals:
-  - DEFAULT_BUILDER_RESOURCE_NAME=Dockerfile
   - DEFAULT_WORKFLOW_EXTENSION=.sw.json
   name: builder-config
+- files:
+  - controllers_cfg.yaml
+  name: controllers-config
 
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
-- digest: sha256:cdc81719192f2dfdf8a1d366cda54347462acba3425f48a61b29631f191284fa
+- digest: sha256:123456789
   name: controller
   newName: registry.redhat.io/openshift-serverless-1/logic-rhel8-operator
 # Patching the manager deployment file to add an env var with the operator namespace in