chore: migrating addon-operator from olm to pko

Signed-off-by: Ankit152 <[email protected]>

Author: Ankit152

.tekton/addon-operator-pko-pull-request.yaml

@@ -0,0 +1,49 @@
+apiVersion: tekton.dev/v1
+kind: PipelineRun
+metadata:
+  annotations:
+    build.appstudio.openshift.io/repo: https://github.com/openshift/addon-operator?rev={{revision}}
+    build.appstudio.redhat.com/commit_sha: '{{revision}}'
+    build.appstudio.redhat.com/target_branch: '{{target_branch}}'
+    pipelinesascode.tekton.dev/cancel-in-progress: 'true'
+    pipelinesascode.tekton.dev/max-keep-runs: '3'
+    pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
+      == "main"
+  labels:
+    appstudio.openshift.io/application: addon-operator
+    appstudio.openshift.io/component: addon-operator-pko
+    pipelines.appstudio.openshift.io/type: build
+  name: addon-operator-pko-on-pull-request
+  namespace: addon-operator-tenant
+spec:
+  params:
+  - name: git-url
+    value: '{{source_url}}'
+  - name: revision
+    value: '{{revision}}'
+  - name: output-image
+    value: quay.io/redhat-user-workloads/addon-operator-tenant/openshift/addon-operator-pko:on-pr-{{revision}}
+  - name: dockerfile
+    value: build/Dockerfile.pko
+  - name: path-context
+    value: deploy_pko
+  - name: skip-preflight-cert-check
+    value: true
+  - name: image-expires-after
+    value: 3d
+  taskRunTemplate:
+    serviceAccountName: build-pipeline-addon-operator-pko
+  workspaces:
+  - name: git-auth
+    secret:
+      secretName: '{{ git_auth_secret }}'
+  pipelineRef:
+    resolver: git
+    params:
+    - name: url
+      value: https://github.com/openshift/boilerplate
+    - name: revision
+      value: master
+    - name: pathInRepo
+      value: pipelines/docker-build-oci-ta/pipeline.yaml
+status: {}

.tekton/addon-operator-pko-push.yaml

@@ -0,0 +1,47 @@
+apiVersion: tekton.dev/v1
+kind: PipelineRun
+metadata:
+  annotations:
+    build.appstudio.openshift.io/repo: https://github.com/openshift/addon-operator?rev={{revision}}
+    build.appstudio.redhat.com/commit_sha: '{{revision}}'
+    build.appstudio.redhat.com/target_branch: '{{target_branch}}'
+    pipelinesascode.tekton.dev/cancel-in-progress: 'false'
+    pipelinesascode.tekton.dev/max-keep-runs: '3'
+    pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch
+      == "main"
+  labels:
+    appstudio.openshift.io/application: addon-operator
+    appstudio.openshift.io/component: addon-operator-pko
+    pipelines.appstudio.openshift.io/type: build
+  name: addon-operator-pko-on-push
+  namespace: addon-operator-tenant
+spec:
+  params:
+  - name: git-url
+    value: '{{source_url}}'
+  - name: revision
+    value: '{{revision}}'
+  - name: output-image
+    value: quay.io/redhat-user-workloads/addon-operator-tenant/openshift/addon-operator-pko:{{revision}}
+  - name: dockerfile
+    value: build/Dockerfile.pko
+  - name: path-context
+    value: deploy_pko
+  - name: skip-preflight-cert-check
+    value: true
+  taskRunTemplate:
+    serviceAccountName: build-pipeline-addon-operator-pko
+  workspaces:
+  - name: git-auth
+    secret:
+      secretName: '{{ git_auth_secret }}'
+  pipelineRef:
+    resolver: git
+    params:
+    - name: url
+      value: https://github.com/openshift/boilerplate
+    - name: revision
+      value: master
+    - name: pathInRepo
+      value: pipelines/docker-build-oci-ta/pipeline.yaml
+status: {}

build/Dockerfile.pko

@@ -0,0 +1,13 @@
+FROM scratch
+
+LABEL com.redhat.component="openshift-addon-operator" \
+      io.k8s.description="addon-operator Operator for OpenShift Dedicated" \
+      description="addon-operator Operator for OpenShift Dedicated" \
+      distribution-scope="public" \
+      name="openshift/addon-operator" \
+      url="https://github.com/openshift/addon-operator" \
+      vendor="Red Hat, Inc." \
+      release="v0.0.0" \
+      version="v0.0.0"
+
+COPY * /package/

deploy_pko/Cleanup-OLM-Job.yaml

@@ -0,0 +1,97 @@
+---
+# This Job cleans up old OLM resources after migrating to PKO
+# IMPORTANT: Review and customize this template before deploying!
+# 
+# Things to customize:
+# 1. Adjust the namespace if needed
+# 2. Modify resource filters (CSV names, labels, etc.)
+# 3. Review RBAC permissions
+# 4. Update the cleanup logic for your specific operator
+#
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: olm-cleanup
+  namespace: openshift-addon-operator
+  annotations:
+    package-operator.run/phase: cleanup-rbac
+    package-operator.run/collision-protection: IfNoController
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: olm-cleanup
+  namespace: openshift-addon-operator
+  annotations:
+    package-operator.run/phase: cleanup-rbac
+    package-operator.run/collision-protection: IfNoController
+rules:
+  # CUSTOMIZE: Adjust permissions as needed for your cleanup tasks
+  - apiGroups:
+      - operators.coreos.com
+    resources:
+      - clusterserviceversions
+      - subscriptions
+    verbs:
+      - list
+      - get
+      - watch
+      - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: olm-cleanup
+  namespace: openshift-addon-operator
+  annotations:
+    package-operator.run/phase: cleanup-rbac
+    package-operator.run/collision-protection: IfNoController
+roleRef:
+  kind: Role
+  name: olm-cleanup
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: olm-cleanup
+    namespace: openshift-addon-operator
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: olm-cleanup
+  namespace: openshift-addon-operator
+  annotations:
+    package-operator.run/phase: cleanup-deploy
+    package-operator.run/collision-protection: IfNoController
+spec:
+  template:
+    metadata:
+      annotations:
+        openshift.io/required-scc: restricted-v2
+    spec:
+      serviceAccountName: olm-cleanup
+      priorityClassName: openshift-user-critical
+      restartPolicy: Never
+      containers:
+        - name: delete-csv
+          image: image-registry.openshift-image-registry.svc:5000/openshift/cli:latest
+          imagePullPolicy: Always
+          command:
+            - sh
+            - -c
+            - |
+              #!/bin/sh
+              set -euxo pipefail
+              # CUSTOMIZE: Update the label selector for your operator
+              # Example pattern: operators.coreos.com/OPERATOR_NAME.NAMESPACE
+              oc -n openshift-addon-operator delete csv -l "operators.coreos.com/addon-operator.openshift-addon-operator" || true
+              
+              # CUSTOMIZE: Add any additional cleanup logic here
+              # Examples:
+              # - Delete subscriptions
+              # - Delete operator groups
+              # - Clean up custom resources
+          resources:
+            requests:
+              cpu: 100m
+              memory: 100Mi

deploy_pko/ClusterRole-addon-operator-prom-token-role.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: addon-operator-prom-token-role
+  annotations:
+    package-operator.run/phase: rbac
+    package-operator.run/collision-protection: IfNoController
+rules:
+- nonResourceURLs:
+  - /metrics
+  verbs:
+  - get

deploy_pko/ClusterRole-addon-operator.yaml

@@ -0,0 +1,139 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: addon-operator
+  annotations:
+    package-operator.run/phase: rbac
+    package-operator.run/collision-protection: IfNoController
+rules:
+- apiGroups:
+  - addons.managed.openshift.io
+  resources:
+  - addons
+  - addons/status
+  - addons/finalizers
+  - addonoperators
+  - addonoperators/status
+  - addonoperators/finalizers
+  - addoninstances
+  - addoninstances/status
+  - addoninstances/finalizers
+  verbs:
+  - get
+  - list
+  - watch
+  - update
+  - patch
+- apiGroups:
+  - addons.managed.openshift.io
+  resources:
+  - addonoperators
+  - addonoperators/status
+  - addonoperators/finalizers
+  - addoninstances
+  - addoninstances/status
+  - addoninstances/finalizers
+  verbs:
+  - create
+- apiGroups:
+  - ''
+  resources:
+  - namespaces
+  - secrets
+  - pods
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ''
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - create
+  - update
+- apiGroups:
+  - operators.coreos.com
+  resources:
+  - operatorgroups
+  - catalogsources
+  - subscriptions
+  - installplans
+  verbs:
+  - create
+  - delete
+  - update
+  - watch
+  - get
+  - list
+  - patch
+- apiGroups:
+  - operators.coreos.com
+  resources:
+  - clusterserviceversions
+  - operators
+  verbs:
+  - watch
+  - get
+  - list
+- apiGroups:
+  - config.openshift.io
+  resources:
+  - clusterversions
+  verbs:
+  - watch
+  - get
+  - list
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - servicemonitors
+  verbs:
+  - create
+  - delete
+  - update
+  - watch
+  - get
+  - list
+  - patch
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - networkpolicies
+  verbs:
+  - create
+  - delete
+  - update
+  - watch
+  - get
+  - list
+  - patch
+- apiGroups:
+  - monitoring.rhobs
+  resources:
+  - monitoringstacks
+  verbs:
+  - create
+  - delete
+  - update
+  - watch
+  - get
+  - list
+  - patch
+- apiGroups:
+  - package-operator.run
+  resources:
+  - clusterobjecttemplates
+  verbs:
+  - create
+  - delete
+  - update
+  - watch
+  - get
+  - list
+  - patch

deploy_pko/ClusterRoleBinding-addon-operator-prom-token-role-binding.yaml

@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: addon-operator-prom-token-role-binding
+  annotations:
+    package-operator.run/phase: rbac
+    package-operator.run/collision-protection: IfNoController
+subjects:
+- kind: ServiceAccount
+  name: addon-operator-prom-token
+  namespace: openshift-addon-operator
+roleRef:
+  kind: ClusterRole
+  name: addon-operator-prom-token-role
+  apiGroup: rbac.authorization.k8s.io

deploy_pko/ClusterRoleBinding-addon-operator.yaml

@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: addon-operator
+  annotations:
+    package-operator.run/phase: rbac
+    package-operator.run/collision-protection: IfNoController
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: addon-operator
+subjects:
+- kind: ServiceAccount
+  name: addon-operator
+  namespace: openshift-addon-operator