k8s-operatorhub
diff --git a/‎operators/ack-networkfirewall-controller/1.0.6/bundle.Dockerfile
Lines changed: 21 additions & 0 deletions b/‎operators/ack-networkfirewall-controller/1.0.6/bundle.Dockerfile
Lines changed: 21 additions & 0 deletions
diff --git a/‎operators/ack-networkfirewall-controller/1.0.6/manifests/ack-networkfirewall-controller.clusterserviceversion.yaml
Lines changed: 298 additions & 0 deletions b/‎operators/ack-networkfirewall-controller/1.0.6/manifests/ack-networkfirewall-controller.clusterserviceversion.yaml
Lines changed: 298 additions & 0 deletions
diff --git a/‎operators/ack-networkfirewall-controller/1.0.6/manifests/ack-networkfirewall-metrics-service_v1_service.yaml
Lines changed: 16 additions & 0 deletions b/‎operators/ack-networkfirewall-controller/1.0.6/manifests/ack-networkfirewall-metrics-service_v1_service.yaml
Lines changed: 16 additions & 0 deletions
diff --git a/‎operators/ack-networkfirewall-controller/1.0.6/manifests/ack-networkfirewall-reader_rbac.authorization.k8s.io_v1_role.yaml
Lines changed: 16 additions & 0 deletions b/‎operators/ack-networkfirewall-controller/1.0.6/manifests/ack-networkfirewall-reader_rbac.authorization.k8s.io_v1_role.yaml
Lines changed: 16 additions & 0 deletions
diff --git a/‎operators/ack-networkfirewall-controller/1.0.6/manifests/ack-networkfirewall-writer_rbac.authorization.k8s.io_v1_role.yaml
Lines changed: 30 additions & 0 deletions b/‎operators/ack-networkfirewall-controller/1.0.6/manifests/ack-networkfirewall-writer_rbac.authorization.k8s.io_v1_role.yaml
Lines changed: 30 additions & 0 deletions
@@ -0,0 +1,21 @@
+FROM scratch
+
+# Core bundle labels.
+LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1
+LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
+LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
+LABEL operators.operatorframework.io.bundle.package.v1=ack-networkfirewall-controller
+LABEL operators.operatorframework.io.bundle.channels.v1=alpha
+LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha
+LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.28.0
+LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
+LABEL operators.operatorframework.io.metrics.project_layout=unknown
+
+# Labels for testing.
+LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1
+LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/
+
+# Copy files to locations specified by labels.
+COPY bundle/manifests /manifests/
+COPY bundle/metadata /metadata/
+COPY bundle/tests/scorecard /tests/scorecard/
@@ -0,0 +1,298 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: ClusterServiceVersion
+metadata:
+  annotations:
+    alm-examples: |-
+      [
+        {
+          "apiVersion": "networkfirewall.services.k8s.aws/v1alpha1",
+          "kind": "Firewall",
+          "metadata": {
+            "name": "example"
+          },
+          "spec": {}
+        },
+        {
+          "apiVersion": "networkfirewall.services.k8s.aws/v1alpha1",
+          "kind": "FirewallPolicy",
+          "metadata": {
+            "name": "example"
+          },
+          "spec": {}
+        },
+        {
+          "apiVersion": "networkfirewall.services.k8s.aws/v1alpha1",
+          "kind": "RuleGroup",
+          "metadata": {
+            "name": "example"
+          },
+          "spec": {}
+        }
+      ]
+    capabilities: Basic Install
+    categories: Cloud Provider
+    certified: "false"
+    containerImage: public.ecr.aws/aws-controllers-k8s/networkfirewall-controller:1.0.6
+    createdAt: "2025-03-28T07:03:04Z"
+    description: AWS Network Firewall controller is a service controller for managing
+      Network Firewall resources in Kubernetes
+    operatorframework.io/suggested-namespace: ack-system
+    operators.operatorframework.io/builder: operator-sdk-v1.28.0
+    operators.operatorframework.io/project_layout: unknown
+    repository: https://github.com/aws-controllers-k8s
+    support: Community
+  labels:
+    operatorframework.io/arch.amd64: supported
+    operatorframework.io/arch.arm64: supported
+    operatorframework.io/os.linux: supported
+  name: ack-networkfirewall-controller.v1.0.6
+  namespace: placeholder
+spec:
+  apiservicedefinitions: {}
+  customresourcedefinitions:
+    owned:
+    - description: FirewallPolicy represents the state of an AWS networkfirewall FirewallPolicy
+        resource.
+      displayName: FirewallPolicy
+      kind: FirewallPolicy
+      name: firewallpolicies.networkfirewall.services.k8s.aws
+      version: v1alpha1
+    - description: Firewall represents the state of an AWS networkfirewall Firewall
+        resource.
+      displayName: Firewall
+      kind: Firewall
+      name: firewalls.networkfirewall.services.k8s.aws
+      version: v1alpha1
+    - description: RuleGroup represents the state of an AWS networkfirewall RuleGroup
+        resource.
+      displayName: RuleGroup
+      kind: RuleGroup
+      name: rulegroups.networkfirewall.services.k8s.aws
+      version: v1alpha1
+  description: |-
+    Manage Amazon Network Firewall resources in AWS from within your Kubernetes cluster.
+
+    **About Amazon Network Firewall**
+
+    AWS Network Firewall is a stateful, managed, network firewall and intrusion detection and prevention service for your virtual private cloud (VPC) that you create in Amazon Virtual Private Cloud (Amazon VPC).
+    With Network Firewall, you can filter traffic at the perimeter of your VPC. This includes filtering traffic going to and coming from an internet gateway, NAT gateway, or over VPN or AWS Direct Connect. Network Firewall uses the open source intrusion prevention system (IPS), Suricata, for stateful inspection. Network Firewall supports Suricata compatible rules. For more information, see [Working with stateful rule groups in AWS Network Firewall](https://docs.aws.amazon.com/network-firewall/latest/developerguide/stateful-rule-groups-ips.html).
+
+    **About the AWS Controllers for Kubernetes**
+
+    This controller is a component of the [AWS Controller for Kubernetes](https://github.com/aws/aws-controllers-k8s) project. This project is currently in **developer preview**.
+
+    **Pre-Installation Steps**
+
+    Please follow the following link: [Red Hat OpenShift](https://aws-controllers-k8s.github.io/community/docs/user-docs/openshift/)
+  displayName: AWS Controllers for Kubernetes - Amazon Network Firewall
+  icon:
+  - base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDE5LjAuMSwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IiB2aWV3Qm94PSIwIDAgMzA0IDE4MiIgc3R5bGU9ImVuYWJsZS1iYWNrZ3JvdW5kOm5ldyAwIDAgMzA0IDE4MjsiIHhtbDpzcGFjZT0icHJlc2VydmUiPgo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgoJLnN0MHtmaWxsOiMyNTJGM0U7fQoJLnN0MXtmaWxsLXJ1bGU6ZXZlbm9kZDtjbGlwLXJ1bGU6ZXZlbm9kZDtmaWxsOiNGRjk5MDA7fQo8L3N0eWxlPgo8Zz4KCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04Ni40LDY2LjRjMCwzLjcsMC40LDYuNywxLjEsOC45YzAuOCwyLjIsMS44LDQuNiwzLjIsNy4yYzAuNSwwLjgsMC43LDEuNiwwLjcsMi4zYzAsMS0wLjYsMi0xLjksM2wtNi4zLDQuMiAgIGMtMC45LDAuNi0xLjgsMC45LTIuNiwwLjljLTEsMC0yLTAuNS0zLTEuNEM3Ni4yLDkwLDc1LDg4LjQsNzQsODYuOGMtMS0xLjctMi0zLjYtMy4xLTUuOWMtNy44LDkuMi0xNy42LDEzLjgtMjkuNCwxMy44ICAgYy04LjQsMC0xNS4xLTIuNC0yMC03LjJjLTQuOS00LjgtNy40LTExLjItNy40LTE5LjJjMC04LjUsMy0xNS40LDkuMS0yMC42YzYuMS01LjIsMTQuMi03LjgsMjQuNS03LjhjMy40LDAsNi45LDAuMywxMC42LDAuOCAgIGMzLjcsMC41LDcuNSwxLjMsMTEuNSwyLjJ2LTcuM2MwLTcuNi0xLjYtMTIuOS00LjctMTZjLTMuMi0zLjEtOC42LTQuNi0xNi4zLTQuNmMtMy41LDAtNy4xLDAuNC0xMC44LDEuM2MtMy43LDAuOS03LjMsMi0xMC44LDMuNCAgIGMtMS42LDAuNy0yLjgsMS4xLTMuNSwxLjNjLTAuNywwLjItMS4yLDAuMy0xLjYsMC4zYy0xLjQsMC0yLjEtMS0yLjEtMy4xdi00LjljMC0xLjYsMC4yLTIuOCwwLjctMy41YzAuNS0wLjcsMS40LTEuNCwyLjgtMi4xICAgYzMuNS0xLjgsNy43LTMuMywxMi42LTQuNWM0LjktMS4zLDEwLjEtMS45LDE1LjYtMS45YzExLjksMCwyMC42LDIuNywyNi4yLDguMWM1LjUsNS40LDguMywxMy42LDguMywyNC42VjY2LjR6IE00NS44LDgxLjYgICBjMy4zLDAsNi43LTAuNiwxMC4zLTEuOGMzLjYtMS4yLDYuOC0zLjQsOS41LTYuNGMxLjYtMS45LDIuOC00LDMuNC02LjRjMC42LTIuNCwxLTUuMywxLTguN3YtNC4yYy0yLjktMC43LTYtMS4zLTkuMi0xLjcgICBjLTMuMi0wLjQtNi4zLTAuNi05LjQtMC42Yy02LjcsMC0xMS42LDEuMy0xNC45LDRjLTMuMywyLjctNC45LDYuNS00LjksMTEuNWMwLDQuNywxLjIsOC4yLDMuNywxMC42ICAgQzM3LjcsODAuNCw0MS4yLDgxLjYsNDUuOCw4MS42eiBNMTI2LjEsOTIuNGMtMS44LDAtMy0wLjMtMy44LTFjLTAuOC0wLjYtMS41LTItMi4xLTMuOUw5Ni43LDEwLjJjLTAuNi0yLTAuOS0zLjMtMC45LTQgICBjMC0xLjYsMC44LTIuNSwyLjQtMi41aDkuOGMxLjksMCwzLjIsMC4zLDMuOSwxYzAuOCwwLjYsMS40LDIsMiwzLjlsMTYuOCw2Ni4ybDE1LjYtNjYuMmMwLjUtMiwxLjEtMy4zLDEuOS0zLjljMC44LTAuNiwyLjItMSw0LTEgICBoOGMxLjksMCwzLjIsMC4zLDQsMWMwLjgsMC42LDEuNSwyLDEuOSwzLjlsMTUuOCw2N2wxNy4zLTY3YzAuNi0yLDEuMy0zLjMsMi0zLjljMC44LTAuNiwyLjEtMSwzLjktMWg5LjNjMS42LDAsMi41LDAuOCwyLjUsMi41ICAgYzAsMC41LTAuMSwxLTAuMiwxLjZjLTAuMSwwLjYtMC4zLDEuNC0wLjcsMi41bC0yNC4xLDc3LjNjLTAuNiwyLTEuMywzLjMtMi4xLDMuOWMtMC44LDAuNi0yLjEsMS0zLjgsMWgtOC42Yy0xLjksMC0zLjItMC4zLTQtMSAgIGMtMC44LTAuNy0xLjUtMi0xLjktNEwxNTYsMjNsLTE1LjQsNjQuNGMtMC41LDItMS4xLDMuMy0xLjksNGMtMC44LDAuNy0yLjIsMS00LDFIMTI2LjF6IE0yNTQuNiw5NS4xYy01LjIsMC0xMC40LTAuNi0xNS40LTEuOCAgIGMtNS0xLjItOC45LTIuNS0xMS41LTRjLTEuNi0wLjktMi43LTEuOS0zLjEtMi44Yy0wLjQtMC45LTAuNi0xLjktMC42LTIuOHYtNS4xYzAtMi4xLDAuOC0zLjEsMi4zLTMuMWMwLjYsMCwxLjIsMC4xLDEuOCwwLjMgICBjMC42LDAuMiwxLjUsMC42LDIuNSwxYzMuNCwxLjUsNy4xLDIuNywxMSwzLjVjNCwwLjgsNy45LDEuMiwxMS45LDEuMmM2LjMsMCwxMS4yLTEuMSwxNC42LTMuM2MzLjQtMi4yLDUuMi01LjQsNS4yLTkuNSAgIGMwLTIuOC0wLjktNS4xLTIuNy03Yy0xLjgtMS45LTUuMi0zLjYtMTAuMS01LjJMMjQ2LDUyYy03LjMtMi4zLTEyLjctNS43LTE2LTEwLjJjLTMuMy00LjQtNS05LjMtNS0xNC41YzAtNC4yLDAuOS03LjksMi43LTExLjEgICBjMS44LTMuMiw0LjItNiw3LjItOC4yYzMtMi4zLDYuNC00LDEwLjQtNS4yYzQtMS4yLDguMi0xLjcsMTIuNi0xLjdjMi4yLDAsNC41LDAuMSw2LjcsMC40YzIuMywwLjMsNC40LDAuNyw2LjUsMS4xICAgYzIsMC41LDMuOSwxLDUuNywxLjZjMS44LDAuNiwzLjIsMS4yLDQuMiwxLjhjMS40LDAuOCwyLjQsMS42LDMsMi41YzAuNiwwLjgsMC45LDEuOSwwLjksMy4zdjQuN2MwLDIuMS0wLjgsMy4yLTIuMywzLjIgICBjLTAuOCwwLTIuMS0wLjQtMy44LTEuMmMtNS43LTIuNi0xMi4xLTMuOS0xOS4yLTMuOWMtNS43LDAtMTAuMiwwLjktMTMuMywyLjhjLTMuMSwxLjktNC43LDQuOC00LjcsOC45YzAsMi44LDEsNS4yLDMsNy4xICAgYzIsMS45LDUuNywzLjgsMTEsNS41bDE0LjIsNC41YzcuMiwyLjMsMTIuNCw1LjUsMTUuNSw5LjZjMy4xLDQuMSw0LjYsOC44LDQuNiwxNGMwLDQuMy0wLjksOC4yLTIuNiwxMS42ICAgYy0xLjgsMy40LTQuMiw2LjQtNy4zLDguOGMtMy4xLDIuNS02LjgsNC4zLTExLjEsNS42QzI2NC40LDk0LjQsMjU5LjcsOTUuMSwyNTQuNiw5NS4xeiIvPgoJPGc+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI3My41LDE0My43Yy0zMi45LDI0LjMtODAuNywzNy4yLTEyMS44LDM3LjJjLTU3LjYsMC0xMDkuNS0yMS4zLTE0OC43LTU2LjdjLTMuMS0yLjgtMC4zLTYuNiwzLjQtNC40ICAgIGM0Mi40LDI0LjYsOTQuNywzOS41LDE0OC44LDM5LjVjMzYuNSwwLDc2LjYtNy42LDExMy41LTIzLjJDMjc0LjIsMTMzLjYsMjc4LjksMTM5LjcsMjczLjUsMTQzLjd6Ii8+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI4Ny4yLDEyOC4xYy00LjItNS40LTI3LjgtMi42LTM4LjUtMS4zYy0zLjIsMC40LTMuNy0yLjQtMC44LTQuNWMxOC44LTEzLjIsNDkuNy05LjQsNTMuMy01ICAgIGMzLjYsNC41LTEsMzUuNC0xOC42LDUwLjJjLTIuNywyLjMtNS4zLDEuMS00LjEtMS45QzI4Mi41LDE1NS43LDI5MS40LDEzMy40LDI4Ny4yLDEyOC4xeiIvPgoJPC9nPgo8L2c+Cjwvc3ZnPg==
+    mediatype: image/svg+xml
+  install:
+    spec:
+      clusterPermissions:
+      - rules:
+        - apiGroups:
+          - ""
+          resources:
+          - configmaps
+          - secrets
+          verbs:
+          - get
+          - list
+          - patch
+          - watch
+        - apiGroups:
+          - ""
+          resources:
+          - namespaces
+          verbs:
+          - get
+          - list
+          - watch
+        - apiGroups:
+          - networkfirewall.services.k8s.aws
+          resources:
+          - firewallpolicies
+          - firewalls
+          - rulegroups
+          verbs:
+          - create
+          - delete
+          - get
+          - list
+          - patch
+          - update
+          - watch
+        - apiGroups:
+          - networkfirewall.services.k8s.aws
+          resources:
+          - firewallpolicies/status
+          - firewalls/status
+          - rulegroups/status
+          verbs:
+          - get
+          - patch
+          - update
+        - apiGroups:
+          - services.k8s.aws
+          resources:
+          - adoptedresources
+          - fieldexports
+          verbs:
+          - create
+          - delete
+          - get
+          - list
+          - patch
+          - update
+          - watch
+        - apiGroups:
+          - services.k8s.aws
+          resources:
+          - adoptedresources/status
+          - fieldexports/status
+          verbs:
+          - get
+          - patch
+          - update
+        serviceAccountName: ack-networkfirewall-controller
+      deployments:
+      - label:
+          app.kubernetes.io/name: ack-networkfirewall-controller
+          app.kubernetes.io/part-of: ack-system
+        name: ack-networkfirewall-controller
+        spec:
+          replicas: 1
+          selector:
+            matchLabels:
+              app.kubernetes.io/name: ack-networkfirewall-controller
+          strategy: {}
+          template:
+            metadata:
+              labels:
+                app.kubernetes.io/name: ack-networkfirewall-controller
+            spec:
+              containers:
+              - args:
+                - --aws-region
+                - $(AWS_REGION)
+                - --aws-endpoint-url
+                - $(AWS_ENDPOINT_URL)
+                - --enable-development-logging=$(ACK_ENABLE_DEVELOPMENT_LOGGING)
+                - --log-level
+                - $(ACK_LOG_LEVEL)
+                - --resource-tags
+                - $(ACK_RESOURCE_TAGS)
+                - --watch-namespace
+                - $(ACK_WATCH_NAMESPACE)
+                - --enable-leader-election=$(ENABLE_LEADER_ELECTION)
+                - --leader-election-namespace
+                - $(LEADER_ELECTION_NAMESPACE)
+                - --reconcile-default-max-concurrent-syncs
+                - $(RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS)
+                - --feature-gates
+                - $(FEATURE_GATES)
+                command:
+                - ./bin/controller
+                env:
+                - name: ACK_SYSTEM_NAMESPACE
+                  valueFrom:
+                    fieldRef:
+                      fieldPath: metadata.namespace
+                envFrom:
+                - configMapRef:
+                    name: ack-networkfirewall-user-config
+                    optional: false
+                - secretRef:
+                    name: ack-networkfirewall-user-secrets
+                    optional: true
+                image: public.ecr.aws/aws-controllers-k8s/networkfirewall-controller:1.0.6
+                livenessProbe:
+                  httpGet:
+                    path: /healthz
+                    port: 8081
+                  initialDelaySeconds: 15
+                  periodSeconds: 20
+                name: controller
+                ports:
+                - containerPort: 8080
+                  name: http
+                readinessProbe:
+                  httpGet:
+                    path: /readyz
+                    port: 8081
+                  initialDelaySeconds: 5
+                  periodSeconds: 10
+                resources:
+                  limits:
+                    cpu: 100m
+                    memory: 300Mi
+                  requests:
+                    cpu: 100m
+                    memory: 200Mi
+                securityContext:
+                  allowPrivilegeEscalation: false
+                  capabilities:
+                    drop:
+                    - ALL
+                  privileged: false
+                  runAsNonRoot: true
+              dnsPolicy: ClusterFirst
+              securityContext:
+                seccompProfile:
+                  type: RuntimeDefault
+              serviceAccountName: ack-networkfirewall-controller
+              terminationGracePeriodSeconds: 10
+      permissions:
+      - rules:
+        - apiGroups:
+          - coordination.k8s.io
+          resources:
+          - leases
+          verbs:
+          - get
+          - list
+          - watch
+          - create
+          - update
+          - patch
+          - delete
+        - apiGroups:
+          - ""
+          resources:
+          - events
+          verbs:
+          - create
+          - patch
+        serviceAccountName: ack-networkfirewall-controller
+    strategy: deployment
+  installModes:
+  - supported: true
+    type: OwnNamespace
+  - supported: true
+    type: SingleNamespace
+  - supported: true
+    type: MultiNamespace
+  - supported: true
+    type: AllNamespaces
+  keywords:
+  - networkfirewall
+  - aws
+  - amazon
+  - ack
+  links:
+  - name: AWS Controllers for Kubernetes
+    url: https://github.com/aws-controllers-k8s/community
+  - name: Documentation
+    url: https://aws-controllers-k8s.github.io/community/
+  - name: Amazon Network Firewall Developer Resources
+    url: https://aws.amazon.com/network-firewall/resources/
+  maintainers:
+  - email: [email protected]
+    name: network firewall maintainer team
+  maturity: alpha
+  provider:
+    name: Amazon, Inc.
+    url: https://aws.amazon.com
+  version: 1.0.6
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  creationTimestamp: null
+  name: ack-networkfirewall-metrics-service
+spec:
+  ports:
+  - name: metricsport
+    port: 8080
+    protocol: TCP
+    targetPort: http
+  selector:
+    app.kubernetes.io/name: ack-networkfirewall-controller
+  type: NodePort
+status:
+  loadBalancer: {}
@@ -0,0 +1,16 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  creationTimestamp: null
+  name: ack-networkfirewall-reader
+rules:
+- apiGroups:
+  - networkfirewall.services.k8s.aws
+  resources:
+  - firewalls
+  - firewallpolicies
+  - rulegroups
+  verbs:
+  - get
+  - list
+  - watch
@@ -0,0 +1,30 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  creationTimestamp: null
+  name: ack-networkfirewall-writer
+rules:
+- apiGroups:
+  - networkfirewall.services.k8s.aws
+  resources:
+  - firewalls
+  - firewallpolicies
+  - rulegroups
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - networkfirewall.services.k8s.aws
+  resources:
+  - firewalls
+  - firewallpolicies
+  - rulegroups
+  verbs:
+  - get
+  - patch
+  - update