diff --git a/cmd/manager/main.go b/cmd/manager/main.go index 205461259..246cfd165 100644 --- a/cmd/manager/main.go +++ b/cmd/manager/main.go @@ -23,13 +23,17 @@ import ( "net/http" "os" "path/filepath" + "strings" "time" "github.com/spf13/pflag" "go.uber.org/zap/zapcore" + corev1 "k8s.io/api/core/v1" apiextensionsv1client "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/fields" k8slabels "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/selection" + k8stypes "k8s.io/apimachinery/pkg/types" corev1client "k8s.io/client-go/kubernetes/typed/core/v1" _ "k8s.io/client-go/plugin/pkg/client/auth" ctrl "sigs.k8s.io/controller-runtime" @@ -52,7 +56,6 @@ import ( "github.com/operator-framework/operator-controller/internal/contentmanager" "github.com/operator-framework/operator-controller/internal/controllers" "github.com/operator-framework/operator-controller/internal/httputil" - "github.com/operator-framework/operator-controller/internal/labels" "github.com/operator-framework/operator-controller/internal/resolve" "github.com/operator-framework/operator-controller/internal/rukpak/preflights/crdupgradesafety" "github.com/operator-framework/operator-controller/internal/rukpak/source" @@ -87,6 +90,7 @@ func main() { operatorControllerVersion bool systemNamespace string caCertDir string + globalPullSecret string ) flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") @@ -97,6 +101,7 @@ func main() { flag.StringVar(&cachePath, "cache-path", "/var/cache", "The local directory path used for filesystem based caching") flag.BoolVar(&operatorControllerVersion, "version", false, "Prints operator-controller version information") flag.StringVar(&systemNamespace, "system-namespace", "", "Configures the namespace that gets used to deploy system resources.") + flag.StringVar(&globalPullSecret, "global-pull-secret", "", "The / of the global pull secret that is going to be used to pull bundle images.") opts := zap.Options{ Development: true, TimeEncoder: zapcore.RFC3339NanoTimeEncoder, @@ -115,16 +120,42 @@ func main() { ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts), zap.StacktraceLevel(zapcore.DPanicLevel))) setupLog.Info("starting up the controller", "version info", version.String()) + var globalPullSecretKey *k8stypes.NamespacedName + if globalPullSecret != "" { + secretParts := strings.Split(globalPullSecret, "/") + if len(secretParts) != 2 { + setupLog.Error(fmt.Errorf("incorrect number of components"), "value of global-pull-secret should be of the format /") + os.Exit(1) + } + globalPullSecretKey = &k8stypes.NamespacedName{Name: secretParts[1], Namespace: secretParts[0]} + } + if systemNamespace == "" { systemNamespace = podNamespace() } - dependentRequirement, err := k8slabels.NewRequirement(labels.OwnerKindKey, selection.In, []string{ocv1alpha1.ClusterExtensionKind}) - if err != nil { - setupLog.Error(err, "unable to create dependent label selector for cache") - os.Exit(1) + cacheOptions := crcache.Options{ + ByObject: map[client.Object]crcache.ByObject{ + &ocv1alpha1.ClusterExtension{}: {Label: k8slabels.Everything()}, + &catalogd.ClusterCatalog{}: {Label: k8slabels.Everything()}, + }, + DefaultNamespaces: map[string]crcache.Config{ + systemNamespace: {LabelSelector: k8slabels.Everything()}, + }, + DefaultLabelSelector: k8slabels.Nothing(), + } + if globalPullSecretKey != nil { + cacheOptions.ByObject[&corev1.Secret{}] = crcache.ByObject{ + Namespaces: map[string]crcache.Config{ + globalPullSecretKey.Namespace: { + LabelSelector: k8slabels.Everything(), + FieldSelector: fields.SelectorFromSet(map[string]string{ + "metadata.name": globalPullSecretKey.Name, + }), + }, + }, + } } - dependentSelector := k8slabels.NewSelector().Add(*dependentRequirement) setupLog.Info("set up manager") mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ @@ -133,16 +164,7 @@ func main() { HealthProbeBindAddress: probeAddr, LeaderElection: enableLeaderElection, LeaderElectionID: "9c4404e7.operatorframework.io", - Cache: crcache.Options{ - ByObject: map[client.Object]crcache.ByObject{ - &ocv1alpha1.ClusterExtension{}: {Label: k8slabels.Everything()}, - &catalogd.ClusterCatalog{}: {Label: k8slabels.Everything()}, - }, - DefaultNamespaces: map[string]crcache.Config{ - systemNamespace: {LabelSelector: k8slabels.Everything()}, - }, - DefaultLabelSelector: dependentSelector, - }, + Cache: cacheOptions, // LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily // when the Manager ends. This requires the binary to immediately end when the // Manager is stopped, otherwise, this setting is unsafe. Setting this significantly @@ -200,6 +222,15 @@ func main() { AuthNamespace: systemNamespace, CertPoolWatcher: certPoolWatcher, } + if globalPullSecretKey != nil { + unpacker.PullSecretFetcher = func(ctx context.Context) ([]corev1.Secret, error) { + pullSecret, err := coreClient.Secrets(globalPullSecretKey.Namespace).Get(ctx, globalPullSecretKey.Name, metav1.GetOptions{}) + if err != nil { + return nil, err + } + return []corev1.Secret{*pullSecret}, err + } + } clusterExtensionFinalizers := crfinalizer.NewFinalizers() domain := ocv1alpha1.GroupVersion.Group diff --git a/internal/rukpak/source/image_registry.go b/internal/rukpak/source/image_registry.go index a6d6640d4..5c99d0059 100644 --- a/internal/rukpak/source/image_registry.go +++ b/internal/rukpak/source/image_registry.go @@ -17,6 +17,7 @@ import ( gcrkube "github.com/google/go-containerregistry/pkg/authn/kubernetes" "github.com/google/go-containerregistry/pkg/name" "github.com/google/go-containerregistry/pkg/v1/remote" + corev1 "k8s.io/api/core/v1" apimacherrors "k8s.io/apimachinery/pkg/util/errors" "sigs.k8s.io/controller-runtime/pkg/log" @@ -52,11 +53,14 @@ func NewUnrecoverable(err error) *Unrecoverable { // TODO: Make asynchronous type ImageRegistry struct { - BaseCachePath string - AuthNamespace string - CertPoolWatcher *httputil.CertPoolWatcher + BaseCachePath string + AuthNamespace string + CertPoolWatcher *httputil.CertPoolWatcher + PullSecretFetcher PullSecretFetcher } +type PullSecretFetcher func(ctx context.Context) ([]corev1.Secret, error) + func (i *ImageRegistry) Unpack(ctx context.Context, bundle *BundleSource) (*Result, error) { l := log.FromContext(ctx) if bundle.Type != SourceTypeImage { @@ -119,6 +123,20 @@ func (i *ImageRegistry) Unpack(ctx context.Context, bundle *BundleSource) (*Resu } } + if i.PullSecretFetcher != nil { + pullSecrets, err := i.PullSecretFetcher(ctx) + if err != nil { + l.V(1).Error(err, "failed to fetch global pullsecret, attempting unauthenticated image pull") + } else { + pullSecretAuth, err := gcrkube.NewFromPullSecrets(ctx, pullSecrets) + if err != nil { + l.V(1).Error(err, "failed to parse global pullsecret, attempting unauthenticated image pull") + } else { + remoteOpts = append(remoteOpts, remote.WithAuthFromKeychain(pullSecretAuth)) + } + } + } + // always fetch the hash imgDesc, err := remote.Head(imgRef, remoteOpts...) if err != nil { diff --git a/openshift/generate-manifests.sh b/openshift/generate-manifests.sh index ea2e40d4a..bf3b0b5da 100755 --- a/openshift/generate-manifests.sh +++ b/openshift/generate-manifests.sh @@ -20,6 +20,19 @@ IMAGE_MAPPINGS[kube-rbac-proxy]='${KUBE_RBAC_PROXY_IMAGE}' # shellcheck disable=SC2016 IMAGE_MAPPINGS[manager]='${OPERATOR_CONTROLLER_IMAGE}' +# This is a mapping of catalogd flag names to values. For example, given a deployment with a container +# named "manager" and arguments: +# args: +# - --flagname=one +# and an entry to the FLAG_MAPPINGS of FLAG_MAPPINGS[flagname]='two', the argument will be updated to: +# args: +# - --flagname=two +# +# If the flag doesn't already exist - it will be appended to the list. +declare -A FLAG_MAPPINGS +# shellcheck disable=SC2016 +FLAG_MAPPINGS[global-pull-secret]="openshift-config/pull-secret" + ################################################## # You shouldn't need to change anything below here ################################################## @@ -36,11 +49,12 @@ TMP_ROOT="$(mktemp -p . -d 2>/dev/null || mktemp -d ./tmpdir.XXXXXXX)" trap 'rm -rf $TMP_ROOT' EXIT # Copy all kustomize files into a temp dir -TMP_CONFIG="${TMP_ROOT}/config" -cp -a "${REPO_ROOT}/config" "$TMP_CONFIG" +cp -a "${REPO_ROOT}/config" "${TMP_ROOT}/config" +mkdir -p "${TMP_ROOT}/openshift" +cp -a "${REPO_ROOT}/openshift/kustomize" "${TMP_ROOT}/openshift/kustomize" -# Override namespace to openshift-operator-controller -$YQ -i ".namespace = \"${NAMESPACE}\"" "${TMP_CONFIG}/base/kustomization.yaml" +# Override OPENSHIFT-NAMESPACE to ${NAMESPACE} +find "${TMP_ROOT}" -name "*.yaml" -exec sed -i "s/OPENSHIFT-NAMESPACE/${NAMESPACE}/g" {} \; # Create a temp dir for manifests TMP_MANIFEST_DIR="${TMP_ROOT}/manifests" @@ -48,7 +62,7 @@ mkdir -p "$TMP_MANIFEST_DIR" # Run kustomize, which emits a single yaml file TMP_KUSTOMIZE_OUTPUT="${TMP_MANIFEST_DIR}/temp.yaml" -$KUSTOMIZE build "${REPO_ROOT}"/openshift/kustomize/overlays/openshift -o "$TMP_KUSTOMIZE_OUTPUT" +$KUSTOMIZE build "${TMP_ROOT}/openshift/kustomize/overlays/openshift" -o "$TMP_KUSTOMIZE_OUTPUT" for container_name in "${!IMAGE_MAPPINGS[@]}"; do placeholder="${IMAGE_MAPPINGS[$container_name]}" @@ -59,6 +73,17 @@ for container_name in "${!IMAGE_MAPPINGS[@]}"; do $YQ -i 'select(.kind == "Namespace").metadata.annotations += {"workload.openshift.io/allowed": "management"}' "$TMP_KUSTOMIZE_OUTPUT" done +# Loop through any flag updates that need to be made to the manager container +for flag_name in "${!FLAG_MAPPINGS[@]}"; do + flagval="${FLAG_MAPPINGS[$flag_name]}" + + # First, update the flag if it exists + $YQ -i "(select(.kind == \"Deployment\") | .spec.template.spec.containers[] | select(.name == \"manager\") | .args[] | select(. | contains(\"--$flag_name=\")) | .) = \"--$flag_name=$flagval\"" "$TMP_KUSTOMIZE_OUTPUT" + + # Then, append the flag if it doesn't exist + $YQ -i "(select(.kind == \"Deployment\") | .spec.template.spec.containers[] | select(.name == \"manager\") | .args) |= (select(.[] | contains(\"--$flag_name=\")) | .) // . + [\"--$flag_name=$flagval\"]" "$TMP_KUSTOMIZE_OUTPUT" +done + # Use yq to split the single yaml file into 1 per document. # Naming convention: $index-$kind-$namespace-$name. If $namespace is empty, just use the empty string. ( diff --git a/openshift/kustomize/overlays/openshift/kustomization.yaml b/openshift/kustomize/overlays/openshift/kustomization.yaml index 1116e3b51..d263908b3 100644 --- a/openshift/kustomize/overlays/openshift/kustomization.yaml +++ b/openshift/kustomize/overlays/openshift/kustomization.yaml @@ -1,16 +1,5 @@ -# Adds namespace to all resources. -namespace: openshift-operator-controller - namePrefix: operator-controller- resources: - - resources/ca_configmap.yaml - - ../../../../config/base/crd - - ../../../../config/base/rbac - - ../../../../config/base/manager - -patches: - - target: - kind: Deployment - name: controller-manager - path: patches/manager_deployment_ca.yaml + - olmv1-ns + - openshift-config diff --git a/openshift/kustomize/overlays/openshift/olmv1-ns/kustomization.yaml b/openshift/kustomize/overlays/openshift/olmv1-ns/kustomization.yaml new file mode 100644 index 000000000..49b3a5d6a --- /dev/null +++ b/openshift/kustomize/overlays/openshift/olmv1-ns/kustomization.yaml @@ -0,0 +1,14 @@ +# Adds namespace to all resources. +namespace: OPENSHIFT-NAMESPACE + +resources: + - resources/ca_configmap.yaml + - ../../../../../config/base/crd + - ../../../../../config/base/rbac + - ../../../../../config/base/manager + +patches: + - target: + kind: Deployment + name: controller-manager + path: patches/manager_deployment_ca.yaml diff --git a/openshift/kustomize/overlays/openshift/patches/manager_deployment_ca.yaml b/openshift/kustomize/overlays/openshift/olmv1-ns/patches/manager_deployment_ca.yaml similarity index 100% rename from openshift/kustomize/overlays/openshift/patches/manager_deployment_ca.yaml rename to openshift/kustomize/overlays/openshift/olmv1-ns/patches/manager_deployment_ca.yaml diff --git a/openshift/kustomize/overlays/openshift/resources/ca_configmap.yaml b/openshift/kustomize/overlays/openshift/olmv1-ns/resources/ca_configmap.yaml similarity index 100% rename from openshift/kustomize/overlays/openshift/resources/ca_configmap.yaml rename to openshift/kustomize/overlays/openshift/olmv1-ns/resources/ca_configmap.yaml diff --git a/openshift/kustomize/overlays/openshift/openshift-config/kustomization.yaml b/openshift/kustomize/overlays/openshift/openshift-config/kustomization.yaml new file mode 100644 index 000000000..34440c434 --- /dev/null +++ b/openshift/kustomize/overlays/openshift/openshift-config/kustomization.yaml @@ -0,0 +1,6 @@ +# Adds namespace to all resources. +namespace: openshift-config + +resources: +- rbac/operator-controller_manager_role.yaml +- rbac/operator-controller_manager_role_binding.yaml diff --git a/openshift/kustomize/overlays/openshift/openshift-config/rbac/operator-controller_manager_role.yaml b/openshift/kustomize/overlays/openshift/openshift-config/rbac/operator-controller_manager_role.yaml new file mode 100644 index 000000000..0fcd8cf39 --- /dev/null +++ b/openshift/kustomize/overlays/openshift/openshift-config/rbac/operator-controller_manager_role.yaml @@ -0,0 +1,17 @@ +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/part-of: olm + app.kubernetes.io/name: catalogd + name: manager-role +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch diff --git a/openshift/kustomize/overlays/openshift/openshift-config/rbac/operator-controller_manager_role_binding.yaml b/openshift/kustomize/overlays/openshift/openshift-config/rbac/operator-controller_manager_role_binding.yaml new file mode 100644 index 000000000..74d61a43e --- /dev/null +++ b/openshift/kustomize/overlays/openshift/openshift-config/rbac/operator-controller_manager_role_binding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/part-of: olm + app.kubernetes.io/name: catalogd + name: manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: manager-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: OPENSHIFT-NAMESPACE diff --git a/openshift/manifests/03-role-openshift-config-operator-controller-manager-role.yml b/openshift/manifests/03-role-openshift-config-operator-controller-manager-role.yml new file mode 100644 index 000000000..d74a44986 --- /dev/null +++ b/openshift/manifests/03-role-openshift-config-operator-controller-manager-role.yml @@ -0,0 +1,18 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/name: catalogd + app.kubernetes.io/part-of: olm + name: operator-controller-manager-role + namespace: openshift-config +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch diff --git a/openshift/manifests/03-role-openshift-operator-controller-operator-controller-leader-election-role.yml b/openshift/manifests/04-role-openshift-operator-controller-operator-controller-leader-election-role.yml similarity index 100% rename from openshift/manifests/03-role-openshift-operator-controller-operator-controller-leader-election-role.yml rename to openshift/manifests/04-role-openshift-operator-controller-operator-controller-leader-election-role.yml diff --git a/openshift/manifests/04-role-openshift-operator-controller-operator-controller-manager-role.yml b/openshift/manifests/05-role-openshift-operator-controller-operator-controller-manager-role.yml similarity index 100% rename from openshift/manifests/04-role-openshift-operator-controller-operator-controller-manager-role.yml rename to openshift/manifests/05-role-openshift-operator-controller-operator-controller-manager-role.yml diff --git a/openshift/manifests/05-clusterrole-operator-controller-clusterextension-editor-role.yml b/openshift/manifests/06-clusterrole-operator-controller-clusterextension-editor-role.yml similarity index 100% rename from openshift/manifests/05-clusterrole-operator-controller-clusterextension-editor-role.yml rename to openshift/manifests/06-clusterrole-operator-controller-clusterextension-editor-role.yml diff --git a/openshift/manifests/06-clusterrole-operator-controller-clusterextension-viewer-role.yml b/openshift/manifests/07-clusterrole-operator-controller-clusterextension-viewer-role.yml similarity index 100% rename from openshift/manifests/06-clusterrole-operator-controller-clusterextension-viewer-role.yml rename to openshift/manifests/07-clusterrole-operator-controller-clusterextension-viewer-role.yml diff --git a/openshift/manifests/07-clusterrole-operator-controller-extension-editor-role.yml b/openshift/manifests/08-clusterrole-operator-controller-extension-editor-role.yml similarity index 100% rename from openshift/manifests/07-clusterrole-operator-controller-extension-editor-role.yml rename to openshift/manifests/08-clusterrole-operator-controller-extension-editor-role.yml diff --git a/openshift/manifests/08-clusterrole-operator-controller-extension-viewer-role.yml b/openshift/manifests/09-clusterrole-operator-controller-extension-viewer-role.yml similarity index 100% rename from openshift/manifests/08-clusterrole-operator-controller-extension-viewer-role.yml rename to openshift/manifests/09-clusterrole-operator-controller-extension-viewer-role.yml diff --git a/openshift/manifests/09-clusterrole-operator-controller-manager-role.yml b/openshift/manifests/10-clusterrole-operator-controller-manager-role.yml similarity index 100% rename from openshift/manifests/09-clusterrole-operator-controller-manager-role.yml rename to openshift/manifests/10-clusterrole-operator-controller-manager-role.yml diff --git a/openshift/manifests/10-clusterrole-operator-controller-metrics-reader.yml b/openshift/manifests/11-clusterrole-operator-controller-metrics-reader.yml similarity index 100% rename from openshift/manifests/10-clusterrole-operator-controller-metrics-reader.yml rename to openshift/manifests/11-clusterrole-operator-controller-metrics-reader.yml diff --git a/openshift/manifests/11-clusterrole-operator-controller-proxy-role.yml b/openshift/manifests/12-clusterrole-operator-controller-proxy-role.yml similarity index 100% rename from openshift/manifests/11-clusterrole-operator-controller-proxy-role.yml rename to openshift/manifests/12-clusterrole-operator-controller-proxy-role.yml diff --git a/openshift/manifests/13-rolebinding-openshift-config-operator-controller-manager-rolebinding.yml b/openshift/manifests/13-rolebinding-openshift-config-operator-controller-manager-rolebinding.yml new file mode 100644 index 000000000..5f5d6bd95 --- /dev/null +++ b/openshift/manifests/13-rolebinding-openshift-config-operator-controller-manager-rolebinding.yml @@ -0,0 +1,17 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: catalogd + app.kubernetes.io/part-of: olm + name: operator-controller-manager-rolebinding + namespace: openshift-config +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: operator-controller-manager-role +subjects: + - kind: ServiceAccount + name: operator-controller-controller-manager + namespace: openshift-operator-controller diff --git a/openshift/manifests/12-rolebinding-openshift-operator-controller-operator-controller-leader-election-rolebinding.yml b/openshift/manifests/14-rolebinding-openshift-operator-controller-operator-controller-leader-election-rolebinding.yml similarity index 100% rename from openshift/manifests/12-rolebinding-openshift-operator-controller-operator-controller-leader-election-rolebinding.yml rename to openshift/manifests/14-rolebinding-openshift-operator-controller-operator-controller-leader-election-rolebinding.yml diff --git a/openshift/manifests/13-rolebinding-openshift-operator-controller-operator-controller-manager-rolebinding.yml b/openshift/manifests/15-rolebinding-openshift-operator-controller-operator-controller-manager-rolebinding.yml similarity index 100% rename from openshift/manifests/13-rolebinding-openshift-operator-controller-operator-controller-manager-rolebinding.yml rename to openshift/manifests/15-rolebinding-openshift-operator-controller-operator-controller-manager-rolebinding.yml diff --git a/openshift/manifests/14-clusterrolebinding-operator-controller-manager-rolebinding.yml b/openshift/manifests/16-clusterrolebinding-operator-controller-manager-rolebinding.yml similarity index 100% rename from openshift/manifests/14-clusterrolebinding-operator-controller-manager-rolebinding.yml rename to openshift/manifests/16-clusterrolebinding-operator-controller-manager-rolebinding.yml diff --git a/openshift/manifests/15-clusterrolebinding-operator-controller-proxy-rolebinding.yml b/openshift/manifests/17-clusterrolebinding-operator-controller-proxy-rolebinding.yml similarity index 100% rename from openshift/manifests/15-clusterrolebinding-operator-controller-proxy-rolebinding.yml rename to openshift/manifests/17-clusterrolebinding-operator-controller-proxy-rolebinding.yml diff --git a/openshift/manifests/16-configmap-openshift-operator-controller-operator-controller-openshift-ca.yml b/openshift/manifests/18-configmap-openshift-operator-controller-operator-controller-openshift-ca.yml similarity index 100% rename from openshift/manifests/16-configmap-openshift-operator-controller-operator-controller-openshift-ca.yml rename to openshift/manifests/18-configmap-openshift-operator-controller-operator-controller-openshift-ca.yml diff --git a/openshift/manifests/17-service-openshift-operator-controller-operator-controller-controller-manager-metrics-service.yml b/openshift/manifests/19-service-openshift-operator-controller-operator-controller-controller-manager-metrics-service.yml similarity index 100% rename from openshift/manifests/17-service-openshift-operator-controller-operator-controller-controller-manager-metrics-service.yml rename to openshift/manifests/19-service-openshift-operator-controller-operator-controller-controller-manager-metrics-service.yml diff --git a/openshift/manifests/18-deployment-openshift-operator-controller-operator-controller-controller-manager.yml b/openshift/manifests/20-deployment-openshift-operator-controller-operator-controller-controller-manager.yml similarity index 98% rename from openshift/manifests/18-deployment-openshift-operator-controller-operator-controller-controller-manager.yml rename to openshift/manifests/20-deployment-openshift-operator-controller-operator-controller-controller-manager.yml index f55013f16..64a79afd2 100644 --- a/openshift/manifests/18-deployment-openshift-operator-controller-operator-controller-controller-manager.yml +++ b/openshift/manifests/20-deployment-openshift-operator-controller-operator-controller-controller-manager.yml @@ -44,6 +44,7 @@ spec: - --metrics-bind-address=127.0.0.1:8080 - --leader-elect - --ca-certs-dir=/var/certs + - --global-pull-secret=openshift-config/pull-secret command: - /manager image: ${OPERATOR_CONTROLLER_IMAGE}