From 816ed77e07ce73f1ae8061eeb4888afc822b2992 Mon Sep 17 00:00:00 2001
From: Jordan Keister <jordan@nimblewidget.com>
Date: Fri, 7 Jul 2023 12:41:44 -0500
Subject: [PATCH] UPSTREAM: <carry>: add namespace management annotation

Signed-off-by: Jordan Keister <jordan@nimblewidget.com>
---
 openshift/generate-manifests.sh                                 | 1 +
 .../manifests/00-namespace-openshift-operator-controller.yml    | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/openshift/generate-manifests.sh b/openshift/generate-manifests.sh
index f6c4f27a4..833889111 100755
--- a/openshift/generate-manifests.sh
+++ b/openshift/generate-manifests.sh
@@ -57,6 +57,7 @@ for container_name in "${!IMAGE_MAPPINGS[@]}"; do
   $YQ -i "(select(.kind == \"Deployment\")|.spec.template.spec.containers[]|select(.name==\"$container_name\")|.image) = \"$placeholder\"" "$TMP_KUSTOMIZE_OUTPUT"
   $YQ -i 'select(.kind == "Deployment").spec.template.metadata.annotations += {"target.workload.openshift.io/management": "{\"effect\": \"PreferredDuringScheduling\"}"}' "$TMP_KUSTOMIZE_OUTPUT"
   $YQ -i 'select(.kind == "Deployment").spec.template.spec += {"priorityClassName": "system-cluster-critical"}' "$TMP_KUSTOMIZE_OUTPUT"
+  $YQ -i 'select(.kind == "Namespace").metadata.annotations += {"workload.openshift.io/allowed": "management"}' "$TMP_KUSTOMIZE_OUTPUT"
 done
 
 # Use yq to split the single yaml file into 1 per document.
diff --git a/openshift/manifests/00-namespace-openshift-operator-controller.yml b/openshift/manifests/00-namespace-openshift-operator-controller.yml
index ebebe3901..7d8ed49c3 100644
--- a/openshift/manifests/00-namespace-openshift-operator-controller.yml
+++ b/openshift/manifests/00-namespace-openshift-operator-controller.yml
@@ -12,3 +12,5 @@ metadata:
     pod-security.kubernetes.io/enforce: restricted
     pod-security.kubernetes.io/enforce-version: latest
   name: openshift-operator-controller
+  annotations:
+    workload.openshift.io/allowed: management