From 186a152174aa80f5a01230bb15baa60b933ae768 Mon Sep 17 00:00:00 2001 From: Tayler Geiger Date: Mon, 20 May 2024 09:25:57 -0500 Subject: [PATCH 1/5] Update catalogd dep to v0.13.0 Fix references to Catalog and CatalogSpec --- .vscode/launch.json | 18 +++++++++++ go.mod | 2 +- go.sum | 4 +-- internal/catalogmetadata/cache/cache.go | 2 +- internal/catalogmetadata/cache/cache_test.go | 30 +++++++++---------- internal/catalogmetadata/client/client.go | 4 +-- .../catalogmetadata/client/client_test.go | 12 ++++---- .../clusterextension_controller.go | 6 ++-- test/e2e/cluster_extension_install_test.go | 10 +++---- test/e2e/e2e_suite_test.go | 6 ++-- .../extension_developer_test.go | 4 +-- 11 files changed, 58 insertions(+), 40 deletions(-) create mode 100644 .vscode/launch.json diff --git a/.vscode/launch.json b/.vscode/launch.json new file mode 100644 index 0000000000..fa20e7e9d2 --- /dev/null +++ b/.vscode/launch.json @@ -0,0 +1,18 @@ +{ + // Use IntelliSense to learn about possible attributes. + // Hover to view descriptions of existing attributes. + // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387 + "version": "0.2.0", + "configurations": [ + { + "name": "Attach to Process", + "type": "go", + "request": "launch", + "mode": "debug", + "program": "cmd/manager/main.go", + "args": [ + + ] + } + ] +} \ No newline at end of file diff --git a/go.mod b/go.mod index 7a60d59727..2a8fea5dd0 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/go-logr/logr v1.4.2 github.com/google/go-cmp v0.6.0 github.com/operator-framework/api v0.25.0 - github.com/operator-framework/catalogd v0.12.0 + github.com/operator-framework/catalogd v0.13.0 github.com/operator-framework/helm-operator-plugins v0.2.2-0.20240520180534-f463c36fedf9 github.com/operator-framework/operator-registry v1.43.1 github.com/operator-framework/rukpak v0.23.1 diff --git a/go.sum b/go.sum index 1c6b05bceb..837aa21785 100644 --- a/go.sum +++ b/go.sum @@ -475,8 +475,8 @@ github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/operator-framework/api v0.25.0 h1:pSQwFSoPmZaTIERadawxtCwicehLkC7i9n3w3+70SVI= github.com/operator-framework/api v0.25.0/go.mod h1:PvyCQb0x53ytIqdTECH5e+iqv+am3uZ0qGsZWmL35gQ= -github.com/operator-framework/catalogd v0.12.0 h1:Cww+CyowkfTFugB9ZjUDpKvumh2vPe/TjCUpMHDmVBM= -github.com/operator-framework/catalogd v0.12.0/go.mod h1:4lryGtBTVOdqlKR0MaVYnlsSOc7HiagVRVo3J4uIo7E= +github.com/operator-framework/catalogd v0.13.0 h1:yOhEb0LpvGbZymippotpau5gFMyUnq8zMnrEYrTaJIQ= +github.com/operator-framework/catalogd v0.13.0/go.mod h1:v405w8d89Lr7K8IVE/x/Q37JtxvgdzLXGpgJxJ2Nweg= github.com/operator-framework/helm-operator-plugins v0.2.2-0.20240520180534-f463c36fedf9 h1:f7/TMBpuIZEQ3JbD9UyP1L1ZCSLLWdR2aPN+A+dOHFY= github.com/operator-framework/helm-operator-plugins v0.2.2-0.20240520180534-f463c36fedf9/go.mod h1:ly6Bd9rSzmt37Wy6WtZHmA+IY9zG958MryJFLcVpCXw= github.com/operator-framework/operator-lib v0.14.0 h1:er+BgZymZD1im2wytLJiPLZpGALAX6N0gXaHx3PKbO4= diff --git a/internal/catalogmetadata/cache/cache.go b/internal/catalogmetadata/cache/cache.go index d1471601dd..85c1a81ace 100644 --- a/internal/catalogmetadata/cache/cache.go +++ b/internal/catalogmetadata/cache/cache.go @@ -66,7 +66,7 @@ type filesystemCache struct { // resources that have been successfully reconciled, unpacked, and are being served. // These requirements help ensure that we can rely on status conditions to determine // when to issue a request to update the cached Catalog contents. -func (fsc *filesystemCache) FetchCatalogContents(ctx context.Context, catalog *catalogd.Catalog) (io.ReadCloser, error) { +func (fsc *filesystemCache) FetchCatalogContents(ctx context.Context, catalog *catalogd.ClusterCatalog) (io.ReadCloser, error) { if catalog == nil { return nil, fmt.Errorf("error: provided catalog must be non-nil") } diff --git a/internal/catalogmetadata/cache/cache_test.go b/internal/catalogmetadata/cache/cache_test.go index bf6bd2f569..f6719522c7 100644 --- a/internal/catalogmetadata/cache/cache_test.go +++ b/internal/catalogmetadata/cache/cache_test.go @@ -54,7 +54,7 @@ func TestCache(t *testing.T) { t.Run("FetchCatalogContents", func(t *testing.T) { type test struct { name string - catalog *catalogd.Catalog + catalog *catalogd.ClusterCatalog contents []byte wantErr bool tripper *MockTripper @@ -64,11 +64,11 @@ func TestCache(t *testing.T) { for _, tt := range []test{ { name: "valid non-cached fetch", - catalog: &catalogd.Catalog{ + catalog: &catalogd.ClusterCatalog{ ObjectMeta: metav1.ObjectMeta{ Name: "test-catalog", }, - Status: catalogd.CatalogStatus{ + Status: catalogd.ClusterCatalogStatus{ ResolvedSource: &catalogd.ResolvedCatalogSource{ Type: catalogd.SourceTypeImage, Image: &catalogd.ResolvedImageSource{ @@ -82,11 +82,11 @@ func TestCache(t *testing.T) { }, { name: "valid cached fetch", - catalog: &catalogd.Catalog{ + catalog: &catalogd.ClusterCatalog{ ObjectMeta: metav1.ObjectMeta{ Name: "test-catalog", }, - Status: catalogd.CatalogStatus{ + Status: catalogd.ClusterCatalogStatus{ ResolvedSource: &catalogd.ResolvedCatalogSource{ Type: catalogd.SourceTypeImage, Image: &catalogd.ResolvedImageSource{ @@ -102,11 +102,11 @@ func TestCache(t *testing.T) { }, { name: "cached update fetch with changes", - catalog: &catalogd.Catalog{ + catalog: &catalogd.ClusterCatalog{ ObjectMeta: metav1.ObjectMeta{ Name: "test-catalog", }, - Status: catalogd.CatalogStatus{ + Status: catalogd.ClusterCatalogStatus{ ResolvedSource: &catalogd.ResolvedCatalogSource{ Type: catalogd.SourceTypeImage, Image: &catalogd.ResolvedImageSource{ @@ -122,11 +122,11 @@ func TestCache(t *testing.T) { }, { name: "fetch error", - catalog: &catalogd.Catalog{ + catalog: &catalogd.ClusterCatalog{ ObjectMeta: metav1.ObjectMeta{ Name: "test-catalog", }, - Status: catalogd.CatalogStatus{ + Status: catalogd.ClusterCatalogStatus{ ResolvedSource: &catalogd.ResolvedCatalogSource{ Type: catalogd.SourceTypeImage, Image: &catalogd.ResolvedImageSource{ @@ -141,11 +141,11 @@ func TestCache(t *testing.T) { }, { name: "fetch internal server error response", - catalog: &catalogd.Catalog{ + catalog: &catalogd.ClusterCatalog{ ObjectMeta: metav1.ObjectMeta{ Name: "test-catalog", }, - Status: catalogd.CatalogStatus{ + Status: catalogd.ClusterCatalogStatus{ ResolvedSource: &catalogd.ResolvedCatalogSource{ Type: catalogd.SourceTypeImage, Image: &catalogd.ResolvedImageSource{ @@ -167,11 +167,11 @@ func TestCache(t *testing.T) { }, { name: "nil catalog.status.resolvedSource", - catalog: &catalogd.Catalog{ + catalog: &catalogd.ClusterCatalog{ ObjectMeta: metav1.ObjectMeta{ Name: "test-catalog", }, - Status: catalogd.CatalogStatus{ + Status: catalogd.ClusterCatalogStatus{ ResolvedSource: nil, }, }, @@ -181,11 +181,11 @@ func TestCache(t *testing.T) { }, { name: "nil catalog.status.resolvedSource.image", - catalog: &catalogd.Catalog{ + catalog: &catalogd.ClusterCatalog{ ObjectMeta: metav1.ObjectMeta{ Name: "test-catalog", }, - Status: catalogd.CatalogStatus{ + Status: catalogd.ClusterCatalogStatus{ ResolvedSource: &catalogd.ResolvedCatalogSource{ Image: nil, }, diff --git a/internal/catalogmetadata/client/client.go b/internal/catalogmetadata/client/client.go index 172f686c6b..147a50842c 100644 --- a/internal/catalogmetadata/client/client.go +++ b/internal/catalogmetadata/client/client.go @@ -23,7 +23,7 @@ type Fetcher interface { // server for the catalog provided. It returns an io.ReadCloser // containing the FBC contents that the caller is expected to close. // returns an error if any occur. - FetchCatalogContents(ctx context.Context, catalog *catalogd.Catalog) (io.ReadCloser, error) + FetchCatalogContents(ctx context.Context, catalog *catalogd.ClusterCatalog) (io.ReadCloser, error) } func New(cl client.Client, fetcher Fetcher) *Client { @@ -46,7 +46,7 @@ type Client struct { func (c *Client) Bundles(ctx context.Context) ([]*catalogmetadata.Bundle, error) { var allBundles []*catalogmetadata.Bundle - var catalogList catalogd.CatalogList + var catalogList catalogd.ClusterCatalogList if err := c.cl.List(ctx, &catalogList); err != nil { return nil, err } diff --git a/internal/catalogmetadata/client/client_test.go b/internal/catalogmetadata/client/client_test.go index 047861871a..7d75f4f6ed 100644 --- a/internal/catalogmetadata/client/client_test.go +++ b/internal/catalogmetadata/client/client_test.go @@ -105,7 +105,7 @@ func TestClient(t *testing.T) { name: "skip catalog missing Unpacked status condition", fakeCatalog: func() ([]client.Object, []*catalogmetadata.Bundle, map[string][]byte) { objs, bundles, catalogContentMap := defaultFakeCatalog() - objs = append(objs, &catalogd.Catalog{ + objs = append(objs, &catalogd.ClusterCatalog{ ObjectMeta: metav1.ObjectMeta{ Name: "foobar", }, @@ -220,11 +220,11 @@ func defaultFakeCatalog() ([]client.Object, []*catalogmetadata.Bundle, map[strin }` objs := []client.Object{ - &catalogd.Catalog{ + &catalogd.ClusterCatalog{ ObjectMeta: metav1.ObjectMeta{ Name: "catalog-1", }, - Status: catalogd.CatalogStatus{ + Status: catalogd.ClusterCatalogStatus{ Conditions: []metav1.Condition{ { Type: catalogd.TypeUnpacked, @@ -234,11 +234,11 @@ func defaultFakeCatalog() ([]client.Object, []*catalogmetadata.Bundle, map[strin }, }, }, - &catalogd.Catalog{ + &catalogd.ClusterCatalog{ ObjectMeta: metav1.ObjectMeta{ Name: "catalog-2", }, - Status: catalogd.CatalogStatus{ + Status: catalogd.ClusterCatalogStatus{ Conditions: []metav1.Condition{ { Type: catalogd.TypeUnpacked, @@ -338,7 +338,7 @@ type MockFetcher struct { shouldError bool } -func (mc *MockFetcher) FetchCatalogContents(_ context.Context, catalog *catalogd.Catalog) (io.ReadCloser, error) { +func (mc *MockFetcher) FetchCatalogContents(_ context.Context, catalog *catalogd.ClusterCatalog) (io.ReadCloser, error) { if mc.shouldError { return nil, errors.New("mock cache error") } diff --git a/internal/controllers/clusterextension_controller.go b/internal/controllers/clusterextension_controller.go index 83d1fc8e82..546094ac6b 100644 --- a/internal/controllers/clusterextension_controller.go +++ b/internal/controllers/clusterextension_controller.go @@ -555,12 +555,12 @@ func isInsecureSkipTLSVerifySet(ce *ocv1alpha1.ClusterExtension) bool { func (r *ClusterExtensionReconciler) SetupWithManager(mgr ctrl.Manager) error { controller, err := ctrl.NewControllerManagedBy(mgr). For(&ocv1alpha1.ClusterExtension{}). - Watches(&catalogd.Catalog{}, + Watches(&catalogd.ClusterCatalog{}, crhandler.EnqueueRequestsFromMapFunc(clusterExtensionRequestsForCatalog(mgr.GetClient(), mgr.GetLogger()))). WithEventFilter(predicate.Funcs{ UpdateFunc: func(ue event.UpdateEvent) bool { - oldObject, isOldCatalog := ue.ObjectOld.(*catalogd.Catalog) - newObject, isNewCatalog := ue.ObjectNew.(*catalogd.Catalog) + oldObject, isOldCatalog := ue.ObjectOld.(*catalogd.ClusterCatalog) + newObject, isNewCatalog := ue.ObjectNew.(*catalogd.ClusterCatalog) if !isOldCatalog || !isNewCatalog { return true diff --git a/test/e2e/cluster_extension_install_test.go b/test/e2e/cluster_extension_install_test.go index 2042190a9d..2bfe2c6c8e 100644 --- a/test/e2e/cluster_extension_install_test.go +++ b/test/e2e/cluster_extension_install_test.go @@ -36,7 +36,7 @@ const ( var pollDuration = time.Minute var pollInterval = time.Second -func testInit(t *testing.T) (*ocv1alpha1.ClusterExtension, *catalogd.Catalog) { +func testInit(t *testing.T) (*ocv1alpha1.ClusterExtension, *catalogd.ClusterCatalog) { var err error extensionCatalog, err := createTestCatalog(context.Background(), testCatalogName, os.Getenv(testCatalogRefEnvVar)) require.NoError(t, err) @@ -53,10 +53,10 @@ func testInit(t *testing.T) (*ocv1alpha1.ClusterExtension, *catalogd.Catalog) { return clusterExtension, extensionCatalog } -func testCleanup(t *testing.T, cat *catalogd.Catalog, clusterExtension *ocv1alpha1.ClusterExtension) { +func testCleanup(t *testing.T, cat *catalogd.ClusterCatalog, clusterExtension *ocv1alpha1.ClusterExtension) { require.NoError(t, c.Delete(context.Background(), cat)) require.Eventually(t, func() bool { - err := c.Get(context.Background(), types.NamespacedName{Name: cat.Name}, &catalogd.Catalog{}) + err := c.Get(context.Background(), types.NamespacedName{Name: cat.Name}, &catalogd.ClusterCatalog{}) return errors.IsNotFound(err) }, pollDuration, pollInterval) require.NoError(t, c.Delete(context.Background(), clusterExtension)) @@ -139,7 +139,7 @@ func TestClusterExtensionInstallReResolvesWhenNewCatalog(t *testing.T) { t.Log("By deleting the catalog first") require.NoError(t, c.Delete(context.Background(), extensionCatalog)) require.EventuallyWithT(t, func(ct *assert.CollectT) { - err := c.Get(context.Background(), types.NamespacedName{Name: extensionCatalog.Name}, &catalogd.Catalog{}) + err := c.Get(context.Background(), types.NamespacedName{Name: extensionCatalog.Name}, &catalogd.ClusterCatalog{}) assert.True(ct, errors.IsNotFound(err)) }, pollDuration, pollInterval) @@ -368,7 +368,7 @@ func getArtifactsOutput(t *testing.T) { } // get all catalogsources save them to the artifact path. - catalogsources := catalogd.CatalogList{} + catalogsources := catalogd.ClusterCatalogList{} if err := c.List(context.Background(), &catalogsources, client.InNamespace("")); err != nil { fmt.Printf("Failed to list catalogsources: %v", err) } diff --git a/test/e2e/e2e_suite_test.go b/test/e2e/e2e_suite_test.go index 5f9e4f0caf..8c32390bd7 100644 --- a/test/e2e/e2e_suite_test.go +++ b/test/e2e/e2e_suite_test.go @@ -39,12 +39,12 @@ func TestMain(m *testing.M) { // createTestCatalog will create a new catalog on the test cluster, provided // the context, catalog name, and the image reference. It returns the created catalog // or an error if any errors occurred while creating the catalog. -func createTestCatalog(ctx context.Context, name string, imageRef string) (*catalogd.Catalog, error) { - catalog := &catalogd.Catalog{ +func createTestCatalog(ctx context.Context, name string, imageRef string) (*catalogd.ClusterCatalog, error) { + catalog := &catalogd.ClusterCatalog{ ObjectMeta: metav1.ObjectMeta{ Name: name, }, - Spec: catalogd.CatalogSpec{ + Spec: catalogd.ClusterCatalogSpec{ Source: catalogd.CatalogSource{ Type: catalogd.SourceTypeImage, Image: &catalogd.ImageSource{ diff --git a/test/extension-developer-e2e/extension_developer_test.go b/test/extension-developer-e2e/extension_developer_test.go index 0d215085b9..52f3332730 100644 --- a/test/extension-developer-e2e/extension_developer_test.go +++ b/test/extension-developer-e2e/extension_developer_test.go @@ -50,11 +50,11 @@ func TestExtensionDeveloper(t *testing.T) { clusterExtension := ce t.Run(clusterExtension.ObjectMeta.Name, func(t *testing.T) { t.Parallel() - catalog := &catalogd.Catalog{ + catalog := &catalogd.ClusterCatalog{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "catalog", }, - Spec: catalogd.CatalogSpec{ + Spec: catalogd.ClusterCatalogSpec{ Source: catalogd.CatalogSource{ Type: catalogd.SourceTypeImage, Image: &catalogd.ImageSource{ From 562a1b5dce0e90724f28ffb4b73f2a4b1ba64353 Mon Sep 17 00:00:00 2001 From: Tayler Geiger Date: Thu, 23 May 2024 14:36:54 -0500 Subject: [PATCH 2/5] Implement TLS overlay for Catalogd TLS Signed-off-by: Tayler Geiger --- .gitignore | 1 + .vscode/launch.json | 18 ----- Makefile | 6 +- Tiltfile | 2 +- cmd/manager/main.go | 25 ++++++- ...peratorframework.io_clusterextensions.yaml | 0 config/{ => base}/crd/kustomization.yaml | 0 config/{ => base}/crd/kustomizeconfig.yaml | 0 config/{ => base}/default/kustomization.yaml | 0 config/{ => base}/e2e/kustomization.yaml | 2 +- .../e2e/manager_e2e_coverage_copy_pod.yaml | 0 .../e2e/manager_e2e_coverage_patch.yaml | 0 .../e2e/manager_e2e_coverage_pvc.yaml | 0 config/{ => base}/manager/kustomization.yaml | 0 config/{ => base}/manager/manager.yaml | 4 +- .../{ => base}/prometheus/kustomization.yaml | 0 config/{ => base}/prometheus/monitor.yaml | 0 .../rbac/auth_proxy_client_clusterrole.yaml | 0 config/{ => base}/rbac/auth_proxy_role.yaml | 0 .../rbac/auth_proxy_role_binding.yaml | 0 .../{ => base}/rbac/auth_proxy_service.yaml | 0 .../rbac/clusterextension_editor_role.yaml | 0 .../rbac/clusterextension_viewer_role.yaml | 0 .../rbac/extension_editor_role.yaml | 0 .../rbac/extension_viewer_role.yaml | 0 config/{ => base}/rbac/kustomization.yaml | 0 .../{ => base}/rbac/leader_election_role.yaml | 0 .../rbac/leader_election_role_binding.yaml | 0 config/base/rbac/role.yaml | 69 +++++++++++++++++++ config/{ => base}/rbac/role_binding.yaml | 0 config/{ => base}/rbac/service_account.yaml | 0 config/overlays/tls/kustomization.yaml | 23 +++++++ .../tls/patches/manager_deployment_cert.yaml | 9 +++ config/rbac/role.yaml | 2 +- config/samples/catalogd_operatorcatalog.yaml | 2 +- .../clusterextension_controller.go | 2 +- internal/controllers/suite_test.go | 2 +- scripts/install.tpl.sh | 4 +- 38 files changed, 139 insertions(+), 32 deletions(-) delete mode 100644 .vscode/launch.json rename config/{ => base}/crd/bases/olm.operatorframework.io_clusterextensions.yaml (100%) rename config/{ => base}/crd/kustomization.yaml (100%) rename config/{ => base}/crd/kustomizeconfig.yaml (100%) rename config/{ => base}/default/kustomization.yaml (100%) rename config/{ => base}/e2e/kustomization.yaml (88%) rename config/{ => base}/e2e/manager_e2e_coverage_copy_pod.yaml (100%) rename config/{ => base}/e2e/manager_e2e_coverage_patch.yaml (100%) rename config/{ => base}/e2e/manager_e2e_coverage_pvc.yaml (100%) rename config/{ => base}/manager/kustomization.yaml (100%) rename config/{ => base}/manager/manager.yaml (98%) rename config/{ => base}/prometheus/kustomization.yaml (100%) rename config/{ => base}/prometheus/monitor.yaml (100%) rename config/{ => base}/rbac/auth_proxy_client_clusterrole.yaml (100%) rename config/{ => base}/rbac/auth_proxy_role.yaml (100%) rename config/{ => base}/rbac/auth_proxy_role_binding.yaml (100%) rename config/{ => base}/rbac/auth_proxy_service.yaml (100%) rename config/{ => base}/rbac/clusterextension_editor_role.yaml (100%) rename config/{ => base}/rbac/clusterextension_viewer_role.yaml (100%) rename config/{ => base}/rbac/extension_editor_role.yaml (100%) rename config/{ => base}/rbac/extension_viewer_role.yaml (100%) rename config/{ => base}/rbac/kustomization.yaml (100%) rename config/{ => base}/rbac/leader_election_role.yaml (100%) rename config/{ => base}/rbac/leader_election_role_binding.yaml (100%) create mode 100644 config/base/rbac/role.yaml rename config/{ => base}/rbac/role_binding.yaml (100%) rename config/{ => base}/rbac/service_account.yaml (100%) create mode 100644 config/overlays/tls/kustomization.yaml create mode 100644 config/overlays/tls/patches/manager_deployment_cert.yaml diff --git a/.gitignore b/.gitignore index 273b66b814..d7ffdb1b3d 100644 --- a/.gitignore +++ b/.gitignore @@ -39,3 +39,4 @@ install.sh site .tiltbuild/ +.vscode \ No newline at end of file diff --git a/.vscode/launch.json b/.vscode/launch.json deleted file mode 100644 index fa20e7e9d2..0000000000 --- a/.vscode/launch.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - // Use IntelliSense to learn about possible attributes. - // Hover to view descriptions of existing attributes. - // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387 - "version": "0.2.0", - "configurations": [ - { - "name": "Attach to Process", - "type": "go", - "request": "launch", - "mode": "debug", - "program": "cmd/manager/main.go", - "args": [ - - ] - } - ] -} \ No newline at end of file diff --git a/Makefile b/Makefile index 8a040ad38e..b3f812a8d1 100644 --- a/Makefile +++ b/Makefile @@ -54,7 +54,7 @@ else $(warning Could not find docker or podman in path! This may result in targets requiring a container runtime failing!) endif -KUSTOMIZE_BUILD_DIR := config/default +KUSTOMIZE_BUILD_DIR := config/overlays/tls # Disable -j flag for make .NOTPARALLEL: @@ -95,7 +95,7 @@ tidy: #HELP Update dependencies. .PHONY: manifests manifests: $(CONTROLLER_GEN) #EXHELP Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. - $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases + $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/base/crd/bases .PHONY: generate generate: $(CONTROLLER_GEN) #EXHELP Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. @@ -150,7 +150,7 @@ build-push-e2e-catalog: ## Build the testdata catalog used for e2e tests and pus # for example: ARTIFACT_PATH=/tmp/artifacts make test-e2e .PHONY: test-e2e test-e2e: KIND_CLUSTER_NAME := operator-controller-e2e -test-e2e: KUSTOMIZE_BUILD_DIR := config/e2e +test-e2e: KUSTOMIZE_BUILD_DIR := config/base/e2e test-e2e: GO_BUILD_FLAGS := -cover test-e2e: run image-registry build-push-e2e-catalog registry-load-bundles e2e e2e-coverage kind-clean #HELP Run e2e test suite on local kind cluster diff --git a/Tiltfile b/Tiltfile index 783123d74f..ef12a30429 100644 --- a/Tiltfile +++ b/Tiltfile @@ -9,7 +9,7 @@ repos = cfg.get('repos', ['operator-controller', 'catalogd']) repo = { 'image': 'quay.io/operator-framework/operator-controller', - 'yaml': 'config/default', + 'yaml': 'config/overlays/tls', 'binaries': { 'manager': 'operator-controller-controller-manager', }, diff --git a/cmd/manager/main.go b/cmd/manager/main.go index 5d2847b0b6..b9891b81b1 100644 --- a/cmd/manager/main.go +++ b/cmd/manager/main.go @@ -17,9 +17,11 @@ limitations under the License. package main import ( + "crypto/tls" "crypto/x509" "flag" "fmt" + "log" "net/http" "net/url" "os" @@ -82,9 +84,11 @@ func main() { operatorControllerVersion bool systemNamespace string provisionerStorageDirectory string + tlsCert string ) flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") + flag.StringVar(&tlsCert, "tls-cert", "", "The TLS certificate to use for verifying HTTPS connections to the Catalogd web server.") flag.BoolVar(&enableLeaderElection, "leader-elect", false, "Enable leader election for controller manager. "+ "Enabling this will ensure there is only one active controller manager.") @@ -153,8 +157,27 @@ func main() { os.Exit(1) } + httpClient := &http.Client{Timeout: 10 * time.Second} + + if tlsCert != "" { + cert, err := os.ReadFile(tlsCert) + if err != nil { + log.Fatalf("Failed to read certificate file: %v", err) + } + caCertPool := x509.NewCertPool() + caCertPool.AppendCertsFromPEM(cert) + tlsConfig := &tls.Config{ + RootCAs: caCertPool, + MinVersion: tls.VersionTLS12, + } + tlsTransport := &http.Transport{ + TLSClientConfig: tlsConfig, + } + httpClient.Transport = tlsTransport + } + cl := mgr.GetClient() - catalogClient := catalogclient.New(cl, cache.NewFilesystemCache(cachePath, &http.Client{Timeout: 10 * time.Second})) + catalogClient := catalogclient.New(cl, cache.NewFilesystemCache(cachePath, httpClient)) cfgGetter, err := helmclient.NewActionConfigGetter(mgr.GetConfig(), mgr.GetRESTMapper(), helmclient.StorageNamespaceMapper(func(o client.Object) (string, error) { return systemNamespace, nil diff --git a/config/crd/bases/olm.operatorframework.io_clusterextensions.yaml b/config/base/crd/bases/olm.operatorframework.io_clusterextensions.yaml similarity index 100% rename from config/crd/bases/olm.operatorframework.io_clusterextensions.yaml rename to config/base/crd/bases/olm.operatorframework.io_clusterextensions.yaml diff --git a/config/crd/kustomization.yaml b/config/base/crd/kustomization.yaml similarity index 100% rename from config/crd/kustomization.yaml rename to config/base/crd/kustomization.yaml diff --git a/config/crd/kustomizeconfig.yaml b/config/base/crd/kustomizeconfig.yaml similarity index 100% rename from config/crd/kustomizeconfig.yaml rename to config/base/crd/kustomizeconfig.yaml diff --git a/config/default/kustomization.yaml b/config/base/default/kustomization.yaml similarity index 100% rename from config/default/kustomization.yaml rename to config/base/default/kustomization.yaml diff --git a/config/e2e/kustomization.yaml b/config/base/e2e/kustomization.yaml similarity index 88% rename from config/e2e/kustomization.yaml rename to config/base/e2e/kustomization.yaml index 7d0ba86c5b..a4c16a4206 100644 --- a/config/e2e/kustomization.yaml +++ b/config/base/e2e/kustomization.yaml @@ -1,7 +1,7 @@ namespace: operator-controller-system resources: -- ../default +- ../../overlays/tls - manager_e2e_coverage_pvc.yaml - manager_e2e_coverage_copy_pod.yaml diff --git a/config/e2e/manager_e2e_coverage_copy_pod.yaml b/config/base/e2e/manager_e2e_coverage_copy_pod.yaml similarity index 100% rename from config/e2e/manager_e2e_coverage_copy_pod.yaml rename to config/base/e2e/manager_e2e_coverage_copy_pod.yaml diff --git a/config/e2e/manager_e2e_coverage_patch.yaml b/config/base/e2e/manager_e2e_coverage_patch.yaml similarity index 100% rename from config/e2e/manager_e2e_coverage_patch.yaml rename to config/base/e2e/manager_e2e_coverage_patch.yaml diff --git a/config/e2e/manager_e2e_coverage_pvc.yaml b/config/base/e2e/manager_e2e_coverage_pvc.yaml similarity index 100% rename from config/e2e/manager_e2e_coverage_pvc.yaml rename to config/base/e2e/manager_e2e_coverage_pvc.yaml diff --git a/config/manager/kustomization.yaml b/config/base/manager/kustomization.yaml similarity index 100% rename from config/manager/kustomization.yaml rename to config/base/manager/kustomization.yaml diff --git a/config/manager/manager.yaml b/config/base/manager/manager.yaml similarity index 98% rename from config/manager/manager.yaml rename to config/base/manager/manager.yaml index f5c73c56e0..2778891b2b 100644 --- a/config/manager/manager.yaml +++ b/config/base/manager/manager.yaml @@ -112,6 +112,6 @@ spec: terminationGracePeriodSeconds: 10 volumes: - name: cache - emptyDir: {} + emptyDir: {} - name: bundle-cache - emptyDir: {} + emptyDir: {} \ No newline at end of file diff --git a/config/prometheus/kustomization.yaml b/config/base/prometheus/kustomization.yaml similarity index 100% rename from config/prometheus/kustomization.yaml rename to config/base/prometheus/kustomization.yaml diff --git a/config/prometheus/monitor.yaml b/config/base/prometheus/monitor.yaml similarity index 100% rename from config/prometheus/monitor.yaml rename to config/base/prometheus/monitor.yaml diff --git a/config/rbac/auth_proxy_client_clusterrole.yaml b/config/base/rbac/auth_proxy_client_clusterrole.yaml similarity index 100% rename from config/rbac/auth_proxy_client_clusterrole.yaml rename to config/base/rbac/auth_proxy_client_clusterrole.yaml diff --git a/config/rbac/auth_proxy_role.yaml b/config/base/rbac/auth_proxy_role.yaml similarity index 100% rename from config/rbac/auth_proxy_role.yaml rename to config/base/rbac/auth_proxy_role.yaml diff --git a/config/rbac/auth_proxy_role_binding.yaml b/config/base/rbac/auth_proxy_role_binding.yaml similarity index 100% rename from config/rbac/auth_proxy_role_binding.yaml rename to config/base/rbac/auth_proxy_role_binding.yaml diff --git a/config/rbac/auth_proxy_service.yaml b/config/base/rbac/auth_proxy_service.yaml similarity index 100% rename from config/rbac/auth_proxy_service.yaml rename to config/base/rbac/auth_proxy_service.yaml diff --git a/config/rbac/clusterextension_editor_role.yaml b/config/base/rbac/clusterextension_editor_role.yaml similarity index 100% rename from config/rbac/clusterextension_editor_role.yaml rename to config/base/rbac/clusterextension_editor_role.yaml diff --git a/config/rbac/clusterextension_viewer_role.yaml b/config/base/rbac/clusterextension_viewer_role.yaml similarity index 100% rename from config/rbac/clusterextension_viewer_role.yaml rename to config/base/rbac/clusterextension_viewer_role.yaml diff --git a/config/rbac/extension_editor_role.yaml b/config/base/rbac/extension_editor_role.yaml similarity index 100% rename from config/rbac/extension_editor_role.yaml rename to config/base/rbac/extension_editor_role.yaml diff --git a/config/rbac/extension_viewer_role.yaml b/config/base/rbac/extension_viewer_role.yaml similarity index 100% rename from config/rbac/extension_viewer_role.yaml rename to config/base/rbac/extension_viewer_role.yaml diff --git a/config/rbac/kustomization.yaml b/config/base/rbac/kustomization.yaml similarity index 100% rename from config/rbac/kustomization.yaml rename to config/base/rbac/kustomization.yaml diff --git a/config/rbac/leader_election_role.yaml b/config/base/rbac/leader_election_role.yaml similarity index 100% rename from config/rbac/leader_election_role.yaml rename to config/base/rbac/leader_election_role.yaml diff --git a/config/rbac/leader_election_role_binding.yaml b/config/base/rbac/leader_election_role_binding.yaml similarity index 100% rename from config/rbac/leader_election_role_binding.yaml rename to config/base/rbac/leader_election_role_binding.yaml diff --git a/config/base/rbac/role.yaml b/config/base/rbac/role.yaml new file mode 100644 index 0000000000..d1016c6c89 --- /dev/null +++ b/config/base/rbac/role.yaml @@ -0,0 +1,69 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: manager-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +- apiGroups: + - catalogd.operatorframework.io + resources: + - catalogmetadata + verbs: + - list + - watch +- apiGroups: + - catalogd.operatorframework.io + resources: + - clustercatalogs + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - list + - watch +- apiGroups: + - "" + resources: + - pods/log + verbs: + - get +- apiGroups: + - olm.operatorframework.io + resources: + - clusterextensions + verbs: + - get + - list + - watch +- apiGroups: + - olm.operatorframework.io + resources: + - clusterextensions/finalizers + verbs: + - update +- apiGroups: + - olm.operatorframework.io + resources: + - clusterextensions/status + verbs: + - patch + - update diff --git a/config/rbac/role_binding.yaml b/config/base/rbac/role_binding.yaml similarity index 100% rename from config/rbac/role_binding.yaml rename to config/base/rbac/role_binding.yaml diff --git a/config/rbac/service_account.yaml b/config/base/rbac/service_account.yaml similarity index 100% rename from config/rbac/service_account.yaml rename to config/base/rbac/service_account.yaml diff --git a/config/overlays/tls/kustomization.yaml b/config/overlays/tls/kustomization.yaml new file mode 100644 index 0000000000..d78038704c --- /dev/null +++ b/config/overlays/tls/kustomization.yaml @@ -0,0 +1,23 @@ +# Adds namespace to all resources. +namespace: operator-controller-system + +# Value of this field is prepended to the +# names of all resources, e.g. a deployment named +# "wordpress" becomes "alices-wordpress". +# Note that it should also match with the prefix (text before '-') of the namespace +# field above. +namePrefix: operator-controller- + +# the following config is for teaching kustomize how to do var substitution +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../../base/crd +- ../../base/rbac +- ../../base/manager + +patches: +- target: + kind: Deployment + name: controller-manager + path: patches/manager_deployment_cert.yaml \ No newline at end of file diff --git a/config/overlays/tls/patches/manager_deployment_cert.yaml b/config/overlays/tls/patches/manager_deployment_cert.yaml new file mode 100644 index 0000000000..dd35b5f1bd --- /dev/null +++ b/config/overlays/tls/patches/manager_deployment_cert.yaml @@ -0,0 +1,9 @@ +- op: add + path: /spec/template/spec/volumes/- + value: {"name":"ca-certificate", "secret":{"secretName":"catalogd-catalogserver-cert", "optional": false, "items": [{"key": "tls.crt", "path": "tls.crt"}]}} +- op: add + path: /spec/template/spec/containers/0/volumeMounts/- + value: {"name":"ca-certificate", "readOnly": true, "mountPath":"/var/certs"} +- op: add + path: /spec/template/spec/containers/0/args/- + value: "--tls-cert=/var/certs/tls.crt" \ No newline at end of file diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index a0340fbef5..d1016c6c89 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -20,7 +20,7 @@ rules: - apiGroups: - catalogd.operatorframework.io resources: - - catalogs + - clustercatalogs verbs: - list - watch diff --git a/config/samples/catalogd_operatorcatalog.yaml b/config/samples/catalogd_operatorcatalog.yaml index 0a4de4d24d..bd148bc856 100644 --- a/config/samples/catalogd_operatorcatalog.yaml +++ b/config/samples/catalogd_operatorcatalog.yaml @@ -1,5 +1,5 @@ apiVersion: catalogd.operatorframework.io/v1alpha1 -kind: Catalog +kind: ClusterCatalog metadata: name: operatorhubio spec: diff --git a/internal/controllers/clusterextension_controller.go b/internal/controllers/clusterextension_controller.go index 546094ac6b..d102d90dca 100644 --- a/internal/controllers/clusterextension_controller.go +++ b/internal/controllers/clusterextension_controller.go @@ -109,7 +109,7 @@ const ( //+kubebuilder:rbac:groups=core,resources=pods/log,verbs=get //+kubebuilder:rbac:groups=*,resources=*,verbs=* -//+kubebuilder:rbac:groups=catalogd.operatorframework.io,resources=catalogs,verbs=list;watch +//+kubebuilder:rbac:groups=catalogd.operatorframework.io,resources=clustercatalogs,verbs=list;watch //+kubebuilder:rbac:groups=catalogd.operatorframework.io,resources=catalogmetadata,verbs=list;watch // The operator controller needs to watch all the bundle objects and reconcile accordingly. Though not ideal, but these permissions are required. diff --git a/internal/controllers/suite_test.go b/internal/controllers/suite_test.go index 82e0078e55..a5c4d7a0fd 100644 --- a/internal/controllers/suite_test.go +++ b/internal/controllers/suite_test.go @@ -140,7 +140,7 @@ var ( func TestMain(m *testing.M) { testEnv := &envtest.Environment{ CRDDirectoryPaths: []string{ - filepath.Join("..", "..", "config", "crd", "bases")}, + filepath.Join("..", "..", "config", "base", "crd", "bases")}, ErrorIfCRDPathMissing: true, } diff --git a/scripts/install.tpl.sh b/scripts/install.tpl.sh index 7ee165004e..bdf2d6a797 100644 --- a/scripts/install.tpl.sh +++ b/scripts/install.tpl.sh @@ -35,8 +35,8 @@ function kubectl_wait() { kubectl apply -f "https://github.com/cert-manager/cert-manager/releases/download/${cert_mgr_version}/cert-manager.yaml" kubectl_wait "cert-manager" "deployment/cert-manager-webhook" "60s" -kubectl apply -f "https://github.com/operator-framework/catalogd/releases/download/${catalogd_version}/catalogd.yaml" -kubectl_wait "catalogd-system" "deployment/catalogd-controller-manager" "60s" +curl -L https://github.com/operator-framework/catalogd/releases/download/${catalogd_version}/catalogd.yaml | sed s/catalogd-system/operator-controller-system/g | kubectl apply -f - +kubectl_wait "operator-controller-system" "deployment/catalogd-controller-manager" "60s" kubectl apply -f "${operator_controller_manifest}" kubectl_wait "operator-controller-system" "deployment/operator-controller-controller-manager" "60s" From 3f89a9569cb17e842937772a58ddedd6f478413b Mon Sep 17 00:00:00 2001 From: Tayler Geiger Date: Thu, 6 Jun 2024 13:18:55 -0500 Subject: [PATCH 3/5] Reorganize TLS changes --- cmd/manager/main.go | 29 ++++------------ config/base/{default => }/kustomization.yaml | 6 ++-- config/base/manager/manager.yaml | 2 +- config/overlays/tls/kustomization.yaml | 5 +-- .../tls/patches/manager_deployment_cert.yaml | 2 +- internal/httputil/httputil.go | 34 +++++++++++++++++++ 6 files changed, 46 insertions(+), 32 deletions(-) rename config/base/{default => }/kustomization.yaml (99%) create mode 100644 internal/httputil/httputil.go diff --git a/cmd/manager/main.go b/cmd/manager/main.go index b9891b81b1..4934595b92 100644 --- a/cmd/manager/main.go +++ b/cmd/manager/main.go @@ -17,16 +17,12 @@ limitations under the License. package main import ( - "crypto/tls" "crypto/x509" "flag" "fmt" - "log" - "net/http" "net/url" "os" "path/filepath" - "time" "github.com/spf13/pflag" "go.uber.org/zap/zapcore" @@ -52,6 +48,7 @@ import ( "github.com/operator-framework/operator-controller/internal/catalogmetadata/cache" catalogclient "github.com/operator-framework/operator-controller/internal/catalogmetadata/client" "github.com/operator-framework/operator-controller/internal/controllers" + "github.com/operator-framework/operator-controller/internal/httputil" "github.com/operator-framework/operator-controller/internal/labels" "github.com/operator-framework/operator-controller/internal/version" "github.com/operator-framework/operator-controller/pkg/features" @@ -84,11 +81,11 @@ func main() { operatorControllerVersion bool systemNamespace string provisionerStorageDirectory string - tlsCert string + caCert string ) flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") - flag.StringVar(&tlsCert, "tls-cert", "", "The TLS certificate to use for verifying HTTPS connections to the Catalogd web server.") + flag.StringVar(&caCert, "ca-cert", "", "The TLS certificate to use for verifying HTTPS connections to the Catalogd web server.") flag.BoolVar(&enableLeaderElection, "leader-elect", false, "Enable leader election for controller manager. "+ "Enabling this will ensure there is only one active controller manager.") @@ -157,23 +154,9 @@ func main() { os.Exit(1) } - httpClient := &http.Client{Timeout: 10 * time.Second} - - if tlsCert != "" { - cert, err := os.ReadFile(tlsCert) - if err != nil { - log.Fatalf("Failed to read certificate file: %v", err) - } - caCertPool := x509.NewCertPool() - caCertPool.AppendCertsFromPEM(cert) - tlsConfig := &tls.Config{ - RootCAs: caCertPool, - MinVersion: tls.VersionTLS12, - } - tlsTransport := &http.Transport{ - TLSClientConfig: tlsConfig, - } - httpClient.Transport = tlsTransport + httpClient, err := httputil.BuildHTTPClient(caCert) + if err != nil { + setupLog.Error(err, "unable to create catalogd http client") } cl := mgr.GetClient() diff --git a/config/base/default/kustomization.yaml b/config/base/kustomization.yaml similarity index 99% rename from config/base/default/kustomization.yaml rename to config/base/kustomization.yaml index 6e2a672dd4..1b7e00afe2 100644 --- a/config/base/default/kustomization.yaml +++ b/config/base/kustomization.yaml @@ -15,9 +15,9 @@ namePrefix: operator-controller- # someName: someValue resources: -- ../crd -- ../rbac -- ../manager +- crd +- rbac +- manager # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml #- ../webhook diff --git a/config/base/manager/manager.yaml b/config/base/manager/manager.yaml index 2778891b2b..42d9fe682d 100644 --- a/config/base/manager/manager.yaml +++ b/config/base/manager/manager.yaml @@ -112,6 +112,6 @@ spec: terminationGracePeriodSeconds: 10 volumes: - name: cache - emptyDir: {} + emptyDir: {} - name: bundle-cache emptyDir: {} \ No newline at end of file diff --git a/config/overlays/tls/kustomization.yaml b/config/overlays/tls/kustomization.yaml index d78038704c..82fbc91e21 100644 --- a/config/overlays/tls/kustomization.yaml +++ b/config/overlays/tls/kustomization.yaml @@ -6,15 +6,12 @@ namespace: operator-controller-system # "wordpress" becomes "alices-wordpress". # Note that it should also match with the prefix (text before '-') of the namespace # field above. -namePrefix: operator-controller- # the following config is for teaching kustomize how to do var substitution apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../base/crd -- ../../base/rbac -- ../../base/manager +- ../../base patches: - target: diff --git a/config/overlays/tls/patches/manager_deployment_cert.yaml b/config/overlays/tls/patches/manager_deployment_cert.yaml index dd35b5f1bd..72615bcd5f 100644 --- a/config/overlays/tls/patches/manager_deployment_cert.yaml +++ b/config/overlays/tls/patches/manager_deployment_cert.yaml @@ -6,4 +6,4 @@ value: {"name":"ca-certificate", "readOnly": true, "mountPath":"/var/certs"} - op: add path: /spec/template/spec/containers/0/args/- - value: "--tls-cert=/var/certs/tls.crt" \ No newline at end of file + value: "--ca-cert=/var/certs/tls.crt" \ No newline at end of file diff --git a/internal/httputil/httputil.go b/internal/httputil/httputil.go new file mode 100644 index 0000000000..dde765f0a4 --- /dev/null +++ b/internal/httputil/httputil.go @@ -0,0 +1,34 @@ +package httputil + +import ( + "crypto/tls" + "crypto/x509" + "net/http" + "os" + "time" +) + +func BuildHTTPClient(caCert string) (*http.Client, error) { + httpClient := &http.Client{Timeout: 10 * time.Second} + + if caCert != "" { + // tlsFileWatcher, err := certwatcher.New(caCert, "") + + cert, err := os.ReadFile(caCert) + if err != nil { + return nil, err + } + caCertPool := x509.NewCertPool() + caCertPool.AppendCertsFromPEM(cert) + tlsConfig := &tls.Config{ + RootCAs: caCertPool, + MinVersion: tls.VersionTLS12, + } + tlsTransport := &http.Transport{ + TLSClientConfig: tlsConfig, + } + httpClient.Transport = tlsTransport + } + + return httpClient, nil +} From 7d2fa3bd3860d472d6abe906e2e86487906df541 Mon Sep 17 00:00:00 2001 From: Tayler Geiger Date: Fri, 7 Jun 2024 09:18:03 -0500 Subject: [PATCH 4/5] Move e2e to its own overlay --- Makefile | 2 +- .../{base => overlays}/e2e/kustomization.yaml | 0 .../e2e/manager_e2e_coverage_copy_pod.yaml | 0 .../e2e/manager_e2e_coverage_patch.yaml | 0 .../e2e/manager_e2e_coverage_pvc.yaml | 0 config/rbac/role.yaml | 69 ------------------- 6 files changed, 1 insertion(+), 70 deletions(-) rename config/{base => overlays}/e2e/kustomization.yaml (100%) rename config/{base => overlays}/e2e/manager_e2e_coverage_copy_pod.yaml (100%) rename config/{base => overlays}/e2e/manager_e2e_coverage_patch.yaml (100%) rename config/{base => overlays}/e2e/manager_e2e_coverage_pvc.yaml (100%) delete mode 100644 config/rbac/role.yaml diff --git a/Makefile b/Makefile index b3f812a8d1..d6ccb6e590 100644 --- a/Makefile +++ b/Makefile @@ -150,7 +150,7 @@ build-push-e2e-catalog: ## Build the testdata catalog used for e2e tests and pus # for example: ARTIFACT_PATH=/tmp/artifacts make test-e2e .PHONY: test-e2e test-e2e: KIND_CLUSTER_NAME := operator-controller-e2e -test-e2e: KUSTOMIZE_BUILD_DIR := config/base/e2e +test-e2e: KUSTOMIZE_BUILD_DIR := config/overlays/e2e test-e2e: GO_BUILD_FLAGS := -cover test-e2e: run image-registry build-push-e2e-catalog registry-load-bundles e2e e2e-coverage kind-clean #HELP Run e2e test suite on local kind cluster diff --git a/config/base/e2e/kustomization.yaml b/config/overlays/e2e/kustomization.yaml similarity index 100% rename from config/base/e2e/kustomization.yaml rename to config/overlays/e2e/kustomization.yaml diff --git a/config/base/e2e/manager_e2e_coverage_copy_pod.yaml b/config/overlays/e2e/manager_e2e_coverage_copy_pod.yaml similarity index 100% rename from config/base/e2e/manager_e2e_coverage_copy_pod.yaml rename to config/overlays/e2e/manager_e2e_coverage_copy_pod.yaml diff --git a/config/base/e2e/manager_e2e_coverage_patch.yaml b/config/overlays/e2e/manager_e2e_coverage_patch.yaml similarity index 100% rename from config/base/e2e/manager_e2e_coverage_patch.yaml rename to config/overlays/e2e/manager_e2e_coverage_patch.yaml diff --git a/config/base/e2e/manager_e2e_coverage_pvc.yaml b/config/overlays/e2e/manager_e2e_coverage_pvc.yaml similarity index 100% rename from config/base/e2e/manager_e2e_coverage_pvc.yaml rename to config/overlays/e2e/manager_e2e_coverage_pvc.yaml diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml deleted file mode 100644 index d1016c6c89..0000000000 --- a/config/rbac/role.yaml +++ /dev/null @@ -1,69 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: manager-role -rules: -- apiGroups: - - '*' - resources: - - '*' - verbs: - - '*' -- apiGroups: - - catalogd.operatorframework.io - resources: - - catalogmetadata - verbs: - - list - - watch -- apiGroups: - - catalogd.operatorframework.io - resources: - - clustercatalogs - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - create - - delete - - list - - watch -- apiGroups: - - "" - resources: - - pods/log - verbs: - - get -- apiGroups: - - olm.operatorframework.io - resources: - - clusterextensions - verbs: - - get - - list - - watch -- apiGroups: - - olm.operatorframework.io - resources: - - clusterextensions/finalizers - verbs: - - update -- apiGroups: - - olm.operatorframework.io - resources: - - clusterextensions/status - verbs: - - patch - - update From 3755d662cad2383e4fa9dbdffc79392f9232c1cd Mon Sep 17 00:00:00 2001 From: Tayler Geiger Date: Tue, 11 Jun 2024 15:09:41 -0500 Subject: [PATCH 5/5] Change default namespace to olmv1-system Use v0.14.0 of Catalogd which also uses olmv1-system namespace --- cmd/manager/main.go | 2 +- config/base/kustomization.yaml | 2 +- config/overlays/e2e/kustomization.yaml | 2 +- config/overlays/tls/kustomization.yaml | 2 +- docs/Tasks/adding-a-catalog.md | 2 +- docs/Tasks/explore-available-packages.md | 2 +- go.mod | 2 +- go.sum | 4 ++-- hack/e2e-coverage.sh | 2 +- scripts/install.tpl.sh | 6 +++--- 10 files changed, 13 insertions(+), 13 deletions(-) diff --git a/cmd/manager/main.go b/cmd/manager/main.go index 4934595b92..b4da91205f 100644 --- a/cmd/manager/main.go +++ b/cmd/manager/main.go @@ -57,7 +57,7 @@ import ( var ( setupLog = ctrl.Log.WithName("setup") - defaultSystemNamespace = "operator-controller-system" + defaultSystemNamespace = "olmv1-system" ) // podNamespace checks whether the controller is running in a Pod vs. diff --git a/config/base/kustomization.yaml b/config/base/kustomization.yaml index 1b7e00afe2..12884c03c6 100644 --- a/config/base/kustomization.yaml +++ b/config/base/kustomization.yaml @@ -1,5 +1,5 @@ # Adds namespace to all resources. -namespace: operator-controller-system +namespace: olmv1-system # Value of this field is prepended to the # names of all resources, e.g. a deployment named diff --git a/config/overlays/e2e/kustomization.yaml b/config/overlays/e2e/kustomization.yaml index a4c16a4206..e9a19438fc 100644 --- a/config/overlays/e2e/kustomization.yaml +++ b/config/overlays/e2e/kustomization.yaml @@ -1,4 +1,4 @@ -namespace: operator-controller-system +namespace: olmv1-system resources: - ../../overlays/tls diff --git a/config/overlays/tls/kustomization.yaml b/config/overlays/tls/kustomization.yaml index 82fbc91e21..9d8517a686 100644 --- a/config/overlays/tls/kustomization.yaml +++ b/config/overlays/tls/kustomization.yaml @@ -1,5 +1,5 @@ # Adds namespace to all resources. -namespace: operator-controller-system +namespace: olmv1-system # Value of this field is prepended to the # names of all resources, e.g. a deployment named diff --git a/docs/Tasks/adding-a-catalog.md b/docs/Tasks/adding-a-catalog.md index f0a297ad6b..8961d1d9a7 100644 --- a/docs/Tasks/adding-a-catalog.md +++ b/docs/Tasks/adding-a-catalog.md @@ -113,7 +113,7 @@ This catalog is distributed as an image [quay.io/operatorhubio/catalog](https:// Reason: UnpackSuccessful Status: True Type: Unpacked - Content URL: http://catalogd-catalogserver.catalogd-system.svc/catalogs/operatorhubio/all.json + Content URL: http://catalogd-catalogserver.olmv1-system.svc/catalogs/operatorhubio/all.json Observed Generation: 2 Phase: Unpacked Resolved Source: diff --git a/docs/Tasks/explore-available-packages.md b/docs/Tasks/explore-available-packages.md index 117757f872..e377bf9f82 100644 --- a/docs/Tasks/explore-available-packages.md +++ b/docs/Tasks/explore-available-packages.md @@ -11,7 +11,7 @@ Then you can query the catalog by using `curl` commands and the `jq` CLI tool to 1. Port forward the catalog server service: ``` terminal - $ kubectl -n catalogd-system port-forward svc/catalogd-catalogserver 8080:80 + $ kubectl -n olmv1-system port-forward svc/catalogd-catalogserver 8080:80 ``` 2. Return a list of all the extensions in a catalog: diff --git a/go.mod b/go.mod index 2a8fea5dd0..64f7dfa742 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/go-logr/logr v1.4.2 github.com/google/go-cmp v0.6.0 github.com/operator-framework/api v0.25.0 - github.com/operator-framework/catalogd v0.13.0 + github.com/operator-framework/catalogd v0.14.0 github.com/operator-framework/helm-operator-plugins v0.2.2-0.20240520180534-f463c36fedf9 github.com/operator-framework/operator-registry v1.43.1 github.com/operator-framework/rukpak v0.23.1 diff --git a/go.sum b/go.sum index 837aa21785..0b78ebb92c 100644 --- a/go.sum +++ b/go.sum @@ -475,8 +475,8 @@ github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/operator-framework/api v0.25.0 h1:pSQwFSoPmZaTIERadawxtCwicehLkC7i9n3w3+70SVI= github.com/operator-framework/api v0.25.0/go.mod h1:PvyCQb0x53ytIqdTECH5e+iqv+am3uZ0qGsZWmL35gQ= -github.com/operator-framework/catalogd v0.13.0 h1:yOhEb0LpvGbZymippotpau5gFMyUnq8zMnrEYrTaJIQ= -github.com/operator-framework/catalogd v0.13.0/go.mod h1:v405w8d89Lr7K8IVE/x/Q37JtxvgdzLXGpgJxJ2Nweg= +github.com/operator-framework/catalogd v0.14.0 h1:M/kDqhH1hBB9amUk7/dAV4WZuJIa5ARboeY6GMjhx0E= +github.com/operator-framework/catalogd v0.14.0/go.mod h1:84M4gm0JPrwOLVbEOoCns/xjlg4ljenVMPYUO/Cs+Wc= github.com/operator-framework/helm-operator-plugins v0.2.2-0.20240520180534-f463c36fedf9 h1:f7/TMBpuIZEQ3JbD9UyP1L1ZCSLLWdR2aPN+A+dOHFY= github.com/operator-framework/helm-operator-plugins v0.2.2-0.20240520180534-f463c36fedf9/go.mod h1:ly6Bd9rSzmt37Wy6WtZHmA+IY9zG958MryJFLcVpCXw= github.com/operator-framework/operator-lib v0.14.0 h1:er+BgZymZD1im2wytLJiPLZpGALAX6N0gXaHx3PKbO4= diff --git a/hack/e2e-coverage.sh b/hack/e2e-coverage.sh index 4b24bfe339..dae8dbb386 100755 --- a/hack/e2e-coverage.sh +++ b/hack/e2e-coverage.sh @@ -4,7 +4,7 @@ set -euo pipefail COVERAGE_OUTPUT="${COVERAGE_OUTPUT:-e2e-cover.out}" -OPERATOR_CONTROLLER_NAMESPACE="operator-controller-system" +OPERATOR_CONTROLLER_NAMESPACE="olmv1-system" OPERATOR_CONTROLLER_MANAGER_DEPLOYMENT_NAME="operator-controller-controller-manager" COPY_POD_NAME="e2e-coverage-copy-pod" diff --git a/scripts/install.tpl.sh b/scripts/install.tpl.sh index bdf2d6a797..1b44ac630d 100644 --- a/scripts/install.tpl.sh +++ b/scripts/install.tpl.sh @@ -35,8 +35,8 @@ function kubectl_wait() { kubectl apply -f "https://github.com/cert-manager/cert-manager/releases/download/${cert_mgr_version}/cert-manager.yaml" kubectl_wait "cert-manager" "deployment/cert-manager-webhook" "60s" -curl -L https://github.com/operator-framework/catalogd/releases/download/${catalogd_version}/catalogd.yaml | sed s/catalogd-system/operator-controller-system/g | kubectl apply -f - -kubectl_wait "operator-controller-system" "deployment/catalogd-controller-manager" "60s" +kubectl apply -f "https://github.com/operator-framework/catalogd/releases/download/${catalogd_version}/catalogd.yaml" +kubectl_wait "olmv1-system" "deployment/catalogd-controller-manager" "60s" kubectl apply -f "${operator_controller_manifest}" -kubectl_wait "operator-controller-system" "deployment/operator-controller-controller-manager" "60s" +kubectl_wait "olmv1-system" "deployment/operator-controller-controller-manager" "60s"