From 099dce67abce26dac6afa34cefe65cba8a79829f Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Wed, 29 Oct 2025 10:59:57 +0100 Subject: [PATCH 1/2] Drop metrics container We never used it, so no point in keeping it around for now --- cmd/main.go | 8 +------ config/default/kustomization.yaml | 2 +- config/default/manager_auth_proxy_patch.yaml | 24 ------------------- .../rbac/auth_proxy_client_clusterrole.yaml | 9 ------- config/rbac/auth_proxy_role.yaml | 17 ------------- config/rbac/auth_proxy_role_binding.yaml | 12 ---------- config/rbac/auth_proxy_service.yaml | 15 ------------ config/rbac/kustomization.yaml | 8 +++---- 8 files changed, 6 insertions(+), 89 deletions(-) delete mode 100644 config/rbac/auth_proxy_client_clusterrole.yaml delete mode 100644 config/rbac/auth_proxy_role.yaml delete mode 100644 config/rbac/auth_proxy_role_binding.yaml delete mode 100644 config/rbac/auth_proxy_service.yaml diff --git a/cmd/main.go b/cmd/main.go index 18f661844..8fd068306 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -38,7 +38,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/healthz" "sigs.k8s.io/controller-runtime/pkg/log/zap" "sigs.k8s.io/controller-runtime/pkg/manager" - metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" argov1beta1api "github.com/argoproj-labs/argocd-operator/api/v1beta1" gitopsv1alpha1 "github.com/hybrid-cloud-patterns/patterns-operator/api/v1alpha1" @@ -63,10 +62,8 @@ func init() { } func main() { - var metricsAddr string var enableLeaderElection bool var probeAddr string - flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") flag.BoolVar(&enableLeaderElection, "leader-elect", false, "Enable leader election for controller manager. "+ @@ -88,10 +85,7 @@ func main() { } mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ - Scheme: scheme, - Metrics: metricsserver.Options{ - BindAddress: metricsAddr, - }, + Scheme: scheme, HealthProbeBindAddress: probeAddr, LeaderElection: enableLeaderElection, LeaderElectionID: "f2850479.hybrid-cloud-patterns.io", diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 925ca9960..c2626246b 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -28,7 +28,7 @@ patchesStrategicMerge: # Protect the /metrics endpoint by putting it behind auth. # If you want your controller-manager to expose the /metrics # endpoint w/o any authn/z, please comment the following line. -- manager_auth_proxy_patch.yaml +# - manager_auth_proxy_patch.yaml # Mount the controller config file for loading manager configurations # through a ComponentConfig type diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml index 0ae7290ff..1fe4fb186 100644 --- a/config/default/manager_auth_proxy_patch.yaml +++ b/config/default/manager_auth_proxy_patch.yaml @@ -9,31 +9,7 @@ spec: template: spec: containers: - - name: kube-rbac-proxy - image: quay.io/hybridcloudpatterns/kube-rbac-proxy:v0.8.0 - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=10" - ports: - - containerPort: 8443 - protocol: TCP - name: https - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 5m - memory: 64Mi - name: manager args: - "--health-probe-bind-address=:8081" - - "--metrics-bind-address=127.0.0.1:8080" - "--leader-elect" diff --git a/config/rbac/auth_proxy_client_clusterrole.yaml b/config/rbac/auth_proxy_client_clusterrole.yaml deleted file mode 100644 index 51a75db47..000000000 --- a/config/rbac/auth_proxy_client_clusterrole.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: metrics-reader -rules: -- nonResourceURLs: - - "/metrics" - verbs: - - get diff --git a/config/rbac/auth_proxy_role.yaml b/config/rbac/auth_proxy_role.yaml deleted file mode 100644 index 80e1857c5..000000000 --- a/config/rbac/auth_proxy_role.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: proxy-role -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create diff --git a/config/rbac/auth_proxy_role_binding.yaml b/config/rbac/auth_proxy_role_binding.yaml deleted file mode 100644 index ec7acc0a1..000000000 --- a/config/rbac/auth_proxy_role_binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: proxy-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: proxy-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system diff --git a/config/rbac/auth_proxy_service.yaml b/config/rbac/auth_proxy_service.yaml deleted file mode 100644 index 71f179727..000000000 --- a/config/rbac/auth_proxy_service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - name: controller-manager-metrics-service - namespace: system -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - selector: - control-plane: controller-manager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index 731832a6a..40bc8c2a1 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -12,7 +12,7 @@ resources: # Comment the following 4 lines if you want to disable # the auth proxy (https://github.com/brancz/kube-rbac-proxy) # which protects your /metrics endpoint. -- auth_proxy_service.yaml -- auth_proxy_role.yaml -- auth_proxy_role_binding.yaml -- auth_proxy_client_clusterrole.yaml +#- auth_proxy_service.yaml +#- auth_proxy_role.yaml +#- auth_proxy_role_binding.yaml +#- auth_proxy_client_clusterrole.yaml From c4dedbcc9741d397d791ed703aa4967dffb19f16 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Wed, 29 Oct 2025 11:04:57 +0100 Subject: [PATCH 2/2] Fix local build scripts --- Makefile | 4 ++-- hack/operator-build-deploy.sh | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index f997c8ae3..a547430e2 100644 --- a/Makefile +++ b/Makefile @@ -303,7 +303,7 @@ bundle-build: ## Build the bundle image. .PHONY: bundle-push bundle-push: ## Push the bundle image. - $(MAKE) docker-push IMG=$(BUNDLE_IMG) + docker push $(BUNDLE_IMG) .PHONY: csv-date csv-date: ## Set createdAt date in the CSV. @@ -362,7 +362,7 @@ catalog-build: opm ## Build an OLM catalog image (for testing). .PHONY: catalog-push catalog-push: ## Push the OLM catalog image (for testing). - $(MAKE) docker-push IMG=$(CATALOG_IMG) + docker push $(CATALOG_IMG) .PHONY: catalog-install catalog-install: config/samples/pattern-catalog-$(VERSION).yaml ## Install the OLM catalog on a cluster (for testing). diff --git a/hack/operator-build-deploy.sh b/hack/operator-build-deploy.sh index 45bca4de1..a52ed56f0 100755 --- a/hack/operator-build-deploy.sh +++ b/hack/operator-build-deploy.sh @@ -6,6 +6,7 @@ NS="openshift-operators" OPERATOR="patterns-operator" VERSION="${VERSION:-6.6.6}" REGISTRY="${REGISTRY:-kuemper.int.rhx/bandini}" +UPLOADREGISTRY="${UPLOADREGISTRY:-kuemper.int.rhx/bandini}" wait_for_resource() { local resource_type=$1 # Either "packagemanifest", "operator", or "csv" @@ -74,7 +75,7 @@ if [ $ret -ne 0 ]; then exit 1 fi -make VERSION=${VERSION} IMAGE_TAG_BASE=${REGISTRY}/patterns-operator CHANNELS=fast USE_IMAGE_DIGESTS="" \ +make VERSION=${VERSION} UPLOADREGISTRY="${UPLOADREGISTRY}" IMAGE_TAG_BASE=${REGISTRY}/patterns-operator CHANNELS=fast USE_IMAGE_DIGESTS="" \ manifests bundle generate docker-build docker-push bundle-build bundle-push catalog-build \ catalog-push catalog-install