UPSTREAM: <carry>: Add openshift node selector annotation

camilamacedo86 · openshift-merge-bot[bot] · commit 376edfec9a6b · 2025-04-28T17:28:50.000Z
Cherry-pick of: openshift#307
diff --git a/openshift/generate-manifests.sh b/openshift/generate-manifests.sh
@@ -71,7 +71,6 @@ for container_name in "${!IMAGE_MAPPINGS[@]}"; do
   $YQ -i 'select(.kind == "Deployment").spec.template.metadata.annotations += {"target.workload.openshift.io/management": "{\"effect\": \"PreferredDuringScheduling\"}"}' "$TMP_KUSTOMIZE_OUTPUT"
   $YQ -i 'select(.kind == "Deployment").spec.template.metadata.annotations += {"openshift.io/required-scc": "privileged"}' "$TMP_KUSTOMIZE_OUTPUT"
   $YQ -i 'select(.kind == "Deployment").spec.template.spec += {"priorityClassName": "system-cluster-critical"}' "$TMP_KUSTOMIZE_OUTPUT"
-  $YQ -i 'select(.kind == "Namespace").metadata.annotations += {"workload.openshift.io/allowed": "management"}' "$TMP_KUSTOMIZE_OUTPUT"
 done
 
 # Loop through any flag updates that need to be made to the manager container
diff --git a/openshift/kustomize/overlays/openshift/olmv1-ns/kustomization.yaml b/openshift/kustomize/overlays/openshift/olmv1-ns/kustomization.yaml
@@ -29,3 +29,5 @@ patches:
       name: controller-manager
     path: patches/manager_deployment_node_selection.yaml
   - path: patches/manager_namespace_privileged.yaml
+  - path: patches/manager_namespace_annotations.yaml
+
diff --git a/openshift/kustomize/overlays/openshift/olmv1-ns/patches/manager_namespace_annotations.yaml b/openshift/kustomize/overlays/openshift/olmv1-ns/patches/manager_namespace_annotations.yaml
@@ -0,0 +1,8 @@
+$patch: merge
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: system
+  annotations:
+    workload.openshift.io/allowed: "management"
+    openshift.io/node-selector: ""
diff --git a/openshift/manifests/00-namespace-openshift-operator-controller.yml b/openshift/manifests/00-namespace-openshift-operator-controller.yml
@@ -1,6 +1,9 @@
 apiVersion: v1
 kind: Namespace
 metadata:
+  annotations:
+    openshift.io/node-selector: ""
+    workload.openshift.io/allowed: management
   labels:
     pod-security.kubernetes.io/audit: privileged
     pod-security.kubernetes.io/audit-version: latest
@@ -9,5 +12,3 @@ metadata:
     pod-security.kubernetes.io/warn: privileged
     pod-security.kubernetes.io/warn-version: latest
   name: openshift-operator-controller
-  annotations:
-    workload.openshift.io/allowed: management
