diff --git a/openshift/generate-manifests.sh b/openshift/generate-manifests.sh index 485c50c9..f3f89d53 100755 --- a/openshift/generate-manifests.sh +++ b/openshift/generate-manifests.sh @@ -27,9 +27,12 @@ IMAGE_MAPPINGS[manager]='${CATALOGD_IMAGE}' # and an entry to the FLAG_MAPPINGS of FLAG_MAPPINGS[flagname]='two', the argument will be updated to: # args: # - --flagname=two +# +# If the flag doesn't already exist - it will be appended to the list. declare -A FLAG_MAPPINGS # shellcheck disable=SC2016 FLAG_MAPPINGS[external-address]="catalogd-service.${NAMESPACE}.svc" +FLAG_MAPPINGS[global-pull-secret]="openshift-config/pull-secret" ################################################## # You shouldn't need to change anything below here @@ -74,7 +77,12 @@ done # Loop through any flag updates that need to be made to the manager container for flag_name in "${!FLAG_MAPPINGS[@]}"; do flagval="${FLAG_MAPPINGS[$flag_name]}" + + # First, update the flag if it exists $YQ -i "(select(.kind == \"Deployment\") | .spec.template.spec.containers[] | select(.name == \"manager\") | .args[] | select(. | contains(\"--$flag_name=\")) | .) = \"--$flag_name=$flagval\"" "$TMP_KUSTOMIZE_OUTPUT" + + # Then, append the flag if it doesn't exist + $YQ -i "(select(.kind == \"Deployment\") | .spec.template.spec.containers[] | select(.name == \"manager\") | .args) |= (select(.[] | contains(\"--$flag_name=\")) | .) // . + [\"--$flag_name=$flagval\"]" "$TMP_KUSTOMIZE_OUTPUT" done # Use yq to split the single yaml file into 1 per document. diff --git a/openshift/kustomize/overlays/openshift/kustomization.yaml b/openshift/kustomize/overlays/openshift/kustomization.yaml index 314dd3ab..f7ae7005 100644 --- a/openshift/kustomize/overlays/openshift/kustomization.yaml +++ b/openshift/kustomize/overlays/openshift/kustomization.yaml @@ -1,32 +1,5 @@ -# Adds namespace to all resources. -namespace: OPENSHIFT-NAMESPACE - namePrefix: catalogd- resources: -- ../../../../config/base/crd -- ../../../../config/base/rbac -- ../../../../config/base/manager - -patches: -- path: patches/manager_namespace_privileged.yaml -- target: - kind: Service - name: service - path: patches/manager_service.yaml -- target: - kind: MutatingWebhookConfiguration - name: mutating-webhook-configuration - path: patches/mutating_webhook_config.yaml -- target: - kind: ClusterRole - name: manager-role - path: patches/manager_role.yaml -- target: - kind: Deployment - name: controller-manager - path: patches/manager_deployment_certs.yaml -- target: - kind: Deployment - name: controller-manager - path: patches/manager_deployment_mount_etc_containers.yaml +- olmv1-ns +- openshift-config diff --git a/openshift/kustomize/overlays/openshift/olmv1-ns/kustomization.yaml b/openshift/kustomize/overlays/openshift/olmv1-ns/kustomization.yaml new file mode 100644 index 00000000..99402dad --- /dev/null +++ b/openshift/kustomize/overlays/openshift/olmv1-ns/kustomization.yaml @@ -0,0 +1,30 @@ +# Adds namespace to all resources. +namespace: OPENSHIFT-NAMESPACE + +resources: +- ../../../../../config/base/crd +- ../../../../../config/base/rbac +- ../../../../../config/base/manager + +patches: +- path: patches/manager_namespace_privileged.yaml +- target: + kind: Service + name: service + path: patches/manager_service.yaml +- target: + kind: MutatingWebhookConfiguration + name: mutating-webhook-configuration + path: patches/mutating_webhook_config.yaml +- target: + kind: ClusterRole + name: manager-role + path: patches/manager_role.yaml +- target: + kind: Deployment + name: controller-manager + path: patches/manager_deployment_certs.yaml +- target: + kind: Deployment + name: controller-manager + path: patches/manager_deployment_mount_etc_containers.yaml diff --git a/openshift/kustomize/overlays/openshift/patches/manager_deployment_certs.yaml b/openshift/kustomize/overlays/openshift/olmv1-ns/patches/manager_deployment_certs.yaml similarity index 100% rename from openshift/kustomize/overlays/openshift/patches/manager_deployment_certs.yaml rename to openshift/kustomize/overlays/openshift/olmv1-ns/patches/manager_deployment_certs.yaml diff --git a/openshift/kustomize/overlays/openshift/patches/manager_deployment_mount_etc_containers.yaml b/openshift/kustomize/overlays/openshift/olmv1-ns/patches/manager_deployment_mount_etc_containers.yaml similarity index 100% rename from openshift/kustomize/overlays/openshift/patches/manager_deployment_mount_etc_containers.yaml rename to openshift/kustomize/overlays/openshift/olmv1-ns/patches/manager_deployment_mount_etc_containers.yaml diff --git a/openshift/kustomize/overlays/openshift/patches/manager_namespace_privileged.yaml b/openshift/kustomize/overlays/openshift/olmv1-ns/patches/manager_namespace_privileged.yaml similarity index 100% rename from openshift/kustomize/overlays/openshift/patches/manager_namespace_privileged.yaml rename to openshift/kustomize/overlays/openshift/olmv1-ns/patches/manager_namespace_privileged.yaml diff --git a/openshift/kustomize/overlays/openshift/patches/manager_role.yaml b/openshift/kustomize/overlays/openshift/olmv1-ns/patches/manager_role.yaml similarity index 100% rename from openshift/kustomize/overlays/openshift/patches/manager_role.yaml rename to openshift/kustomize/overlays/openshift/olmv1-ns/patches/manager_role.yaml diff --git a/openshift/kustomize/overlays/openshift/patches/manager_service.yaml b/openshift/kustomize/overlays/openshift/olmv1-ns/patches/manager_service.yaml similarity index 100% rename from openshift/kustomize/overlays/openshift/patches/manager_service.yaml rename to openshift/kustomize/overlays/openshift/olmv1-ns/patches/manager_service.yaml diff --git a/openshift/kustomize/overlays/openshift/patches/mutating_webhook_config.yaml b/openshift/kustomize/overlays/openshift/olmv1-ns/patches/mutating_webhook_config.yaml similarity index 100% rename from openshift/kustomize/overlays/openshift/patches/mutating_webhook_config.yaml rename to openshift/kustomize/overlays/openshift/olmv1-ns/patches/mutating_webhook_config.yaml diff --git a/openshift/kustomize/overlays/openshift/openshift-config/kustomization.yaml b/openshift/kustomize/overlays/openshift/openshift-config/kustomization.yaml new file mode 100644 index 00000000..213e6db4 --- /dev/null +++ b/openshift/kustomize/overlays/openshift/openshift-config/kustomization.yaml @@ -0,0 +1,6 @@ +# Adds namespace to all resources. +namespace: openshift-config + +resources: +- rbac/catalogd_manager_role.yaml +- rbac/catalogd_manager_role_binding.yaml diff --git a/openshift/kustomize/overlays/openshift/openshift-config/rbac/catalogd_manager_role.yaml b/openshift/kustomize/overlays/openshift/openshift-config/rbac/catalogd_manager_role.yaml new file mode 100644 index 00000000..0fcd8cf3 --- /dev/null +++ b/openshift/kustomize/overlays/openshift/openshift-config/rbac/catalogd_manager_role.yaml @@ -0,0 +1,17 @@ +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/part-of: olm + app.kubernetes.io/name: catalogd + name: manager-role +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch diff --git a/openshift/kustomize/overlays/openshift/openshift-config/rbac/catalogd_manager_role_binding.yaml b/openshift/kustomize/overlays/openshift/openshift-config/rbac/catalogd_manager_role_binding.yaml new file mode 100644 index 00000000..74d61a43 --- /dev/null +++ b/openshift/kustomize/overlays/openshift/openshift-config/rbac/catalogd_manager_role_binding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/part-of: olm + app.kubernetes.io/name: catalogd + name: manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: manager-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: OPENSHIFT-NAMESPACE diff --git a/openshift/manifests/04-role-openshift-config-catalogd-manager-role.yml b/openshift/manifests/04-role-openshift-config-catalogd-manager-role.yml new file mode 100644 index 00000000..006ae8c3 --- /dev/null +++ b/openshift/manifests/04-role-openshift-config-catalogd-manager-role.yml @@ -0,0 +1,18 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/name: catalogd + app.kubernetes.io/part-of: olm + name: catalogd-manager-role + namespace: openshift-config +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch diff --git a/openshift/manifests/04-clusterrole-catalogd-manager-role.yml b/openshift/manifests/05-clusterrole-catalogd-manager-role.yml similarity index 100% rename from openshift/manifests/04-clusterrole-catalogd-manager-role.yml rename to openshift/manifests/05-clusterrole-catalogd-manager-role.yml diff --git a/openshift/manifests/05-clusterrole-catalogd-metrics-reader.yml b/openshift/manifests/06-clusterrole-catalogd-metrics-reader.yml similarity index 100% rename from openshift/manifests/05-clusterrole-catalogd-metrics-reader.yml rename to openshift/manifests/06-clusterrole-catalogd-metrics-reader.yml diff --git a/openshift/manifests/06-clusterrole-catalogd-proxy-role.yml b/openshift/manifests/07-clusterrole-catalogd-proxy-role.yml similarity index 100% rename from openshift/manifests/06-clusterrole-catalogd-proxy-role.yml rename to openshift/manifests/07-clusterrole-catalogd-proxy-role.yml diff --git a/openshift/manifests/07-rolebinding-openshift-catalogd-catalogd-leader-election-rolebinding.yml b/openshift/manifests/08-rolebinding-openshift-catalogd-catalogd-leader-election-rolebinding.yml similarity index 100% rename from openshift/manifests/07-rolebinding-openshift-catalogd-catalogd-leader-election-rolebinding.yml rename to openshift/manifests/08-rolebinding-openshift-catalogd-catalogd-leader-election-rolebinding.yml diff --git a/openshift/manifests/09-rolebinding-openshift-config-catalogd-manager-rolebinding.yml b/openshift/manifests/09-rolebinding-openshift-config-catalogd-manager-rolebinding.yml new file mode 100644 index 00000000..0aa05857 --- /dev/null +++ b/openshift/manifests/09-rolebinding-openshift-config-catalogd-manager-rolebinding.yml @@ -0,0 +1,17 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: catalogd + app.kubernetes.io/part-of: olm + name: catalogd-manager-rolebinding + namespace: openshift-config +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: catalogd-manager-role +subjects: + - kind: ServiceAccount + name: catalogd-controller-manager + namespace: openshift-catalogd diff --git a/openshift/manifests/08-clusterrolebinding-catalogd-manager-rolebinding.yml b/openshift/manifests/10-clusterrolebinding-catalogd-manager-rolebinding.yml similarity index 100% rename from openshift/manifests/08-clusterrolebinding-catalogd-manager-rolebinding.yml rename to openshift/manifests/10-clusterrolebinding-catalogd-manager-rolebinding.yml diff --git a/openshift/manifests/09-clusterrolebinding-catalogd-proxy-rolebinding.yml b/openshift/manifests/11-clusterrolebinding-catalogd-proxy-rolebinding.yml similarity index 100% rename from openshift/manifests/09-clusterrolebinding-catalogd-proxy-rolebinding.yml rename to openshift/manifests/11-clusterrolebinding-catalogd-proxy-rolebinding.yml diff --git a/openshift/manifests/10-service-openshift-catalogd-catalogd-service.yml b/openshift/manifests/12-service-openshift-catalogd-catalogd-service.yml similarity index 100% rename from openshift/manifests/10-service-openshift-catalogd-catalogd-service.yml rename to openshift/manifests/12-service-openshift-catalogd-catalogd-service.yml diff --git a/openshift/manifests/11-deployment-openshift-catalogd-catalogd-controller-manager.yml b/openshift/manifests/13-deployment-openshift-catalogd-catalogd-controller-manager.yml similarity index 98% rename from openshift/manifests/11-deployment-openshift-catalogd-catalogd-controller-manager.yml rename to openshift/manifests/13-deployment-openshift-catalogd-catalogd-controller-manager.yml index 2833acea..ecfa2939 100644 --- a/openshift/manifests/11-deployment-openshift-catalogd-catalogd-controller-manager.yml +++ b/openshift/manifests/13-deployment-openshift-catalogd-catalogd-controller-manager.yml @@ -67,6 +67,7 @@ spec: - --external-address=catalogd-service.openshift-catalogd.svc - --tls-cert=/var/certs/tls.crt - --tls-key=/var/certs/tls.key + - --global-pull-secret=openshift-config/pull-secret command: - ./manager image: ${CATALOGD_IMAGE} diff --git a/openshift/manifests/12-mutatingwebhookconfiguration-catalogd-mutating-webhook-configuration.yml b/openshift/manifests/14-mutatingwebhookconfiguration-catalogd-mutating-webhook-configuration.yml similarity index 100% rename from openshift/manifests/12-mutatingwebhookconfiguration-catalogd-mutating-webhook-configuration.yml rename to openshift/manifests/14-mutatingwebhookconfiguration-catalogd-mutating-webhook-configuration.yml