openshift
diff --git a/‎manifests/0000_50_olm_03-services.yaml‎
Lines changed: 2 additions & 2 deletions b/‎manifests/0000_50_olm_03-services.yaml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎manifests/0000_50_olm_07-olm-operator.deployment.ibm-cloud-managed.yaml‎
Lines changed: 34 additions & 0 deletions b/‎manifests/0000_50_olm_07-olm-operator.deployment.ibm-cloud-managed.yaml‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎manifests/0000_50_olm_07-olm-operator.deployment.yaml‎
Lines changed: 35 additions & 1 deletion b/‎manifests/0000_50_olm_07-olm-operator.deployment.yaml‎
Lines changed: 35 additions & 1 deletion
diff --git a/‎manifests/0000_50_olm_08-catalog-operator.deployment.ibm-cloud-managed.yaml‎
Lines changed: 34 additions & 0 deletions b/‎manifests/0000_50_olm_08-catalog-operator.deployment.ibm-cloud-managed.yaml‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎manifests/0000_50_olm_08-catalog-operator.deployment.yaml‎
Lines changed: 38 additions & 4 deletions b/‎manifests/0000_50_olm_08-catalog-operator.deployment.yaml‎
Lines changed: 38 additions & 4 deletions
diff --git a/‎microshift-manifests/0000_50_olm_03-services.yaml‎
Lines changed: 2 additions & 2 deletions b/‎microshift-manifests/0000_50_olm_03-services.yaml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎microshift-manifests/0000_50_olm_07-olm-operator.deployment.ibm-cloud-managed.yaml‎
Lines changed: 34 additions & 0 deletions b/‎microshift-manifests/0000_50_olm_07-olm-operator.deployment.ibm-cloud-managed.yaml‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎microshift-manifests/0000_50_olm_07-olm-operator.deployment.yaml‎
Lines changed: 34 additions & 0 deletions b/‎microshift-manifests/0000_50_olm_07-olm-operator.deployment.yaml‎
Lines changed: 34 additions & 0 deletions
@@ -17,7 +17,7 @@ spec:
     - name: https-metrics
       port: 8443
       protocol: TCP
-      targetPort: 8443
+      targetPort: 9443
   selector:
     app: olm-operator
 ---
@@ -40,6 +40,6 @@ spec:
     - name: https-metrics
       port: 8443
       protocol: TCP
-      targetPort: 8443
+      targetPort: 9443
   selector:
     app: catalog-operator
@@ -38,6 +38,9 @@ spec:
             secretName: pprof-cert
         - name: tmpfs
           emptyDir: {}
+        - name: olm-operator-serving-cert
+          secret:
+            secretName: olm-operator-serving-cert
       containers:
         - name: olm-operator
           securityContext:
@@ -100,6 +103,37 @@ spec:
             requests:
               cpu: 10m
               memory: 160Mi
+        - args:
+            - --secure-listen-address=0.0.0.0:9443
+            - --upstream=https://127.0.0.1:8443/
+            - --tls-cert-file=/etc/tls/private/tls.crt
+            - --tls-private-key-file=/etc/tls/private/tls.key
+            - --upstream-ca-file=/srv-cert/tls.crt
+            - --logtostderr=true
+          image: quay.io/openshift/origin-kube-rbac-proxy:latest
+          imagePullPolicy: IfNotPresent
+          name: kube-rbac-proxy
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop: ["ALL"]
+          ports:
+            - containerPort: 9443
+              name: metrics
+              protocol: TCP
+          resources:
+            requests:
+              memory: 20Mi
+              cpu: 10m
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: FallbackToLogsOnError
+          volumeMounts:
+            - mountPath: /etc/tls/private
+              name: olm-operator-serving-cert
+            - mountPath: /srv-cert
+              name: srv-cert
+              readOnly: true
       nodeSelector:
         kubernetes.io/os: linux
       tolerations:
 
@@ -37,6 +37,9 @@ spec:
             secretName: pprof-cert
         - name: tmpfs
           emptyDir: {}
+        - name: olm-operator-serving-cert
+          secret:
+            secretName: olm-operator-serving-cert
       containers:
         - name: olm-operator
           securityContext:
@@ -70,7 +73,7 @@ spec:
             - /profile-collector-cert/tls.crt
             - --protectedCopiedCSVNamespaces
             - openshift
-          image: quay.io/operator-framework/olm@sha256:de396b540b82219812061d0d753440d5655250c621c753ed1dc67d6154741607
+          image: registry.build10.ci.openshift.org/ci-ln-5v3wb5t/stable@sha256:1a9ff9f40ff184cb6cbfd41d64c0d33a8f6b385aaf8f534fe1bebf572e6e206d
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 8443
@@ -99,6 +102,37 @@ spec:
             requests:
               cpu: 10m
               memory: 160Mi
+        - args:
+            - --secure-listen-address=0.0.0.0:9443
+            - --upstream=https://127.0.0.1:8443/
+            - --tls-cert-file=/etc/tls/private/tls.crt
+            - --tls-private-key-file=/etc/tls/private/tls.key
+            - --upstream-ca-file=/srv-cert/tls.crt
+            - --logtostderr=true
+          image: quay.io/openshift/origin-kube-rbac-proxy:latest
+          imagePullPolicy: IfNotPresent
+          name: kube-rbac-proxy
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop: ["ALL"]
+          ports:
+            - containerPort: 9443
+              name: metrics
+              protocol: TCP
+          resources:
+            requests:
+              memory: 20Mi
+              cpu: 10m
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: FallbackToLogsOnError
+          volumeMounts:
+            - mountPath: /etc/tls/private
+              name: olm-operator-serving-cert
+            - mountPath: /srv-cert
+              name: srv-cert
+              readOnly: true
       nodeSelector:
         kubernetes.io/os: linux
         node-role.kubernetes.io/master: ""
 
@@ -38,6 +38,9 @@ spec:
             secretName: pprof-cert
         - name: tmpfs
           emptyDir: {}
+        - name: catalog-operator-serving-cert
+          secret:
+            secretName: catalog-operator-serving-cert
       containers:
         - name: catalog-operator
           securityContext:
@@ -95,6 +98,37 @@ spec:
           env:
             - name: RELEASE_VERSION
               value: "0.0.1-snapshot"
+        - args:
+            - --secure-listen-address=0.0.0.0:9443
+            - --upstream=https://127.0.0.1:8443/
+            - --tls-cert-file=/etc/tls/private/tls.crt
+            - --tls-private-key-file=/etc/tls/private/tls.key
+            - --upstream-ca-file=/srv-cert/tls.crt
+            - --logtostderr=true
+          image: quay.io/openshift/origin-kube-rbac-proxy:latest
+          imagePullPolicy: IfNotPresent
+          name: kube-rbac-proxy
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop: ["ALL"]
+          ports:
+            - containerPort: 9443
+              name: metrics
+              protocol: TCP
+          resources:
+            requests:
+              memory: 20Mi
+              cpu: 10m
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: FallbackToLogsOnError
+          volumeMounts:
+            - mountPath: /etc/tls/private
+              name: catalog-operator-serving-cert
+            - mountPath: /srv-cert
+              name: srv-cert
+              readOnly: true
       nodeSelector:
         kubernetes.io/os: linux
       tolerations:
 
@@ -37,6 +37,9 @@ spec:
             secretName: pprof-cert
         - name: tmpfs
           emptyDir: {}
+        - name: catalog-operator-serving-cert
+          secret:
+            secretName: catalog-operator-serving-cert
       containers:
         - name: catalog-operator
           securityContext:
@@ -58,10 +61,10 @@ spec:
           args:
             - '--namespace'
             - openshift-marketplace
-            - --configmapServerImage=quay.io/operator-framework/configmap-operator-registry:latest
-            - --opmImage=quay.io/operator-framework/configmap-operator-registry:latest
+            - --configmapServerImage=registry.build10.ci.openshift.org/ci-ln-5v3wb5t/stable@sha256:242e3ba4b4f17255a29e33eb0b2f8be4faf811053d8e4aaf5b3bd8dcfba2e475
+            - --opmImage=registry.build10.ci.openshift.org/ci-ln-5v3wb5t/stable@sha256:242e3ba4b4f17255a29e33eb0b2f8be4faf811053d8e4aaf5b3bd8dcfba2e475
             - --util-image
-            - quay.io/operator-framework/olm@sha256:de396b540b82219812061d0d753440d5655250c621c753ed1dc67d6154741607
+            - registry.build10.ci.openshift.org/ci-ln-5v3wb5t/stable@sha256:1a9ff9f40ff184cb6cbfd41d64c0d33a8f6b385aaf8f534fe1bebf572e6e206d
             - --writeStatusName
             - operator-lifecycle-manager-catalog
             - --tls-cert
@@ -71,7 +74,7 @@ spec:
             - --client-ca
             - /profile-collector-cert/tls.crt
             - --set-workload-user-id=false
-          image: quay.io/operator-framework/olm@sha256:de396b540b82219812061d0d753440d5655250c621c753ed1dc67d6154741607
+          image: registry.build10.ci.openshift.org/ci-ln-5v3wb5t/stable@sha256:1a9ff9f40ff184cb6cbfd41d64c0d33a8f6b385aaf8f534fe1bebf572e6e206d
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 8443
@@ -94,6 +97,37 @@ spec:
           env:
             - name: RELEASE_VERSION
               value: "0.0.1-snapshot"
+        - args:
+            - --secure-listen-address=0.0.0.0:9443
+            - --upstream=https://127.0.0.1:8443/
+            - --tls-cert-file=/etc/tls/private/tls.crt
+            - --tls-private-key-file=/etc/tls/private/tls.key
+            - --upstream-ca-file=/srv-cert/tls.crt
+            - --logtostderr=true
+          image: quay.io/openshift/origin-kube-rbac-proxy:latest
+          imagePullPolicy: IfNotPresent
+          name: kube-rbac-proxy
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop: ["ALL"]
+          ports:
+            - containerPort: 9443
+              name: metrics
+              protocol: TCP
+          resources:
+            requests:
+              memory: 20Mi
+              cpu: 10m
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: FallbackToLogsOnError
+          volumeMounts:
+            - mountPath: /etc/tls/private
+              name: catalog-operator-serving-cert
+            - mountPath: /srv-cert
+              name: srv-cert
+              readOnly: true
       nodeSelector:
         kubernetes.io/os: linux
         node-role.kubernetes.io/master: ""
 
@@ -17,7 +17,7 @@ spec:
     - name: https-metrics
       port: 8443
       protocol: TCP
-      targetPort: 8443
+      targetPort: 9443
   selector:
     app: olm-operator
 ---
@@ -40,6 +40,6 @@ spec:
     - name: https-metrics
       port: 8443
       protocol: TCP
-      targetPort: 8443
+      targetPort: 9443
   selector:
     app: catalog-operator
@@ -38,6 +38,9 @@ spec:
             secretName: pprof-cert
         - name: tmpfs
           emptyDir: {}
+        - name: olm-operator-serving-cert
+          secret:
+            secretName: olm-operator-serving-cert
       containers:
         - name: olm-operator
           securityContext:
@@ -100,6 +103,37 @@ spec:
             requests:
               cpu: 10m
               memory: 160Mi
+        - args:
+            - --secure-listen-address=0.0.0.0:9443
+            - --upstream=https://127.0.0.1:8443/
+            - --tls-cert-file=/etc/tls/private/tls.crt
+            - --tls-private-key-file=/etc/tls/private/tls.key
+            - --upstream-ca-file=/srv-cert/tls.crt
+            - --logtostderr=true
+          image: quay.io/openshift/origin-kube-rbac-proxy:latest
+          imagePullPolicy: IfNotPresent
+          name: kube-rbac-proxy
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop: ["ALL"]
+          ports:
+            - containerPort: 9443
+              name: metrics
+              protocol: TCP
+          resources:
+            requests:
+              memory: 20Mi
+              cpu: 10m
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: FallbackToLogsOnError
+          volumeMounts:
+            - mountPath: /etc/tls/private
+              name: olm-operator-serving-cert
+            - mountPath: /srv-cert
+              name: srv-cert
+              readOnly: true
       nodeSelector:
         kubernetes.io/os: linux
       tolerations:
 
@@ -37,6 +37,9 @@ spec:
             secretName: pprof-cert
         - name: tmpfs
           emptyDir: {}
+        - name: olm-operator-serving-cert
+          secret:
+            secretName: olm-operator-serving-cert
       containers:
         - name: olm-operator
           securityContext:
@@ -95,6 +98,37 @@ spec:
             requests:
               cpu: 10m
               memory: 160Mi
+        - args:
+            - --secure-listen-address=0.0.0.0:9443
+            - --upstream=https://127.0.0.1:8443/
+            - --tls-cert-file=/etc/tls/private/tls.crt
+            - --tls-private-key-file=/etc/tls/private/tls.key
+            - --upstream-ca-file=/srv-cert/tls.crt
+            - --logtostderr=true
+          image: quay.io/openshift/origin-kube-rbac-proxy:latest
+          imagePullPolicy: IfNotPresent
+          name: kube-rbac-proxy
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop: ["ALL"]
+          ports:
+            - containerPort: 9443
+              name: metrics
+              protocol: TCP
+          resources:
+            requests:
+              memory: 20Mi
+              cpu: 10m
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: FallbackToLogsOnError
+          volumeMounts:
+            - mountPath: /etc/tls/private
+              name: olm-operator-serving-cert
+            - mountPath: /srv-cert
+              name: srv-cert
+              readOnly: true
       nodeSelector:
         kubernetes.io/os: linux
         node-role.kubernetes.io/master: ""