File tree Expand file tree Collapse file tree 11 files changed +408
-26
lines changed
staging/operator-lifecycle-manager/pkg/lib/server Expand file tree Collapse file tree 11 files changed +408
-26
lines changed Original file line number Diff line number Diff line change 3838 secretName : pprof-cert
3939 - name : tmpfs
4040 emptyDir : {}
41+ - name : olm-operator-serving-cert
42+ secret :
43+ secretName : olm-operator-serving-cert
4144 containers :
4245 - name : olm-operator
4346 securityContext :
@@ -74,17 +77,17 @@ spec:
7477 image : quay.io/operator-framework/olm@sha256:de396b540b82219812061d0d753440d5655250c621c753ed1dc67d6154741607
7578 imagePullPolicy : IfNotPresent
7679 ports :
77- - containerPort : 8443
80+ - containerPort : 8080
7881 name : metrics
7982 livenessProbe :
8083 httpGet :
8184 path : /healthz
82- port : 8443
85+ port : 8080
8386 scheme : HTTPS
8487 readinessProbe :
8588 httpGet :
8689 path : /healthz
87- port : 8443
90+ port : 8080
8891 scheme : HTTPS
8992 terminationMessagePolicy : FallbackToLogsOnError
9093 env :
@@ -100,6 +103,37 @@ spec:
100103 requests :
101104 cpu : 10m
102105 memory : 160Mi
106+ - args :
107+ - --secure-listen-address=0.0.0.0:8443
108+ - --upstream=https://127.0.0.1:8080/
109+ - --tls-cert-file=/etc/tls/private/tls.crt
110+ - --tls-private-key-file=/etc/tls/private/tls.key
111+ - --upstream-ca-file=/srv-cert/tls.crt
112+ - --logtostderr=true
113+ image : quay.io/openshift/origin-kube-rbac-proxy:latest
114+ imagePullPolicy : IfNotPresent
115+ name : kube-rbac-proxy
116+ securityContext :
117+ allowPrivilegeEscalation : false
118+ readOnlyRootFilesystem : true
119+ capabilities :
120+ drop : ["ALL"]
121+ ports :
122+ - containerPort : 8443
123+ name : metrics
124+ protocol : TCP
125+ resources :
126+ requests :
127+ memory : 20Mi
128+ cpu : 10m
129+ terminationMessagePath : /dev/termination-log
130+ terminationMessagePolicy : FallbackToLogsOnError
131+ volumeMounts :
132+ - mountPath : /etc/tls/private
133+ name : olm-operator-serving-cert
134+ - mountPath : /srv-cert
135+ name : srv-cert
136+ readOnly : true
103137 nodeSelector :
104138 kubernetes.io/os : linux
105139 tolerations :
Original file line number Diff line number Diff line change 3737 secretName : pprof-cert
3838 - name : tmpfs
3939 emptyDir : {}
40+ - name : olm-operator-serving-cert
41+ secret :
42+ secretName : olm-operator-serving-cert
4043 containers :
4144 - name : olm-operator
4245 securityContext :
@@ -73,17 +76,17 @@ spec:
7376 image : quay.io/operator-framework/olm@sha256:de396b540b82219812061d0d753440d5655250c621c753ed1dc67d6154741607
7477 imagePullPolicy : IfNotPresent
7578 ports :
76- - containerPort : 8443
79+ - containerPort : 8080
7780 name : metrics
7881 livenessProbe :
7982 httpGet :
8083 path : /healthz
81- port : 8443
84+ port : 8080
8285 scheme : HTTPS
8386 readinessProbe :
8487 httpGet :
8588 path : /healthz
86- port : 8443
89+ port : 8080
8790 scheme : HTTPS
8891 terminationMessagePolicy : FallbackToLogsOnError
8992 env :
@@ -99,6 +102,37 @@ spec:
99102 requests :
100103 cpu : 10m
101104 memory : 160Mi
105+ - args :
106+ - --secure-listen-address=0.0.0.0:8443
107+ - --upstream=https://127.0.0.1:8080/
108+ - --tls-cert-file=/etc/tls/private/tls.crt
109+ - --tls-private-key-file=/etc/tls/private/tls.key
110+ - --upstream-ca-file=/srv-cert/tls.crt
111+ - --logtostderr=true
112+ image : quay.io/openshift/origin-kube-rbac-proxy:latest
113+ imagePullPolicy : IfNotPresent
114+ name : kube-rbac-proxy
115+ securityContext :
116+ allowPrivilegeEscalation : false
117+ readOnlyRootFilesystem : true
118+ capabilities :
119+ drop : ["ALL"]
120+ ports :
121+ - containerPort : 8443
122+ name : metrics
123+ protocol : TCP
124+ resources :
125+ requests :
126+ memory : 20Mi
127+ cpu : 10m
128+ terminationMessagePath : /dev/termination-log
129+ terminationMessagePolicy : FallbackToLogsOnError
130+ volumeMounts :
131+ - mountPath : /etc/tls/private
132+ name : olm-operator-serving-cert
133+ - mountPath : /srv-cert
134+ name : srv-cert
135+ readOnly : true
102136 nodeSelector :
103137 kubernetes.io/os : linux
104138 node-role.kubernetes.io/master : " "
Original file line number Diff line number Diff line change 3838 secretName : pprof-cert
3939 - name : tmpfs
4040 emptyDir : {}
41+ - name : catalog-operator-serving-cert
42+ secret :
43+ secretName : catalog-operator-serving-cert
4144 containers :
4245 - name : catalog-operator
4346 securityContext :
@@ -75,17 +78,17 @@ spec:
7578 image : quay.io/operator-framework/olm@sha256:de396b540b82219812061d0d753440d5655250c621c753ed1dc67d6154741607
7679 imagePullPolicy : IfNotPresent
7780 ports :
78- - containerPort : 8443
81+ - containerPort : 8080
7982 name : metrics
8083 livenessProbe :
8184 httpGet :
8285 path : /healthz
83- port : 8443
86+ port : 8080
8487 scheme : HTTPS
8588 readinessProbe :
8689 httpGet :
8790 path : /healthz
88- port : 8443
91+ port : 8080
8992 scheme : HTTPS
9093 terminationMessagePolicy : FallbackToLogsOnError
9194 resources :
9598 env :
9699 - name : RELEASE_VERSION
97100 value : " 0.0.1-snapshot"
101+ - args :
102+ - --secure-listen-address=0.0.0.0:8443
103+ - --upstream=https://127.0.0.1:8080/
104+ - --tls-cert-file=/etc/tls/private/tls.crt
105+ - --tls-private-key-file=/etc/tls/private/tls.key
106+ - --upstream-ca-file=/srv-cert/tls.crt
107+ - --logtostderr=true
108+ image : quay.io/openshift/origin-kube-rbac-proxy:latest
109+ imagePullPolicy : IfNotPresent
110+ name : kube-rbac-proxy
111+ securityContext :
112+ allowPrivilegeEscalation : false
113+ readOnlyRootFilesystem : true
114+ capabilities :
115+ drop : ["ALL"]
116+ ports :
117+ - containerPort : 8443
118+ name : metrics
119+ protocol : TCP
120+ resources :
121+ requests :
122+ memory : 20Mi
123+ cpu : 10m
124+ terminationMessagePath : /dev/termination-log
125+ terminationMessagePolicy : FallbackToLogsOnError
126+ volumeMounts :
127+ - mountPath : /etc/tls/private
128+ name : catalog-operator-serving-cert
129+ - mountPath : /srv-cert
130+ name : srv-cert
131+ readOnly : true
98132 nodeSelector :
99133 kubernetes.io/os : linux
100134 tolerations :
Original file line number Diff line number Diff line change 3737 secretName : pprof-cert
3838 - name : tmpfs
3939 emptyDir : {}
40+ - name : catalog-operator-serving-cert
41+ secret :
42+ secretName : catalog-operator-serving-cert
4043 containers :
4144 - name : catalog-operator
4245 securityContext :
@@ -74,17 +77,17 @@ spec:
7477 image : quay.io/operator-framework/olm@sha256:de396b540b82219812061d0d753440d5655250c621c753ed1dc67d6154741607
7578 imagePullPolicy : IfNotPresent
7679 ports :
77- - containerPort : 8443
80+ - containerPort : 8080
7881 name : metrics
7982 livenessProbe :
8083 httpGet :
8184 path : /healthz
82- port : 8443
85+ port : 8080
8386 scheme : HTTPS
8487 readinessProbe :
8588 httpGet :
8689 path : /healthz
87- port : 8443
90+ port : 8080
8891 scheme : HTTPS
8992 terminationMessagePolicy : FallbackToLogsOnError
9093 resources :
9497 env :
9598 - name : RELEASE_VERSION
9699 value : " 0.0.1-snapshot"
100+ - args :
101+ - --secure-listen-address=0.0.0.0:8443
102+ - --upstream=https://127.0.0.1:8080/
103+ - --tls-cert-file=/etc/tls/private/tls.crt
104+ - --tls-private-key-file=/etc/tls/private/tls.key
105+ - --upstream-ca-file=/srv-cert/tls.crt
106+ - --logtostderr=true
107+ image : quay.io/openshift/origin-kube-rbac-proxy:latest
108+ imagePullPolicy : IfNotPresent
109+ name : kube-rbac-proxy
110+ securityContext :
111+ allowPrivilegeEscalation : false
112+ readOnlyRootFilesystem : true
113+ capabilities :
114+ drop : ["ALL"]
115+ ports :
116+ - containerPort : 8443
117+ name : metrics
118+ protocol : TCP
119+ resources :
120+ requests :
121+ memory : 20Mi
122+ cpu : 10m
123+ terminationMessagePath : /dev/termination-log
124+ terminationMessagePolicy : FallbackToLogsOnError
125+ volumeMounts :
126+ - mountPath : /etc/tls/private
127+ name : catalog-operator-serving-cert
128+ - mountPath : /srv-cert
129+ name : srv-cert
130+ readOnly : true
97131 nodeSelector :
98132 kubernetes.io/os : linux
99133 node-role.kubernetes.io/master : " "
Original file line number Diff line number Diff line change 3838 secretName : pprof-cert
3939 - name : tmpfs
4040 emptyDir : {}
41+ - name : olm-operator-serving-cert
42+ secret :
43+ secretName : olm-operator-serving-cert
4144 containers :
4245 - name : olm-operator
4346 securityContext :
@@ -74,17 +77,17 @@ spec:
7477 image : quay.io/operator-framework/olm@sha256:de396b540b82219812061d0d753440d5655250c621c753ed1dc67d6154741607
7578 imagePullPolicy : IfNotPresent
7679 ports :
77- - containerPort : 8443
80+ - containerPort : 8080
7881 name : metrics
7982 livenessProbe :
8083 httpGet :
8184 path : /healthz
82- port : 8443
85+ port : 8080
8386 scheme : HTTPS
8487 readinessProbe :
8588 httpGet :
8689 path : /healthz
87- port : 8443
90+ port : 8080
8891 scheme : HTTPS
8992 terminationMessagePolicy : FallbackToLogsOnError
9093 env :
@@ -100,6 +103,37 @@ spec:
100103 requests :
101104 cpu : 10m
102105 memory : 160Mi
106+ - args :
107+ - --secure-listen-address=0.0.0.0:8443
108+ - --upstream=https://127.0.0.1:8080/
109+ - --tls-cert-file=/etc/tls/private/tls.crt
110+ - --tls-private-key-file=/etc/tls/private/tls.key
111+ - --upstream-ca-file=/srv-cert/tls.crt
112+ - --logtostderr=true
113+ image : quay.io/openshift/origin-kube-rbac-proxy:latest
114+ imagePullPolicy : IfNotPresent
115+ name : kube-rbac-proxy
116+ securityContext :
117+ allowPrivilegeEscalation : false
118+ readOnlyRootFilesystem : true
119+ capabilities :
120+ drop : ["ALL"]
121+ ports :
122+ - containerPort : 8443
123+ name : metrics
124+ protocol : TCP
125+ resources :
126+ requests :
127+ memory : 20Mi
128+ cpu : 10m
129+ terminationMessagePath : /dev/termination-log
130+ terminationMessagePolicy : FallbackToLogsOnError
131+ volumeMounts :
132+ - mountPath : /etc/tls/private
133+ name : olm-operator-serving-cert
134+ - mountPath : /srv-cert
135+ name : srv-cert
136+ readOnly : true
103137 nodeSelector :
104138 kubernetes.io/os : linux
105139 tolerations :
You can’t perform that action at this time.
0 commit comments