placeholder

Author: anik120

manifests/0000_50_olm_07-olm-operator.deployment.ibm-cloud-managed.yaml

@@ -38,6 +38,9 @@ spec:
             secretName: pprof-cert
         - name: tmpfs
           emptyDir: {}
+        - name: olm-operator-serving-cert
+          secret:
+            secretName: olm-operator-serving-cert
       containers:
         - name: olm-operator
           securityContext:
@@ -100,6 +103,37 @@ spec:
             requests:
               cpu: 10m
               memory: 160Mi
+        - args:
+            - --secure-listen-address=0.0.0.0:8443
+            - --upstream=https://127.0.0.1:8443/
+            - --tls-cert-file=/etc/tls/private/tls.crt
+            - --tls-private-key-file=/etc/tls/private/tls.key
+            - --upstream-ca-file=/srv-cert/tls.crt
+            - --logtostderr=true
+          image: quay.io/openshift/origin-kube-rbac-proxy:latest
+          imagePullPolicy: IfNotPresent
+          name: kube-rbac-proxy
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop: ["ALL"]
+          ports:
+            - containerPort: 8443
+              name: metrics
+              protocol: TCP
+          resources:
+            requests:
+              memory: 20Mi
+              cpu: 10m
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: FallbackToLogsOnError
+          volumeMounts:
+            - mountPath: /etc/tls/private
+              name: olm-operator-serving-cert
+            - mountPath: /srv-cert
+              name: srv-cert
+              readOnly: true
       nodeSelector:
         kubernetes.io/os: linux
       tolerations:

manifests/0000_50_olm_07-olm-operator.deployment.yaml

@@ -37,6 +37,9 @@ spec:
             secretName: pprof-cert
         - name: tmpfs
           emptyDir: {}
+        - name: olm-operator-serving-cert
+          secret:
+            secretName: olm-operator-serving-cert
       containers:
         - name: olm-operator
           securityContext:
@@ -99,6 +102,37 @@ spec:
             requests:
               cpu: 10m
               memory: 160Mi
+        - args:
+            - --secure-listen-address=0.0.0.0:8443
+            - --upstream=https://127.0.0.1:8443/
+            - --tls-cert-file=/etc/tls/private/tls.crt
+            - --tls-private-key-file=/etc/tls/private/tls.key
+            - --upstream-ca-file=/srv-cert/tls.crt
+            - --logtostderr=true
+          image: quay.io/openshift/origin-kube-rbac-proxy:latest
+          imagePullPolicy: IfNotPresent
+          name: kube-rbac-proxy
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop: ["ALL"]
+          ports:
+            - containerPort: 8443
+              name: metrics
+              protocol: TCP
+          resources:
+            requests:
+              memory: 20Mi
+              cpu: 10m
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: FallbackToLogsOnError
+          volumeMounts:
+            - mountPath: /etc/tls/private
+              name: olm-operator-serving-cert
+            - mountPath: /srv-cert
+              name: srv-cert
+              readOnly: true
       nodeSelector:
         kubernetes.io/os: linux
         node-role.kubernetes.io/master: ""

manifests/0000_50_olm_08-catalog-operator.deployment.ibm-cloud-managed.yaml

@@ -38,6 +38,9 @@ spec:
             secretName: pprof-cert
         - name: tmpfs
           emptyDir: {}
+        - name: catalog-operator-serving-cert
+          secret:
+            secretName: catalog-operator-serving-cert
       containers:
         - name: catalog-operator
           securityContext:
@@ -95,6 +98,37 @@ spec:
           env:
             - name: RELEASE_VERSION
               value: "0.0.1-snapshot"
+        - args:
+            - --secure-listen-address=0.0.0.0:8443
+            - --upstream=https://127.0.0.1:8443/
+            - --tls-cert-file=/etc/tls/private/tls.crt
+            - --tls-private-key-file=/etc/tls/private/tls.key
+            - --upstream-ca-file=/srv-cert/tls.crt
+            - --logtostderr=true
+          image: quay.io/openshift/origin-kube-rbac-proxy:latest
+          imagePullPolicy: IfNotPresent
+          name: kube-rbac-proxy
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop: ["ALL"]
+          ports:
+            - containerPort: 8443
+              name: metrics
+              protocol: TCP
+          resources:
+            requests:
+              memory: 20Mi
+              cpu: 10m
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: FallbackToLogsOnError
+          volumeMounts:
+            - mountPath: /etc/tls/private
+              name: catalog-operator-serving-cert
+            - mountPath: /srv-cert
+              name: srv-cert
+              readOnly: true
       nodeSelector:
         kubernetes.io/os: linux
       tolerations:

manifests/0000_50_olm_08-catalog-operator.deployment.yaml

@@ -37,6 +37,9 @@ spec:
             secretName: pprof-cert
         - name: tmpfs
           emptyDir: {}
+        - name: catalog-operator-serving-cert
+          secret:
+            secretName: catalog-operator-serving-cert
       containers:
         - name: catalog-operator
           securityContext:
@@ -94,6 +97,37 @@ spec:
           env:
             - name: RELEASE_VERSION
               value: "0.0.1-snapshot"
+        - args:
+            - --secure-listen-address=0.0.0.0:8443
+            - --upstream=https://127.0.0.1:8443/
+            - --tls-cert-file=/etc/tls/private/tls.crt
+            - --tls-private-key-file=/etc/tls/private/tls.key
+            - --upstream-ca-file=/srv-cert/tls.crt
+            - --logtostderr=true
+          image: quay.io/openshift/origin-kube-rbac-proxy:latest
+          imagePullPolicy: IfNotPresent
+          name: kube-rbac-proxy
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop: ["ALL"]
+          ports:
+            - containerPort: 8443
+              name: metrics
+              protocol: TCP
+          resources:
+            requests:
+              memory: 20Mi
+              cpu: 10m
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: FallbackToLogsOnError
+          volumeMounts:
+            - mountPath: /etc/tls/private
+              name: catalog-operator-serving-cert
+            - mountPath: /srv-cert
+              name: srv-cert
+              readOnly: true
       nodeSelector:
         kubernetes.io/os: linux
         node-role.kubernetes.io/master: ""

microshift-manifests/0000_50_olm_07-olm-operator.deployment.ibm-cloud-managed.yaml

@@ -38,6 +38,9 @@ spec:
             secretName: pprof-cert
         - name: tmpfs
           emptyDir: {}
+        - name: olm-operator-serving-cert
+          secret:
+            secretName: olm-operator-serving-cert
       containers:
         - name: olm-operator
           securityContext:
@@ -100,6 +103,37 @@ spec:
             requests:
               cpu: 10m
               memory: 160Mi
+        - args:
+            - --secure-listen-address=0.0.0.0:8443
+            - --upstream=https://127.0.0.1:8443/
+            - --tls-cert-file=/etc/tls/private/tls.crt
+            - --tls-private-key-file=/etc/tls/private/tls.key
+            - --upstream-ca-file=/srv-cert/tls.crt
+            - --logtostderr=true
+          image: quay.io/openshift/origin-kube-rbac-proxy:latest
+          imagePullPolicy: IfNotPresent
+          name: kube-rbac-proxy
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop: ["ALL"]
+          ports:
+            - containerPort: 8443
+              name: metrics
+              protocol: TCP
+          resources:
+            requests:
+              memory: 20Mi
+              cpu: 10m
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: FallbackToLogsOnError
+          volumeMounts:
+            - mountPath: /etc/tls/private
+              name: olm-operator-serving-cert
+            - mountPath: /srv-cert
+              name: srv-cert
+              readOnly: true
       nodeSelector:
         kubernetes.io/os: linux
       tolerations:

microshift-manifests/0000_50_olm_07-olm-operator.deployment.yaml

@@ -37,6 +37,9 @@ spec:
             secretName: pprof-cert
         - name: tmpfs
           emptyDir: {}
+        - name: olm-operator-serving-cert
+          secret:
+            secretName: olm-operator-serving-cert
       containers:
         - name: olm-operator
           securityContext:
@@ -95,6 +98,37 @@ spec:
             requests:
               cpu: 10m
               memory: 160Mi
+        - args:
+            - --secure-listen-address=0.0.0.0:8443
+            - --upstream=https://127.0.0.1:8443/
+            - --tls-cert-file=/etc/tls/private/tls.crt
+            - --tls-private-key-file=/etc/tls/private/tls.key
+            - --upstream-ca-file=/srv-cert/tls.crt
+            - --logtostderr=true
+          image: quay.io/openshift/origin-kube-rbac-proxy:latest
+          imagePullPolicy: IfNotPresent
+          name: kube-rbac-proxy
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop: ["ALL"]
+          ports:
+            - containerPort: 8443
+              name: metrics
+              protocol: TCP
+          resources:
+            requests:
+              memory: 20Mi
+              cpu: 10m
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: FallbackToLogsOnError
+          volumeMounts:
+            - mountPath: /etc/tls/private
+              name: olm-operator-serving-cert
+            - mountPath: /srv-cert
+              name: srv-cert
+              readOnly: true
       nodeSelector:
         kubernetes.io/os: linux
         node-role.kubernetes.io/master: ""

microshift-manifests/0000_50_olm_08-catalog-operator.deployment.ibm-cloud-managed.yaml

@@ -38,6 +38,9 @@ spec:
             secretName: pprof-cert
         - name: tmpfs
           emptyDir: {}
+        - name: catalog-operator-serving-cert
+          secret:
+            secretName: catalog-operator-serving-cert
       containers:
         - name: catalog-operator
           securityContext:
@@ -95,6 +98,37 @@ spec:
           env:
             - name: RELEASE_VERSION
               value: "0.0.1-snapshot"
+        - args:
+            - --secure-listen-address=0.0.0.0:8443
+            - --upstream=https://127.0.0.1:8443/
+            - --tls-cert-file=/etc/tls/private/tls.crt
+            - --tls-private-key-file=/etc/tls/private/tls.key
+            - --upstream-ca-file=/srv-cert/tls.crt
+            - --logtostderr=true
+          image: quay.io/openshift/origin-kube-rbac-proxy:latest
+          imagePullPolicy: IfNotPresent
+          name: kube-rbac-proxy
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop: ["ALL"]
+          ports:
+            - containerPort: 8443
+              name: metrics
+              protocol: TCP
+          resources:
+            requests:
+              memory: 20Mi
+              cpu: 10m
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: FallbackToLogsOnError
+          volumeMounts:
+            - mountPath: /etc/tls/private
+              name: catalog-operator-serving-cert
+            - mountPath: /srv-cert
+              name: srv-cert
+              readOnly: true
       nodeSelector:
         kubernetes.io/os: linux
       tolerations:

microshift-manifests/0000_50_olm_08-catalog-operator.deployment.yaml

@@ -37,6 +37,9 @@ spec:
             secretName: pprof-cert
         - name: tmpfs
           emptyDir: {}
+        - name: catalog-operator-serving-cert
+          secret:
+            secretName: catalog-operator-serving-cert
       containers:
         - name: catalog-operator
           securityContext:
@@ -94,6 +97,37 @@ spec:
           env:
             - name: RELEASE_VERSION
               value: "0.0.1-snapshot"
+        - args:
+            - --secure-listen-address=0.0.0.0:8443
+            - --upstream=https://127.0.0.1:8443/
+            - --tls-cert-file=/etc/tls/private/tls.crt
+            - --tls-private-key-file=/etc/tls/private/tls.key
+            - --upstream-ca-file=/srv-cert/tls.crt
+            - --logtostderr=true
+          image: quay.io/openshift/origin-kube-rbac-proxy:latest
+          imagePullPolicy: IfNotPresent
+          name: kube-rbac-proxy
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop: ["ALL"]
+          ports:
+            - containerPort: 8443
+              name: metrics
+              protocol: TCP
+          resources:
+            requests:
+              memory: 20Mi
+              cpu: 10m
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: FallbackToLogsOnError
+          volumeMounts:
+            - mountPath: /etc/tls/private
+              name: catalog-operator-serving-cert
+            - mountPath: /srv-cert
+              name: srv-cert
+              readOnly: true
       nodeSelector:
         kubernetes.io/os: linux
         node-role.kubernetes.io/master: ""