Merge pull request #471 from tmshort/synchronize

NO-ISSUE: Synchronize From Upstream Repositories

Author: openshift-merge-bot[bot]

.bingo/Variables.mk

@@ -53,6 +53,12 @@ $(GORELEASER): $(BINGO_DIR)/goreleaser.mod
 	@echo "(re)installing $(GOBIN)/goreleaser-v1.26.2"
 	@cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=goreleaser.mod -o=$(GOBIN)/goreleaser-v1.26.2 "github.com/goreleaser/goreleaser"
 
+HELM := $(GOBIN)/helm-v3.18.4
+$(HELM): $(BINGO_DIR)/helm.mod
+	@# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies.
+	@echo "(re)installing $(GOBIN)/helm-v3.18.4"
+	@cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=helm.mod -o=$(GOBIN)/helm-v3.18.4 "helm.sh/helm/v3/cmd/helm"
+
 KIND := $(GOBIN)/kind-v0.29.0
 $(KIND): $(BINGO_DIR)/kind.mod
 	@# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies.

.bingo/helm.mod

@@ -0,0 +1,5 @@
+module _ // Auto generated by https://github.com/bwplotka/bingo. DO NOT EDIT
+
+go 1.24.3
+
+require helm.sh/helm/v3 v3.18.4 // cmd/helm

.bingo/helm.sum

@@ -20,6 +20,8 @@ GOLANGCI_LINT="${GOBIN}/golangci-lint-v2.1.6"
 
 GORELEASER="${GOBIN}/goreleaser-v1.26.2"
 
+HELM="${GOBIN}/helm-v3.18.4"
+
 KIND="${GOBIN}/kind-v0.29.0"
 
 KUSTOMIZE="${GOBIN}/kustomize-v5.6.0"

.bingo/variables.env

@@ -150,4 +150,4 @@ def deploy_repo(data, tags="", debug=True):
         local_port = repo['starting_debug_port']
         build_binary(reponame, repo['binary'], repo['deps'], repo['image'], tags, debug)
         k8s_resource(repo['deployment'], port_forwards=['{}:30000'.format(local_port)])
-    process_yaml(kustomize(data['yaml']))
+    process_yaml(helm('helm/olmv1', name="olmv1", values=[data['yaml']]))

.tilt-support

@@ -83,12 +83,12 @@ export EXPERIMENTAL_RELEASE_INSTALL := install-experimental.sh
 export RELEASE_CATALOGS := default-catalogs.yaml
 
 # List of manifests that are checked in
-MANIFEST_HOME := ./manifests
-STANDARD_MANIFEST := ./manifests/standard.yaml
-STANDARD_E2E_MANIFEST := ./manifests/standard-e2e.yaml
-EXPERIMENTAL_MANIFEST := ./manifests/experimental.yaml
-EXPERIMENTAL_E2E_MANIFEST := ./manifests/experimental-e2e.yaml
-CATALOGS_MANIFEST := ./manifests/default-catalogs.yaml
+MANIFEST_HOME := manifests
+STANDARD_MANIFEST := $(MANIFEST_HOME)/standard.yaml
+STANDARD_E2E_MANIFEST := $(MANIFEST_HOME)/standard-e2e.yaml
+EXPERIMENTAL_MANIFEST := $(MANIFEST_HOME)/experimental.yaml
+EXPERIMENTAL_E2E_MANIFEST := $(MANIFEST_HOME)/experimental-e2e.yaml
+CATALOGS_MANIFEST := $(MANIFEST_HOME)/default-catalogs.yaml
 
 # Disable -j flag for make
 .NOTPARALLEL:
@@ -123,6 +123,10 @@ help-extended: #HELP Display extended help.
 lint: lint-custom $(GOLANGCI_LINT) #HELP Run golangci linter.
 	$(GOLANGCI_LINT) run --build-tags $(GO_BUILD_TAGS) $(GOLANGCI_LINT_ARGS)
 
+lint-helm: $(HELM) #HELP Run helm linter
+	helm lint helm/olmv1
+	helm lint helm/prometheus
+
 .PHONY: custom-linter-build
 custom-linter-build: #EXHELP Build custom linter
 	go build -tags $(GO_BUILD_TAGS) -o ./bin/custom-linter ./hack/ci/custom-linters/cmd
@@ -139,31 +143,39 @@ k8s-pin: #EXHELP Pin k8s staging modules based on k8s.io/kubernetes version (in
 tidy:
 	go mod tidy
 
-.PHONY: manifests
-KUSTOMIZE_CATD_RBAC_DIR := config/base/catalogd/rbac
-KUSTOMIZE_CATD_WEBHOOKS_DIR := config/base/catalogd/webhook
-KUSTOMIZE_OPCON_RBAC_DIR := config/base/operator-controller/rbac
 # Due to https://github.com/kubernetes-sigs/controller-tools/issues/837 we can't specify individual files
 # So we have to generate them together and then move them into place
-manifests: $(CONTROLLER_GEN) $(KUSTOMIZE) #EXHELP Generate WebhookConfiguration, ClusterRole, and CustomResourceDefinition objects.
-	# Generate CRDs via our own generator
+.PHONY: update-crds
+update-crds:
 	hack/tools/update-crds.sh
-	# Generate the remaining operator-controller standard manifests
-	$(CONTROLLER_GEN) --load-build-tags=$(GO_BUILD_TAGS),standard rbac:roleName=manager-role paths="./internal/operator-controller/..." output:rbac:artifacts:config=$(KUSTOMIZE_OPCON_RBAC_DIR)/standard
-	# Generate the remaining operator-controller experimental manifests
-	$(CONTROLLER_GEN) --load-build-tags=$(GO_BUILD_TAGS) rbac:roleName=manager-role paths="./internal/operator-controller/..." output:rbac:artifacts:config=$(KUSTOMIZE_OPCON_RBAC_DIR)/experimental
-	# Generate the remaining catalogd standard manifests
-	$(CONTROLLER_GEN) --load-build-tags=$(GO_BUILD_TAGS),standard rbac:roleName=manager-role paths="./internal/catalogd/..." output:rbac:artifacts:config=$(KUSTOMIZE_CATD_RBAC_DIR)/standard
-	$(CONTROLLER_GEN) --load-build-tags=$(GO_BUILD_TAGS),standard webhook paths="./internal/catalogd/..." output:webhook:artifacts:config=$(KUSTOMIZE_CATD_WEBHOOKS_DIR)/standard
-	# Generate the remaining catalogd experimental manifests
-	$(CONTROLLER_GEN) --load-build-tags=$(GO_BUILD_TAGS) rbac:roleName=manager-role paths="./internal/catalogd/..." output:rbac:artifacts:config=$(KUSTOMIZE_CATD_RBAC_DIR)/experimental
-	$(CONTROLLER_GEN) --load-build-tags=$(GO_BUILD_TAGS) webhook paths="./internal/catalogd/..." output:webhook:artifacts:config=$(KUSTOMIZE_CATD_WEBHOOKS_DIR)/experimental
-	# Generate manifests stored in source-control
-	mkdir -p $(MANIFEST_HOME)
-	$(KUSTOMIZE) build $(KUSTOMIZE_STANDARD_OVERLAY) > $(STANDARD_MANIFEST)
-	$(KUSTOMIZE) build $(KUSTOMIZE_STANDARD_E2E_OVERLAY) > $(STANDARD_E2E_MANIFEST)
-	$(KUSTOMIZE) build $(KUSTOMIZE_EXPERIMENTAL_OVERLAY) > $(EXPERIMENTAL_MANIFEST)
-	$(KUSTOMIZE) build $(KUSTOMIZE_EXPERIMENTAL_E2E_OVERLAY) > $(EXPERIMENTAL_E2E_MANIFEST)
+
+# The filename variables can be overridden on the command line if you want to change the set of values files:
+# e.g. make "manifests/standard.yaml=helm/cert-manager.yaml my-values-file.yaml" manifests
+#
+# The set of MANIFESTS to be generated can be changed; you can generate your own custom manifest
+# e.g. make MANIFESTS=test.yaml "test.yaml=helm/e2e.yaml" manifests
+#
+# Override HELM_SETTINGS on the command line to include additional Helm settings
+# e.g. make HELM_SETTINGS="options.openshift.enabled=true" manifests
+# e.g. make HELM_SETTINGS="operatorControllerFeatures={WebhookProviderCertManager}" manifests
+#
+MANIFESTS ?= $(STANDARD_MANIFEST) $(STANDARD_E2E_MANIFEST) $(EXPERIMENTAL_MANIFEST) $(EXPERIMENTAL_E2E_MANIFEST)
+$(STANDARD_MANIFEST) ?= helm/cert-manager.yaml
+$(STANDARD_E2E_MANIFEST) ?= helm/cert-manager.yaml helm/e2e.yaml
+$(EXPERIMENTAL_MANIFEST) ?= helm/cert-manager.yaml helm/experimental.yaml
+$(EXPERIMENTAL_E2E_MANIFEST) ?= helm/cert-manager.yaml helm/experimental.yaml helm/e2e.yaml
+HELM_SETTINGS ?=
+.PHONY: $(MANIFESTS)
+$(MANIFESTS): $(HELM)
+	@mkdir -p $(MANIFEST_HOME)
+	$(HELM) template olmv1 helm/olmv1 $(addprefix --values ,$($@)) $(addprefix --set ,$(HELM_SETTINGS)) > $@
+
+# Generate manifests stored in source-control
+.PHONY: manifests
+manifests: update-crds $(MANIFESTS) $(HELM) #EXHELP Generate OLMv1 manifests
+	# These are testing existing manifest options without saving the results
+	$(HELM) template olmv1 helm/olmv1 --values helm/tilt.yaml $(addprefix --set ,$(HELM_SETTINGS)) > /dev/null
+	$(HELM) template olmv1 helm/olmv1 --set "options.openshift.enabled=true" > /dev/null
 
 .PHONY: generate
 generate: $(CONTROLLER_GEN) #EXHELP Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
@@ -288,8 +300,8 @@ test-experimental-e2e: run-internal image-registry prometheus experimental-e2e e
 .PHONY: prometheus
 prometheus: PROMETHEUS_NAMESPACE := olmv1-system
 prometheus: PROMETHEUS_VERSION := v0.83.0
-prometheus: #EXHELP Deploy Prometheus into specified namespace
-	./hack/test/install-prometheus.sh $(PROMETHEUS_NAMESPACE) $(PROMETHEUS_VERSION) $(KUSTOMIZE) $(VERSION)
+prometheus: $(KUSTOMIZE) #EXHELP Deploy Prometheus into specified namespace
+	./hack/test/install-prometheus.sh $(PROMETHEUS_NAMESPACE) $(PROMETHEUS_VERSION) $(VERSION)
 
 .PHONY: test-extension-developer-e2e
 test-extension-developer-e2e: SOURCE_MANIFEST := $(STANDARD_E2E_MANIFEST)

Makefile

@@ -17,7 +17,7 @@ olmv1 = {
             'starting_debug_port': 30000,
         },
     },
-    'yaml': 'config/overlays/tilt-local-dev',
+    'yaml': 'helm/tilt.yaml',
 }
 
 deploy_repo(olmv1, '-tags containers_image_openpgp')

Tiltfile

@@ -60,6 +60,7 @@ import (
 	"github.com/operator-framework/operator-controller/internal/catalogd/webhook"
 	sharedcontrollers "github.com/operator-framework/operator-controller/internal/shared/controllers"
 	fsutil "github.com/operator-framework/operator-controller/internal/shared/util/fs"
+	httputil "github.com/operator-framework/operator-controller/internal/shared/util/http"
 	imageutil "github.com/operator-framework/operator-controller/internal/shared/util/image"
 	"github.com/operator-framework/operator-controller/internal/shared/util/pullsecretcache"
 	sautil "github.com/operator-framework/operator-controller/internal/shared/util/sa"
@@ -291,6 +292,18 @@ func run(ctx context.Context) error {
 		return err
 	}
 
+	// This watches the pullCasDir and the SSL_CERT_DIR, and SSL_CERT_FILE for changes
+	cpwPull, err := httputil.NewCertPoolWatcher(cfg.pullCasDir, ctrl.Log.WithName("pull-ca-pool"))
+	if err != nil {
+		setupLog.Error(err, "unable to create pull-ca-pool watcher")
+		return err
+	}
+	cpwPull.Restart(os.Exit)
+	if err = mgr.Add(cpwPull); err != nil {
+		setupLog.Error(err, "unable to add pull-ca-pool watcher to manager")
+		return err
+	}
+
 	if cfg.systemNamespace == "" {
 		cfg.systemNamespace = podNamespace()
 	}

cmd/catalogd/main.go

@@ -71,7 +71,6 @@ import (
 	"github.com/operator-framework/operator-controller/internal/operator-controller/features"
 	"github.com/operator-framework/operator-controller/internal/operator-controller/finalizers"
 	"github.com/operator-framework/operator-controller/internal/operator-controller/resolve"
-	"github.com/operator-framework/operator-controller/internal/operator-controller/rukpak/convert"
 	"github.com/operator-framework/operator-controller/internal/operator-controller/rukpak/preflights/crdupgradesafety"
 	"github.com/operator-framework/operator-controller/internal/operator-controller/rukpak/render"
 	"github.com/operator-framework/operator-controller/internal/operator-controller/rukpak/render/certproviders"
@@ -319,9 +318,26 @@ func run() error {
 		return err
 	}
 
-	certPoolWatcher, err := httputil.NewCertPoolWatcher(cfg.catalogdCasDir, ctrl.Log.WithName("cert-pool"))
+	cpwCatalogd, err := httputil.NewCertPoolWatcher(cfg.catalogdCasDir, ctrl.Log.WithName("catalogd-ca-pool"))
 	if err != nil {
-		setupLog.Error(err, "unable to create CA certificate pool")
+		setupLog.Error(err, "unable to create catalogd-ca-pool watcher")
+		return err
+	}
+	cpwCatalogd.Restart(os.Exit)
+	if err = mgr.Add(cpwCatalogd); err != nil {
+		setupLog.Error(err, "unable to add catalogd-ca-pool watcher to manager")
+		return err
+	}
+
+	// This watches the pullCasDir and the SSL_CERT_DIR, and SSL_CERT_FILE for changes
+	cpwPull, err := httputil.NewCertPoolWatcher(cfg.pullCasDir, ctrl.Log.WithName("pull-ca-pool"))
+	if err != nil {
+		setupLog.Error(err, "unable to create pull-ca-pool watcher")
+		return err
+	}
+	cpwPull.Restart(os.Exit)
+	if err = mgr.Add(cpwPull); err != nil {
+		setupLog.Error(err, "unable to add pull-ca-pool watcher to manager")
 		return err
 	}
 
@@ -375,7 +391,7 @@ func run() error {
 	}
 	catalogClientBackend := cache.NewFilesystemCache(catalogsCachePath)
 	catalogClient := catalogclient.New(catalogClientBackend, func() (*http.Client, error) {
-		return httputil.BuildHTTPClient(certPoolWatcher)
+		return httputil.BuildHTTPClient(cpwCatalogd)
 	})
 
 	resolver := &resolve.CatalogResolver{
@@ -638,7 +654,7 @@ func setupHelm(
 	ceReconciler.Applier = &applier.Helm{
 		ActionClientGetter: acg,
 		Preflights:         preflights,
-		BundleToHelmChartConverter: &convert.BundleToHelmChartConverter{
+		HelmChartProvider: &applier.RegistryV1HelmChartProvider{
 			BundleRenderer:          registryv1.Renderer,
 			CertificateProvider:     certProvider,
 			IsWebhookSupportEnabled: certProvider != nil,

cmd/operator-controller/main.go

@@ -1,4 +1,4 @@
-expectedMergeBase: 68610d0184c4f36bf993f7986dd9a31f0b72b48b
+expectedMergeBase: e0a2e17332717dab9a16c1ff6d6ff80fd769ffe5
 upstreamBranch: main
 upstreamOrg: operator-framework
 upstreamRepo: operator-controller