From 2ee3c7053e6e82588a9a79b3f8e6d8dfacc2c2ea Mon Sep 17 00:00:00 2001
From: Erik Berg <openstack@slipsprogrammor.no>
Date: Tue, 29 Apr 2025 08:01:17 +0200
Subject: [PATCH] Fix issues with metallb on OKD

Slightly different approach, just get the latest (v0.14.2) release,
patch what needs to be patched and and apply with -k for kustomize.
No need to wait for operatorhub.io or the deployment to fail before
patching.

The deployment for webhook-server wants to pull
quay.io/metallb/controller:main for the webhook-server. Which seems
to be a moving target, and recently was expecting to find an
additional CRD for service.BGPStatuses. So we pin the controller to
v0.14.5, which is what the other controller images are pinned to in
this release.
---
 Makefile                            | 10 +----
 scripts/gen-olm-metallb-okd.sh      | 66 +++++------------------------
 scripts/gen-operatorshub-catalog.sh | 42 ------------------
 3 files changed, 13 insertions(+), 105 deletions(-)
 delete mode 100644 scripts/gen-operatorshub-catalog.sh

diff --git a/Makefile b/Makefile
index 65348291..07c664c3 100644
--- a/Makefile
+++ b/Makefile
@@ -2463,16 +2463,10 @@ metallb: ## installs metallb operator in the metallb-system namespace
 	oc apply -f ${OUT}/${NAMESPACE}/namespace.yaml
 	timeout $(TIMEOUT) bash -c "while ! (oc get project.v1.project.openshift.io ${NAMESPACE}); do sleep 1; done"
 ifeq ($(OKD), true)
-	bash scripts/gen-operatorshub-catalog.sh
-	oc apply -f ${OPERATOR_DIR}/operatorshub-catalog/
-	timeout ${TIMEOUT} bash -c "while ! (oc get packagemanifests metallb-operator --no-headers=true | grep metallb-operator); do sleep 10; done"
 	bash scripts/gen-olm-metallb-okd.sh
-	oc apply -f ${OPERATOR_DIR}
-	timeout ${TIMEOUT} bash -c "while ! (oc get deployment metallb-operator-controller-manager --no-headers=true -n ${NAMESPACE}| grep metallb-operator-controller-manager); do sleep 10; done"
-	oc apply -f ${OPERATOR_DIR}/patches
+	oc apply -k ${OPERATOR_DIR}/config/openshift
+	oc apply -f ${OPERATOR_DIR}/config/metallb_rbac/metallb-openshift.yaml
 	oc wait -n ${NAMESPACE} --for=condition=Available deployment/metallb-operator-controller-manager --timeout=${TIMEOUT}
-	# we ensure the outdated replica is terminated (i.e only one replica available)
-	timeout ${TIMEOUT} bash -c "while ! (oc get pod --no-headers=true -l control-plane=controller-manager -n ${NAMESPACE}| grep metallb-operator-controller | wc -l | grep -q -e 1); do sleep 10; done"
 else
 	bash scripts/gen-olm-metallb.sh
 	oc apply -f ${OPERATOR_DIR}
diff --git a/scripts/gen-olm-metallb-okd.sh b/scripts/gen-olm-metallb-okd.sh
index 59ae83e4..49bc7943 100644
--- a/scripts/gen-olm-metallb-okd.sh
+++ b/scripts/gen-olm-metallb-okd.sh
@@ -38,48 +38,9 @@ fi
 echo OPERATOR_DIR ${OPERATOR_DIR}
 echo DEPLOY_DIR ${DEPLOY_DIR}
 
-cat > ${OPERATOR_DIR}/operatorgroup.yaml <<EOF_CAT
-apiVersion: operators.coreos.com/v1
-kind: OperatorGroup
-metadata:
-  name: metallb-operator
-  namespace: metallb-system
-EOF_CAT
-
-cat > ${OPERATOR_DIR}/subscription.yaml <<EOF_CAT
-apiVersion: operators.coreos.com/v1alpha1
-kind: Subscription
-metadata:
-  name: metallb-operator-sub
-  namespace: metallb-system
-spec:
-  channel: beta
-  name: metallb-operator
-  source: operatorhubio-catalog
-  sourceNamespace: openshift-marketplace
-EOF_CAT
-
-cat > ${OPERATOR_DIR}/patches/patch-deployment-controller-manager.yaml <<EOF_CAT
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: metallb-operator-controller-manager
-  namespace: metallb-system
-spec:
-  template:
-    spec:
-      containers:
-      - name: manager
-        env:
-        - name: DEPLOY_SERVICEMONITORS
-          value: "true"
-        - name: METALLB_BGP_TYPE
-          value: "frr"
-        - name: FRR_IMAGE
-          value: quay.io/frrouting/frr:8.4.2
-EOF_CAT
+curl -L https://github.com/metallb/metallb-operator/archive/refs/tags/v0.14.2.tar.gz | tar -xz --strip-components=1 -C ${OPERATOR_DIR}
 
-cat > ${OPERATOR_DIR}/patches/patch-deployment-webhook-server.yaml <<EOF_CAT
+cat > ${OPERATOR_DIR}/config/openshift/patch-deployment-webhook-server.yaml <<EOF_CAT
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -90,6 +51,7 @@ spec:
     spec:
       containers:
       - name: webhook-server
+        image: quay.io/metallb/controller:v0.14.5
         env:
         - name: DEPLOY_SERVICEMONITORS
           value: "true"
@@ -97,20 +59,14 @@ spec:
           value: "frr"
 EOF_CAT
 
-cat > ${OPERATOR_DIR}/patches/privileged-role-binding.yaml <<EOF_CAT
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: system:openshift:scc:privileged
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:openshift:scc:privileged
-subjects:
-- kind: ServiceAccount
-  name: controller
-  namespace: metallb-system
-EOF_CAT
+patch ${OPERATOR_DIR}/config/openshift/kustomization.yaml <<EOF_PATCH
+@@ -8,4 +8,5 @@
+ patches:
+ - path: patch-namespace.yaml
+ - path: patch-deployment-controller-manager.yaml
++- path: patch-deployment-webhook-server.yaml
+ namespace: metallb-system
+EOF_PATCH
 
 cat > ${DEPLOY_DIR}/deploy_operator.yaml <<EOF_CAT
 apiVersion: metallb.io/v1beta1
diff --git a/scripts/gen-operatorshub-catalog.sh b/scripts/gen-operatorshub-catalog.sh
deleted file mode 100644
index c8b544d6..00000000
--- a/scripts/gen-operatorshub-catalog.sh
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/bash
-#
-# Copyright 2022 Red Hat Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-set -ex
-
-if [ -z "${OPERATOR_DIR}" ]; then
-    echo "Please set OPERATOR_DIR"; exit 1
-fi
-
-if [ ! -d ${OPERATOR_DIR}/operatorshub-catalog ]; then
-    mkdir -p ${OPERATOR_DIR}/operatorshub-catalog
-fi
-
-echo OPERATOR_DIR ${OPERATOR_DIR}
-
-cat > ${OPERATOR_DIR}/operatorshub-catalog/operatorshub-catalog.yaml <<EOF_CAT
-apiVersion: operators.coreos.com/v1alpha1
-kind: CatalogSource
-metadata:
-  name: operatorhubio-catalog
-  namespace: openshift-marketplace
-spec:
-  sourceType: grpc
-  image: quay.io/operatorhubio/catalog:latest
-  displayName: OperatorHub catalog
-  publisher: Operatorhub
-  updateStrategy:
-    registryPoll:
-      interval: 30m
-EOF_CAT