WIP: update volumes to be consistent with downstream

Signed-off-by: Todd Short <[email protected]>

Author: tmshort

helm/olmv1/templates/29-deployment-olmv1-system-catalogd-controller-manager.yml

@@ -97,8 +97,8 @@ spec:
             {{- if .Values.components.certManager.enabled }}
             - mountPath: /var/certs
               name: catalogserver-certs
-            - mountPath: /var/ca-certs/
-              name: olmv1-certificate
+            - mountPath: /var/ca-certs
+              name: ca-certs
               readOnly: true
             {{- end }}
             {{- with .Values.components.catalogd.deployment.volumeMounts }}
@@ -121,8 +121,14 @@ spec:
         {{- if .Values.components.certManager.enabled }}
         - name: catalogserver-certs
           secret:
+            items:
+              - key: tls.crt
+                path: tls.crt
+              - key: tls.key
+                path: tls.key
+            optional: false
             secretName: catalogd-service-cert-git-version
-        - name: olmv1-certificate
+        - name: ca-certs
           secret:
             items:
               - key: ca.crt

helm/olmv1/templates/30-deployment-olmv1-system-operator-controller-controller-manager.yml

@@ -52,9 +52,9 @@ spec:
             - --feature-gates=HelmChartSupport=true
             {{- end }}
             {{- if .Values.components.certManager.enabled }}
-            - --catalogd-cas-dir=/var/certs
-            - --pull-cas-dir=/var/certs
-            - --tls-cert=/var/certs/tls.cert
+            - --catalogd-cas-dir=/var/ca-certs
+            - --pull-cas-dir=/var/ca-certs
+            - --tls-cert=/var/certs/tls.crt
             - --tls-key=/var/certs/tls.key
             {{- end }}
             {{- with .Values.components.operatorController.deployment.podArguments }}
@@ -106,8 +106,11 @@ spec:
             - mountPath: /tmp
               name: tmp
             {{- if .Values.components.certManager.enabled }}
-            - mountPath: /var/certs/
-              name: olmv1-certificate
+            - mountPath: /var/certs
+              name: operator-controller-certs
+              readOnly: true
+            - mountPath: /var/ca-certs
+              name: ca-certs
               readOnly: true
             {{- end }}
             {{- with .Values.components.operatorController.deployment.volumeMounts }}
@@ -131,17 +134,22 @@ spec:
         - emptyDir: {}
           name: tmp
         {{- if .Values.components.certManager.enabled }}
-        - name: olmv1-certificate
+        - name: operator-controller-certs
           secret:
             items:
-              - key: ca.crt
-                path: olm-ca.crt
               - key: tls.crt
-                path: tls.cert
+                path: tls.crt
               - key: tls.key
                 path: tls.key
             optional: false
-            secretName: olmv1-cert
+            secretName: operator-controller-cert
+        - name: ca-certs
+          secret:
+            items:
+              - key: ca.crt
+                path: olm-ca.crt
+            optional: false
+            secretName: operator-controller-cert
         {{- end }}
         {{- with .Values.components.operatorController.deployment.volumes }}
           {{- toYaml . | nindent 8 }}

helm/olmv1/templates/33-certificate-olmv1-system-olmv1-cert.yml renamed to helm/olmv1/templates/33-certificate-olmv1-system-operator-controller-cert.yml

@@ -7,7 +7,7 @@ metadata:
   labels:
     app.kubernetes.io/name: olmv1
     {{- include "olmv1.labels" . | nindent 4 }}
-  name: olmv1-cert
+  name: operator-controller-cert
   namespace: {{ .Values.namespaces.olmv1.name }}
 spec:
   dnsNames:
@@ -21,5 +21,5 @@ spec:
     algorithm: ECDSA
     rotationPolicy: Always
     size: 256
-  secretName: olmv1-cert
+  secretName: operator-controller-cert
 {{- end }}

manifests/experimental-e2e.yaml

@@ -1810,8 +1810,8 @@ spec:
               name: tmp
             - mountPath: /var/certs
               name: catalogserver-certs
-            - mountPath: /var/ca-certs/
-              name: olmv1-certificate
+            - mountPath: /var/ca-certs
+              name: ca-certs
               readOnly: true
           imagePullPolicy: IfNotPresent
           securityContext:
@@ -1832,8 +1832,14 @@ spec:
           name: tmp
         - name: catalogserver-certs
           secret:
+            items:
+              - key: tls.crt
+                path: tls.crt
+              - key: tls.key
+                path: tls.key
+            optional: false
             secretName: catalogd-service-cert-git-version
-        - name: olmv1-certificate
+        - name: ca-certs
           secret:
             items:
               - key: ca.crt
@@ -1914,9 +1920,9 @@ spec:
             - --feature-gates=SingleOwnNamespaceInstallSupport=true
             - --feature-gates=PreflightPermissions=true
             - --feature-gates=HelmChartSupport=true
-            - --catalogd-cas-dir=/var/certs
-            - --pull-cas-dir=/var/certs
-            - --tls-cert=/var/certs/tls.cert
+            - --catalogd-cas-dir=/var/ca-certs
+            - --pull-cas-dir=/var/ca-certs
+            - --tls-cert=/var/certs/tls.crt
             - --tls-key=/var/certs/tls.key
           command:
             - /operator-controller
@@ -1950,8 +1956,11 @@ spec:
               name: cache
             - mountPath: /tmp
               name: tmp
-            - mountPath: /var/certs/
-              name: olmv1-certificate
+            - mountPath: /var/certs
+              name: operator-controller-certs
+              readOnly: true
+            - mountPath: /var/ca-certs
+              name: ca-certs
               readOnly: true
           imagePullPolicy: IfNotPresent
           securityContext:
@@ -1973,17 +1982,22 @@ spec:
           name: cache
         - emptyDir: {}
           name: tmp
-        - name: olmv1-certificate
+        - name: operator-controller-certs
           secret:
             items:
-              - key: ca.crt
-                path: olm-ca.crt
               - key: tls.crt
-                path: tls.cert
+                path: tls.crt
               - key: tls.key
                 path: tls.key
             optional: false
-            secretName: olmv1-cert
+            secretName: operator-controller-cert
+        - name: ca-certs
+          secret:
+            items:
+              - key: ca.crt
+                path: olm-ca.crt
+            optional: false
+            secretName: operator-controller-cert
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
@@ -2074,7 +2088,7 @@ spec:
     size: 256
   secretName: catalogd-service-cert-git-version
 ---
-# Source: olmv1/templates/33-certificate-olmv1-system-olmv1-cert.yml
+# Source: olmv1/templates/33-certificate-olmv1-system-operator-controller-cert.yml
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
@@ -2083,7 +2097,7 @@ metadata:
   labels:
     app.kubernetes.io/name: olmv1
     app.kubernetes.io/part-of: olm
-  name: olmv1-cert
+  name: operator-controller-cert
   namespace: olmv1-system
 spec:
   dnsNames:
@@ -2097,7 +2111,7 @@ spec:
     algorithm: ECDSA
     rotationPolicy: Always
     size: 256
-  secretName: olmv1-cert
+  secretName: operator-controller-cert
 ---
 # Source: olmv1/templates/34-clusterissuer-olmv1-ca.yml
 apiVersion: cert-manager.io/v1

manifests/experimental.yaml

@@ -1730,8 +1730,8 @@ spec:
               name: tmp
             - mountPath: /var/certs
               name: catalogserver-certs
-            - mountPath: /var/ca-certs/
-              name: olmv1-certificate
+            - mountPath: /var/ca-certs
+              name: ca-certs
               readOnly: true
           imagePullPolicy: IfNotPresent
           securityContext:
@@ -1749,8 +1749,14 @@ spec:
           name: tmp
         - name: catalogserver-certs
           secret:
+            items:
+              - key: tls.crt
+                path: tls.crt
+              - key: tls.key
+                path: tls.key
+            optional: false
             secretName: catalogd-service-cert-git-version
-        - name: olmv1-certificate
+        - name: ca-certs
           secret:
             items:
               - key: ca.crt
@@ -1831,9 +1837,9 @@ spec:
             - --feature-gates=SingleOwnNamespaceInstallSupport=true
             - --feature-gates=PreflightPermissions=true
             - --feature-gates=HelmChartSupport=true
-            - --catalogd-cas-dir=/var/certs
-            - --pull-cas-dir=/var/certs
-            - --tls-cert=/var/certs/tls.cert
+            - --catalogd-cas-dir=/var/ca-certs
+            - --pull-cas-dir=/var/ca-certs
+            - --tls-cert=/var/certs/tls.crt
             - --tls-key=/var/certs/tls.key
           command:
             - /operator-controller
@@ -1860,8 +1866,11 @@ spec:
               name: cache
             - mountPath: /tmp
               name: tmp
-            - mountPath: /var/certs/
-              name: olmv1-certificate
+            - mountPath: /var/certs
+              name: operator-controller-certs
+              readOnly: true
+            - mountPath: /var/ca-certs
+              name: ca-certs
               readOnly: true
           imagePullPolicy: IfNotPresent
           securityContext:
@@ -1877,17 +1886,22 @@ spec:
           name: cache
         - emptyDir: {}
           name: tmp
-        - name: olmv1-certificate
+        - name: operator-controller-certs
           secret:
             items:
-              - key: ca.crt
-                path: olm-ca.crt
               - key: tls.crt
-                path: tls.cert
+                path: tls.crt
               - key: tls.key
                 path: tls.key
             optional: false
-            secretName: olmv1-cert
+            secretName: operator-controller-cert
+        - name: ca-certs
+          secret:
+            items:
+              - key: ca.crt
+                path: olm-ca.crt
+            optional: false
+            secretName: operator-controller-cert
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
@@ -1978,7 +1992,7 @@ spec:
     size: 256
   secretName: catalogd-service-cert-git-version
 ---
-# Source: olmv1/templates/33-certificate-olmv1-system-olmv1-cert.yml
+# Source: olmv1/templates/33-certificate-olmv1-system-operator-controller-cert.yml
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
@@ -1987,7 +2001,7 @@ metadata:
   labels:
     app.kubernetes.io/name: olmv1
     app.kubernetes.io/part-of: olm
-  name: olmv1-cert
+  name: operator-controller-cert
   namespace: olmv1-system
 spec:
   dnsNames:
@@ -2001,7 +2015,7 @@ spec:
     algorithm: ECDSA
     rotationPolicy: Always
     size: 256
-  secretName: olmv1-cert
+  secretName: operator-controller-cert
 ---
 # Source: olmv1/templates/34-clusterissuer-olmv1-ca.yml
 apiVersion: cert-manager.io/v1