Add catalogd webhook exp/standard split

Per Goncalves da Silva · Per Goncalves da Silva · commit a9307a0b6371 · 2025-07-16T13:41:46.000+02:00
Signed-off-by: Per Goncalves da Silva &lt;pegoncal@redhat.com&gt;
diff --git a/Makefile b/Makefile
@@ -142,7 +142,7 @@ tidy:
 
 .PHONY: manifests
 KUSTOMIZE_CATD_RBAC_DIR := config/base/catalogd/rbac
-KUSTOMIZE_CATD_WEBHOOKS_DIR := config/base/catalogd/manager/webhook
+KUSTOMIZE_CATD_WEBHOOKS_DIR := config/base/catalogd/webhook
 KUSTOMIZE_OPCON_RBAC_DIR := config/base/operator-controller/rbac
 # Due to https://github.com/kubernetes-sigs/controller-tools/issues/837 we can't specify individual files
 # So we have to generate them together and then move them into place
@@ -155,9 +155,10 @@ manifests: $(CONTROLLER_GEN) $(KUSTOMIZE) #EXHELP Generate WebhookConfiguration,
 	$(CONTROLLER_GEN) --load-build-tags=$(GO_BUILD_TAGS) rbac:roleName=manager-role paths="./internal/operator-controller/..." output:rbac:artifacts:config=$(KUSTOMIZE_OPCON_RBAC_DIR)/experimental
 	# Generate the remaining catalogd standard manifests
 	$(CONTROLLER_GEN) --load-build-tags=$(GO_BUILD_TAGS),standard rbac:roleName=manager-role paths="./internal/catalogd/..." output:rbac:artifacts:config=$(KUSTOMIZE_CATD_RBAC_DIR)/standard
-	$(CONTROLLER_GEN) --load-build-tags=$(GO_BUILD_TAGS) webhook paths="./internal/catalogd/..." output:webhook:artifacts:config=$(KUSTOMIZE_CATD_WEBHOOKS_DIR)
+	$(CONTROLLER_GEN) --load-build-tags=$(GO_BUILD_TAGS),standard webhook paths="./internal/catalogd/..." output:webhook:artifacts:config=$(KUSTOMIZE_CATD_WEBHOOKS_DIR)/standard
 	# Generate the remaining catalogd experimental manifests
 	$(CONTROLLER_GEN) --load-build-tags=$(GO_BUILD_TAGS) rbac:roleName=manager-role paths="./internal/catalogd/..." output:rbac:artifacts:config=$(KUSTOMIZE_CATD_RBAC_DIR)/experimental
+	$(CONTROLLER_GEN) --load-build-tags=$(GO_BUILD_TAGS) webhook paths="./internal/catalogd/..." output:webhook:artifacts:config=$(KUSTOMIZE_CATD_WEBHOOKS_DIR)/experimental
 	# Generate manifests stored in source-control
 	mkdir -p $(MANIFEST_HOME)
 	$(KUSTOMIZE) build $(KUSTOMIZE_STANDARD_OVERLAY) > $(STANDARD_MANIFEST)
diff --git a/config/base/catalogd/manager/kustomization.yaml b/config/base/catalogd/manager/kustomization.yaml
@@ -2,17 +2,9 @@ resources:
 - manager.yaml
 - service.yaml
 - network_policy.yaml
-- webhook/manifests.yaml
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
 - name: controller
   newName: quay.io/operator-framework/catalogd
   newTag: devel
-patches:
-- path: webhook/patch.yaml
-  target:
-    group: admissionregistration.k8s.io
-    kind: MutatingWebhookConfiguration
-    name: mutating-webhook-configuration
-    version: v1
diff --git a/config/base/catalogd/webhook/experimental/kustomization.yaml b/config/base/catalogd/webhook/experimental/kustomization.yaml
@@ -0,0 +1,13 @@
+resources:
+- manifests.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: olmv1-system
+namePrefix: catalogd-
+patches:
+- path: patch.yaml
+  target:
+    group: admissionregistration.k8s.io
+    kind: MutatingWebhookConfiguration
+    name: mutating-webhook-configuration
+    version: v1
diff --git a/config/base/catalogd/webhook/experimental/manifests.yaml b/config/base/catalogd/webhook/experimental/manifests.yaml
diff --git a/config/base/catalogd/webhook/experimental/patch.yaml b/config/base/catalogd/webhook/experimental/patch.yaml
diff --git a/config/base/catalogd/webhook/kustomization.yaml b/config/base/catalogd/webhook/kustomization.yaml
@@ -0,0 +1,4 @@
+# This kustomization picks the standard webhook by default
+# If the experimental webhook is desired, select that directory explicitly
+resources:
+- standard
diff --git a/config/base/catalogd/webhook/standard/kustomization.yaml b/config/base/catalogd/webhook/standard/kustomization.yaml
@@ -0,0 +1,13 @@
+resources:
+- manifests.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: olmv1-system
+namePrefix: catalogd-
+patches:
+- path: patch.yaml
+  target:
+    group: admissionregistration.k8s.io
+    kind: MutatingWebhookConfiguration
+    name: mutating-webhook-configuration
+    version: v1
diff --git a/config/base/catalogd/webhook/standard/manifests.yaml b/config/base/catalogd/webhook/standard/manifests.yaml
@@ -0,0 +1,27 @@
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: system
+      path: /mutate-olm-operatorframework-io-v1-clustercatalog
+  failurePolicy: Fail
+  name: inject-metadata-name.olm.operatorframework.io
+  rules:
+  - apiGroups:
+    - olm.operatorframework.io
+    apiVersions:
+    - v1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - clustercatalogs
+  sideEffects: None
+  timeoutSeconds: 10
diff --git a/config/base/catalogd/webhook/standard/patch.yaml b/config/base/catalogd/webhook/standard/patch.yaml
@@ -0,0 +1,20 @@
+# None of these values can be set via the kubebuilder directive, hence this patch
+- op: replace
+  path: /webhooks/0/clientConfig/service/namespace
+  value: olmv1-system
+- op: replace
+  path: /webhooks/0/clientConfig/service/name
+  value: catalogd-service
+- op: add
+  path: /webhooks/0/clientConfig/service/port
+  value: 9443
+# Make sure there's a name defined, otherwise, we can't create a label. This could happen when generateName is set
+# Then, if any of the conditions are true, create the label:
+# 1. No labels exist
+# 2. The olm.operatorframework.io/metadata.name label doesn't exist
+# 3. The olm.operatorframework.io/metadata.name label doesn't match the name
+- op: add
+  path: /webhooks/0/matchConditions
+  value:
+    - name: MissingOrIncorrectMetadataNameLabel
+      expression: "'name' in object.metadata && (!has(object.metadata.labels) || !('olm.operatorframework.io/metadata.name' in object.metadata.labels) || object.metadata.labels['olm.operatorframework.io/metadata.name'] != object.metadata.name)"
diff --git a/config/components/base/experimental/kustomization.yaml b/config/components/base/experimental/kustomization.yaml
@@ -4,6 +4,7 @@ kind: Component
 resources:
 - ../../../base/catalogd/crd/experimental
 - ../../../base/catalogd/rbac/experimental
+- ../../../base/catalogd/webhook/experimental
 - ../../../base/operator-controller/crd/experimental
 - ../../../base/operator-controller/rbac/experimental
 # Pull in the component(s) common to standard and experimental
diff --git a/config/components/base/standard/kustomization.yaml b/config/components/base/standard/kustomization.yaml
@@ -4,6 +4,7 @@ kind: Component
 resources:
 - ../../../base/catalogd/crd/standard
 - ../../../base/catalogd/rbac/standard
+- ../../../base/catalogd/webhook/standard
 - ../../../base/operator-controller/crd/standard
 - ../../../base/operator-controller/rbac/standard
 # Pull in the component(s) common to standard and experimental
