operator-framework · openshift-merge-bot · Jul 16, 2025 · Jul 3, 2025
@@ -1,7 +1,6 @@
 # Does not include the CRD, which must be added separately (it's non-namespaced)
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-namespace: olmv1-system
 namePrefix: catalogd-
 resources:
 - rbac

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: controller-manager
-  namespace: system
+  namespace: olmv1-system
   annotations:
     kubectl.kubernetes.io/default-logs-container: manager
   labels:

@@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   name: controller-manager
-  namespace: system
+  namespace: olmv1-system
 spec:
   podSelector:
     matchLabels:

@@ -5,7 +5,7 @@ metadata:
       app.kubernetes.io/part-of: olm
       app.kubernetes.io/name: catalogd
   name: service
-  namespace: system
+  namespace: olmv1-system
 spec:
   selector:
     control-plane: catalogd-controller-manager

@@ -12,4 +12,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: controller-manager
-  namespace: system
+  namespace: olmv1-system
@@ -6,6 +6,7 @@ metadata:
     app.kubernetes.io/part-of: olm
     app.kubernetes.io/name: catalogd
   name: leader-election-role
+  namespace: olmv1-system
 rules:
 - apiGroups:
   - ""

@@ -5,11 +5,12 @@ metadata:
     app.kubernetes.io/part-of: olm
     app.kubernetes.io/name: catalogd
   name: leader-election-rolebinding
+  namespace: olmv1-system
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: leader-election-role
 subjects:
 - kind: ServiceAccount
   name: controller-manager
-  namespace: system
+  namespace: olmv1-system
@@ -35,7 +35,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: manager-role
-  namespace: system
+  namespace: olmv1-system
 rules:
 - apiGroups:
   - ""

@@ -12,7 +12,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: controller-manager
-  namespace: system
+  namespace: olmv1-system
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -21,12 +21,12 @@ metadata:
     app.kubernetes.io/part-of: olm
     app.kubernetes.io/name: catalogd
   name: manager-rolebinding
-  namespace: system
+  namespace: olmv1-system
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: manager-role
 subjects:
   - kind: ServiceAccount
     name: controller-manager
-    namespace: system
+    namespace: olmv1-system
@@ -5,4 +5,4 @@ metadata:
     app.kubernetes.io/part-of: olm
     app.kubernetes.io/name: catalogd
   name: controller-manager
-  namespace: system
+  namespace: olmv1-system
@@ -5,4 +5,4 @@ metadata:
     app.kubernetes.io/part-of: olm
     pod-security.kubernetes.io/enforce: restricted
     pod-security.kubernetes.io/enforce-version: latest
-  name: system
+  name: olmv1-system
@@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   name: default-deny-all-traffic
-  namespace: system
+  namespace: olmv1-system
 spec:
   podSelector: { }
   policyTypes:

@@ -1,7 +1,6 @@
 # Does not include the CRD, which must be added separately (it's non-namespaced)
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-namespace: olmv1-system
 namePrefix: operator-controller-
 resources:
 - rbac

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: controller-manager
-  namespace: system
+  namespace: olmv1-system
   annotations:
     kubectl.kubernetes.io/default-logs-container: manager
   labels:

@@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   name: controller-manager
-  namespace: system
+  namespace: olmv1-system
 spec:
   podSelector:
     matchLabels:

@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: service
-  namespace: system
+  namespace: olmv1-system
   labels:
     control-plane: operator-controller-controller-manager
 spec:

@@ -9,4 +9,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: controller-manager
-  namespace: system
+  namespace: olmv1-system
@@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: leader-election-role
+  namespace: olmv1-system
 rules:
 - apiGroups:
   - ""

@@ -2,11 +2,12 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: leader-election-rolebinding
+  namespace: olmv1-system
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: leader-election-role
 subjects:
 - kind: ServiceAccount
   name: controller-manager
-  namespace: system
+  namespace: olmv1-system
@@ -62,7 +62,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: manager-role
-  namespace: system
+  namespace: olmv1-system
 rules:
 - apiGroups:
   - ""

@@ -9,18 +9,18 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: controller-manager
-  namespace: system
+  namespace: olmv1-system
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: manager-rolebinding
-  namespace: system
+  namespace: olmv1-system
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: manager-role
 subjects:
   - kind: ServiceAccount
     name: controller-manager
-    namespace: system
+    namespace: olmv1-system
@@ -2,4 +2,4 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: controller-manager
-  namespace: system
+  namespace: olmv1-system
@@ -1,6 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1alpha1
 kind: Component
-namespace: olmv1-system
 resources:
 - resources/certificate.yaml
 patches:

@@ -2,7 +2,7 @@ apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: catalogd-service-cert
-  namespace: system
+  namespace: olmv1-system
 spec:
   secretName: catalogd-service-cert-git-version
   dnsNames:

@@ -1,6 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1alpha1
 kind: Component
-namespace: olmv1-system
 resources:
 - resources/manager_cert.yaml
 patches:

@@ -2,6 +2,7 @@ apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: olmv1-cert
+  namespace: olmv1-system
 spec:
   secretName: olmv1-cert
   dnsNames:

@@ -1,6 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1alpha1
 kind: Component
-namespace: olmv1-system
 resources:
 - manager_e2e_coverage_pvc.yaml
 - manager_e2e_coverage_copy_pod.yaml

@@ -2,6 +2,7 @@ apiVersion: v1
 kind: Pod
 metadata:
   name: e2e-coverage-copy-pod
+  namespace: olmv1-system
 spec:
   restartPolicy: Never
   securityContext:

@@ -2,6 +2,7 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: e2e-coverage
+  namespace: olmv1-system
 spec:
   accessModes:
     - ReadWriteOnce

@@ -1,6 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1alpha1
 kind: Component
-namespace: olmv1-system
 resources:
 - registries_conf_configmap.yaml
 patches:

@@ -2,7 +2,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: e2e-registries-conf
-  namespace: system
+  namespace: olmv1-system
 data:
   registries.conf: |
     [[registry]]

@@ -79,8 +79,8 @@ type storedCatalogData struct {
 //+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clustercatalogs,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clustercatalogs/status,verbs=get;update;patch
 //+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clustercatalogs/finalizers,verbs=update
-//+kubebuilder:rbac:namespace=system,groups=core,resources=secrets,verbs=get;list;watch
-//+kubebuilder:rbac:namespace=system,groups=core,resources=serviceaccounts,verbs=get;list;watch
+//+kubebuilder:rbac:namespace=olmv1-system,groups=core,resources=secrets,verbs=get;list;watch
+//+kubebuilder:rbac:namespace=olmv1-system,groups=core,resources=serviceaccounts,verbs=get;list;watch
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.

@@ -93,9 +93,9 @@ type InstalledBundleGetter interface {
 //+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clusterextensions,verbs=get;list;watch;update;patch
 //+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clusterextensions/status,verbs=update;patch
 //+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clusterextensions/finalizers,verbs=update
-//+kubebuilder:rbac:namespace=system,groups=core,resources=secrets,verbs=create;update;patch;delete;deletecollection;get;list;watch
+//+kubebuilder:rbac:namespace=olmv1-system,groups=core,resources=secrets,verbs=create;update;patch;delete;deletecollection;get;list;watch
 //+kubebuilder:rbac:groups=core,resources=serviceaccounts/token,verbs=create
-//+kubebuilder:rbac:namespace=system,groups=core,resources=serviceaccounts,verbs=get;list;watch
+//+kubebuilder:rbac:namespace=olmv1-system,groups=core,resources=serviceaccounts,verbs=get;list;watch
 //+kubebuilder:rbac:groups=apiextensions.k8s.io,resources=customresourcedefinitions,verbs=get
 //+kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterroles;clusterrolebindings;roles;rolebindings,verbs=list;watch
 

@@ -3,6 +3,39 @@ set -euo pipefail
 IFS=$'\n\t'
 
 olmv1_manifest=$MANIFEST
+olmv1_namespace=olmv1-system
+
+usage() {
+    cmd=$(basename $0)
+    cat <<EOF
+NAME
+    ${cmd} - install OLMv1 into a cluster
+
+SYNOPSIS
+    ${cmd} [-n <namespace>] [-h]
+
+DESCRIPTION
+    Installs OLMv1 in the provided <namespace> with cert-manager.
+    A kubernetes configuration must already be present.
+
+    -n <namespace>
+        install OLMv1 in the given <namespace>. Defaults to olmv1-system.
+
+    -h
+        help (this text)
+EOF
+    exit 0
+}
+
+
+while getopts n:h opt; do
+    case ${opt} in
+        n) olmv1_namespace=${OPTARG} ;;
+        h) usage ;;
+        *) echo "Unknown option" >&2
+           exit 1
+    esac
+done
 
 if [[ -z "$olmv1_manifest" ]]; then
     echo "Error: Missing required MANIFEST variable"
@@ -69,11 +102,16 @@ kubectl_wait "cert-manager" "deployment/cert-manager" "60s"
 kubectl_wait_for_query "mutatingwebhookconfigurations/cert-manager-webhook" '{.webhooks[0].clientConfig.caBundle}' 60 5
 kubectl_wait_for_query "validatingwebhookconfigurations/cert-manager-webhook" '{.webhooks[0].clientConfig.caBundle}' 60 5
 
-kubectl apply -f "${olmv1_manifest}"
+# Change the file into a file:// url
+if [ -f "${olmv1_manifest}" ]; then
+    olmv1_manifest=file://localhost$(realpath ${olmv1_manifest})
+fi
+
+curl -L -s "${olmv1_manifest}" | sed "s/olmv1-system/${olmv1_namespace}/g" | kubectl apply -f -
 # Wait for the rollout, and then wait for the deployment to be Available
-kubectl_wait_rollout "olmv1-system" "deployment/catalogd-controller-manager" "60s"
-kubectl_wait "olmv1-system" "deployment/catalogd-controller-manager" "60s"
-kubectl_wait "olmv1-system" "deployment/operator-controller-controller-manager" "60s"
+kubectl_wait_rollout "${olmv1_namespace}" "deployment/catalogd-controller-manager" "60s"
+kubectl_wait "${olmv1_namespace}" "deployment/catalogd-controller-manager" "60s"
+kubectl_wait "${olmv1_namespace}" "deployment/operator-controller-controller-manager" "60s"
 
 if [[ "${install_default_catalogs}" != "false" ]]; then
     kubectl apply -f "${default_catalogs_manifest}"