From 4814559510e9c749b6a0e5e3e89b3fcd9a2db735 Mon Sep 17 00:00:00 2001 From: Anik Bhattacharjee Date: Thu, 7 Aug 2025 13:00:11 -0400 Subject: [PATCH] OCPBUGS-59570, OCPBUGS-59566: Move Network Policy manifests The manifests are in the wrong place currently. This repository has static manifests that get copied to the container image during build time, from a static location (the `/manifests` folder). Moving over the NetworkPolicy manifests to the right location so that they're actually applied on cluster. Also include neccessary annotations that were missing previously, without which the CVO won't apply the manifests: ``` annotations: include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" capability.openshift.io/name: "marketplace" ``` Signed-off-by: Anik Bhattacharjee --- config/networkpolicy/default-deny.yaml | 11 ----------- config/networkpolicy/kustomization.yaml | 5 ----- manifests/13_networkpolicy_default-deny.yaml | 15 +++++++++++++++ .../14_networkpolicy_marketplace-operator.yaml | 4 ++++ .../15_networkpolicy_unpack-bundles.yaml | 4 ++++ 5 files changed, 23 insertions(+), 16 deletions(-) delete mode 100644 config/networkpolicy/default-deny.yaml delete mode 100644 config/networkpolicy/kustomization.yaml create mode 100644 manifests/13_networkpolicy_default-deny.yaml rename config/networkpolicy/marketplace-operator.yaml => manifests/14_networkpolicy_marketplace-operator.yaml (70%) rename config/networkpolicy/unpack-bundles.yaml => manifests/15_networkpolicy_unpack-bundles.yaml (67%) diff --git a/config/networkpolicy/default-deny.yaml b/config/networkpolicy/default-deny.yaml deleted file mode 100644 index 9f6c3354b..000000000 --- a/config/networkpolicy/default-deny.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: default-deny-all - namespace: openshift-marketplace -spec: - podSelector: {} - policyTypes: - - Ingress - - Egress - diff --git a/config/networkpolicy/kustomization.yaml b/config/networkpolicy/kustomization.yaml deleted file mode 100644 index 41e021307..000000000 --- a/config/networkpolicy/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -resources: - - default-deny.yaml - - marketplace-operator.yaml - - unpack-bundles.yaml - diff --git a/manifests/13_networkpolicy_default-deny.yaml b/manifests/13_networkpolicy_default-deny.yaml new file mode 100644 index 000000000..5ab35c63f --- /dev/null +++ b/manifests/13_networkpolicy_default-deny.yaml @@ -0,0 +1,15 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-deny-all + namespace: openshift-marketplace + annotations: + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + capability.openshift.io/name: "marketplace" +spec: + podSelector: {} + policyTypes: + - Ingress + - Egress + diff --git a/config/networkpolicy/marketplace-operator.yaml b/manifests/14_networkpolicy_marketplace-operator.yaml similarity index 70% rename from config/networkpolicy/marketplace-operator.yaml rename to manifests/14_networkpolicy_marketplace-operator.yaml index 06ed73999..95b557af1 100644 --- a/config/networkpolicy/marketplace-operator.yaml +++ b/manifests/14_networkpolicy_marketplace-operator.yaml @@ -3,6 +3,10 @@ kind: NetworkPolicy metadata: name: marketplace-operator namespace: openshift-marketplace + annotations: + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + capability.openshift.io/name: "marketplace" spec: podSelector: matchLabels: diff --git a/config/networkpolicy/unpack-bundles.yaml b/manifests/15_networkpolicy_unpack-bundles.yaml similarity index 67% rename from config/networkpolicy/unpack-bundles.yaml rename to manifests/15_networkpolicy_unpack-bundles.yaml index f11e382b7..ae0317699 100644 --- a/config/networkpolicy/unpack-bundles.yaml +++ b/manifests/15_networkpolicy_unpack-bundles.yaml @@ -3,6 +3,10 @@ kind: NetworkPolicy metadata: name: unpack-bundles namespace: openshift-marketplace + annotations: + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + capability.openshift.io/name: "marketplace" spec: podSelector: matchExpressions: