rh-ecosystem-edge
diff --git a/‎Makefile‎
Lines changed: 40 additions & 2 deletions b/‎Makefile‎
Lines changed: 40 additions & 2 deletions
diff --git a/‎bundle-hub/manifests/kernel-module-management-hub.clusterserviceversion.yaml‎
Lines changed: 0 additions & 12 deletions b/‎bundle-hub/manifests/kernel-module-management-hub.clusterserviceversion.yaml‎
Lines changed: 0 additions & 12 deletions
diff --git a/‎bundle-hub/manifests/kmm-operator-hub-controller-metrics-service_v1_service.yaml‎
Lines changed: 0 additions & 3 deletions b/‎bundle-hub/manifests/kmm-operator-hub-controller-metrics-service_v1_service.yaml‎
Lines changed: 0 additions & 3 deletions
diff --git a/‎bundle-hub/manifests/kmm-operator-hub-controller_networking.k8s.io_v1_networkpolicy.yaml‎
Lines changed: 36 additions & 0 deletions b/‎bundle-hub/manifests/kmm-operator-hub-controller_networking.k8s.io_v1_networkpolicy.yaml‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎bundle-hub/manifests/kmm-operator-hub-webhook-service_v1_service.yaml‎
Lines changed: 0 additions & 3 deletions b/‎bundle-hub/manifests/kmm-operator-hub-webhook-service_v1_service.yaml‎
Lines changed: 0 additions & 3 deletions
diff --git a/‎bundle-hub/manifests/kmm-operator-hub-webhook_networking.k8s.io_v1_networkpolicy.yaml‎
Lines changed: 22 additions & 0 deletions b/‎bundle-hub/manifests/kmm-operator-hub-webhook_networking.k8s.io_v1_networkpolicy.yaml‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎bundle/manifests/kernel-module-management.clusterserviceversion.yaml‎
Lines changed: 0 additions & 12 deletions b/‎bundle/manifests/kernel-module-management.clusterserviceversion.yaml‎
Lines changed: 0 additions & 12 deletions
diff --git a/‎bundle/manifests/kmm-operator-controller-metrics-service_v1_service.yaml‎
Lines changed: 0 additions & 3 deletions b/‎bundle/manifests/kmm-operator-controller-metrics-service_v1_service.yaml‎
Lines changed: 0 additions & 3 deletions
diff --git a/‎bundle/manifests/kmm-operator-controller_networking.k8s.io_v1_networkpolicy.yaml‎
Lines changed: 36 additions & 0 deletions b/‎bundle/manifests/kmm-operator-controller_networking.k8s.io_v1_networkpolicy.yaml‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎bundle/manifests/kmm-operator-webhook-service_v1_service.yaml‎
Lines changed: 0 additions & 3 deletions b/‎bundle/manifests/kmm-operator-webhook-service_v1_service.yaml‎
Lines changed: 0 additions & 3 deletions
@@ -279,6 +279,22 @@ operator-sdk:
 		chmod +x ${OPERATOR_SDK}; \
 	fi
 
+.PHONY: bundle-old
+bundle-old: operator-sdk manifests kustomize ## Generate bundle manifests and metadata, then validate generated files.
+	rm -fr ./bundle
+	${OPERATOR_SDK} generate kustomize manifests --apis-dir api
+	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG) worker=$(WORKER_IMG)
+	cd config/manager-base && $(KUSTOMIZE) edit set image must-gather=$(GATHER_IMG) signer=$(SIGNER_IMG)
+	cd config/webhook-server && $(KUSTOMIZE) edit set image webhook-server=$(WEBHOOK_IMG)
+
+	OPERATOR_SDK="${OPERATOR_SDK}" \
+	BUNDLE_GEN_FLAGS="${BUNDLE_GEN_FLAGS} --extra-service-accounts kmm-operator-module-loader,kmm-operator-device-plugin" \
+	PKG=kernel-module-management \
+	SOURCE_DIR=$(dir $(realpath $(lastword $(MAKEFILE_LIST)))) \
+	./hack/generate-bundle
+
+	${OPERATOR_SDK} bundle validate ./bundle
+
 .PHONY: bundle
 bundle: operator-sdk manifests kustomize ## Generate bundle manifests and metadata, then validate generated files.
 	rm -fr ./bundle
@@ -291,9 +307,31 @@ bundle: operator-sdk manifests kustomize ## Generate bundle manifests and metada
 	BUNDLE_GEN_FLAGS="${BUNDLE_GEN_FLAGS} --extra-service-accounts kmm-operator-module-loader,kmm-operator-device-plugin" \
 	PKG=kernel-module-management \
 	SOURCE_DIR=$(dir $(realpath $(lastword $(MAKEFILE_LIST)))) \
+	INCLUDE_NETWORK_POLICIES=true \
 	./hack/generate-bundle
 
-	${OPERATOR_SDK} bundle validate ./bundle
+.PHONY: bundle-hub-old
+bundle-hub-old: operator-sdk manifests kustomize ## Generate bundle manifests and metadata, then validate generated files.
+	rm -fr bundle-hub
+
+	${OPERATOR_SDK} generate kustomize manifests \
+		--apis-dir api-hub \
+		--output-dir config/manifests-hub \
+		--package kernel-module-management-hub \
+		--input-dir config/manifests-hub
+	cd config/manager-hub && $(KUSTOMIZE) edit set image controller=$(HUB_IMG)
+	cd config/manager-base && $(KUSTOMIZE) edit set image must-gather=$(GATHER_IMG) signer=$(SIGNER_IMG)
+	cd config/webhook-server && $(KUSTOMIZE) edit set image webhook-server=$(WEBHOOK_IMG)
+
+	OPERATOR_SDK="${OPERATOR_SDK}" \
+	BUNDLE_GEN_FLAGS="${BUNDLE_GEN_FLAGS}" \
+	MANIFESTS_DIR=config/manifests-hub \
+	PKG=kernel-module-management-hub \
+	SOURCE_DIR=$(dir $(realpath $(lastword $(MAKEFILE_LIST)))) \
+	SUFFIX="-hub" \
+	./hack/generate-bundle
+
+	${OPERATOR_SDK} bundle validate ./bundle-hub
 
 .PHONY: bundle-hub
 bundle-hub: operator-sdk manifests kustomize ## Generate bundle manifests and metadata, then validate generated files.
@@ -314,9 +352,9 @@ bundle-hub: operator-sdk manifests kustomize ## Generate bundle manifests and me
 	PKG=kernel-module-management-hub \
 	SOURCE_DIR=$(dir $(realpath $(lastword $(MAKEFILE_LIST)))) \
 	SUFFIX="-hub" \
+	INCLUDE_NETWORK_POLICIES=true \
 	./hack/generate-bundle
 
-	${OPERATOR_SDK} bundle validate ./bundle-hub
 
 .PHONY: bundle-build-hub
 bundle-build-hub: ## Build the bundle-hub image.
 
@@ -245,19 +245,13 @@ spec:
           replicas: 1
           selector:
             matchLabels:
-              app.kubernetes.io/component: kmm-hub
-              app.kubernetes.io/name: kmm-hub
-              app.kubernetes.io/part-of: kmm
               control-plane: controller
           strategy: {}
           template:
             metadata:
               annotations:
                 kubectl.kubernetes.io/default-container: manager
               labels:
-                app.kubernetes.io/component: kmm-hub
-                app.kubernetes.io/name: kmm-hub
-                app.kubernetes.io/part-of: kmm
                 control-plane: controller
             spec:
               affinity:
@@ -342,19 +336,13 @@ spec:
           replicas: 1
           selector:
             matchLabels:
-              app.kubernetes.io/component: kmm-hub
-              app.kubernetes.io/name: kmm-hub
-              app.kubernetes.io/part-of: kmm
               control-plane: webhook-server
           strategy: {}
           template:
             metadata:
               annotations:
                 kubectl.kubernetes.io/default-container: webhook-server
               labels:
-                app.kubernetes.io/component: kmm-hub
-                app.kubernetes.io/name: kmm-hub
-                app.kubernetes.io/part-of: kmm
                 control-plane: webhook-server
             spec:
               affinity:
 
@@ -17,9 +17,6 @@ spec:
     protocol: TCP
     targetPort: metrics
   selector:
-    app.kubernetes.io/component: kmm-hub
-    app.kubernetes.io/name: kmm-hub
-    app.kubernetes.io/part-of: kmm
     control-plane: controller
 status:
   loadBalancer: {}
@@ -0,0 +1,36 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: controller
+  namespace: system
+spec:
+  podSelector:
+    matchLabels:
+      control-plane: controller
+  policyTypes:
+    - Egress
+    - Ingress
+  ingress:
+    - ports:
+        - protocol: TCP # metrics port
+          port: 8443
+        - protocol: TCP
+          port: 8081 # Healthz
+  egress:
+    - to:
+        - namespaceSelector: # DNS
+            matchLabels:
+              kubernetes.io/metadata.name: openshift-dns
+          podSelector:
+            matchLabels:
+              dns.operator.openshift.io/daemonset-dns: default
+      ports:
+        - protocol: UDP # DNS
+          port: 53
+        - protocol: TCP # DNS
+          port: 53
+    - ports: # kube api server
+        - protocol: TCP
+          port: 6443
+        - protocol: TCP
+          port: 443
@@ -16,9 +16,6 @@ spec:
     protocol: TCP
     targetPort: 9443
   selector:
-    app.kubernetes.io/component: kmm-hub
-    app.kubernetes.io/name: kmm-hub
-    app.kubernetes.io/part-of: kmm
     control-plane: webhook-server
 status:
   loadBalancer: {}
@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: webhook
+  namespace: system
+spec:
+  podSelector:
+    matchLabels:
+      control-plane: webhook-server
+  policyTypes:
+  - Egress
+  - Ingress
+  ingress:
+  - ports:
+    - protocol: TCP
+      port: 9443
+  egress:
+  - ports: # kube api server port
+    - protocol: TCP
+      port: 6443
+    - protocol: TCP
+      port: 443
@@ -352,19 +352,13 @@ spec:
           replicas: 1
           selector:
             matchLabels:
-              app.kubernetes.io/component: kmm
-              app.kubernetes.io/name: kmm
-              app.kubernetes.io/part-of: kmm
               control-plane: controller
           strategy: {}
           template:
             metadata:
               annotations:
                 kubectl.kubernetes.io/default-container: manager
               labels:
-                app.kubernetes.io/component: kmm
-                app.kubernetes.io/name: kmm
-                app.kubernetes.io/part-of: kmm
                 control-plane: controller
             spec:
               affinity:
@@ -451,19 +445,13 @@ spec:
           replicas: 1
           selector:
             matchLabels:
-              app.kubernetes.io/component: kmm
-              app.kubernetes.io/name: kmm
-              app.kubernetes.io/part-of: kmm
               control-plane: webhook-server
           strategy: {}
           template:
             metadata:
               annotations:
                 kubectl.kubernetes.io/default-container: webhook-server
               labels:
-                app.kubernetes.io/component: kmm
-                app.kubernetes.io/name: kmm
-                app.kubernetes.io/part-of: kmm
                 control-plane: webhook-server
             spec:
               affinity:
 
@@ -17,9 +17,6 @@ spec:
     protocol: TCP
     targetPort: metrics
   selector:
-    app.kubernetes.io/component: kmm
-    app.kubernetes.io/name: kmm
-    app.kubernetes.io/part-of: kmm
     control-plane: controller
 status:
   loadBalancer: {}
@@ -0,0 +1,36 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: controller
+  namespace: system
+spec:
+  podSelector:
+    matchLabels:
+      control-plane: controller
+  policyTypes:
+    - Egress
+    - Ingress
+  ingress:
+    - ports:
+        - protocol: TCP # metrics port
+          port: 8443
+        - protocol: TCP
+          port: 8081 # Healthz
+  egress:
+    - to:
+        - namespaceSelector: # DNS
+            matchLabels:
+              kubernetes.io/metadata.name: openshift-dns
+          podSelector:
+            matchLabels:
+              dns.operator.openshift.io/daemonset-dns: default
+      ports:
+        - protocol: UDP # DNS
+          port: 53
+        - protocol: TCP # DNS
+          port: 53
+    - ports: # kube api server
+        - protocol: TCP
+          port: 6443
+        - protocol: TCP
+          port: 443
@@ -16,9 +16,6 @@ spec:
     protocol: TCP
     targetPort: 9443
   selector:
-    app.kubernetes.io/component: kmm
-    app.kubernetes.io/name: kmm
-    app.kubernetes.io/part-of: kmm
     control-plane: webhook-server
 status:
   loadBalancer: {}