diff --git a/Makefile b/Makefile index 3e81a773b..539cd2f51 100644 --- a/Makefile +++ b/Makefile @@ -291,6 +291,7 @@ e2e-metrics: #EXHELP Request metrics from prometheus; place in ARTIFACT_PATH if http://localhost:30900/api/v1/query > $(if $(ARTIFACT_PATH),$(ARTIFACT_PATH),.)/metrics.out .PHONY: extension-developer-e2e +extension-developer-e2e: SOURCE_MANIFEST := $(STANDARD_E2E_MANIFEST) extension-developer-e2e: KIND_CLUSTER_NAME := operator-controller-ext-dev-e2e extension-developer-e2e: export INSTALL_DEFAULT_CATALOGS := false extension-developer-e2e: run image-registry test-ext-dev-e2e kind-clean #EXHELP Run extension-developer e2e on local kind cluster @@ -308,6 +309,7 @@ post-upgrade-checks: go test -count=1 -v ./test/upgrade-e2e/... .PHONY: test-upgrade-e2e +test-upgrade-e2e: SOURCE_MANIFEST := $(STANDARD_E2E_MANIFEST) test-upgrade-e2e: KIND_CLUSTER_NAME := operator-controller-upgrade-e2e test-upgrade-e2e: export TEST_CLUSTER_CATALOG_NAME := test-catalog test-upgrade-e2e: export TEST_CLUSTER_EXTENSION_NAME := test-package diff --git a/config/base/catalogd/kustomization.yaml b/config/base/catalogd/kustomization.yaml index b30ee2540..d4ebee2d5 100644 --- a/config/base/catalogd/kustomization.yaml +++ b/config/base/catalogd/kustomization.yaml @@ -1,7 +1,6 @@ # Does not include the CRD, which must be added separately (it's non-namespaced) apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: olmv1-system namePrefix: catalogd- resources: - rbac diff --git a/config/base/catalogd/manager/manager.yaml b/config/base/catalogd/manager/manager.yaml index 370813592..06199f293 100644 --- a/config/base/catalogd/manager/manager.yaml +++ b/config/base/catalogd/manager/manager.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: controller-manager - namespace: system + namespace: olmv1-system annotations: kubectl.kubernetes.io/default-logs-container: manager labels: diff --git a/config/base/catalogd/manager/network_policy.yaml b/config/base/catalogd/manager/network_policy.yaml index 853b54a37..27df08193 100644 --- a/config/base/catalogd/manager/network_policy.yaml +++ b/config/base/catalogd/manager/network_policy.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: controller-manager - namespace: system + namespace: olmv1-system spec: podSelector: matchLabels: diff --git a/config/base/catalogd/manager/service.yaml b/config/base/catalogd/manager/service.yaml index 693b687f3..4f423ae42 100644 --- a/config/base/catalogd/manager/service.yaml +++ b/config/base/catalogd/manager/service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/part-of: olm app.kubernetes.io/name: catalogd name: service - namespace: system + namespace: olmv1-system spec: selector: control-plane: catalogd-controller-manager diff --git a/config/base/catalogd/rbac/auth_proxy_role_binding.yaml b/config/base/catalogd/rbac/auth_proxy_role_binding.yaml index 2efcf8dd8..1c44eec98 100644 --- a/config/base/catalogd/rbac/auth_proxy_role_binding.yaml +++ b/config/base/catalogd/rbac/auth_proxy_role_binding.yaml @@ -12,4 +12,4 @@ roleRef: subjects: - kind: ServiceAccount name: controller-manager - namespace: system + namespace: olmv1-system diff --git a/config/base/catalogd/rbac/leader_election_role.yaml b/config/base/catalogd/rbac/leader_election_role.yaml index 37564d084..1b89e50a7 100644 --- a/config/base/catalogd/rbac/leader_election_role.yaml +++ b/config/base/catalogd/rbac/leader_election_role.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/part-of: olm app.kubernetes.io/name: catalogd name: leader-election-role + namespace: olmv1-system rules: - apiGroups: - "" diff --git a/config/base/catalogd/rbac/leader_election_role_binding.yaml b/config/base/catalogd/rbac/leader_election_role_binding.yaml index 6ad0ccf99..2f198acfa 100644 --- a/config/base/catalogd/rbac/leader_election_role_binding.yaml +++ b/config/base/catalogd/rbac/leader_election_role_binding.yaml @@ -5,6 +5,7 @@ metadata: app.kubernetes.io/part-of: olm app.kubernetes.io/name: catalogd name: leader-election-rolebinding + namespace: olmv1-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -12,4 +13,4 @@ roleRef: subjects: - kind: ServiceAccount name: controller-manager - namespace: system + namespace: olmv1-system diff --git a/config/base/catalogd/rbac/role.yaml b/config/base/catalogd/rbac/role.yaml index 0b15af0c6..c887c7c4f 100644 --- a/config/base/catalogd/rbac/role.yaml +++ b/config/base/catalogd/rbac/role.yaml @@ -35,7 +35,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: manager-role - namespace: system + namespace: olmv1-system rules: - apiGroups: - "" diff --git a/config/base/catalogd/rbac/role_binding.yaml b/config/base/catalogd/rbac/role_binding.yaml index 41dc229bc..5ebca546b 100644 --- a/config/base/catalogd/rbac/role_binding.yaml +++ b/config/base/catalogd/rbac/role_binding.yaml @@ -12,7 +12,7 @@ roleRef: subjects: - kind: ServiceAccount name: controller-manager - namespace: system + namespace: olmv1-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -21,7 +21,7 @@ metadata: app.kubernetes.io/part-of: olm app.kubernetes.io/name: catalogd name: manager-rolebinding - namespace: system + namespace: olmv1-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -29,4 +29,4 @@ roleRef: subjects: - kind: ServiceAccount name: controller-manager - namespace: system + namespace: olmv1-system diff --git a/config/base/catalogd/rbac/service_account.yaml b/config/base/catalogd/rbac/service_account.yaml index 3f0e7af74..102667ae4 100644 --- a/config/base/catalogd/rbac/service_account.yaml +++ b/config/base/catalogd/rbac/service_account.yaml @@ -5,4 +5,4 @@ metadata: app.kubernetes.io/part-of: olm app.kubernetes.io/name: catalogd name: controller-manager - namespace: system + namespace: olmv1-system diff --git a/config/base/common/namespace.yaml b/config/base/common/namespace.yaml index 99d47415f..ede0bfd8f 100644 --- a/config/base/common/namespace.yaml +++ b/config/base/common/namespace.yaml @@ -5,4 +5,4 @@ metadata: app.kubernetes.io/part-of: olm pod-security.kubernetes.io/enforce: restricted pod-security.kubernetes.io/enforce-version: latest - name: system + name: olmv1-system diff --git a/config/base/common/network_policy.yaml b/config/base/common/network_policy.yaml index 86d352975..e63015da3 100644 --- a/config/base/common/network_policy.yaml +++ b/config/base/common/network_policy.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: default-deny-all-traffic - namespace: system + namespace: olmv1-system spec: podSelector: { } policyTypes: diff --git a/config/base/operator-controller/kustomization.yaml b/config/base/operator-controller/kustomization.yaml index e10e2bbaa..500860cf6 100644 --- a/config/base/operator-controller/kustomization.yaml +++ b/config/base/operator-controller/kustomization.yaml @@ -1,7 +1,6 @@ # Does not include the CRD, which must be added separately (it's non-namespaced) apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: olmv1-system namePrefix: operator-controller- resources: - rbac diff --git a/config/base/operator-controller/manager/manager.yaml b/config/base/operator-controller/manager/manager.yaml index 611c5816c..dda835cf3 100644 --- a/config/base/operator-controller/manager/manager.yaml +++ b/config/base/operator-controller/manager/manager.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: controller-manager - namespace: system + namespace: olmv1-system annotations: kubectl.kubernetes.io/default-logs-container: manager labels: diff --git a/config/base/operator-controller/manager/network_policy.yaml b/config/base/operator-controller/manager/network_policy.yaml index 2e68beabe..1659cea05 100644 --- a/config/base/operator-controller/manager/network_policy.yaml +++ b/config/base/operator-controller/manager/network_policy.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: controller-manager - namespace: system + namespace: olmv1-system spec: podSelector: matchLabels: diff --git a/config/base/operator-controller/manager/service.yaml b/config/base/operator-controller/manager/service.yaml index b352a0aa1..752f62f8f 100644 --- a/config/base/operator-controller/manager/service.yaml +++ b/config/base/operator-controller/manager/service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: name: service - namespace: system + namespace: olmv1-system labels: control-plane: operator-controller-controller-manager spec: diff --git a/config/base/operator-controller/rbac/auth_proxy_role_binding.yaml b/config/base/operator-controller/rbac/auth_proxy_role_binding.yaml index ec7acc0a1..976e53bcd 100644 --- a/config/base/operator-controller/rbac/auth_proxy_role_binding.yaml +++ b/config/base/operator-controller/rbac/auth_proxy_role_binding.yaml @@ -9,4 +9,4 @@ roleRef: subjects: - kind: ServiceAccount name: controller-manager - namespace: system + namespace: olmv1-system diff --git a/config/base/operator-controller/rbac/leader_election_role.yaml b/config/base/operator-controller/rbac/leader_election_role.yaml index 4190ec805..ef2d330fd 100644 --- a/config/base/operator-controller/rbac/leader_election_role.yaml +++ b/config/base/operator-controller/rbac/leader_election_role.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: leader-election-role + namespace: olmv1-system rules: - apiGroups: - "" diff --git a/config/base/operator-controller/rbac/leader_election_role_binding.yaml b/config/base/operator-controller/rbac/leader_election_role_binding.yaml index 1d1321ed4..f0c49d7fd 100644 --- a/config/base/operator-controller/rbac/leader_election_role_binding.yaml +++ b/config/base/operator-controller/rbac/leader_election_role_binding.yaml @@ -2,6 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: leader-election-rolebinding + namespace: olmv1-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -9,4 +10,4 @@ roleRef: subjects: - kind: ServiceAccount name: controller-manager - namespace: system + namespace: olmv1-system diff --git a/config/base/operator-controller/rbac/role.yaml b/config/base/operator-controller/rbac/role.yaml index d18eb4c6c..bb1cbe626 100644 --- a/config/base/operator-controller/rbac/role.yaml +++ b/config/base/operator-controller/rbac/role.yaml @@ -62,7 +62,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: manager-role - namespace: system + namespace: olmv1-system rules: - apiGroups: - "" diff --git a/config/base/operator-controller/rbac/role_binding.yaml b/config/base/operator-controller/rbac/role_binding.yaml index fa331e3d4..430b599b3 100644 --- a/config/base/operator-controller/rbac/role_binding.yaml +++ b/config/base/operator-controller/rbac/role_binding.yaml @@ -9,13 +9,13 @@ roleRef: subjects: - kind: ServiceAccount name: controller-manager - namespace: system + namespace: olmv1-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: manager-rolebinding - namespace: system + namespace: olmv1-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -23,4 +23,4 @@ roleRef: subjects: - kind: ServiceAccount name: controller-manager - namespace: system + namespace: olmv1-system diff --git a/config/base/operator-controller/rbac/service_account.yaml b/config/base/operator-controller/rbac/service_account.yaml index 7cd6025bf..22f830f73 100644 --- a/config/base/operator-controller/rbac/service_account.yaml +++ b/config/base/operator-controller/rbac/service_account.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: ServiceAccount metadata: name: controller-manager - namespace: system + namespace: olmv1-system diff --git a/config/components/cert-manager/catalogd/kustomization.yaml b/config/components/cert-manager/catalogd/kustomization.yaml index f603a0099..1e14d0abf 100644 --- a/config/components/cert-manager/catalogd/kustomization.yaml +++ b/config/components/cert-manager/catalogd/kustomization.yaml @@ -1,6 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component -namespace: olmv1-system resources: - resources/certificate.yaml patches: diff --git a/config/components/cert-manager/catalogd/resources/certificate.yaml b/config/components/cert-manager/catalogd/resources/certificate.yaml index cacb0bc9b..63375760c 100644 --- a/config/components/cert-manager/catalogd/resources/certificate.yaml +++ b/config/components/cert-manager/catalogd/resources/certificate.yaml @@ -2,7 +2,7 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: catalogd-service-cert - namespace: system + namespace: olmv1-system spec: secretName: catalogd-service-cert-git-version dnsNames: diff --git a/config/components/cert-manager/operator-controller/kustomization.yaml b/config/components/cert-manager/operator-controller/kustomization.yaml index 6c4e13975..9f276280f 100644 --- a/config/components/cert-manager/operator-controller/kustomization.yaml +++ b/config/components/cert-manager/operator-controller/kustomization.yaml @@ -1,6 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component -namespace: olmv1-system resources: - resources/manager_cert.yaml patches: diff --git a/config/components/cert-manager/operator-controller/resources/manager_cert.yaml b/config/components/cert-manager/operator-controller/resources/manager_cert.yaml index 96f131b7e..c001d946a 100644 --- a/config/components/cert-manager/operator-controller/resources/manager_cert.yaml +++ b/config/components/cert-manager/operator-controller/resources/manager_cert.yaml @@ -2,6 +2,7 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: olmv1-cert + namespace: olmv1-system spec: secretName: olmv1-cert dnsNames: diff --git a/config/components/e2e/coverage/kustomization.yaml b/config/components/e2e/coverage/kustomization.yaml index 6d3084989..7679914bd 100644 --- a/config/components/e2e/coverage/kustomization.yaml +++ b/config/components/e2e/coverage/kustomization.yaml @@ -1,6 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component -namespace: olmv1-system resources: - manager_e2e_coverage_pvc.yaml - manager_e2e_coverage_copy_pod.yaml diff --git a/config/components/e2e/coverage/manager_e2e_coverage_copy_pod.yaml b/config/components/e2e/coverage/manager_e2e_coverage_copy_pod.yaml index 7794ba97d..5c5c97bf7 100644 --- a/config/components/e2e/coverage/manager_e2e_coverage_copy_pod.yaml +++ b/config/components/e2e/coverage/manager_e2e_coverage_copy_pod.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Pod metadata: name: e2e-coverage-copy-pod + namespace: olmv1-system spec: restartPolicy: Never securityContext: diff --git a/config/components/e2e/coverage/manager_e2e_coverage_pvc.yaml b/config/components/e2e/coverage/manager_e2e_coverage_pvc.yaml index 126d4d4e6..02c84acfd 100644 --- a/config/components/e2e/coverage/manager_e2e_coverage_pvc.yaml +++ b/config/components/e2e/coverage/manager_e2e_coverage_pvc.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: e2e-coverage + namespace: olmv1-system spec: accessModes: - ReadWriteOnce diff --git a/config/components/e2e/kustomization.yaml b/config/components/e2e/kustomization.yaml index 8809ed0f6..dcb9e289a 100644 --- a/config/components/e2e/kustomization.yaml +++ b/config/components/e2e/kustomization.yaml @@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component components: - coverage -- registries-conf +- registry diff --git a/config/components/e2e/registry/certificate.yaml b/config/components/e2e/registry/certificate.yaml new file mode 100644 index 000000000..39492bae5 --- /dev/null +++ b/config/components/e2e/registry/certificate.yaml @@ -0,0 +1,20 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: operator-controller-e2e-registry + namespace: operator-controller-e2e +spec: + secretName: operator-controller-e2e-registry + isCA: true + dnsNames: + - docker-registry.operator-controller-e2e.svc + - docker-registry.operator-controller-e2e.svc.cluster.local + - docker-registry-controller-manager-metrics-service.operator-controller-e2e.svc + - docker-registry-controller-manager-metrics-service.operator-controller-e2e.svc.cluster.local + privateKey: + algorithm: ECDSA + size: 256 + issuerRef: + name: olmv1-ca + kind: ClusterIssuer + group: cert-manager.io diff --git a/config/components/e2e/registries-conf/registries_conf_configmap.yaml b/config/components/e2e/registry/configmap.yaml similarity index 91% rename from config/components/e2e/registries-conf/registries_conf_configmap.yaml rename to config/components/e2e/registry/configmap.yaml index 2604c78f5..e216113a7 100644 --- a/config/components/e2e/registries-conf/registries_conf_configmap.yaml +++ b/config/components/e2e/registry/configmap.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: e2e-registries-conf - namespace: system + namespace: olmv1-system data: registries.conf: | [[registry]] diff --git a/config/components/e2e/registry/deployment.yaml b/config/components/e2e/registry/deployment.yaml new file mode 100644 index 000000000..e57f2b711 --- /dev/null +++ b/config/components/e2e/registry/deployment.yaml @@ -0,0 +1,35 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: docker-registry + namespace: operator-controller-e2e + labels: + app: registry +spec: + replicas: 1 + selector: + matchLabels: + app: registry + template: + metadata: + labels: + app: registry + spec: + containers: + - name: registry + image: registry:3 + imagePullPolicy: IfNotPresent + volumeMounts: + - name: certs-vol + mountPath: "/certs" + env: + - name: REGISTRY_HTTP_ADDR + value: ":5000" + - name: REGISTRY_HTTP_TLS_CERTIFICATE + value: "/certs/tls.crt" + - name: REGISTRY_HTTP_TLS_KEY + value: "/certs/tls.key" + volumes: + - name: certs-vol + secret: + secretName: operator-controller-e2e-registry diff --git a/config/components/e2e/registries-conf/kustomization.yaml b/config/components/e2e/registry/kustomization.yaml similarity index 59% rename from config/components/e2e/registries-conf/kustomization.yaml rename to config/components/e2e/registry/kustomization.yaml index e48262429..ba054b655 100644 --- a/config/components/e2e/registries-conf/kustomization.yaml +++ b/config/components/e2e/registry/kustomization.yaml @@ -1,7 +1,10 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component -namespace: olmv1-system resources: -- registries_conf_configmap.yaml +- certificate.yaml +- deployment.yaml +- configmap.yaml +- service.yaml +- namespace.yaml patches: - path: manager_e2e_registries_conf_patch.yaml diff --git a/config/components/e2e/registries-conf/manager_e2e_registries_conf_patch.yaml b/config/components/e2e/registry/manager_e2e_registries_conf_patch.yaml similarity index 100% rename from config/components/e2e/registries-conf/manager_e2e_registries_conf_patch.yaml rename to config/components/e2e/registry/manager_e2e_registries_conf_patch.yaml diff --git a/config/components/e2e/registry/namespace.yaml b/config/components/e2e/registry/namespace.yaml new file mode 100644 index 000000000..75a289773 --- /dev/null +++ b/config/components/e2e/registry/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: operator-controller-e2e diff --git a/config/components/e2e/registry/service.yaml b/config/components/e2e/registry/service.yaml new file mode 100644 index 000000000..dc4cdfce0 --- /dev/null +++ b/config/components/e2e/registry/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: docker-registry + namespace: operator-controller-e2e +spec: + selector: + app: registry + ports: + - name: http + port: 5000 + targetPort: 5000 + nodePort: 30000 + type: NodePort diff --git a/internal/catalogd/controllers/core/clustercatalog_controller.go b/internal/catalogd/controllers/core/clustercatalog_controller.go index ec3dc525d..32ed52e0a 100644 --- a/internal/catalogd/controllers/core/clustercatalog_controller.go +++ b/internal/catalogd/controllers/core/clustercatalog_controller.go @@ -79,8 +79,8 @@ type storedCatalogData struct { //+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clustercatalogs,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clustercatalogs/status,verbs=get;update;patch //+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clustercatalogs/finalizers,verbs=update -//+kubebuilder:rbac:namespace=system,groups=core,resources=secrets,verbs=get;list;watch -//+kubebuilder:rbac:namespace=system,groups=core,resources=serviceaccounts,verbs=get;list;watch +//+kubebuilder:rbac:namespace=olmv1-system,groups=core,resources=secrets,verbs=get;list;watch +//+kubebuilder:rbac:namespace=olmv1-system,groups=core,resources=serviceaccounts,verbs=get;list;watch // Reconcile is part of the main kubernetes reconciliation loop which aims to // move the current state of the cluster closer to the desired state. diff --git a/internal/operator-controller/controllers/clusterextension_controller.go b/internal/operator-controller/controllers/clusterextension_controller.go index 5b180d9cc..24824bfd1 100644 --- a/internal/operator-controller/controllers/clusterextension_controller.go +++ b/internal/operator-controller/controllers/clusterextension_controller.go @@ -93,9 +93,9 @@ type InstalledBundleGetter interface { //+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clusterextensions,verbs=get;list;watch;update;patch //+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clusterextensions/status,verbs=update;patch //+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clusterextensions/finalizers,verbs=update -//+kubebuilder:rbac:namespace=system,groups=core,resources=secrets,verbs=create;update;patch;delete;deletecollection;get;list;watch +//+kubebuilder:rbac:namespace=olmv1-system,groups=core,resources=secrets,verbs=create;update;patch;delete;deletecollection;get;list;watch //+kubebuilder:rbac:groups=core,resources=serviceaccounts/token,verbs=create -//+kubebuilder:rbac:namespace=system,groups=core,resources=serviceaccounts,verbs=get;list;watch +//+kubebuilder:rbac:namespace=olmv1-system,groups=core,resources=serviceaccounts,verbs=get;list;watch //+kubebuilder:rbac:groups=apiextensions.k8s.io,resources=customresourcedefinitions,verbs=get //+kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterroles;clusterrolebindings;roles;rolebindings,verbs=list;watch diff --git a/manifests/experimental-e2e.yaml b/manifests/experimental-e2e.yaml index f721f8f42..d34ac9add 100644 --- a/manifests/experimental-e2e.yaml +++ b/manifests/experimental-e2e.yaml @@ -9,6 +9,13 @@ metadata: pod-security.kubernetes.io/enforce-version: latest name: olmv1-system --- +apiVersion: v1 +kind: Namespace +metadata: + annotations: + olm.operatorframework.io/feature-set: experimental + name: operator-controller-e2e +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1596,6 +1603,23 @@ spec: control-plane: operator-controller-controller-manager --- apiVersion: v1 +kind: Service +metadata: + annotations: + olm.operatorframework.io/feature-set: experimental + name: docker-registry + namespace: operator-controller-e2e +spec: + ports: + - name: http + nodePort: 30000 + port: 5000 + targetPort: 5000 + selector: + app: registry + type: NodePort +--- +apiVersion: v1 kind: PersistentVolumeClaim metadata: annotations: @@ -1855,6 +1879,46 @@ spec: optional: false secretName: olmv1-cert --- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + olm.operatorframework.io/feature-set: experimental + labels: + app: registry + name: docker-registry + namespace: operator-controller-e2e +spec: + replicas: 1 + selector: + matchLabels: + app: registry + template: + metadata: + annotations: + olm.operatorframework.io/feature-set: experimental + labels: + app: registry + spec: + containers: + - env: + - name: REGISTRY_HTTP_ADDR + value: :5000 + - name: REGISTRY_HTTP_TLS_CERTIFICATE + value: /certs/tls.crt + - name: REGISTRY_HTTP_TLS_KEY + value: /certs/tls.key + image: registry:3 + imagePullPolicy: IfNotPresent + name: registry + volumeMounts: + - mountPath: /certs + name: certs-vol + volumes: + - name: certs-vol + secret: + secretName: operator-controller-e2e-registry +--- apiVersion: cert-manager.io/v1 kind: Certificate metadata: @@ -1919,6 +1983,29 @@ spec: secretName: olmv1-cert --- apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + annotations: + olm.operatorframework.io/feature-set: experimental + name: operator-controller-e2e-registry + namespace: operator-controller-e2e +spec: + dnsNames: + - docker-registry.operator-controller-e2e.svc + - docker-registry.operator-controller-e2e.svc.cluster.local + - docker-registry-controller-manager-metrics-service.operator-controller-e2e.svc + - docker-registry-controller-manager-metrics-service.operator-controller-e2e.svc.cluster.local + isCA: true + issuerRef: + group: cert-manager.io + kind: ClusterIssuer + name: olmv1-ca + privateKey: + algorithm: ECDSA + size: 256 + secretName: operator-controller-e2e-registry +--- +apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: annotations: diff --git a/manifests/standard-e2e.yaml b/manifests/standard-e2e.yaml index a8aff9838..a8815ae4b 100644 --- a/manifests/standard-e2e.yaml +++ b/manifests/standard-e2e.yaml @@ -9,6 +9,13 @@ metadata: pod-security.kubernetes.io/enforce-version: latest name: olmv1-system --- +apiVersion: v1 +kind: Namespace +metadata: + annotations: + olm.operatorframework.io/feature-set: standard-e2e + name: operator-controller-e2e +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1589,6 +1596,23 @@ spec: control-plane: operator-controller-controller-manager --- apiVersion: v1 +kind: Service +metadata: + annotations: + olm.operatorframework.io/feature-set: standard-e2e + name: docker-registry + namespace: operator-controller-e2e +spec: + ports: + - name: http + nodePort: 30000 + port: 5000 + targetPort: 5000 + selector: + app: registry + type: NodePort +--- +apiVersion: v1 kind: PersistentVolumeClaim metadata: annotations: @@ -1842,6 +1866,46 @@ spec: optional: false secretName: olmv1-cert --- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + olm.operatorframework.io/feature-set: standard-e2e + labels: + app: registry + name: docker-registry + namespace: operator-controller-e2e +spec: + replicas: 1 + selector: + matchLabels: + app: registry + template: + metadata: + annotations: + olm.operatorframework.io/feature-set: standard-e2e + labels: + app: registry + spec: + containers: + - env: + - name: REGISTRY_HTTP_ADDR + value: :5000 + - name: REGISTRY_HTTP_TLS_CERTIFICATE + value: /certs/tls.crt + - name: REGISTRY_HTTP_TLS_KEY + value: /certs/tls.key + image: registry:3 + imagePullPolicy: IfNotPresent + name: registry + volumeMounts: + - mountPath: /certs + name: certs-vol + volumes: + - name: certs-vol + secret: + secretName: operator-controller-e2e-registry +--- apiVersion: cert-manager.io/v1 kind: Certificate metadata: @@ -1906,6 +1970,29 @@ spec: secretName: olmv1-cert --- apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + annotations: + olm.operatorframework.io/feature-set: standard-e2e + name: operator-controller-e2e-registry + namespace: operator-controller-e2e +spec: + dnsNames: + - docker-registry.operator-controller-e2e.svc + - docker-registry.operator-controller-e2e.svc.cluster.local + - docker-registry-controller-manager-metrics-service.operator-controller-e2e.svc + - docker-registry-controller-manager-metrics-service.operator-controller-e2e.svc.cluster.local + isCA: true + issuerRef: + group: cert-manager.io + kind: ClusterIssuer + name: olmv1-ca + privateKey: + algorithm: ECDSA + size: 256 + secretName: operator-controller-e2e-registry +--- +apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: annotations: diff --git a/testdata/build-test-registry.sh b/testdata/build-test-registry.sh index 3d92a726f..8a4e2a0c4 100755 --- a/testdata/build-test-registry.sh +++ b/testdata/build-test-registry.sh @@ -25,83 +25,6 @@ namespace=$1 name=$2 image=$3 -kubectl apply -f - << EOF -apiVersion: v1 -kind: Namespace -metadata: - name: ${namespace} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: ${namespace}-registry - namespace: ${namespace} -spec: - secretName: ${namespace}-registry - isCA: true - dnsNames: - - ${name}.${namespace}.svc - - ${name}.${namespace}.svc.cluster.local - - ${name}-controller-manager-metrics-service.${namespace}.svc - - ${name}-controller-manager-metrics-service.${namespace}.svc.cluster.local - privateKey: - algorithm: ECDSA - size: 256 - issuerRef: - name: olmv1-ca - kind: ClusterIssuer - group: cert-manager.io ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: ${name} - namespace: ${namespace} - labels: - app: registry -spec: - replicas: 1 - selector: - matchLabels: - app: registry - template: - metadata: - labels: - app: registry - spec: - containers: - - name: registry - image: registry:3 - imagePullPolicy: IfNotPresent - volumeMounts: - - name: certs-vol - mountPath: "/certs" - env: - - name: REGISTRY_HTTP_TLS_CERTIFICATE - value: "/certs/tls.crt" - - name: REGISTRY_HTTP_TLS_KEY - value: "/certs/tls.key" - volumes: - - name: certs-vol - secret: - secretName: ${namespace}-registry ---- -apiVersion: v1 -kind: Service -metadata: - name: ${name} - namespace: ${namespace} -spec: - selector: - app: registry - ports: - - name: http - port: 5000 - targetPort: 5000 - nodePort: 30000 - type: NodePort -EOF - kubectl wait --for=condition=Available -n "${namespace}" "deploy/${name}" --timeout=60s kubectl apply -f - << EOF