openshift
diff --git a/‎openshift/generate-manifests.sh
Lines changed: 24 additions & 1 deletion b/‎openshift/generate-manifests.sh
Lines changed: 24 additions & 1 deletion
diff --git a/‎openshift/kustomize/overlays/openshift/kustomization.yaml
Lines changed: 2 additions & 26 deletions b/‎openshift/kustomize/overlays/openshift/kustomization.yaml
Lines changed: 2 additions & 26 deletions
diff --git a/‎openshift/kustomize/overlays/openshift/olmv1-ns/kustomization.yaml
Lines changed: 27 additions & 0 deletions b/‎openshift/kustomize/overlays/openshift/olmv1-ns/kustomization.yaml
Lines changed: 27 additions & 0 deletions
diff --git a/‎openshift/kustomize/overlays/openshift/patches/manager_deployment_ca.yaml renamed to ‎openshift/kustomize/overlays/openshift/olmv1-ns/patches/manager_deployment_ca.yaml b/‎openshift/kustomize/overlays/openshift/patches/manager_deployment_ca.yaml renamed to ‎openshift/kustomize/overlays/openshift/olmv1-ns/patches/manager_deployment_ca.yaml
diff --git a/‎openshift/kustomize/overlays/openshift/patches/manager_deployment_log_verbosity.yaml renamed to ‎openshift/kustomize/overlays/openshift/olmv1-ns/patches/manager_deployment_log_verbosity.yaml b/‎openshift/kustomize/overlays/openshift/patches/manager_deployment_log_verbosity.yaml renamed to ‎openshift/kustomize/overlays/openshift/olmv1-ns/patches/manager_deployment_log_verbosity.yaml
diff --git a/‎openshift/kustomize/overlays/openshift/patches/manager_deployment_mount_etc_containers.yaml renamed to ‎openshift/kustomize/overlays/openshift/olmv1-ns/patches/manager_deployment_mount_etc_containers.yaml b/‎openshift/kustomize/overlays/openshift/patches/manager_deployment_mount_etc_containers.yaml renamed to ‎openshift/kustomize/overlays/openshift/olmv1-ns/patches/manager_deployment_mount_etc_containers.yaml
diff --git a/‎openshift/kustomize/overlays/openshift/patches/manager_namespace_privileged.yaml renamed to ‎openshift/kustomize/overlays/openshift/olmv1-ns/patches/manager_namespace_privileged.yaml b/‎openshift/kustomize/overlays/openshift/patches/manager_namespace_privileged.yaml renamed to ‎openshift/kustomize/overlays/openshift/olmv1-ns/patches/manager_namespace_privileged.yaml
diff --git a/‎openshift/kustomize/overlays/openshift/patches/manager_role.yaml renamed to ‎openshift/kustomize/overlays/openshift/olmv1-ns/patches/manager_role.yaml b/‎openshift/kustomize/overlays/openshift/patches/manager_role.yaml renamed to ‎openshift/kustomize/overlays/openshift/olmv1-ns/patches/manager_role.yaml
diff --git a/‎openshift/kustomize/overlays/openshift/resources/ca_configmap.yaml renamed to ‎openshift/kustomize/overlays/openshift/olmv1-ns/resources/ca_configmap.yaml b/‎openshift/kustomize/overlays/openshift/resources/ca_configmap.yaml renamed to ‎openshift/kustomize/overlays/openshift/olmv1-ns/resources/ca_configmap.yaml
diff --git a/‎openshift/kustomize/overlays/openshift/openshift-config/kustomization.yaml
Lines changed: 6 additions & 0 deletions b/‎openshift/kustomize/overlays/openshift/openshift-config/kustomization.yaml
Lines changed: 6 additions & 0 deletions
diff --git a/‎openshift/kustomize/overlays/openshift/openshift-config/rbac/operator-controller_manager_role.yaml
Lines changed: 17 additions & 0 deletions b/‎openshift/kustomize/overlays/openshift/openshift-config/rbac/operator-controller_manager_role.yaml
Lines changed: 17 additions & 0 deletions
diff --git a/‎openshift/kustomize/overlays/openshift/openshift-config/rbac/operator-controller_manager_role_binding.yaml
Lines changed: 15 additions & 0 deletions b/‎openshift/kustomize/overlays/openshift/openshift-config/rbac/operator-controller_manager_role_binding.yaml
Lines changed: 15 additions & 0 deletions
diff --git a/‎openshift/manifests/03-role-openshift-config-operator-controller-manager-role.yml
Lines changed: 18 additions & 0 deletions b/‎openshift/manifests/03-role-openshift-config-operator-controller-manager-role.yml
Lines changed: 18 additions & 0 deletions
diff --git a/‎openshift/manifests/03-role-openshift-operator-controller-operator-controller-leader-election-role.yml renamed to ‎openshift/manifests/04-role-openshift-operator-controller-operator-controller-leader-election-role.yml b/‎openshift/manifests/03-role-openshift-operator-controller-operator-controller-leader-election-role.yml renamed to ‎openshift/manifests/04-role-openshift-operator-controller-operator-controller-leader-election-role.yml
diff --git a/‎openshift/manifests/04-role-openshift-operator-controller-operator-controller-manager-role.yml renamed to ‎openshift/manifests/05-role-openshift-operator-controller-operator-controller-manager-role.yml b/‎openshift/manifests/04-role-openshift-operator-controller-operator-controller-manager-role.yml renamed to ‎openshift/manifests/05-role-openshift-operator-controller-operator-controller-manager-role.yml
diff --git a/‎openshift/manifests/05-clusterrole-operator-controller-clusterextension-editor-role.yml renamed to ‎openshift/manifests/06-clusterrole-operator-controller-clusterextension-editor-role.yml b/‎openshift/manifests/05-clusterrole-operator-controller-clusterextension-editor-role.yml renamed to ‎openshift/manifests/06-clusterrole-operator-controller-clusterextension-editor-role.yml
diff --git a/‎openshift/manifests/06-clusterrole-operator-controller-clusterextension-viewer-role.yml renamed to ‎openshift/manifests/07-clusterrole-operator-controller-clusterextension-viewer-role.yml b/‎openshift/manifests/06-clusterrole-operator-controller-clusterextension-viewer-role.yml renamed to ‎openshift/manifests/07-clusterrole-operator-controller-clusterextension-viewer-role.yml
diff --git a/‎openshift/manifests/07-clusterrole-operator-controller-extension-editor-role.yml renamed to ‎openshift/manifests/08-clusterrole-operator-controller-extension-editor-role.yml b/‎openshift/manifests/07-clusterrole-operator-controller-extension-editor-role.yml renamed to ‎openshift/manifests/08-clusterrole-operator-controller-extension-editor-role.yml
diff --git a/‎openshift/manifests/08-clusterrole-operator-controller-extension-viewer-role.yml renamed to ‎openshift/manifests/09-clusterrole-operator-controller-extension-viewer-role.yml b/‎openshift/manifests/08-clusterrole-operator-controller-extension-viewer-role.yml renamed to ‎openshift/manifests/09-clusterrole-operator-controller-extension-viewer-role.yml
diff --git a/‎openshift/manifests/09-clusterrole-operator-controller-manager-role.yml renamed to ‎openshift/manifests/10-clusterrole-operator-controller-manager-role.yml b/‎openshift/manifests/09-clusterrole-operator-controller-manager-role.yml renamed to ‎openshift/manifests/10-clusterrole-operator-controller-manager-role.yml
diff --git a/‎openshift/manifests/10-clusterrole-operator-controller-metrics-reader.yml renamed to ‎openshift/manifests/11-clusterrole-operator-controller-metrics-reader.yml b/‎openshift/manifests/10-clusterrole-operator-controller-metrics-reader.yml renamed to ‎openshift/manifests/11-clusterrole-operator-controller-metrics-reader.yml
diff --git a/‎openshift/manifests/11-clusterrole-operator-controller-proxy-role.yml renamed to ‎openshift/manifests/12-clusterrole-operator-controller-proxy-role.yml b/‎openshift/manifests/11-clusterrole-operator-controller-proxy-role.yml renamed to ‎openshift/manifests/12-clusterrole-operator-controller-proxy-role.yml
diff --git a/‎openshift/manifests/13-rolebinding-openshift-config-operator-controller-manager-rolebinding.yml
Lines changed: 17 additions & 0 deletions b/‎openshift/manifests/13-rolebinding-openshift-config-operator-controller-manager-rolebinding.yml
Lines changed: 17 additions & 0 deletions
diff --git a/‎openshift/manifests/12-rolebinding-openshift-operator-controller-operator-controller-leader-election-rolebinding.yml renamed to ‎openshift/manifests/14-rolebinding-openshift-operator-controller-operator-controller-leader-election-rolebinding.yml b/‎openshift/manifests/12-rolebinding-openshift-operator-controller-operator-controller-leader-election-rolebinding.yml renamed to ‎openshift/manifests/14-rolebinding-openshift-operator-controller-operator-controller-leader-election-rolebinding.yml
diff --git a/‎openshift/manifests/13-rolebinding-openshift-operator-controller-operator-controller-manager-rolebinding.yml renamed to ‎openshift/manifests/15-rolebinding-openshift-operator-controller-operator-controller-manager-rolebinding.yml b/‎openshift/manifests/13-rolebinding-openshift-operator-controller-operator-controller-manager-rolebinding.yml renamed to ‎openshift/manifests/15-rolebinding-openshift-operator-controller-operator-controller-manager-rolebinding.yml
diff --git a/‎openshift/manifests/14-clusterrolebinding-operator-controller-manager-rolebinding.yml renamed to ‎openshift/manifests/16-clusterrolebinding-operator-controller-manager-rolebinding.yml b/‎openshift/manifests/14-clusterrolebinding-operator-controller-manager-rolebinding.yml renamed to ‎openshift/manifests/16-clusterrolebinding-operator-controller-manager-rolebinding.yml
diff --git a/‎openshift/manifests/15-clusterrolebinding-operator-controller-proxy-rolebinding.yml renamed to ‎openshift/manifests/17-clusterrolebinding-operator-controller-proxy-rolebinding.yml b/‎openshift/manifests/15-clusterrolebinding-operator-controller-proxy-rolebinding.yml renamed to ‎openshift/manifests/17-clusterrolebinding-operator-controller-proxy-rolebinding.yml
diff --git a/‎openshift/manifests/16-configmap-openshift-operator-controller-operator-controller-openshift-ca.yml renamed to ‎openshift/manifests/18-configmap-openshift-operator-controller-operator-controller-openshift-ca.yml b/‎openshift/manifests/16-configmap-openshift-operator-controller-operator-controller-openshift-ca.yml renamed to ‎openshift/manifests/18-configmap-openshift-operator-controller-operator-controller-openshift-ca.yml
diff --git a/‎openshift/manifests/17-service-openshift-operator-controller-operator-controller-service.yml renamed to ‎openshift/manifests/19-service-openshift-operator-controller-operator-controller-service.yml b/‎openshift/manifests/17-service-openshift-operator-controller-operator-controller-service.yml renamed to ‎openshift/manifests/19-service-openshift-operator-controller-operator-controller-service.yml
diff --git a/‎openshift/manifests/18-deployment-openshift-operator-controller-operator-controller-controller-manager.yml renamed to ‎openshift/manifests/20-deployment-openshift-operator-controller-operator-controller-controller-manager.yml
Lines changed: 1 addition & 0 deletions b/‎openshift/manifests/18-deployment-openshift-operator-controller-operator-controller-controller-manager.yml renamed to ‎openshift/manifests/20-deployment-openshift-operator-controller-operator-controller-controller-manager.yml
Lines changed: 1 addition & 0 deletions
@@ -20,6 +20,19 @@ IMAGE_MAPPINGS[kube-rbac-proxy]='${KUBE_RBAC_PROXY_IMAGE}'
 # shellcheck disable=SC2016
 IMAGE_MAPPINGS[manager]='${OPERATOR_CONTROLLER_IMAGE}'
 
+# This is a mapping of catalogd flag names to values. For example, given a deployment with a container
+# named "manager" and arguments:
+# args:
+#  - --flagname=one
+# and an entry to the FLAG_MAPPINGS of FLAG_MAPPINGS[flagname]='two', the argument will be updated to:
+# args:
+#  - --flagname=two
+#
+# If the flag doesn't already exist - it will be appended to the list.
+declare -A FLAG_MAPPINGS
+# shellcheck disable=SC2016
+FLAG_MAPPINGS[global-pull-secret]="openshift-config/pull-secret"
+
 ##################################################
 # You shouldn't need to change anything below here
 ##################################################
@@ -60,6 +73,17 @@ for container_name in "${!IMAGE_MAPPINGS[@]}"; do
   $YQ -i 'select(.kind == "Namespace").metadata.annotations += {"workload.openshift.io/allowed": "management"}' "$TMP_KUSTOMIZE_OUTPUT"
 done
 
+# Loop through any flag updates that need to be made to the manager container
+for flag_name in "${!FLAG_MAPPINGS[@]}"; do
+  flagval="${FLAG_MAPPINGS[$flag_name]}"
+
+  # First, update the flag if it exists
+  $YQ -i "(select(.kind == \"Deployment\") | .spec.template.spec.containers[] | select(.name == \"manager\") | .args[] | select(. | contains(\"--$flag_name=\")) | .) = \"--$flag_name=$flagval\"" "$TMP_KUSTOMIZE_OUTPUT"
+
+  # Then, append the flag if it doesn't exist
+  $YQ -i "(select(.kind == \"Deployment\") | .spec.template.spec.containers[] | select(.name == \"manager\") | .args) |= (select(.[] | contains(\"--$flag_name=\")) | .) // . + [\"--$flag_name=$flagval\"]" "$TMP_KUSTOMIZE_OUTPUT"
+done
+
 # Use yq to split the single yaml file into 1 per document.
 # Naming convention: $index-$kind-$namespace-$name. If $namespace is empty, just use the empty string.
 (
@@ -103,4 +127,3 @@ cp "$TMP_MANIFEST_DIR"/* "$MANIFEST_DIR"/
     fi
   done
 )
-
 
@@ -1,29 +1,5 @@
-# Adds namespace to all resources.
-namespace: OPENSHIFT-NAMESPACE
-
 namePrefix: operator-controller-
 
 resources:
-  - resources/ca_configmap.yaml
-  - ../../../../config/base/crd
-  - ../../../../config/base/rbac
-  - ../../../../config/base/manager
-
-patches:
-  - target:
-      kind: ClusterRole
-      name: manager-role
-    path: patches/manager_role.yaml
-  - target:
-      kind: Deployment
-      name: controller-manager
-    path: patches/manager_deployment_ca.yaml
-  - target:
-      kind: Deployment
-      name: controller-manager
-    path: patches/manager_deployment_mount_etc_containers.yaml
-  - target:
-      kind: Deployment
-      name: controller-manager
-    path: patches/manager_deployment_log_verbosity.yaml
-  - path: patches/manager_namespace_privileged.yaml
+  - olmv1-ns
+  - openshift-config
@@ -0,0 +1,27 @@
+# Adds namespace to all resources.
+namespace: OPENSHIFT-NAMESPACE
+
+resources:
+  - resources/ca_configmap.yaml
+  - ../../../../../config/base/crd
+  - ../../../../../config/base/rbac
+  - ../../../../../config/base/manager
+
+patches:
+  - target:
+      kind: ClusterRole
+      name: manager-role
+    path: patches/manager_role.yaml
+  - target:
+      kind: Deployment
+      name: controller-manager
+    path: patches/manager_deployment_ca.yaml
+  - target:
+      kind: Deployment
+      name: controller-manager
+    path: patches/manager_deployment_mount_etc_containers.yaml
+  - target:
+      kind: Deployment
+      name: controller-manager
+    path: patches/manager_deployment_log_verbosity.yaml
+  - path: patches/manager_namespace_privileged.yaml
@@ -0,0 +1,6 @@
+# Adds namespace to all resources.
+namespace: openshift-config
+
+resources:
+- rbac/operator-controller_manager_role.yaml
+- rbac/operator-controller_manager_role_binding.yaml
@@ -0,0 +1,17 @@
+# permissions to do leader election.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/part-of: olm
+    app.kubernetes.io/name: catalogd
+  name: manager-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/part-of: olm
+    app.kubernetes.io/name: catalogd
+  name: manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: manager-role
+subjects:
+- kind: ServiceAccount
+  name: controller-manager
+  namespace: OPENSHIFT-NAMESPACE
@@ -0,0 +1,18 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/name: catalogd
+    app.kubernetes.io/part-of: olm
+  name: operator-controller-manager-role
+  namespace: openshift-config
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - get
+      - list
+      - watch
@@ -0,0 +1,17 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: catalogd
+    app.kubernetes.io/part-of: olm
+  name: operator-controller-manager-rolebinding
+  namespace: openshift-config
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: operator-controller-manager-role
+subjects:
+  - kind: ServiceAccount
+    name: operator-controller-controller-manager
+    namespace: openshift-operator-controller
@@ -45,6 +45,7 @@ spec:
             - --leader-elect
             - --ca-certs-dir=/var/certs
             - --v=${LOG_VERBOSITY}
+            - --global-pull-secret=openshift-config/pull-secret
           command:
             - /operator-controller
           image: ${OPERATOR_CONTROLLER_IMAGE}