operator-framework
diff --git a/‎Makefile
Lines changed: 2 additions & 2 deletions b/‎Makefile
Lines changed: 2 additions & 2 deletions
diff --git a/‎cmd/catalogd/main.go
Lines changed: 1 addition & 0 deletions b/‎cmd/catalogd/main.go
Lines changed: 1 addition & 0 deletions
diff --git a/‎config-new/components/cert-manager/catalogd_certificate.yaml
Lines changed: 2 additions & 2 deletions b/‎config-new/components/cert-manager/catalogd_certificate.yaml
Lines changed: 2 additions & 2 deletions
diff --git a/‎config-new/components/cert-manager/operator_controller_certificate.yaml
Lines changed: 2 additions & 2 deletions b/‎config-new/components/cert-manager/operator_controller_certificate.yaml
Lines changed: 2 additions & 2 deletions
diff --git a/‎config-new/components/cert-manager/patches/catalogd_deployment.yaml
Lines changed: 5 additions & 13 deletions b/‎config-new/components/cert-manager/patches/catalogd_deployment.yaml
Lines changed: 5 additions & 13 deletions
diff --git a/‎config-new/components/cert-manager/patches/operator_controller_deployment.yaml
Lines changed: 13 additions & 7 deletions b/‎config-new/components/cert-manager/patches/operator_controller_deployment.yaml
Lines changed: 13 additions & 7 deletions
diff --git a/‎config-new/components/e2e/cert-manager-namespace/e2e_cluster_issuer.yaml
Lines changed: 35 additions & 0 deletions b/‎config-new/components/e2e/cert-manager-namespace/e2e_cluster_issuer.yaml
Lines changed: 35 additions & 0 deletions
diff --git a/‎config-new/components/e2e/cert-manager-namespace/kustomization.yaml
Lines changed: 5 additions & 0 deletions b/‎config-new/components/e2e/cert-manager-namespace/kustomization.yaml
Lines changed: 5 additions & 0 deletions
diff --git a/‎config-new/components/e2e/coverage_copy_pod.yaml renamed to ‎config-new/components/e2e/install-namespace/coverage_copy_pod.yaml
Lines changed: 1 addition & 0 deletions b/‎config-new/components/e2e/coverage_copy_pod.yaml renamed to ‎config-new/components/e2e/install-namespace/coverage_copy_pod.yaml
Lines changed: 1 addition & 0 deletions
diff --git a/‎config-new/components/e2e/coverage_pvc.yaml renamed to ‎config-new/components/e2e/install-namespace/coverage_pvc.yaml
Lines changed: 1 addition & 0 deletions b/‎config-new/components/e2e/coverage_pvc.yaml renamed to ‎config-new/components/e2e/install-namespace/coverage_pvc.yaml
Lines changed: 1 addition & 0 deletions
diff --git a/‎config-new/components/e2e/install-namespace/e2e_dummy_cert.yaml
Lines changed: 15 additions & 0 deletions b/‎config-new/components/e2e/install-namespace/e2e_dummy_cert.yaml
Lines changed: 15 additions & 0 deletions
diff --git a/‎config-new/components/e2e/install-namespace/kustomization.yaml
Lines changed: 23 additions & 0 deletions b/‎config-new/components/e2e/install-namespace/kustomization.yaml
Lines changed: 23 additions & 0 deletions
diff --git a/‎config-new/components/e2e/install-namespace/patches/catalogd_deployment.yaml
Lines changed: 10 additions & 0 deletions b/‎config-new/components/e2e/install-namespace/patches/catalogd_deployment.yaml
Lines changed: 10 additions & 0 deletions
diff --git a/‎config-new/components/e2e/install-namespace/patches/operator_controller_deployment.yaml
Lines changed: 32 additions & 0 deletions b/‎config-new/components/e2e/install-namespace/patches/operator_controller_deployment.yaml
Lines changed: 32 additions & 0 deletions
diff --git a/‎config-new/components/e2e/registries_conf_configmap.yaml renamed to ‎config-new/components/e2e/install-namespace/registries_conf_configmap.yaml
Lines changed: 1 addition & 1 deletion b/‎config-new/components/e2e/registries_conf_configmap.yaml renamed to ‎config-new/components/e2e/install-namespace/registries_conf_configmap.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎config-new/components/e2e/kustomization.yaml
Lines changed: 0 additions & 10 deletions b/‎config-new/components/e2e/kustomization.yaml
Lines changed: 0 additions & 10 deletions
diff --git a/‎config-new/components/e2e/operator_controller_deployment.yaml
Lines changed: 0 additions & 25 deletions b/‎config-new/components/e2e/operator_controller_deployment.yaml
Lines changed: 0 additions & 25 deletions
diff --git a/‎config-new/components/e2e/registry-namespace/certificate.yaml
Lines changed: 18 additions & 0 deletions b/‎config-new/components/e2e/registry-namespace/certificate.yaml
Lines changed: 18 additions & 0 deletions
diff --git a/‎config-new/components/e2e/registry-namespace/deployment.yaml
Lines changed: 35 additions & 0 deletions b/‎config-new/components/e2e/registry-namespace/deployment.yaml
Lines changed: 35 additions & 0 deletions
diff --git a/‎config-new/components/e2e/registry-namespace/kustomization.yaml
Lines changed: 8 additions & 0 deletions b/‎config-new/components/e2e/registry-namespace/kustomization.yaml
Lines changed: 8 additions & 0 deletions
diff --git a/‎config-new/components/e2e/registry-namespace/namespace.yaml
Lines changed: 4 additions & 0 deletions b/‎config-new/components/e2e/registry-namespace/namespace.yaml
Lines changed: 4 additions & 0 deletions
diff --git a/‎config-new/components/e2e/registry-namespace/service.yaml
Lines changed: 14 additions & 0 deletions b/‎config-new/components/e2e/registry-namespace/service.yaml
Lines changed: 14 additions & 0 deletions
diff --git a/‎config-new/components/community-namespace/kustomization.yaml renamed to ‎config-new/components/olmv1-system-namespace/kustomization.yaml b/‎config-new/components/community-namespace/kustomization.yaml renamed to ‎config-new/components/olmv1-system-namespace/kustomization.yaml
diff --git a/‎config-new/components/community-namespace/namespace-replacements.yaml renamed to ‎config-new/components/olmv1-system-namespace/namespace-replacements.yaml b/‎config-new/components/community-namespace/namespace-replacements.yaml renamed to ‎config-new/components/olmv1-system-namespace/namespace-replacements.yaml
diff --git a/‎config-new/components/community-namespace/namespace.yaml renamed to ‎config-new/components/olmv1-system-namespace/namespace.yaml b/‎config-new/components/community-namespace/namespace.yaml renamed to ‎config-new/components/olmv1-system-namespace/namespace.yaml
@@ -244,7 +244,6 @@ E2E_REGISTRY_IMAGE=localhost/e2e-test-registry:devel
 image-registry: export GOOS=linux
 image-registry: export GOARCH=amd64
 image-registry: ## Build the testdata catalog used for e2e tests and push it to the image registry
-	go build $(GO_BUILD_FLAGS) $(GO_BUILD_EXTRA_FLAGS) -tags '$(GO_BUILD_TAGS)' -ldflags '$(GO_BUILD_LDFLAGS)' -gcflags '$(GO_BUILD_GCFLAGS)' -asmflags '$(GO_BUILD_ASMFLAGS)' -o ./testdata/registry/bin/registry ./testdata/registry/registry.go
 	go build $(GO_BUILD_FLAGS) $(GO_BUILD_EXTRA_FLAGS) -tags '$(GO_BUILD_TAGS)' -ldflags '$(GO_BUILD_LDFLAGS)' -gcflags '$(GO_BUILD_GCFLAGS)' -asmflags '$(GO_BUILD_ASMFLAGS)' -o ./testdata/push/bin/push         ./testdata/push/push.go
 	$(CONTAINER_RUNTIME) build -f ./testdata/Dockerfile -t $(E2E_REGISTRY_IMAGE) ./testdata
 	$(CONTAINER_RUNTIME) save $(E2E_REGISTRY_IMAGE) | $(KIND) load image-archive /dev/stdin --name $(KIND_CLUSTER_NAME)
@@ -263,6 +262,7 @@ test-e2e: run image-registry e2e e2e-coverage kind-clean #HELP Run e2e test suit
 
 .PHONY: extension-developer-e2e
 extension-developer-e2e: KIND_CLUSTER_NAME := operator-controller-ext-dev-e2e
+extension-developer-e2e: KUSTOMIZE_BUILD_DIR := config-new/overlays/community-e2e
 extension-developer-e2e: export INSTALL_DEFAULT_CATALOGS := false
 extension-developer-e2e: run image-registry test-ext-dev-e2e kind-clean #EXHELP Run extension-developer e2e on local kind cluster
 
@@ -356,7 +356,7 @@ run: docker-build kind-cluster kind-load kind-deploy wait #HELP Build the operat
 CATD_NAMESPACE := olmv1-system
 wait:
 	kubectl wait --for=condition=Available --namespace=$(CATD_NAMESPACE) deployment/catalogd-controller-manager --timeout=60s
-	kubectl wait --for=condition=Ready --namespace=$(CATD_NAMESPACE) certificate/catalogd-service-cert # Avoid upgrade test flakes when reissuing cert
+	kubectl wait --for=condition=Ready --namespace=$(CATD_NAMESPACE) certificate/catalogd-cert # Avoid upgrade test flakes when reissuing cert
 
 .PHONY: docker-build
 docker-build: build-linux #EXHELP Build docker image for operator-controller and catalog with GOOS=linux and local GOARCH.
 
@@ -199,6 +199,7 @@ func run(ctx context.Context) error {
 	}
 	cfg.externalAddr = protocol + cfg.externalAddr
 
+	setupLog.Info("server certificate", "cert", cfg.certFile, "key", cfg.keyFile)
 	cw, err := certwatcher.New(cfg.certFile, cfg.keyFile)
 	if err != nil {
 		setupLog.Error(err, "failed to initialize certificate watcher")
 
@@ -1,10 +1,10 @@
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: catalogd-service-cert
+  name: catalogd-cert
   namespace: __NAMESPACE_PLACEHOLDER__
 spec:
-  secretName: catalogd-service-cert-${VERSION}
+  secretName: catalogd-cert-${VERSION}
   dnsNames:
     - catalogd-service.__NAMESPACE_PLACEHOLDER__.svc
     - catalogd-service.__NAMESPACE_PLACEHOLDER__.svc.cluster.local
 
@@ -1,9 +1,9 @@
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: olmv1-cert
+  name: operator-controller-cert
 spec:
-  secretName: olmv1-cert
+  secretName: operator-controller-cert
   dnsNames:
     - operator-controller-service.__NAMESPACE_PLACEHOLDER__.svc
     - operator-controller-service.__NAMESPACE_PLACEHOLDER__.svc.cluster.local
 
@@ -1,21 +1,13 @@
+# operator-controller's server cert (e.g. for serving the catalogd API and prometheus metrics)
 - op: add
   path: /spec/template/spec/volumes/-
-  value: {"name":"olmv1-certificate", "secret":{"secretName":"catalogd-service-cert-${VERSION}", "optional": false, "items": [{"key": "ca.crt", "path": "olm-ca.crt"}]}}
+  value: {"name":"server-cert","secret":{"secretName":"catalogd-cert-${VERSION}","optional":false,"items":[{"key":"tls.crt","path":"tls.crt"},{"key":"tls.key","path":"tls.key"}]}}
 - op: add
   path: /spec/template/spec/containers/0/volumeMounts/-
-  value: {"name":"olmv1-certificate", "readOnly": true, "mountPath":"/var/ca-certs/"}
+  value: {"name":"server-cert","mountPath":"/var/server-cert"}
 - op: add
   path: /spec/template/spec/containers/0/args/-
-  value: "--pull-cas-dir=/var/ca-certs"
-- op: add
-  path: /spec/template/spec/volumes/-
-  value: {"name":"catalogserver-certs", "secret":{"secretName":"catalogd-service-cert-${VERSION}"}}
-- op: add
-  path: /spec/template/spec/containers/0/volumeMounts/-
-  value: {"name":"catalogserver-certs", "mountPath":"/var/certs"}
-- op: add
-  path: /spec/template/spec/containers/0/args/-
-  value: "--tls-cert=/var/certs/tls.crt"
+  value: "--tls-cert=/var/server-cert/tls.crt"
 - op: add
   path: /spec/template/spec/containers/0/args/-
-  value: "--tls-key=/var/certs/tls.key"
+  value: "--tls-key=/var/server-cert/tls.key"
@@ -1,18 +1,24 @@
+# operator-controller's server cert (e.g. for serving prometheus metrics)
 - op: add
   path: /spec/template/spec/volumes/-
-  value: {"name":"olmv1-certificate", "secret":{"secretName":"olmv1-cert", "optional": false, "items": [{"key": "ca.crt", "path": "olm-ca.crt"}, {"key": "tls.crt", "path": "tls.cert"}, {"key": "tls.key", "path": "tls.key"}]}}
+  value: {"name":"server-cert", "secret":{"secretName":"operator-controller-cert", "optional": false, "items": [{"key": "tls.crt", "path": "tls.cert"}, {"key": "tls.key", "path": "tls.key"}]}}
 - op: add
   path: /spec/template/spec/containers/0/volumeMounts/-
-  value: {"name":"olmv1-certificate", "readOnly": true, "mountPath":"/var/certs/"}
+  value: {"name":"server-cert", "readOnly": true, "mountPath":"/var/certs/server-cert"}
 - op: add
   path: /spec/template/spec/containers/0/args/-
-  value: "--catalogd-cas-dir=/var/certs"
+  value: "--tls-cert=/var/certs/server-cert/tls.cert"
 - op: add
   path: /spec/template/spec/containers/0/args/-
-  value: "--pull-cas-dir=/var/certs"
+  value: "--tls-key=/var/certs/server-cert/tls.key"
+
+# catalogd CA, so that operator-controller's http client can verify catalogd's server cert
 - op: add
-  path: /spec/template/spec/containers/0/args/-
-  value: "--tls-cert=/var/certs/tls.cert"
+  path: /spec/template/spec/volumes/-
+  value: {"name":"catalogd-ca", "secret":{"secretName":"catalogd-cert-${VERSION}", "optional": false, "items":[{"key": "ca.crt", "path": "ca.crt"}]}}
+- op: add
+  path: /spec/template/spec/containers/0/volumeMounts/-
+  value: {"name":"catalogd-ca", "readOnly": true, "mountPath":"/var/certs/catalogd-ca"}
 - op: add
   path: /spec/template/spec/containers/0/args/-
-  value: "--tls-key=/var/certs/tls.key"
+  value: "--catalogd-cas-dir=/var/certs/catalogd-ca"
@@ -0,0 +1,35 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: e2e-self-sign-issuer
+  namespace: cert-manager
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: e2e-ca
+  namespace: cert-manager
+spec:
+  isCA: true
+  commonName: e2e-ca
+  secretName: e2e-ca
+  secretTemplate:
+    annotations:
+      cert-manager.io/allow-direct-injection: "true"
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  issuerRef:
+    name: e2e-self-sign-issuer
+    kind: Issuer
+    group: cert-manager.io
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: e2e-ca
+spec:
+  ca:
+    secretName: e2e-ca
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+resources:
+  - e2e_cluster_issuer.yaml
@@ -2,6 +2,7 @@ apiVersion: v1
 kind: Pod
 metadata:
   name: e2e-coverage-copy-pod
+  namespace: olmv1-system
 spec:
   restartPolicy: Never
   securityContext:
 
@@ -2,6 +2,7 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: e2e-coverage
+  namespace: olmv1-system
 spec:
   accessModes:
     - ReadWriteOnce
 
@@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: e2e-dummy-cert
+  namespace: olmv1-system
+spec:
+  secretName: e2e-dummy-cert
+  commonName: e2e-dummy-cert
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  issuerRef:
+    kind: ClusterIssuer
+    group: cert-manager.io
+    name: e2e-ca
@@ -0,0 +1,23 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+resources:
+  - coverage_pvc.yaml
+  - coverage_copy_pod.yaml
+  - registries_conf_configmap.yaml
+  - e2e_dummy_cert.yaml
+
+patches:
+  - target:
+      group: apps
+      version: v1
+      kind: Deployment
+      labelSelector: control-plane=operator-controller-controller-manager
+    path: patches/operator_controller_deployment.yaml
+
+  - target:
+      group: apps
+      version: v1
+      kind: Deployment
+      labelSelector: control-plane=catalogd-controller-manager
+    path: patches/catalogd_deployment.yaml
@@ -0,0 +1,10 @@
+# Use the e2e-ca so that catalogd can communicate with the e2e registry.
+- op: add
+  path: /spec/template/spec/volumes/-
+  value: {"name":"e2e-registry-ca", "secret":{"secretName":"e2e-dummy-cert", "optional": false, "items":[{"key": "ca.crt", "path": "ca.crt"}]}}
+- op: add
+  path: /spec/template/spec/containers/0/volumeMounts/-
+  value: {"name":"e2e-registry-ca", "readOnly": true, "mountPath":"/var/certs/e2e-registry-ca"}
+- op: add
+  path: /spec/template/spec/containers/0/args/-
+  value: "--pull-cas-dir=/var/certs/e2e-registry-ca"
@@ -0,0 +1,32 @@
+# Use the e2e-ca so that operator-controller can communicate with the e2e registry.
+- op: add
+  path: /spec/template/spec/volumes/-
+  value: {"name":"e2e-registry-ca", "secret":{"secretName":"e2e-dummy-cert", "optional": false, "items":[{"key": "ca.crt", "path": "ca.crt"}]}}
+- op: add
+  path: /spec/template/spec/containers/0/volumeMounts/-
+  value: {"name":"e2e-registry-ca", "readOnly": true, "mountPath":"/var/certs/e2e-registry-ca"}
+- op: add
+  path: /spec/template/spec/containers/0/args/-
+  value: "--pull-cas-dir=/var/certs/e2e-registry-ca"
+
+# Setup a custom /etc/containers/registries.conf file, used to verify containers/image integration in e2e tests.
+- op: add
+  path: /spec/template/spec/volumes/-
+  value: {"name":"e2e-registries-conf", "configMap":{"name":"e2e-registries-conf"}}
+- op: add
+  path: /spec/template/spec/containers/0/volumeMounts/-
+  value: {"name":"e2e-registries-conf", "readOnly": true, "mountPath":"/etc/containers"}
+
+# Setup e2e code coverage
+- op: add
+  path: /spec/template/spec/containers/0/env
+  value: []
+- op: add
+  path: /spec/template/spec/containers/0/env/-
+  value: {"name":"GOCOVERDIR","value":"/e2e-coverage"}
+- op: add
+  path: /spec/template/spec/volumes/-
+  value: {"name":"e2e-coverage-volume", "persistentVolumeClaim":{"claimName":"e2e-coverage"}}
+- op: add
+  path: /spec/template/spec/containers/0/volumeMounts/-
+  value: {"name":"e2e-coverage-volume", "mountPath":"/e2e-coverage"}
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: e2e-registries-conf
-  namespace: __NAMESPACE_PLACEHOLDER__
+  namespace: olmv1-system
 data:
   registries.conf: |
     [[registry]]
 
@@ -0,0 +1,18 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: operator-controller-e2e-registry
+  namespace: operator-controller-e2e
+spec:
+  secretName: operator-controller-e2e-registry
+  isCA: true
+  dnsNames:
+    - docker-registry.operator-controller-e2e.svc
+    - docker-registry.operator-controller-e2e.svc.cluster.local
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  issuerRef:
+    name: e2e-ca
+    kind: ClusterIssuer
+    group: cert-manager.io
@@ -0,0 +1,35 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: docker-registry
+  namespace: operator-controller-e2e
+  labels:
+    app: registry
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: registry
+  template:
+    metadata:
+      labels:
+        app: registry
+    spec:
+      containers:
+        - name: registry
+          image: registry:3
+          imagePullPolicy: IfNotPresent
+          volumeMounts:
+            - name: certs-vol
+              mountPath: "/certs"
+          env:
+            - name: REGISTRY_HTTP_ADDR
+              value: ":5000"
+            - name: REGISTRY_HTTP_TLS_CERTIFICATE
+              value: "/certs/tls.crt"
+            - name: REGISTRY_HTTP_TLS_KEY
+              value: "/certs/tls.key"
+      volumes:
+        - name: certs-vol
+          secret:
+            secretName: operator-controller-e2e-registry
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+resources:
+  - namespace.yaml
+  - certificate.yaml
+  - deployment.yaml
+  - service.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: operator-controller-e2e
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: docker-registry
+  namespace: operator-controller-e2e
+spec:
+  selector:
+    app: registry
+  ports:
+    - name: http
+      port: 5000
+      targetPort: 5000
+      nodePort: 30000
+  type: NodePort
Original file line number	Diff line number	Diff line change
`@@ -199,6 +199,7 @@ func run(ctx context.Context) error {`
`199`	`199`	`}`
`200`	`200`	`cfg.externalAddr = protocol + cfg.externalAddr`
`201`	`201`
	`202`	`+ setupLog.Info("server certificate", "cert", cfg.certFile, "key", cfg.keyFile)`
`202`	`203`	`cw, err := certwatcher.New(cfg.certFile, cfg.keyFile)`
`203`	`204`	`if err != nil {`
`204`	`205`	`setupLog.Error(err, "failed to initialize certificate watcher")`