diff --git a/.github/workflows/olm_tests.yaml b/.github/workflows/olm_tests.yaml index 787f3ac5..5a1528ad 100644 --- a/.github/workflows/olm_tests.yaml +++ b/.github/workflows/olm_tests.yaml @@ -58,7 +58,7 @@ jobs: echo "Waiting for operator deployment"; \ sleep 2; \ done - kubectl -n mygatekeeper wait deployment/gatekeeper-operator-controller --for condition=Available --timeout=90s + kubectl -n mygatekeeper wait pod -l olm.catalogSource=gatekeeper-operator --for condition=ready --timeout=300s - name: E2E Tests run: | diff --git a/Makefile b/Makefile index 3ce72d53..b29f0e0b 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,7 @@ VERSION ?= 3.11.1 # Replaces Operator version # Set this when when there is a new patch release in the channel. -REPLACES_VERSION ?= 0.2.6 +REPLACES_VERSION ?="none" LOCAL_BIN ?= $(PWD)/ci-tools/bin export PATH := $(LOCAL_BIN):$(PATH) @@ -21,6 +21,8 @@ ifeq ($(GOOS), darwin) SED="gsed" endif +OPERATOR_NAME=gatekeeper-operator + get-replaces-version: @echo $(REPLACES_VERSION) @@ -109,7 +111,7 @@ ENVTEST = $(LOCAL_BIN)/setup-envtest GO_BINDATA = $(LOCAL_BIN)/go-bindata GINKGO = $(LOCAL_BIN)/ginkgo KUSTOMIZE_VERSION ?= v5.0.1 -OPM_VERSION ?= v1.27.0 +OPM_VERSION ?= v1.31.0 GO_BINDATA_VERSION ?= v3.1.2+incompatible BATS_VERSION ?= 1.2.1 OLM_VERSION ?= v0.25.0 @@ -308,12 +310,13 @@ bundle: operator-sdk manifests kustomize ## Generate bundle manifests and metada $(SED) -i '/^ createdAt:.*/d' bundle/manifests/gatekeeper-operator.clusterserviceversion.yaml $(SED) -i 's/$(CHANNELS)/"$(CHANNELS)"/g' bundle/metadata/annotations.yaml $(SED) -i 's/^ olm.skipRange:.*/ olm.skipRange: "<$(shell echo $(VERSION) | cut -d '.' -f 1-2).0"/' bundle/manifests/gatekeeper-operator.clusterserviceversion.yaml - ifneq ($(REPLACES_VERSION), none) - $(SED) -i 's/^ replaces:.*/ replaces: gatekeeper-operator.v$(REPLACES_VERSION)/' bundle/manifests/gatekeeper-operator.clusterserviceversion.yaml - else - $(SED) -i 's/^ replaces:.*/ # replaces: none/' bundle/manifests/gatekeeper-operator.clusterserviceversion.yaml - endif - $(OPERATOR_SDK) bundle validate ./bundle + # ifneq ($(REPLACES_VERSION), none) + # $(SED) -i 's/^ replaces:.*/ replaces: gatekeeper-operator.v$(REPLACES_VERSION)/' bundle/manifests/gatekeeper-operator.clusterserviceversion.yaml + # else + # $(SED) -i 's/^ replaces:.*/ # replaces: none/' bundle/manifests/gatekeeper-operator.clusterserviceversion.yaml + # endif + $(SED) -i 's/^ replaces:.*/ # replaces: none/' bundle/manifests/gatekeeper-operator.clusterserviceversion.yaml + $(OPERATOR_SDK) bundle validate ./bundle # Requires running cluster (for example through 'make test-cluster') .PHONY: scorecard @@ -357,20 +360,34 @@ import-manifests: kustomize fi cd $(GATEKEEPER_MANIFEST_DIR) && $(KUSTOMIZE) edit add resource *.yaml - +tt: + $(OPM) index add --bundles $(BUNDLE_IMG) --tag $(BUNDLE_INDEX_IMG) -c $(DOCKER) # Build the bundle index image. .PHONY: bundle-index-build bundle-index-build: opm -ifneq ($(REPLACES_VERSION), none) - $(OPM) index add --bundles $(BUNDLE_IMG) --from-index $(PREV_BUNDLE_INDEX_IMG) --tag $(BUNDLE_INDEX_IMG) -c $(DOCKER) -else - $(OPM) index add --bundles $(BUNDLE_IMG) --tag $(BUNDLE_INDEX_IMG) -c $(DOCKER) -endif + $(OPM) index add --use-http --bundles $(BUNDLE_IMG) --tag $(BUNDLE_INDEX_IMG) -c $(DOCKER) + $(OPM) migrate $(BUNDLE_INDEX_IMG) catalog_dir --use-http --skip-tls-verify + #-rm catalog_dir.dockerfile + $(OPM) generate dockerfile catalog_dir --binary-image registry.redhat.io/openshift4/ose-operator-registry:v4.14 + #$(OPM) init $(OPERATOR_NAME) --default-channel=stable --description=./README.md --output --icon=./gatekeeper_logo.svg --output yaml > catalog_dir/index.yaml + #$(OPM) render $(BUNDLE_IMG) --output=yaml >> catalog_dir/index.yaml --use-http + $(DOCKER) build . -f catalog_dir.Dockerfile -t $(BUNDLE_INDEX_IMG) +# ifneq ($(REPLACES_VERSION), none) +# $(OPM) index add --bundles $(BUNDLE_IMG) --from-index $(PREV_BUNDLE_INDEX_IMG) --tag $(BUNDLE_INDEX_IMG) -c $(DOCKER) +# $(OPM) migrate $(BUNDLE_INDEX_IMG) catalog_dir +# #-rm catalog_dir.dockerfile +# -$(OPM) generate dockerfile catalog_dir --binary-image registry.redhat.io/openshift4/ose-operator-registry:v4.14 +# #$(OPM) init $(OPERATOR_NAME) --default-channel=stable --description=./README.md --output --icon=./gatekeeper_logo.svg --output yaml > catalog_dir/index.yaml +# #$(OPM) render $(BUNDLE_IMG) --output=yaml >> catalog_dir/index.yaml --use-http +# $(DOCKER) build . -f catalog_dir.Dockerfile -t $(BUNDLE_INDEX_IMG) +# else +# $(OPM) index add --bundles $(BUNDLE_IMG) --tag $(BUNDLE_INDEX_IMG) -c $(DOCKER) +# endif # Generate and push bundle image and bundle index image # Note: OPERATOR_VERSION is an arbitrary number and does not need to match any official versions .PHONY: build-and-push-bundle-images -build-and-push-bundle-images: docker-build docker-push +build-and-push-bundle-images: #docker-build docker-push $(MAKE) bundle VERSION=$(OPERATOR_VERSION) $(MAKE) bundle-build $(MAKE) docker-push IMG=$(BUNDLE_IMG) diff --git a/bundle/manifests/gatekeeper-operator.clusterserviceversion.yaml b/bundle/manifests/gatekeeper-operator.clusterserviceversion.yaml index da5d808b..a303adde 100644 --- a/bundle/manifests/gatekeeper-operator.clusterserviceversion.yaml +++ b/bundle/manifests/gatekeeper-operator.clusterserviceversion.yaml @@ -516,5 +516,5 @@ spec: relatedImages: - image: openpolicyagent/gatekeeper:v3.11.1 name: gatekeeper - replaces: gatekeeper-operator.v0.2.6 + # replaces: none version: "3.11.1" diff --git a/config/olm-install/install-resources.yaml b/config/olm-install/install-resources.yaml index ce281abb..2d6546f8 100644 --- a/config/olm-install/install-resources.yaml +++ b/config/olm-install/install-resources.yaml @@ -2,16 +2,22 @@ apiVersion: v1 kind: Namespace metadata: - name: mygatekeeper + name: gatekeeper-system + labels: + pod-security.kubernetes.io/audit: baseline + pod-security.kubernetes.io/audit-version: latest + pod-security.kubernetes.io/enforce: baseline + pod-security.kubernetes.io/warn: baseline + pod-security.kubernetes.io/warn-version: latest --- apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: gatekeeper-operator - namespace: mygatekeeper + namespace: gatekeeper-system spec: displayName: Gatekeeper Operator Upstream - image: 'quay.io/gatekeeper/gatekeeper-operator-bundle-index:latest' + image: 'quay.io/yikim/gatekeeper-operator-bundle-index:v3.11.1' publisher: github.com/gatekeeper/gatekeeper-operator sourceType: grpc --- @@ -19,15 +25,15 @@ apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: gatekeeper-operator - namespace: mygatekeeper + namespace: gatekeeper-system --- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: gatekeeper-operator-sub - namespace: mygatekeeper + namespace: gatekeeper-system spec: name: gatekeeper-operator - channel: "3.11" + channel: stable source: gatekeeper-operator - sourceNamespace: mygatekeeper + sourceNamespace: gatekeeper-system diff --git a/gatekeeper_logo.svg b/gatekeeper_logo.svg new file mode 100644 index 00000000..c65ec359 --- /dev/null +++ b/gatekeeper_logo.svg @@ -0,0 +1 @@ + \ No newline at end of file