Change to file-based catalog image

.github/workflows/olm_tests.yaml

@@ -58,7 +58,7 @@ jobs:
           echo "Waiting for operator deployment"; \
           sleep 2; \
         done
-        kubectl -n mygatekeeper wait deployment/gatekeeper-operator-controller --for condition=Available --timeout=90s
+        kubectl -n mygatekeeper wait pod -l olm.catalogSource=gatekeeper-operator --for condition=ready --timeout=300s
 
     - name: E2E Tests
       run: |

Makefile

@@ -6,7 +6,7 @@
 VERSION ?= 3.11.1
 # Replaces Operator version
 # Set this when when there is a new patch release in the channel.
-REPLACES_VERSION ?= 0.2.6
+REPLACES_VERSION ?="none"
 
 LOCAL_BIN ?= $(PWD)/ci-tools/bin
 export PATH := $(LOCAL_BIN):$(PATH)
@@ -21,6 +21,8 @@ ifeq ($(GOOS), darwin)
   SED="gsed"
 endif
 
+OPERATOR_NAME=gatekeeper-operator
+
 get-replaces-version:
 	@echo $(REPLACES_VERSION)
 
@@ -109,7 +111,7 @@ ENVTEST = $(LOCAL_BIN)/setup-envtest
 GO_BINDATA = $(LOCAL_BIN)/go-bindata
 GINKGO = $(LOCAL_BIN)/ginkgo
 KUSTOMIZE_VERSION ?= v5.0.1
-OPM_VERSION ?= v1.27.0
+OPM_VERSION ?= v1.31.0
 GO_BINDATA_VERSION ?= v3.1.2+incompatible
 BATS_VERSION ?= 1.2.1
 OLM_VERSION ?= v0.25.0
@@ -308,12 +310,13 @@ bundle: operator-sdk manifests kustomize ## Generate bundle manifests and metada
 	$(SED) -i '/^    createdAt:.*/d' bundle/manifests/gatekeeper-operator.clusterserviceversion.yaml
 	$(SED) -i 's/$(CHANNELS)/"$(CHANNELS)"/g' bundle/metadata/annotations.yaml
 	$(SED) -i 's/^    olm.skipRange:.*/    olm.skipRange: "<$(shell echo $(VERSION) | cut -d '.' -f 1-2).0"/' bundle/manifests/gatekeeper-operator.clusterserviceversion.yaml
-  ifneq ($(REPLACES_VERSION), none)
-	  $(SED) -i 's/^  replaces:.*/  replaces: gatekeeper-operator.v$(REPLACES_VERSION)/' bundle/manifests/gatekeeper-operator.clusterserviceversion.yaml
-  else
-	  $(SED) -i 's/^  replaces:.*/  # replaces: none/' bundle/manifests/gatekeeper-operator.clusterserviceversion.yaml
-  endif
-	$(OPERATOR_SDK) bundle validate ./bundle
+	# ifneq ($(REPLACES_VERSION), none)
+	# 	$(SED) -i 's/^  replaces:.*/  replaces: gatekeeper-operator.v$(REPLACES_VERSION)/' bundle/manifests/gatekeeper-operator.clusterserviceversion.yaml
+	# else
+	# 	$(SED) -i 's/^  replaces:.*/  # replaces: none/' bundle/manifests/gatekeeper-operator.clusterserviceversion.yaml
+	# endif
+	$(SED) -i 's/^  replaces:.*/  # replaces: none/' bundle/manifests/gatekeeper-operator.clusterserviceversion.yaml
+		$(OPERATOR_SDK) bundle validate ./bundle
 
 # Requires running cluster (for example through 'make test-cluster')
 .PHONY: scorecard
@@ -357,20 +360,34 @@ import-manifests: kustomize
 	fi
 
 	cd $(GATEKEEPER_MANIFEST_DIR) && $(KUSTOMIZE) edit add resource *.yaml
-
+tt:
+	$(OPM) index add --bundles $(BUNDLE_IMG) --tag $(BUNDLE_INDEX_IMG) -c $(DOCKER)
 # Build the bundle index image.
 .PHONY: bundle-index-build
 bundle-index-build: opm
-ifneq ($(REPLACES_VERSION), none)
-	$(OPM) index add --bundles $(BUNDLE_IMG) --from-index $(PREV_BUNDLE_INDEX_IMG) --tag $(BUNDLE_INDEX_IMG) -c $(DOCKER)
-else
-	$(OPM) index add --bundles $(BUNDLE_IMG) --tag $(BUNDLE_INDEX_IMG) -c $(DOCKER)
-endif
+	$(OPM) index add  --use-http --bundles $(BUNDLE_IMG) --tag $(BUNDLE_INDEX_IMG) -c $(DOCKER)   
+	$(OPM) migrate $(BUNDLE_INDEX_IMG) catalog_dir --use-http --skip-tls-verify
+	#-rm catalog_dir.dockerfile 
+	$(OPM) generate dockerfile catalog_dir --binary-image registry.redhat.io/openshift4/ose-operator-registry:v4.14
+	#$(OPM) init $(OPERATOR_NAME) --default-channel=stable --description=./README.md --output --icon=./gatekeeper_logo.svg  --output yaml > catalog_dir/index.yaml
+	#$(OPM) render $(BUNDLE_IMG)  --output=yaml >> catalog_dir/index.yaml --use-http
+	$(DOCKER) build . -f catalog_dir.Dockerfile -t $(BUNDLE_INDEX_IMG)
+# ifneq ($(REPLACES_VERSION), none)
+#     $(OPM) index add --bundles $(BUNDLE_IMG) --from-index $(PREV_BUNDLE_INDEX_IMG) --tag $(BUNDLE_INDEX_IMG) -c $(DOCKER)
+# 	$(OPM) migrate $(BUNDLE_INDEX_IMG) catalog_dir
+# 	#-rm catalog_dir.dockerfile 
+# 	-$(OPM) generate dockerfile catalog_dir --binary-image registry.redhat.io/openshift4/ose-operator-registry:v4.14
+# 	#$(OPM) init $(OPERATOR_NAME) --default-channel=stable --description=./README.md --output --icon=./gatekeeper_logo.svg  --output yaml > catalog_dir/index.yaml
+# 	#$(OPM) render $(BUNDLE_IMG)  --output=yaml >> catalog_dir/index.yaml --use-http
+# 	$(DOCKER) build . -f catalog_dir.Dockerfile -t $(BUNDLE_INDEX_IMG)
+# else
+# 	$(OPM) index add --bundles $(BUNDLE_IMG) --tag $(BUNDLE_INDEX_IMG) -c $(DOCKER)
+# endif
 
 # Generate and push bundle image and bundle index image
 # Note: OPERATOR_VERSION is an arbitrary number and does not need to match any official versions
 .PHONY: build-and-push-bundle-images
-build-and-push-bundle-images: docker-build docker-push
+build-and-push-bundle-images: #docker-build docker-push
 	$(MAKE) bundle VERSION=$(OPERATOR_VERSION)
 	$(MAKE) bundle-build
 	$(MAKE) docker-push IMG=$(BUNDLE_IMG)

bundle/manifests/gatekeeper-operator.clusterserviceversion.yaml

@@ -516,5 +516,5 @@ spec:
   relatedImages:
   - image: openpolicyagent/gatekeeper:v3.11.1
     name: gatekeeper
-  replaces: gatekeeper-operator.v0.2.6
+  # replaces: none
   version: "3.11.1"

config/olm-install/install-resources.yaml

@@ -2,32 +2,38 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: mygatekeeper
+  name: gatekeeper-system
+  labels:
+    pod-security.kubernetes.io/audit: baseline
+    pod-security.kubernetes.io/audit-version: latest
+    pod-security.kubernetes.io/enforce: baseline
+    pod-security.kubernetes.io/warn: baseline
+    pod-security.kubernetes.io/warn-version: latest
 ---
 apiVersion: operators.coreos.com/v1alpha1
 kind: CatalogSource
 metadata:
   name: gatekeeper-operator
-  namespace: mygatekeeper
+  namespace: gatekeeper-system
 spec:
   displayName: Gatekeeper Operator Upstream
-  image: 'quay.io/gatekeeper/gatekeeper-operator-bundle-index:latest'
+  image: 'quay.io/yikim/gatekeeper-operator-bundle-index:v3.11.1'
   publisher: github.com/gatekeeper/gatekeeper-operator
   sourceType: grpc
 ---
 apiVersion: operators.coreos.com/v1
 kind: OperatorGroup
 metadata:
   name: gatekeeper-operator
-  namespace: mygatekeeper
+  namespace: gatekeeper-system
 ---
 apiVersion: operators.coreos.com/v1alpha1
 kind: Subscription
 metadata:
   name: gatekeeper-operator-sub
-  namespace: mygatekeeper
+  namespace: gatekeeper-system
 spec:
   name: gatekeeper-operator
-  channel: "3.11"
+  channel: stable
   source: gatekeeper-operator
-  sourceNamespace: mygatekeeper
+  sourceNamespace: gatekeeper-system