From c68699bef13c23f389da06a6d0d3be94990310e2 Mon Sep 17 00:00:00 2001
From: Paul Abel
Date: Thu, 8 Aug 2024 15:35:55 +0100
Subject: [PATCH 1/2] allow customer to set kube-rbac-proxy image
---
Makefile | 8 ++++++++
config/default/kustomization.yaml | 4 ++++
config/default/manager_auth_proxy_patch.yaml | 2 +-
config/manifests/bases/kustomization.yaml | 6 ++++++
config/manifests/kustomization.yaml | 2 +-
5 files changed, 20 insertions(+), 2 deletions(-)
create mode 100644 config/manifests/bases/kustomization.yaml
diff --git a/Makefile b/Makefile
index 73252831..5c369fb9 100644
--- a/Makefile
+++ b/Makefile
@@ -54,6 +54,12 @@ OPERATOR_SDK_VERSION ?= v1.34.2
# Image URL to use all building/pushing image targets
IMG ?= $(IMAGE_TAG_BASE):$(VERSION)
+# kube-rbac-proxy image base
+KRP_IMAGE_BASE ?= quay.io/brancz/kube-rbac-proxy
+
+# kube-rbac-proxy image tag
+KRP_IMAGE_TAG ?= v0.18.0
+
.PHONY: all
all: docker-build
@@ -179,6 +185,8 @@ endif
bundle: kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files.
$(OPERATOR_SDK) generate kustomize manifests --interactive=false -q
cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
+ cd config/manifests/bases && $(KUSTOMIZE) edit set annotation containerImage:$(IMG)
+ cd config/default && $(KUSTOMIZE) edit set image kube-rbac-proxy=$(KRP_IMAGE_BASE):$(KRP_IMAGE_TAG)
$(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle $(BUNDLE_GEN_FLAGS)
@printf "%s\n" '' 'LABEL com.redhat.openshift.versions="v4.12"' 'LABEL com.redhat.delivery.operator.bundle=true' 'LABEL com.redhat.delivery.backport=true' >> bundle.Dockerfile
@printf "%s\n" '' ' # OpenShift annotations.' ' com.redhat.openshift.versions: v4.12' >> bundle/metadata/annotations.yaml
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
index 6c923544..37ba23c2 100644
--- a/config/default/kustomization.yaml
+++ b/config/default/kustomization.yaml
@@ -28,3 +28,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
patches:
- path: manager_auth_proxy_patch.yaml
+images:
+- name: kube-rbac-proxy
+ newName: quay.io/brancz/kube-rbac-proxy
+ newTag: v0.18.0
diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml
index d3ef6a37..c656eaeb 100644
--- a/config/default/manager_auth_proxy_patch.yaml
+++ b/config/default/manager_auth_proxy_patch.yaml
@@ -31,7 +31,7 @@ spec:
capabilities:
drop:
- "ALL"
- image: quay.io/brancz/kube-rbac-proxy:v0.18.0
+ image: kube-rbac-proxy:latest
args:
- "--secure-listen-address=0.0.0.0:8443"
- "--upstream=http://127.0.0.1:8080/"
diff --git a/config/manifests/bases/kustomization.yaml b/config/manifests/bases/kustomization.yaml
new file mode 100644
index 00000000..140d51c1
--- /dev/null
+++ b/config/manifests/bases/kustomization.yaml
@@ -0,0 +1,6 @@
+resources:
+- nginx-ingress-operator.clusterserviceversion.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+commonAnnotations:
+ containerImage: quay.io/nginx/nginx-ingress-operator:2.3.1
diff --git a/config/manifests/kustomization.yaml b/config/manifests/kustomization.yaml
index 098845dd..96753aea 100644
--- a/config/manifests/kustomization.yaml
+++ b/config/manifests/kustomization.yaml
@@ -1,7 +1,7 @@
# These resources constitute the fully configured set of manifests
# used to generate the 'manifests/' directory in a bundle.
resources:
-- bases/nginx-ingress-operator.clusterserviceversion.yaml
+- bases
- ../default
- ../samples
- ../scorecard
From 770c7cd2770e2de8e63c2450aea1e20edb90af1b Mon Sep 17 00:00:00 2001
From: Paul Abel
Date: Thu, 8 Aug 2024 17:01:53 +0100
Subject: [PATCH 2/2] make it clear which values are placeholders
---
.../nginx-ingress-operator.clusterserviceversion.yaml | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/config/manifests/bases/nginx-ingress-operator.clusterserviceversion.yaml b/config/manifests/bases/nginx-ingress-operator.clusterserviceversion.yaml
index 8516b5d6..93742a63 100644
--- a/config/manifests/bases/nginx-ingress-operator.clusterserviceversion.yaml
+++ b/config/manifests/bases/nginx-ingress-operator.clusterserviceversion.yaml
@@ -6,7 +6,7 @@ metadata:
capabilities: Basic Install
categories: Monitoring, Networking
certified: "true"
- containerImage: quay.io/nginx/nginx-ingress-operator:2.3.1
+ containerImage: nginx-ingress-operator:latest
createdAt: placeholder
description: The NGINX Ingress Operator is a Kubernetes/OpenShift component which
deploys and manages one or more NGINX/NGINX Plus Ingress Controllers
@@ -185,7 +185,7 @@ spec:
- --metrics-bind-address=127.0.0.1:8080
- --leader-elect
- --leader-election-id=nginx-ingress-operator
- image: quay.io/nginx/nginx-ingress-operator:2.3.1
+ image: nginx-ingress-operator:latest
livenessProbe:
httpGet:
path: /healthz
@@ -288,7 +288,7 @@ spec:
- email: kubernetes@nginx.com
name: NGINX Inc
maturity: alpha
- minKubeVersion: 1.23.0
+ minKubeVersion: 1.26.0
provider:
name: NGINX Inc
- version: 2.3.1
+ version: 0.0.0