From c68699bef13c23f389da06a6d0d3be94990310e2 Mon Sep 17 00:00:00 2001 From: Paul Abel Date: Thu, 8 Aug 2024 15:35:55 +0100 Subject: [PATCH 1/2] allow customer to set kube-rbac-proxy image --- Makefile | 8 ++++++++ config/default/kustomization.yaml | 4 ++++ config/default/manager_auth_proxy_patch.yaml | 2 +- config/manifests/bases/kustomization.yaml | 6 ++++++ config/manifests/kustomization.yaml | 2 +- 5 files changed, 20 insertions(+), 2 deletions(-) create mode 100644 config/manifests/bases/kustomization.yaml diff --git a/Makefile b/Makefile index 73252831..5c369fb9 100644 --- a/Makefile +++ b/Makefile @@ -54,6 +54,12 @@ OPERATOR_SDK_VERSION ?= v1.34.2 # Image URL to use all building/pushing image targets IMG ?= $(IMAGE_TAG_BASE):$(VERSION) +# kube-rbac-proxy image base +KRP_IMAGE_BASE ?= quay.io/brancz/kube-rbac-proxy + +# kube-rbac-proxy image tag +KRP_IMAGE_TAG ?= v0.18.0 + .PHONY: all all: docker-build @@ -179,6 +185,8 @@ endif bundle: kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files. $(OPERATOR_SDK) generate kustomize manifests --interactive=false -q cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG) + cd config/manifests/bases && $(KUSTOMIZE) edit set annotation containerImage:$(IMG) + cd config/default && $(KUSTOMIZE) edit set image kube-rbac-proxy=$(KRP_IMAGE_BASE):$(KRP_IMAGE_TAG) $(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle $(BUNDLE_GEN_FLAGS) @printf "%s\n" '' 'LABEL com.redhat.openshift.versions="v4.12"' 'LABEL com.redhat.delivery.operator.bundle=true' 'LABEL com.redhat.delivery.backport=true' >> bundle.Dockerfile @printf "%s\n" '' ' # OpenShift annotations.' ' com.redhat.openshift.versions: v4.12' >> bundle/metadata/annotations.yaml diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 6c923544..37ba23c2 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -28,3 +28,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization patches: - path: manager_auth_proxy_patch.yaml +images: +- name: kube-rbac-proxy + newName: quay.io/brancz/kube-rbac-proxy + newTag: v0.18.0 diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml index d3ef6a37..c656eaeb 100644 --- a/config/default/manager_auth_proxy_patch.yaml +++ b/config/default/manager_auth_proxy_patch.yaml @@ -31,7 +31,7 @@ spec: capabilities: drop: - "ALL" - image: quay.io/brancz/kube-rbac-proxy:v0.18.0 + image: kube-rbac-proxy:latest args: - "--secure-listen-address=0.0.0.0:8443" - "--upstream=http://127.0.0.1:8080/" diff --git a/config/manifests/bases/kustomization.yaml b/config/manifests/bases/kustomization.yaml new file mode 100644 index 00000000..140d51c1 --- /dev/null +++ b/config/manifests/bases/kustomization.yaml @@ -0,0 +1,6 @@ +resources: +- nginx-ingress-operator.clusterserviceversion.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +commonAnnotations: + containerImage: quay.io/nginx/nginx-ingress-operator:2.3.1 diff --git a/config/manifests/kustomization.yaml b/config/manifests/kustomization.yaml index 098845dd..96753aea 100644 --- a/config/manifests/kustomization.yaml +++ b/config/manifests/kustomization.yaml @@ -1,7 +1,7 @@ # These resources constitute the fully configured set of manifests # used to generate the 'manifests/' directory in a bundle. resources: -- bases/nginx-ingress-operator.clusterserviceversion.yaml +- bases - ../default - ../samples - ../scorecard From 770c7cd2770e2de8e63c2450aea1e20edb90af1b Mon Sep 17 00:00:00 2001 From: Paul Abel Date: Thu, 8 Aug 2024 17:01:53 +0100 Subject: [PATCH 2/2] make it clear which values are placeholders --- .../nginx-ingress-operator.clusterserviceversion.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/config/manifests/bases/nginx-ingress-operator.clusterserviceversion.yaml b/config/manifests/bases/nginx-ingress-operator.clusterserviceversion.yaml index 8516b5d6..93742a63 100644 --- a/config/manifests/bases/nginx-ingress-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/nginx-ingress-operator.clusterserviceversion.yaml @@ -6,7 +6,7 @@ metadata: capabilities: Basic Install categories: Monitoring, Networking certified: "true" - containerImage: quay.io/nginx/nginx-ingress-operator:2.3.1 + containerImage: nginx-ingress-operator:latest createdAt: placeholder description: The NGINX Ingress Operator is a Kubernetes/OpenShift component which deploys and manages one or more NGINX/NGINX Plus Ingress Controllers @@ -185,7 +185,7 @@ spec: - --metrics-bind-address=127.0.0.1:8080 - --leader-elect - --leader-election-id=nginx-ingress-operator - image: quay.io/nginx/nginx-ingress-operator:2.3.1 + image: nginx-ingress-operator:latest livenessProbe: httpGet: path: /healthz @@ -288,7 +288,7 @@ spec: - email: kubernetes@nginx.com name: NGINX Inc maturity: alpha - minKubeVersion: 1.23.0 + minKubeVersion: 1.26.0 provider: name: NGINX Inc - version: 2.3.1 + version: 0.0.0