OPRUN-4017: Synchronize From Upstream Repositories #408
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Introduces an early-warning series of prometheus alerts to attempt to catch issues with performance at an early stage in development. Signed-off-by: Daniel Franz <[email protected]>
The use of the namespace parameter is kustomization files is very tricky. In one particular instance, we have an ordering issue with the cert-manager CA component. If not ordered correctly in the set of kustomization files, the CA component namespace will be overwritten by prior namespace directives. This eliminates that edge case, and makes the kustomization more robust. Downstream uses a different overlay, so there's no issue there. Also, add `-n` option to the install script to allow users to easily change the namespace that they install OLMv1 into. Note that the manifests don't change; so this keep everything as-is. Signed-off-by: Todd Short <[email protected]>
Did you know you can validate your codecov.yaml file? ``` curl -X POST --data-binary @codecov.yml https://codecov.io/validate ``` Our codecov.yaml file was not valid, now it is. Signed-off-by: Todd Short <[email protected]>
Bumps [github.com/containers/image/v5](https://github.com/containers/image) from 5.35.0 to 5.36.0. - [Release notes](https://github.com/containers/image/releases) - [Commits](containers/image@v5.35.0...v5.36.0) --- updated-dependencies: - dependency-name: github.com/containers/image/v5 dependency-version: 5.36.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Split rbac generation into experimental/standard Signed-off-by: Per Goncalves da Silva <[email protected]> * Add rbac standard/experimental split to catalogd Signed-off-by: Per Goncalves da Silva <[email protected]> * Add catalogd webhook exp/standard split Signed-off-by: Per Goncalves da Silva <[email protected]> * Fix merge conflicts Signed-off-by: Per Goncalves da Silva <[email protected]> --------- Signed-off-by: Per Goncalves da Silva <[email protected]> Co-authored-by: Per Goncalves da Silva <[email protected]>
Adding comment for traceability to prometheus alert rules. Move prometheus installation to new script to clean up makefile. Signed-off-by: Daniel Franz <[email protected]>
Signed-off-by: dtfranz <[email protected]> UPSTREAM: <carry>: Update generate-manifests to handle new directory The `default` directory was renamed `base`. Signed-off-by: Todd Short <[email protected]> The `base` directory was moved to `base\operator-controller`. Signed-off-by: Todd Short <[email protected]> UPSTREAM: <carry>: Drop commitchecker Signed-off-by: Alexander Greene <[email protected]> UPSTREAM: <carry>: Updating ose-olm-operator-controller-container image to be consistent with ART Reconciling with https://github.com/openshift/ocp-build-data/tree/4022cd290f00a44d667dda03f2d78d84a488c7ed/images/ose-olm-operator-controller.yml UPSTREAM: <carry>: update owners * Remove alumni from owners * Add m1kola to approvers Signed-off-by: Mikalai Radchuk <[email protected]> UPSTREAM: <carry>: Add pointer to tooling README UPSTREAM: <carry>: Disable Validating Admission Policy APIs downstream Signed-off-by: Mikalai Radchuk <[email protected]> UPSTREAM: <carry>: Updating ose-olm-operator-controller-container image to be consistent with ART for 4.16 Reconciling with https://github.com/openshift/ocp-build-data/tree/6250d54c4686a708ca5985afb73080e8ca9a1f7f/images/ose-olm-operator-controller.yml UPSTREAM: <carry>: Enable Validating Admission Policy APIs downstream * This reverts commit 3f079c4. * Includes Validating Admission Policy manifests Signed-off-by: Mikalai Radchuk <[email protected]> UPSTREAM: <carry>: manifests: set required-scc for openshift workloads UPSTREAM: <carry>: Updating ose-olm-operator-controller-container image to be consistent with ART for 4.17 Reconciling with https://github.com/openshift/ocp-build-data/tree/4c1326094222f9209876f06833179a1b9178faf7/images/ose-olm-operator-controller.yml UPSTREAM: <carry>: add everettraven to approvers+reviewers Signed-off-by: everettraven <[email protected]> UPSTREAM: <carry>: add openshift kustomize overlay to enable TLS communication with catalogd. Configure the CA certs using the configmap injection method via service-ca-operator Signed-off-by: everettraven <[email protected]> UPSTREAM: <carry>: Add tmshort to approvers Also `s/runtime/framework/g` in the DOWNSTREAM_OWNERS Signed-off-by: Todd Short <[email protected]> UPSTREAM: <carry>: Updating ose-olm-operator-controller-container image to be consistent with ART for 4.18 Reconciling with https://github.com/openshift/ocp-build-data/tree/dd68246f3237db5db458127566fc7b05b55e1660/images/ose-olm-operator-controller.yml UPSTREAM: <carry>: Properly copy and call kustomize Signed-off-by: Todd Short <[email protected]> UPSTREAM: <carry>: manifests: add hostPath mount for /etc/containers Signed-off-by: Joe Lanford <[email protected]> UPSTREAM: <carry>: Add test-e2e target for downstream Makefile to be run by openshift/release. Signed-off-by: dtfranz <[email protected]> UPSTREAM: <carry>: Add downstream verify makefile target Signed-off-by: dtfranz <[email protected]> UPSTREAM: <carry>: openshift: template log verbosity to be managed by cluster-olm-operator Signed-off-by: Joe Lanford <[email protected]> UPSTREAM: <carry>: Add global-pull-secret flag Pass global-pull-secret to the manager container. Signed-off-by: Mikalai Radchuk <[email protected]> UPSTREAM: <carry>: Update openshift CAs to operator-controller The /run/secrets/kubernetes.io/serviceaccount/ directory is projected into the pod and contains the following CA certificates: * configmap/kube-root-ca.crt as ca.crt * configmap/openshift-service-ca.crt as service-ca.crt Update the --ca-certs-dir argument to reference the directory. Signed-off-by: Todd Short <[email protected]> UPSTREAM: <carry>: Add HowTo for origin tests Signed-off-by: Todd Short <[email protected]> UPSTREAM: <carry>: Add e2e registry Dockerfile Signed-off-by: dtfranz <[email protected]> UPSTREAM: <carry>: add nodeSelector and tolerations to operator-controller deployment via kustomize patch Signed-off-by: everettraven <[email protected]> UPSTREAM: <carry>: namespace: use privileged PSA for audit and warn levels Signed-off-by: Joe Lanford <[email protected]> UPSTREAM: <carry>: Enable downstream e2e Signed-off-by: dtfranz <[email protected]> UPSTREAM: <carry>: Remove m1kola from owners Signed-off-by: Mikalai Radchuk <[email protected]> UPSTREAM: <carry>: Updating ose-olm-operator-controller-container image to be consistent with ART for 4.19 Reconciling with https://github.com/openshift/ocp-build-data/tree/a39508c86497b4e5e463d7b2c78e51e577be9e7d/images/ose-olm-operator-controller.yml UPSTREAM: <carry>: generate and mount service-ca server cert Signed-off-by: Joe Lanford <[email protected]> UPSTREAM: <carry>: Add support for proxy trustedCAs Just map the list of trusted ca certs into the deployment Signed-off-by: Todd Short <[email protected]> UPSTREAM: <carry>: Fix error to build the image Copy correct (new) executable name for operator-controller Signed-off-by: Todd Short <[email protected]> UPSTREAM: <carry>: Fix make verify for mac os envs Joe Lanford <[email protected]> UPSTREAM: <carry>: Move operator-controller openshift files to its own dir UPSTREAM: <carry>: Upgrade OCP images from 4.18 to 4.19 UPSTREAM: <carry>: Add Openshift's catalogd manifests - Move to openshift/catalogd the specific manifest under: https://github.com/openshift/operator-framework-catalogd/tree/main/openshift - Add call to generate catalogd manifest to 'make manifest'. Make verify test is now done for catalogd and operator-controller Openshift's manifests UPSTREAM: <carry>: resolve issue with pre-mature mounting of trusted CA configmap Signed-off-by: Joe Lanford <[email protected]> UPSTREAM: <carry>: Add /etc/docker to the operator-controller and catalogd deployments This allows for use of the any image.config.openshift.io trusted CAs Signed-off-by: Todd Short <[email protected]> UPSTREAM: <carry>: fixup catalogd.Dockerfile paths Signed-off-by: Joe Lanford <[email protected]> UPSTREAM: <carry>: Resolve issue with pre-mature mounting of service CA configmap Signed-off-by: Todd Short <[email protected]> UPSTREAM: <carry>: use projected volume for CAs to avoid subPath limitations Signed-off-by: Joe Lanford <[email protected]> UPSTREAM: <carry>: Revert "UPSTREAM: <carry>: use projected volume for CAs to avoid subPath limitations" This reverts commit 548caa4. UPSTREAM: <carry>: use projected volume for CAs to avoid subPath limitations Signed-off-by: Joe Lanford <[email protected]> UPSTREAM: <carry>: Remove vet from openshift verify The `vet` target was removed upstream. Signed-off-by: Todd Short <[email protected]> UPSTREAM: <carry>: Skip another upstream test Signed-off-by: Todd Short <[email protected]> UPSTREAM: <carry>: Cleanup openshift/Makefile by removing no longer required comments regards catalogd e2e tests UPSTREAM: <carry>: Enable OCP metrics collection by default Enables OCP to collect Prometheus metrics for both catalogd and operator-controller by default. This is accomplished via ServiceMonitor CRs which are now created for both projects.
The root catalogd directory has been removed Signed-off-by: Todd Short <[email protected]>
Signed-off-by: Todd Short <[email protected]>
Signed-off-by: Catherine Chan-Tse <[email protected]> (cherry picked from commit 9b4a113)
Signed-off-by: Todd Short <[email protected]>
Signed-off-by: Jian Zhang <[email protected]>
Signed-off-by: Todd Short <[email protected]>
This reverts commit a98980b.
techpreview is no longer a required option. Signed-off-by: Todd Short <[email protected]>
… docker credentials"
…he caller (follow-up 345)
…s with right permissions to avoid issues scenarios
…ements of initial implementation
Signed-off-by: Jian Zhang <[email protected]>
Signed-off-by: Todd Short <[email protected]>
…k for executable files in filesystem Checks if given paths exist and point to executable files or valid symlinks.
Upstream now uses a different image Signed-off-by: Todd Short <[email protected]>
…file This adds a test-experimental-e2e target to allow the CI to run the experimental e2e test. Signed-off-by: Todd Short <[email protected]>
… to allow proper integration with OCP tests
The standard manifest was being copied rather than the experimental manifest. This meant that the expected feature-flags are not present. This is failing now that we are doing a check for those feature-flags. Signed-off-by: Todd Short <[email protected]>
openshift-ci-robot
added
the
jira/valid-reference
|
@tmshort: This pull request explicitly references no jira issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci
bot
added
the
tide/merge-method-merge
|
@tmshort: GitHub didn't allow me to request PR reviews from the following users: openshift/openshift-team-operator-framework. Note that only openshift members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@tmshort: The label(s) In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: tmshort The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
/hold |
openshift-ci
bot
added
the
do-not-merge/hold
Signed-off-by: Todd Short <[email protected]>
Signed-off-by: Todd Short <[email protected]>
tmshort
changed the title
|
@tmshort: This pull request references OPRUN-4017 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.20.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@tmshort: This pull request references OPRUN-4017 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.20.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
1 similar comment
|
@tmshort: This pull request references OPRUN-4017 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.20.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/lgtm |
|
/test openshift-e2e-aws |
|
@tmshort: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
/unhold |
openshift-ci
bot
removed
the
do-not-merge/hold
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
s/namespace: system/namespace: olmv1-system/gUPSTREAM: <carry>commit was to handle the upstream changes to the manifest rbac/webhook (basically OPRUN-4017)The downstream repository has been updated with the following following upstream commits:
The
vendor/directory has been updated and the following commits were carried:This pull request is expected to merge without any human intervention. If tests are failing here, changes must land upstream to fix any issues so that future downstreaming efforts succeed.
/cc @openshift/openshift-team-operator-framework
/label tide/merge-method-merge
/label kind/sync
/label do-not-merge/hold