Merge pull request #83 from openshift-bot/synchronize-upstream

NO-ISSUE: Synchronize From Upstream Repositories

Author: openshift-merge-bot[bot]

commitchecker.yaml

@@ -1,4 +1,4 @@
-expectedMergeBase: 38da6fc3c70c60d4da570333a3e5fc005192d44f
+expectedMergeBase: 8cdb7c32aea04da553811232b790d73c1702c49c
 upstreamBranch: main
 upstreamOrg: operator-framework
 upstreamRepo: operator-controller

config/default/kustomization.yaml

@@ -26,14 +26,6 @@ resources:
 # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
 #- ../prometheus
 
-patches:
-# Protect the /metrics endpoint by putting it behind auth.
-# If you want your controller-manager to expose the /metrics
-# endpoint w/o any authn/z, please comment the following line.
-- path: manager_auth_proxy_patch.yaml
-
-
-
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
 #- manager_webhook_patch.yaml

config/default/manager_auth_proxy_patch.yaml

@@ -28,26 +28,22 @@ spec:
       labels:
         control-plane: controller-manager
     spec:
-      # TODO(user): Uncomment the following code to configure the nodeAffinity expression
-      # according to the platforms which are supported by your solution.
-      # It is considered best practice to support multiple architectures. You can
-      # build your manager image using the makefile target docker-buildx.
-      # affinity:
-      #   nodeAffinity:
-      #     requiredDuringSchedulingIgnoredDuringExecution:
-      #       nodeSelectorTerms:
-      #         - matchExpressions:
-      #           - key: kubernetes.io/arch
-      #             operator: In
-      #             values:
-      #               - amd64
-      #               - arm64
-      #               - ppc64le
-      #               - s390x
-      #           - key: kubernetes.io/os
-      #             operator: In
-      #             values:
-      #               - linux
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                - key: kubernetes.io/arch
+                  operator: In
+                  values:
+                    - amd64
+                    - arm64
+                    - ppc64le
+                    - s390x
+                - key: kubernetes.io/os
+                  operator: In
+                  values:
+                    - linux
       securityContext:
         runAsNonRoot: true
         seccompProfile:
@@ -56,7 +52,10 @@ spec:
       - command:
         - /manager
         args:
-        - --leader-elect
+        - "--health-probe-bind-address=:8081"
+        - "--metrics-bind-address=127.0.0.1:8080"
+        - "--leader-elect"
+        - "--feature-gates=ForceSemverUpgradeConstraints=true"
         image: controller:latest
         imagePullPolicy: IfNotPresent
         name: manager
@@ -86,6 +85,26 @@ spec:
           requests:
             cpu: 10m
             memory: 64Mi
+      - name: kube-rbac-proxy
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+              - "ALL"
+        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1
+        args:
+        - "--secure-listen-address=0.0.0.0:8443"
+        - "--upstream=http://127.0.0.1:8080/"
+        - "--logtostderr=true"
+        - "--v=0"
+        ports:
+        - containerPort: 8443
+          protocol: TCP
+          name: https
+        resources:
+          requests:
+            cpu: 5m
+            memory: 64Mi
       serviceAccountName: controller-manager
       terminationGracePeriodSeconds: 10
       volumes:

config/manager/manager.yaml

@@ -1,76 +1,126 @@
-Extension authors have the mechanisms to offer their product as part of a curated catalog of extensions, that they can push updates to over-the-air (eg publish new versions, publish patched versions with CVEs, etc). Cluster admins can sign up to receive these updates on clusters, by adding the catalog to the cluster. When a catalog is added to a cluster, the kubernetes extension packages in that catalog become available on cluster for installation and receiving updates.  
-
-For example, the [k8s-operatorhub/community-operators](https://github.com/k8s-operatorhub/community-operators) is a catalog of curated extensions that contains a list of extensions being developed by the community. The list of extensions can be viewed in [Operatorhub.io](https://operatorhub.io). This catalog is distributed as an image [quay.io/operatorhubio/catalog](https://quay.io/repository/operatorhubio/catalog?tag=latest&tab=tags) for consumption on clusters. 
-
-To consume this catalog on cluster, create a `Catalog` Custom Resource(CR) with the image specified in the `spec.source.image` field: 
-
-```bash
-$ kubectl apply -f - <<EOF
-apiVersion: catalogd.operatorframework.io/v1alpha1
-kind: Catalog
-metadata:
-  name: operatorhubio
-spec:
-  source:
-    type: image
-    image:
-      ref: quay.io/operatorhubio/catalog:latest
-EOF
-```
-
-The packages made available for installation/receiving updates on cluster can then be explored by querying the `Package` and `BundleMetadata` CRs: 
-
-```bash
-$ kubectl get packages 
-NAME                                                     AGE
-operatorhubio-ack-acm-controller                         3m12s
-operatorhubio-ack-apigatewayv2-controller                3m12s
-operatorhubio-ack-applicationautoscaling-controller      3m12s
-operatorhubio-ack-cloudtrail-controller                  3m12s
-operatorhubio-ack-dynamodb-controller                    3m12s
-operatorhubio-ack-ec2-controller                         3m12s
-operatorhubio-ack-ecr-controller                         3m12s
-operatorhubio-ack-eks-controller                         3m12s
-operatorhubio-ack-elasticache-controller                 3m12s
-operatorhubio-ack-emrcontainers-controller               3m12s
-operatorhubio-ack-eventbridge-controller                 3m12s
-operatorhubio-ack-iam-controller                         3m12s
-operatorhubio-ack-kinesis-controller                     3m12s
-operatorhubio-ack-kms-controller                         3m12s
-operatorhubio-ack-lambda-controller                      3m12s
-operatorhubio-ack-memorydb-controller                    3m12s
-operatorhubio-ack-mq-controller                          3m12s
-operatorhubio-ack-opensearchservice-controller           3m12s
-.
-.
-.
-
-$ kubectl get bundlemetadata 
-NAME                                                            AGE
-operatorhubio-ack-acm-controller.v0.0.1                         3m58s
-operatorhubio-ack-acm-controller.v0.0.2                         3m58s
-operatorhubio-ack-acm-controller.v0.0.4                         3m58s
-operatorhubio-ack-acm-controller.v0.0.5                         3m58s
-operatorhubio-ack-acm-controller.v0.0.6                         3m58s
-operatorhubio-ack-apigatewayv2-controller.v0.0.10               3m58s
-operatorhubio-ack-apigatewayv2-controller.v0.0.11               3m58s
-operatorhubio-ack-apigatewayv2-controller.v0.0.12               3m58s
-operatorhubio-ack-apigatewayv2-controller.v0.0.13               3m58s
-operatorhubio-ack-apigatewayv2-controller.v0.0.14               3m58s
-operatorhubio-ack-apigatewayv2-controller.v0.0.15               3m58s
-operatorhubio-ack-apigatewayv2-controller.v0.0.16               3m58s
-operatorhubio-ack-apigatewayv2-controller.v0.0.17               3m58s
-operatorhubio-ack-apigatewayv2-controller.v0.0.18               3m58s
-operatorhubio-ack-apigatewayv2-controller.v0.0.19               3m58s
-operatorhubio-ack-apigatewayv2-controller.v0.0.20               3m58s
-operatorhubio-ack-apigatewayv2-controller.v0.0.21               3m58s
-operatorhubio-ack-apigatewayv2-controller.v0.0.22               3m58s
-operatorhubio-ack-apigatewayv2-controller.v0.0.9                3m58s
-operatorhubio-ack-apigatewayv2-controller.v0.1.0                3m58s
-operatorhubio-ack-apigatewayv2-controller.v0.1.1                3m58s
-operatorhubio-ack-apigatewayv2-controller.v0.1.2                3m58s
-operatorhubio-ack-apigatewayv2-controller.v0.1.3                3m58s
-.
-.
-.
-```
+# Adding a catalog of extensions to a cluster
+
+Extension authors can publish their products in catalogs.
+Catalogs are curated collections of Kubernetes extensions, such as Operators.
+Cluster administrators can add these catalogs to their cluster.
+Cluster administrators can enable polling to get over-the-air updates to catalogs when extension authors publish changes such as bug fixes and new features.
+
+For example, the [Kubernetes community Operators catalog](https://github.com/k8s-operatorhub/community-operators) is a catalog of curated extensions that is developed by the Kubernetes community.
+You can see the available extensions at [Operatorhub.io](https://operatorhub.io).
+This catalog is distributed as an image [quay.io/operatorhubio/catalog](https://quay.io/repository/operatorhubio/catalog?tag=latest&tab=tags) that can be installed on clusters.
+
+## Prerequisites
+
+* Access to a Kubernetes cluster, for example `kind`, using an account with `cluster-admin` permissions
+* [Operator Controller installed](https://github.com/operator-framework/operator-controller/releases) on the cluster
+* [Catalogd installed](https://github.com/operator-framework/catalogd/releases/) on the cluster
+* Kubernetes CLI (`kubectl`) installed on your workstation
+
+## Procedure
+
+1. Create a catalog custom resource (CR):
+
+    ``` yaml title="catalog_cr.yaml"
+    apiVersion: catalogd.operatorframework.io/v1alpha1
+    kind: Catalog
+    metadata:
+      name: operatorhubio
+    spec:
+      source:
+        type: image
+        image:
+          ref: <catalog_image>
+          pollInterval: <poll_interval_duration>
+    ```
+
+    `catalog_name`
+    :   Specifies the image reference for the catalog you want to install, such as `quay.io/operatorhubio/catalog:latest`.
+
+    `poll_interval_duration`
+    :   Specifies the interval for polling the remote registry for newer image digests.
+            The default value is `24h`.
+            Valid units include seconds (`s`), minutes (`m`), and hours (`h`).
+            To disable polling, set a zero value, such as `0s`.
+
+    ``` yaml title="Example `operatorhubio.yaml` CR"
+    apiVersion: catalogd.operatorframework.io/v1alpha1
+    kind: Catalog
+    metadata:
+      name: operatorhub
+    spec:
+      source:
+        type: image
+        image:
+          ref: quay.io/operatorhubio/catalog:latest
+          pollInterval: 1h
+    ```
+
+2. Apply the catalog CR:
+
+    ``` terminal
+    $ kubectl apply -f <catalog_cr>.yaml
+    ```
+
+    ``` text title="Example output"
+    catalog.catalogd.operatorframework.io/redhat-operators created
+    ```
+
+### Verification
+
+* Run the following commands to verify the status of your catalog:
+
+    * Check if your catalog is available on the cluster:
+
+        ``` terminal
+        $ kubectl get catalog
+        ```
+
+        ``` terminal title="Example output"
+        NAME            PHASE   AGE
+        operatorhubio           9s
+        ```
+
+    * Check the status of your catalog:
+
+        ``` terminal
+        $ kubectl describe catalog
+        ```
+
+        ``` terminal title="Example output"
+        Name:         operatorhubio
+        Namespace:
+        Labels:       <none>
+        Annotations:  <none>
+        API Version:  catalogd.operatorframework.io/v1alpha1
+        Kind:         Catalog
+        Metadata:
+          Creation Timestamp:  2024-03-12T19:34:50Z
+          Finalizers:
+            catalogd.operatorframework.io/delete-server-cache
+          Generation:        2
+          Resource Version:  6469
+          UID:               2e2778cb-dda6-4645-96b7-992e8dd37503
+        Spec:
+          Source:
+            Image:
+              Poll Interval:  15m0s
+              Ref:            quay.io/operatorhubio/catalog:latest
+            Type:             image
+        Status:
+          Conditions:
+            Last Transition Time:  2024-03-12T19:35:34Z
+            Message:
+            Reason:                UnpackSuccessful
+            Status:                True
+            Type:                  Unpacked
+          Content URL:             http://catalogd-catalogserver.catalogd-system.svc/catalogs/operatorhubio/all.json
+          Observed Generation:     2
+          Phase:                   Unpacked
+          Resolved Source:
+            Image:
+              Last Poll Attempt:  2024-03-12T19:35:26Z
+              Ref:                quay.io/operatorhubio/catalog:latest
+              Resolved Ref:       quay.io/operatorhubio/catalog@sha256:dee29aaed76fd1c72b654b9bc8bebc4b48b34fd8d41ece880524dc0c3c1c55ec
+            Type:                 image
+        Events:                   <none>
+        ```

docs/Tasks/adding-a-catalog.md

@@ -16,7 +16,7 @@ mergedeep==1.3.4
 mkdocs==1.5.3
 mkdocs-material==9.5.13
 mkdocs-material-extensions==1.3.1
-packaging==23.2
+packaging==24.0
 paginate==0.5.6
 pathspec==0.12.1
 platformdirs==4.2.0

docs/requirements.txt

@@ -14,3 +14,15 @@ nav:
     - Explore extensions available for installation: 'Tasks/explore-available-packages.md'
     - Installing an extension: 'Tasks/installing-an-extension.md'
     - Deleting an extension: 'Tasks/uninstall-an-extension.md'
+
+markdown_extensions:
+  - pymdownx.highlight:
+      anchor_linenums: true
+      line_spans: __span
+      pygments_lang_class: true
+  - pymdownx.inlinehilite
+  - pymdownx.snippets
+  - pymdownx.superfences
+  - def_list
+  - pymdownx.tasklist:
+      custom_checkbox: true

mkdocs.yml

@@ -0,0 +1,4 @@
+# netlify.toml
+[build]
+  command = "mkdocs build"
+  publish = "site"