Combine the catalogd services (#402)

Only need to define one service for:
* metrics
* webhook
* catalogd itself

Clean up the name of the service (now `catalogd-service`) and any
corresponding resources

Renumber the ports to 7443/8443/9443. The external port for the catalog
server is either 80 or 443.

Signed-off-by: Todd Short <todd.short@me.com>

Makefile

@@ -236,7 +236,7 @@ only-deploy-manifest: $(KUSTOMIZE) ## Deploy just the Catalogd manifest--used in
 
 wait:
 	kubectl wait --for=condition=Available --namespace=$(CATALOGD_NAMESPACE) deployment/catalogd-controller-manager --timeout=60s
-	kubectl wait --for=condition=Ready --namespace=$(CATALOGD_NAMESPACE) certificate/catalogd-catalogserver-cert # Avoid upgrade test flakes when reissuing cert
+	kubectl wait --for=condition=Ready --namespace=$(CATALOGD_NAMESPACE) certificate/catalogd-service-cert # Avoid upgrade test flakes when reissuing cert
 
 
 .PHONY: cert-manager

cmd/manager/main.go

@@ -91,7 +91,7 @@ func main() {
 		"Enable leader election for controller manager. "+
 			"Enabling this will ensure there is only one active controller manager.")
 	flag.StringVar(&systemNamespace, "system-namespace", "", "The namespace catalogd uses for internal state, configuration, and workloads")
-	flag.StringVar(&catalogServerAddr, "catalogs-server-addr", ":8083", "The address where the unpacked catalogs' content will be accessible")
+	flag.StringVar(&catalogServerAddr, "catalogs-server-addr", ":8443", "The address where the unpacked catalogs' content will be accessible")
 	flag.StringVar(&externalAddr, "external-address", "catalogd-catalogserver.olmv1-system.svc", "The external address at which the http(s) server is reachable.")
 	flag.StringVar(&cacheDir, "cache-dir", "/var/cache/", "The directory in the filesystem that catalogd will use for file based caching")
 	flag.BoolVar(&catalogdVersion, "version", false, "print the catalogd version and exit")

config/base/manager/catalogserver_service.yaml → config/base/manager/catalogd_service.yaml

@@ -4,7 +4,7 @@ metadata:
   labels:
       app.kubernetes.io/part-of: olm
       app.kubernetes.io/name: catalogd
-  name: catalogserver
+  name: service
   namespace: system
 spec:
   selector:
@@ -13,4 +13,12 @@ spec:
   - name: http
     protocol: TCP
     port: 80
-    targetPort: 8083
+    targetPort: 8443
+  - name: webhook
+    protocol: TCP
+    port: 9443
+    targetPort: 9443
+  - name: metrics
+    protocol: TCP
+    port: 7443
+    targetPort: 7443

config/base/manager/kustomization.yaml

@@ -1,8 +1,7 @@
 resources:
 - manager.yaml
-- catalogserver_service.yaml
+- catalogd_service.yaml
 - webhook/manifests.yaml
-- webhook/catalogd-webhook-service.yaml
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:

config/base/manager/manager.yaml

@@ -57,13 +57,13 @@ spec:
               - ALL
         image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0
         args:
-        - --secure-listen-address=0.0.0.0:8443
+        - --secure-listen-address=0.0.0.0:7443
         - --http2-disable
         - --upstream=http://127.0.0.1:8080/
         - --logtostderr=true
         - --v=0
         ports:
-        - containerPort: 8443
+        - containerPort: 7443
           protocol: TCP
           name: https
         resources:
@@ -76,7 +76,7 @@ spec:
         args:
         - --leader-elect
         - --metrics-bind-address=127.0.0.1:8080
-        - --external-address=catalogd-catalogserver.olmv1-system.svc
+        - --external-address=catalogd-service.olmv1-system.svc
         image: controller:latest
         name: manager
         volumeMounts:

config/base/manager/webhook/patch.yaml

@@ -4,10 +4,10 @@
   value: olmv1-system
 - op: replace
   path: /webhooks/0/clientConfig/service/name
-  value: catalogd-webhook-service
+  value: catalogd-service
 - op: add
   path: /webhooks/0/clientConfig/service/port
-  value: 443
+  value: 9443
 # Make sure there's a name defined, otherwise, we can't create a label. This could happen when generateName is set
 # Then, if any of the conditions are true, create the label:
 # 1. No labels exist

config/base/nginx-ingress/resources/nginx_ingress.yaml

@@ -12,6 +12,6 @@ spec:
         pathType: Prefix
         backend:
           service:
-            name: catalogd-catalogserver
+            name: catalogd-service
             port:
               number: 80

config/base/rbac/kustomization.yaml

@@ -9,10 +9,9 @@ resources:
 - role_binding.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
-# Comment the following 4 lines if you want to disable
+# Comment the following 3 lines if you want to disable
 # the auth proxy (https://github.com/brancz/kube-rbac-proxy)
 # which protects your /metrics endpoint.
-- auth_proxy_service.yaml
 - auth_proxy_role.yaml
 - auth_proxy_role_binding.yaml
 - auth_proxy_client_clusterrole.yaml

config/components/ca/patches/manager_deployment_cacerts.yaml

@@ -1,6 +1,6 @@
 - op: add
   path: /spec/template/spec/volumes/-
-  value: {"name":"olmv1-certificate", "secret":{"secretName":"catalogd-catalogserver-cert-git-version", "optional": false, "items": [{"key": "ca.crt", "path": "olm-ca.crt"}]}}
+  value: {"name":"olmv1-certificate", "secret":{"secretName":"catalogd-service-cert-git-version", "optional": false, "items": [{"key": "ca.crt", "path": "olm-ca.crt"}]}}
 - op: add
   path: /spec/template/spec/containers/1/volumeMounts/-
   value: {"name":"olmv1-certificate", "readOnly": true, "mountPath":"/var/ca-certs/"}

config/components/tls/kustomization.yaml

@@ -7,8 +7,8 @@ resources:
 patches:
 - target:
     kind: Service
-    name: catalogserver
-  path: patches/catalogserver_service_port.yaml
+    name: service
+  path: patches/catalogd_service_port.yaml
 - target:
     kind: Deployment
     name: controller-manager

config/components/tls/patches/manager_deployment_certs.yaml

@@ -1,6 +1,6 @@
 - op: add
   path: /spec/template/spec/volumes/-
-  value: {"name":"catalogserver-certs", "secret":{"secretName":"catalogd-catalogserver-cert-git-version"}}
+  value: {"name":"catalogserver-certs", "secret":{"secretName":"catalogd-service-cert-git-version"}}
 - op: add
   path: /spec/template/spec/containers/1/volumeMounts/-
   value: {"name":"catalogserver-certs", "mountPath":"/var/certs"}

config/components/tls/resources/certificate.yaml

@@ -2,16 +2,14 @@
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: catalogserver-cert
+  name: service-cert
   namespace: system
 spec:
-  secretName: catalogd-catalogserver-cert-git-version
+  secretName: catalogd-service-cert-git-version
   dnsNames:
     - localhost
-    - catalogd-catalogserver.olmv1-system.svc
-    - catalogd-webhook-service.olmv1-system.svc
-    - catalogd-catalogserver.olmv1-system.svc.cluster.local
-    - catalogd-webhook-service.olmv1-system.svc.cluster.local
+    - catalogd-service.olmv1-system.svc
+    - catalogd-service.olmv1-system.svc.cluster.local
   privateKey:
     algorithm: ECDSA
     size: 256