diff --git a/Makefile b/Makefile index d0bac37b..070eca7a 100644 --- a/Makefile +++ b/Makefile @@ -236,7 +236,7 @@ only-deploy-manifest: $(KUSTOMIZE) ## Deploy just the Catalogd manifest--used in wait: kubectl wait --for=condition=Available --namespace=$(CATALOGD_NAMESPACE) deployment/catalogd-controller-manager --timeout=60s - kubectl wait --for=condition=Ready --namespace=$(CATALOGD_NAMESPACE) certificate/catalogd-catalogserver-cert # Avoid upgrade test flakes when reissuing cert + kubectl wait --for=condition=Ready --namespace=$(CATALOGD_NAMESPACE) certificate/catalogd-service-cert # Avoid upgrade test flakes when reissuing cert .PHONY: cert-manager diff --git a/cmd/manager/main.go b/cmd/manager/main.go index b96bbce0..ac430dea 100644 --- a/cmd/manager/main.go +++ b/cmd/manager/main.go @@ -91,7 +91,7 @@ func main() { "Enable leader election for controller manager. "+ "Enabling this will ensure there is only one active controller manager.") flag.StringVar(&systemNamespace, "system-namespace", "", "The namespace catalogd uses for internal state, configuration, and workloads") - flag.StringVar(&catalogServerAddr, "catalogs-server-addr", ":8083", "The address where the unpacked catalogs' content will be accessible") + flag.StringVar(&catalogServerAddr, "catalogs-server-addr", ":8443", "The address where the unpacked catalogs' content will be accessible") flag.StringVar(&externalAddr, "external-address", "catalogd-catalogserver.olmv1-system.svc", "The external address at which the http(s) server is reachable.") flag.StringVar(&cacheDir, "cache-dir", "/var/cache/", "The directory in the filesystem that catalogd will use for file based caching") flag.BoolVar(&catalogdVersion, "version", false, "print the catalogd version and exit") diff --git a/config/base/manager/catalogserver_service.yaml b/config/base/manager/catalogd_service.yaml similarity index 59% rename from config/base/manager/catalogserver_service.yaml rename to config/base/manager/catalogd_service.yaml index 54a82b06..693b687f 100644 --- a/config/base/manager/catalogserver_service.yaml +++ b/config/base/manager/catalogd_service.yaml @@ -4,7 +4,7 @@ metadata: labels: app.kubernetes.io/part-of: olm app.kubernetes.io/name: catalogd - name: catalogserver + name: service namespace: system spec: selector: @@ -13,4 +13,12 @@ spec: - name: http protocol: TCP port: 80 - targetPort: 8083 + targetPort: 8443 + - name: webhook + protocol: TCP + port: 9443 + targetPort: 9443 + - name: metrics + protocol: TCP + port: 7443 + targetPort: 7443 diff --git a/config/base/manager/kustomization.yaml b/config/base/manager/kustomization.yaml index 66ff6971..4ca2781d 100644 --- a/config/base/manager/kustomization.yaml +++ b/config/base/manager/kustomization.yaml @@ -1,8 +1,7 @@ resources: - manager.yaml -- catalogserver_service.yaml +- catalogd_service.yaml - webhook/manifests.yaml -- webhook/catalogd-webhook-service.yaml apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: diff --git a/config/base/manager/manager.yaml b/config/base/manager/manager.yaml index f1ff8189..f6a177f5 100644 --- a/config/base/manager/manager.yaml +++ b/config/base/manager/manager.yaml @@ -57,13 +57,13 @@ spec: - ALL image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0 args: - - --secure-listen-address=0.0.0.0:8443 + - --secure-listen-address=0.0.0.0:7443 - --http2-disable - --upstream=http://127.0.0.1:8080/ - --logtostderr=true - --v=0 ports: - - containerPort: 8443 + - containerPort: 7443 protocol: TCP name: https resources: @@ -76,7 +76,7 @@ spec: args: - --leader-elect - --metrics-bind-address=127.0.0.1:8080 - - --external-address=catalogd-catalogserver.olmv1-system.svc + - --external-address=catalogd-service.olmv1-system.svc image: controller:latest name: manager volumeMounts: diff --git a/config/base/manager/webhook/catalogd-webhook-service.yaml b/config/base/manager/webhook/catalogd-webhook-service.yaml deleted file mode 100644 index ca629eea..00000000 --- a/config/base/manager/webhook/catalogd-webhook-service.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: webhook-service - namespace: system -spec: - ports: - - port: 443 - targetPort: 9443 - selector: - control-plane: catalogd-controller-manager diff --git a/config/base/manager/webhook/patch.yaml b/config/base/manager/webhook/patch.yaml index 78dec639..ab8528c7 100644 --- a/config/base/manager/webhook/patch.yaml +++ b/config/base/manager/webhook/patch.yaml @@ -4,10 +4,10 @@ value: olmv1-system - op: replace path: /webhooks/0/clientConfig/service/name - value: catalogd-webhook-service + value: catalogd-service - op: add path: /webhooks/0/clientConfig/service/port - value: 443 + value: 9443 # Make sure there's a name defined, otherwise, we can't create a label. This could happen when generateName is set # Then, if any of the conditions are true, create the label: # 1. No labels exist diff --git a/config/base/nginx-ingress/resources/nginx_ingress.yaml b/config/base/nginx-ingress/resources/nginx_ingress.yaml index 3fe798c4..81f775fb 100644 --- a/config/base/nginx-ingress/resources/nginx_ingress.yaml +++ b/config/base/nginx-ingress/resources/nginx_ingress.yaml @@ -12,6 +12,6 @@ spec: pathType: Prefix backend: service: - name: catalogd-catalogserver + name: catalogd-service port: number: 80 diff --git a/config/base/rbac/auth_proxy_service.yaml b/config/base/rbac/auth_proxy_service.yaml deleted file mode 100644 index ee24bd76..00000000 --- a/config/base/rbac/auth_proxy_service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/part-of: olm - app.kubernetes.io/name: catalogd - name: controller-manager-metrics-service - namespace: system -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - selector: - control-plane: catalogd-controller-manager diff --git a/config/base/rbac/kustomization.yaml b/config/base/rbac/kustomization.yaml index 731832a6..31d315b2 100644 --- a/config/base/rbac/kustomization.yaml +++ b/config/base/rbac/kustomization.yaml @@ -9,10 +9,9 @@ resources: - role_binding.yaml - leader_election_role.yaml - leader_election_role_binding.yaml -# Comment the following 4 lines if you want to disable +# Comment the following 3 lines if you want to disable # the auth proxy (https://github.com/brancz/kube-rbac-proxy) # which protects your /metrics endpoint. -- auth_proxy_service.yaml - auth_proxy_role.yaml - auth_proxy_role_binding.yaml - auth_proxy_client_clusterrole.yaml diff --git a/config/components/ca/patches/manager_deployment_cacerts.yaml b/config/components/ca/patches/manager_deployment_cacerts.yaml index d1155442..3ccce591 100644 --- a/config/components/ca/patches/manager_deployment_cacerts.yaml +++ b/config/components/ca/patches/manager_deployment_cacerts.yaml @@ -1,6 +1,6 @@ - op: add path: /spec/template/spec/volumes/- - value: {"name":"olmv1-certificate", "secret":{"secretName":"catalogd-catalogserver-cert-git-version", "optional": false, "items": [{"key": "ca.crt", "path": "olm-ca.crt"}]}} + value: {"name":"olmv1-certificate", "secret":{"secretName":"catalogd-service-cert-git-version", "optional": false, "items": [{"key": "ca.crt", "path": "olm-ca.crt"}]}} - op: add path: /spec/template/spec/containers/1/volumeMounts/- value: {"name":"olmv1-certificate", "readOnly": true, "mountPath":"/var/ca-certs/"} diff --git a/config/components/tls/kustomization.yaml b/config/components/tls/kustomization.yaml index 7f6b607d..f537d5d1 100644 --- a/config/components/tls/kustomization.yaml +++ b/config/components/tls/kustomization.yaml @@ -7,8 +7,8 @@ resources: patches: - target: kind: Service - name: catalogserver - path: patches/catalogserver_service_port.yaml + name: service + path: patches/catalogd_service_port.yaml - target: kind: Deployment name: controller-manager diff --git a/config/components/tls/patches/catalogserver_service_port.yaml b/config/components/tls/patches/catalogd_service_port.yaml similarity index 100% rename from config/components/tls/patches/catalogserver_service_port.yaml rename to config/components/tls/patches/catalogd_service_port.yaml diff --git a/config/components/tls/patches/manager_deployment_certs.yaml b/config/components/tls/patches/manager_deployment_certs.yaml index b0005f1c..7efcdcbb 100644 --- a/config/components/tls/patches/manager_deployment_certs.yaml +++ b/config/components/tls/patches/manager_deployment_certs.yaml @@ -1,6 +1,6 @@ - op: add path: /spec/template/spec/volumes/- - value: {"name":"catalogserver-certs", "secret":{"secretName":"catalogd-catalogserver-cert-git-version"}} + value: {"name":"catalogserver-certs", "secret":{"secretName":"catalogd-service-cert-git-version"}} - op: add path: /spec/template/spec/containers/1/volumeMounts/- value: {"name":"catalogserver-certs", "mountPath":"/var/certs"} diff --git a/config/components/tls/resources/certificate.yaml b/config/components/tls/resources/certificate.yaml index 793d7037..be14f830 100644 --- a/config/components/tls/resources/certificate.yaml +++ b/config/components/tls/resources/certificate.yaml @@ -2,16 +2,14 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: catalogserver-cert + name: service-cert namespace: system spec: - secretName: catalogd-catalogserver-cert-git-version + secretName: catalogd-service-cert-git-version dnsNames: - localhost - - catalogd-catalogserver.olmv1-system.svc - - catalogd-webhook-service.olmv1-system.svc - - catalogd-catalogserver.olmv1-system.svc.cluster.local - - catalogd-webhook-service.olmv1-system.svc.cluster.local + - catalogd-service.olmv1-system.svc + - catalogd-service.olmv1-system.svc.cluster.local privateKey: algorithm: ECDSA size: 256