diff --git a/manifests/0000_50_olm_01-networkpolicies.yaml b/manifests/0000_50_olm_01-networkpolicies.yaml new file mode 100644 index 0000000000..6b2f09306e --- /dev/null +++ b/manifests/0000_50_olm_01-networkpolicies.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-allow-all + namespace: openshift-operators + annotations: + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + capability.openshift.io/name: "OperatorLifecycleManager" + include.release.openshift.io/hypershift: "true" +spec: + podSelector: {} + policyTypes: + - Ingress + - Egress + ingress: + - {} + egress: + - {} diff --git a/microshift-manifests/0000_50_olm_01-networkpolicies.yaml b/microshift-manifests/0000_50_olm_01-networkpolicies.yaml new file mode 100644 index 0000000000..6b2f09306e --- /dev/null +++ b/microshift-manifests/0000_50_olm_01-networkpolicies.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-allow-all + namespace: openshift-operators + annotations: + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + capability.openshift.io/name: "OperatorLifecycleManager" + include.release.openshift.io/hypershift: "true" +spec: + podSelector: {} + policyTypes: + - Ingress + - Egress + ingress: + - {} + egress: + - {} diff --git a/microshift-manifests/kustomization.yaml b/microshift-manifests/kustomization.yaml index ea1c55c54e..2147cc0b9c 100644 --- a/microshift-manifests/kustomization.yaml +++ b/microshift-manifests/kustomization.yaml @@ -14,6 +14,7 @@ resources: - 0000_50_olm_00-pprof-rbac.yaml - 0000_50_olm_00-pprof-secret.yaml - 0000_50_olm_00-subscriptions.crd.yaml + - 0000_50_olm_01-networkpolicies.yaml - 0000_50_olm_01-olm-operator.serviceaccount.yaml - 0000_50_olm_02-olmconfig.yaml - 0000_50_olm_02-services.yaml diff --git a/staging/operator-lifecycle-manager/deploy/chart/templates/0000_50_olm_01-networkpolicies.yaml b/staging/operator-lifecycle-manager/deploy/chart/templates/0000_50_olm_01-networkpolicies.yaml new file mode 100644 index 0000000000..cb0da2493d --- /dev/null +++ b/staging/operator-lifecycle-manager/deploy/chart/templates/0000_50_olm_01-networkpolicies.yaml @@ -0,0 +1,14 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-allow-all + namespace: {{ .Values.operator_namespace }} +spec: + podSelector: {} + policyTypes: + - Ingress + - Egress + ingress: + - {} + egress: + - {} diff --git a/staging/operator-lifecycle-manager/pkg/controller/operators/catalog/supportedresources.go b/staging/operator-lifecycle-manager/pkg/controller/operators/catalog/supportedresources.go index 4d0a97d1b6..8efc0f51da 100644 --- a/staging/operator-lifecycle-manager/pkg/controller/operators/catalog/supportedresources.go +++ b/staging/operator-lifecycle-manager/pkg/controller/operators/catalog/supportedresources.go @@ -10,6 +10,7 @@ const ( ConsoleQuickStartKind = "ConsoleQuickStart" ConsoleCLIDownloadKind = "ConsoleCLIDownload" ConsoleLinkKind = "ConsoleLink" + NetworkPolicyKind = "NetworkPolicy" ) var supportedKinds = map[string]struct{}{ @@ -22,6 +23,7 @@ var supportedKinds = map[string]struct{}{ ConsoleQuickStartKind: {}, ConsoleCLIDownloadKind: {}, ConsoleLinkKind: {}, + NetworkPolicyKind: {}, } // isSupported returns true if OLM supports this type of CustomResource. diff --git a/staging/operator-registry/pkg/lib/bundle/supported_resources.go b/staging/operator-registry/pkg/lib/bundle/supported_resources.go index 94b5fd01df..a07b28aef3 100644 --- a/staging/operator-registry/pkg/lib/bundle/supported_resources.go +++ b/staging/operator-registry/pkg/lib/bundle/supported_resources.go @@ -20,6 +20,7 @@ const ( ConsoleQuickStartKind = "ConsoleQuickStart" ConsoleCLIDownloadKind = "ConsoleCLIDownload" ConsoleLinkKind = "ConsoleLink" + NetworkPolicyKind = "NetworkPolicy" ) // Namespaced indicates whether the resource is namespace scoped (true) or cluster-scoped (false). @@ -47,6 +48,7 @@ var supportedResources = map[string]Namespaced{ ConsoleQuickStartKind: false, ConsoleCLIDownloadKind: false, ConsoleLinkKind: false, + NetworkPolicyKind: true, } // IsSupported checks if the object kind is OLM-supported and if it is namespaced diff --git a/vendor/github.com/operator-framework/operator-lifecycle-manager/pkg/controller/operators/catalog/supportedresources.go b/vendor/github.com/operator-framework/operator-lifecycle-manager/pkg/controller/operators/catalog/supportedresources.go index 4d0a97d1b6..8efc0f51da 100644 --- a/vendor/github.com/operator-framework/operator-lifecycle-manager/pkg/controller/operators/catalog/supportedresources.go +++ b/vendor/github.com/operator-framework/operator-lifecycle-manager/pkg/controller/operators/catalog/supportedresources.go @@ -10,6 +10,7 @@ const ( ConsoleQuickStartKind = "ConsoleQuickStart" ConsoleCLIDownloadKind = "ConsoleCLIDownload" ConsoleLinkKind = "ConsoleLink" + NetworkPolicyKind = "NetworkPolicy" ) var supportedKinds = map[string]struct{}{ @@ -22,6 +23,7 @@ var supportedKinds = map[string]struct{}{ ConsoleQuickStartKind: {}, ConsoleCLIDownloadKind: {}, ConsoleLinkKind: {}, + NetworkPolicyKind: {}, } // isSupported returns true if OLM supports this type of CustomResource. diff --git a/vendor/github.com/operator-framework/operator-registry/pkg/lib/bundle/supported_resources.go b/vendor/github.com/operator-framework/operator-registry/pkg/lib/bundle/supported_resources.go index 94b5fd01df..a07b28aef3 100644 --- a/vendor/github.com/operator-framework/operator-registry/pkg/lib/bundle/supported_resources.go +++ b/vendor/github.com/operator-framework/operator-registry/pkg/lib/bundle/supported_resources.go @@ -20,6 +20,7 @@ const ( ConsoleQuickStartKind = "ConsoleQuickStart" ConsoleCLIDownloadKind = "ConsoleCLIDownload" ConsoleLinkKind = "ConsoleLink" + NetworkPolicyKind = "NetworkPolicy" ) // Namespaced indicates whether the resource is namespace scoped (true) or cluster-scoped (false). @@ -47,6 +48,7 @@ var supportedResources = map[string]Namespaced{ ConsoleQuickStartKind: false, ConsoleCLIDownloadKind: false, ConsoleLinkKind: false, + NetworkPolicyKind: true, } // IsSupported checks if the object kind is OLM-supported and if it is namespaced