From e1d6bd7b1cd6fafcc5dca1e8038eee0770c76f35 Mon Sep 17 00:00:00 2001 From: Rashmi Gottipati Date: Sun, 18 May 2025 16:47:07 +0530 Subject: [PATCH 1/4] Upstream: 1675: Add NetworkPolicy as a supported kind Signed-off-by: Anik Bhattacharjee Upstream-repository: operator-registry Upstream-commit: 919aefdce3f4d6b77c3872df249815d20749db94 --- staging/operator-registry/pkg/lib/bundle/supported_resources.go | 2 ++ .../operator-registry/pkg/lib/bundle/supported_resources.go | 2 ++ 2 files changed, 4 insertions(+) diff --git a/staging/operator-registry/pkg/lib/bundle/supported_resources.go b/staging/operator-registry/pkg/lib/bundle/supported_resources.go index 94b5fd01df..a07b28aef3 100644 --- a/staging/operator-registry/pkg/lib/bundle/supported_resources.go +++ b/staging/operator-registry/pkg/lib/bundle/supported_resources.go @@ -20,6 +20,7 @@ const ( ConsoleQuickStartKind = "ConsoleQuickStart" ConsoleCLIDownloadKind = "ConsoleCLIDownload" ConsoleLinkKind = "ConsoleLink" + NetworkPolicyKind = "NetworkPolicy" ) // Namespaced indicates whether the resource is namespace scoped (true) or cluster-scoped (false). @@ -47,6 +48,7 @@ var supportedResources = map[string]Namespaced{ ConsoleQuickStartKind: false, ConsoleCLIDownloadKind: false, ConsoleLinkKind: false, + NetworkPolicyKind: true, } // IsSupported checks if the object kind is OLM-supported and if it is namespaced diff --git a/vendor/github.com/operator-framework/operator-registry/pkg/lib/bundle/supported_resources.go b/vendor/github.com/operator-framework/operator-registry/pkg/lib/bundle/supported_resources.go index 94b5fd01df..a07b28aef3 100644 --- a/vendor/github.com/operator-framework/operator-registry/pkg/lib/bundle/supported_resources.go +++ b/vendor/github.com/operator-framework/operator-registry/pkg/lib/bundle/supported_resources.go @@ -20,6 +20,7 @@ const ( ConsoleQuickStartKind = "ConsoleQuickStart" ConsoleCLIDownloadKind = "ConsoleCLIDownload" ConsoleLinkKind = "ConsoleLink" + NetworkPolicyKind = "NetworkPolicy" ) // Namespaced indicates whether the resource is namespace scoped (true) or cluster-scoped (false). @@ -47,6 +48,7 @@ var supportedResources = map[string]Namespaced{ ConsoleQuickStartKind: false, ConsoleCLIDownloadKind: false, ConsoleLinkKind: false, + NetworkPolicyKind: true, } // IsSupported checks if the object kind is OLM-supported and if it is namespaced From 6321968e149c3fa9b4bcdebb344f35de8c7daa31 Mon Sep 17 00:00:00 2001 From: Rashmi Gottipati Date: Sun, 18 May 2025 16:53:44 +0530 Subject: [PATCH 2/4] Upstream: 3580: add NetworkPolicy as a supported kind Signed-off-by: Rashmi Gottipati Upstream-repository: operator-lifecycle-manager Upstream-commit: d7aaeb11ab80f862fc9c70dfb7865158bb67e28c --- .../pkg/controller/operators/catalog/supportedresources.go | 2 ++ .../pkg/controller/operators/catalog/supportedresources.go | 2 ++ 2 files changed, 4 insertions(+) diff --git a/staging/operator-lifecycle-manager/pkg/controller/operators/catalog/supportedresources.go b/staging/operator-lifecycle-manager/pkg/controller/operators/catalog/supportedresources.go index 4d0a97d1b6..8efc0f51da 100644 --- a/staging/operator-lifecycle-manager/pkg/controller/operators/catalog/supportedresources.go +++ b/staging/operator-lifecycle-manager/pkg/controller/operators/catalog/supportedresources.go @@ -10,6 +10,7 @@ const ( ConsoleQuickStartKind = "ConsoleQuickStart" ConsoleCLIDownloadKind = "ConsoleCLIDownload" ConsoleLinkKind = "ConsoleLink" + NetworkPolicyKind = "NetworkPolicy" ) var supportedKinds = map[string]struct{}{ @@ -22,6 +23,7 @@ var supportedKinds = map[string]struct{}{ ConsoleQuickStartKind: {}, ConsoleCLIDownloadKind: {}, ConsoleLinkKind: {}, + NetworkPolicyKind: {}, } // isSupported returns true if OLM supports this type of CustomResource. diff --git a/vendor/github.com/operator-framework/operator-lifecycle-manager/pkg/controller/operators/catalog/supportedresources.go b/vendor/github.com/operator-framework/operator-lifecycle-manager/pkg/controller/operators/catalog/supportedresources.go index 4d0a97d1b6..8efc0f51da 100644 --- a/vendor/github.com/operator-framework/operator-lifecycle-manager/pkg/controller/operators/catalog/supportedresources.go +++ b/vendor/github.com/operator-framework/operator-lifecycle-manager/pkg/controller/operators/catalog/supportedresources.go @@ -10,6 +10,7 @@ const ( ConsoleQuickStartKind = "ConsoleQuickStart" ConsoleCLIDownloadKind = "ConsoleCLIDownload" ConsoleLinkKind = "ConsoleLink" + NetworkPolicyKind = "NetworkPolicy" ) var supportedKinds = map[string]struct{}{ @@ -22,6 +23,7 @@ var supportedKinds = map[string]struct{}{ ConsoleQuickStartKind: {}, ConsoleCLIDownloadKind: {}, ConsoleLinkKind: {}, + NetworkPolicyKind: {}, } // isSupported returns true if OLM supports this type of CustomResource. From b0b87aa43d4f77299b6df8529cb982c3aa975732 Mon Sep 17 00:00:00 2001 From: Anik Bhattacharjee Date: Thu, 14 Aug 2025 13:53:32 -0400 Subject: [PATCH 3/4] Upstream: : Add allow-all networkpolicy for openshift-operators namespace --- manifests/0000_50_olm_01-networkpolicies.yaml | 19 +++++++++++++++++++ .../0000_50_olm_01-networkpolicies.yaml | 19 +++++++++++++++++++ microshift-manifests/kustomization.yaml | 1 + .../0000_50_olm_01-networkpolicies.yaml | 14 ++++++++++++++ 4 files changed, 53 insertions(+) create mode 100644 manifests/0000_50_olm_01-networkpolicies.yaml create mode 100644 microshift-manifests/0000_50_olm_01-networkpolicies.yaml create mode 100644 staging/operator-lifecycle-manager/deploy/chart/templates/0000_50_olm_01-networkpolicies.yaml diff --git a/manifests/0000_50_olm_01-networkpolicies.yaml b/manifests/0000_50_olm_01-networkpolicies.yaml new file mode 100644 index 0000000000..6b2f09306e --- /dev/null +++ b/manifests/0000_50_olm_01-networkpolicies.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-allow-all + namespace: openshift-operators + annotations: + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + capability.openshift.io/name: "OperatorLifecycleManager" + include.release.openshift.io/hypershift: "true" +spec: + podSelector: {} + policyTypes: + - Ingress + - Egress + ingress: + - {} + egress: + - {} diff --git a/microshift-manifests/0000_50_olm_01-networkpolicies.yaml b/microshift-manifests/0000_50_olm_01-networkpolicies.yaml new file mode 100644 index 0000000000..6b2f09306e --- /dev/null +++ b/microshift-manifests/0000_50_olm_01-networkpolicies.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-allow-all + namespace: openshift-operators + annotations: + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + capability.openshift.io/name: "OperatorLifecycleManager" + include.release.openshift.io/hypershift: "true" +spec: + podSelector: {} + policyTypes: + - Ingress + - Egress + ingress: + - {} + egress: + - {} diff --git a/microshift-manifests/kustomization.yaml b/microshift-manifests/kustomization.yaml index ea1c55c54e..f329246f4c 100644 --- a/microshift-manifests/kustomization.yaml +++ b/microshift-manifests/kustomization.yaml @@ -15,6 +15,7 @@ resources: - 0000_50_olm_00-pprof-secret.yaml - 0000_50_olm_00-subscriptions.crd.yaml - 0000_50_olm_01-olm-operator.serviceaccount.yaml + - 0000_50_olm_01-networkpolicies.yaml - 0000_50_olm_02-olmconfig.yaml - 0000_50_olm_02-services.yaml - 0000_50_olm_07-olm-operator.deployment.yaml diff --git a/staging/operator-lifecycle-manager/deploy/chart/templates/0000_50_olm_01-networkpolicies.yaml b/staging/operator-lifecycle-manager/deploy/chart/templates/0000_50_olm_01-networkpolicies.yaml new file mode 100644 index 0000000000..cb0da2493d --- /dev/null +++ b/staging/operator-lifecycle-manager/deploy/chart/templates/0000_50_olm_01-networkpolicies.yaml @@ -0,0 +1,14 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-allow-all + namespace: {{ .Values.operator_namespace }} +spec: + podSelector: {} + policyTypes: + - Ingress + - Egress + ingress: + - {} + egress: + - {} From ab1ac33d90581bb60bf8a201efa5eb4451d13e23 Mon Sep 17 00:00:00 2001 From: Anik Bhattacharjee Date: Mon, 18 Aug 2025 14:39:30 -0400 Subject: [PATCH 4/4] Upstream: : regenerate manifests --- microshift-manifests/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/microshift-manifests/kustomization.yaml b/microshift-manifests/kustomization.yaml index f329246f4c..2147cc0b9c 100644 --- a/microshift-manifests/kustomization.yaml +++ b/microshift-manifests/kustomization.yaml @@ -14,8 +14,8 @@ resources: - 0000_50_olm_00-pprof-rbac.yaml - 0000_50_olm_00-pprof-secret.yaml - 0000_50_olm_00-subscriptions.crd.yaml - - 0000_50_olm_01-olm-operator.serviceaccount.yaml - 0000_50_olm_01-networkpolicies.yaml + - 0000_50_olm_01-olm-operator.serviceaccount.yaml - 0000_50_olm_02-olmconfig.yaml - 0000_50_olm_02-services.yaml - 0000_50_olm_07-olm-operator.deployment.yaml