diff --git a/manifests/0000_50_olm_00-pprof-config.yaml b/manifests/0000_50_olm_00-pprof-config.yaml index b7313efce9..8e45534f0d 100644 --- a/manifests/0000_50_olm_00-pprof-config.yaml +++ b/manifests/0000_50_olm_00-pprof-config.yaml @@ -6,6 +6,7 @@ metadata: include.release.openshift.io/hypershift: "true" include.release.openshift.io/self-managed-high-availability: "true" release.openshift.io/create-only: "true" + release.openshift.io/delete: "true" capability.openshift.io/name: "OperatorLifecycleManager" name: collect-profiles-config namespace: openshift-operator-lifecycle-manager diff --git a/manifests/0000_50_olm_00-pprof-rbac.yaml b/manifests/0000_50_olm_00-pprof-rbac.yaml index d874c74a25..84f99db4b3 100644 --- a/manifests/0000_50_olm_00-pprof-rbac.yaml +++ b/manifests/0000_50_olm_00-pprof-rbac.yaml @@ -5,6 +5,7 @@ metadata: include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/hypershift: "true" include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/delete: "true" capability.openshift.io/name: "OperatorLifecycleManager" name: collect-profiles namespace: openshift-operator-lifecycle-manager @@ -23,6 +24,7 @@ metadata: include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/hypershift: "true" include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/delete: "true" capability.openshift.io/name: "OperatorLifecycleManager" name: collect-profiles namespace: openshift-operator-lifecycle-manager @@ -42,6 +44,7 @@ metadata: include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/hypershift: "true" include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/delete: "true" capability.openshift.io/name: "OperatorLifecycleManager" name: collect-profiles namespace: openshift-operator-lifecycle-manager diff --git a/manifests/0000_50_olm_00-pprof-secret.yaml b/manifests/0000_50_olm_00-pprof-secret.yaml index 5035a25523..f7f98d8614 100644 --- a/manifests/0000_50_olm_00-pprof-secret.yaml +++ b/manifests/0000_50_olm_00-pprof-secret.yaml @@ -6,6 +6,7 @@ metadata: include.release.openshift.io/hypershift: "true" include.release.openshift.io/self-managed-high-availability: "true" release.openshift.io/create-only: "true" + release.openshift.io/delete: "true" openshift.io/owning-component: "Operator Framework / operator-lifecycle-manager" capability.openshift.io/name: "OperatorLifecycleManager" name: pprof-cert diff --git a/manifests/0000_50_olm_07-collect-profiles.cronjob.yaml b/manifests/0000_50_olm_07-collect-profiles.cronjob.yaml index 7129f9dd1f..2f05f0f505 100644 --- a/manifests/0000_50_olm_07-collect-profiles.cronjob.yaml +++ b/manifests/0000_50_olm_07-collect-profiles.cronjob.yaml @@ -5,6 +5,7 @@ metadata: include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/hypershift: "true" include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/delete: "true" capability.openshift.io/name: "OperatorLifecycleManager" name: collect-profiles labels: diff --git a/manifests/0000_50_olm_07-collect-profiles.networkpolicy.yaml b/manifests/0000_50_olm_07-collect-profiles.networkpolicy.yaml index 0096b63eea..f0bb3486ca 100644 --- a/manifests/0000_50_olm_07-collect-profiles.networkpolicy.yaml +++ b/manifests/0000_50_olm_07-collect-profiles.networkpolicy.yaml @@ -6,6 +6,7 @@ metadata: annotations: include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/delete: "true" capability.openshift.io/name: "OperatorLifecycleManager" include.release.openshift.io/hypershift: "true" spec: diff --git a/microshift-manifests/0000_50_olm_00-pprof-config.yaml b/microshift-manifests/0000_50_olm_00-pprof-config.yaml deleted file mode 100644 index b7313efce9..0000000000 --- a/microshift-manifests/0000_50_olm_00-pprof-config.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - annotations: - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/hypershift: "true" - include.release.openshift.io/self-managed-high-availability: "true" - release.openshift.io/create-only: "true" - capability.openshift.io/name: "OperatorLifecycleManager" - name: collect-profiles-config - namespace: openshift-operator-lifecycle-manager -data: - pprof-config.yaml: | - disabled: False diff --git a/microshift-manifests/0000_50_olm_00-pprof-rbac.yaml b/microshift-manifests/0000_50_olm_00-pprof-rbac.yaml deleted file mode 100644 index d874c74a25..0000000000 --- a/microshift-manifests/0000_50_olm_00-pprof-rbac.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/hypershift: "true" - include.release.openshift.io/self-managed-high-availability: "true" - capability.openshift.io/name: "OperatorLifecycleManager" - name: collect-profiles - namespace: openshift-operator-lifecycle-manager -rules: - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "list", "create", "delete"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "update"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/hypershift: "true" - include.release.openshift.io/self-managed-high-availability: "true" - capability.openshift.io/name: "OperatorLifecycleManager" - name: collect-profiles - namespace: openshift-operator-lifecycle-manager -subjects: - - kind: ServiceAccount - name: collect-profiles - namespace: openshift-operator-lifecycle-manager -roleRef: - kind: Role - name: collect-profiles - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/hypershift: "true" - include.release.openshift.io/self-managed-high-availability: "true" - capability.openshift.io/name: "OperatorLifecycleManager" - name: collect-profiles - namespace: openshift-operator-lifecycle-manager diff --git a/microshift-manifests/0000_50_olm_00-pprof-secret.yaml b/microshift-manifests/0000_50_olm_00-pprof-secret.yaml deleted file mode 100644 index 5035a25523..0000000000 --- a/microshift-manifests/0000_50_olm_00-pprof-secret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - annotations: - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/hypershift: "true" - include.release.openshift.io/self-managed-high-availability: "true" - release.openshift.io/create-only: "true" - openshift.io/owning-component: "Operator Framework / operator-lifecycle-manager" - capability.openshift.io/name: "OperatorLifecycleManager" - name: pprof-cert - namespace: openshift-operator-lifecycle-manager -type: kubernetes.io/tls -data: - tls.crt: "" - tls.key: "" diff --git a/microshift-manifests/0000_50_olm_07-collect-profiles.cronjob.yaml b/microshift-manifests/0000_50_olm_07-collect-profiles.cronjob.yaml deleted file mode 100644 index 7129f9dd1f..0000000000 --- a/microshift-manifests/0000_50_olm_07-collect-profiles.cronjob.yaml +++ /dev/null @@ -1,68 +0,0 @@ -apiVersion: batch/v1 -kind: CronJob -metadata: - annotations: - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/hypershift: "true" - include.release.openshift.io/self-managed-high-availability: "true" - capability.openshift.io/name: "OperatorLifecycleManager" - name: collect-profiles - labels: - app: olm-collect-profiles - namespace: openshift-operator-lifecycle-manager -spec: - schedule: "*/15 * * * *" - concurrencyPolicy: "Replace" - jobTemplate: - spec: - template: - metadata: - annotations: - target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' - openshift.io/required-scc: restricted-v2 - labels: - app: olm-collect-profiles - spec: - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: collect-profiles - priorityClassName: openshift-user-critical - containers: - - name: collect-profiles - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - image: quay.io/operator-framework/olm@sha256:de396b540b82219812061d0d753440d5655250c621c753ed1dc67d6154741607 - imagePullPolicy: IfNotPresent - command: - - bin/collect-profiles - args: - - -n - - openshift-operator-lifecycle-manager - - --config-mount-path - - /etc/config - - --cert-mount-path - - /var/run/secrets/serving-cert - - olm-operator-heap-:https://olm-operator-metrics:8443/debug/pprof/heap - - catalog-operator-heap-:https://catalog-operator-metrics:8443/debug/pprof/heap - volumeMounts: - - mountPath: /etc/config - name: config-volume - - mountPath: /var/run/secrets/serving-cert - name: secret-volume - resources: - requests: - cpu: 10m - memory: 80Mi - terminationMessagePolicy: FallbackToLogsOnError - volumes: - - name: config-volume - configMap: - name: collect-profiles-config - - name: secret-volume - secret: - secretName: pprof-cert - restartPolicy: Never diff --git a/microshift-manifests/0000_50_olm_07-collect-profiles.networkpolicy.yaml b/microshift-manifests/0000_50_olm_07-collect-profiles.networkpolicy.yaml deleted file mode 100644 index 0096b63eea..0000000000 --- a/microshift-manifests/0000_50_olm_07-collect-profiles.networkpolicy.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: collect-profiles - namespace: openshift-operator-lifecycle-manager - annotations: - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - capability.openshift.io/name: "OperatorLifecycleManager" - include.release.openshift.io/hypershift: "true" -spec: - podSelector: - matchLabels: - app: olm-collect-profiles - egress: - - ports: - - port: 8443 - protocol: TCP - to: - - namespaceSelector: - matchLabels: - name: openshift-operator-lifecycle-manager - - podSelector: - matchLabels: - app: olm-operator - - podSelector: - matchLabels: - app: catalog-operator - - ports: - - port: 6443 - protocol: TCP - - ports: - - port: dns-tcp - protocol: TCP - - port: dns - protocol: UDP - to: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: openshift-dns - policyTypes: - - Egress - - Ingress diff --git a/scripts/generate_crds_manifests.sh b/scripts/generate_crds_manifests.sh index 743e520639..0ddc0dddd7 100755 --- a/scripts/generate_crds_manifests.sh +++ b/scripts/generate_crds_manifests.sh @@ -326,6 +326,7 @@ metadata: include.release.openshift.io/hypershift: "true" include.release.openshift.io/self-managed-high-availability: "true" release.openshift.io/create-only: "true" + release.openshift.io/delete: "true" name: collect-profiles-config namespace: openshift-operator-lifecycle-manager data: @@ -341,6 +342,7 @@ metadata: include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/hypershift: "true" include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/delete: "true" name: collect-profiles namespace: openshift-operator-lifecycle-manager rules: @@ -358,6 +360,7 @@ metadata: include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/hypershift: "true" include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/delete: "true" name: collect-profiles namespace: openshift-operator-lifecycle-manager subjects: @@ -376,6 +379,7 @@ metadata: include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/hypershift: "true" include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/delete: "true" name: collect-profiles namespace: openshift-operator-lifecycle-manager EOF @@ -389,6 +393,7 @@ metadata: include.release.openshift.io/hypershift: "true" include.release.openshift.io/self-managed-high-availability: "true" release.openshift.io/create-only: "true" + release.openshift.io/delete: "true" openshift.io/owning-component: "Operator Framework / operator-lifecycle-manager" name: pprof-cert namespace: openshift-operator-lifecycle-manager @@ -407,6 +412,7 @@ metadata: annotations: include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/delete: "true" capability.openshift.io/name: "OperatorLifecycleManager" include.release.openshift.io/hypershift: "true" spec: @@ -452,6 +458,7 @@ metadata: include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/hypershift: "true" include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/delete: "true" name: collect-profiles labels: app: olm-collect-profiles @@ -638,3 +645,12 @@ done # replace input with output mv "${filtered_yaml}" "${yaml_file}" + +# Deleting manifests from CVO takes multiple releases. an annotation was added in 4.22 development to remove the collect-profiles +# resources from the CVO payload. For microshift, since there is no CVO payload and no in process upgrade, let's delete these now. +# In 4.23 development, the CVO manifests should be deleted and this step should be removed. +rm -f "${ROOT_DIR}/microshift-manifests/0000_50_olm_07-collect-profiles.cronjob.yaml" +rm -f "${ROOT_DIR}/microshift-manifests/0000_50_olm_07-collect-profiles.networkpolicy.yaml" +rm -f "${ROOT_DIR}/microshift-manifests/0000_50_olm_00-pprof-config.yaml" +rm -f "${ROOT_DIR}/microshift-manifests/0000_50_olm_00-pprof-rbac.yaml" +rm -f "${ROOT_DIR}/microshift-manifests/0000_50_olm_00-pprof-secret.yaml"