Skip to content

Commit de8017a

Browse files
tmshortclaude
tmshort
and
claude
committed
Add TLS config observer to update opcon/catd
Add an apiserver TLS config observer. This examines TLS config and copies the values into the .spec.observedConfig field of the olms.operator.openshift.io/cluster resource. This is then used to apply configuration to the operator-controller and catalogd. The configuration is applied to those deployments via: * --tls-custom-ciphers=X,Y,Z * --tls-custom-version=N * --tls-profile=custom In addition: * Move the deployment update hooks (proxy, TLS) into their own files * Add unit tests * Changed Apply()s to Patch()s when modifying olms to avoid overwrites * Update fieldManagers to avoid overwrites Signed-off-by: Todd Short <todd.short@me.com> Co-Authored-By: Claude <noreply@anthropic.com>
1 parent a329146 commit de8017a

File tree

19 files changed

+1909
-177
lines changed

19 files changed

+1909
-177
lines changed

cmd/cluster-olm-operator/main.go

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -182,6 +182,13 @@ func runOperator(ctx context.Context, cc *controllercmd.ControllerContext) error
182182
cc.EventRecorder.ForComponent(olmProxyController),
183183
)
184184

185+
tlsObserverController := controller.NewTLSObserverController(
186+
"OLMTLSSecurityProfileObserver",
187+
cl.OperatorClient,
188+
cl.ConfigInformerFactory,
189+
cc.EventRecorder.ForComponent("OLMTLSSecurityProfileObserver"),
190+
)
191+
185192
versionGetter := status.NewVersionGetter()
186193
versionGetter.SetVersion("operator", status.VersionForOperatorFromEnv())
187194

@@ -216,7 +223,7 @@ func runOperator(ctx context.Context, cc *controllercmd.ControllerContext) error
216223
return errors.New("timed out waiting for FeatureGate detection")
217224
}
218225

219-
for _, c := range append(staticResourceControllerList, upgradeableConditionController, incompatibleOperatorController, clusterOperatorController, operatorLoggingController, proxyController) {
226+
for _, c := range append(staticResourceControllerList, upgradeableConditionController, incompatibleOperatorController, clusterOperatorController, operatorLoggingController, proxyController, tlsObserverController.Controller) {
220227
go func(c factory.Controller) {
221228
defer runtime.HandleCrash()
222229
c.Run(ctx, 1)

manifests/0000_51_olm_02_operator_clusterrole.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@ rules:
2727
- proxies
2828
- featuregates
2929
- clusterversions
30+
- apiservers
3031
verbs:
3132
- get
3233
- list

0 commit comments

Comments
 (0)