Skip to content

Commit 4b9844a

Browse files
openshift-merge-robotopenshift-merge-robot
authored
Merge pull request #376 from venkateshsredhat/feature-MTSRE-1335
Make sure catalogsource resources used by OLM operator are compatible with restricted SCC enforcement
2 parents a2f002f + 026c2d4 commit 4b9844a

3 files changed

Lines changed: 13 additions & 8 deletions

File tree

config/olm/catalog-source.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,8 @@ metadata:
55
namespace: olm
66
spec:
77
sourceType: grpc
8+
grpcPodConfig:
9+
securityContextConfig: restricted
810
publisher: Red Hat
911
displayName: MTSRE Addon Operator
1012
image: quay.io/app-sre/addon-operator-index:main

hack/olm-registry/olm-artifacts-template.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -69,6 +69,7 @@ objects:
6969
- effect: NoSchedule
7070
key: node-role.kubernetes.io/infra
7171
operator: Exists
72+
securityContextConfig: restricted
7273
- apiVersion: operators.coreos.com/v1
7374
kind: OperatorGroup
7475
metadata:

internal/controllers/addon/phase_ensure_catalogsource.go

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -37,10 +37,11 @@ func (r *olmReconciler) ensureCatalogSource(
3737
Namespace: commonConfig.Namespace,
3838
},
3939
Spec: operatorsv1alpha1.CatalogSourceSpec{
40-
SourceType: operatorsv1alpha1.SourceTypeGrpc,
41-
Publisher: catalogSourcePublisher,
42-
DisplayName: addon.Spec.DisplayName,
43-
Image: commonConfig.CatalogSourceImage,
40+
SourceType: operatorsv1alpha1.SourceTypeGrpc,
41+
Publisher: catalogSourcePublisher,
42+
DisplayName: addon.Spec.DisplayName,
43+
Image: commonConfig.CatalogSourceImage,
44+
GrpcPodConfig: &operatorsv1alpha1.GrpcPodConfig{SecurityContextConfig: operatorsv1alpha1.Restricted},
4445
},
4546
}
4647
if len(commonConfig.PullSecretName) > 0 {
@@ -103,10 +104,11 @@ func (r *olmReconciler) ensureAdditionalCatalogSources(
103104
Namespace: targetNamespace,
104105
},
105106
Spec: operatorsv1alpha1.CatalogSourceSpec{
106-
SourceType: operatorsv1alpha1.SourceTypeGrpc,
107-
Publisher: catalogSourcePublisher,
108-
DisplayName: addon.Spec.DisplayName,
109-
Image: additionalCatalogSrc.Image,
107+
SourceType: operatorsv1alpha1.SourceTypeGrpc,
108+
Publisher: catalogSourcePublisher,
109+
DisplayName: addon.Spec.DisplayName,
110+
Image: additionalCatalogSrc.Image,
111+
GrpcPodConfig: &operatorsv1alpha1.GrpcPodConfig{SecurityContextConfig: operatorsv1alpha1.Restricted},
110112
},
111113
}
112114

0 commit comments

Comments
 (0)