redhat-cop · gniltaws · Nov 19, 2024 · Nov 21, 2024 · Nov 23, 2024 · Nov 23, 2024
diff --git a/.github/workflows/install-integration-tests-operators-installer.yaml b/.github/workflows/install-integration-tests-operators-installer.yaml
@@ -91,6 +91,15 @@ jobs:
           --values charts/operators-installer/_integration-tests/test-install-operator-0-automatic-intermediate-manual-upgrades-values.yaml \
           --debug --timeout 10m0s
 
+        echo "##########################################################################################################"
+        echo "# Create pull secret used in next step                                                                   #"
+        echo "##########################################################################################################"
+        oc create secret docker-registry registry-redhat-io-pullsecret \
+          --namespace operators-installer-integration-test \
+          --docker-password="${{ secrets.REDHAT_REGISTRY_TOKEN }}" \
+          --docker-server=registry.redhat.io \
+          --docker-username="6340056|redhat-cop-helm-charts"
+
         echo "##########################################################################################################"
         echo "# Upgrade argo to newer version requiring many intermediate updates along the way                        #"
         echo "##########################################################################################################"

diff --git a/charts/operators-installer/Chart.yaml b/charts/operators-installer/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 3.0.2
+version: 3.0.3
 
 home: https://github.com/redhat-cop/helm-charts
 

diff --git a/charts/operators-installer/README.md b/charts/operators-installer/README.md
@@ -42,6 +42,7 @@ For all of the Subscription parameters see
 | operatorGroups[].targetOwnNamespace          | `false`       | No        | If `true` add the OperatorGroup's Namespace as a `targetNamespaces`. If `true` then OperatorGroup will only work for Operators using `OwnNamespace` or `MultiNamespace` `installModes`. If blank and no `otherTargetNamespaces` specified then OperatorGroup will be configured to allow for operators using `installModes` `AllNamespaces`.
 | operatorGroups[].otherTargetNamespaces       | `[]`          | No        | List of additional Namespaces to target. If specified OperatorGroup will only work for operators using `SingleNamespace` or `MultiNamespace` `installModes` depending on value of `targetOwnNamespace`.
 | installPlanApproverAndVerifyJobsImage        | `registry.redhat.io/openshift4/ose-cli:v4.10` | Yes | Image to use for the InstallPlan Approver and Verify Jobs 
+| installPlanApproverAndVerifyJobsImagePullSecret   | `''` | No | Name of existing secret for pulling `installPlanApproverAndVerifyJobsImage` from a private registry
 | approveManualInstallPlanViaHook              | `true`        | No        | `true` to create (and clean up) manual InstallPlan approval resources as part of post-install,post-upgrade helm hook<br>`false` to create  manual InstallPlan approval resources as part of normal install<br><br>The hook method is nice to not have lingering resources needed for the manual InstallPlan approval but has the downside that no CustomResources using CustomResourceDefinitions installed by the operator can be used in the same chart because the operator InstallPlan wont be approved, and therefor the operator wont be installed, until the post-install,post-upgrade phase which means you will never get to that phase because your CustomResources wont be able to apply because the Operator isn't installed.<br><br>This is is ultimately a trade off between cleaning up these resources or being able to install and configure the operator in the same helm chart that has a dependency on this helm chart.
 | installRequiredPythonLibraries               | `true`        | No        | If `true`, install the required Python libraries (openshift-client, semver==2.13.0) dynamically from the given `pythonIndexURL` and `pythonExtraIndexURL` into the `installPlanApproverAndVerifyJobsImage` at run time
 | pythonIndexURL                               | https://pypi.org/simple/ | No | If `installRequiredPythonLibraries` is `true` then use this python index to pull required libraries

diff --git a/...egration-tests/test-install-operator-1-automatic-intermediate-manual-upgrades-values.yaml b/...egration-tests/test-install-operator-1-automatic-intermediate-manual-upgrades-values.yaml
@@ -1,6 +1,7 @@
 approveManualInstallPlanViaHook: true
 
-installPlanApproverAndVerifyJobsImage: quay.io/openshift/origin-cli:4.15
+# default image pulls from private registry registry.redhat.io
+installPlanApproverAndVerifyJobsImagePullSecret: registry-redhat-io-pullsecret
 
 operatorGroups:
 - name: argocd-operator

diff --git a/charts/operators-installer/templates/Job_installplan-approver.yaml b/charts/operators-installer/templates/Job_installplan-approver.yaml
@@ -25,6 +25,10 @@ spec:
   activeDeadlineSeconds: {{ .installPlanApproverActiveDeadlineSeconds }}
   template:
     spec:
+      {{- if $.Values.installPlanApproverAndVerifyJobsImagePullSecret }}
+      imagePullSecrets:
+        - {{ $.Values.installPlanApproverAndVerifyJobsImagePullSecret }}
+      {{- end }}
       containers:
       - name: installplan-approver
         image: {{ $.Values.installPlanApproverAndVerifyJobsImage }}

diff --git a/charts/operators-installer/templates/Job_installplan-complete-verifier.yaml b/charts/operators-installer/templates/Job_installplan-complete-verifier.yaml
@@ -24,6 +24,10 @@ spec:
   activeDeadlineSeconds: {{ .installPlanVerifierActiveDeadlineSeconds }}
   template:
     spec:
+      {{- if $.Values.installPlanApproverAndVerifyJobsImagePullSecret }}
+      imagePullSecrets:
+        - {{ $.Values.installPlanApproverAndVerifyJobsImagePullSecret }}
+      {{- end }}
       containers:
       - name: installplan-complete-verifier
         image: {{ $.Values.installPlanApproverAndVerifyJobsImage }}

diff --git a/charts/operators-installer/values.yaml b/charts/operators-installer/values.yaml
@@ -12,6 +12,11 @@ approveManualInstallPlanViaHook: true
 # Image to use for the InstallPlan Approver and Verify Jobs
 installPlanApproverAndVerifyJobsImage: registry.redhat.io/openshift4/ose-cli:v4.15@sha256:7ea824531b593b2ec0da05557d5cd2565c3525c51c9007f85e9510b27f38b13f
 
+# If specified, this imagePullSecret will be used for pulling the `installPlanApproverAndVerifyJobsImage`.
+# Only needed when using a custom image and pulling from a private registry.
+# Accepts a single string which is the name of an existing secret. (This chart does not create or manage the secret.)
+installPlanApproverAndVerifyJobsImagePullSecret:
+
 # If `true`, install the required Python libraries (openshift-client, semver==2.13.0) dynamically
 # from the given `pythonIndexURL` and `pythonExtraIndexURL` into the `installPlanApproverAndVerifyJobsImage` at run time
 #