dprince
diff --git a/‎Makefile‎
Lines changed: 2 additions & 2 deletions b/‎Makefile‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎bindata/operator/infra-operator-webhooks.yaml‎
Lines changed: 4 additions & 19 deletions b/‎bindata/operator/infra-operator-webhooks.yaml‎
Lines changed: 4 additions & 19 deletions
diff --git a/‎bindata/operator/managers.yaml‎
Lines changed: 34 additions & 6 deletions b/‎bindata/operator/managers.yaml‎
Lines changed: 34 additions & 6 deletions
diff --git a/‎bindata/operator/openstack-baremetal-operator-webhooks.yaml‎
Lines changed: 4 additions & 19 deletions b/‎bindata/operator/openstack-baremetal-operator-webhooks.yaml‎
Lines changed: 4 additions & 19 deletions
@@ -380,8 +380,8 @@ endif
 bundle: manifests kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files.
 	$(OPERATOR_SDK) generate kustomize manifests -q
 	cd config/operator/deployment/ && $(KUSTOMIZE) edit set image controller=$(IMG) && \
-	$(KUSTOMIZE) edit add patch --kind Deployment --name openstack-operator-controller-operator --namespace system --patch "[{\"op\": \"replace\", \"path\": \"/spec/template/spec/containers/1/env/0\", \"value\": {\"name\": \"OPENSTACK_RELEASE_VERSION\", \"value\": \"$(OPENSTACK_RELEASE_VERSION)\"}}]" && \
-	$(KUSTOMIZE) edit add patch --kind Deployment --name openstack-operator-controller-operator --namespace system --patch "[{\"op\": \"replace\", \"path\": \"/spec/template/spec/containers/1/env/1\", \"value\": {\"name\": \"OPERATOR_IMAGE_URL\", \"value\": \"$(IMG)\"}}]"
+	$(KUSTOMIZE) edit add patch --kind Deployment --name openstack-operator-controller-operator --namespace system --patch "[{\"op\": \"replace\", \"path\": \"/spec/template/spec/containers/0/env/0\", \"value\": {\"name\": \"OPENSTACK_RELEASE_VERSION\", \"value\": \"$(OPENSTACK_RELEASE_VERSION)\"}}]" && \
+	$(KUSTOMIZE) edit add patch --kind Deployment --name openstack-operator-controller-operator --namespace system --patch "[{\"op\": \"replace\", \"path\": \"/spec/template/spec/containers/0/env/1\", \"value\": {\"name\": \"OPERATOR_IMAGE_URL\", \"value\": \"$(IMG)\"}}]"
 	$(KUSTOMIZE) build config/operator --load-restrictor='LoadRestrictionsNone' | $(OPERATOR_SDK) generate bundle $(BUNDLE_GEN_FLAGS)
 	$(OPERATOR_SDK) bundle validate ./bundle
 
 
@@ -6,7 +6,7 @@ metadata:
     app.kubernetes.io/created-by: openstack-operator
     app.kubernetes.io/instance: webhook-service
     app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: service
+    app.kubernetes.io/name: infra-operator
     app.kubernetes.io/part-of: infra-operator
   name: infra-operator-webhook-service
   namespace: '{{ .OperatorNamespace }}'
@@ -16,7 +16,8 @@ spec:
     protocol: TCP
     targetPort: 9443
   selector:
-    openstack.org/operator-name: infra
+    app.kubernetes.io/name: infra-operator
+    control-plane: controller-manager
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
@@ -26,8 +27,7 @@ metadata:
     app.kubernetes.io/created-by: openstack-operator
     app.kubernetes.io/instance: serving-cert
     app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: certificate
-    app.kubernetes.io/part-of: infra-operator
+    app.kubernetes.io/name: infra-operator
   name: infra-operator-serving-cert
   namespace: '{{ .OperatorNamespace }}'
 spec:
@@ -39,21 +39,6 @@ spec:
     name: infra-operator-selfsigned-issuer
   secretName: infra-operator-webhook-server-cert
 ---
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  labels:
-    app.kubernetes.io/component: certificate
-    app.kubernetes.io/created-by: openstack-operator
-    app.kubernetes.io/instance: selfsigned-issuer
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: issuer
-    app.kubernetes.io/part-of: infra-operator
-  name: infra-operator-selfsigned-issuer
-  namespace: '{{ .OperatorNamespace }}'
-spec:
-  selfSigned: {}
----
 apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
 
@@ -4,27 +4,35 @@ kind: Deployment
 metadata:
   labels:
     control-plane: controller-manager
-    openstack.org/operator-name: {{ .Name }}
+    app.kubernetes.io/name: {{ .Name }}
   name: {{ .Name }}-operator-controller-manager
   namespace: {{ .Namespace }}
 spec:
   replicas: {{ .Deployment.Replicas }}
   selector:
     matchLabels:
-      openstack.org/operator-name: {{ .Name }}
+      app.kubernetes.io/name: {{ .Name }}
   template:
     metadata:
       annotations:
         kubectl.kubernetes.io/default-container: manager
       labels:
         control-plane: controller-manager
-        openstack.org/operator-name: {{ .Name }}
+        app.kubernetes.io/name: {{ .Name }}
     spec:
       containers:
       - args:
+        - --leader-elect
         - --health-probe-bind-address=:8081
+{{- if isEnvVarTrue .Deployment.Manager.Env "METRICS_CERTS" }}
+        - --metrics-bind-address=:8443
+        - --metrics-cert-path=/tmp/k8s-metrics-server/metrics-certs
+{{- if isEnvVarTrue .Deployment.Manager.Env "ENABLE_WEBHOOKS" }}
+        - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs
+{{- end }}
+{{- else }}
         - --metrics-bind-address=127.0.0.1:8080
-        - --leader-elect
+{{- end }}
         command:
         - /manager
         env:
@@ -55,12 +63,18 @@ spec:
             memory: {{ .Deployment.Manager.Resources.Requests.Memory }}
         securityContext:
           allowPrivilegeEscalation: false
-{{- if isEnvVarTrue .Deployment.Manager.Env "ENABLE_WEBHOOKS" }}
         volumeMounts:
+{{- if isEnvVarTrue .Deployment.Manager.Env "ENABLE_WEBHOOKS" }}
         - mountPath: /tmp/k8s-webhook-server/serving-certs
           name: cert
           readOnly: true
 {{- end }}
+{{- if isEnvVarTrue .Deployment.Manager.Env "METRICS_CERTS" }}
+        - mountPath: /tmp/k8s-metrics-server/metrics-certs
+          name: metrics-certs
+          readOnly: true
+{{- end }}
+{{- if isEnvVarFalse .Deployment.Manager.Env "METRICS_CERTS" }}
       - args:
         - --secure-listen-address=0.0.0.0:8443
         - --upstream=http://127.0.0.1:8080/
@@ -81,6 +95,7 @@ spec:
             memory: {{ .Deployment.KubeRbacProxy.Resources.Requests.Memory }}
         securityContext:
           allowPrivilegeEscalation: false
+{{- end }}
       securityContext:
         runAsNonRoot: true
       serviceAccountName: {{ .Name }}-operator-controller-manager
@@ -101,12 +116,25 @@ spec:
         tolerationSeconds: {{ .TolerationSeconds }}
 {{- end }}
 {{- end }}
-{{- if isEnvVarTrue .Deployment.Manager.Env "ENABLE_WEBHOOKS" }}
       volumes:
+{{- if isEnvVarTrue .Deployment.Manager.Env "ENABLE_WEBHOOKS" }}
       - name: cert
         secret:
           defaultMode: 420
           secretName: {{ .Name }}-operator-webhook-server-cert
 {{ end }}
+{{- if isEnvVarTrue .Deployment.Manager.Env "METRICS_CERTS" }}
+      - name: metrics-certs
+        secret:
+          items:
+          - key: ca.crt
+            path: ca.crt
+          - key: tls.crt
+            path: tls.crt
+          - key: tls.key
+            path: tls.key
+          optional: false
+          secretName: {{ .Name }}-operator-metrics-server-cert
+{{ end }}
 ---
 {{ end }}
@@ -6,7 +6,7 @@ metadata:
     app.kubernetes.io/created-by: openstack-operator
     app.kubernetes.io/instance: webhook-service
     app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: service
+    app.kubernetes.io/name: openstack-baremetal-operator
     app.kubernetes.io/part-of: openstack-baremetal-operator
   name: openstack-baremetal-operator-webhook-service
   namespace: '{{ .OperatorNamespace }}'
@@ -16,7 +16,8 @@ spec:
     protocol: TCP
     targetPort: 9443
   selector:
-    openstack.org/operator-name: openstack-baremetal
+    app.kubernetes.io/name: openstack-baremetal-operator
+    control-plane: controller-manager
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
@@ -26,8 +27,7 @@ metadata:
     app.kubernetes.io/created-by: openstack-operator
     app.kubernetes.io/instance: serving-cert
     app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: certificate
-    app.kubernetes.io/part-of: openstack-baremetal-operator
+    app.kubernetes.io/name: openstack-baremetal-operator
   name: openstack-baremetal-operator-serving-cert
   namespace: '{{ .OperatorNamespace }}'
 spec:
@@ -39,21 +39,6 @@ spec:
     name: openstack-baremetal-operator-selfsigned-issuer
   secretName: openstack-baremetal-operator-webhook-server-cert
 ---
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  labels:
-    app.kubernetes.io/component: certificate
-    app.kubernetes.io/created-by: openstack-operator
-    app.kubernetes.io/instance: selfsigned-issuer
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: issuer
-    app.kubernetes.io/part-of: openstack-baremetal-operator
-  name: openstack-baremetal-operator-selfsigned-issuer
-  namespace: '{{ .OperatorNamespace }}'
-spec:
-  selfSigned: {}
----
 apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata: