Open stringang opened 7 months ago
@stringang thank you for reporting this issue. Do you recall which version of OpenShift this occurred for you on?
Is there a reason why the catalog source you provided is in the olm
namespace instead of openshift-operators
? I wasn't actually able to install DWO with your catalog source, it resulted in an error about not being able to find the catalog source (and I had to manually create the olm
namespace):
This operator cannot be updated. The health of CatalogSource "devworkspace-operator-catalog" is unknown. It may have been disabled or removed from the cluster.
I would suggest trying to see if things work as expected for you when adding the CatalogSource to the openshift-operators
namespce instead:
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
name: devworkspace-operator-catalog
namespace: openshift-operators
spec:
displayName: DevWorkspace Operator Catalog
image: 'quay.io/devfile/devworkspace-operator-index:release'
publisher: Red Hat
sourceType: grpc
updateStrategy:
registryPoll:
interval: 5m
When installing DWO from this CatalogSource, I saw that the devworkspace-webhookserver-tls
secret was created and owned by the devworkspace-webhookserver
service. Note that there is also a devworkspace-controller-manager-service-cert
that is owned by the devworkspace-operator.v0.26.0
ClusterServiceVersion.
@AObuchow
I'm using native Kubernetes. Installing it in the openshift-operators
namespace still presents the same issue.
install info:
kind: OperatorGroup
apiVersion: operators.coreos.com/v1
metadata:
name: og-test
namespace: openshift-operators
spec: {}
---
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: devworkspace-operator
namespace: openshift-operators
spec:
channel: fast
installPlanApproval: Automatic
name: devworkspace-operator
source: devworkspace-operator-catalog
sourceNamespace: openshift-operators
startingCSV: devworkspace-operator.v0.26.0
The webhook certificate should be automatically injected by cert-manager
or service-ca
.
After manually creating cert-manager
configurations to generate certificates and successfully deploying them, I expect automation.
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
labels:
app.kubernetes.io/name: devworkspace-controller
app.kubernetes.io/part-of: devworkspace-operator
name: devworkspace-controller-selfsigned-issuer
namespace: openshift-operators
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
labels:
app.kubernetes.io/name: devworkspace-controller
app.kubernetes.io/part-of: devworkspace-operator
name: devworkspace-controller-serving-cert
namespace: openshift-operators
spec:
dnsNames:
- devworkspace-webhookserver.openshift-operators.svc
- devworkspace-webhookserver.openshift-operators.svc.cluster.local
- devworkspace-controller-manager-service.openshift-operators.svc
- devworkspace-controller-manager-service.openshift-operators.svc.cluster.local
issuerRef:
kind: Issuer
name: devworkspace-controller-selfsigned-issuer
secretName: devworkspace-webhookserver-tls
Description
I encountered an issue while installing using OLM: not generate the Webhook server certificate.
DevWorkspace Operator:
v0.26.0
CatalogSource:
update: the generated certificate file name does not correspond to the file configured in the environment variable. The generated secret name is
devworkspace-controller-manager-service-cert
, while the environment variable isdevworkspace-webhookserver-tls
.