ROX-32012: Clean up remains of upstream OLM

.openshift-ci/ci_tests.py

@@ -74,7 +74,7 @@ def run(self):
 
 
 class OperatorE2eTest(BaseTest):
-    OLM_SETUP_TIMEOUT_SEC = 60 * 10
+    OLM_SETUP_TIMEOUT_SEC = 60 * 2
     TEST_TIMEOUT_SEC = 60 * 60 * 2
     OPERATOR_CLUSTER_TYPE_OPENSHIFT4 = "openshift4"
 

operator/Makefile

@@ -193,7 +193,6 @@ include $(PROJECT_DIR)/../make/gotools.mk
 $(call go-tool, CONTROLLER_GEN, sigs.k8s.io/controller-tools/cmd/controller-gen, tools/controller-gen)
 $(call go-tool, ENVTEST, sigs.k8s.io/controller-runtime/tools/setup-envtest, tools/envtest)
 $(call go-tool, KUSTOMIZE, sigs.k8s.io/kustomize/kustomize/v5, tools/kustomize)
-$(call go-tool, OLM, github.com/operator-framework/operator-lifecycle-manager/cmd/olm, tools/operator-sdk)
 $(call go-tool, KUTTL, github.com/kudobuilder/kuttl/cmd/kubectl-kuttl, tools/kuttl)
 $(call go-tool, YQ, github.com/mikefarah/yq/v4, tools/yq)
 
@@ -205,7 +204,6 @@ $(OPERATOR_SDK): tools/operator-sdk/go.mod tools/operator-sdk/go.sum
 	$(SILENT)cd tools/operator-sdk && GOBIN="$(dir $@)" go install -tags=containers_image_openpgp github.com/operator-framework/operator-sdk/cmd/operator-sdk
 
 OPERATOR_SDK_VERSION = $(shell cd tools/operator-sdk; go list -m -f '{{ .Version }}' github.com/operator-framework/operator-sdk)
-OLM_VERSION = $(shell cd tools/operator-sdk; go list -m -f '{{ .Version }}' github.com/operator-framework/operator-lifecycle-manager)
 
 .PHONY: kustomize
 kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
@@ -360,14 +358,6 @@ ifndef ignore-not-found
   ignore-not-found = false
 endif
 
-.PHONY: olm-install
-olm-install: operator-sdk ## Install OLM on Kubernetes cluster
-	$(OPERATOR_SDK) olm install --version=$(OLM_VERSION)
-
-.PHONY: olm-uninstall
-olm-uninstall: operator-sdk ## Uninstall OLM previously installed on Kubernetes cluster
-	$(OPERATOR_SDK) olm uninstall
-
 .PHONY: install
 install: check-ci-setup manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
 	$(KUSTOMIZE) build config/crd | $(PROJECT_DIR)/hack/retry-kubectl.sh apply -f -

operator/README.md

@@ -143,6 +143,10 @@ You need to have the following set before running most targets mentioned in this
 $ export ROX_PRODUCT_BRANDING=RHACS_BRANDING
 ```
 
+Also, as of early 2026, upstream OLM does not work on GKE out of the box due to network policy issues
+[(Slack thread)](https://kubernetes.slack.com/archives/CAW0GV7A5/p1763021938129309).
+Use an OpenShift cluster, which comes with OLM pre-installed.
+
 ```bash
 # Refresh bundle metadata. Make sure to check the diff and commit it.
 $ make bundle
@@ -175,10 +179,7 @@ $ make bundle-test-image
 # 0. Get the operator-sdk program.
 $ make operator-sdk
 
-# 1. Install OLM, unless running on OpenShift.
-$ make olm-install
-
-# 2. Create a namespace for testing bundle.
+# 1. Create a namespace for testing bundle.
 $ kubectl create ns bundle-test
 
 # 2. Create image pull secrets.
@@ -192,17 +193,17 @@ $ kubectl -n bundle-test create secret docker-registry my-opm-image-pull-secrets
 # 3. Configure default service account to use these pull secrets.
 $ kubectl -n bundle-test patch serviceaccount default -p '{"imagePullSecrets": [{"name": "my-opm-image-pull-secrets"}]}'
 
-# 3. Build and push operator and bundle images.
+# 4. Build and push operator and bundle images.
 # Use one-liner above.
 
-# 4. Run bundle.
+# 5. Run bundle.
 $ `make which-operator-sdk` run bundle \
   quay.io/rhacs-eng/stackrox-operator-bundle:v$(make --quiet --no-print-directory tag) \
   --pull-secret-name my-opm-image-pull-secrets \
   --service-account default \
   --namespace bundle-test
 
-# 5. Add image pull secrets to operator's ServiceAccount.
+# 6. Add image pull secrets to operator's ServiceAccount.
 # Run it while the previous command executes otherwise it will fail.
 # Note that serviceaccount might not exist for a few moments.
 # Rerun this command until it succeeds.
@@ -211,7 +212,7 @@ $ kubectl -n bundle-test patch serviceaccount rhacs-operator-controller-manager
 # You may need to bounce operator pods after this if they can't pull images for a while.
 $ kubectl -n bundle-test delete pod -l app=rhacs-operator
 
-# 6. The above operator-sdk run bundle command should complete successfully.
+# 7. The above operator-sdk run bundle command should complete successfully.
 # If it does not, watch pod statuses and check pod logs.
 $ kubectl -n bundle-test get pods
 # ... and dive deep from there into the ones that are not healthy.
@@ -230,7 +231,6 @@ kubectl -n bundle-test delete catalogsources.operators.coreos.com rhacs-operator
 Also, you can tear everything down with
 
 ```bash
-$ make olm-uninstall
 $ kubectl delete ns bundle-test
 ```
 
@@ -244,21 +244,23 @@ Instructions and best practices on how to extend the StackRox CRDs is contained
 These instructions are for deploying a version of the operator that has been pushed to the `rhacs-eng` Quay organization.
 See above for instructions on how to deploy an OLM bundle and index that was built locally.
 
+Note: as of early 2026, upstream OLM does not work on GKE out of the box due to network policy issues
+[(Slack thread)](https://kubernetes.slack.com/archives/CAW0GV7A5/p1763021938129309).
+Use an OpenShift cluster, which comes with OLM pre-installed.
+
 ### Prerequisites
 
 #### Required Binaries
 
-Both the `kubectl-kuttl` and `operator-sdk` binaries are required for the following make targets to work.
-There are make targets to install both executables:
+The `kubectl-kuttl` binary is required for the following make targets to work.
+There is a make target to install it:
 
 ```bash
-make operator-sdk
 make kuttl
 ```
 
-These make targets will add the executable to your `$GOPATH`.
-If that is not on your `$PATH`, then you can install the Operator SDK from its [release page](https://github.com/operator-framework/operator-sdk/releases)
-and kuttl from its [release page](https://github.com/kudobuilder/kuttl/releases).
+This make target will add the executable to your `$GOPATH`.
+If that is not on your `$PATH`, then you can install kuttl from its [release page](https://github.com/kudobuilder/kuttl/releases).
 
 #### Pull Secret
 
@@ -309,7 +311,6 @@ ROX_PRODUCT_BRANDING=RHACS_BRANDING make deploy-via-olm TEST_NAMESPACE=my-favori
 You can blow everything away with:
 
 ```bash
-$ make olm-uninstall
 $ kubectl delete ns stackrox-operator-system
 
 # Optionally remove CRDs

operator/tools/operator-sdk/go.mod

@@ -2,24 +2,7 @@ module github.com/stackrox/rox/operator/tools/operator-sdk
 
 go 1.25.3
 
-require (
-	github.com/operator-framework/operator-lifecycle-manager v0.40.0
-	github.com/operator-framework/operator-sdk v1.42.0
-)
-
-// These are copied verbatim from
-// https://github.com/operator-framework/operator-lifecycle-manager/blob/72b0467f7a4f136a90089d013ef8d36715193fe2/go.mod#L252
-// Without them "go mod tidy" failed with:
-//
-// go: finding module for package github.com/openshift/api/config/v1
-// go: github.com/stackrox/rox/operator/tools/operator-sdk imports
-//   github.com/operator-framework/operator-lifecycle-manager/cmd/olm imports
-//   github.com/openshift/client-go/config/clientset/versioned/typed/config/v1 imports
-//   github.com/openshift/api/config/v1: package github.com/openshift/api/config/v1 provided by github.com/openshift/api at latest version v0.0.0-20240508125607-95e22923d553 but not at required version v3.9.0+incompatible
-replace (
-	github.com/openshift/api => github.com/openshift/api v0.0.0-20221021112143-4226c2167e40 // release-4.12
-	github.com/openshift/client-go => github.com/openshift/client-go v0.0.0-20221019143426-16aed247da5c // release-4.12
-)
+require github.com/operator-framework/operator-sdk v1.42.0
 
 require (
 	cel.dev/expr v0.25.1 // indirect
@@ -58,7 +41,6 @@ require (
 	github.com/containerd/typeurl/v2 v2.2.3 // indirect
 	github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect
 	github.com/containers/ocicrypt v1.2.1 // indirect
-	github.com/coreos/go-semver v0.3.1 // indirect
 	github.com/cyberphone/json-canonicalization v0.0.0-20241213102144-19d51d7fe467 // indirect
 	github.com/cyphar/filepath-securejoin v0.6.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
@@ -78,7 +60,6 @@ require (
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.9.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.9.0 // indirect
-	github.com/go-air/gini v1.0.4 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.7.0 // indirect
@@ -87,7 +68,6 @@ require (
 	github.com/go-jose/go-jose/v4 v4.1.3 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/go-logr/zapr v1.3.0 // indirect
 	github.com/go-openapi/jsonpointer v0.22.4 // indirect
 	github.com/go-openapi/jsonreference v0.21.4 // indirect
 	github.com/go-openapi/swag v0.25.4 // indirect
@@ -129,8 +109,6 @@ require (
 	github.com/huandu/xstrings v1.5.0 // indirect
 	github.com/iancoleman/strcase v0.3.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/itchyny/gojq v0.12.18 // indirect
-	github.com/itchyny/timefmt-go v0.1.7 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/jmoiron/sqlx v1.4.0 // indirect
 	github.com/joelanford/ignore v0.1.1 // indirect
@@ -153,7 +131,6 @@ require (
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
-	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/moby/spdystream v0.5.0 // indirect
@@ -173,9 +150,6 @@ require (
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.1 // indirect
 	github.com/opencontainers/runtime-spec v1.3.0 // indirect
-	github.com/openshift/api v3.9.0+incompatible // indirect
-	github.com/openshift/client-go v0.0.0-20260108185524-48f4ccfc4e13 // indirect
-	github.com/openshift/library-go v0.0.0-20260204111611-b7d4fa0e292a // indirect
 	github.com/operator-framework/ansible-operator-plugins v1.42.0 // indirect
 	github.com/operator-framework/api v0.39.0 // indirect
 	github.com/operator-framework/operator-manifest-tools v0.10.0 // indirect
@@ -231,8 +205,6 @@ require (
 	go.podman.io/common v0.66.1 // indirect
 	go.podman.io/image/v5 v5.38.0 // indirect
 	go.podman.io/storage v1.61.0 // indirect
-	go.uber.org/multierr v1.11.0 // indirect
-	go.uber.org/zap v1.27.1 // indirect
 	go.yaml.in/yaml/v2 v2.4.3 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
 	golang.org/x/crypto v0.47.0 // indirect
@@ -246,7 +218,6 @@ require (
 	golang.org/x/text v0.33.0 // indirect
 	golang.org/x/time v0.14.0 // indirect
 	golang.org/x/tools v0.41.0 // indirect
-	gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect
 	google.golang.org/genproto v0.0.0-20260203192932-546029d2fa20 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20260203192932-546029d2fa20 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20260203192932-546029d2fa20 // indirect
@@ -265,9 +236,7 @@ require (
 	k8s.io/cli-runtime v0.35.0 // indirect
 	k8s.io/client-go v0.35.0 // indirect
 	k8s.io/component-base v0.35.0 // indirect
-	k8s.io/klog v1.0.0 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
-	k8s.io/kube-aggregator v0.35.0 // indirect
 	k8s.io/kube-openapi v0.0.0-20260127142750-a19766b6e2d4 // indirect
 	k8s.io/kubectl v0.35.0 // indirect
 	k8s.io/utils v0.0.0-20260108192941-914a6e750570 // indirect
@@ -280,7 +249,6 @@ require (
 	sigs.k8s.io/kustomize/api v0.20.1 // indirect
 	sigs.k8s.io/kustomize/kyaml v0.20.1 // indirect
 	sigs.k8s.io/randfill v1.0.0 // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.7.0 // indirect
 	sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482 // indirect
 	sigs.k8s.io/yaml v1.6.0 // indirect
 )