Update README.md (#2888)

Signed-off-by: domain <32405309+szu17dmy@users.noreply.github.com>

.ci/.checked-pr-template.md

@@ -0,0 +1,51 @@
+Thanks submitting your Operator. Please check below list before you create your Pull Request.
+
+### New Submissions
+
+* [x] Are you familiar with our [contribution guidelines](https://github.com/operator-framework/community-operators/blob/master/docs/contributing-via-pr.md)?
+* [x] Have you [packaged and deployed](https://github.com/operator-framework/community-operators/blob/master/docs/testing-operators.md) your Operator for Operator Framework?
+* [x] Have you tested your Operator with all Custom Resource Definitions?
+* [x] Have you tested your Operator in all supported [installation modes](https://github.com/operator-framework/operator-lifecycle-manager/blob/master/doc/design/building-your-csv.md#operator-metadata)?
+* [x] Have you considered whether you want use [semantic versioning order](https://github.com/operator-framework/community-operators/blob/master/docs/operator-ci-yaml.md#semver-mode)?
+* [x] Is your submission [signed](https://github.com/operator-framework/community-operators/blob/master/docs/contributing-prerequisites.md#sign-your-work)?
+* [x] Is operator [icon](https://github.com/operator-framework/community-operators/blob/master/docs/packaging-operator.md#operator-icon) set?
+
+### Updates to existing Operators
+
+* [x] Did you create a `ci.yaml` file according to the [update instructions](https://github.com/operator-framework/community-operators/blob/master/docs/operator-ci-yaml.md)?
+* [x] Is your new CSV pointing to the previous version with the `replaces` property if you chose `replaces-mode` via the `updateGraph` property in `ci.yaml`?
+* [x] Is your new CSV referenced in the [appropriate channel](https://github.com/operator-framework/community-operators/blob/master/docs/packaging-operator.md#channels) defined in the `package.yaml` or `annotations.yaml` ?
+* [ ] Have you tested an update to your Operator when deployed via OLM?
+* [x] Is your submission [signed](https://github.com/operator-framework/community-operators/blob/master/docs/contributing-prerequisites.md#sign-your-work)?
+
+### Your submission should not
+
+* [x] Modify more than one operator
+* [x] Modify an Operator you don't own
+* [x] Rename an operator - please remove and add with a different name instead
+* [x] Submit operators to both `upstream-community-operators` and `community-operators` at once
+* [x] Modify any files outside the above mentioned folders
+* [x] Contain more than one commit. **Please squash your commits.**
+
+### Operator Description must contain (in order)
+
+1. [x] Description about the managed Application and where to find more information
+2. [x] Features and capabilities of your Operator and how to use it
+3. [x] Any manual steps about potential pre-requisites for using your Operator
+
+### Operator Metadata should contain
+
+* [x] Human readable name and 1-liner description about your Operator
+* [x] Valid [category name](https://github.com/operator-framework/community-operators/blob/master/docs/packaging-operator.md#categories)<sup>1</sup>
+* [x] One of the pre-defined [capability levels](https://github.com/operator-framework/operator-courier/blob/4d1a25d2c8d52f7de6297ec18d8afd6521236aa2/operatorcourier/validate.py#L556)<sup>2</sup>
+* [x] Links to the maintainer, source code and documentation
+* [x] Example templates for all Custom Resource Definitions intended to be used
+* [x] A quadratic logo
+
+Remember that you can preview your CSV [here](https://operatorhub.io/preview).
+
+--
+
+<sup>1</sup> If you feel your Operator does not fit any of the pre-defined categories, file an issue against this repo and explain your need
+
+<sup>2</sup> For more information see [here](https://sdk.operatorframework.io/docs/overview/#operator-capability-level)

.ci/.operatorhub-pr-template.md

@@ -1,24 +1,22 @@
 Thanks submitting your Operator. Please check below list before you create your Pull Request.
-*************************************************
-**Flat operator directory structure is obsolete from 23-rd of October 2019, only nested directory structure will be accepted.**
-*************************************************
 
 ### New Submissions
 
-* [ ] Does your operator have [nested directory structure](https://github.com/operator-framework/community-operators/blob/master/docs/contributing.md#create-a-bundle)?
-* [ ] Have you selected the Project *Community Operator Submissions* in your PR on the right-hand menu bar?
-* [ ] Are you familiar with our [contribution guidelines](https://github.com/operator-framework/community-operators/blob/master/docs/contributing.md)?
+* [ ] Are you familiar with our [contribution guidelines](https://github.com/operator-framework/community-operators/blob/master/docs/contributing-via-pr.md)?
 * [ ] Have you [packaged and deployed](https://github.com/operator-framework/community-operators/blob/master/docs/testing-operators.md) your Operator for Operator Framework?
 * [ ] Have you tested your Operator with all Custom Resource Definitions?
 * [ ] Have you tested your Operator in all supported [installation modes](https://github.com/operator-framework/operator-lifecycle-manager/blob/master/doc/design/building-your-csv.md#operator-metadata)?
-* [ ] Is your submission [signed](https://github.com/operator-framework/community-operators/blob/master/docs/contributing.md#sign-your-work)?
+* [ ] Have you considered whether you want use [semantic versioning order](https://github.com/operator-framework/community-operators/blob/master/docs/operator-ci-yaml.md#semver-mode)?
+* [ ] Is your submission [signed](https://github.com/operator-framework/community-operators/blob/master/docs/contributing-prerequisites.md#sign-your-work)?
+* [ ] Is operator [icon](https://github.com/operator-framework/community-operators/blob/master/docs/packaging-operator.md#operator-icon) set?
 
 ### Updates to existing Operators
 
-* [ ] Is your new CSV pointing to the previous version with the `replaces` property?
-* [ ] Is your new CSV referenced in the [appropriate channel](https://github.com/operator-framework/community-operators/blob/master/docs/contributing.md#bundle-format) defined in the `package.yaml` ?
+* [ ] Did you create a `ci.yaml` file according to the [update instructions](https://github.com/operator-framework/community-operators/blob/master/docs/operator-ci-yaml.md)?
+* [ ] Is your new CSV pointing to the previous version with the `replaces` property if you chose `replaces-mode` via the `updateGraph` property in `ci.yaml`?
+* [ ] Is your new CSV referenced in the [appropriate channel](https://github.com/operator-framework/community-operators/blob/master/docs/packaging-operator.md#channels) defined in the `package.yaml` or `annotations.yaml` ?
 * [ ] Have you tested an update to your Operator when deployed via OLM?
-* [ ] Is your submission [signed](https://github.com/operator-framework/community-operators/blob/master/docs/contributing.md#sign-your-work)?
+* [ ] Is your submission [signed](https://github.com/operator-framework/community-operators/blob/master/docs/contributing-prerequisites.md#sign-your-work)?
 
 ### Your submission should not
 
@@ -38,7 +36,7 @@ Thanks submitting your Operator. Please check below list before you create your
 ### Operator Metadata should contain
 
 * [ ] Human readable name and 1-liner description about your Operator
-* [ ] Valid [category name](https://github.com/operator-framework/community-operators/blob/master/docs/required-fields.md#categories)<sup>1</sup>
+* [ ] Valid [category name](https://github.com/operator-framework/community-operators/blob/master/docs/packaging-operator.md#categories)<sup>1</sup>
 * [ ] One of the pre-defined [capability levels](https://github.com/operator-framework/operator-courier/blob/4d1a25d2c8d52f7de6297ec18d8afd6521236aa2/operatorcourier/validate.py#L556)<sup>2</sup>
 * [ ] Links to the maintainer, source code and documentation
 * [ ] Example templates for all Custom Resource Definitions intended to be used
@@ -50,4 +48,4 @@ Remember that you can preview your CSV [here](https://operatorhub.io/preview).
 
 <sup>1</sup> If you feel your Operator does not fit any of the pre-defined categories, file an issue against this repo and explain your need
 
-<sup>2</sup> For more information see [here](https://github.com/operator-framework/operator-sdk/blob/master/doc/images/operator-capability-level.svg)
+<sup>2</sup> For more information see [here](https://sdk.operatorframework.io/docs/overview/#operator-capability-level)

.ci/after-success.sh

@@ -1,4 +0,0 @@
-#!/bin/bash
-
-echo "Uploading code coverage results"
-bash <(curl -s https://codecov.io/bash)

.ci/create-release-github.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+OPERATOR_VERSION=$(git describe --tags)
+echo "${GITHUB_TOKEN}" | gh auth login --with-token
+
+gh config set prompt disabled
+gh release create \
+    -t "Release ${OPERATOR_VERSION}" \
+    "${OPERATOR_VERSION}" \
+    'dist/jaeger-operator.yaml#Installation manifest for Kubernetes'

.ci/format.sh

@@ -1,3 +1,3 @@
 #!/bin/bash
 
-${GOPATH}/bin/goimports -local "github.com/jaegertracing/jaeger-operator" -l -w $(git ls-files "*\.go" | grep -v vendor)
+./bin/goimports -local "github.com/jaegertracing/jaeger-operator" -l -w $(git ls-files "*\.go" | grep -v vendor)

.ci/install-sdk.sh

@@ -1,24 +0,0 @@
-#!/bin/bash
-
-DEST="${GOPATH}/bin/operator-sdk"
-
-function install_sdk() {
-    echo "Downloading the operator-sdk ${SDK_VERSION} into ${DEST}"
-    if [[ "$OSTYPE" == "darwin"* ]]; then
-        curl https://github.com/operator-framework/operator-sdk/releases/download/${SDK_VERSION}/operator-sdk-${SDK_VERSION}-x86_64-apple-darwin -sLo ${DEST}
-    else
-        curl https://github.com/operator-framework/operator-sdk/releases/download/${SDK_VERSION}/operator-sdk-${SDK_VERSION}-x86_64-linux-gnu -sLo ${DEST}
-    fi
-    chmod +x ${DEST}
-}
-
-mkdir -p ${GOPATH}/bin
-
-if [ ! -f ${DEST} ]; then
-    install_sdk
-fi
-
-${DEST} version | grep -q ${SDK_VERSION}
-if [ $? != 0 ]; then
-    install_sdk
-fi

.ci/install.sh

@@ -1,8 +0,0 @@
-#!/bin/bash
-
-make install
-RT=$?
-if [ ${RT} != 0 ]; then
-    echo "Failed to install the operator dependencies."
-    exit ${RT}
-fi

.ci/lint.sh

@@ -1,16 +0,0 @@
-#!/bin/bash
-
-GOLINT=golint
-
-command -v ${GOLINT} > /dev/null
-if [ $? != 0 ]; then
-    if [ -n ${GOPATH} ]; then
-        GOLINT="${GOPATH}/bin/golint"
-    fi
-fi
-
-out=$(${GOLINT} ./... | grep -v pkg/storage/elasticsearch/v1 | grep -v zz_generated)
-if [[ $out ]]; then
-    echo "$out"
-    exit 1
-fi

.ci/operatorhub.sh

@@ -1,125 +1,57 @@
 #!/bin/bash
 
-if [ -z ${COMMUNITY_OPERATORS_REPOSITORY} ]; then
-    COMMUNITY_OPERATORS_REPOSITORY="$(dirname $(dirname $(pwd)))/operator-framework/community-operators"
-    echo "COMMUNITY_OPERATORS_REPOSITORY not set, using ${COMMUNITY_OPERATORS_REPOSITORY}"
-fi
 
-if [ ! -d ${COMMUNITY_OPERATORS_REPOSITORY} ]; then
-    echo "${COMMUNITY_OPERATORS_REPOSITORY} doesn't exist, aborting."
+COMMUNITY_OPERATORS_REPOSITORY="k8s-operatorhub/community-operators"
+UPSTREAM_REPOSITORY="redhat-openshift-ecosystem/community-operators-prod"
+LOCAL_REPOSITORIES_PATH=${LOCAL_REPOSITORIES_PATH:-"$(dirname $(dirname $(pwd)))"}
+
+
+if [[ ! -d "${LOCAL_REPOSITORIES_PATH}/${COMMUNITY_OPERATORS_REPOSITORY}" ]]; then
+    echo "${LOCAL_REPOSITORIES_PATH}/${COMMUNITY_OPERATORS_REPOSITORY} doesn't exist, aborting."
     exit 1
 fi
 
-OLD_PWD=$(pwd)
-VERSION=$(grep operator= versions.txt | awk -F= '{print $2}')
-PKG_FILE=deploy/olm-catalog/jaeger-operator/jaeger-operator.package.yaml
-CSV_FILE=deploy/olm-catalog/jaeger-operator/manifests/jaeger-operator.clusterserviceversion.yaml
-CRD_FILE=deploy/crds/jaegertracing.io_jaegers_crd.yaml
-
-# once we get a clarification on the following item, we might not need to have different file names
-# https://github.com/operator-framework/community-operators/issues/701
-DEST_PKG_FILE=jaeger.package.yaml
-DEST_CSV_FILE=jaeger.v${VERSION}.clusterserviceversion.yaml
-
-cd "${COMMUNITY_OPERATORS_REPOSITORY}"
-
-git remote | grep upstream > /dev/null
-if [ $? != 0 ]; then
-    echo "Cannot find a remote named 'upstream'. Adding one."
-    git remote add upstream git@github.com:operator-framework/community-operators.git
+if [[ ! -d "${LOCAL_REPOSITORIES_PATH}/${UPSTREAM_REPOSITORY}" ]]; then
+    echo "${LOCAL_REPOSITORIES_PATH}/${UPSTREAM_REPOSITORY} doesn't exist, aborting."
+    exit 1
 fi
 
-git fetch -q upstream
-git checkout -q master
-git rebase -q upstream/master
 
-for dest in upstream-community-operators community-operators; do
-    mkdir -p "${COMMUNITY_OPERATORS_REPOSITORY}/${dest}/jaeger/${VERSION}"
+OLD_PWD=$(pwd)
+VERSION=$(grep operator= versions.txt | awk -F= '{print $2}')
 
-    cp "${OLD_PWD}/${PKG_FILE}" "${COMMUNITY_OPERATORS_REPOSITORY}/${dest}/jaeger/${DEST_PKG_FILE}"
-    cp "${OLD_PWD}/${CSV_FILE}" "${COMMUNITY_OPERATORS_REPOSITORY}/${dest}/jaeger/${VERSION}/${DEST_CSV_FILE}"
-    cp "${OLD_PWD}/${CRD_FILE}" "${COMMUNITY_OPERATORS_REPOSITORY}/${dest}/jaeger/${VERSION}"
+for dest in ${COMMUNITY_OPERATORS_REPOSITORY} ${UPSTREAM_REPOSITORY}; do
+    cd "${LOCAL_REPOSITORIES_PATH}/${dest}"
+    git remote | grep upstream > /dev/null
+    if [[ $? != 0 ]]; then
+        echo "Cannot find a remote named 'upstream'. Adding one."
+        git remote add upstream git@github.com:${dest}.git
+    fi
 
-    git checkout -q master
+    git fetch -q upstream
+    git checkout -q main
+    git rebase -q upstream/main
 
-    git checkout -q -b Update-Jaeger-${dest}-to-${VERSION}
-    if [ $? != 0 ]; then
+    cp -r "${OLD_PWD}/bundle" "operators/jaeger/${VERSION}"
+
+    git checkout -q -b Update-Jaeger-to-${VERSION}
+    if [[ $? != 0 ]]; then
         echo "Cannot switch to the new branch Update-Jaeger-${dest}-to-${VERSION}. Aborting"
         exit 1
     fi
 
-    git add "${COMMUNITY_OPERATORS_REPOSITORY}/${dest}/"
-    git commit -sqm "Update Jaeger ${dest} to v${VERSION}"
-    git push -q
+    git add .
+    git commit -sqm "Update Jaeger to v${VERSION}"
 
-    command -v hub > /dev/null
-    if [ $? != 0 ]; then
-        echo "'hub' command not found, can't submit the PR on your behalf."
+
+    command -v gh > /dev/null
+    if [[ $? != 0 ]]; then
+        echo "'gh' command not found, can't submit the PR on your behalf."
         break
     fi
 
-    tmpfile=$(mktemp /tmp/Update-Jaeger-${dest}-to-${VERSION}.XXX)
-    cat > ${tmpfile} <<- EOM
-Update Jaeger ${dest} to v${VERSION}
-
-Thanks submitting your Operator. Please check below list before you create your Pull Request.
-*************************************************
-**Flat operator directory structure is obsolete from 23-rd of October 2019, only nested directory structure will be accepted.**
-*************************************************
-
-### New Submissions
-
-* [x] Does your operator have [nested directory structure](https://github.com/operator-framework/community-operators/blob/master/docs/contributing.md#create-a-bundle)?
-* [x] Have you selected the Project *Community Operator Submissions* in your PR on the right-hand menu bar?
-* [x] Are you familiar with our [contribution guidelines](https://github.com/operator-framework/community-operators/blob/master/docs/contributing.md)?
-* [x] Have you [packaged and deployed](https://github.com/operator-framework/community-operators/blob/master/docs/testing-operators.md) your Operator for Operator Framework?
-* [x] Have you tested your Operator with all Custom Resource Definitions?
-* [x] Have you tested your Operator in all supported [installation modes](https://github.com/operator-framework/operator-lifecycle-manager/blob/master/doc/design/building-your-csv.md#operator-metadata)?
-* [x] Is your submission [signed](https://github.com/operator-framework/community-operators/blob/master/docs/contributing.md#sign-your-work)?
-
-### Updates to existing Operators
-
-* [x] Is your new CSV pointing to the previous version with the replaces property?
-* [x] Is your new CSV referenced in the [appropriate channel](https://github.com/operator-framework/community-operators/blob/master/docs/contributing.md#bundle-format) defined in the package.yaml ?
-* [ ] Have you tested an update to your Operator when deployed via OLM?
-* [x] Is your submission [signed](https://github.com/operator-framework/community-operators/blob/master/docs/contributing.md#sign-your-work)?
-
-### Your submission should not
-
-* [x] Modify more than one operator
-* [x] Modify an Operator you don't own
-* [x] Rename an operator - please remove and add with a different name instead
-* [x] Submit operators to both upstream-community-operators and community-operators at once
-* [x] Modify any files outside the above mentioned folders
-* [x] Contain more than one commit. **Please squash your commits.**
-
-### Operator Description must contain (in order)
-
-1. [x] Description about the managed Application and where to find more information
-2. [x] Features and capabilities of your Operator and how to use it
-3. [x] Any manual steps about potential pre-requisites for using your Operator
-
-### Operator Metadata should contain
-
-* [x] Human readable name and 1-liner description about your Operator
-* [x] Valid [category name](https://github.com/operator-framework/community-operators/blob/master/docs/required-fields.md#categories)<sup>1</sup>
-* [x] One of the pre-defined [capability levels](https://github.com/operator-framework/operator-courier/blob/4d1a25d2c8d52f7de6297ec18d8afd6521236aa2/operatorcourier/validate.py#L556)<sup>2</sup>
-* [x] Links to the maintainer, source code and documentation
-* [x] Example templates for all Custom Resource Definitions intended to be used
-* [x] A quadratic logo
-
-Remember that you can preview your CSV [here](https://operatorhub.io/preview).
-
---
-
-<sup>1</sup> If you feel your Operator does not fit any of the pre-defined categories, file an issue against this repo and explain your need
-
-<sup>2</sup> For more information see [here](https://github.com/operator-framework/operator-sdk/blob/master/doc/images/operator-capability-level.svg)
-EOM
-
     echo "Submitting PR on your behalf via 'hub'"
-    hub pull-request -F ${tmpfile}
-    rm ${tmpfile}
+    gh pr create --title  "Update Jaeger to v${VERSION}" --body-file "${OLD_PWD}/.ci/.checked-pr-template.md"
 done
 
 cd ${OLD_PWD}

.ci/prepare-release.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+if [[ -z $OPERATOR_VERSION ]]; then
+    echo "OPERATOR_VERSION isn't set. Skipping process."
+    exit 1
+fi
+
+
+
+JAEGER_VERSION=$(echo $JAEGER_VERSION | tr -d '"')
+JAEGER_AGENT_VERSION=$(echo $JAEGER_AGENT_VERSION | tr -d '"')
+
+
+PREVIOUS_VERSION=$(grep operator= versions.txt | awk -F= '{print $2}')
+
+# change the versions.txt, bump only operator version.
+sed "s~operator=${PREVIOUS_VERSION}~operator=${OPERATOR_VERSION}~gi" -i versions.txt
+
+# changes to deploy/operator.yaml
+sed "s~replaces: jaeger-operator.v.*~replaces: jaeger-operator.v${PREVIOUS_VERSION}~i" -i config/manifests/bases/jaeger-operator.clusterserviceversion.yaml
+
+# Update the examples according to the release
+
+sed -i "s~all-in-one:.*~all-in-one:${JAEGER_VERSION}~gi" examples/all-in-one-with-options.yaml
+
+# statefulset-manual-sidecar
+sed -i "s~jaeger-agent:.*~jaeger-agent:${JAEGER_AGENT_VERSION}~gi" examples/statefulset-manual-sidecar.yaml
+
+# operator-with-tracing
+sed -i "s~jaeger-operator:.*~jaeger-operator:${OPERATOR_VERSION}~gi" examples/operator-with-tracing.yaml
+sed -i "s~jaeger-agent:.*~jaeger-agent:${JAEGER_AGENT_VERSION}~gi" examples/operator-with-tracing.yaml
+
+# tracegen
+sed -i "s~jaeger-tracegen:.*~jaeger-tracegen:${JAEGER_VERSION}~gi" examples/tracegen.yaml
+
+
+VERSION=${OPERATOR_VERSION} USER=jaegertracing make bundle

.ci/publish-images.sh

@@ -4,7 +4,7 @@ BASE_BUILD_IMAGE=${BASE_BUILD_IMAGE:-"jaegertracing/jaeger-operator"}
 OPERATOR_VERSION=${OPERATOR_VERSION:-$(git describe --tags)}
 
 ## if we are on a release tag, let's extract the version number
-## the other possible value, currently, is 'master' (or another branch name)
+## the other possible value, currently, is 'main' (or another branch name)
 ## if we are not running in the CI, it fallsback to the `git describe` above
 if [[ $OPERATOR_VERSION == v* ]]; then
     OPERATOR_VERSION=$(echo ${OPERATOR_VERSION} | grep -Po "([\d\.]+)")
@@ -12,6 +12,7 @@ if [[ $OPERATOR_VERSION == v* ]]; then
 fi
 
 BUILD_IMAGE=${BUILD_IMAGE:-"${BASE_BUILD_IMAGE}:${OPERATOR_VERSION}"}
+DOCKER_USERNAME=${DOCKER_USERNAME:-"jaegertracingbot"}
 
 if [ "${DOCKER_PASSWORD}x" != "x" -a "${DOCKER_USERNAME}x" != "x" ]; then
     echo "Performing a 'docker login'"

.ci/release.sh

@@ -1,90 +0,0 @@
-#!/bin/bash
-
-git diff -s --exit-code
-if [[ $? != 0 ]]; then
-    echo "The repository isn't clean. We won't proceed, as we don't know if we should commit those changes or not."
-    exit 1
-fi
-
-BASE_BUILD_IMAGE=${BASE_BUILD_IMAGE:-"jaegertracing/jaeger-operator"}
-BASE_TAG=${BASE_TAG:-$(git describe --tags)}
-OPERATOR_VERSION=${OPERATOR_VERSION:-${BASE_TAG}}
-OPERATOR_VERSION=$(echo ${OPERATOR_VERSION} | grep -Po "([\d\.]+)")
-JAEGER_VERSION=$(echo ${OPERATOR_VERSION} | grep -Po "([\d]+\.[\d]+\.[\d]+)" | head -n 1)
-TAG=${TAG:-"v${OPERATOR_VERSION}"}
-BUILD_IMAGE=${BUILD_IMAGE:-"${BASE_BUILD_IMAGE}:${OPERATOR_VERSION}"}
-CREATED_AT=$(date -u -Isecond)
-PREVIOUS_VERSION=$(grep operator= versions.txt | awk -F= '{print $2}')
-
-if [[ ${BASE_TAG} =~ ^release/v.[[:digit:].]+(\-.*)?$ ]]; then
-    echo "Releasing ${OPERATOR_VERSION} from ${BASE_TAG}"
-else
-    echo "The release tag does not match the expected format: ${BASE_TAG}"
-    exit 1
-fi
-
-if [ "${GH_WRITE_TOKEN}x" == "x" ]; then
-    echo "The GitHub write token isn't set. Skipping release process."
-    exit 1
-fi
-
-# changes to deploy/operator.yaml
-sed "s~image: jaegertracing/jaeger-operator.*~image: ${BUILD_IMAGE}~gi" -i deploy/operator.yaml
-sed "s~image: jaegertracing/jaeger-agent:.*~image: jaegertracing/jaeger-agent:${JAEGER_VERSION}~gi" -i deploy/operator.yaml
-
-# changes to test/operator.yaml
-sed "s~image: jaegertracing/jaeger-operator.*~image: ${BUILD_IMAGE}~gi" -i test/operator.yaml
-
-# change the versions.txt, bump only operator version.
-sed "s~operator=${PREVIOUS_VERSION}~operator=${OPERATOR_VERSION}~gi" -i versions.txt
-
-mkdir -p deploy/olm-catalog/jaeger-operator/${OPERATOR_VERSION}
-cp deploy/olm-catalog/jaeger-operator/manifests/jaeger-operator.clusterserviceversion.yaml \
-   deploy/olm-catalog/jaeger-operator/${OPERATOR_VERSION}/jaeger-operator.v${OPERATOR_VERSION}.clusterserviceversion.yaml
-
-operator-sdk generate csv \
-    --csv-channel=stable \
-    --make-manifests=false \
-    --csv-version=${OPERATOR_VERSION}
-
-
-
-# changes to deploy/olm-catalog/jaeger-operator/manifests
-sed "s~containerImage: docker.io/jaegertracing/jaeger-operator:${PREVIOUS_VERSION}~containerImage: docker.io/jaegertracing/jaeger-operator:${OPERATOR_VERSION}~i" -i deploy/olm-catalog/jaeger-operator/${OPERATOR_VERSION}/jaeger-operator.v${OPERATOR_VERSION}.clusterserviceversion.yaml
-sed "s~image: jaegertracing/jaeger-operator:${PREVIOUS_VERSION}~image: jaegertracing/jaeger-operator:${OPERATOR_VERSION}~i" -i deploy/olm-catalog/jaeger-operator/${OPERATOR_VERSION}/jaeger-operator.v${OPERATOR_VERSION}.clusterserviceversion.yaml
-sed "s~replaces: jaeger-operator.v.*~replaces: jaeger-operator.v${PREVIOUS_VERSION}~i" -i deploy/olm-catalog/jaeger-operator/${OPERATOR_VERSION}/jaeger-operator.v${OPERATOR_VERSION}.clusterserviceversion.yaml
-sed "s~version: ${PREVIOUS_VERSION}~version: ${OPERATOR_VERSION}~i" -i deploy/olm-catalog/jaeger-operator/${OPERATOR_VERSION}/jaeger-operator.v${OPERATOR_VERSION}.clusterserviceversion.yaml
-sed "s~name: jaeger-operator.v${PREVIOUS_VERSION}~name: jaeger-operator.v${OPERATOR_VERSION}~i" -i deploy/olm-catalog/jaeger-operator/${OPERATOR_VERSION}/jaeger-operator.v${OPERATOR_VERSION}.clusterserviceversion.yaml
-
-# changes to deploy/olm-catalog/jaeger-operator/jaeger-operator.package.yaml
-sed "s~currentCSV: jaeger-operator.v${PREVIOUS_VERSION}~currentCSV: jaeger-operator.v${OPERATOR_VERSION}~i" -i deploy/olm-catalog/jaeger-operator/jaeger-operator.package.yaml
-
-cp deploy/olm-catalog/jaeger-operator/${OPERATOR_VERSION}/jaeger-operator.v${OPERATOR_VERSION}.clusterserviceversion.yaml \
-   deploy/olm-catalog/jaeger-operator/manifests/jaeger-operator.clusterserviceversion.yaml
-
-git diff -s --exit-code
-if [[ $? == 0 ]]; then
-    echo "No changes detected. Skipping."
-else
-    git add \
-      deploy/operator.yaml \
-      deploy/olm-catalog/jaeger-operator/jaeger-operator.package.yaml \
-      deploy/olm-catalog/jaeger-operator/manifests/jaeger-operator.clusterserviceversion.yaml \
-      test/operator.yaml \
-      versions.txt
-
-    git diff -s --exit-code
-    if [[ $? != 0 ]]; then
-        echo "There are more changes than expected. Skipping the release."
-        git diff
-        exit 1
-    fi
-
-    git config user.email "jaeger-release@jaegertracing.io"
-    git config user.name "Jaeger Release"
-
-    git commit -qm "Release ${TAG}"
-    git tag ${TAG}
-    git push --repo=https://${GH_WRITE_TOKEN}@github.com/jaegertracing/jaeger-operator.git --tags
-    git push https://${GH_WRITE_TOKEN}@github.com/jaegertracing/jaeger-operator.git refs/tags/${TAG}:master
-fi

.ci/run-e2e-tests.sh

@@ -1,76 +0,0 @@
-#!/usr/bin/env bash
-set -x
-
-[[ -z "$TEST_GROUP" ]] && { echo "TEST_GROUP is undefined, exiting" ; exit 1; }
-
-## Since we're running MiniKube with --vm-driver none, change imagePullPolicy to get the image locally
-sed -i 's/imagePullPolicy: Always/imagePullPolicy: Never/g' test/operator.yaml
-## remove this once #947 is fixed
-export VERBOSE='-v -timeout 20m'
-if [ "${TEST_GROUP}" = "es" ]; then
-    echo "Running elasticsearch tests"
-    make es
-    make e2e-tests-es
-elif [ "${TEST_GROUP}" = "es-otel" ]; then
-    echo "Running elasticsearch tests with OTEL collector"
-    export SPECIFY_OTEL_IMAGES=true
-    export SPECIFY_OTEL_CONFIG=true
-    make es
-    make e2e-tests-es
-elif [ "${TEST_GROUP}" = "es-self-provisioned" ]; then
-    echo "Running self provisioned elasticsearch tests"
-    make e2e-tests-self-provisioned-es
-    res=$?
-    if [[ ${res} -ne 0 ]]; then
-        kubectl log deploy/elasticsearch-operator -n openshift-logging
-    fi
-    exit ${res}
-elif [ "${TEST_GROUP}" = "smoke" ]
-then
-    echo "Running Smoke Tests"
-    make e2e-tests-smoke
-elif [ "${TEST_GROUP}" = "cassandra" ]
-then
-    echo "Running Cassandra Tests"
-    make cassandra
-    make e2e-tests-cassandra
-elif [ "${TEST_GROUP}" = "streaming" ]
-then
-    echo "Running Streaming Tests"
-    make e2e-tests-streaming
-elif [ "${TEST_GROUP}" = "streaming-otel" ]
-then
-    echo "Running Streaming Tests with OTEL collector and ingester"
-    export SPECIFY_OTEL_IMAGES=true
-    export SPECIFY_OTEL_CONFIG=true
-    make e2e-tests-streaming
-elif [ "${TEST_GROUP}" = "examples1" ]
-then
-    echo "Running Examples1 Tests"
-    make e2e-tests-examples1
-elif [ "${TEST_GROUP}" = "examples2" ]
-then
-    echo "Running Examples2 Tests"
-    make e2e-tests-examples2
-elif [ "${TEST_GROUP}" = "es-token-propagation" ]
-then
-    echo "Running token propagation tests"
-    make e2e-tests-token-propagation-es
-elif [ "${TEST_GROUP}" = "generate" ]
-then
-    echo "Running CLI manifest generation tests"
-    make e2e-tests-generate
-elif [ "${TEST_GROUP}" = "upgrade" ]
-then
-    echo "Running upgrade tests"
-    make e2e-tests-upgrade
-elif [ "${TEST_GROUP}" = "smoke-otel" ]
-then
-    echo "Running Smoke Tests with OTEL collector"
-    export SPECIFY_OTEL_IMAGES=true
-    export SPECIFY_OTEL_CONFIG=true
-    make e2e-tests-smoke
-else
-    echo "Unknown TEST_GROUP [${TEST_GROUP}]"; exit 1
-fi
-

.ci/script.sh

@@ -1,8 +0,0 @@
-#!/bin/bash
-
-make install-tools ci
-RT=$?
-if [ ${RT} != 0 ]; then
-    echo "Failed to build the operator."
-    exit ${RT}
-fi

.ci/setup-docker.sh

@@ -1,11 +0,0 @@
-#!/bin/bash
-
-## this script is meant to be executed in a CI executor based on Ubuntu 18.04 and hasn't been tested anywhere else
-sudo apt-get remove docker docker-engine docker.io containerd runc
-sudo apt-get update
-sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common
-curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
-sudo apt-key fingerprint 0EBFCD88
-sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
-sudo apt-get update
-sudo apt-get install docker-ce docker-ce-cli containerd.io

.ci/start-minikube.sh

@@ -1,51 +0,0 @@
-#!/usr/bin/env bash
-# exit immediately when a command fails
-set -e
-# only exit with zero if all commands of the pipeline exit successfully
-set -o pipefail
-# error on unset variables
-set -u
-# print each command before executing it
-set -x
-
-#
-# NOTE: This script was originally copied from the CoreOs Prometheus Operator build
-# https://github.com/coreos/prometheus-operator/blob/master/scripts/create-minikube.sh
-
-# socat is needed for port forwarding
-sudo apt-get update && sudo apt-get install socat
-
-export MINIKUBE_VERSION=v1.5.2
-export KUBERNETES_VERSION=v1.16.2
-
-MINIKUBE=$(which minikube) # it's outside of the regular PATH, so, need the full path when calling with sudo
-
-sudo mount --make-rshared /
-sudo mount --make-rshared /proc
-sudo mount --make-rshared /sys
-
-mkdir "${HOME}"/.kube || true
-touch "${HOME}"/.kube/config
-
-# minikube config
-minikube config set WantNoneDriverWarning false
-minikube config set vm-driver none
-
-minikube version
-sudo ${MINIKUBE} start --kubernetes-version=$KUBERNETES_VERSION --extra-config=apiserver.authorization-mode=RBAC
-sudo chown -R $USER $HOME/.kube $HOME/.minikube
-
-minikube update-context
-
-# waiting for node(s) to be ready
-JSONPATH='{range .items[*]}{@.metadata.name}:{range @.status.conditions[*]}{@.type}={@.status};{end}{end}'; until kubectl get nodes -o jsonpath="$JSONPATH" 2>&1 | grep -q "Ready=True"; do sleep 1; done
-
-# waiting for kube-dns to be ready
-export COREDNSPODS=$(kubectl --namespace kube-system get pods -lk8s-app=kube-dns | grep coredns | awk '{print $1}')
-for POD in ${COREDNSPODS}
-do
-    kubectl wait --for=condition=Ready pod/${POD}  --namespace kube-system --timeout=60s
-done
-sudo ${MINIKUBE} addons enable ingress
-
-eval $(minikube docker-env)

.ci/upload-test-coverage.sh

@@ -1,3 +0,0 @@
-#!/bin/bash
-
-bash <(curl -s https://codecov.io/bash)

.ci/vgot.sh

@@ -1,15 +0,0 @@
-#!/bin/sh
-if [ $# = 0 ]; then
-    usage: vgot cmdpackage[@version]... >&2
-    exit 2
-fi
-d=`mktemp -d`
-cd "$d"
-go mod init temp >/dev/null 2>&1
-for i; do
-    pkg=`echo $i | sed 's/@.*//'`
-    go get "$i" &&
-    go install "$pkg" &&
-    echo installed `go list -f '{{.ImportPath}}@{{.Module.Version}}' "$pkg"`
-done
-rm -r "$d"

.codecov.yml

@@ -1,8 +1,16 @@
+coverage:
+  status:
+    project:
+      default:
+        target: auto
+        # this allows a 0.1% drop from the previous base commit coverage
+        threshold: 0.1%
 ignore:
-  - "pkg/apis/io/v1alpha1/zz_generated.deepcopy.go"
-  - "pkg/apis/jaegertracing/v1/zz_generated.deepcopy.go"
-  - "pkg/apis/io/v1alpha1/zz_generated.defaults.go"
-  - "pkg/apis/jaegertracing/v1/zz_generated.defaults.go"
-  - "pkg/apis/jaegertracing/v1/zz_generated.openapi.go"
-  - "pkg/apis/kafka/v1beta1/zz_generated.deepcopy.go"
-  - "pkg/apis/kafka/v1beta1/zz_generated.openapi.go"
+  - "apis/v1/zz_generated.deepcopy.go"
+  - "apis/v1/zz_generated.defaults.go"
+  - "apis/v1/zz_generated.openapi.go"
+  - "apis/v1/groupversion_info.go"
+  - "pkg/kafka/v1beta2/zz_generated.deepcopy.go"
+  - "pkg/kafka/v1beta2/zz_generated.openapi.go"
+  - "pkg/kafka/v1beta2/groupversion_info.go"
+  - "pkg/util/k8s_utils.go"

.dockerignore

@@ -0,0 +1,4 @@
+# More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file
+# Ignore build and test binaries.
+bin/
+testbin/

.github/dependabot.yml

@@ -1,6 +1,62 @@
 version: 2
 updates:
+  - package-ecosystem: docker
+    directory: "/"
+    schedule:
+      interval: daily
+      time: "03:00"
+      timezone: "Europe/Berlin"
+    labels:
+      - dependencies
+      - docker
+      - ok-to-test
+  - package-ecosystem: docker
+    directory: "/tests"
+    schedule:
+      interval: daily
+      time: "03:00"
+      timezone: "Europe/Berlin"
+    labels:
+      - dependencies
+      - docker
+      - ok-to-test
   - package-ecosystem: gomod
     directory: "/"
     schedule:
       interval: daily
+      time: "03:00"
+      timezone: "Europe/Berlin"
+    labels:
+      - dependencies
+      - go
+      - ok-to-test
+    groups:
+      golang-org-x:
+        patterns:
+          - "golang.org/x/*"
+      opentelemetry:
+        patterns:
+          - "go.opentelemetry.io/*"
+      prometheus:
+        patterns:
+          - "github.com/prometheus-operator/prometheus-operator"
+          - "github.com/prometheus-operator/prometheus-operator/*"
+          - "github.com/prometheus/prometheus"
+          - "github.com/prometheus/prometheus/*"
+          - "github.com/prometheus/client_go"
+          - "github.com/prometheus/client_go/*"
+      kubernetes:
+        patterns:
+          - "k8s.io/*"
+          - "sigs.k8s.io/*"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+      time: "03:00"
+      timezone: "Europe/Berlin"
+    labels:
+      - dependencies
+      - github_actions
+      - ok-to-test

.github/labeler-needs-triage.yaml

@@ -1,3 +0,0 @@
-# Add 'needs-triage' label to all new issues
-needs-triage:
-    - '.*'

.github/mergify.yml

@@ -1,74 +0,0 @@
-pull_request_rules:
-  - name: remove outdated reviews
-    conditions:
-      - base=master
-    actions:
-      dismiss_reviews: {}
-
-  - name: Automatic merge when all checks pass and the PR is approved
-    conditions:
-      - "#approved-reviews-by>=1"
-      - "-draft"
-      - "status-success=basic-checks"
-      - "status-success=end-to-end (smoke)"
-      - "status-success=end-to-end (es)"
-      - "status-success=end-to-end (cassandra)"
-      - "status-success=end-to-end (streaming)"
-      - "status-success=end-to-end (examples1)"
-      - "status-success=end-to-end (examples2)"
-      - "status-success=end-to-end (generate)"
-      - "status-success=end-to-end (es-otel)"
-      - "status-success=end-to-end (streaming-otel)"
-      - "status-success=DCO"
-      - "status-success=WIP"
-      - "status-success=codecov/patch" # we don't require those, but we might want to manually check before automatically merging
-      - "status-success=codecov/project"
-    actions:
-      merge:
-        method: squash
-        commit_message: title+body
-        bot_account: jaegerci-bot
-  - name: Kafka changes
-    conditions:
-    - files~=kafka
-    actions:
-      assign:
-        users:
-          - rubenvp8510
-      request_reviews:
-        users:
-          - rubenvp8510
-          - jpkrohling
-  - name: Upgrade mechanism changes
-    conditions:
-    - files~=upgrade/
-    actions:
-      assign:
-        users:
-          - rubenvp8510
-      request_reviews:
-        users:
-          - rubenvp8510
-          - jpkrohling
-  - name: Sidecar injection mechanism changes
-    conditions:
-    - files~=inject/
-    actions:
-      assign:
-        users:
-          - rubenvp8510
-      request_reviews:
-        users:
-          - rubenvp8510
-          - jpkrohling
-  - name: Streaming changes
-    conditions:
-    - files~=streaming
-    actions:
-      assign:
-        users:
-          - objectiser
-      request_reviews:
-        users:
-          - objectiser
-          - jpkrohling

.github/stale.yml

@@ -1,4 +0,0 @@
-daysUntilStale: 60
-daysUntilClose: 7
-onlyLabels:
-  - needs-info

.github/workflows/base-checks.yaml

@@ -1,22 +1,42 @@
 name: "CI Workflow"
-on: [push, pull_request]
+
+on:
+  push:
+    branches: [ main ]
+    paths-ignore:
+      - '**.md'
+  pull_request:
+    branches: [ main ]
+    paths-ignore:
+      - '**.md'
+
+permissions:
+  contents: read
 
 jobs:
   basic-checks:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
+    env:
+      USER: jaegertracing
     steps:
-    - uses: actions/setup-go@v1
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+    - name: Set up Go
+      uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
       with:
-        go-version: '1.14.4'
-    - uses: actions/checkout@v1
-    - uses: jpkrohling/setup-operator-sdk@v1.0.2
-      with:
-        operator-sdk-version: v0.18.2
+        go-version: "1.22"
+
+    - name: "install kubebuilder"
+      run: ./hack/install/install-kubebuilder.sh
+
+    - name: "install kustomize"
+      run: ./hack/install/install-kustomize.sh
 
     - name: "basic checks"
-      run: ./.ci/script.sh
+      run: make install-tools ci
 
     - name: "upload test coverage report"
-      env:
-        CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-      run: ./.ci/upload-test-coverage.sh
+      uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0
+      with:
+        token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/codeql.yml

@@ -0,0 +1,52 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ main ]
+    paths-ignore:
+      - '**.md'
+  pull_request:
+    branches: [ main ]
+    paths-ignore:
+      - '**.md'
+
+permissions:
+  contents: read
+
+jobs:
+  codeql-analyze:
+    permissions:
+      actions: read  # for github/codeql-action/init to get workflow details
+      contents: read  # for actions/checkout to fetch code
+      security-events: write  # for github/codeql-action/autobuild to send a status report
+    name: CodeQL Analyze
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go' ]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: "Set up Go"
+        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+        with:
+          go-version-file: "go.mod"
+
+      # Disable CodeQL for tests
+      # https://github.com/github/codeql/issues/4786
+      - run: rm -rf ./tests
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
+        with:
+          languages: go
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10

.github/workflows/e2e-kubernetes.yaml

@@ -1,36 +0,0 @@
-name: "Kubernetes end-to-end tests"
-on: [push, pull_request]
-
-jobs:
-  end-to-end:
-    runs-on: ubuntu-16.04
-    strategy:
-      matrix:
-        TEST_GROUP: [smoke, es, cassandra, streaming, examples1, examples2, generate, es-otel, streaming-otel, smoke-otel, upgrade]
-    steps:
-    - uses: actions/setup-go@v1
-      with:
-        go-version: '1.14.4'
-    - uses: jpkrohling/setup-minikube@v1.0.2
-      with:
-        minikube-version: v1.5.2
-    - uses: jpkrohling/setup-kubectl@v1.0.2
-    - uses: jpkrohling/setup-operator-sdk@v1.0.2
-      with:
-        operator-sdk-version: v0.18.2
-    - uses: actions/checkout@v1
-
-    - name: "setup docker"
-      run: ./.ci/setup-docker.sh
-
-    - name: "start minikube"
-      run: ./.ci/start-minikube.sh
-
-    - name: "install go tools"
-      run: make install-tools
-
-    - name: "running end to end test"
-      env:
-        CI: true
-        TEST_GROUP: ${{ matrix.TEST_GROUP }}
-      run: ./.ci/run-e2e-tests.sh

.github/workflows/e2e.yaml

@@ -0,0 +1,84 @@
+name: E2E tests
+
+on:
+  push:
+    branches: [ main ]
+    paths-ignore:
+      - '**.md'
+  pull_request:
+    branches: [ main ]
+    paths-ignore:
+      - '**.md'
+concurrency:
+  group: e2e-tests-${{ github.ref }}-${{ github.workflow }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  e2e:
+    name: "Run ${{ matrix.testsuite.label }} E2E tests (${{ matrix.kube-version }})"
+    runs-on: ubuntu-20.04
+    strategy:
+      fail-fast: false
+      matrix:
+       kube-version:
+         - "1.19"
+         - "1.30"
+       testsuite:
+         - { name: "elasticsearch", label: "Elasticsearch" }
+         - { name: "examples", label: "Examples" }
+         - { name: "generate", label: "Generate" }
+         - { name: "miscellaneous", label: "Miscellaneous" }
+         - { name: "sidecar", label: "Sidecar" }
+         - { name: "streaming", label: "Streaming" }
+         - { name: "ui", label: "UI" }
+         - { name: "upgrade", label: "Upgrade" }
+    steps:
+      - name: "Check out code into the Go module directory"
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+      - name: "Set up Go"
+        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+        with:
+          go-version: "1.22"
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+        with:
+          install: true
+      - name: Cache Docker layers
+        uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
+        with:
+          path: /tmp/.buildx-cache
+          key: e2e-${{ github.sha }}
+          restore-keys: |
+            e2e-
+      - name: "Install KIND"
+        run: ./hack/install/install-kind.sh
+        shell: bash
+      - name: "Install KUTTL"
+        run: ./hack/install/install-kuttl.sh
+        shell: bash
+      - name: "Install gomplate"
+        run: ./hack/install/install-gomplate.sh
+        shell: bash
+      - name: "Install dependencies"
+        run: make install-tools
+        shell: bash
+      - name: "Run ${{ matrix.testsuite.label }} E2E test suite on Kube ${{ matrix.kube-version }}"
+        env:
+          VERBOSE: "true"
+          KUBE_VERSION: "${{ matrix.kube-version }}"
+          DOCKER_BUILD_OPTIONS: "--cache-from	type=local,src=/tmp/.buildx-cache --cache-to type=local,dest=/tmp/.buildx-cache-new,mode=max --load"
+        run: make run-e2e-tests-${{ matrix.testsuite.name }}
+        shell: bash
+        # Temp fix
+        # https://github.com/docker/build-push-action/issues/252
+        # https://github.com/moby/buildkit/issues/1896
+      - name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+        shell: bash

.github/workflows/labeler.yml

@@ -1,14 +0,0 @@
-name: "Add needs-triage to new issues"
-on:
-  issues:
-    types: [opened]
-
-jobs:
-  triage:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: github/issue-labeler@v2.0
-      with:
-        repo-token: "${{ secrets.GITHUB_TOKEN }}"
-        configuration-path: .github/labeler-needs-triage.yaml
-        enable-versioned-regex: 0

.github/workflows/ossf-scorecard.yml

@@ -0,0 +1,54 @@
+name: Scorecard supply-chain security
+on:
+  # For Branch-Protection check. Only the default branch is supported. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+  branch_protection_rule:
+  # To guarantee Maintained check is occasionally updated. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+  schedule:
+    - cron: '45 13 * * 1'
+  push:
+    branches: [ "main" ]
+
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Needed to publish results and get a badge (see publish_results below).
+      id-token: write
+      # Uncomment the permissions below if installing in a private repository.
+      # contents: read
+      # actions: read
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
+        with:
+          sarif_file: results.sarif

.github/workflows/publish-images.yaml

@@ -1,21 +1,28 @@
 name: "Publish images"
+
 on:
   push:
-    branches:
-      - master
+    branches: [ main ]
+    paths-ignore:
+      - '**.md'
+
+permissions:
+  contents: read
 
 jobs:
   publish:
     runs-on: ubuntu-latest
+    env:
+      USER: jaegertracing
     steps:
-    - uses: actions/checkout@v1
-    - uses: docker/setup-qemu-action@v1
-    - uses: docker/setup-buildx-action@v1
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+    - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+    - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
     - name: "publishes the images"
       env:
         DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
-        DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+        DOCKER_PASSWORD: ${{ secrets.DOCKERHUB_TOKEN }}
         QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }}
         QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }}
-        OPERATOR_VERSION: master
+        OPERATOR_VERSION: main
       run: ./.ci/publish-images.sh

.github/workflows/release.yaml

@@ -1,30 +1,43 @@
-name: "Release"
+
+name: "Prepare the release"
 on:
   push:
     tags:
-    - 'release/v*'
+    - 'v*'
 
 jobs:
   release:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
+    env:
+      USER: jaegertracing
     steps:
-    - uses: actions/setup-go@v1
+    - name: Set up Go
+      uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
       with:
-        go-version: '1.14.4'
-    - uses: actions/checkout@v1
-    - uses: jpkrohling/setup-operator-sdk@v1.0.2
-    - uses: docker/setup-qemu-action@v1
-    - uses: docker/setup-buildx-action@v1
-      with:
-        operator-sdk-version: v0.18.2
-    - name: "perform the release"
+        go-version: "1.22"
+
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+    - name: "install kubebuilder"
+      run: ./hack/install/install-kubebuilder.sh
+
+    - name: "install kustomize"
+      run: ./hack/install/install-kustomize.sh
+    - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+    - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+
+    - name: "generate release resources"
+      run: make release-artifacts USER=jaegertracing
+
+    - name: "create the release in GitHub"
       env:
-        GH_WRITE_TOKEN: ${{ secrets.GH_WRITE_TOKEN }}
-      run: ./.ci/release.sh
+        GITHUB_TOKEN: ${{ github.token }}
+      run: ./.ci/create-release-github.sh
+
     - name: "publishes the images"
       env:
         DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
-        DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+        DOCKER_PASSWORD: ${{ secrets.DOCKERHUB_TOKEN }}
         QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }}
         QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }}
       run: ./.ci/publish-images.sh

.github/workflows/sdk-scorecard.yaml

@@ -0,0 +1,30 @@
+name: "Operator-SDK Scorecard"
+
+on:
+  push:
+    branches: [ main ]
+    paths-ignore:
+      - '**.md'
+  pull_request:
+    branches: [ main ]
+    paths-ignore:
+      - '**.md'
+
+permissions:
+  contents: read
+
+jobs:
+  operator-sdk-scorecard:
+    name: "Operator-SDK Scorecard"
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Check out code"
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: "Install KIND"
+        run: ./hack/install/install-kind.sh
+      - name: "Install KUTTL"
+        run: ./hack/install/install-kuttl.sh
+      - name: "Run Operator-SDK scorecard test"
+        env:
+          DOCKER_BUILD_OPTIONS: "--cache-from	type=local,src=/tmp/.buildx-cache --cache-to type=local,dest=/tmp/.buildx-cache-new,mode=max --load"
+        run: make scorecard-tests-local

.gitignore

@@ -3,7 +3,10 @@ build/_output
 build/_test
 deploy/test
 vendor
-
+bin
+tests/_build
+_build
+logs
 # Created by https://www.gitignore.io/api/go,vim,emacs,visualstudiocode
 ### Emacs ###
 # -*- mode: gitignore; -*-
@@ -84,3 +87,12 @@ tags
 # End of https://www.gitignore.io/api/go,vim,emacs,visualstudiocode
 fmt.log
 import.log
+### Kubernetes ###
+kubeconfig
+bin
+### Timestamp files to avoid rebuilding Docker images if not needed ###
+build-assert-job
+docker-e2e-upgrade-image
+build-e2e-upgrade-image
+### Reports for E2E tests
+reports

.golangci.yml

@@ -0,0 +1,33 @@
+issues:
+  # Excluding configuration per-path, per-linter, per-text and per-source
+  exclude-rules:
+    # Exclude some linters from running on tests files.
+    - path: _test\.go
+      linters:
+        - gosec
+    - linters:
+        - staticcheck
+      text: "SA1019:"
+
+linters-settings:
+  goimports:
+    local-prefixes: github.com/jaegertracing/jaeger-operator
+  gosimple:
+    go: "1.22"
+
+linters:
+  enable:
+    - bidichk
+    - errorlint
+    - gofumpt
+    - goimports
+    - gosec
+    - govet
+    - misspell
+    - testifylint
+  disable:
+    - errcheck
+
+run:
+  go: '1.22'
+  timeout: 10m

CHANGELOG.md

@@ -1,5 +1,312 @@
 Changes by Version
 ==================
+## v1.65.0 (2025-01-22)
+
+* Pin agent version to 1.62.0 ([#2790](https://github.com/jaegertracing/jaeger-operator/pull/2790), [@rubenvp8510](https://github.com/rubenvp8510))
+* Added compatibility for Jaeger Operator v1.61.x and v1.62.x ([#2725](https://github.com/jaegertracing/jaeger-operator/pull/2725), [@mooneeb](https://github.com/mooneeb))
+
+## v1.62.0 (2024-10-10)
+
+* TRACING-4238 | Fix gatewat 502 timeout ([#2694](https://github.com/jaegertracing/jaeger-operator/pull/2694), [@pavolloffay](https://github.com/pavolloffay))
+* feat: added missing test for elasticsearch reconciler ([#2662](https://github.com/jaegertracing/jaeger-operator/pull/2662), [@Ankit152](https://github.com/Ankit152))
+
+## v1.61.0 (2024-09-16)
+
+* Bump google.golang.org/grpc from 1.66.0 to 1.66.1 ([#2675](https://github.com/jaegertracing/jaeger-operator/pull/2675), [@dependabot[bot]](https://github.com/apps/dependabot))
+* Bump google.golang.org/grpc from 1.65.0 to 1.66.0 ([#2670](https://github.com/jaegertracing/jaeger-operator/pull/2670), [@dependabot[bot]](https://github.com/apps/dependabot))
+* Bump the opentelemetry group with 9 updates ([#2668](https://github.com/jaegertracing/jaeger-operator/pull/2668), [@dependabot[bot]](https://github.com/apps/dependabot))
+
+## v1.60.0 (2024-08-13)
+* Fix Golang version in go.mod ([#2652](https://github.com/jaegertracing/jaeger-operator/pull/2652), [@iblancasa](https://github.com/iblancasa))
+
+## v1.60.0 (2024-08-09)
+* Test on k8s 1.30 ([#2647](https://github.com/jaegertracing/jaeger-operator/pull/2647), [@pavolloffay](https://github.com/pavolloffay))
+* Bump go to 1.22 and controller-gen to 1.14 ([#2646](https://github.com/jaegertracing/jaeger-operator/pull/2646), [@pavolloffay](https://github.com/pavolloffay))
+
+## v1.59.0 (2024-08-06)
+* Update compatibility matrix for v1.57.x ([#2594](https://github.com/jaegertracing/jaeger-operator/pull/2594), [@mooneeb](https://github.com/mooneeb))
+* imagePullSecrets is not set for agent DaemonSet ([#2563](https://github.com/jaegertracing/jaeger-operator/pull/2563), [@antoniomerlin](https://github.com/antoniomerlin))
+
+## v1.57.0 (2024-05-06)
+
+## v1.55.0 (2024-03-22)
+* Add server URL to JaegerMetricsStorageSpec ([#2481](https://github.com/jaegertracing/jaeger-operator/pull/2481), [@antoniomerlin](https://github.com/antoniomerlin))
+* Use the host set in the Ingess field for the OpenShift Route ([#2409](https://github.com/jaegertracing/jaeger-operator/pull/2409), [@iblancasa](https://github.com/iblancasa))
+* Add minimum Kubernetes and OpenShift versions ([#2492](https://github.com/jaegertracing/jaeger-operator/pull/2492), [@andreasgerstmayr](https://github.com/andreasgerstmayr))
+
+## v1.54.0 (2024-02-14)
+* apis/v1: add jaeger agent deprecation warning ([#2471](https://github.com/jaegertracing/jaeger-operator/pull/2471), [@frzifus](https://github.com/frzifus))
+
+## V1.53.0 (2024-01-17)
+* Choose the newer autoscaling version by default ([#2374](https://github.com/jaegertracing/jaeger-operator/pull/2374), [@iblancasa](https://github.com/iblancasa))
+* Upgrade operator-sdk to 1.32.0 ([#2388](https://github.com/jaegertracing/jaeger-operator/pull/2388), [@iblancasa](https://github.com/iblancasa))
+* Fix containerImage field and remove statement about failing CI ([#2386](https://github.com/jaegertracing/jaeger-operator/pull/2386), [@iblancasa](https://github.com/iblancasa))
+* Fix injection: prefer jaeger in the same namespace ([#2383](https://github.com/jaegertracing/jaeger-operator/pull/2383), [@pavolloffay](https://github.com/pavolloffay))
+
+## v1.52.0 (2023-12-07)
+* Add missing container security context settings and tests ([#2354](https://github.com/jaegertracing/jaeger-operator/pull/2354), [@tingeltangelthomas](https://github.com/tingeltangelthomas))
+
+## v1.51.0 (2023-11-17)
+* Support configuring images via RELATED_IMAGE_ environment variables ([#2355](https://github.com/jaegertracing/jaeger-operator/pull/2355), [@andreasgerstmayr](https://github.com/andreasgerstmayr))
+* Regenerate ES certificated when is close to 1 day for expire ([#2356](https://github.com/jaegertracing/jaeger-operator/pull/2356), [@rubenvp8510](https://github.com/rubenvp8510))
+* Bump actions/checkout from 3 to 4 ([#2316](https://github.com/jaegertracing/jaeger-operator/pull/2316), [@dependabot[bot]](https://github.com/apps/dependabot))
+* bump grpc to 1.58.3 ([#2346](https://github.com/jaegertracing/jaeger-operator/pull/2346), [@rubenvp8510](https://github.com/rubenvp8510))
+* Bump golang version to 1.21 ([#2347](https://github.com/jaegertracing/jaeger-operator/pull/2347), [@rubenvp8510](https://github.com/rubenvp8510))
+* Ensure oauth-proxy ImageStream is detected eventually ([#2340](https://github.com/jaegertracing/jaeger-operator/pull/2340), [@bverschueren](https://github.com/bverschueren))
+* Check if envFrom has ConfigMapRef set ([#2342](https://github.com/jaegertracing/jaeger-operator/pull/2342), [@edwardecook](https://github.com/edwardecook))
+* Bump golang.org/x/net from 0.13.0 to 0.17.0 ([#2343](https://github.com/jaegertracing/jaeger-operator/pull/2343), [@dependabot[bot]](https://github.com/apps/dependabot))
+* Fix issue related to new encoding in oauth-proxy image ([#2345](https://github.com/jaegertracing/jaeger-operator/pull/2345), [@iblancasa](https://github.com/iblancasa))
+* Always generate new oauth-proxy password ([#2333](https://github.com/jaegertracing/jaeger-operator/pull/2333), [@pavolloffay](https://github.com/pavolloffay))
+* Add v1.48.x and v1.49.x to the support map ([#2332](https://github.com/jaegertracing/jaeger-operator/pull/2332), [@ishaqkhattana](https://github.com/ishaqkhattana))
+* Pass proxy env vars to operands ([#2330](https://github.com/jaegertracing/jaeger-operator/pull/2330), [@pavolloffay](https://github.com/pavolloffay))
+* Protect auth delegator behind a mutex ([#2318](https://github.com/jaegertracing/jaeger-operator/pull/2318), [@iblancasa](https://github.com/iblancasa))
+
+## v1.49.1 (2023-09-07)
+* fix: protect the kafka-profision setting behind a mutex ([#2308](https://github.com/jaegertracing/jaeger-operator/pull/2308), [@iblancasa](https://github.com/iblancasa))
+
+## v1.48.1 (2023-09-04)
+* Use base image that does not require subscription (centos 9 stream) ([#2313](https://github.com/jaegertracing/jaeger-operator/pull/2313), [@pavolloffay](https://github.com/pavolloffay))
+* Update go dependencies to Kubernetes 0.28.1 ([#2301](https://github.com/jaegertracing/jaeger-operator/pull/2301), [@pavolloffay](https://github.com/pavolloffay))
+* Protect the ESProvisioning setting behind a mutex ([#2287](https://github.com/jaegertracing/jaeger-operator/pull/2287), [@iblancasa](https://github.com/iblancasa))
+
+## v1.48.0 (2023-08-28)
+
+* Remove the TokenReview after checking we can create it ([#2286](https://github.com/jaegertracing/jaeger-operator/pull/2286), [@iblancasa](https://github.com/iblancasa))
+* Fix apiVersion and kind are missing in jaeger-operator generate output ([#2281](https://github.com/jaegertracing/jaeger-operator/pull/2281), [@hiteshwani29](https://github.com/hiteshwani29))
+* Fix custom labels for the deployable components in production strategy  ([#2277](https://github.com/jaegertracing/jaeger-operator/pull/2277), [@hiteshwani29](https://github.com/hiteshwani29))
+* Ensure the OAuth Proxy image detection is run after the platform detection ([#2280](https://github.com/jaegertracing/jaeger-operator/pull/2280), [@iblancasa](https://github.com/iblancasa))
+* Added changes to respect env variable set from envFrom configMaps ([#2272](https://github.com/jaegertracing/jaeger-operator/pull/2272), [@hiteshwani29](https://github.com/hiteshwani29))
+* Refactor the autodetect module to reduce the number of writes/reads in viper configuration ([#2274](https://github.com/jaegertracing/jaeger-operator/pull/2274), [@iblancasa](https://github.com/iblancasa))
+
+## v1.47.0 (2023-07-12)
+* Expose admin ports for agent, collector, and query Deployments via the equivalent Service ([#2262](https://github.com/jaegertracing/jaeger-operator/pull/2262), [@thomaspaulin](https://github.com/thomaspaulin))
+* update otel sdk to v1.16.0/v0.39.0 ([#2261](https://github.com/jaegertracing/jaeger-operator/pull/2261), [@frzifus](https://github.com/frzifus))
+* Extended compatibility matrix ([#2255](https://github.com/jaegertracing/jaeger-operator/pull/2255), [@shazib-summar](https://github.com/shazib-summar))
+* Add support for Kubernetes 1.27 ([#2235](https://github.com/jaegertracing/jaeger-operator/pull/2235), [@iblancasa](https://github.com/iblancasa))
+* Jaeger Collector Config: `Lifecycle` and `TerminationGracePeriodSeconds` ([#2242](https://github.com/jaegertracing/jaeger-operator/pull/2242), [@taj-p](https://github.com/taj-p))
+
+## v1.46.0 (2023-06-16)
+* Missing exposed port 16685 in query deployments ([#2239](https://github.com/jaegertracing/jaeger-operator/pull/2239), [@iblancasa](https://github.com/iblancasa))
+* Use Golang 1.20 ([#2205](https://github.com/jaegertracing/jaeger-operator/pull/2205), [@iblancasa](https://github.com/iblancasa))
+* [BugFix] Properly set imagePullPolicy and containerSecurityContext for EsIndexCleaner cronjob container ([#2224](https://github.com/jaegertracing/jaeger-operator/pull/2224), [@michalschott](https://github.com/michalschott))
+* Remove resource limitation for the operator pod ([#2221](https://github.com/jaegertracing/jaeger-operator/pull/2221), [@iblancasa](https://github.com/iblancasa))
+* Add PriorityClass for AllInOne strategy ([#2218](https://github.com/jaegertracing/jaeger-operator/pull/2218), [@sonofgibs](https://github.com/sonofgibs))
+
+
+## v1.45.0 (2023-05-16)
+
+## v1.44.0 (2023-04-13)
+* Feat: add `NodeSelector` to jaeger collector, query, and ingestor ([#2200](https://github.com/jaegertracing/jaeger-operator/pull/2200), [@AhmedGrati](https://github.com/AhmedGrati))
+
+## v1.43.0 (2023-02-07)
+* update operator-sdk to 1.27.0 ([#2178](https://github.com/jaegertracing/jaeger-operator/pull/2178), [@iblancasa](https://github.com/iblancasa))
+* Support JaegerCommonSpec in JaegerCassandraCreateSchemaSpec ([#2176](https://github.com/jaegertracing/jaeger-operator/pull/2176), [@haanhvu](https://github.com/haanhvu))
+
+## v1.42.0 (2023-02-07)
+* Upgrade Kafka Operator default version to 0.32.0 ([#2150](https://github.com/jaegertracing/jaeger-operator/pull/2150), [@iblancasa](https://github.com/iblancasa))
+* Upgrade Kind, Kind images and add Kubernetes 1.26 ([#2161](https://github.com/jaegertracing/jaeger-operator/pull/2161), [@iblancasa](https://github.com/iblancasa))
+
+1.41.1 (2023-01-23)
+-------------------
+* Fix the Jaeger version for the Jaeger Operator 1.41.x  ([#2157](https://github.com/jaegertracing/jaeger-operator/pull/2157), [@iblancasa](https://github.com/iblancasa))
+
+1.40.0 (2022-12-23)
+-------------------
+* Support e2e tests on multi architecture environment ([#2139](https://github.com/jaegertracing/jaeger-operator/pull/2139), [@jkandasa](https://github.com/jkandasa))
+* limit the get of deployments to WATCH_NAMESPACE on sync ([#2126](https://github.com/jaegertracing/jaeger-operator/pull/2126), [@rubenvp8510](https://github.com/rubenvp8510))
+* choose first server address ([#2087](https://github.com/jaegertracing/jaeger-operator/pull/2087), [@Efrat19](https://github.com/Efrat19))
+* Fix query ingress when using streaming strategy ([#2120](https://github.com/jaegertracing/jaeger-operator/pull/2120), [@kevinearls](https://github.com/kevinearls))
+* Fix Liveness Probe for Ingester and Query ([#2122](https://github.com/jaegertracing/jaeger-operator/pull/2122), [@ricoberger](https://github.com/ricoberger))
+* Fix for min tls version to v1.2 ([#2119](https://github.com/jaegertracing/jaeger-operator/pull/2119), [@kangsheng89](https://github.com/kangsheng89))
+
+1.39.0 (2022-11-03)
+-------------------
+* Fix: svc port doesnt match istio convention ([#2101](https://github.com/jaegertracing/jaeger-operator/pull/2101), [@frzifus](https://github.com/frzifus))
+
+1.38.1 (2022-10-11)
+-------------------
+* Add ability to specify es proxy resources ([#2079](https://github.com/jaegertracing/jaeger-operator/pull/2079), [@rubenvp8510](https://github.com/rubenvp8510))
+* Fix: CVE-2022-27664 ([#2081](https://github.com/jaegertracing/jaeger-operator/pull/2081), [@albertlockett](https://github.com/albertlockett))
+* Add liveness and readiness probes to injected sidecar ([#2077](https://github.com/jaegertracing/jaeger-operator/pull/2077), [@MacroPower](https://github.com/MacroPower))
+* Add http- port prefix to follow istio naming conventions ([#2075](https://github.com/jaegertracing/jaeger-operator/pull/2075), [@cnvergence](https://github.com/cnvergence))
+
+1.38.0 (2022-09-19)
+-------------------
+* added pathType to ingress ([#2066](https://github.com/jaegertracing/jaeger-operator/pull/2066), [@giautm](https://github.com/giautm))
+* set alias enable variable for spark cronjob ([#2061](https://github.com/jaegertracing/jaeger-operator/pull/2061), [@miyunari](https://github.com/miyunari))
+* migrate autoscaling v2beta2 to v2 for Kubernetes 1.26 ([#2055](https://github.com/jaegertracing/jaeger-operator/pull/2055), [@iblancasa](https://github.com/iblancasa))
+* add container security context support ([#2033](https://github.com/jaegertracing/jaeger-operator/pull/2033), [@mjnagel](https://github.com/mjnagel))
+* change verbosity level and message of the log for autoprovisioned kafka ([#2026](https://github.com/jaegertracing/jaeger-operator/pull/2026), [@iblancasa](https://github.com/iblancasa))
+
+1.37.0 (2022-08-11)
+-------------------
+
+* Upgrade operator-sdk to 1.22.2 ([#2021](https://github.com/jaegertracing/jaeger-operator/pull/2021), [@iblancasa](https://github.com/iblancasa))
+* es-dependencies: support image pull secret ([#2012](https://github.com/jaegertracing/jaeger-operator/pull/2012), [@frzifus](https://github.com/frzifus))
+
+1.36.0 (2022-07-18)
+-------------------
+
+* added flag to change webhook port ([#1991](https://github.com/jaegertracing/jaeger-operator/pull/1991), [@klubi](https://github.com/klubi))
+* Upgrade operator-sdk to 1.22.0 ([#1951](https://github.com/jaegertracing/jaeger-operator/pull/1951), [@iblancasa](https://github.com/iblancasa))
+* Add elasticsearch storage date format config. ([#1325](https://github.com/jaegertracing/jaeger-operator/pull/1325), [@sniperking1234](https://github.com/sniperking1234))
+* Add support for custom liveness probe ([#1605](https://github.com/jaegertracing/jaeger-operator/pull/1605), [@ricoberger](https://github.com/ricoberger))
+* Add service annotations ([#1526](https://github.com/jaegertracing/jaeger-operator/pull/1526), [@herbguo](https://github.com/herbguo))
+
+1.35.0 (2022-06-16)
+-------------------
+
+* fix: point to a newer openshift oauth image 4.12 ([#1955](https://github.com/jaegertracing/jaeger-operator/pull/1955), [@frzifus](https://github.com/frzifus))
+* Expose OTLP collector and allInOne ports ([#1948](https://github.com/jaegertracing/jaeger-operator/pull/1948), [@rubenvp8510](https://github.com/rubenvp8510))
+* Add support for ImagePullSecrets in cronjobs ([#1935](https://github.com/jaegertracing/jaeger-operator/pull/1935), [@alexandrevilain](https://github.com/alexandrevilain))
+* fix: ocp es rollover #1932 ([#1937](https://github.com/jaegertracing/jaeger-operator/pull/1937), [@frzifus](https://github.com/frzifus))
+* add kafkaSecretName for collector and ingester ([#1910](https://github.com/jaegertracing/jaeger-operator/pull/1910), [@luohua13](https://github.com/luohua13))
+* Add autoscalability E2E test for OpenShift ([#1936](https://github.com/jaegertracing/jaeger-operator/pull/1936), [@iblancasa](https://github.com/iblancasa))
+* Fix version in Docker container. ([#1924](https://github.com/jaegertracing/jaeger-operator/pull/1924), [@iblancasa](https://github.com/iblancasa))
+* Verify namespace permissions before adding ns controller ([#1914](https://github.com/jaegertracing/jaeger-operator/pull/1914), [@rubenvp8510](https://github.com/rubenvp8510))
+* fix: skip dependencies on openshift platform ([#1921](https://github.com/jaegertracing/jaeger-operator/pull/1921), [@frzifus](https://github.com/frzifus))
+* fix: remove common name label ([#1920](https://github.com/jaegertracing/jaeger-operator/pull/1920), [@frzifus](https://github.com/frzifus))
+* Ignore not found error on 1.31.0 upgrade routine ([#1913](https://github.com/jaegertracing/jaeger-operator/pull/1913), [@rubenvp8510](https://github.com/rubenvp8510))
+
+1.34.1 (2022-05-24)
+-------------------
+Fix: storage.es.tls.enabled flag not passed to es-index-cleaner ([#1896](https://github.com/jaegertracing/jaeger-operator/pull/1896), [@indigostar-kr](https://github.com/indigostar-kr))
+
+1.34.0 (2022-05-18)
+-------------------
+* Fix: jaeger operator fails to parse Jaeger instance version ([#1885](https://github.com/jaegertracing/jaeger-operator/pull/1885), [@rubenvp8510](https://github.com/rubenvp8510))
+* Support Kubernetes 1.24 ([#1882](https://github.com/jaegertracing/jaeger-operator/pull/1882), [@iblancasa](https://github.com/iblancasa))
+* Cronjob migration ([#1856](https://github.com/jaegertracing/jaeger-operator/pull/1856), [@kevinearls](https://github.com/kevinearls))
+* Fix: setting default Istio annotation in Pod instead of Deployment ([#1860](https://github.com/jaegertracing/jaeger-operator/pull/1860), [@cnvergence](https://github.com/cnvergence))
+* Add http- prefix to port names in collector and agent services ([#1862](https://github.com/jaegertracing/jaeger-operator/pull/1862), [@cnvergence](https://github.com/cnvergence))
+
+1.33.0 (2022-04-14)
+-------------------
+* Adding priority-class for esIndexCleaner ([#1732](https://github.com/jaegertracing/jaeger-operator/pull/1732), [@swapnilpotnis](https://github.com/swapnilpotnis))
+* Fix: webhook deadlock  ([#1850](https://github.com/jaegertracing/jaeger-operator/pull/1850), [@frzifus](https://github.com/frzifus))
+* Fix: take namespace modifications into account ([#1839](https://github.com/jaegertracing/jaeger-operator/pull/1839), [@frzifus](https://github.com/frzifus))
+* Replace deployment reconciler with webhook ([#1828](https://github.com/jaegertracing/jaeger-operator/pull/1828), [@frzifus](https://github.com/frzifus))
+* Add managed by metric ([#1831](https://github.com/jaegertracing/jaeger-operator/pull/1831), [@rubenvp8510](https://github.com/rubenvp8510))
+* Fix admissionReviews version for operator-sdk upgrade ([#1827](https://github.com/jaegertracing/jaeger-operator/pull/1827), [@kevinearls](https://github.com/kevinearls))
+* Make RHOL Elasticsearch cert-management feature optional ([#1824](https://github.com/jaegertracing/jaeger-operator/pull/1824), [@pavolloffay](https://github.com/pavolloffay))
+* Update the operator-sdk to v1.17.0 ([#1825](https://github.com/jaegertracing/jaeger-operator/pull/1825), [@kevinearls](https://github.com/kevinearls))
+* Fix metrics selectors ([#1742](https://github.com/jaegertracing/jaeger-operator/pull/1742), [@rubenvp8510](https://github.com/rubenvp8510))
+
+1.32.0 (2022-03-09)
+-------------------
+
+* Custom Image Pull Policy ([#1798](https://github.com/jaegertracing/jaeger-operator/pull/1798), [@edenkoveshi](https://github.com/edenkoveshi))
+* add METRICS_STORAGE_TYPE for metrics query ([#1755](https://github.com/jaegertracing/jaeger-operator/pull/1755), [@JaredTan95](https://github.com/JaredTan95))
+* Make operator more resiliant to etcd defrag activity ([#1795](https://github.com/jaegertracing/jaeger-operator/pull/1795), [@pavolloffay](https://github.com/pavolloffay))
+* Automatically set num shards and replicas from referenced OCP ES ([#1737](https://github.com/jaegertracing/jaeger-operator/pull/1737), [@pavolloffay](https://github.com/pavolloffay))
+* support image pull secrets ([#1740](https://github.com/jaegertracing/jaeger-operator/pull/1740), [@frzifus](https://github.com/frzifus))
+* Fix webhook secret cert name ([#1772](https://github.com/jaegertracing/jaeger-operator/pull/1772), [@rubenvp8510](https://github.com/rubenvp8510))
+
+1.31.0 (2022-02-09)
+-------------------
+* Fix panic caused by an invalid type assertion ([#1738](https://github.com/jaegertracing/jaeger-operator/pull/1738), [@frzifus](https://github.com/frzifus))
+* Add ES autoprovisioning CR metric ([#1728](https://github.com/jaegertracing/jaeger-operator/pull/1728), [@rubenvp8510](https://github.com/rubenvp8510))
+* Use Elasticsearch provisioning from OpenShift Elasticsearch operator ([#1708](https://github.com/jaegertracing/jaeger-operator/pull/1708), [@pavolloffay](https://github.com/pavolloffay))
+
+1.30.0 (2022-01-18)
+-------------------
+* Only expose the query-http[s] port in the OpenShift route ([#1719](https://github.com/jaegertracing/jaeger-operator/pull/1719), [@rkukura](https://github.com/rkukura))
+* Add CR Metrics for Jaeger Kind. ([#1706](https://github.com/jaegertracing/jaeger-operator/pull/1706), [@rubenvp8510](https://github.com/rubenvp8510))
+* Avoid calling k8s api for each resource kind on the cluster ([#1712](https://github.com/jaegertracing/jaeger-operator/pull/1712), [@rubenvp8510](https://github.com/rubenvp8510))
+* First call of autodetect should be synchronous ([#1713](https://github.com/jaegertracing/jaeger-operator/pull/1713), [@rubenvp8510](https://github.com/rubenvp8510))
+* Add permissions for imagestreams ([#1714](https://github.com/jaegertracing/jaeger-operator/pull/1714), [@rubenvp8510](https://github.com/rubenvp8510))
+* Restore default metrics port to avoid breaking helm ([#1703](https://github.com/jaegertracing/jaeger-operator/pull/1703), [@rubenvp8510](https://github.com/rubenvp8510))
+* Add leases permissions to manifest. ([#1704](https://github.com/jaegertracing/jaeger-operator/pull/1704), [@rubenvp8510](https://github.com/rubenvp8510))
+* Change spark-dependencies image to GHCR ([#1701](https://github.com/jaegertracing/jaeger-operator/pull/1701), [@pavolloffay](https://github.com/pavolloffay))
+* Register ES types ([#1688](https://github.com/jaegertracing/jaeger-operator/pull/1688), [@rubenvp8510](https://github.com/rubenvp8510))
+* Add support for IBM Power (ppc64le) arch ([#1672](https://github.com/jaegertracing/jaeger-operator/pull/1672), [@Abhijit-Mane](https://github.com/Abhijit-Mane))
+* util.Truncate add the values to the truncated after the excess is 0 ([#1678](https://github.com/jaegertracing/jaeger-operator/pull/1678), [@mmatache](https://github.com/mmatache))
+
+1.29.1 (2021-12-15)
+-------------------
+* Register oschema for openshift resources  ([#1673](https://github.com/jaegertracing/jaeger-operator/pull/1673), [@rubenvp8510](https://github.com/rubenvp8510))
+
+1.29.0 (2021-12-10)
+-------------------
+* Fix default namespace ([#1651](https://github.com/jaegertracing/jaeger-operator/pull/1651), [@rubenvp8510](https://github.com/rubenvp8510))
+* Fix finding the correct instance when there are multiple jaeger instances during injecting the sidecar ([#1639](https://github.com/jaegertracing/jaeger-operator/pull/1639), [@alibo](https://github.com/alibo))
+* Migrate to operator-sdk 1.13 ([#1623](https://github.com/jaegertracing/jaeger-operator/pull/1623), [@rubenvp8510](https://github.com/rubenvp8510))
+
+1.28.0 (2021-11-08)
+-------------------
+* Use CRDs to detect features in the cluster ([#1608](https://github.com/jaegertracing/jaeger-operator/pull/1608), [@pavolloffay](https://github.com/pavolloffay))
+* Make ServiceMonitor creation optional ([#1323](https://github.com/jaegertracing/jaeger-operator/pull/1323), [@igorwwwwwwwwwwwwwwwwwwww](https://github.com/igorwwwwwwwwwwwwwwwwwwww))
+* Change default OpenShift query ingress SAR to pods in the jaeger namespace ([#1583](https://github.com/jaegertracing/jaeger-operator/pull/1583), [@pavolloffay](https://github.com/pavolloffay))
+* Fix gRPC flags for OpenShift when 'reporter.grpc.host-port' is defined ([#1584](https://github.com/jaegertracing/jaeger-operator/pull/1584), [@Git-Jiro](https://github.com/Git-Jiro))
+
+1.27.0 (2021-10-07)
+-------------------
+* Allow sidecar injection for query pod from other Jaeger instances ([#1569](https://github.com/jaegertracing/jaeger-operator/pull/1569), [@pavolloffay](https://github.com/pavolloffay))
+* Avoid touching jaeger deps on deployment/ns controller ([#1529](https://github.com/jaegertracing/jaeger-operator/pull/1529), [@rubenvp8510](https://github.com/rubenvp8510))
+
+1.26.0 (2021-09-30)
+-------------------
+* Add ingressClassName field to query ingress ([#1557](https://github.com/jaegertracing/jaeger-operator/pull/1557), [@rubenvp8510](https://github.com/rubenvp8510))
+* Add disconnected annotation to csv ([#1536](https://github.com/jaegertracing/jaeger-operator/pull/1536), [@rubenvp8510](https://github.com/rubenvp8510))
+
+1.25.0 (2021-08-08)
+-------------------
+* Add support repetitive arguments to operand ([#1434](https://github.com/jaegertracing/jaeger-operator/pull/1434), [@rubenvp8510](https://github.com/rubenvp8510))
+* Allow TLS flags to be disabled ([#1440](https://github.com/jaegertracing/jaeger-operator/pull/1440), [@rubenvp8510](https://github.com/rubenvp8510))
+* Add gRPC port for jaeger-query into its service resource ([#1521](https://github.com/jaegertracing/jaeger-operator/pull/1521), [@rubenvp8510](https://github.com/rubenvp8510))
+* Sidecar removed when annotation is false ([#1508](https://github.com/jaegertracing/jaeger-operator/pull/1508), [@mfz85](https://github.com/mfz85))
+* Add support for GRPC storage plugin ([#1517](https://github.com/jaegertracing/jaeger-operator/pull/1517), [@pavolloffay](https://github.com/pavolloffay))
+* Fix overwritten default labels in label selectors of `Service` ([#1490](https://github.com/jaegertracing/jaeger-operator/pull/1490), [@rudeigerc](https://github.com/rudeigerc))
+* Add resources requests and limits to the operator ([#1515](https://github.com/jaegertracing/jaeger-operator/pull/1515), [@brunopadz](https://github.com/brunopadz))
+* Instrument instances types ([#1484](https://github.com/jaegertracing/jaeger-operator/pull/1484), [@rubenvp8510](https://github.com/rubenvp8510))
+
+1.24.0 (2021-07-08)
+-------------------
+* Include OIDC plugin in binary ([#1501](https://github.com/jaegertracing/jaeger-operator/pull/1501), [@esnible](https://github.com/esnible))
+* Update jaeger operator to support strimzi operator 0.23.0 ([#1495](https://github.com/jaegertracing/jaeger-operator/pull/1495), [@rubenvp8510](https://github.com/rubenvp8510))
+* Feature/add deployment strategy to crd ([#1499](https://github.com/jaegertracing/jaeger-operator/pull/1499), [@ethernoy](https://github.com/ethernoy))
+* Add cassandraCreateSchema affinity ([#1475](https://github.com/jaegertracing/jaeger-operator/pull/1475), [@chasekiefer](https://github.com/chasekiefer))
+* Allow to pass ES_TIME_RANGE var to Spark dependencies job ([#1481](https://github.com/jaegertracing/jaeger-operator/pull/1481), [@Gr1N](https://github.com/Gr1N))
+* Pass secretName to cassandra dependencies job (#1162) ([#1447](https://github.com/jaegertracing/jaeger-operator/pull/1447), [@Gerrit-K](https://github.com/Gerrit-K))
+
+1.23.0 (2021-06-11)
+-------------------
+* Implement backoff limit for jobs ([#1468](https://github.com/jaegertracing/jaeger-operator/pull/1468), [@chasekiefer](https://github.com/chasekiefer))
+* Remove OwnerReferences from CA configmaps ([#1467](https://github.com/jaegertracing/jaeger-operator/pull/1467), [@rubenvp8510](https://github.com/rubenvp8510))
+* Add compatibility matrix ([#1465](https://github.com/jaegertracing/jaeger-operator/pull/1465), [@jpkrohling](https://github.com/jpkrohling))
+* Promote crd to apiextensions.k8s.io/v1 ([#1456](https://github.com/jaegertracing/jaeger-operator/pull/1456), [@rubenvp8510](https://github.com/rubenvp8510))
+* Add preserve unknown fields annotation to FreeForm and Options fields ([#1435](https://github.com/jaegertracing/jaeger-operator/pull/1435), [@rubenvp8510](https://github.com/rubenvp8510))
+* Migrate remaining flags and some env vars to 1.22 ([#1449](https://github.com/jaegertracing/jaeger-operator/pull/1449), [@rubenvp8510](https://github.com/rubenvp8510))
+* Fix override storage and ingress values when upgrade to 1.22 ([#1439](https://github.com/jaegertracing/jaeger-operator/pull/1439), [@rubenvp8510](https://github.com/rubenvp8510))
+* Add agent dnsPolicy option ([#1370](https://github.com/jaegertracing/jaeger-operator/pull/1370), [@faceair](https://github.com/faceair))
+
+1.22.1 (2021-04-19)
+-------------------
+* Allow configure custom certificates to collector ([#1418](https://github.com/jaegertracing/jaeger-operator/pull/1418), [@rubenvp8510](https://github.com/rubenvp8510))
+* Add support for NodePort in Jaeger Query Service ([#1394](https://github.com/jaegertracing/jaeger-operator/pull/1394), [@CSP197](https://github.com/CSP197))
+
+1.22.0 (2021-03-16)
+-------------------
+* Add ability to indicate PriorityClass for collector and query ([#1413](https://github.com/jaegertracing/jaeger-operator/pull/1413), [@majidazimi](https://github.com/majidazimi))
+* simplest example file should be as simplest ([#1404](https://github.com/jaegertracing/jaeger-operator/pull/1404), [@jkandasa](https://github.com/jkandasa))
+* Add ability to indicate PriorityClass for agent ([#1392](https://github.com/jaegertracing/jaeger-operator/pull/1392), [@elkh510](https://github.com/elkh510))
+* Migrate jaeger.tags in existing CRs ([#1380](https://github.com/jaegertracing/jaeger-operator/pull/1380), [@jpkrohling](https://github.com/jpkrohling))
+
+1.21.3 (2021-02-09)
+-------------------
+
+* Remove support for the experimental OpenTelemetry-based Jaeger ([#1379](https://github.com/jaegertracing/jaeger-operator/pull/1379), [@jpkrohling](https://github.com/jpkrohling))
+* Fix way we force es secret reconcile ([#1374](https://github.com/jaegertracing/jaeger-operator/pull/1374), [@kevinearls](https://github.com/kevinearls))
+* added the codeql.yml ([#1313](https://github.com/jaegertracing/jaeger-operator/pull/1313), [@KrishnaSindhur](https://github.com/KrishnaSindhur))
+* Fix service port naming convention ([#1368](https://github.com/jaegertracing/jaeger-operator/pull/1368), [@lujiajing1126](https://github.com/lujiajing1126))
+* Add volumes and volume-mounts for spark dependencies ([#1359](https://github.com/jaegertracing/jaeger-operator/pull/1359), [@kevinearls](https://github.com/kevinearls))
+* Create missing CA config maps on deployment controller ([#1347](https://github.com/jaegertracing/jaeger-operator/pull/1347), [@jpkrohling](https://github.com/jpkrohling))
+* set non root group ([#1339](https://github.com/jaegertracing/jaeger-operator/pull/1339), [@UsaninMax](https://github.com/UsaninMax))
+* Kafka 2.4 not supported by RH AMQ operator 1.6 ([#1335](https://github.com/jaegertracing/jaeger-operator/pull/1335), [@jkandasa](https://github.com/jkandasa))
+* Trigger deployments reconciliation when jaeger instance is created ([#1334](https://github.com/jaegertracing/jaeger-operator/pull/1334), [@rubenvp8510](https://github.com/rubenvp8510))
+* Copy common spec to avoid touching persisted CR spec ([#1333](https://github.com/jaegertracing/jaeger-operator/pull/1333), [@rubenvp8510](https://github.com/rubenvp8510))
+* Try to resolve container.name from the injected agent args ([#1319](https://github.com/jaegertracing/jaeger-operator/pull/1319), [@lujiajing1126](https://github.com/lujiajing1126))
+* Fix typo in CONTRIBUTING.md ([#1321](https://github.com/jaegertracing/jaeger-operator/pull/1321), [@sniperking1234](https://github.com/sniperking1234))
 
 1.21.2 (2020-11-20)
 -------------------

COMPATIBILITY.md

@@ -0,0 +1,34 @@
+The following table shows the compatibility of Jaeger Operator with three different components: Kubernetes, Strimzi Operator, and Cert-Manager.
+
+| Jaeger Operator | Kubernetes     | Strimzi Operator   | Cert-Manager |
+|-----------------|----------------|--------------------|--------------|
+| v1.62.x         | v1.19 to v1.30 | v0.32              | v1.6.1       |
+| v1.61.x         | v1.19 to v1.30 | v0.32              | v1.6.1       |
+| v1.60.x         | v1.19 to v1.30 | v0.32              | v1.6.1       |
+| v1.59.x         | v1.19 to v1.28 | v0.32              | v1.6.1       |
+| v1.58.x         | skipped        | skipped            | skipped      |
+| v1.57.x         | v1.19 to v1.28 | v0.32              | v1.6.1       |
+| v1.56.x         | v1.19 to v1.28 | v0.32              | v1.6.1       |
+| v1.55.x         | v1.19 to v1.28 | v0.32              | v1.6.1       |
+| v1.54.x         | v1.19 to v1.28 | v0.32              | v1.6.1       |
+| v1.53.x         | v1.19 to v1.28 | v0.32              | v1.6.1       |
+| v1.52.x         | v1.19 to v1.28 | v0.32              | v1.6.1       |
+| v1.51.x         | v1.19 to v1.28 | v0.32              | v1.6.1       |
+| v1.50.x         | v1.19 to v1.28 | v0.32              | v1.6.1       |
+| v1.49.x         | v1.19 to v1.28 | v0.32              | v1.6.1       |
+| v1.48.x         | v1.19 to v1.27 | v0.32              | v1.6.1       |
+| v1.47.x         | v1.19 to v1.27 | v0.32              | v1.6.1       |
+| v1.46.x         | v1.19 to v1.26 | v0.32              | v1.6.1       |
+| v1.45.x         | v1.19 to v1.26 | v0.32              | v1.6.1       |
+| v1.44.x         | v1.19 to v1.26 | v0.32              | v1.6.1       |
+| v1.43.x         | v1.19 to v1.26 | v0.32              | v1.6.1       |
+| v1.42.x         | v1.19 to v1.26 | v0.32              | v1.6.1       |
+| v1.41.x         | v1.19 to v1.25 | v0.30              | v1.6.1       |
+| v1.40.x         | v1.19 to v1.25 | v0.30              | v1.6.1       |
+| v1.39.x         | v1.19 to v1.25 | v0.30              | v1.6.1       |
+| v1.38.x         | v1.19 to v1.25 | v0.30              | v1.6.1       |
+| v1.37.x         | v1.19 to v1.24 | v0.23              | v1.6.1       |
+| v1.36.x         | v1.19 to v1.24 | v0.23              | v1.6.1       |
+| v1.35.x         | v1.19 to v1.24 | v0.23              | v1.6.1       |
+| v1.34.x         | v1.19 to v1.24 | v0.23              | v1.6.1       |
+| v1.33.x         | v1.19 to v1.23 | v0.23              | v1.6.1       |

CONTRIBUTING.md

@@ -6,96 +6,79 @@ This project is [Apache 2.0 licensed](LICENSE) and accepts contributions via Git
 
 We gratefully welcome improvements to documentation as well as to code.
 
-## Getting Started
-
 This project is a regular [Kubernetes Operator](https://coreos.com/operators/)  built using the Operator SDK. Refer to the Operator SDK documentation to understand the basic architecture of this operator.
 
-### Installing the Operator SDK command line tool
+## Installing the Operator SDK command line tool
 
-Follow the installation guidelines from [Operator SDK GitHub page](https://github.com/operator-framework/operator-sdk) or run `make install-sdk`.
+Follow the installation guidelines from [Operator SDK GitHub page](https://github.com/operator-framework/operator-sdk)
 
-### Developing
+## Developing
 
 As usual for operators following the Operator SDK in recent versions, the dependencies are managed using [`go modules`](https://golang.org/doc/go1.11#modules). Refer to that project's documentation for instructions on how to add or update dependencies.
 
-The first step is to get a local Kubernetes instance up and running. The recommended approach is using `minikube`. Refer to the Kubernetes'  [documentation](https://kubernetes.io/docs/tasks/tools/install-minikube/) for instructions on how to install it.
+The first step is to get a local Kubernetes instance up and running. The recommended approach for development is using `minikube` with *ingress* enabled. Refer to the Kubernetes'  [documentation](https://kubernetes.io/docs/tasks/tools/install-minikube/) for instructions on how to install it.
 
 Once `minikube` is installed, it can be started with:
-
-```
-minikube start
+```sh
+minikube start --addons=ingress
 ```
 
 NOTE: Make sure to read the documentation to learn the performance switches that can be applied to your platform.
 
-Once minikube has finished starting, get the Operator running:
+Log into docker (or another image registry):
+```sh
+docker login --username <dockerusername>
+```
 
+Once minikube has finished starting, get the Operator running:
+```sh
+make cert-manager
+IMG=docker.io/$USER/jaeger-operator:latest make generate bundle docker push deploy
 ```
-make run
-```
+
+NOTE: If your registry username is not the same as $USER, modify the previous command before executing it.  Also change *docker.io* if you are using a different image registry.
 
 At this point, a Jaeger instance can be installed:
-
-```
-kubectl apply -f deploy/examples/simplest.yaml
+```sh
+kubectl apply -f examples/simplest.yaml
 kubectl get jaegers
 kubectl get pods
 ```
 
-To remove the instance:
-
-```
-kubectl delete -f deploy/examples/simplest.yaml
+To verify the Jaeger instance is running, execute *minikube ip* and open that address in a browser, or follow the steps below
+```sh
+export MINIKUBE_IP=`minikube ip`
+curl http://{$MINIKUBE_IP}/api/services
 ```
+NOTE: you may have to execute the *curl* command twice to get a non-empty result
 
 Tests should be simple unit tests and/or end-to-end tests. For small changes, unit tests should be sufficient, but every new feature should be accompanied with end-to-end tests as well. Tests can be executed with:
-
-```
+```sh
 make test
 ```
 
-NOTE: you can adjust the Docker image namespace by overriding the variable `NAMESPACE`, like: `make test NAMESPACE=quay.io/my-username`. The full Docker image name can be customized by overriding `BUILD_IMAGE` instead, like: `make test BUILD_IMAGE=quay.io/my-username/jaeger-operator:0.0.1`
+#### Cleaning up
+To remove the instance:
+```sh
+kubectl delete -f examples/simplest.yaml
+```
+
+
 
 #### Model changes
 
 The Operator SDK generates the `pkg/apis/jaegertracing/v1/zz_generated.*.go` files via the command `make generate`. This should be executed whenever there's a model change (`pkg/apis/jaegertracing/v1/jaeger_types.go`)
 
-#### Ingress configuration
-
-Kubernetes comes with no ingress provider by default. For development purposes, when running `minikube`, the following command can be executed to install an ingress provider:
-
-```
-make ingress
-```
-
-This will install the `NGINX` ingress provider. It's recommended to wait for the ingress pods to be in the `READY` and `RUNNING` state before starting the operator. You can check it by running:
-
-```
-kubectl get pods -n ingress-nginx
-```
-
-To verify that it's working, deploy the `simplest.yaml` and check the ingress routes:
-
-```
-$ kubectl apply -f deploy/examples/simplest.yaml 
-jaeger.jaegertracing.io/simplest created
-$ kubectl get ingress
-NAME             HOSTS     ADDRESS          PORTS     AGE
-simplest-query   *         192.168.122.69   80        12s
-```
-
-Accessing the provided "address" in your web browser should display the Jaeger UI.
-
-#### Storage configuration
+### Storage configuration
 
 There are a set of templates under the `test` directory that can be used to setup an Elasticsearch and/or Cassandra cluster. Alternatively, the following commands can be executed to install it:
 
-```
+```sh
 make es
 make cassandra
 ```
 
-#### Operator-Lifecycle-Manager Integration
+### Operator-Lifecycle-Manager Integration
 
 The [Operator-Lifecycle-Manager (OLM)](https://github.com/operator-framework/operator-lifecycle-manager/) can install, manage, and upgrade operators and their dependencies in a cluster.
 
@@ -107,24 +90,23 @@ With OLM, users can:
 
 OLM also enforces some constraints on the components it manages in order to ensure a good user experience.
 
-The Jaeger community provides and mantains a [ClusterServiceVersion (CSV) YAML](https://github.com/operator-framework/operator-lifecycle-manager/blob/master/Documentation/design/building-your-csv.md/) to integrate with OLM.
+The Jaeger community provides and maintains a [ClusterServiceVersion (CSV) YAML](https://github.com/operator-framework/operator-lifecycle-manager/blob/master/doc/design/building-your-csv.md) to integrate with OLM.
 
 Starting from operator-sdk v0.5.0, one can generate and update CSVs based on the yaml files in the deploy folder.
 The Jaeger CSV can be updated to version 1.9.0 with the following command:
 
-```
+```sh
 $ operator-sdk generate csv --csv-version 1.9.0
 INFO[0000] Generating CSV manifest version 1.9.0
-INFO[0000] Create deploy/olm-catalog/jaeger-operator.csv.yaml 
-INFO[0000] Create deploy/olm-catalog/_generated.concat_crd.yaml 
+INFO[0000] Create deploy/olm-catalog/jaeger-operator.csv.yaml
+INFO[0000] Create deploy/olm-catalog/_generated.concat_crd.yaml
 ```
 
-The generated CSV yaml should then be compared and used to update the deploy/olm-catalog/jaeger.clusterserviceversion.yaml file which represents the stable version copied to the operatorhub following each jaeger operator release. Once merged, the jaeger-operator.csv.yaml file should be removed.
+The generated CSV yaml should then be compared and used to update the `deploy/olm-catalog/jaeger.clusterserviceversion.yaml` file which represents the stable version copied to the operatorhub following each jaeger operator release. Once merged, the `jaeger-operator.csv.yaml` file should be removed.
 
-The jaeger.clusterserviceversion.yaml file can then be tested with this command:
-
-```
-$ operator-sdk scorecard --cr-manifest deploy/examples/simplest.yaml --csv-path deploy/olm-catalog/jaeger.clusterserviceversion.yaml --init-timeout 30
+The `jaeger.clusterserviceversion.yaml` file can then be tested with this command:
+```sh
+$ operator-sdk scorecard --cr-manifest examples/simplest.yaml --csv-path deploy/olm-catalog/jaeger.clusterserviceversion.yaml --init-timeout 30
 Checking for existence of spec and status blocks in CR
 Checking that operator actions are reflected in status
 Checking that writing into CRs has an effect
@@ -146,40 +128,113 @@ OLM Integration:
 Total Score: 4/18 points
 ```
 
-#### E2E tests
+## E2E tests
 
+### Requisites
+
+Before running the E2E tests you need to install:
+
+* [Kind](https://kind.sigs.k8s.io/docs/user/quick-start/#installation): a tool for running local Kubernetes clusters
+* [KUTTL](https://kuttl.dev/docs/cli.html#setup-the-kuttl-kubectl-plugin): a tool to run the Kubernetes tests
+
+
+### Runing the E2E tests
+
+#### Using KIND cluster
 The whole set of end-to-end tests can be executed via:
 
-```
-$ make e2e-tests
+```sh
+$ make run-e2e-tests
 ```
 
 The end-to-end tests are split into tags and can be executed in separate groups, such as:
 
-```
-$ make e2e-tests-smoke
+```sh
+$ make run-e2e-tests-examples
 ```
 
-Other targets include `e2e-tests-cassandra` and `e2e-tests-elasticsearch`. Refer to the `Makefile` for an up-to-date list of targets.
-
-If you face issues like the one below, make sure you don't have any Jaeger instances (`kubectl get jaegers`) running nor Ingresses (`kubectl get ingresses`):
-
+Other targets include `run-e2e-tests-cassandra` and `run-e2e-tests-elasticsearch`. You can list them running:
+```sh
+$ make e2e-test-suites
 ```
---- FAIL: TestSmoke (316.59s)
-    --- FAIL: TestSmoke/smoke (316.55s)
-        --- FAIL: TestSmoke/smoke/daemonset (115.54s)
-...
-...
-            daemonset.go:30: timed out waiting for the condition
-...
-...
+
+**Note**: there are some variables you need to take into account in order to
+improve your experience running the E2E tests.
+
+| Variable name     | Description                                         | Example usage                      |
+|-------------------|-----------------------------------------------------|------------------------------------|
+| KUTTL_OPTIONS     | Options to pass directly to the KUTTL call          | KUTTL_OPTIONS="--test es-rollover" |
+| E2E_TESTS_TIMEOUT | Timeout for each step in the E2E tests. In seconds  | E2E_TESTS_TIMEOUT=500              |
+| USE_KIND_CLUSTER  | Start a KIND cluster to run the E2E tests           | USE_KIND_CLUSTER=true              |
+| KIND_KEEP_CLUSTER | Not remove the KIND cluster after running the tests | KIND_KEEP_CLUSTER=true             |
+
+Also, you can enable/disable the installation of the different operators needed
+to run the tests:
+| Variable name  | Description                                 | Example usage       |
+|----------------|---------------------------------------------|---------------------|
+| JAEGER_OLM     | Jaeger Operator was installed using OLM     | JAEGER_OLM=true     |
+| KAFKA_OLM      | Kafka Operator was installed using OLM      | KAFKA_OLM=true      |
+| PROMETHEUS_OLM | Prometheus Operator was installed using OLM | PROMETHEUS_OLM=true |
+
+#### An external cluster (like OpenShift)
+The commands from the previous section are valid when running the E2E tests in an
+external cluster like OpenShift, minikube or other Kubernetes environment. The only
+difference are:
+* You need to log in your Kubernetes cluster before running the E2E tests
+* You need to provide the `USE_KIND_CLUSTER=false` parameter when calling `make`
+
+```sh
+$ make run-e2e-tests USE_KIND_CLUSTER=false
 ```
 
+### Developing new E2E tests
+
+E2E tests are located under `tests/e2e`. Each folder is associated to an E2E test suite. The
+Tests are developed using KUTTL. Before developing a new test, [learn how KUTTL test works](https://kuttl.dev/docs/what-is-kuttl.html).
+
+To add a new suite, it is needed to create a new folder with the name of the suite under `tests/e2e`.
+
+Each suite folder contains:
+* `Makefile`: describes the rules associated to rendering the files needed for your tests and run the tests
+* `render.sh`: renders all the files needed for your tests (or to skip them)
+* A folder per test to run
+
+When the test are rendered, each test folder is copied to `_build`. The files generated
+by `render.sh` are created under `_build/<test name>`.
+
+##### Makefile
+The `Makefile` file must contain two rules:
+
+```Makefile
+render-e2e-tests-<suite name>: set-assert-e2e-img-name
+	./tests/e2e/<suite name>/render.sh
+
+run-e2e-tests-<suite name>: TEST_SUITE_NAME=<suite name>
+run-e2e-tests-<suite name>: run-suite-tests
+```
+
+Where `<suite name>` is the name of your E2E test suite. Your E2E test suite
+will be automatically indexed in the `run-e2e-tests` Makefile target.
+
+##### render.sh
+
+This file renders all the YAML files that are part of the E2E test. The `render.sh`
+file must start with:
+
+```bash
+#!/bin/bash
+
+source $(dirname "$0")/../render-utils.sh
+```
+
+The `render-utils.sh` file contains multiple functions to make easier to develop E2E tests and reuse logic. You can go to it and review the documentation of each one of the functions to
+understand their parameters and effects.
+
 #### Building [OCI Images](https://github.com/opencontainers/image-spec/blob/master/spec.md) for multiple arch (linux/arm64, linux/amd64)
 
 OCI images could be built and published by [buildx](https://github.com/docker/buildx), it could be executed for local test via:
 
-```
+```sh
 $ OPERATOR_VERSION=devel ./.ci/publish-images.sh
 ```
 
@@ -189,7 +244,7 @@ if we want to execute this in local env, need to setup buildx:
 
 1. install docker cli plugin
 
-```
+```sh
 $ export DOCKER_BUILDKIT=1
 $ docker build --platform=local -o . git://github.com/docker/buildx
 $ mkdir -p ~/.docker/cli-plugins
@@ -199,13 +254,13 @@ $ mv buildx ~/.docker/cli-plugins/docker-buildx
 
 2. install qemu for multi arch
 
-```
+```sh
 $ docker run --privileged --rm tonistiigi/binfmt --install all
 ```
 (via https://github.com/docker/buildx#building-multi-platform-images)
 
 3. create a builder
 
-```
+```sh
 $ docker buildx create --use --name builder
-```
+```

Dockerfile

@@ -0,0 +1,56 @@
+# Build the manager binary
+FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.22@sha256:f43c6f049f04cbbaeb28f0aad3eea15274a7d0a7899a617d0037aec48d7ab010 as builder
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+COPY hack/install/install-dependencies.sh hack/install/
+COPY hack/install/install-utils.sh hack/install/
+COPY go.mod .
+COPY go.sum .
+RUN ./hack/install/install-dependencies.sh
+
+# Copy the go source
+COPY main.go main.go
+COPY apis/ apis/
+COPY cmd/ cmd/
+COPY controllers/ controllers/
+COPY pkg/ pkg/
+
+COPY versions.txt versions.txt
+
+ARG JAEGER_VERSION
+ARG JAEGER_AGENT_VERSION
+ARG VERSION_PKG
+ARG VERSION
+ARG VERSION_DATE
+
+# Dockerfile `FROM --platform=${BUILDPLATFORM}` means
+# prepare image for build for matched BUILDPLATFORM, eq. linux/amd64
+# by this way, we could avoid to using qemu, which slow down compiling process.
+# and usefully for language who support multi-arch build like go.
+# see last part of https://docs.docker.com/buildx/working-with-buildx/#build-multi-platform-images
+ARG TARGETARCH
+# Build
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} GO111MODULE=on go build -ldflags="-X ${VERSION_PKG}.version=${VERSION} -X ${VERSION_PKG}.buildDate=${VERSION_DATE} -X ${VERSION_PKG}.defaultJaeger=${JAEGER_VERSION}  -X ${VERSION_PKG}.defaultAgent=${JAEGER_AGENT_VERSION}" -a -o jaeger-operator main.go
+
+FROM quay.io/centos/centos:stream9
+
+ENV USER_UID=1001 \
+    USER_NAME=jaeger-operator
+
+RUN INSTALL_PKGS="openssl" && \
+    dnf install -y $INSTALL_PKGS && \
+    rpm -V $INSTALL_PKGS && \
+    dnf clean all && \
+    mkdir /tmp/_working_dir && \
+    chmod og+w /tmp/_working_dir
+
+WORKDIR /
+COPY --from=builder /workspace/jaeger-operator .
+COPY scripts/cert_generation.sh scripts/cert_generation.sh
+
+USER ${USER_UID}:${USER_UID}
+
+ENTRYPOINT ["/jaeger-operator"]

Dockerfile.asserts

@@ -0,0 +1,35 @@
+# Build the manager binary
+FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.22@sha256:f43c6f049f04cbbaeb28f0aad3eea15274a7d0a7899a617d0037aec48d7ab010 as builder
+
+WORKDIR /workspace
+
+# Download the dependencies. Doing this, if there are changes in the source
+# code but not in the dependencies to download, the tool to build the image will
+# use the cached dependencies
+COPY hack/install/install-dependencies.sh hack/install/
+COPY hack/install/install-utils.sh hack/install/
+COPY go.mod .
+COPY go.sum .
+RUN ./hack/install/install-dependencies.sh
+
+COPY tests tests
+
+ENV CGO_ENABLED=0
+
+# Build
+ARG TARGETOS
+ARG TARGETARCH
+
+RUN GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -o ./reporter -a ./tests/assert-jobs/reporter/main.go
+RUN GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -o ./reporter-otlp -a ./tests/assert-jobs/reporter-otlp/main.go
+RUN GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -o ./query -a ./tests/assert-jobs/query/main.go
+RUN GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -o ./index -a ./tests/assert-jobs/index/main.go
+
+# Use the curl container image to ensure we have curl installed. Also, it is a
+# minimal container image
+FROM curlimages/curl@sha256:94e9e444bcba979c2ea12e27ae39bee4cd10bc7041a472c4727a558e213744e6
+WORKDIR /
+COPY --from=builder /workspace/reporter .
+COPY --from=builder /workspace/reporter-otlp .
+COPY --from=builder /workspace/query .
+COPY --from=builder /workspace/index .

Makefile

@@ -1,397 +1,518 @@
+include tests/e2e/Makefile
+
+# When the VERBOSE variable is set to 1, all the commands are shown
+ifeq ("$(VERBOSE)","true")
+echo_prefix=">>>>"
+else
+VECHO = @
+endif
+
 VERSION_DATE ?= $(shell date -u +'%Y-%m-%dT%H:%M:%SZ')
-PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x
+PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le
 GOARCH ?= $(go env GOARCH)
 GOOS ?= $(go env GOOS)
 GO_FLAGS ?= GOOS=$(GOOS) GOARCH=$(GOARCH) CGO_ENABLED=0 GO111MODULE=on
-KUBERNETES_CONFIG ?= "$(HOME)/.kube/config"
-WATCH_NAMESPACE ?= ""
-BIN_DIR ?= "build/_output/bin"
-IMPORT_LOG=import.log
-FMT_LOG=fmt.log
-
-OPERATOR_NAME ?= jaeger-operator
-NAMESPACE ?= "$(USER)"
-BUILD_IMAGE ?= "$(NAMESPACE)/$(OPERATOR_NAME):latest"
-IMAGE_TAGS ?= "--tag $(BUILD_IMAGE)"
-OUTPUT_BINARY ?= "$(BIN_DIR)/$(OPERATOR_NAME)"
-VERSION_PKG ?= "github.com/jaegertracing/jaeger-operator/pkg/version"
-JAEGER_VERSION ?= "$(shell grep jaeger= versions.txt | awk -F= '{print $$2}')"
-OPERATOR_VERSION ?= "$(shell git describe --tags)"
-STORAGE_NAMESPACE ?= "${shell kubectl get sa default -o jsonpath='{.metadata.namespace}' || oc project -q}"
-KAFKA_NAMESPACE ?= "kafka"
-KAFKA_EXAMPLE ?= "https://raw.githubusercontent.com/strimzi/strimzi-kafka-operator/0.16.2/examples/kafka/kafka-persistent-single.yaml"
-KAFKA_YAML ?= "https://github.com/strimzi/strimzi-kafka-operator/releases/download/0.16.2/strimzi-cluster-operator-0.16.2.yaml"
-ES_OPERATOR_NAMESPACE ?= openshift-logging
-ES_OPERATOR_BRANCH ?= release-4.4
-ES_OPERATOR_IMAGE ?= quay.io/openshift/origin-elasticsearch-operator:4.4
-SDK_VERSION=v0.18.2
 GOPATH ?= "$(HOME)/go"
 GOROOT ?= "$(shell go env GOROOT)"
+WATCH_NAMESPACE ?= ""
+BIN_DIR ?= bin
+FMT_LOG=fmt.log
+ECHO ?= @echo $(echo_prefix)
+SED ?= "sed"
+# Jaeger Operator build variables
+OPERATOR_NAME ?= jaeger-operator
+IMG_PREFIX ?= quay.io/${USER}
+OPERATOR_VERSION ?= "$(shell grep -v '\#' versions.txt | grep operator | awk -F= '{print $$2}')"
+VERSION ?=  "$(shell grep operator= versions.txt | awk -F= '{print $$2}')"
+IMG ?= ${IMG_PREFIX}/${OPERATOR_NAME}:${VERSION}
+BUNDLE_IMG ?= ${IMG_PREFIX}/${OPERATOR_NAME}-bundle:$(addprefix v,${VERSION})
+OUTPUT_BINARY ?= "$(BIN_DIR)/jaeger-operator"
+VERSION_PKG ?= "github.com/jaegertracing/jaeger-operator/pkg/version"
+export JAEGER_VERSION ?= "$(shell grep jaeger= versions.txt | awk -F= '{print $$2}')"
+# agent was removed in jaeger 1.62.0, and the new versions of jaeger doesn't distribute the images anymore
+# for that reason the last version of the agent is 1.62.0 and is pined here so we can update jaeger and maintain
+# the latest agent image.
+export JAEGER_AGENT_VERSION ?= "1.62.0"
 
+# Kafka and Kafka Operator variables
+STORAGE_NAMESPACE ?= "${shell kubectl get sa default -o jsonpath='{.metadata.namespace}' || oc project -q}"
+KAFKA_NAMESPACE ?= "kafka"
+KAFKA_VERSION ?= 0.32.0
+KAFKA_EXAMPLE ?= "https://raw.githubusercontent.com/strimzi/strimzi-kafka-operator/${KAFKA_VERSION}/examples/kafka/kafka-persistent-single.yaml"
+KAFKA_YAML ?= "https://github.com/strimzi/strimzi-kafka-operator/releases/download/${KAFKA_VERSION}/strimzi-cluster-operator-${KAFKA_VERSION}.yaml"
+# Prometheus Operator variables
 PROMETHEUS_OPERATOR_TAG ?= v0.39.0
 PROMETHEUS_BUNDLE ?= https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/${PROMETHEUS_OPERATOR_TAG}/bundle.yaml
+# Metrics server variables
+METRICS_SERVER_TAG ?= v0.6.1
+METRICS_SERVER_YAML ?= https://github.com/kubernetes-sigs/metrics-server/releases/download/${METRICS_SERVER_TAG}/components.yaml
+# Ingress controller variables
+INGRESS_CONTROLLER_TAG ?= v1.0.1
+INGRESS_CONTROLLER_YAML ?= https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-${INGRESS_CONTROLLER_TAG}/deploy/static/provider/kind/deploy.yaml
+## Location to install tool dependencies
+LOCALBIN ?= $(shell pwd)/bin
+# Cert manager version to use
+CERTMANAGER_VERSION ?= 1.6.1
+CMCTL ?= $(LOCALBIN)/cmctl
+# Operator SDK
+OPERATOR_SDK ?= $(LOCALBIN)/operator-sdk
+OPERATOR_SDK_VERSION ?= 1.32.0
+# Minimum Kubernetes and OpenShift versions
+MIN_KUBERNETES_VERSION ?= 1.19.0
+MIN_OPENSHIFT_VERSION ?= 4.12
+# Use a KIND cluster for the E2E tests
+USE_KIND_CLUSTER ?= true
+ # Is Jaeger Operator installed via OLM?
+JAEGER_OLM ?= false
+# Is Kafka Operator installed via OLM?
+KAFKA_OLM ?= false
+# Is Prometheus Operator installed via OLM?
+PROMETHEUS_OLM ?= false
+# Istio binary path and version
+ISTIOCTL ?= $(LOCALBIN)/istioctl
+# Tools
+CRDOC ?= $(LOCALBIN)/crdoc
+KIND ?= $(LOCALBIN)/kind
+KUSTOMIZE ?= $(LOCALBIN)/kustomize
 
-LD_FLAGS ?= "-X $(VERSION_PKG).version=$(OPERATOR_VERSION) -X $(VERSION_PKG).buildDate=$(VERSION_DATE) -X $(VERSION_PKG).defaultJaeger=$(JAEGER_VERSION)"
 
-UNIT_TEST_PACKAGES := $(shell go list ./cmd/... ./pkg/... | grep -v elasticsearch/v1 | grep -v kafka/v1beta1 | grep -v client/versioned)
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
 
-TEST_OPTIONS = $(VERBOSE) -kubeconfig $(KUBERNETES_CONFIG) -namespacedMan ../../deploy/test/namespace-manifests.yaml -globalMan ../../deploy/test/global-manifests.yaml -root .
+# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
+ifeq (,$(shell go env GOBIN))
+GOBIN=$(shell go env GOPATH)/bin
+else
+GOBIN=$(shell go env GOBIN)
+endif
+
+LD_FLAGS ?= "-X $(VERSION_PKG).version=$(VERSION) -X $(VERSION_PKG).buildDate=$(VERSION_DATE) -X $(VERSION_PKG).defaultJaeger=$(JAEGER_VERSION) -X $(VERSION_PKG).defaultAgent=$(JAEGER_AGENT_VERSION)"
+
+# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
+ENVTEST ?= $(LOCALBIN)/setup-envtest
+ENVTEST_K8S_VERSION = 1.30
+# Options for KIND version to use
+export KUBE_VERSION ?= 1.30
+KIND_CONFIG ?= kind-$(KUBE_VERSION).yaml
+
+SCORECARD_TEST_IMG ?= quay.io/operator-framework/scorecard-test:v$(OPERATOR_SDK_VERSION)
 
 .DEFAULT_GOAL := build
 
-.PHONY: check
-check:
-	@echo Checking...
-	@GOPATH=${GOPATH} .ci/format.sh > $(FMT_LOG)
-	@[ ! -s "$(FMT_LOG)" ] || (echo "Go fmt, license check, or import ordering failures, run 'make format'" | cat - $(FMT_LOG) && false)
+# Options for 'bundle-build'
+ifneq ($(origin CHANNELS), undefined)
+BUNDLE_CHANNELS := --channels=$(CHANNELS)
+endif
+ifneq ($(origin DEFAULT_CHANNEL), undefined)
+BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL)
+endif
+BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL)
 
-.PHONY: ensure-generate-is-noop
-ensure-generate-is-noop: generate format
-	@git diff -s --exit-code pkg/apis/jaegertracing/v1/zz_generated.*.go || (echo "Build failed: a model has been changed but the generated resources aren't up to date. Run 'make generate' and update your PR." && exit 1)
-	@git diff -s --exit-code pkg/client/versioned || (echo "Build failed: the versioned clients aren't up to date. Run 'make generate'." && exit 1)
+# Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
+CRD_OPTIONS ?= "crd:maxDescLen=0,generateEmbeddedObjectMeta=true"
+
+# If we are running in CI, run go test in verbose mode
+ifeq (,$(CI))
+GOTEST_OPTS=
+else
+GOTEST_OPTS=-v
+endif
+
+all: manager
+
+.PHONY: check
+check: install-tools
+	$(ECHO) Checking...
+	$(VECHO)./.ci/format.sh > $(FMT_LOG)
+	$(VECHO)[ ! -s "$(FMT_LOG)" ] || (echo "Go fmt, license check, or import ordering failures, run 'make format'" | cat - $(FMT_LOG) && false)
+
+ensure-generate-is-noop: VERSION=$(OPERATOR_VERSION)
+ensure-generate-is-noop: set-image-controller generate bundle
+	$(VECHO)# on make bundle config/manager/kustomization.yaml includes changes, which should be ignored for the below check
+	$(VECHO)git restore config/manager/kustomization.yaml
+	$(VECHO)git diff -s --exit-code api/v1/zz_generated.*.go || (echo "Build failed: a model has been changed but the generated resources aren't up to date. Run 'make generate' and update your PR." && exit 1)
+	$(VECHO)git diff -s --exit-code bundle config || (echo "Build failed: the bundle, config files has been changed but the generated bundle, config files aren't up to date. Run 'make bundle' and update your PR." && git diff && exit 1)
+	$(VECHO)git diff -s --exit-code docs/api.md || (echo "Build failed: the api.md file has been changed but the generated api.md file isn't up to date. Run 'make api-docs' and update your PR." && git diff && exit 1)
 
 
 .PHONY: format
-format:
-	@echo Formatting code...
-	@GOPATH=${GOPATH} .ci/format.sh
+format: install-tools
+	$(ECHO) Formatting code...
+	$(VECHO)./.ci/format.sh
 
-.PHONY: lint
-lint:
-	@echo Linting...
-	@GOPATH=${GOPATH} ./.ci/lint.sh
+PHONY: lint
+lint: install-tools
+	$(ECHO) Linting...
+	$(VECHO)$(LOCALBIN)/golangci-lint -v run
 
-.PHONY: security
-security:
-	@echo Security...
-	@${GOPATH}/bin/gosec -quiet -exclude=G104 ./... 2>/dev/null
+.PHONY: vet
+vet: ## Run go vet against code.
+	go vet ./...
 
 .PHONY: build
 build: format
-	$(MAKE) gobuild
-
-.PHONY: gobuild
-gobuild:
-	@echo Building...
-	@${GO_FLAGS} go build -o $(OUTPUT_BINARY) -ldflags $(LD_FLAGS)
-# compile the tests without running them
-	@${GO_FLAGS} go test -c ./test/e2e/...
+	$(ECHO) Building...
+	$(VECHO)./hack/install/install-dependencies.sh
+	$(VECHO)${GO_FLAGS} go build -ldflags $(LD_FLAGS) -o $(OUTPUT_BINARY) main.go
 
 .PHONY: docker
 docker:
-	@[ ! -z "$(PIPELINE)" ] || docker build --build-arg=GOPROXY=${GOPROXY} --build-arg=JAEGER_VERSION=${JAEGER_VERSION} --build-arg=TARGETARCH=$(GOARCH) --file build/Dockerfile -t "$(BUILD_IMAGE)" .
+	$(VECHO)[ ! -z "$(PIPELINE)" ] || docker build --build-arg=GOPROXY=${GOPROXY} --build-arg=VERSION=${VERSION} --build-arg=JAEGER_VERSION=${JAEGER_VERSION} --build-arg=JAEGER_AGENT_VERSION=${JAEGER_AGENT_VERSION} --build-arg=TARGETARCH=$(GOARCH) --build-arg VERSION_DATE=${VERSION_DATE}  --build-arg VERSION_PKG=${VERSION_PKG} -t "$(IMG)" . ${DOCKER_BUILD_OPTIONS}
 
 .PHONY: dockerx
 dockerx:
-	@[ ! -z "$(PIPELINE)" ] || docker buildx build --push --progress=plain --build-arg=JAEGER_VERSION=${JAEGER_VERSION} --build-arg=GOPROXY=${GOPROXY} --platform=$(PLATFORMS) --file build/Dockerfile $(IMAGE_TAGS) .
+	$(VECHO)[ ! -z "$(PIPELINE)" ] || docker buildx build --push --progress=plain --build-arg=VERSION=${VERSION} --build-arg=JAEGER_VERSION=${JAEGER_VERSION} --build-arg=JAEGER_AGENT_VERSION=${JAEGER_AGENT_VERSION} --build-arg=GOPROXY=${GOPROXY} --build-arg VERSION_DATE=${VERSION_DATE} --build-arg VERSION_PKG=${VERSION_PKG} --platform=$(PLATFORMS) $(IMAGE_TAGS) .
 
 .PHONY: push
 push:
 ifeq ($(CI),true)
-	@echo Skipping push, as the build is running within a CI environment
+	$(ECHO) Skipping push, as the build is running within a CI environment
 else
-	@echo "Pushing image $(BUILD_IMAGE)..."
-	@docker push $(BUILD_IMAGE) > /dev/null
+	$(ECHO) "Pushing image $(IMG)..."
+	$(VECHO)docker push $(IMG) > /dev/null
 endif
 
 .PHONY: unit-tests
-unit-tests:
+unit-tests: envtest
 	@echo Running unit tests...
-	@go test $(VERBOSE) $(UNIT_TEST_PACKAGES) -cover -coverprofile=cover.out -ldflags $(LD_FLAGS)
-
-.PHONY: e2e-tests
-e2e-tests: prepare-e2e-tests e2e-tests-smoke e2e-tests-cassandra e2e-tests-es e2e-tests-self-provisioned-es e2e-tests-streaming e2e-tests-examples1 e2e-tests-examples2 e2e-tests-examples-openshift e2e-tests-generate
-
-.PHONY: prepare-e2e-tests
-prepare-e2e-tests: build docker push
-	@mkdir -p deploy/test
-	@cp deploy/service_account.yaml deploy/test/namespace-manifests.yaml
-	@echo "---" >> deploy/test/namespace-manifests.yaml
-
-	@cat deploy/role.yaml >> deploy/test/namespace-manifests.yaml
-	@echo "---" >> deploy/test/namespace-manifests.yaml
-
-	@# ClusterRoleBinding is created in test codebase because we don't know service account namespace
-	@cat deploy/role_binding.yaml >> deploy/test/namespace-manifests.yaml
-	@echo "---" >> deploy/test/namespace-manifests.yaml
-
-	@sed "s~image: jaegertracing\/jaeger-operator\:.*~image: $(BUILD_IMAGE)~gi" test/operator.yaml >> deploy/test/namespace-manifests.yaml
-
-	@cp deploy/crds/jaegertracing.io_jaegers_crd.yaml deploy/test/global-manifests.yaml
-	@echo "---" >> deploy/test/global-manifests.yaml
-	@cat deploy/cluster_role.yaml >> deploy/test/global-manifests.yaml
-
-.PHONY: e2e-tests-smoke
-e2e-tests-smoke: prepare-e2e-tests
-	@echo Running Smoke end-to-end tests...
-	@BUILD_IMAGE=$(BUILD_IMAGE) go test -tags=smoke ./test/e2e/... $(TEST_OPTIONS)
-
-.PHONY: e2e-tests-generate
-e2e-tests-generate: prepare-e2e-tests
-	@echo Running generate end-to-end tests...
-	@BUILD_IMAGE=$(BUILD_IMAGE) go test -tags=generate ./test/e2e/... $(TEST_OPTIONS)
-
-.PHONY: e2e-tests-cassandra
-e2e-tests-cassandra: prepare-e2e-tests cassandra
-	@echo Running Cassandra end-to-end tests...
-	@STORAGE_NAMESPACE=$(STORAGE_NAMESPACE) go test -tags=cassandra ./test/e2e/... $(TEST_OPTIONS)
-
-.PHONY: e2e-tests-es
-e2e-tests-es: prepare-e2e-tests es
-	@echo Running Elasticsearch end-to-end tests...
-	@STORAGE_NAMESPACE=$(STORAGE_NAMESPACE) go test -tags=elasticsearch ./test/e2e/... $(TEST_OPTIONS)
-
-.PHONY: e2e-tests-self-provisioned-es
-e2e-tests-self-provisioned-es: prepare-e2e-tests deploy-es-operator
-	@echo Running Self provisioned Elasticsearch end-to-end tests...
-	@STORAGE_NAMESPACE=$(STORAGE_NAMESPACE) ES_OPERATOR_NAMESPACE=$(ES_OPERATOR_NAMESPACE) ES_OPERATOR_IMAGE=$(ES_OPERATOR_IMAGE) go test -tags=self_provisioned_elasticsearch ./test/e2e/... $(TEST_OPTIONS)
-
-.PHONY: e2e-tests-self-provisioned-es-kafka
-e2e-tests-self-provisioned-es-kafka: prepare-e2e-tests deploy-kafka-operator deploy-es-operator
-	@echo Running Self provisioned Elasticsearch and Kafka end-to-end tests...
-	@STORAGE_NAMESPACE=$(STORAGE_NAMESPACE) ES_OPERATOR_NAMESPACE=$(ES_OPERATOR_NAMESPACE) ES_OPERATOR_IMAGE=$(ES_OPERATOR_IMAGE) go test -tags=self_provisioned_elasticsearch_kafka ./test/e2e/... $(TEST_OPTIONS)
-
-.PHONY: e2e-tests-token-propagation-es
-e2e-tests-token-propagation-es: prepare-e2e-tests deploy-es-operator
-	@echo Running Token Propagation Elasticsearch end-to-end tests...
-	@STORAGE_NAMESPACE=$(STORAGE_NAMESPACE) ES_OPERATOR_NAMESPACE=$(ES_OPERATOR_NAMESPACE) TEST_TIMEOUT=5 ES_OPERATOR_IMAGE=$(ES_OPERATOR_IMAGE) go test -tags=token_propagation_elasticsearch ./test/e2e/... $(TEST_OPTIONS)
-
-.PHONY: e2e-tests-streaming
-e2e-tests-streaming: prepare-e2e-tests es kafka
-	@echo Running Streaming end-to-end tests...
-	@STORAGE_NAMESPACE=$(STORAGE_NAMESPACE) KAFKA_NAMESPACE=$(KAFKA_NAMESPACE) go test -tags=streaming ./test/e2e/... $(TEST_OPTIONS)
-
-.PHONY: e2e-tests-examples1
-e2e-tests-examples1: prepare-e2e-tests cassandra
-	@echo Running Example end-to-end tests part 1...
-	@STORAGE_NAMESPACE=$(STORAGE_NAMESPACE) KAFKA_NAMESPACE=$(KAFKA_NAMESPACE) go test -tags=examples1 ./test/e2e/... $(TEST_OPTIONS)
-
-.PHONY: e2e-tests-examples2
-e2e-tests-examples2: prepare-e2e-tests es kafka
-	@echo Running Example end-to-end tests part 2...
-	@STORAGE_NAMESPACE=$(STORAGE_NAMESPACE) KAFKA_NAMESPACE=$(KAFKA_NAMESPACE) go test -tags=examples2 ./test/e2e/... $(TEST_OPTIONS)
-
-.PHONY: e2e-tests-examples-openshift
-e2e-tests-examples-openshift: prepare-e2e-tests deploy-es-operator
-	@echo Running OpenShift Example end-to-end tests...
-	@STORAGE_NAMESPACE=$(STORAGE_NAMESPACE) KAFKA_NAMESPACE=$(KAFKA_NAMESPACE) go test -tags=examples_openshift ./test/e2e/... $(TEST_OPTIONS)
-
-.PHONY: e2e-tests-autoscale
-e2e-tests-autoscale: prepare-e2e-tests es kafka
-	@echo Running Autoscale end-to-end tests...
-	@STORAGE_NAMESPACE=$(STORAGE_NAMESPACE) KAFKA_NAMESPACE=$(KAFKA_NAMESPACE) go test -tags=autoscale ./test/e2e/... $(TEST_OPTIONS)
-
-.PHONY: e2e-tests-multi-instance
-e2e-tests-multi-instance: prepare-e2e-tests es kafka
-	@echo Running Multiple Instance end-to-end tests...
-	@STORAGE_NAMESPACE=$(STORAGE_NAMESPACE) KAFKA_NAMESPACE=$(KAFKA_NAMESPACE) go test -tags=multiple ./test/e2e/... $(TEST_OPTIONS)
-
-.PHONY: e2e-tests-upgrade
-e2e-tests-upgrade: prepare-e2e-tests
-	@echo Prepare next version image...
-	@[ ! -z "$(PIPELINE)" ] || docker build --build-arg=GOPROXY=${GOPROXY}  --build-arg=JAEGER_VERSION=$(shell .ci/get_test_upgrade_version.sh ${JAEGER_VERSION}) --file build/Dockerfile -t "$(NAMESPACE)/$(OPERATOR_NAME):next" .
-	BUILD_IMAGE="$(NAMESPACE)/$(OPERATOR_NAME):next" $(MAKE) push
-	@echo Running Upgrade end-to-end tests...
-	UPGRADE_TEST_VERSION=$(shell .ci/get_test_upgrade_version.sh ${JAEGER_VERSION}) go test -tags=upgrade  ./test/e2e/... $(TEST_OPTIONS)
-
-.PHONY: run
-run: crd
-	@rm -rf /tmp/_cert*
-	@POD_NAMESPACE=default OPERATOR_NAME=${OPERATOR_NAME} operator-sdk run local --watch-namespace="${WATCH_NAMESPACE}" --operator-flags "start ${CLI_FLAGS}" --go-ldflags ${LD_FLAGS}
-
-.PHONY: run-debug
-run-debug: run
-run-debug: CLI_FLAGS = --log-level=debug --tracing-enabled=true
-
-.PHONY: set-max-map-count
-set-max-map-count:
-	# This is not required in OCP 4.1. The node tuning operator configures the property automatically
-	# when label tuned.openshift.io/elasticsearch=true label is present on the ES pod. The label
-	# is configured by ES operator.
-	@minishift ssh -- 'sudo sysctl -w vm.max_map_count=262144' > /dev/null 2>&1 || true
+	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test -p 1 ${GOTEST_OPTS} ./... -cover -coverprofile=cover.out -ldflags $(LD_FLAGS)
 
 .PHONY: set-node-os-linux
 set-node-os-linux:
 	# Elasticsearch requires labeled nodes. These labels are by default present in OCP 4.2
-	@kubectl label nodes --all kubernetes.io/os=linux --overwrite
+	$(VECHO)kubectl label nodes --all kubernetes.io/os=linux --overwrite
 
-.PHONY: deploy-es-operator
-deploy-es-operator: set-node-os-linux set-max-map-count deploy-prometheus-operator
-ifeq ($(OLM),true)
-	@echo Skipping es-operator deployment, assuming it has been installed via OperatorHub
-else
-	@kubectl create namespace ${ES_OPERATOR_NAMESPACE} 2>&1 | grep -v "already exists" || true
-	@kubectl apply -f https://raw.githubusercontent.com/openshift/elasticsearch-operator/${ES_OPERATOR_BRANCH}/manifests/01-service-account.yaml -n ${ES_OPERATOR_NAMESPACE}
-	@kubectl apply -f https://raw.githubusercontent.com/openshift/elasticsearch-operator/${ES_OPERATOR_BRANCH}/manifests/02-role.yaml
-	@kubectl apply -f https://raw.githubusercontent.com/openshift/elasticsearch-operator/${ES_OPERATOR_BRANCH}/manifests/03-role-bindings.yaml
-	@kubectl apply -f https://raw.githubusercontent.com/openshift/elasticsearch-operator/${ES_OPERATOR_BRANCH}/manifests/04-crd.yaml -n ${ES_OPERATOR_NAMESPACE}
-	@kubectl apply -f https://raw.githubusercontent.com/openshift/elasticsearch-operator/${ES_OPERATOR_BRANCH}/manifests/05-deployment.yaml -n ${ES_OPERATOR_NAMESPACE}
-	@kubectl set image deployment/elasticsearch-operator elasticsearch-operator=${ES_OPERATOR_IMAGE} -n ${ES_OPERATOR_NAMESPACE}
-endif
+cert-manager: cmctl
+	# Consider using cmctl to install the cert-manager once install command is not experimental
+	kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v${CERTMANAGER_VERSION}/cert-manager.yaml
+	$(CMCTL) check api --wait=5m
 
-.PHONY: undeploy-es-operator
-undeploy-es-operator:
-ifeq ($(OLM),true)
-	@echo Skipping es-operator undeployment, as it should have been installed via OperatorHub
-else
-	@kubectl delete -f https://raw.githubusercontent.com/openshift/elasticsearch-operator/${ES_OPERATOR_BRANCH}/manifests/05-deployment.yaml -n ${ES_OPERATOR_NAMESPACE} --ignore-not-found=true || true
-	@kubectl delete -f https://raw.githubusercontent.com/openshift/elasticsearch-operator/${ES_OPERATOR_BRANCH}/manifests/04-crd.yaml -n ${ES_OPERATOR_NAMESPACE} --ignore-not-found=true || true
-	@kubectl delete -f https://raw.githubusercontent.com/openshift/elasticsearch-operator/${ES_OPERATOR_BRANCH}/manifests/03-role-bindings.yaml --ignore-not-found=true || true
-	@kubectl delete -f https://raw.githubusercontent.com/openshift/elasticsearch-operator/${ES_OPERATOR_BRANCH}/manifests/02-role.yaml --ignore-not-found=true || true
-	@kubectl delete -f https://raw.githubusercontent.com/openshift/elasticsearch-operator/${ES_OPERATOR_BRANCH}/manifests/01-service-account.yaml -n ${ES_OPERATOR_NAMESPACE} --ignore-not-found=true || true
-	@kubectl delete namespace ${ES_OPERATOR_NAMESPACE} --ignore-not-found=true 2>&1 || true
-endif
+undeploy-cert-manager:
+	kubectl delete --ignore-not-found=true -f https://github.com/jetstack/cert-manager/releases/download/v${CERTMANAGER_VERSION}/cert-manager.yaml
+
+cmctl: $(CMCTL)
+$(CMCTL): $(LOCALBIN)
+	./hack/install/install-cmctl.sh $(CERTMANAGER_VERSION)
 
 .PHONY: es
 es: storage
-	@kubectl create -f ./test/elasticsearch.yml --namespace $(STORAGE_NAMESPACE) 2>&1 | grep -v "already exists" || true
+ifeq ($(SKIP_ES_EXTERNAL),true)
+	$(ECHO) Skipping creation of external Elasticsearch instance
+else
+	$(VECHO)kubectl create -f ./tests/elasticsearch.yml --namespace $(STORAGE_NAMESPACE) 2>&1 | grep -v "already exists" || true
+endif
+
+.PHONY: istio
+istio:
+	$(ECHO) Install istio with minimal profile
+	$(VECHO)./hack/install/install-istio.sh
+	$(VECHO)${ISTIOCTL} install --set profile=minimal -y
+
+.PHONY: undeploy-istio
+undeploy-istio:
+	$(VECHO)${ISTIOCTL} manifest generate --set profile=demo | kubectl delete --ignore-not-found=true -f - || true
+	$(VECHO)kubectl delete namespace istio-system --ignore-not-found=true || true
 
 .PHONY: cassandra
 cassandra: storage
-	@kubectl create -f ./test/cassandra.yml --namespace $(STORAGE_NAMESPACE) 2>&1 | grep -v "already exists" || true
+	$(VECHO)kubectl create -f ./tests/cassandra.yml --namespace $(STORAGE_NAMESPACE) 2>&1 | grep -v "already exists" || true
 
 .PHONY: storage
 storage:
-	@echo Creating namespace $(STORAGE_NAMESPACE)
-	@kubectl create namespace $(STORAGE_NAMESPACE) 2>&1 | grep -v "already exists" || true
+	$(ECHO) Creating namespace $(STORAGE_NAMESPACE)
+	$(VECHO)kubectl create namespace $(STORAGE_NAMESPACE) 2>&1 | grep -v "already exists" || true
 
 .PHONY: deploy-kafka-operator
 deploy-kafka-operator:
-	@echo Creating namespace $(KAFKA_NAMESPACE)
-	@kubectl create namespace $(KAFKA_NAMESPACE) 2>&1 | grep -v "already exists" || true
-ifeq ($(OLM),true)
-	@echo Skipping kafka-operator deployment, assuming it has been installed via OperatorHub
+	$(ECHO) Creating namespace $(KAFKA_NAMESPACE)
+	$(VECHO)kubectl create namespace $(KAFKA_NAMESPACE) 2>&1 | grep -v "already exists" || true
+ifeq ($(KAFKA_OLM),true)
+	$(ECHO) Skipping kafka-operator deployment, assuming it has been installed via OperatorHub
 else
-	@kubectl create clusterrolebinding strimzi-cluster-operator-namespaced --clusterrole=strimzi-cluster-operator-namespaced --serviceaccount ${KAFKA_NAMESPACE}:strimzi-cluster-operator 2>&1 | grep -v "already exists" || true
-	@kubectl create clusterrolebinding strimzi-cluster-operator-entity-operator-delegation --clusterrole=strimzi-entity-operator --serviceaccount ${KAFKA_NAMESPACE}:strimzi-cluster-operator 2>&1 | grep -v "already exists" || true
-	@kubectl create clusterrolebinding strimzi-cluster-operator-topic-operator-delegation --clusterrole=strimzi-topic-operator --serviceaccount ${KAFKA_NAMESPACE}:strimzi-cluster-operator 2>&1 | grep -v "already exists" || true
-	@curl --fail --location $(KAFKA_YAML) --output deploy/test/kafka-operator.yaml --create-dirs
-	@sed 's/namespace: .*/namespace: $(KAFKA_NAMESPACE)/' deploy/test/kafka-operator.yaml | kubectl -n $(KAFKA_NAMESPACE) apply -f - 2>&1 | grep -v "already exists" || true
-	@kubectl set env deployment strimzi-cluster-operator -n ${KAFKA_NAMESPACE} STRIMZI_NAMESPACE="*"
+	$(VECHO)curl --fail --location https://github.com/strimzi/strimzi-kafka-operator/releases/download/0.32.0/strimzi-0.32.0.tar.gz --output tests/_build/kafka-operator.tar.gz --create-dirs
+	$(VECHO)tar xf tests/_build/kafka-operator.tar.gz
+	$(VECHO)${SED} -i 's/namespace: .*/namespace: ${KAFKA_NAMESPACE}/' strimzi-${KAFKA_VERSION}/install/cluster-operator/*RoleBinding*.yaml
+	$(VECHO)kubectl create -f strimzi-${KAFKA_VERSION}/install/cluster-operator/020-RoleBinding-strimzi-cluster-operator.yaml -n ${KAFKA_NAMESPACE}
+	$(VECHO)kubectl create -f strimzi-${KAFKA_VERSION}/install/cluster-operator/023-RoleBinding-strimzi-cluster-operator.yaml -n ${KAFKA_NAMESPACE}
+	$(VECHO)kubectl create -f strimzi-${KAFKA_VERSION}/install/cluster-operator/031-RoleBinding-strimzi-cluster-operator-entity-operator-delegation.yaml -n ${KAFKA_NAMESPACE}
+	$(VECHO)kubectl apply -f strimzi-${KAFKA_VERSION}/install/cluster-operator/ -n ${KAFKA_NAMESPACE}
 endif
 
 .PHONY: undeploy-kafka-operator
 undeploy-kafka-operator:
-ifeq ($(OLM),true)
-	@echo Skiping kafka-operator undeploy
+ifeq ($(KAFKA_OLM),true)
+	$(ECHO) Skiping kafka-operator undeploy
 else
-	@kubectl delete --namespace $(KAFKA_NAMESPACE) -f deploy/test/kafka-operator.yaml --ignore-not-found=true 2>&1 || true
-	@kubectl delete clusterrolebinding strimzi-cluster-operator-namespaced --ignore-not-found=true || true
-	@kubectl delete clusterrolebinding strimzi-cluster-operator-entity-operator-delegation --ignore-not-found=true || true
-	@kubectl delete clusterrolebinding strimzi-cluster-operator-topic-operator-delegation --ignore-not-found=true || true
+	$(VECHO)kubectl delete --namespace $(KAFKA_NAMESPACE) -f tests/_build/kafka-operator.yaml --ignore-not-found=true 2>&1 || true
+	$(VECHO)kubectl delete clusterrolebinding strimzi-cluster-operator-namespaced --ignore-not-found=true || true
+	$(VECHO)kubectl delete clusterrolebinding strimzi-cluster-operator-entity-operator-delegation --ignore-not-found=true || true
+	$(VECHO)kubectl delete clusterrolebinding strimzi-cluster-operator-topic-operator-delegation --ignore-not-found=true || true
 endif
-	@kubectl delete namespace $(KAFKA_NAMESPACE) --ignore-not-found=true 2>&1 || true
 
 .PHONY: kafka
 kafka: deploy-kafka-operator
-	@echo Creating namespace $(KAFKA_NAMESPACE)
-	@kubectl create namespace $(KAFKA_NAMESPACE) 2>&1 | grep -v "already exists" || true
-	@curl --fail --location $(KAFKA_EXAMPLE) --output deploy/test/kafka-example.yaml --create-dirs
-	@sed -i 's/size: 100Gi/size: 10Gi/g' deploy/test/kafka-example.yaml
-	@kubectl -n $(KAFKA_NAMESPACE) apply --dry-run=true -f deploy/test/kafka-example.yaml
-	@kubectl -n $(KAFKA_NAMESPACE) apply -f deploy/test/kafka-example.yaml 2>&1 | grep -v "already exists" || true
+ifeq ($(SKIP_KAFKA),true)
+	$(ECHO) Skipping Kafka/external ES related tests
+else
+	$(ECHO) Creating namespace $(KAFKA_NAMESPACE)
+	$(VECHO)mkdir -p tests/_build/
+	$(VECHO)kubectl create namespace $(KAFKA_NAMESPACE) 2>&1 | grep -v "already exists" || true
+	$(VECHO)curl --fail --location $(KAFKA_EXAMPLE) --output tests/_build/kafka-example.yaml --create-dirs
+	$(VECHO)${SED} -i 's/size: 100Gi/size: 10Gi/g' tests/_build/kafka-example.yaml
+	$(VECHO)kubectl -n $(KAFKA_NAMESPACE) apply --dry-run=client -f  tests/_build/kafka-example.yaml
+	$(VECHO)kubectl -n $(KAFKA_NAMESPACE) apply -f tests/_build/kafka-example.yaml 2>&1 | grep -v "already exists" || true
+endif
 
 .PHONY: undeploy-kafka
 undeploy-kafka: undeploy-kafka-operator
-	@kubectl delete --namespace $(KAFKA_NAMESPACE) -f deploy/test/kafka-example.yaml 2>&1 || true
+	$(VECHO)kubectl delete --namespace $(KAFKA_NAMESPACE) -f tests/_build/kafka-example.yaml 2>&1 || true
 
 
 .PHONY: deploy-prometheus-operator
 deploy-prometheus-operator:
-ifeq ($(OLM),true)
-	@echo Skipping prometheus-operator deployment, assuming it has been installed via OperatorHub
+ifeq ($(PROMETHEUS_OLM),true)
+	$(ECHO) Skipping prometheus-operator deployment, assuming it has been installed via OperatorHub
 else
-	@kubectl apply -f ${PROMETHEUS_BUNDLE}
+	$(VECHO)kubectl apply -f ${PROMETHEUS_BUNDLE}
 endif
 
 .PHONY: undeploy-prometheus-operator
 undeploy-prometheus-operator:
-ifeq ($(OLM),true)
-	@echo Skipping prometheus-operator undeployment, as it should have been installed via OperatorHub
+ifeq ($(PROMETHEUS_OLM),true)
+	$(ECHO) Skipping prometheus-operator undeployment, as it should have been installed via OperatorHub
 else
-	@kubectl delete -f ${PROMETHEUS_BUNDLE} --ignore-not-found=true || true
+	$(VECHO)kubectl delete -f ${PROMETHEUS_BUNDLE} --ignore-not-found=true || true
 endif
 
 .PHONY: clean
-clean: undeploy-kafka undeploy-es-operator undeploy-prometheus-operator
-	@rm -f deploy/test/*.yaml
-	@if [ -d deploy/test ]; then rmdir deploy/test ; fi
-	@kubectl delete -f ./test/cassandra.yml --ignore-not-found=true -n $(STORAGE_NAMESPACE) || true
-	@kubectl delete -f ./test/elasticsearch.yml --ignore-not-found=true -n $(STORAGE_NAMESPACE) || true
-	@kubectl delete -f deploy/crds/jaegertracing.io_jaegers_crd.yaml --ignore-not-found=true || true
-	@kubectl delete -f deploy/operator.yaml --ignore-not-found=true || true
-	@kubectl delete -f deploy/role_binding.yaml --ignore-not-found=true || true
-	@kubectl delete -f deploy/role.yaml --ignore-not-found=true || true
-	@kubectl delete -f deploy/service_account.yaml --ignore-not-found=true || true
+clean: undeploy-kafka undeploy-prometheus-operator undeploy-istio undeploy-cert-manager
+	$(VECHO)kubectl delete namespace $(KAFKA_NAMESPACE) --ignore-not-found=true 2>&1 || true
+	$(VECHO)if [ -d tests/_build ]; then rm -rf tests/_build ; fi
+	$(VECHO)kubectl delete -f ./tests/cassandra.yml --ignore-not-found=true -n $(STORAGE_NAMESPACE) || true
+	$(VECHO)kubectl delete -f ./tests/elasticsearch.yml --ignore-not-found=true -n $(STORAGE_NAMESPACE) || true
 
-.PHONY: crd
-crd:
-	@kubectl create -f deploy/crds/jaegertracing.io_jaegers_crd.yaml 2>&1 | grep -v "already exists" || true
-
-.PHONY: ingress
-ingress:
-	@minikube addons enable ingress
+.PHONY: manifests
+manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
+	$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
 
 .PHONY: generate
-generate: internal-generate format
-
-.PHONY: internal-generate
-internal-generate:
-	@GOPATH=${GOPATH} GOROOT=${GOROOT} ./.ci/generate.sh
+generate: controller-gen api-docs ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
+	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
 
 .PHONY: test
-test: unit-tests e2e-tests
+test: unit-tests run-e2e-tests
 
 .PHONY: all
-all: check format lint security build test
+all: check format lint build test
 
 .PHONY: ci
-ci: ensure-generate-is-noop check format lint security build unit-tests
+ci: install-tools ensure-generate-is-noop check format lint build unit-tests
 
-.PHONY: scorecard
-scorecard:
-	@operator-sdk scorecard --cr-manifest deploy/examples/simplest.yaml --csv-path deploy/olm-catalog/jaeger.clusterserviceversion.yaml --init-timeout 30
+##@ Deployment
 
-.PHONY: install-sdk
-install-sdk:
-	@echo Installing SDK ${SDK_VERSION}
-	@SDK_VERSION=$(SDK_VERSION) GOPATH=$(GOPATH) ./.ci/install-sdk.sh
-
-.PHONY: install-tools
-install-tools:
-	@${GO_FLAGS} ./.ci/vgot.sh \
-		golang.org/x/lint/golint \
-		golang.org/x/tools/cmd/goimports \
-		github.com/securego/gosec/cmd/gosec@v0.0.0-20191008095658-28c1128b7336 \
-		sigs.k8s.io/controller-tools/cmd/controller-gen@v0.2.4 \
-		k8s.io/code-generator/cmd/client-gen@v0.18.6 \
-		k8s.io/kube-openapi/cmd/openapi-gen@v0.0.0-20200410145947-61e04a5be9a6
+ignore-not-found ?= false
 
 .PHONY: install
-install: install-sdk install-tools
+install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
+	$(KUSTOMIZE) build config/crd | kubectl apply -f -
+
+.PHONY: uninstall
+uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config.
+	$(KUSTOMIZE) build config/crd | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
 
 .PHONY: deploy
-deploy: ingress crd
-	@kubectl apply -f deploy/service_account.yaml
-	@kubectl apply -f deploy/cluster_role.yaml
-	@kubectl apply -f deploy/cluster_role_binding.yaml
-	@sed "s~image: jaegertracing\/jaeger-operator\:.*~image: $(BUILD_IMAGE)~gi" deploy/operator.yaml | kubectl apply -f -
+deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
+	kubectl create namespace observability 2>&1 | grep -v "already exists" || true
+	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	./hack/enable-operator-features.sh
+	$(KUSTOMIZE) build config/default | kubectl apply -f -
+
+.PHONY: undeploy
+undeploy: kustomize ## Undeploy controller from the K8s cluster specified in ~/.kube/config.
+	$(KUSTOMIZE) build config/default | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
 
 .PHONY: operatorhub
 operatorhub: check-operatorhub-pr-template
-	@./.ci/operatorhub.sh
+	$(VECHO)./.ci/operatorhub.sh
 
 .PHONY: check-operatorhub-pr-template
 check-operatorhub-pr-template:
-	@curl https://raw.githubusercontent.com/operator-framework/community-operators/master/docs/pull_request_template.md -o .ci/.operatorhub-pr-template.md -s > /dev/null 2>&1
-	@git diff -s --exit-code .ci/.operatorhub-pr-template.md || (echo "Build failed: the PR template for OperatorHub has changed. Sync it and try again." && exit 1)
-
-.PHONY: local-jaeger-container
-local-jaeger-container:
-	@echo "Starting local container with Jaeger. Check http://localhost:16686"
-	@docker run -d --rm -p 16686:16686 -p 6831:6831/udp --name jaeger jaegertracing/all-in-one:1.15 > /dev/null
+	$(VECHO)curl https://raw.githubusercontent.com/operator-framework/community-operators/master/docs/pull_request_template.md -o .ci/.operatorhub-pr-template.md -s > /dev/null 2>&1
+	$(VECHO)git diff -s --exit-code .ci/.operatorhub-pr-template.md || (echo "Build failed: the PR template for OperatorHub has changed. Sync it and try again." && exit 1)
 
 .PHONY: changelog
 changelog:
-	@echo "Set env variable OAUTH_TOKEN before invoking, https://github.com/settings/tokens/new?description=GitHub%20Changelog%20Generator%20token"
-	@docker run --rm  -v "${PWD}:/app" pavolloffay/gch:latest --oauth-token ${OAUTH_TOKEN} --owner jaegertracing --repo jaeger-operator
+	$(ECHO) "Set env variable OAUTH_TOKEN before invoking, https://github.com/settings/tokens/new?description=GitHub%20Changelog%20Generator%20token"
+	$(VECHO)docker run --rm  -v "${PWD}:/app" pavolloffay/gch:latest --oauth-token ${OAUTH_TOKEN} --branch main --owner jaegertracing --repo jaeger-operator
+
+
+CONTROLLER_GEN = $(shell pwd)/bin/controller-gen
+controller-gen: ## Download controller-gen locally if necessary.
+	$(VECHO)./hack/install/install-controller-gen.sh
+
+.PHONY: envtest
+envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
+$(ENVTEST): $(LOCALBIN)
+	test -s $(ENVTEST) || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
+
+.PHONY: bundle
+bundle: manifests kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files.
+	$(SED) -i "s#containerImage: quay.io/jaegertracing/jaeger-operator:$(OPERATOR_VERSION)#containerImage: quay.io/jaegertracing/jaeger-operator:$(VERSION)#g" config/manifests/bases/jaeger-operator.clusterserviceversion.yaml
+	$(SED) -i 's/minKubeVersion: .*/minKubeVersion: $(MIN_KUBERNETES_VERSION)/' config/manifests/bases/jaeger-operator.clusterserviceversion.yaml
+	$(SED) -i 's/com.redhat.openshift.versions=.*/com.redhat.openshift.versions=v$(MIN_OPENSHIFT_VERSION)/' bundle.Dockerfile
+	$(SED) -i 's/com.redhat.openshift.versions: .*/com.redhat.openshift.versions: v$(MIN_OPENSHIFT_VERSION)/' bundle/metadata/annotations.yaml
+
+	$(OPERATOR_SDK) generate kustomize manifests -q
+	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
+	$(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle -q --overwrite --manifests --version $(VERSION) $(BUNDLE_METADATA_OPTS)
+	$(OPERATOR_SDK) bundle validate ./bundle
+	./hack/ignore-createdAt-bundle.sh
+
+.PHONY: bundle-build
+bundle-build: ## Build the bundle image.
+	docker build -f bundle.Dockerfile -t $(BUNDLE_IMG) .
+
+.PHONY: bundle-push
+bundle-push: ## Push the bundle image.
+	docker push $(BUNDLE_IMG)
+
+.PHONY: opm
+OPM = ./bin/opm
+opm: ## Download opm locally if necessary.
+ifeq (,$(wildcard $(OPM)))
+ifeq (,$(shell which opm 2>/dev/null))
+	@{ \
+	set -e ;\
+	mkdir -p $(dir $(OPM)) ;\
+	OS=$(shell go env GOOS) && ARCH=$(shell go env GOARCH) && \
+	curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.15.1/$${OS}-$${ARCH}-opm ;\
+	chmod +x $(OPM) ;\
+	}
+else
+OPM = $(shell which opm)
+endif
+endif
+
+# A comma-separated list of bundle images (e.g. make catalog-build BUNDLE_IMGS=example.com/operator-bundle:v0.1.0,example.com/operator-bundle:v0.2.0).
+# These images MUST exist in a registry and be pull-able.
+BUNDLE_IMGS ?= $(BUNDLE_IMG)
+
+# The image tag given to the resulting catalog image (e.g. make catalog-build CATALOG_IMG=example.com/operator-catalog:v0.2.0).
+CATALOG_IMG ?= $(IMAGE_TAG_BASE)-catalog:v$(VERSION)
+
+# Set CATALOG_BASE_IMG to an existing catalog image tag to add $BUNDLE_IMGS to that image.
+ifneq ($(origin CATALOG_BASE_IMG), undefined)
+FROM_INDEX_OPT := --from-index $(CATALOG_BASE_IMG)
+endif
+
+# Build a catalog image by adding bundle images to an empty catalog using the operator package manager tool, 'opm'.
+# This recipe invokes 'opm' in 'semver' bundle add mode. For more information on add modes, see:
+# https://github.com/operator-framework/community-operators/blob/7f1438c/docs/packaging-operator.md#updating-your-existing-operator
+.PHONY: catalog-build
+catalog-build: opm ## Build a catalog image.
+	$(OPM) index add --container-tool docker --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT)
+
+# Push the catalog image.
+.PHONY: catalog-push
+catalog-push: ## Push a catalog image.
+	$(MAKE) docker-push IMG=$(CATALOG_IMG)
+
+.PHONY: start-kind
+start-kind: kind
+ifeq ($(USE_KIND_CLUSTER),true)
+	$(ECHO) Starting KIND cluster...
+# Instead of letting KUTTL create the Kind cluster (using the CLI or in the kuttl-tests.yaml
+# file), the cluster is created here. There are multiple reasons to do this:
+# 	* The kubectl command will not work outside KUTTL
+#	* Some KUTTL versions are not able to start properly a Kind cluster
+#	* The cluster will be removed after running KUTTL (this can be disabled). Sometimes,
+#		the cluster teardown is not done properly and KUTTL can not be run with the --start-kind flag
+# When the Kind cluster is not created by Kuttl, the kindContainers parameter
+# from kuttl-tests.yaml has not effect so, it is needed to load the container
+# images here.
+	$(VECHO)$(KIND) create cluster --config $(KIND_CONFIG) 2>&1 | grep -v "already exists" || true
+# Install metrics-server for HPA
+	$(ECHO)"Installing the metrics-server in the kind cluster"
+	$(VECHO)kubectl apply -f $(METRICS_SERVER_YAML)
+	$(VECHO)kubectl patch deployment -n kube-system metrics-server --type "json" -p '[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": --kubelet-insecure-tls}]'
+# Install the ingress-controller
+	$(ECHO)"Installing the Ingress controller in the kind cluster"
+	$(VECHO)kubectl apply -f $(INGRESS_CONTROLLER_YAML)
+# Check the deployments were done properly
+	$(ECHO)"Checking the metrics-server was deployed properly"
+	$(VECHO)kubectl wait --for=condition=available deployment/metrics-server -n kube-system --timeout=5m
+	$(ECHO)"Checking the Ingress controller deployment was done successfully"
+	$(VECHO)kubectl wait --for=condition=available deployment ingress-nginx-controller -n ingress-nginx --timeout=5m
+else
+	$(ECHO)"KIND cluster creation disabled. Skipping..."
+endif
+
+stop-kind:
+	$(ECHO)"Stopping the kind cluster"
+	$(VECHO)kind delete cluster
+
+.PHONY: install-git-hooks
+install-git-hooks:
+	$(VECHO)cp scripts/git-hooks/pre-commit .git/hooks
+
+# Generates the released manifests
+release-artifacts: set-image-controller
+	mkdir -p dist
+	$(KUSTOMIZE) build config/default -o dist/jaeger-operator.yaml
+
+# Set the controller image parameters
+set-image-controller: manifests kustomize
+	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+
+.PHONY: tools
+tools: kustomize controller-gen operator-sdk
+
+.PHONY: install-tools
+install-tools: operator-sdk
+	$(VECHO)./hack/install/install-golangci-lint.sh
+	$(VECHO)./hack/install/install-goimports.sh
+
+.PHONY: kustomize
+kustomize: $(KUSTOMIZE)
+$(KUSTOMIZE): $(LOCALBIN)
+	./hack/install/install-kustomize.sh
+
+.PHONY: kind
+kind: $(KIND)
+$(KIND): $(LOCALBIN)
+	./hack/install/install-kind.sh
+
+.PHONY: prepare-release
+prepare-release:
+	$(VECHO)./.ci/prepare-release.sh
+
+scorecard-tests: operator-sdk
+	echo "Operator sdk is $(OPERATOR_SDK)"
+	$(OPERATOR_SDK) scorecard bundle -w 10m || (echo "scorecard test failed" && exit 1)
+
+scorecard-tests-local: kind
+	$(VECHO)$(KIND) create cluster --config $(KIND_CONFIG) 2>&1 | grep -v "already exists" || true
+	$(VECHO)docker pull $(SCORECARD_TEST_IMG)
+	$(VECHO)$(KIND) load docker-image $(SCORECARD_TEST_IMG)
+	$(VECHO)kubectl wait --timeout=5m --for=condition=available deployment/coredns -n kube-system
+	$(VECHO)$(MAKE) scorecard-tests
+
+.PHONY: operator-sdk
+operator-sdk: $(OPERATOR_SDK)
+$(OPERATOR_SDK): $(LOCALBIN)
+	test -s $(OPERATOR_SDK) || curl -sLo $(OPERATOR_SDK) https://github.com/operator-framework/operator-sdk/releases/download/v${OPERATOR_SDK_VERSION}/operator-sdk_`go env GOOS`_`go env GOARCH`
+	@chmod +x $(OPERATOR_SDK)
+
+api-docs: crdoc kustomize
+	@{ \
+	set -e ;\
+	TMP_DIR=$$(mktemp -d) ; \
+	$(KUSTOMIZE) build config/crd -o $$TMP_DIR/crd-output.yaml ;\
+	$(CRDOC) --resources $$TMP_DIR/crd-output.yaml --output docs/api.md ;\
+	}
+
+.PHONY: crdoc
+crdoc: $(CRDOC)
+$(CRDOC): $(LOCALBIN)
+	test -s $(CRDOC) || GOBIN=$(LOCALBIN) go install fybrik.io/crdoc@v0.5.2
+	@chmod +x $(CRDOC)

PROJECT

@@ -0,0 +1,23 @@
+domain: jaegertracing.io
+layout:
+- go.kubebuilder.io/v3
+multigroup: true
+plugins:
+  manifests.sdk.operatorframework.io/v2: {}
+  scorecard.sdk.operatorframework.io/v2: {}
+projectName: jaeger-operator
+repo: github.com/jaegertracing/jaeger-operator
+resources:
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: jaegertracing.io
+  kind: Jaeger
+  path: github.com/jaegertracing/jaeger-operator/apis/v1
+  version: v1
+  webhooks:
+    defaulting: true
+    validation: true
+    webhookVersion: v1
+version: "3"

README.md

@@ -1,5 +1,4 @@
-
-[![Build Status][ci-img]][ci] [![Go Report Card][goreport-img]][goreport] [![Code Coverage][cov-img]][cov] [![GoDoc][godoc-img]][godoc]
+[![Build Status][ci-img]][ci] [![Go Report Card][goreport-img]][goreport] [![Code Coverage][cov-img]][cov] [![GoDoc][godoc-img]][godoc] [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/jaegertracing/jaeger-operator/badge)](https://securityscorecards.dev/viewer/?uri=github.com/jaegertracing/jaeger-operator)
 
 # Jaeger Operator for Kubernetes
 
@@ -9,23 +8,7 @@ The Jaeger Operator is an implementation of a [Kubernetes Operator](https://kube
 
 Firstly, ensure an [ingress-controller is deployed](https://kubernetes.github.io/ingress-nginx/deploy/). When using `minikube`, you can use the `ingress` add-on: `minikube start --addons=ingress`
 
-To install the operator, run:
-```
-kubectl create namespace observability
-kubectl create -n observability -f https://raw.githubusercontent.com/jaegertracing/jaeger-operator/master/deploy/crds/jaegertracing.io_jaegers_crd.yaml
-kubectl create -n observability -f https://raw.githubusercontent.com/jaegertracing/jaeger-operator/master/deploy/service_account.yaml
-kubectl create -n observability -f https://raw.githubusercontent.com/jaegertracing/jaeger-operator/master/deploy/role.yaml
-kubectl create -n observability -f https://raw.githubusercontent.com/jaegertracing/jaeger-operator/master/deploy/role_binding.yaml
-kubectl create -n observability -f https://raw.githubusercontent.com/jaegertracing/jaeger-operator/master/deploy/operator.yaml
-```
-
-The operator will activate extra features if given cluster-wide permissions. To enable that, run:
-```
-kubectl create -f https://raw.githubusercontent.com/jaegertracing/jaeger-operator/master/deploy/cluster_role.yaml
-kubectl create -f https://raw.githubusercontent.com/jaegertracing/jaeger-operator/master/deploy/cluster_role_binding.yaml
-```
-
-Note that you'll need to download and customize the `cluster_role_binding.yaml` if you are using a namespace other than `observability`. You probably also want to download and customize the `operator.yaml`, setting the env var `WATCH_NAMESPACE` to have an empty value, so that it can watch for instances across all namespaces.
+Then follow the Jaeger Operator [installation instructions](https://www.jaegertracing.io/docs/latest/operator/).
 
 Once the `jaeger-operator` deployment in the namespace `observability` is ready, create a Jaeger instance, like:
 
@@ -50,30 +33,190 @@ In this example, the Jaeger UI is available at http://192.168.122.34.
 
 The official documentation for the Jaeger Operator, including all its customization options, are available under the main [Jaeger Documentation](https://www.jaegertracing.io/docs/latest/operator/).
 
+CRD-API documentation can be found [here](./docs/api.md).
+
+## Compatibility matrix
+
+See the compatibility matrix [here](./COMPATIBILITY.md).
+
+
+### Jaeger Operator vs. Jaeger
+
+The Jaeger Operator follows the same versioning as the operand (Jaeger) up to the minor part of the version. For example, the Jaeger Operator v1.22.2 tracks Jaeger 1.22.0. The patch part of the version indicates the patch level of the operator itself, not that of Jaeger. Whenever a new patch version is released for Jaeger, we'll release a new patch version of the operator.
+
+### Jaeger Operator vs. Kubernetes
+
+We strive to be compatible with the widest range of Kubernetes versions as possible, but some changes to Kubernetes itself require us to break compatibility with older Kubernetes versions, be it because of code imcompatibilities, or in the name of maintainability.
+
+Our promise is that we'll follow what's common practice in the Kubernetes world and support N-2 versions, based on the release date of the Jaeger Operator.
+
+For instance, when we released v1.22.0, the latest Kubernetes version was v1.20.5. As such, the minimum version of Kubernetes we support for Jaeger Operator v1.22.0 is v1.18 and we tested it with up to 1.20.
+
+The Jaeger Operator *might* work on versions outside of the given range, but when opening new issues, please make sure to test your scenario on a supported version.
+
+
+### Jaeger Operator vs. Strimzi Operator
+
+We maintain compatibility with a set of tested Strimzi operator versions, but some changes in Strimzi operator require us to break compatibility with older versions.
+
+The jaeger Operator *might* work on other untested versions of Strimzi Operator, but when opening new issues, please make sure to test your scenario on a supported version.
+
 
 ## (experimental) Generate Kubernetes manifest file
 
-Sometimes it is preferable to generate plain manifests files instead of running an operator in a cluster. `jaeger-operator generate` generates kubernetes manifests from a given CR. In this example we apply the manifest generated by [examples/simplest.yaml](https://raw.githubusercontent.com/jaegertracing/jaeger-operator/master/deploy/examples/simplest.yaml) to the namespace `jaeger-test`:
+Sometimes it is preferable to generate plain manifests files instead of running an operator in a cluster. `jaeger-operator generate` generates kubernetes manifests from a given CR. In this example we apply the manifest generated by [examples/simplest.yaml](https://raw.githubusercontent.com/jaegertracing/jaeger-operator/main/examples/simplest.yaml) to the namespace `jaeger-test`:
 
 ```bash
-curl https://raw.githubusercontent.com/jaegertracing/jaeger-operator/master/deploy/examples/simplest.yaml | docker run -i --rm jaegertracing/jaeger-operator:master generate | kubectl apply -n jaeger-test -f -
+curl https://raw.githubusercontent.com/jaegertracing/jaeger-operator/main/examples/simplest.yaml | docker run -i --rm jaegertracing/jaeger-operator:main generate | kubectl apply -n jaeger-test -f -
 ```
 
 It is recommended to deploy the operator instead of generating a static manifest.
 
+## Jaeger V2 Operator
+
+As the Jaeger V2 is released, it is decided that Jaeger V2 will deployed on Kubernetes using [OpenTelemetry Operator](https://github.com/open-telemetry/opentelemetry-operator). This will benefit both the users of Jaeger and OpenTelemetry. To use Jaeger V2 with OpenTelemetry Operator, the steps are as follows:
+
+* Install the cert-manager in the existing cluster with the command:
+```bash
+kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.16.1/cert-manager.yaml
+```
+
+Please verify all the resources (e.g., Pods and Deployments) are in a ready state in the `cert-manager` namespace.
+
+* Install the OpenTelemetry Operator by running:
+```bash
+kubectl apply -f https://github.com/open-telemetry/opentelemetry-operator/releases/latest/download/opentelemetry-operator.yaml
+```
+
+Please verify all the resources (e.g., Pods and Deployments) are in a ready state in the `opentelemetry-operator-system` namespace.
+
+### Using Jaeger with in-memory storage
+
+Once all the resources are ready, create a Jaeger instance as follows:
+```yaml
+kubectl apply -f - <<EOF
+apiVersion: opentelemetry.io/v1beta1
+kind: OpenTelemetryCollector
+metadata:
+  name: jaeger-inmemory-instance
+spec:
+  image: jaegertracing/jaeger:latest
+  ports:
+  - name: jaeger
+    port: 16686
+  config:
+    service:
+      extensions: [jaeger_storage, jaeger_query]
+      pipelines:
+        traces:
+          receivers: [otlp]    
+          exporters: [jaeger_storage_exporter]
+    extensions:
+      jaeger_query:
+        storage:
+          traces: memstore
+      jaeger_storage:
+        backends:
+          memstore:
+            memory:
+              max_traces: 100000
+    receivers:
+      otlp:
+        protocols:
+          grpc:
+            endpoint: 0.0.0.0:4317
+          http:
+            endpoint: 0.0.0.0:4318
+    exporters:
+      jaeger_storage_exporter:
+        trace_storage: memstore
+EOF
+```
+
+To use the in-memory storage ui for Jaeger V2, expose the pod, deployment or the service as follows:
+```bash
+kubectl port-forward deployment/jaeger-inmemory-instance-collector 8080:16686
+```
+
+Or
+
+```bash
+kubectl port-forward service/jaeger-inmemory-instance-collector 8080:16686
+```
+
+Once done, type `localhost:8080` in the browser to interact with the UI.
+
+[Note] There's an ongoing development in OpenTelemetry Operator where users will be able to interact directly with the UI.
+
+### Using Jaeger with database to store traces
+To use Jaeger V2 with the supported database, it is mandatory to create database deployments and they should be in `ready` state [(ref)](https://www.jaegertracing.io/docs/2.0/storage/).
+
+Create a Kubernetes Service that exposes the database pods enabling communication between the database and Jaeger pods.
+
+This can be achieved by creating a service in two ways, first by creating it [manually](https://kubernetes.io/docs/concepts/services-networking/service/) or second by creating it using imperative command.
+
+```bash
+kubectl expose pods <pod-name> --port=<port-number> --name=<name-of-the-service>
+```
+
+Or
+
+```bash
+kubectl expose deployment <deployment-name> --port=<port-number> --name=<name-of-the-service>
+```
+
+After the service is created, add the name of the service as an endpoint in their respective config as follows:
+
+* [Cassandra DB](https://github.com/jaegertracing/jaeger/blob/main/cmd/jaeger/config-cassandra.yaml):
+```yaml
+jaeger_storage:
+  backends:
+    some_storage:
+      cassandra:
+        connection:
+          servers: [<name-of-the-service>]
+```
+
+* [ElasticSearch](https://github.com/jaegertracing/jaeger/blob/main/cmd/jaeger/config-elasticsearch.yaml):
+```yaml
+jaeger_storage:
+  backends:
+    some_storage:
+      elasticseacrh:
+        servers: [<name-of-the-service>]
+```
+
+Use the modified config to create Jaeger instance with the help of OpenTelemetry Operator.
+
+```yaml
+kubectl apply -f - <<EOF
+apiVersion: opentelemetry.io/v1beta1
+kind: OpenTelemetryCollector
+metadata:
+  name: jaeger-storage-instance # name of your choice
+spec:
+  image: jaegertracing/jaeger:latest
+  ports:
+  - name: jaeger
+    port: 16686
+  config:
+    # modified config
+EOF
+```
+
 ## Contributing and Developing
 
 Please see [CONTRIBUTING.md](CONTRIBUTING.md).
 
 ## License
-  
+
 [Apache 2.0 License](./LICENSE).
 
 [ci-img]: https://github.com/jaegertracing/jaeger-operator/workflows/CI%20Workflow/badge.svg
 [ci]: https://github.com/jaegertracing/jaeger-operator/actions
-[cov-img]: https://codecov.io/gh/jaegertracing/jaeger-operator/branch/master/graph/badge.svg
+[cov-img]: https://codecov.io/gh/jaegertracing/jaeger-operator/branch/main/graph/badge.svg
 [cov]: https://codecov.io/github/jaegertracing/jaeger-operator/
 [goreport-img]: https://goreportcard.com/badge/github.com/jaegertracing/jaeger-operator
 [goreport]: https://goreportcard.com/report/github.com/jaegertracing/jaeger-operator
 [godoc-img]: https://godoc.org/github.com/jaegertracing/jaeger-operator?status.svg
-[godoc]: https://godoc.org/github.com/jaegertracing/jaeger-operator/pkg/apis/jaegertracing/v1#JaegerSpec
+[godoc]: https://godoc.org/github.com/jaegertracing/jaeger-operator/apis/v1#JaegerSpec

RELEASE.md

@@ -1,39 +1,72 @@
 # Releasing the Jaeger Operator for Kubernetes
 
-1. Update Jaeger version in `versions.txt`
+## Generating the changelog
 
-1. Make sure the new version is present at `pkg/upgrade/versions.go`
+- Get the `OAUTH_TOKEN` from [Github](https://github.com/settings/tokens/new?description=GitHub%20Changelog%20Generator%20token), select `repo:status` scope.
+- Run  `OAUTH_TOKEN=... make changelog`
+- Remove the commits that are not relevant to users, like:
+  * CI or testing-specific commits (e2e, unit test, ...)
+  * bug fixes for problems that are not part of a release yet
+  * version bumps for internal dependencies
 
-1. Prepare a changelog since last release. Get the `OAUTH_TOKEN` from (Github)[https://github.com/settings/tokens/new?description=GitHub%20Changelog%20Generator%20token] and select `repo:status` scope.
+## Releasing
 
-    ```
-    OAUTH_TOKEN=... make changelog
-    ```
+Steps to release a new version of the Jaeger Operator:
 
-1. Commit version change and changelog and create a pull request:
 
-   ```
-   git commit -m "Preparing relase 1.16.0" -s
+1. Change the `versions.txt `so that it lists the target version of the Jaeger (if it is required). **Don't touch the operator version**: it will be changed automatically in the next step.
+
+2. Confirm that `MIN_KUBERNETES_VERSION` and `MIN_OPENSHIFT_VERSION` in the `Makefile` are still up-to-date, and update them if required.
+
+2. Run `OPERATOR_VERSION=1.30.0 make prepare-release`, using the operator version that will be released.
+
+3. Run the E2E tests in OpenShift as described in [the CONTRIBUTING.md](CONTRIBUTING.md#an-external-cluster-like-openshift) file. The tests will be executed automatically in Kubernetes by the GitHub Actions CI later.
+
+4. Prepare a changelog since last release.
+
+4. Update the release manager schedule.
+
+5. Commit the changes and create a pull request:
+
+   ```sh
+   git commit -sm "Preparing release v1.30.0"
    ```
 
-1. Tag and push
+5. Once the changes above are merged and available in `main` tag it with the desired version, prefixed with `v`, eg. `v1.30.0`
 
-    ```
-    git checkout master ## it's only possible to release from master for now!
-    git tag release/v1.16.0
-    git push git@github.com:jaegertracing/jaeger-operator.git release/v1.16.0
+    ```sh
+    git checkout main
+    git tag v1.30.0
+    git push git@github.com:jaegertracing/jaeger-operator.git v1.30.0
     ```
 
-1. Wait until release CI job finishes and then pull the changes:
+6. The GitHub Workflow will take it from here, creating a GitHub release and publishing the images
 
-    ```
-    git pull git@github.com:jaegertracing/jaeger-operator.git master
-    ```
+7. After the release, PRs needs to be created against the Operator Hub Community Operators repositories:
 
-1. Apply generated OLM catalog files to [operatorhub.io](https://operatorhub.io)
+    * One for the [upstream-community-operators](https://github.com/k8s-operatorhub/community-operators), used by OLM on Kubernetes.
+    * One for the [community-operators](https://github.com/redhat-openshift-ecosystem/community-operators-prod) used by OpenShift.
 
-    * Clone the [operatorhub](https://github.com/operator-framework/community-operators) repo
-    * Run `make operatorhub`
-      - If you have [`hub`](https://hub.github.com/) installed and configured, it will open the necessary PRs for you automatically. Hint: `dnf install hub` works fine on Fedora.
-      - If you don't have it, the branches will be pushed to `origin` and you should be able to open the PR from there
+This can be done with the following steps:
+- Update main `git pull git@github.com:jaegertracing/jaeger-operator.git main`
+- Clone both repositories `upstream-community-operators` and `community-operators`
+- Run `make operatorhub`
+  * If you have [`gh`](https://cli.github.com/) installed and configured, it will open the necessary PRs for you automatically.
+  * If you don't have it, the branches will be pushed to `origin` and you should be able to open the PR from there
 
+## Note
+After the PRs have been made it must be ensured that:
+- Images listed in the ClusterServiceVersion (CSV) have a versions tag [#1682](https://github.com/jaegertracing/jaeger-operator/issues/1682)
+- No `bundle` folder is included in the release
+- No foreign CRs like prometheus are in the manifests
+
+## Release managers
+
+The operator should be released within a week after the [Jaeger release](https://github.com/jaegertracing/jaeger/blob/main/RELEASE.md#release-managers).
+
+| Version | Release Manager                                          |
+|---------| -------------------------------------------------------- |
+| 1.63.0  | [Benedikt Bongartz](https://github.com/frzifus)          |
+| 1.64.0  | [Pavol Loffay](https://github.com/pavolloffay)           |
+| 1.65.0  | [Israel Blancas](https://github.com/iblancasa)           |
+| 1.66.0  | [Ruben Vargas](https://github.com/rubenvp8510)           |

apis/v1/deployment_strategy.go

@@ -6,24 +6,19 @@ import (
 )
 
 // DeploymentStrategy represents the possible values for deployment strategies
-// +k8s:openapi-gen=true
 type DeploymentStrategy string
 
 const (
 	// DeploymentStrategyDeprecatedAllInOne represents the (deprecated) 'all-in-one' deployment strategy
-	// +k8s:openapi-gen=true
 	DeploymentStrategyDeprecatedAllInOne DeploymentStrategy = "all-in-one"
 
 	// DeploymentStrategyAllInOne represents the 'allInOne' deployment strategy (default)
-	// +k8s:openapi-gen=true
 	DeploymentStrategyAllInOne DeploymentStrategy = "allinone"
 
 	// DeploymentStrategyStreaming represents the 'streaming' deployment strategy
-	// +k8s:openapi-gen=true
 	DeploymentStrategyStreaming DeploymentStrategy = "streaming"
 
 	// DeploymentStrategyProduction represents the 'production' deployment strategy
-	// +k8s:openapi-gen=true
 	DeploymentStrategyProduction DeploymentStrategy = "production"
 )
 

apis/v1/deployment_strategy_test.go

@@ -5,6 +5,7 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestUnmarshalJSON(t *testing.T) {
@@ -28,7 +29,7 @@ func TestUnmarshalJSON(t *testing.T) {
 		t.Run(name, func(t *testing.T) {
 			ds := DeploymentStrategy("")
 			err := json.Unmarshal([]byte(tc.json), &ds)
-			assert.NoError(t, err)
+			require.NoError(t, err)
 			assert.Equal(t, tc.expected, ds)
 		})
 	}
@@ -48,7 +49,7 @@ func TestMarshalJSON(t *testing.T) {
 	for name, tc := range tcs {
 		t.Run(name, func(t *testing.T) {
 			data, err := json.Marshal(tc.strategy)
-			assert.NoError(t, err)
+			require.NoError(t, err)
 			assert.Equal(t, tc.expected, string(data))
 		})
 	}

apis/v1/freeform_test.go

@@ -4,6 +4,7 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestFreeForm(t *testing.T) {
@@ -16,7 +17,7 @@ func TestFreeForm(t *testing.T) {
 		},
 	})
 	json, err := o.MarshalJSON()
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	assert.NotNil(t, json)
 	assert.Equal(t, uiconfig, string(*o.json))
 }
@@ -26,7 +27,7 @@ func TestFreeFormUnmarhalMarshal(t *testing.T) {
 	o := NewFreeForm(nil)
 	o.UnmarshalJSON([]byte(uiconfig))
 	json, err := o.MarshalJSON()
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	assert.NotNil(t, json)
 	assert.Equal(t, uiconfig, string(*o.json))
 }
@@ -66,9 +67,9 @@ func TestToMap(t *testing.T) {
 		f := NewFreeForm(test.m)
 		got, err := f.GetMap()
 		if test.err != "" {
-			assert.EqualError(t, err, test.err)
+			require.EqualError(t, err, test.err)
 		} else {
-			assert.NoError(t, err)
+			require.NoError(t, err)
 			assert.Equal(t, test.expected, got)
 		}
 	}

apis/v1/groupversion_info.go

@@ -0,0 +1,20 @@
+// Package v1 contains API Schema definitions for the jaegertracing.io v1 API group
+// +kubebuilder:object:generate=true
+// +groupName=jaegertracing.io
+package v1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+var (
+	// GroupVersion is group version used to register these objects
+	GroupVersion = schema.GroupVersion{Group: "jaegertracing.io", Version: "v1"}
+
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
+	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
+
+	// AddToScheme adds the types in this group-version to the given scheme.
+	AddToScheme = SchemeBuilder.AddToScheme
+)

apis/v1/jaeger_types.go

@@ -1,108 +1,106 @@
 package v1
 
 import (
+	esv1 "github.com/openshift/elasticsearch-operator/apis/logging/v1"
+	appsv1 "k8s.io/api/apps/v1"
 	v1 "k8s.io/api/core/v1"
+	networkingv1 "k8s.io/api/networking/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-	esv1 "github.com/jaegertracing/jaeger-operator/pkg/storage/elasticsearch/v1"
 )
 
 // IngressSecurityType represents the possible values for the security type
-// +k8s:openapi-gen=true
 type IngressSecurityType string
 
 // JaegerPhase represents the current phase of Jaeger instances
-// +k8s:openapi-gen=true
 type JaegerPhase string
 
 // JaegerStorageType represents the Jaeger storage type
-// +k8s:openapi-gen=true
 type JaegerStorageType string
 
 const (
-	// FlagPlatformKubernetes represents the value for the 'platform' flag for Kubernetes
-	// +k8s:openapi-gen=true
-	FlagPlatformKubernetes = "kubernetes"
+	// FlagCronJobsVersion represents the version of the Kubernetes CronJob API
+	FlagCronJobsVersion = "cronjobs-version"
 
-	// FlagPlatformOpenShift represents the value for the 'platform' flag for OpenShift
-	// +k8s:openapi-gen=true
-	FlagPlatformOpenShift = "openshift"
+	// FlagCronJobsVersionBatchV1 represents the batch/v1 version of the Kubernetes CronJob API, available as of 1.21
+	FlagCronJobsVersionBatchV1 = "batch/v1"
+
+	// FlagCronJobsVersionBatchV1Beta1 represents the batch/v1beta1 version of the Kubernetes CronJob API, no longer available as of 1.25
+	FlagCronJobsVersionBatchV1Beta1 = "batch/v1beta1"
+
+	// FlagAutoscalingVersion represents the version of the Kubernetes Autoscaling API
+	FlagAutoscalingVersion = "autoscaling-version"
+
+	// FlagAutoscalingVersionV2 represents the v2 version of the Kubernetes Autoscaling API, available as of 1.23
+	FlagAutoscalingVersionV2 = "autoscaling/v2"
+
+	// FlagAutoscalingVersionV2Beta2 represents the v2beta2 version of the Kubernetes Autoscaling API, no longer available as of 1.26
+	FlagAutoscalingVersionV2Beta2 = "autoscaling/v2beta2"
+
+	// FlagPlatform represents the flag to set the platform
+	FlagPlatform = "platform"
 
 	// FlagPlatformAutoDetect represents the "auto-detect" value for the platform flag
-	// +k8s:openapi-gen=true
 	FlagPlatformAutoDetect = "auto-detect"
 
+	// FlagESProvision represents the 'es-provision' flag
+	FlagESProvision = "es-provision"
+
 	// FlagProvisionElasticsearchAuto represents the 'auto' value for the 'es-provision' flag
-	// +k8s:openapi-gen=true
 	FlagProvisionElasticsearchAuto = "auto"
 
-	// FlagProvisionElasticsearchYes represents the value 'yes' for the 'es-provision' flag
-	// +k8s:openapi-gen=true
-	FlagProvisionElasticsearchYes = "yes"
-
-	// FlagProvisionElasticsearchNo represents the value 'no' for the 'es-provision' flag
-	// +k8s:openapi-gen=true
-	FlagProvisionElasticsearchNo = "no"
-
 	// FlagProvisionKafkaAuto represents the 'auto' value for the 'kafka-provision' flag
-	// +k8s:openapi-gen=true
 	FlagProvisionKafkaAuto = "auto"
 
-	// FlagProvisionKafkaYes represents the value 'yes' for the 'kafka-provision' flag
-	// +k8s:openapi-gen=true
-	FlagProvisionKafkaYes = "yes"
+	// FlagKafkaProvision represents the 'kafka-provision' flag.
+	FlagKafkaProvision = "kafka-provision"
 
-	// FlagProvisionKafkaNo represents the value 'no' for the 'kafka-provision' flag
-	// +k8s:openapi-gen=true
-	FlagProvisionKafkaNo = "no"
+	// FlagAuthDelegatorAvailability represents the 'auth-delegator-available' flag.
+	FlagAuthDelegatorAvailability = "auth-delegator-available"
+
+	// FlagOpenShiftOauthProxyImage represents the 'openshift-oauth-proxy-image' flag.
+	FlagOpenShiftOauthProxyImage = "openshift-oauth-proxy-image"
 
 	// IngressSecurityNone disables any form of security for ingress objects (default)
-	// +k8s:openapi-gen=true
 	IngressSecurityNone IngressSecurityType = ""
 
+	// FlagDefaultIngressClass represents the default Ingress class from the cluster
+	FlagDefaultIngressClass = "default-ingressclass"
+
 	// IngressSecurityNoneExplicit used when the user specifically set it to 'none'
-	// +k8s:openapi-gen=true
 	IngressSecurityNoneExplicit IngressSecurityType = "none"
 
 	// IngressSecurityOAuthProxy represents an OAuth Proxy as security type
-	// +k8s:openapi-gen=true
 	IngressSecurityOAuthProxy IngressSecurityType = "oauth-proxy"
 
 	// AnnotationProvisionedKafkaKey is a label to be added to Kafkas that have been provisioned by Jaeger
-	// +k8s:openapi-gen=true
 	AnnotationProvisionedKafkaKey string = "jaegertracing.io/kafka-provisioned"
 
 	// AnnotationProvisionedKafkaValue is a label to be added to Kafkas that have been provisioned by Jaeger
-	// +k8s:openapi-gen=true
 	AnnotationProvisionedKafkaValue string = "true"
 
 	// JaegerPhaseFailed indicates that the Jaeger instance failed to be provisioned
-	// +k8s:openapi-gen=true
 	JaegerPhaseFailed JaegerPhase = "Failed"
 
 	// JaegerPhaseRunning indicates that the Jaeger instance is ready and running
-	// +k8s:openapi-gen=true
 	JaegerPhaseRunning JaegerPhase = "Running"
 
 	// JaegerMemoryStorage indicates that the Jaeger storage type is memory. This is the default storage type.
-	// +k8s:openapi-gen=true
 	JaegerMemoryStorage JaegerStorageType = "memory"
 
 	// JaegerCassandraStorage indicates that the Jaeger storage type is cassandra
-	// +k8s:openapi-gen=true
 	JaegerCassandraStorage JaegerStorageType = "cassandra"
 
 	// JaegerESStorage indicates that the Jaeger storage type is elasticsearch
-	// +k8s:openapi-gen=true
 	JaegerESStorage JaegerStorageType = "elasticsearch"
 
 	// JaegerKafkaStorage indicates that the Jaeger storage type is kafka
-	// +k8s:openapi-gen=true
 	JaegerKafkaStorage JaegerStorageType = "kafka"
 
 	// JaegerBadgerStorage indicates that the Jaeger storage type is badger
-	// +k8s:openapi-gen=true
 	JaegerBadgerStorage JaegerStorageType = "badger"
+
+	// JaegerGRPCPluginStorage indicates that the Jaeger storage type is grpc-plugin
+	JaegerGRPCPluginStorage JaegerStorageType = "grpc-plugin"
 )
 
 // ValidStorageTypes returns the list of valid storage types
@@ -113,6 +111,7 @@ func ValidStorageTypes() []JaegerStorageType {
 		JaegerESStorage,
 		JaegerKafkaStorage,
 		JaegerBadgerStorage,
+		JaegerGRPCPluginStorage,
 	}
 }
 
@@ -121,13 +120,16 @@ func (storageType JaegerStorageType) OptionsPrefix() string {
 	if storageType == JaegerESStorage {
 		return "es"
 	}
+	if storageType == JaegerGRPCPluginStorage {
+		return "grpc-storage-plugin"
+	}
 	return string(storageType)
 }
 
 // JaegerSpec defines the desired state of Jaeger
-// +k8s:openapi-gen=true
 type JaegerSpec struct {
 	// +optional
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Strategy"
 	Strategy DeploymentStrategy `json:"strategy,omitempty"`
 
 	// +optional
@@ -163,17 +165,20 @@ type JaegerSpec struct {
 }
 
 // JaegerStatus defines the observed state of Jaeger
-// +k8s:openapi-gen=true
 type JaegerStatus struct {
-	Version string      `json:"version"`
-	Phase   JaegerPhase `json:"phase"`
+	// +operator-sdk:csv:customresourcedefinitions:type=status
+	// +operator-sdk:csv:customresourcedefinitions:displayName="Version"
+	Version string `json:"version"`
+	// +operator-sdk:csv:customresourcedefinitions:type=status
+	// +operator-sdk:csv:customresourcedefinitions:displayName="Phase"
+	Phase JaegerPhase `json:"phase"`
 }
 
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
 // Jaeger is the Schema for the jaegers API
-// +k8s:openapi-gen=true
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
 // +operator-sdk:gen-csv:customresourcedefinitions.displayName="Jaeger"
+// +operator-sdk:csv:customresourcedefinitions:resources={{CronJob,v1beta1},{Pod,v1},{Deployment,apps/v1}, {Ingress,networking/v1},{DaemonSets,apps/v1},{StatefulSets,apps/v1},{ConfigMaps,v1},{Service,v1}}
 // +kubebuilder:subresource:status
 // +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.phase",description="Jaeger instance's status"
 // +kubebuilder:printcolumn:name="Version",type="string",JSONPath=".status.version",description="Jaeger Version"
@@ -194,7 +199,6 @@ type Jaeger struct {
 }
 
 // JaegerCommonSpec defines the common elements used in multiple other spec structs
-// +k8s:openapi-gen=true
 type JaegerCommonSpec struct {
 	// +optional
 	// +listType=atomic
@@ -225,12 +229,24 @@ type JaegerCommonSpec struct {
 	// +optional
 	SecurityContext *v1.PodSecurityContext `json:"securityContext,omitempty"`
 
+	// +optional
+	ContainerSecurityContext *v1.SecurityContext `json:"containerSecurityContext,omitempty"`
+
 	// +optional
 	ServiceAccount string `json:"serviceAccount,omitempty"`
+
+	// +optional
+	LivenessProbe *v1.Probe `json:"livenessProbe,omitempty"`
+
+	// +optional
+	// +listType=atomic
+	ImagePullSecrets []v1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
+
+	// +optional
+	ImagePullPolicy v1.PullPolicy `json:"imagePullPolicy,omitempty"`
 }
 
 // JaegerQuerySpec defines the options to be used when deploying the query
-// +k8s:openapi-gen=true
 type JaegerQuerySpec struct {
 	// Replicas represents the number of replicas to create for this service.
 	// +optional
@@ -240,8 +256,12 @@ type JaegerQuerySpec struct {
 	Image string `json:"image,omitempty"`
 
 	// +optional
+	// +kubebuilder:pruning:PreserveUnknownFields
 	Options Options `json:"options,omitempty"`
 
+	// +optional
+	MetricsStorage JaegerMetricsStorageSpec `json:"metricsStorage,omitempty"`
+
 	// +optional
 	JaegerCommonSpec `json:",inline,omitempty"`
 
@@ -252,29 +272,47 @@ type JaegerQuerySpec struct {
 	// See https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
 	ServiceType v1.ServiceType `json:"serviceType,omitempty"`
 
+	// +optional
+	// NodePort represents the port at which the NodePort service to allocate
+	NodePort int32 `json:"nodePort,omitempty"`
+
+	// +optional
+	// NodePort represents the port at which the NodePort service to allocate
+	GRPCNodePort int32 `json:"grpcNodePort,omitempty"`
+
 	// +optional
 	// TracingEnabled if set to false adds the JAEGER_DISABLED environment flag and removes the injected
 	// agent container from the query component to disable tracing requests to the query service.
-	// The default, if ommited, is true
+	// The default, if omitted, is true
 	TracingEnabled *bool `json:"tracingEnabled,omitempty"`
+
+	// +optional
+	PriorityClassName string `json:"priorityClassName,omitempty"`
+
+	// +optional
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Strategy"
+	Strategy *appsv1.DeploymentStrategy `json:"strategy,omitempty"`
+
+	// +optional
+	// +nullable
+	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
 }
 
 // JaegerUISpec defines the options to be used to configure the UI
-// +k8s:openapi-gen=true
 type JaegerUISpec struct {
 	// +optional
+	// +kubebuilder:pruning:PreserveUnknownFields
 	Options FreeForm `json:"options,omitempty"`
 }
 
 // JaegerSamplingSpec defines the options to be used to configure the UI
-// +k8s:openapi-gen=true
 type JaegerSamplingSpec struct {
 	// +optional
+	// +kubebuilder:pruning:PreserveUnknownFields
 	Options FreeForm `json:"options,omitempty"`
 }
 
 // JaegerIngressSpec defines the options to be used when deploying the query ingress
-// +k8s:openapi-gen=true
 type JaegerIngressSpec struct {
 	// +optional
 	Enabled *bool `json:"enabled,omitempty"`
@@ -289,6 +327,9 @@ type JaegerIngressSpec struct {
 	// +listType=atomic
 	Hosts []string `json:"hosts,omitempty"`
 
+	// +optional
+	PathType networkingv1.PathType `json:"pathType,omitempty"`
+
 	// +optional
 	// +listType=atomic
 	TLS []JaegerIngressTLSSpec `json:"tls,omitempty"`
@@ -301,11 +342,14 @@ type JaegerIngressSpec struct {
 	JaegerCommonSpec `json:",inline,omitempty"`
 
 	// +optional
+	// +kubebuilder:pruning:PreserveUnknownFields
 	Options Options `json:"options,omitempty"`
+
+	// +optional
+	IngressClassName *string `json:"ingressClassName,omitempty"`
 }
 
 // JaegerIngressTLSSpec defines the TLS configuration to be used when deploying the query ingress
-// +k8s:openapi-gen=true
 type JaegerIngressTLSSpec struct {
 	// +optional
 	// +listType=atomic
@@ -317,10 +361,9 @@ type JaegerIngressTLSSpec struct {
 
 // JaegerIngressOpenShiftSpec defines the OpenShift-specific options in the context of ingress connections,
 // such as options for the OAuth Proxy
-// +k8s:openapi-gen=true
 type JaegerIngressOpenShiftSpec struct {
 	// +optional
-	SAR string `json:"sar,omitempty"`
+	SAR *string `json:"sar,omitempty"`
 
 	// +optional
 	DelegateUrls string `json:"delegateUrls,omitempty"`
@@ -331,32 +374,46 @@ type JaegerIngressOpenShiftSpec struct {
 	// SkipLogout tells the operator to not automatically add a "Log Out" menu option to the custom Jaeger configuration
 	// +optional
 	SkipLogout *bool `json:"skipLogout,omitempty"`
+
+	// Timeout defines client timeout from oauth-proxy to jaeger.
+	// +optional
+	Timeout *metav1.Duration `json:"timeout,omitempty"`
 }
 
 // JaegerAllInOneSpec defines the options to be used when deploying the query
-// +k8s:openapi-gen=true
 type JaegerAllInOneSpec struct {
 	// +optional
 	Image string `json:"image,omitempty"`
 
 	// +optional
+	// +kubebuilder:pruning:PreserveUnknownFields
 	Options Options `json:"options,omitempty"`
 
 	// +optional
+	// +kubebuilder:pruning:PreserveUnknownFields
 	Config FreeForm `json:"config,omitempty"`
 
+	// +optional
+	MetricsStorage JaegerMetricsStorageSpec `json:"metricsStorage,omitempty"`
+
 	// +optional
 	JaegerCommonSpec `json:",inline,omitempty"`
 
 	// +optional
 	// TracingEnabled if set to false adds the JAEGER_DISABLED environment flag and removes the injected
 	// agent container from the query component to disable tracing requests to the query service.
-	// The default, if ommited, is true
+	// The default, if omitted, is true
 	TracingEnabled *bool `json:"tracingEnabled,omitempty"`
+
+	// +optional
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Strategy"
+	Strategy *appsv1.DeploymentStrategy `json:"strategy,omitempty"`
+
+	// +optional
+	PriorityClassName string `json:"priorityClassName,omitempty"`
 }
 
 // AutoScaleSpec defines the common elements used for create HPAs
-// +k8s:openapi-gen=true
 type AutoScaleSpec struct {
 	// Autoscale turns on/off the autoscale feature. By default, it's enabled if the Replicas field is not set.
 	// +optional
@@ -371,9 +428,7 @@ type AutoScaleSpec struct {
 }
 
 // JaegerCollectorSpec defines the options to be used when deploying the collector
-// +k8s:openapi-gen=true
 type JaegerCollectorSpec struct {
-
 	// +optional
 	AutoScaleSpec `json:",inline,omitempty"`
 
@@ -385,12 +440,14 @@ type JaegerCollectorSpec struct {
 	Image string `json:"image,omitempty"`
 
 	// +optional
+	// +kubebuilder:pruning:PreserveUnknownFields
 	Options Options `json:"options,omitempty"`
 
 	// +optional
 	JaegerCommonSpec `json:",inline,omitempty"`
 
 	// +optional
+	// +kubebuilder:pruning:PreserveUnknownFields
 	Config FreeForm `json:"config,omitempty"`
 
 	// +optional
@@ -399,10 +456,29 @@ type JaegerCollectorSpec struct {
 	// The default, if omitted, is ClusterIP.
 	// See https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
 	ServiceType v1.ServiceType `json:"serviceType,omitempty"`
+
+	// +optional
+	PriorityClassName string `json:"priorityClassName,omitempty"`
+
+	// +optional
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Strategy"
+	Strategy *appsv1.DeploymentStrategy `json:"strategy,omitempty"`
+
+	// +optional
+	KafkaSecretName string `json:"kafkaSecretName"`
+
+	// +optional
+	// +nullable
+	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
+
+	// +optional
+	Lifecycle *v1.Lifecycle `json:"lifecycle,omitempty"`
+
+	// +optional
+	TerminationGracePeriodSeconds *int64 `json:"terminationGracePeriodSeconds,omitempty"`
 }
 
 // JaegerIngesterSpec defines the options to be used when deploying the ingester
-// +k8s:openapi-gen=true
 type JaegerIngesterSpec struct {
 	// +optional
 	AutoScaleSpec `json:",inline,omitempty"`
@@ -415,17 +491,28 @@ type JaegerIngesterSpec struct {
 	Image string `json:"image,omitempty"`
 
 	// +optional
+	// +kubebuilder:pruning:PreserveUnknownFields
 	Options Options `json:"options,omitempty"`
 
 	// +optional
 	JaegerCommonSpec `json:",inline,omitempty"`
 
 	// +optional
+	// +kubebuilder:pruning:PreserveUnknownFields
 	Config FreeForm `json:"config,omitempty"`
+
+	// +optional
+	Strategy *appsv1.DeploymentStrategy `json:"strategy,omitempty"`
+
+	// +optional
+	KafkaSecretName string `json:"kafkaSecretName"`
+
+	// +optional
+	// +nullable
+	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
 }
 
 // JaegerAgentSpec defines the options to be used when deploying the agent
-// +k8s:openapi-gen=true
 type JaegerAgentSpec struct {
 	// Strategy can be either 'DaemonSet' or 'Sidecar' (default)
 	// +optional
@@ -435,16 +522,14 @@ type JaegerAgentSpec struct {
 	Image string `json:"image,omitempty"`
 
 	// +optional
-	// +listType=atomic
-	ImagePullSecrets []v1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
-
-	// +optional
+	// +kubebuilder:pruning:PreserveUnknownFields
 	Options Options `json:"options,omitempty"`
 
 	// +optional
 	JaegerCommonSpec `json:",inline,omitempty"`
 
 	// +optional
+	// +kubebuilder:pruning:PreserveUnknownFields
 	Config FreeForm `json:"config,omitempty"`
 
 	// +optional
@@ -452,10 +537,15 @@ type JaegerAgentSpec struct {
 
 	// +optional
 	HostNetwork *bool `json:"hostNetwork,omitempty"`
+
+	// +optional
+	DNSPolicy v1.DNSPolicy `json:"dnsPolicy,omitempty"`
+
+	// +optional
+	PriorityClassName string `json:"priorityClassName,omitempty"`
 }
 
 // JaegerStorageSpec defines the common storage options to be used for the query and collector
-// +k8s:openapi-gen=true
 type JaegerStorageSpec struct {
 	// +optional
 	Type JaegerStorageType `json:"type,omitempty"`
@@ -464,6 +554,7 @@ type JaegerStorageSpec struct {
 	SecretName string `json:"secretName,omitempty"`
 
 	// +optional
+	// +kubebuilder:pruning:PreserveUnknownFields
 	Options Options `json:"options,omitempty"`
 
 	// +optional
@@ -480,11 +571,36 @@ type JaegerStorageSpec struct {
 
 	// +optional
 	Elasticsearch ElasticsearchSpec `json:"elasticsearch,omitempty"`
+
+	// +optional
+	GRPCPlugin GRPCPluginSpec `json:"grpcPlugin,omitempty"`
 }
 
-// ElasticsearchSpec represents the ES configuration options that we pass down to the Elasticsearch operator
-// +k8s:openapi-gen=true
+// JaegerMetricsStorageSpec defines the Metrics storage options to be used for the query and collector.
+type JaegerMetricsStorageSpec struct {
+	// +optional
+	Type JaegerStorageType `json:"type,omitempty"`
+
+	// +optional
+	ServerUrl string `json:"server-url,omitempty"`
+}
+
+// ElasticsearchSpec represents the ES configuration options that we pass down to the OpenShift Elasticsearch operator.
 type ElasticsearchSpec struct {
+	// Name of the OpenShift Elasticsearch instance. Defaults to elasticsearch.
+	// +optional
+	Name string `json:"name,omitempty"`
+
+	// Whether Elasticsearch should be provisioned or not.
+	// +optional
+	DoNotProvision bool `json:"doNotProvision,omitempty"`
+
+	// Whether Elasticsearch cert management feature should be used.
+	// This is a preferred setting for new Jaeger deployments on OCP versions newer than 4.6.
+	// The cert management feature was added to Red Hat Openshift logging 5.2 in OCP 4.7.
+	// +optional
+	UseCertManagement *bool `json:"useCertManagement,omitempty"`
+
 	// +optional
 	Image string `json:"image,omitempty"`
 
@@ -506,17 +622,19 @@ type ElasticsearchSpec struct {
 	// +optional
 	// +listType=atomic
 	Tolerations []v1.Toleration `json:"tolerations,omitempty"`
+
+	// +optional
+	ProxyResources *v1.ResourceRequirements `json:"proxyResources,omitempty"`
 }
 
 // JaegerCassandraCreateSchemaSpec holds the options related to the create-schema batch job
-// +k8s:openapi-gen=true
 type JaegerCassandraCreateSchemaSpec struct {
 	// +optional
 	Enabled *bool `json:"enabled,omitempty"`
 
 	// Image specifies the container image to use to create the cassandra schema.
 	// The Image is used by a Kubernetes Job, defaults to the image provided through the cli flag "jaeger-cassandra-schema-image" (default: jaegertracing/jaeger-cassandra-schema).
-	// See here for the jaeger-provided image: https://github.com/jaegertracing/jaeger/tree/master/plugin/storage/cassandra
+	// See here for the jaeger-provided image: https://github.com/jaegertracing/jaeger/tree/main/plugin/storage/cassandra
 	// +optional
 	Image string `json:"image,omitempty"`
 
@@ -544,12 +662,21 @@ type JaegerCassandraCreateSchemaSpec struct {
 	// +optional
 	Timeout string `json:"timeout,omitempty"`
 
+	// +optional
+	Affinity *v1.Affinity `json:"affinity,omitempty"`
+
 	// +optional
 	TTLSecondsAfterFinished *int32 `json:"ttlSecondsAfterFinished,omitempty"`
 }
 
+// GRPCPluginSpec represents the grpc-plugin configuration options.
+type GRPCPluginSpec struct {
+	// This image is used as an init-container to copy plugin binary into /plugin directory.
+	// +optional
+	Image string `json:"image,omitempty"`
+}
+
 // JaegerDependenciesSpec defined options for running spark-dependencies.
-// +k8s:openapi-gen=true
 type JaegerDependenciesSpec struct {
 	// +optional
 	Enabled *bool `json:"enabled,omitempty"`
@@ -578,15 +705,21 @@ type JaegerDependenciesSpec struct {
 	// +optional
 	ElasticsearchNodesWanOnly *bool `json:"elasticsearchNodesWanOnly,omitempty"`
 
+	// +optional
+	ElasticsearchTimeRange string `json:"elasticsearchTimeRange,omitempty"`
+
 	// +optional
 	TTLSecondsAfterFinished *int32 `json:"ttlSecondsAfterFinished,omitempty"`
 
+	// BackoffLimit sets the Kubernetes back-off limit
+	// +optional
+	BackoffLimit *int32 `json:"backoffLimit,omitempty"`
+
 	// +optional
 	JaegerCommonSpec `json:",inline,omitempty"`
 }
 
 // JaegerEsIndexCleanerSpec holds the options related to es-index-cleaner
-// +k8s:openapi-gen=true
 type JaegerEsIndexCleanerSpec struct {
 	// +optional
 	Enabled *bool `json:"enabled,omitempty"`
@@ -606,8 +739,15 @@ type JaegerEsIndexCleanerSpec struct {
 	// +optional
 	TTLSecondsAfterFinished *int32 `json:"ttlSecondsAfterFinished,omitempty"`
 
+	// BackoffLimit sets the Kubernetes back-off limit
+	// +optional
+	BackoffLimit *int32 `json:"backoffLimit,omitempty"`
+
 	// +optional
 	JaegerCommonSpec `json:",inline,omitempty"`
+
+	// +optional
+	PriorityClassName string `json:"priorityClassName,omitempty"`
 }
 
 // JaegerEsRolloverSpec holds the options related to es-rollover
@@ -627,6 +767,10 @@ type JaegerEsRolloverSpec struct {
 	// +optional
 	TTLSecondsAfterFinished *int32 `json:"ttlSecondsAfterFinished,omitempty"`
 
+	// BackoffLimit sets the Kubernetes back-off limit
+	// +optional
+	BackoffLimit *int32 `json:"backoffLimit,omitempty"`
+
 	// we parse it with time.ParseDuration
 	// +optional
 	ReadTTL string `json:"readTTL,omitempty"`
@@ -635,7 +779,7 @@ type JaegerEsRolloverSpec struct {
 	JaegerCommonSpec `json:",inline,omitempty"`
 }
 
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+//+kubebuilder:object:root=true
 
 // JaegerList contains a list of Jaeger
 type JaegerList struct {

apis/v1/jaeger_types_test.go

@@ -22,5 +22,6 @@ func TestValidTypes(t *testing.T) {
 			JaegerESStorage,
 			JaegerKafkaStorage,
 			JaegerBadgerStorage,
+			JaegerGRPCPluginStorage,
 		})
 }

apis/v1/jaeger_webhook.go

@@ -0,0 +1,164 @@
+package v1
+
+import (
+	"context"
+	"fmt"
+	"regexp"
+
+	esv1 "github.com/openshift/elasticsearch-operator/apis/logging/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	logf "sigs.k8s.io/controller-runtime/pkg/log"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+)
+
+const (
+	defaultElasticsearchName = "elasticsearch"
+)
+
+// log is for logging in this package.
+var (
+	jaegerlog = logf.Log.WithName("jaeger-resource")
+	cl        client.Client
+)
+
+// SetupWebhookWithManager adds Jaeger webook to the manager.
+func (j *Jaeger) SetupWebhookWithManager(mgr ctrl.Manager) error {
+	cl = mgr.GetClient()
+	return ctrl.NewWebhookManagedBy(mgr).
+		For(j).
+		Complete()
+}
+
+//+kubebuilder:webhook:path=/mutate-jaegertracing-io-v1-jaeger,mutating=true,failurePolicy=fail,sideEffects=None,groups=jaegertracing.io,resources=jaegers,verbs=create;update,versions=v1,name=mjaeger.kb.io,admissionReviewVersions={v1}
+
+func (j *Jaeger) objsWithOptions() []*Options {
+	return []*Options{
+		&j.Spec.AllInOne.Options, &j.Spec.Query.Options, &j.Spec.Collector.Options,
+		&j.Spec.Ingester.Options, &j.Spec.Agent.Options, &j.Spec.Storage.Options,
+	}
+}
+
+// Default implements webhook.Defaulter so a webhook will be registered for the type
+func (j *Jaeger) Default() {
+	jaegerlog.Info("default", "name", j.Name)
+	jaegerlog.Info("WARNING jaeger-agent is deprecated and will removed in v1.55.0. See https://github.com/jaegertracing/jaeger/issues/4739", "component", "agent")
+
+	if j.Spec.Storage.Elasticsearch.Name == "" {
+		j.Spec.Storage.Elasticsearch.Name = defaultElasticsearchName
+	}
+
+	if ShouldInjectOpenShiftElasticsearchConfiguration(j.Spec.Storage) && j.Spec.Storage.Elasticsearch.DoNotProvision {
+		// check if ES instance exists
+		es := &esv1.Elasticsearch{}
+		err := cl.Get(context.Background(), types.NamespacedName{
+			Namespace: j.Namespace,
+			Name:      j.Spec.Storage.Elasticsearch.Name,
+		}, es)
+		if errors.IsNotFound(err) {
+			return
+		}
+		j.Spec.Storage.Elasticsearch.NodeCount = OpenShiftElasticsearchNodeCount(es.Spec)
+	}
+
+	for _, opt := range j.objsWithOptions() {
+		optCopy := opt.DeepCopy()
+		if f := getAdditionalTLSFlags(optCopy.ToArgs()); f != nil {
+			newOpts := optCopy.GenericMap()
+			for k, v := range f {
+				newOpts[k] = v
+			}
+
+			if err := opt.parse(newOpts); err != nil {
+				jaegerlog.Error(err, "name", j.Name, "method", "Option.Parse")
+			}
+		}
+	}
+}
+
+// TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation.
+//+kubebuilder:webhook:path=/validate-jaegertracing-io-v1-jaeger,mutating=false,failurePolicy=fail,sideEffects=None,groups=jaegertracing.io,resources=jaegers,verbs=create;update,versions=v1,name=vjaeger.kb.io,admissionReviewVersions={v1}
+
+// ValidateCreate implements webhook.Validator so a webhook will be registered for the type
+func (j *Jaeger) ValidateCreate() (admission.Warnings, error) {
+	jaegerlog.Info("validate create", "name", j.Name)
+	return j.ValidateUpdate(nil)
+}
+
+// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
+func (j *Jaeger) ValidateUpdate(_ runtime.Object) (admission.Warnings, error) {
+	jaegerlog.Info("validate update", "name", j.Name)
+
+	if ShouldInjectOpenShiftElasticsearchConfiguration(j.Spec.Storage) && j.Spec.Storage.Elasticsearch.DoNotProvision {
+		// check if ES instance exists
+		es := &esv1.Elasticsearch{}
+		err := cl.Get(context.Background(), types.NamespacedName{
+			Namespace: j.Namespace,
+			Name:      j.Spec.Storage.Elasticsearch.Name,
+		}, es)
+		if errors.IsNotFound(err) {
+			return nil, fmt.Errorf("elasticsearch instance not found: %w", err)
+		}
+	}
+
+	for _, opt := range j.objsWithOptions() {
+		got := opt.DeepCopy().ToArgs()
+		if f := getAdditionalTLSFlags(got); f != nil {
+			return nil, fmt.Errorf("tls flags incomplete, got: %v", got)
+		}
+	}
+
+	return nil, nil
+}
+
+// ValidateDelete implements webhook.Validator so a webhook will be registered for the type
+func (j *Jaeger) ValidateDelete() (admission.Warnings, error) {
+	jaegerlog.Info("validate delete", "name", j.Name)
+	return nil, nil
+}
+
+// OpenShiftElasticsearchNodeCount returns total node count of Elasticsearch nodes.
+func OpenShiftElasticsearchNodeCount(spec esv1.ElasticsearchSpec) int32 {
+	nodes := int32(0)
+	for i := 0; i < len(spec.Nodes); i++ {
+		nodes += spec.Nodes[i].NodeCount
+	}
+	return nodes
+}
+
+// ShouldInjectOpenShiftElasticsearchConfiguration returns true if OpenShift Elasticsearch is used and its configuration should be used.
+func ShouldInjectOpenShiftElasticsearchConfiguration(s JaegerStorageSpec) bool {
+	if s.Type != JaegerESStorage {
+		return false
+	}
+	_, ok := s.Options.Map()["es.server-urls"]
+	return !ok
+}
+
+var (
+	tlsFlag          = regexp.MustCompile("--.*tls.*=")
+	tlsFlagIdx       = regexp.MustCompile("--.*tls")
+	tlsEnabledExists = regexp.MustCompile("--.*tls.enabled")
+)
+
+// getAdditionalTLSFlags returns additional tls arguments based on the argument
+// list. If no additional argument is needed, nil is returned.
+func getAdditionalTLSFlags(args []string) map[string]interface{} {
+	var res map[string]interface{}
+	for _, arg := range args {
+		a := []byte(arg)
+		if tlsEnabledExists.Match(a) {
+			// NOTE: if flag exists, we are done.
+			return nil
+		}
+		if tlsFlag.Match(a) && res == nil {
+			idx := tlsFlagIdx.FindIndex(a)
+			res = make(map[string]interface{})
+			res[arg[idx[0]+2:idx[1]]+".enabled"] = "true"
+		}
+	}
+	return res
+}

apis/v1/jaeger_webhook_test.go

@@ -0,0 +1,369 @@
+package v1
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	esv1 "github.com/openshift/elasticsearch-operator/apis/logging/v1"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/client-go/kubernetes/scheme"
+	"sigs.k8s.io/controller-runtime/pkg/client/fake"
+	"sigs.k8s.io/controller-runtime/pkg/webhook"
+)
+
+var (
+	_ webhook.Defaulter = &Jaeger{}
+	_ webhook.Validator = &Jaeger{}
+)
+
+func TestDefault(t *testing.T) {
+	tests := []struct {
+		name     string
+		objs     []runtime.Object
+		j        *Jaeger
+		expected *Jaeger
+	}{
+		{
+			name: "set missing ES name",
+			j: &Jaeger{
+				Spec: JaegerSpec{
+					Storage: JaegerStorageSpec{
+						Elasticsearch: ElasticsearchSpec{
+							Name: "",
+						},
+					},
+				},
+			},
+			expected: &Jaeger{
+				Spec: JaegerSpec{
+					Storage: JaegerStorageSpec{
+						Elasticsearch: ElasticsearchSpec{
+							Name: "elasticsearch",
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "set ES node count",
+			objs: []runtime.Object{
+				&corev1.Namespace{
+					ObjectMeta: metav1.ObjectMeta{
+						Name: "project1",
+					},
+				},
+				&esv1.Elasticsearch{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "my-es",
+						Namespace: "project1",
+					},
+					Spec: esv1.ElasticsearchSpec{
+						Nodes: []esv1.ElasticsearchNode{
+							{
+								NodeCount: 3,
+							},
+						},
+					},
+				},
+			},
+			j: &Jaeger{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "project1",
+				},
+				Spec: JaegerSpec{
+					Storage: JaegerStorageSpec{
+						Type: "elasticsearch",
+						Elasticsearch: ElasticsearchSpec{
+							Name:           "my-es",
+							DoNotProvision: true,
+						},
+					},
+				},
+			},
+			expected: &Jaeger{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "project1",
+				},
+				Spec: JaegerSpec{
+					Storage: JaegerStorageSpec{
+						Type: "elasticsearch",
+						Elasticsearch: ElasticsearchSpec{
+							Name:           "my-es",
+							NodeCount:      3,
+							DoNotProvision: true,
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "do not set ES node count",
+			j: &Jaeger{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "project1",
+				},
+				Spec: JaegerSpec{
+					Storage: JaegerStorageSpec{
+						Type: "elasticsearch",
+						Elasticsearch: ElasticsearchSpec{
+							Name:           "my-es",
+							DoNotProvision: false,
+							NodeCount:      1,
+						},
+					},
+				},
+			},
+			expected: &Jaeger{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "project1",
+				},
+				Spec: JaegerSpec{
+					Storage: JaegerStorageSpec{
+						Type: "elasticsearch",
+						Elasticsearch: ElasticsearchSpec{
+							Name:           "my-es",
+							NodeCount:      1,
+							DoNotProvision: false,
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "missing tls enable flag",
+			j: &Jaeger{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "project1",
+				},
+				Spec: JaegerSpec{
+					Storage: JaegerStorageSpec{
+						Type:    JaegerMemoryStorage,
+						Options: NewOptions(map[string]interface{}{"stuff.tls.test": "something"}),
+					},
+				},
+			},
+			expected: &Jaeger{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "project1",
+				},
+				Spec: JaegerSpec{
+					Storage: JaegerStorageSpec{
+						Type: JaegerMemoryStorage,
+						Options: NewOptions(
+							map[string]interface{}{
+								"stuff.tls.test":    "something",
+								"stuff.tls.enabled": "true",
+							},
+						),
+						Elasticsearch: ElasticsearchSpec{
+							Name: defaultElasticsearchName,
+						},
+					},
+				},
+			},
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			require.NoError(t, esv1.AddToScheme(scheme.Scheme))
+			require.NoError(t, AddToScheme(scheme.Scheme))
+			fakeCl := fake.NewClientBuilder().WithRuntimeObjects(test.objs...).Build()
+			cl = fakeCl
+
+			test.j.Default()
+			assert.Equal(t, test.expected, test.j)
+		})
+	}
+}
+
+func TestValidateDelete(t *testing.T) {
+	warnings, err := new(Jaeger).ValidateDelete()
+	assert.Nil(t, warnings)
+	require.NoError(t, err)
+}
+
+func TestValidate(t *testing.T) {
+	tests := []struct {
+		name         string
+		objsToCreate []runtime.Object
+		current      *Jaeger
+		err          string
+	}{
+		{
+			name: "ES instance exists",
+			objsToCreate: []runtime.Object{
+				&corev1.Namespace{
+					ObjectMeta: metav1.ObjectMeta{
+						Name: "project1",
+					},
+				},
+				&esv1.Elasticsearch{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "my-es",
+						Namespace: "project1",
+					},
+					Spec: esv1.ElasticsearchSpec{
+						Nodes: []esv1.ElasticsearchNode{
+							{
+								NodeCount: 3,
+							},
+						},
+					},
+				},
+			},
+			current: &Jaeger{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "project1",
+				},
+				Spec: JaegerSpec{
+					Storage: JaegerStorageSpec{
+						Type: "elasticsearch",
+						Elasticsearch: ElasticsearchSpec{
+							Name:           "my-es",
+							DoNotProvision: true,
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "ES instance does not exist",
+			objsToCreate: []runtime.Object{
+				&corev1.Namespace{
+					ObjectMeta: metav1.ObjectMeta{
+						Name: "project1",
+					},
+				},
+			},
+			current: &Jaeger{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "project1",
+				},
+				Spec: JaegerSpec{
+					Storage: JaegerStorageSpec{
+						Type: "elasticsearch",
+						Elasticsearch: ElasticsearchSpec{
+							Name:           "my-es",
+							DoNotProvision: true,
+						},
+					},
+				},
+			},
+			err: `elasticsearch instance not found: elasticsearchs.logging.openshift.io "my-es" not found`,
+		},
+		{
+			name: "missing tls options",
+			current: &Jaeger{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "project1",
+				},
+				Spec: JaegerSpec{
+					Storage: JaegerStorageSpec{
+						Options: NewOptions(map[string]interface{}{
+							"something.tls.else": "fails",
+						}),
+						Type: JaegerMemoryStorage,
+					},
+				},
+			},
+			err: `tls flags incomplete, got: [--something.tls.else=fails]`,
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			require.NoError(t, esv1.AddToScheme(scheme.Scheme))
+			require.NoError(t, AddToScheme(scheme.Scheme))
+			fakeCl := fake.NewClientBuilder().WithRuntimeObjects(test.objsToCreate...).Build()
+			cl = fakeCl
+
+			warnings, err := test.current.ValidateCreate()
+			if test.err != "" {
+				require.Error(t, err)
+				assert.Equal(t, test.err, err.Error())
+			} else {
+				require.NoError(t, err)
+			}
+			assert.Nil(t, warnings)
+		})
+	}
+}
+
+func TestShouldDeployElasticsearch(t *testing.T) {
+	tests := []struct {
+		j        JaegerStorageSpec
+		expected bool
+	}{
+		{j: JaegerStorageSpec{}},
+		{j: JaegerStorageSpec{Type: JaegerCassandraStorage}},
+		{j: JaegerStorageSpec{Type: JaegerESStorage, Options: NewOptions(map[string]interface{}{"es.server-urls": "foo"})}},
+		{j: JaegerStorageSpec{Type: JaegerESStorage}, expected: true},
+	}
+	for i, test := range tests {
+		t.Run(fmt.Sprintf("%d", i), func(t *testing.T) {
+			assert.Equal(t, test.expected, ShouldInjectOpenShiftElasticsearchConfiguration(test.j))
+		})
+	}
+}
+
+func TestGetAdditionalTLSFlags(t *testing.T) {
+	tt := []struct {
+		name   string
+		args   []string
+		expect map[string]interface{}
+	}{
+		{
+			name:   "no tls flag",
+			args:   []string{"--something.else"},
+			expect: nil,
+		},
+		{
+			name:   "already enabled",
+			args:   []string{"--something.tls.enabled=true", "--something.tls.else=abc"},
+			expect: nil,
+		},
+		{
+			name:   "is disabled",
+			args:   []string{"--tls.enabled=false", "--something.else", "--something.tls.else=abc"},
+			expect: nil,
+		},
+		{
+			name: "must be enabled",
+			args: []string{"--something.tls.else=abc"},
+			expect: map[string]interface{}{
+				"something.tls.enabled": "true",
+			},
+		},
+		{
+			// NOTE: we want to avoid something like:
+			// --kafka.consumer.authentication=tls.enabled=true
+			name: "enable consumer tls",
+			args: []string{
+				"--es.server-urls=http://elasticsearch:9200",
+				"--kafka.consumer.authentication=tls",
+				"--kafka.consumer.brokers=my-cluster-kafka-bootstrap:9093",
+				"--kafka.consumer.tls.ca=/var/run/secrets/cluster-ca/ca.crt",
+				"--kafka.consumer.tls.cert=/var/run/secrets/kafkauser/user.crt",
+				"--kafka.consumer.tls.key=/var/run/secrets/kafkauser/user.key",
+			},
+			expect: map[string]interface{}{
+				"kafka.consumer.tls.enabled": "true",
+			},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.name, func(t *testing.T) {
+			got := getAdditionalTLSFlags(tc.args)
+			if !cmp.Equal(tc.expect, got) {
+				t.Error("err:", cmp.Diff(tc.expect, got))
+			}
+		})
+	}
+}

apis/v1/logger.go

@@ -0,0 +1,14 @@
+package v1
+
+import (
+	"github.com/go-logr/logr"
+	logf "sigs.k8s.io/controller-runtime/pkg/log"
+)
+
+// Logger returns a logger filled with context-related fields, such as Name and Namespace
+func (j *Jaeger) Logger() logr.Logger {
+	return logf.Log.WithValues(
+		"instance", j.Name,
+		"namespace", j.Namespace,
+	)
+}

apis/v1/options.go

@@ -7,10 +7,28 @@ import (
 	"strings"
 )
 
+// Values hold a map, with string as the key and either a string or a slice of strings as the value
+type Values map[string]interface{}
+
+// DeepCopy indicate how to do a deep copy of Values type
+func (v *Values) DeepCopy() *Values {
+	out := make(Values, len(*v))
+	for key, val := range *v {
+		switch val := val.(type) {
+		case string:
+			out[key] = val
+
+		case []string:
+			out[key] = append([]string(nil), val...)
+		}
+	}
+	return &out
+}
+
 // Options defines a common options parameter to the different structs
 type Options struct {
-	opts map[string]string `json:"-"`
-	json *[]byte           `json:"-"`
+	opts Values  `json:"-"`
+	json *[]byte `json:"-"`
 }
 
 // NewOptions build a new Options object based on the given map
@@ -23,7 +41,7 @@ func NewOptions(o map[string]interface{}) Options {
 // Filter creates a new Options object with just the elements identified by the supplied prefix
 func (o *Options) Filter(prefix string) Options {
 	options := Options{}
-	options.opts = make(map[string]string)
+	options.opts = make(map[string]interface{})
 
 	archivePrefix := prefix + "-archive."
 	prefix += "."
@@ -45,8 +63,9 @@ func (o *Options) UnmarshalJSON(b []byte) error {
 	if err := d.Decode(&entries); err != nil {
 		return err
 	}
-
-	o.parse(entries)
+	if err := o.parse(entries); err != nil {
+		return err
+	}
 	o.json = &b
 	return nil
 }
@@ -68,47 +87,84 @@ func (o Options) MarshalJSON() ([]byte, error) {
 	return *o.json, nil
 }
 
-func (o *Options) parse(entries map[string]interface{}) {
-	o.opts = make(map[string]string)
+func (o *Options) parse(entries map[string]interface{}) error {
+	o.json = nil
+	o.opts = make(map[string]interface{})
+	var err error
 	for k, v := range entries {
-		o.opts = entry(o.opts, k, v)
+		o.opts, err = entry(o.opts, k, v)
+		if err != nil {
+			return err
+		}
 	}
+	return nil
 }
 
-func entry(entries map[string]string, key string, value interface{}) map[string]string {
-	switch value.(type) {
+func entry(entries map[string]interface{}, key string, value interface{}) (map[string]interface{}, error) {
+	switch val := value.(type) {
 	case map[string]interface{}:
-		for k, v := range value.(map[string]interface{}) {
-			entries = entry(entries, fmt.Sprintf("%s.%v", key, k), v)
+		var err error
+		for k, v := range val {
+			entries, err = entry(entries, fmt.Sprintf("%s.%v", key, k), v)
+			if err != nil {
+				return nil, err
+			}
 		}
+	case []interface{}: // NOTE: content of the argument list is not returned as []string when decoding json.
+		values := make([]string, 0, len(val))
+		for _, v := range val {
+			str, ok := v.(string)
+			if !ok {
+				return nil, fmt.Errorf("invalid option type, expect: string, got: %T", v)
+			}
+			values = append(values, str)
+		}
+		entries[key] = values
 	case interface{}:
 		entries[key] = fmt.Sprintf("%v", value)
 	}
 
-	return entries
+	return entries, nil
 }
 
 // ToArgs converts the options to a value suitable for the Container.Args field
 func (o *Options) ToArgs() []string {
 	if len(o.opts) > 0 {
-		i := 0
-		args := make([]string, len(o.opts))
+		args := make([]string, 0, len(o.opts))
 		for k, v := range o.opts {
-			args[i] = fmt.Sprintf("--%s=%v", k, v)
-			i++
+			switch v := v.(type) {
+			case string:
+				args = append(args, fmt.Sprintf("--%s=%v", k, v))
+			case []string:
+				for _, vv := range v {
+					args = append(args, fmt.Sprintf("--%s=%v", k, vv))
+				}
+			}
 		}
 		return args
 	}
-
 	return nil
 }
 
 // Map returns a map representing the option entries. Items are flattened, with dots as separators. For instance
 // an option "cassandra" with a nested "servers" object becomes an entry with the key "cassandra.servers"
-func (o *Options) Map() map[string]string {
+func (o *Options) Map() map[string]interface{} {
 	return o.opts
 }
 
+// StringMap returns a map representing the option entries,excluding entries that have multiple values.
+// Items are flattened, with dots as separators in the same way as Map does.
+func (o *Options) StringMap() map[string]string {
+	smap := make(map[string]string)
+	for k, v := range o.opts {
+		switch v := v.(type) {
+		case string:
+			smap[k] = v
+		}
+	}
+	return smap
+}
+
 // GenericMap returns the map representing the option entries as interface{}, suitable for usage with NewOptions()
 func (o *Options) GenericMap() map[string]interface{} {
 	out := make(map[string]interface{})

apis/v1/options_test.go

@@ -6,6 +6,7 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestSimpleOption(t *testing.T) {
@@ -17,7 +18,7 @@ func TestSimpleOption(t *testing.T) {
 
 func TestNoOptions(t *testing.T) {
 	o := Options{}
-	assert.Len(t, o.ToArgs(), 0)
+	assert.Empty(t, o.ToArgs())
 }
 
 func TestNestedOption(t *testing.T) {
@@ -39,7 +40,7 @@ func TestMarshalling(t *testing.T) {
 	})
 
 	b, err := json.Marshal(o)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	s := string(b)
 	assert.Contains(t, s, `"es.password":"changeme"`)
 	assert.Contains(t, s, `"es.server-urls":"http://elasticsearch.default.svc:9200"`)
@@ -75,14 +76,18 @@ func TestUnmarshalToArgs(t *testing.T) {
 			in:   `{"a": 5000000000, "b": 15.222, "c":true, "d": "foo"}`,
 			args: []string{"--a=5000000000", "--b=15.222", "--c=true", "--d=foo"},
 		},
+		{
+			in:  `{"a": {"b": {"c": [{"d": "e", "f": {"g": {"h": "i"}}}]}}}`,
+			err: "invalid option type, expect: string, got: map[string]interface {}",
+		},
 	}
 	for _, test := range tests {
 		opts := Options{}
 		err := opts.UnmarshalJSON([]byte(test.in))
 		if test.err != "" {
-			assert.EqualError(t, err, test.err)
+			require.EqualError(t, err, test.err)
 		} else {
-			assert.NoError(t, err)
+			require.NoError(t, err)
 			args := opts.ToArgs()
 			sort.SliceStable(args, func(i, j int) bool {
 				return args[i] < args[j]
@@ -124,7 +129,7 @@ func TestMarshallRaw(t *testing.T) {
 	o := NewOptions(nil)
 	o.json = &json
 	bytes, err := o.MarshalJSON()
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, bytes, json)
 }
 
@@ -132,7 +137,7 @@ func TestMarshallEmpty(t *testing.T) {
 	o := NewOptions(nil)
 	json := []byte(`{}`)
 	bytes, err := o.MarshalJSON()
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, bytes, json)
 }
 
@@ -146,5 +151,39 @@ func TestUpdate(t *testing.T) {
 	o.Map()["key"] = "new"
 
 	// verify
-	assert.Equal(t, o.opts["key"], "new")
+	assert.Equal(t, "new", o.opts["key"])
+}
+
+func TestStringMap(t *testing.T) {
+	o := NewOptions(nil)
+	err := o.UnmarshalJSON([]byte(`{"firstsarg":"v1", "additional-headers":["whatever:thing", "access-control-allow-origin:blerg"]}`))
+	require.NoError(t, err)
+	expected := map[string]string{"firstsarg": "v1"}
+	strMap := o.StringMap()
+	assert.Len(t, strMap, 1)
+	assert.Equal(t, expected, strMap)
+}
+
+func TestDeepCopy(t *testing.T) {
+	o1 := NewOptions(nil)
+	err := o1.UnmarshalJSON([]byte(`{"firstsarg":"v1", "additional-headers":["whatever:thing", "access-control-allow-origin:blerg"]}`))
+	require.NoError(t, err)
+	copy := o1.opts.DeepCopy()
+
+	assert.Equal(t, &(o1.opts), copy)
+}
+
+func TestRepetitiveArguments(t *testing.T) {
+	o := NewOptions(nil)
+	err := o.UnmarshalJSON([]byte(`{"firstsarg":"v1", "additional-headers":["whatever:thing", "access-control-allow-origin:blerg"]}`))
+	require.NoError(t, err)
+	expected := []string{"--additional-headers=access-control-allow-origin:blerg", "--additional-headers=whatever:thing", "--firstsarg=v1"}
+
+	args := o.ToArgs()
+	sort.SliceStable(args, func(i, j int) bool {
+		return args[i] < args[j]
+	})
+
+	assert.Len(t, args, 3)
+	assert.Equal(t, expected, args)
 }

apis/v1/zz_generated.deepcopy.go

@@ -1,12 +1,14 @@
-// +build !ignore_autogenerated
+//go:build !ignore_autogenerated
 
-// Code generated by operator-sdk. DO NOT EDIT.
+// Code generated by controller-gen. DO NOT EDIT.
 
 package v1
 
 import (
+	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
-	runtime "k8s.io/apimachinery/pkg/runtime"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 )
 
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
@@ -27,7 +29,6 @@ func (in *AutoScaleSpec) DeepCopyInto(out *AutoScaleSpec) {
 		*out = new(int32)
 		**out = **in
 	}
-	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoScaleSpec.
@@ -43,6 +44,11 @@ func (in *AutoScaleSpec) DeepCopy() *AutoScaleSpec {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ElasticsearchSpec) DeepCopyInto(out *ElasticsearchSpec) {
 	*out = *in
+	if in.UseCertManagement != nil {
+		in, out := &in.UseCertManagement, &out.UseCertManagement
+		*out = new(bool)
+		**out = **in
+	}
 	if in.Resources != nil {
 		in, out := &in.Resources, &out.Resources
 		*out = new(corev1.ResourceRequirements)
@@ -63,7 +69,11 @@ func (in *ElasticsearchSpec) DeepCopyInto(out *ElasticsearchSpec) {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
-	return
+	if in.ProxyResources != nil {
+		in, out := &in.ProxyResources, &out.ProxyResources
+		*out = new(corev1.ResourceRequirements)
+		(*in).DeepCopyInto(*out)
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ElasticsearchSpec.
@@ -88,7 +98,6 @@ func (in *FreeForm) DeepCopyInto(out *FreeForm) {
 			copy(*out, *in)
 		}
 	}
-	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FreeForm.
@@ -101,6 +110,21 @@ func (in *FreeForm) DeepCopy() *FreeForm {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *GRPCPluginSpec) DeepCopyInto(out *GRPCPluginSpec) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCPluginSpec.
+func (in *GRPCPluginSpec) DeepCopy() *GRPCPluginSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(GRPCPluginSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Jaeger) DeepCopyInto(out *Jaeger) {
 	*out = *in
@@ -108,7 +132,6 @@ func (in *Jaeger) DeepCopyInto(out *Jaeger) {
 	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
 	in.Spec.DeepCopyInto(&out.Spec)
 	out.Status = in.Status
-	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Jaeger.
@@ -132,11 +155,6 @@ func (in *Jaeger) DeepCopyObject() runtime.Object {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *JaegerAgentSpec) DeepCopyInto(out *JaegerAgentSpec) {
 	*out = *in
-	if in.ImagePullSecrets != nil {
-		in, out := &in.ImagePullSecrets, &out.ImagePullSecrets
-		*out = make([]corev1.LocalObjectReference, len(*in))
-		copy(*out, *in)
-	}
 	in.Options.DeepCopyInto(&out.Options)
 	in.JaegerCommonSpec.DeepCopyInto(&out.JaegerCommonSpec)
 	in.Config.DeepCopyInto(&out.Config)
@@ -150,7 +168,6 @@ func (in *JaegerAgentSpec) DeepCopyInto(out *JaegerAgentSpec) {
 		*out = new(bool)
 		**out = **in
 	}
-	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JaegerAgentSpec.
@@ -168,13 +185,18 @@ func (in *JaegerAllInOneSpec) DeepCopyInto(out *JaegerAllInOneSpec) {
 	*out = *in
 	in.Options.DeepCopyInto(&out.Options)
 	in.Config.DeepCopyInto(&out.Config)
+	out.MetricsStorage = in.MetricsStorage
 	in.JaegerCommonSpec.DeepCopyInto(&out.JaegerCommonSpec)
 	if in.TracingEnabled != nil {
 		in, out := &in.TracingEnabled, &out.TracingEnabled
 		*out = new(bool)
 		**out = **in
 	}
-	return
+	if in.Strategy != nil {
+		in, out := &in.Strategy, &out.Strategy
+		*out = new(appsv1.DeploymentStrategy)
+		(*in).DeepCopyInto(*out)
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JaegerAllInOneSpec.
@@ -195,12 +217,16 @@ func (in *JaegerCassandraCreateSchemaSpec) DeepCopyInto(out *JaegerCassandraCrea
 		*out = new(bool)
 		**out = **in
 	}
+	if in.Affinity != nil {
+		in, out := &in.Affinity, &out.Affinity
+		*out = new(corev1.Affinity)
+		(*in).DeepCopyInto(*out)
+	}
 	if in.TTLSecondsAfterFinished != nil {
 		in, out := &in.TTLSecondsAfterFinished, &out.TTLSecondsAfterFinished
 		*out = new(int32)
 		**out = **in
 	}
-	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JaegerCassandraCreateSchemaSpec.
@@ -225,7 +251,28 @@ func (in *JaegerCollectorSpec) DeepCopyInto(out *JaegerCollectorSpec) {
 	in.Options.DeepCopyInto(&out.Options)
 	in.JaegerCommonSpec.DeepCopyInto(&out.JaegerCommonSpec)
 	in.Config.DeepCopyInto(&out.Config)
-	return
+	if in.Strategy != nil {
+		in, out := &in.Strategy, &out.Strategy
+		*out = new(appsv1.DeploymentStrategy)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.NodeSelector != nil {
+		in, out := &in.NodeSelector, &out.NodeSelector
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	if in.Lifecycle != nil {
+		in, out := &in.Lifecycle, &out.Lifecycle
+		*out = new(corev1.Lifecycle)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.TerminationGracePeriodSeconds != nil {
+		in, out := &in.TerminationGracePeriodSeconds, &out.TerminationGracePeriodSeconds
+		*out = new(int64)
+		**out = **in
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JaegerCollectorSpec.
@@ -287,7 +334,21 @@ func (in *JaegerCommonSpec) DeepCopyInto(out *JaegerCommonSpec) {
 		*out = new(corev1.PodSecurityContext)
 		(*in).DeepCopyInto(*out)
 	}
-	return
+	if in.ContainerSecurityContext != nil {
+		in, out := &in.ContainerSecurityContext, &out.ContainerSecurityContext
+		*out = new(corev1.SecurityContext)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.LivenessProbe != nil {
+		in, out := &in.LivenessProbe, &out.LivenessProbe
+		*out = new(corev1.Probe)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.ImagePullSecrets != nil {
+		in, out := &in.ImagePullSecrets, &out.ImagePullSecrets
+		*out = make([]corev1.LocalObjectReference, len(*in))
+		copy(*out, *in)
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JaegerCommonSpec.
@@ -328,8 +389,12 @@ func (in *JaegerDependenciesSpec) DeepCopyInto(out *JaegerDependenciesSpec) {
 		*out = new(int32)
 		**out = **in
 	}
+	if in.BackoffLimit != nil {
+		in, out := &in.BackoffLimit, &out.BackoffLimit
+		*out = new(int32)
+		**out = **in
+	}
 	in.JaegerCommonSpec.DeepCopyInto(&out.JaegerCommonSpec)
-	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JaegerDependenciesSpec.
@@ -365,8 +430,12 @@ func (in *JaegerEsIndexCleanerSpec) DeepCopyInto(out *JaegerEsIndexCleanerSpec)
 		*out = new(int32)
 		**out = **in
 	}
+	if in.BackoffLimit != nil {
+		in, out := &in.BackoffLimit, &out.BackoffLimit
+		*out = new(int32)
+		**out = **in
+	}
 	in.JaegerCommonSpec.DeepCopyInto(&out.JaegerCommonSpec)
-	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JaegerEsIndexCleanerSpec.
@@ -392,8 +461,12 @@ func (in *JaegerEsRolloverSpec) DeepCopyInto(out *JaegerEsRolloverSpec) {
 		*out = new(int32)
 		**out = **in
 	}
+	if in.BackoffLimit != nil {
+		in, out := &in.BackoffLimit, &out.BackoffLimit
+		*out = new(int32)
+		**out = **in
+	}
 	in.JaegerCommonSpec.DeepCopyInto(&out.JaegerCommonSpec)
-	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JaegerEsRolloverSpec.
@@ -418,7 +491,18 @@ func (in *JaegerIngesterSpec) DeepCopyInto(out *JaegerIngesterSpec) {
 	in.Options.DeepCopyInto(&out.Options)
 	in.JaegerCommonSpec.DeepCopyInto(&out.JaegerCommonSpec)
 	in.Config.DeepCopyInto(&out.Config)
-	return
+	if in.Strategy != nil {
+		in, out := &in.Strategy, &out.Strategy
+		*out = new(appsv1.DeploymentStrategy)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.NodeSelector != nil {
+		in, out := &in.NodeSelector, &out.NodeSelector
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JaegerIngesterSpec.
@@ -434,12 +518,21 @@ func (in *JaegerIngesterSpec) DeepCopy() *JaegerIngesterSpec {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *JaegerIngressOpenShiftSpec) DeepCopyInto(out *JaegerIngressOpenShiftSpec) {
 	*out = *in
+	if in.SAR != nil {
+		in, out := &in.SAR, &out.SAR
+		*out = new(string)
+		**out = **in
+	}
 	if in.SkipLogout != nil {
 		in, out := &in.SkipLogout, &out.SkipLogout
 		*out = new(bool)
 		**out = **in
 	}
-	return
+	if in.Timeout != nil {
+		in, out := &in.Timeout, &out.Timeout
+		*out = new(metav1.Duration)
+		**out = **in
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JaegerIngressOpenShiftSpec.
@@ -475,7 +568,11 @@ func (in *JaegerIngressSpec) DeepCopyInto(out *JaegerIngressSpec) {
 	}
 	in.JaegerCommonSpec.DeepCopyInto(&out.JaegerCommonSpec)
 	in.Options.DeepCopyInto(&out.Options)
-	return
+	if in.IngressClassName != nil {
+		in, out := &in.IngressClassName, &out.IngressClassName
+		*out = new(string)
+		**out = **in
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JaegerIngressSpec.
@@ -496,7 +593,6 @@ func (in *JaegerIngressTLSSpec) DeepCopyInto(out *JaegerIngressTLSSpec) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
-	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JaegerIngressTLSSpec.
@@ -521,7 +617,6 @@ func (in *JaegerList) DeepCopyInto(out *JaegerList) {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
-	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JaegerList.
@@ -542,6 +637,21 @@ func (in *JaegerList) DeepCopyObject() runtime.Object {
 	return nil
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *JaegerMetricsStorageSpec) DeepCopyInto(out *JaegerMetricsStorageSpec) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JaegerMetricsStorageSpec.
+func (in *JaegerMetricsStorageSpec) DeepCopy() *JaegerMetricsStorageSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(JaegerMetricsStorageSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *JaegerQuerySpec) DeepCopyInto(out *JaegerQuerySpec) {
 	*out = *in
@@ -551,13 +661,25 @@ func (in *JaegerQuerySpec) DeepCopyInto(out *JaegerQuerySpec) {
 		**out = **in
 	}
 	in.Options.DeepCopyInto(&out.Options)
+	out.MetricsStorage = in.MetricsStorage
 	in.JaegerCommonSpec.DeepCopyInto(&out.JaegerCommonSpec)
 	if in.TracingEnabled != nil {
 		in, out := &in.TracingEnabled, &out.TracingEnabled
 		*out = new(bool)
 		**out = **in
 	}
-	return
+	if in.Strategy != nil {
+		in, out := &in.Strategy, &out.Strategy
+		*out = new(appsv1.DeploymentStrategy)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.NodeSelector != nil {
+		in, out := &in.NodeSelector, &out.NodeSelector
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JaegerQuerySpec.
@@ -574,7 +696,6 @@ func (in *JaegerQuerySpec) DeepCopy() *JaegerQuerySpec {
 func (in *JaegerSamplingSpec) DeepCopyInto(out *JaegerSamplingSpec) {
 	*out = *in
 	in.Options.DeepCopyInto(&out.Options)
-	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JaegerSamplingSpec.
@@ -600,7 +721,6 @@ func (in *JaegerSpec) DeepCopyInto(out *JaegerSpec) {
 	in.Storage.DeepCopyInto(&out.Storage)
 	in.Ingress.DeepCopyInto(&out.Ingress)
 	in.JaegerCommonSpec.DeepCopyInto(&out.JaegerCommonSpec)
-	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JaegerSpec.
@@ -616,7 +736,6 @@ func (in *JaegerSpec) DeepCopy() *JaegerSpec {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *JaegerStatus) DeepCopyInto(out *JaegerStatus) {
 	*out = *in
-	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JaegerStatus.
@@ -638,7 +757,7 @@ func (in *JaegerStorageSpec) DeepCopyInto(out *JaegerStorageSpec) {
 	in.EsIndexCleaner.DeepCopyInto(&out.EsIndexCleaner)
 	in.EsRollover.DeepCopyInto(&out.EsRollover)
 	in.Elasticsearch.DeepCopyInto(&out.Elasticsearch)
-	return
+	out.GRPCPlugin = in.GRPCPlugin
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JaegerStorageSpec.
@@ -655,7 +774,6 @@ func (in *JaegerStorageSpec) DeepCopy() *JaegerStorageSpec {
 func (in *JaegerUISpec) DeepCopyInto(out *JaegerUISpec) {
 	*out = *in
 	in.Options.DeepCopyInto(&out.Options)
-	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JaegerUISpec.
@@ -671,13 +789,7 @@ func (in *JaegerUISpec) DeepCopy() *JaegerUISpec {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Options) DeepCopyInto(out *Options) {
 	*out = *in
-	if in.opts != nil {
-		in, out := &in.opts, &out.opts
-		*out = make(map[string]string, len(*in))
-		for key, val := range *in {
-			(*out)[key] = val
-		}
-	}
+	in.opts.DeepCopyInto(&out.opts)
 	if in.json != nil {
 		in, out := &in.json, &out.json
 		*out = new([]byte)
@@ -687,7 +799,6 @@ func (in *Options) DeepCopyInto(out *Options) {
 			copy(*out, *in)
 		}
 	}
-	return
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Options.
@@ -699,3 +810,12 @@ func (in *Options) DeepCopy() *Options {
 	in.DeepCopyInto(out)
 	return out
 }
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in Values) DeepCopyInto(out *Values) {
+	{
+		in := &in
+		clone := in.DeepCopy()
+		*out = *clone
+	}
+}

build/Dockerfile

@@ -1,48 +0,0 @@
-FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.14 as builder
-
-ARG JAEGER_VERSION
-ENV JAEGER_VERSION=${JAEGER_VERSION}
-
-COPY . /go/src/github.com/jaegertracing/jaeger-operator/
-WORKDIR /go/src/github.com/jaegertracing/jaeger-operator
-
-ARG GOPROXY
-# download deps before gobuild
-RUN go mod download -x
-
-# Dockerfile `FROM --platform=${BUILDPLATFORM}` means
-# prepare image for build for matched BUILDPLATFORM, eq. linux/amd64
-# by this way, we could avoid to using qemu, which slow down compiling process.
-# and usefully for language who support multi-arch build like go.
-# see last part of https://docs.docker.com/buildx/working-with-buildx/#build-multi-platform-images
-ARG TARGETARCH
-# when --platform=linux/amd64,linux/arm64
-#
-# for $TARGETARCH in "amd64 arm64" do
-RUN make gobuild OUTPUT_BINARY=/go/bin/jaeger-operator-${TARGETARCH} GOARCH=${TARGETARCH}
-# done
-
-FROM registry.access.redhat.com/ubi8/ubi
-
-ENV OPERATOR=/usr/local/bin/jaeger-operator \
-    USER_UID=1001 \
-    USER_NAME=jaeger-operator
-
-RUN INSTALL_PKGS=" \
-      openssl \
-      " && \
-    yum install -y $INSTALL_PKGS && \
-    rpm -V $INSTALL_PKGS && \
-    yum clean all && \
-    mkdir /tmp/_working_dir && \
-    chmod og+w /tmp/_working_dir
-
-COPY --from=builder /go/src/github.com/jaegertracing/jaeger-operator/scripts/* /scripts/
-
-# install operator binary
-ARG TARGETARCH
-COPY --from=builder /go/bin/jaeger-operator-${TARGETARCH} ${OPERATOR}
-
-ENTRYPOINT ["/usr/local/bin/jaeger-operator"]
-
-USER ${USER_UID}

bundle.Dockerfile

@@ -0,0 +1,19 @@
+FROM scratch
+
+# Core bundle labels.
+LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1
+LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
+LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
+LABEL operators.operatorframework.io.bundle.package.v1=jaeger
+LABEL operators.operatorframework.io.bundle.channels.v1=stable
+LABEL operators.operatorframework.io.bundle.channel.default.v1=stable
+LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.13.0+git
+LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
+LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3
+
+# OpenShift specific labels.
+LABEL com.redhat.openshift.versions=v4.12
+
+# Copy files to locations specified by labels.
+COPY bundle/manifests /manifests/
+COPY bundle/metadata /metadata/

bundle/manifests/jaeger-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  labels:
+    name: jaeger-operator
+  name: jaeger-operator-metrics-reader
+rules:
+- nonResourceURLs:
+  - /metrics
+  verbs:
+  - get

bundle/manifests/jaeger-operator-metrics_v1_service.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/component: metrics
+    name: jaeger-operator
+  name: jaeger-operator-metrics
+spec:
+  ports:
+  - name: https
+    port: 8443
+    protocol: TCP
+    targetPort: https
+  selector:
+    name: jaeger-operator
+status:
+  loadBalancer: {}

bundle/manifests/jaeger-operator-webhook-service_v1_service.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  creationTimestamp: null
+  labels:
+    name: jaeger-operator
+  name: jaeger-operator-webhook-service
+spec:
+  ports:
+  - port: 443
+    protocol: TCP
+    targetPort: 9443
+  selector:
+    name: jaeger-operator
+status:
+  loadBalancer: {}

bundle/manifests/jaeger-operator.clusterserviceversion.yaml

@@ -8,69 +8,26 @@ metadata:
           "apiVersion": "jaegertracing.io/v1",
           "kind": "Jaeger",
           "metadata": {
-            "name": "jaeger-all-in-one-inmemory"
-          }
-        },
-        {
-          "apiVersion": "jaegertracing.io/v1",
-          "kind": "Jaeger",
-          "metadata": {
-            "name": "jaeger-all-in-one-local-storage"
+            "name": "my-jaeger"
           },
           "spec": {
-            "storage": {
-              "options": {
-                "badger": {
-                  "directory-key": "/badger/key",
-                  "directory-value": "/badger/data",
-                  "ephemeral": false
-                }
-              },
-              "type": "badger",
-              "volumeMounts": [
-                {
-                  "mountPath": "/badger",
-                  "name": "data"
-                }
-              ],
-              "volumes": [
-                {
-                  "emptyDir": {},
-                  "name": "data"
-                }
-              ]
-            }
-          }
-        },
-        {
-          "apiVersion": "jaegertracing.io/v1",
-          "kind": "Jaeger",
-          "metadata": {
-            "name": "jaeger-prod-elasticsearch"
-          },
-          "spec": {
-            "storage": {
-              "options": {
-                "es": {
-                  "server-urls": "http://elasticsearch.default.svc:9200"
-                }
-              },
-              "type": "elasticsearch"
-            },
-            "strategy": "production"
+            "strategy": "allInOne"
           }
         }
       ]
     capabilities: Deep Insights
     categories: Logging & Tracing
     certified: "false"
-    containerImage: docker.io/jaegertracing/jaeger-operator:1.20.0
-    createdAt: "2019-09-04T13:28:40+00:00"
+    containerImage: quay.io/jaegertracing/jaeger-operator:1.62.0
+    createdAt: "2025-01-22T20:40:19Z"
     description: Provides tracing, monitoring and troubleshooting for microservices-based
       distributed systems
+    operators.openshift.io/infrastructure-features: '["disconnected"]'
+    operators.operatorframework.io/builder: operator-sdk-v1.32.0
+    operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
     repository: https://github.com/jaegertracing/jaeger-operator
     support: Jaeger Community
-  name: jaeger-operator.v1.20.0
+  name: jaeger-operator.v1.65.0
   namespace: placeholder
 spec:
   apiservicedefinitions: {}
@@ -80,14 +37,50 @@ spec:
       displayName: Jaeger
       kind: Jaeger
       name: jaegers.jaegertracing.io
+      resources:
+      - kind: ConfigMaps
+        name: ""
+        version: v1
+      - kind: CronJob
+        name: ""
+        version: v1beta1
+      - kind: DaemonSets
+        name: ""
+        version: apps/v1
+      - kind: Deployment
+        name: ""
+        version: apps/v1
+      - kind: Ingress
+        name: ""
+        version: networking/v1
+      - kind: Pod
+        name: ""
+        version: v1
+      - kind: Service
+        name: ""
+        version: v1
+      - kind: StatefulSets
+        name: ""
+        version: apps/v1
+      specDescriptors:
+      - displayName: Strategy
+        path: allInOne.strategy
+      - displayName: Strategy
+        path: collector.strategy
+      - displayName: Strategy
+        path: query.strategy
+      - displayName: Strategy
+        path: strategy
+      statusDescriptors:
+      - displayName: Phase
+        path: phase
+      - displayName: Version
+        path: version
       version: v1
   description: |-
     Jaeger, inspired by [Dapper](https://research.google.com/pubs/pub36356.html) and [OpenZipkin](http://zipkin.io/), is a distributed tracing system released as open source by Uber Technologies. It is used for monitoring and troubleshooting microservices-based distributed systems.
-
     ### Core capabilities
-
     Jaeger is used for monitoring and troubleshooting microservices-based distributed systems, including:
-
     * Distributed context propagation
     * Distributed transaction monitoring
     * Root cause analysis
@@ -95,26 +88,16 @@ spec:
     * Performance / latency optimization
     * OpenTracing compatible data model
     * Multiple storage backends: Badger, Cassandra, Elasticsearch, Memory.
-
     ### Operator features
-
     * **Multiple modes** - Supports `allInOne`, `production` and `streaming` [modes of deployment](https://www.jaegertracing.io/docs/latest/operator/#deployment-strategies).
-
     * **Configuration** - The Operator manages [configuration information](https://www.jaegertracing.io/docs/latest/operator/#configuring-the-custom-resource) when installing Jaeger instances.
-
     * **Storage** - [Configure storage](https://www.jaegertracing.io/docs/latest/operator/#storage-options) used by Jaeger. By default, `memory` is used. Other options include `badger`, `cassandra` or `elasticsearch`. On OpenShift, the operator can delegate creation of an Elasticsearch cluster to the Elasticsearch Operator if deployed.
-
     * **Agent** - can be deployed as [sidecar](https://www.jaegertracing.io/docs/latest/operator/#auto-injecting-jaeger-agent-sidecars) (default) and/or [daemonset](https://www.jaegertracing.io/docs/latest/operator/#installing-the-agent-as-daemonset).
-
     * **UI** - Optionally setup ingress (Kubernetes) or secure route (OpenShift) to provide [access to the Jaeger UI](https://www.jaegertracing.io/docs/latest/operator/#accessing-the-jaeger-console-ui).
-
     ### Before you start
-
     1. Ensure that the appropriate storage solution, that will be used by the Jaeger instance, is available and configured.
     2. If intending to deploy an Elasticsearch cluster via the Jaeger custom resource, then the Elasticsearch Operator must first be installed.
-
     ### Troubleshooting
-
     * https://www.jaegertracing.io/docs/latest/troubleshooting/
   displayName: Community Jaeger Operator
   icon:
@@ -125,35 +108,24 @@ spec:
       clusterPermissions:
       - rules:
         - apiGroups:
-          - jaegertracing.io
+          - authentication.k8s.io
           resources:
-          - '*'
+          - tokenreviews
+          verbs:
+          - create
+        - apiGroups:
+          - authorization.k8s.io
+          resources:
+          - subjectaccessreviews
           verbs:
           - create
-          - delete
-          - get
-          - list
-          - patch
-          - update
-          - watch
         - apiGroups:
           - apps
-          resourceNames:
-          - jaeger-operator
           resources:
-          - deployments/finalizers
-          verbs:
-          - update
-        - apiGroups:
-          - ""
-          resources:
-          - configmaps
-          - persistentvolumeclaims
-          - pods
-          - secrets
-          - serviceaccounts
-          - services
-          - services/finalizers
+          - daemonsets
+          - deployments
+          - replicasets
+          - statefulsets
           verbs:
           - create
           - delete
@@ -166,9 +138,6 @@ spec:
           - apps
           resources:
           - deployments
-          - daemonsets
-          - replicasets
-          - statefulsets
           verbs:
           - create
           - delete
@@ -178,21 +147,17 @@ spec:
           - update
           - watch
         - apiGroups:
-          - extensions
+          - apps
           resources:
-          - ingresses
+          - deployments/status
           verbs:
-          - create
-          - delete
           - get
-          - list
           - patch
           - update
-          - watch
         - apiGroups:
-          - networking.k8s.io
+          - autoscaling
           resources:
-          - ingresses
+          - horizontalpodautoscalers
           verbs:
           - create
           - delete
@@ -204,20 +169,8 @@ spec:
         - apiGroups:
           - batch
           resources:
-          - jobs
           - cronjobs
-          verbs:
-          - create
-          - delete
-          - get
-          - list
-          - patch
-          - update
-          - watch
-        - apiGroups:
-          - route.openshift.io
-          resources:
-          - routes
+          - jobs
           verbs:
           - create
           - delete
@@ -239,9 +192,24 @@ spec:
           - update
           - watch
         - apiGroups:
-          - autoscaling
+          - coordination.k8s.io
           resources:
-          - horizontalpodautoscalers
+          - leases
+          verbs:
+          - create
+          - get
+          - list
+          - update
+        - apiGroups:
+          - ""
+          resources:
+          - configmaps
+          - persistentvolumeclaims
+          - pods
+          - secrets
+          - serviceaccounts
+          - services
+          - services/finalizers
           verbs:
           - create
           - delete
@@ -251,9 +219,88 @@ spec:
           - update
           - watch
         - apiGroups:
-          - monitoring.coreos.com
+          - ""
           resources:
-          - servicemonitors
+          - namespaces
+          verbs:
+          - create
+          - delete
+          - get
+          - list
+          - patch
+          - update
+          - watch
+        - apiGroups:
+          - ""
+          resources:
+          - namespaces/status
+          verbs:
+          - get
+          - patch
+          - update
+        - apiGroups:
+          - extensions
+          resources:
+          - ingresses
+          verbs:
+          - create
+          - delete
+          - get
+          - list
+          - patch
+          - update
+          - watch
+        - apiGroups:
+          - image.openshift.io
+          resources:
+          - imagestreams
+          verbs:
+          - get
+          - list
+          - watch
+        - apiGroups:
+          - jaegertracing.io
+          resources:
+          - jaegers
+          verbs:
+          - create
+          - delete
+          - get
+          - list
+          - patch
+          - update
+          - watch
+        - apiGroups:
+          - jaegertracing.io
+          resources:
+          - jaegers/finalizers
+          verbs:
+          - update
+        - apiGroups:
+          - jaegertracing.io
+          resources:
+          - jaegers/status
+          verbs:
+          - get
+          - patch
+          - update
+        - apiGroups:
+          - kafka.strimzi.io
+          resources:
+          - kafkas
+          - kafkausers
+          verbs:
+          - create
+          - delete
+          - get
+          - list
+          - patch
+          - update
+          - watch
+        - apiGroups:
+          - logging.openshift.io
+          resources:
+          - elasticsearch
           verbs:
           - create
           - delete
@@ -275,149 +322,9 @@ spec:
           - update
           - watch
         - apiGroups:
-          - kafka.strimzi.io
+          - monitoring.coreos.com
           resources:
-          - kafkas
-          - kafkausers
-          verbs:
-          - create
-          - delete
-          - get
-          - list
-          - patch
-          - update
-          - watch
-        - apiGroups:
-          - ""
-          resources:
-          - namespaces
-          verbs:
-          - get
-          - list
-          - watch
-        - apiGroups:
-          - apps
-          resources:
-          - deployments
-          verbs:
-          - get
-          - list
-          - patch
-          - update
-          - watch
-        - apiGroups:
-          - rbac.authorization.k8s.io
-          resources:
-          - clusterrolebindings
-          verbs:
-          - create
-          - delete
-          - get
-          - list
-          - patch
-          - update
-          - watch
-        serviceAccountName: jaeger-operator
-      deployments:
-      - name: jaeger-operator
-        spec:
-          replicas: 1
-          selector:
-            matchLabels:
-              name: jaeger-operator
-          strategy: {}
-          template:
-            metadata:
-              labels:
-                name: jaeger-operator
-            spec:
-              containers:
-              - args:
-                - start
-                env:
-                - name: WATCH_NAMESPACE
-                  valueFrom:
-                    fieldRef:
-                      fieldPath: metadata.annotations['olm.targetNamespaces']
-                - name: POD_NAME
-                  valueFrom:
-                    fieldRef:
-                      fieldPath: metadata.name
-                - name: POD_NAMESPACE
-                  valueFrom:
-                    fieldRef:
-                      fieldPath: metadata.namespace
-                - name: OPERATOR_NAME
-                  value: jaeger-operator
-                image: jaegertracing/jaeger-operator:1.20.0
-                imagePullPolicy: Always
-                name: jaeger-operator
-                ports:
-                - containerPort: 8383
-                  name: http-metrics
-                - containerPort: 8686
-                  name: cr-metrics
-                resources: {}
-              serviceAccountName: jaeger-operator
-      permissions:
-      - rules:
-        - apiGroups:
-          - jaegertracing.io
-          resources:
-          - '*'
-          verbs:
-          - create
-          - delete
-          - get
-          - list
-          - patch
-          - update
-          - watch
-        - apiGroups:
-          - apps
-          resourceNames:
-          - jaeger-operator
-          resources:
-          - deployments/finalizers
-          verbs:
-          - update
-        - apiGroups:
-          - ""
-          resources:
-          - configmaps
-          - persistentvolumeclaims
-          - pods
-          - secrets
-          - serviceaccounts
-          - services
-          - services/finalizers
-          verbs:
-          - create
-          - delete
-          - get
-          - list
-          - patch
-          - update
-          - watch
-        - apiGroups:
-          - apps
-          resources:
-          - deployments
-          - daemonsets
-          - replicasets
-          - statefulsets
-          verbs:
-          - create
-          - delete
-          - get
-          - list
-          - patch
-          - update
-          - watch
-        - apiGroups:
-          - extensions
-          resources:
-          - ingresses
+          - servicemonitors
           verbs:
           - create
           - delete
@@ -429,6 +336,7 @@ spec:
         - apiGroups:
           - networking.k8s.io
           resources:
+          - ingressclasses
           - ingresses
           verbs:
           - create
@@ -439,10 +347,9 @@ spec:
           - update
           - watch
         - apiGroups:
-          - batch
+          - rbac.authorization.k8s.io
           resources:
-          - jobs
-          - cronjobs
+          - clusterrolebindings
           verbs:
           - create
           - delete
@@ -464,74 +371,145 @@ spec:
           - update
           - watch
         - apiGroups:
-          - image.openshift.io
+          - route.openshift.io
           resources:
-          - imagestreams
+          - routes/custom-host
           verbs:
           - create
-          - delete
-          - get
-          - list
-          - patch
-          - update
-          - watch
+        serviceAccountName: jaeger-operator
+      deployments:
+      - label:
+          name: jaeger-operator
+        name: jaeger-operator
+        spec:
+          replicas: 1
+          selector:
+            matchLabels:
+              name: jaeger-operator
+          strategy: {}
+          template:
+            metadata:
+              labels:
+                name: jaeger-operator
+            spec:
+              containers:
+              - args:
+                - start
+                - --health-probe-bind-address=:8081
+                - --leader-elect
+                command:
+                - /jaeger-operator
+                env:
+                - name: WATCH_NAMESPACE
+                  valueFrom:
+                    fieldRef:
+                      fieldPath: metadata.annotations['olm.targetNamespaces']
+                - name: POD_NAMESPACE
+                  valueFrom:
+                    fieldRef:
+                      fieldPath: metadata.namespace
+                - name: OPERATOR_NAME
+                  value: jaeger-operator
+                - name: LOG-LEVEL
+                  value: DEBUG
+                - name: KAFKA-PROVISIONING-MINIMAL
+                  value: "true"
+                image: quay.io/jaegertracing/jaeger-operator:1.65.0
+                livenessProbe:
+                  httpGet:
+                    path: /healthz
+                    port: 8081
+                  initialDelaySeconds: 15
+                  periodSeconds: 20
+                name: jaeger-operator
+                ports:
+                - containerPort: 9443
+                  name: webhook-server
+                  protocol: TCP
+                readinessProbe:
+                  httpGet:
+                    path: /readyz
+                    port: 8081
+                  initialDelaySeconds: 5
+                  periodSeconds: 10
+                resources:
+                  requests:
+                    cpu: 100m
+                    memory: 128Mi
+                securityContext:
+                  allowPrivilegeEscalation: false
+                volumeMounts:
+                - mountPath: /tmp/k8s-webhook-server/serving-certs
+                  name: cert
+                  readOnly: true
+              - args:
+                - --secure-listen-address=0.0.0.0:8443
+                - --upstream=http://127.0.0.1:8383/
+                - --logtostderr=true
+                - --v=0
+                image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1
+                name: kube-rbac-proxy
+                ports:
+                - containerPort: 8443
+                  name: https
+                  protocol: TCP
+                resources:
+                  limits:
+                    cpu: 500m
+                    memory: 128Mi
+                  requests:
+                    cpu: 5m
+                    memory: 64Mi
+              securityContext:
+                runAsNonRoot: true
+              serviceAccountName: jaeger-operator
+              terminationGracePeriodSeconds: 10
+              volumes:
+              - name: cert
+                secret:
+                  defaultMode: 420
+                  secretName: jaeger-operator-service-cert
+      permissions:
+      - rules:
         - apiGroups:
-          - autoscaling
+          - ""
           resources:
-          - horizontalpodautoscalers
+          - configmaps
           verbs:
-          - create
-          - delete
           - get
           - list
-          - patch
-          - update
           - watch
+          - create
+          - update
+          - patch
+          - delete
         - apiGroups:
-          - monitoring.coreos.com
+          - coordination.k8s.io
           resources:
-          - servicemonitors
+          - leases
           verbs:
-          - create
-          - delete
           - get
           - list
-          - patch
-          - update
           - watch
+          - create
+          - update
+          - patch
+          - delete
         - apiGroups:
-          - logging.openshift.io
+          - ""
           resources:
-          - elasticsearches
+          - events
           verbs:
           - create
-          - delete
-          - get
-          - list
           - patch
-          - update
-          - watch
-        - apiGroups:
-          - kafka.strimzi.io
-          resources:
-          - kafkas
-          - kafkausers
-          verbs:
-          - create
-          - delete
-          - get
-          - list
-          - patch
-          - update
-          - watch
         serviceAccountName: jaeger-operator
     strategy: deployment
   installModes:
-  - supported: true
+  - supported: false
     type: OwnNamespace
-  - supported: true
+  - supported: false
     type: SingleNamespace
-  - supported: true
+  - supported: false
     type: MultiNamespace
   - supported: true
     type: AllNamespaces
@@ -539,8 +517,6 @@ spec:
   - tracing
   - monitoring
   - troubleshooting
-  labels:
-    name: jaeger-operator
   links:
   - name: Jaeger Operator Source Code
     url: https://github.com/jaegertracing/jaeger-operator
@@ -548,10 +524,78 @@ spec:
   - email: jaeger-tracing@googlegroups.com
     name: Jaeger Google Group
   maturity: alpha
+  minKubeVersion: 1.19.0
   provider:
     name: CNCF
-  replaces: jaeger-operator.v1.19.0
+  replaces: jaeger-operator.v1.62.0
   selector:
     matchLabels:
       name: jaeger-operator
-  version: 1.20.0
+  version: 1.65.0
+  webhookdefinitions:
+  - admissionReviewVersions:
+    - v1
+    containerPort: 443
+    deploymentName: jaeger-operator
+    failurePolicy: Ignore
+    generateName: deployment.sidecar-injector.jaegertracing.io
+    objectSelector:
+      matchExpressions:
+      - key: name
+        operator: NotIn
+        values:
+        - jaeger-operator
+    rules:
+    - apiGroups:
+      - apps
+      apiVersions:
+      - v1
+      operations:
+      - CREATE
+      - UPDATE
+      resources:
+      - deployments
+    sideEffects: None
+    targetPort: 9443
+    type: MutatingAdmissionWebhook
+    webhookPath: /mutate-v1-deployment
+  - admissionReviewVersions:
+    - v1
+    containerPort: 443
+    deploymentName: jaeger-operator
+    failurePolicy: Fail
+    generateName: mjaeger.kb.io
+    rules:
+    - apiGroups:
+      - jaegertracing.io
+      apiVersions:
+      - v1
+      operations:
+      - CREATE
+      - UPDATE
+      resources:
+      - jaegers
+    sideEffects: None
+    targetPort: 9443
+    type: MutatingAdmissionWebhook
+    webhookPath: /mutate-jaegertracing-io-v1-jaeger
+  - admissionReviewVersions:
+    - v1
+    containerPort: 443
+    deploymentName: jaeger-operator
+    failurePolicy: Fail
+    generateName: vjaeger.kb.io
+    rules:
+    - apiGroups:
+      - jaegertracing.io
+      apiVersions:
+      - v1
+      operations:
+      - CREATE
+      - UPDATE
+      resources:
+      - jaegers
+    sideEffects: None
+    targetPort: 9443
+    type: ValidatingAdmissionWebhook
+    webhookPath: /validate-jaegertracing-io-v1-jaeger

bundle/manifests/prometheus_rbac.authorization.k8s.io_v1_role.yaml

@@ -0,0 +1,21 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  annotations:
+    include.release.openshift.io/self-managed-high-availability: "true"
+    include.release.openshift.io/single-node-developer: "true"
+  creationTimestamp: null
+  labels:
+    name: jaeger-operator
+  name: prometheus
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  - endpoints
+  - pods
+  verbs:
+  - get
+  - list
+  - watch

bundle/manifests/prometheus_rbac.authorization.k8s.io_v1_rolebinding.yaml

@@ -0,0 +1,18 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations:
+    include.release.openshift.io/self-managed-high-availability: "true"
+    include.release.openshift.io/single-node-developer: "true"
+  creationTimestamp: null
+  labels:
+    name: jaeger-operator
+  name: prometheus
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: prometheus
+subjects:
+- kind: ServiceAccount
+  name: prometheus-k8s
+  namespace: openshift-monitoring

bundle/metadata/annotations.yaml

@@ -0,0 +1,14 @@
+annotations:
+  # Core bundle annotations.
+  operators.operatorframework.io.bundle.mediatype.v1: registry+v1
+  operators.operatorframework.io.bundle.manifests.v1: manifests/
+  operators.operatorframework.io.bundle.metadata.v1: metadata/
+  operators.operatorframework.io.bundle.package.v1: jaeger
+  operators.operatorframework.io.bundle.channels.v1: stable
+  operators.operatorframework.io.bundle.channel.default.v1: stable
+  operators.operatorframework.io.metrics.builder: operator-sdk-v1.13.0+git
+  operators.operatorframework.io.metrics.mediatype.v1: metrics+v1
+  operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3
+
+  # OpenShift annotations
+  com.redhat.openshift.versions: v4.12

bundle/tests/scorecard/config.yaml

@@ -0,0 +1,70 @@
+apiVersion: scorecard.operatorframework.io/v1alpha3
+kind: Configuration
+metadata:
+  name: config
+stages:
+- parallel: false
+  tests:
+  - entrypoint:
+    - scorecard-test
+    - basic-check-spec
+    image: quay.io/operator-framework/scorecard-test:v1.32.0
+    labels:
+      suite: basic
+      test: basic-check-spec-test
+    storage:
+      spec:
+        mountPath: {}
+  - entrypoint:
+    - scorecard-test
+    - olm-bundle-validation
+    image: quay.io/operator-framework/scorecard-test:v1.32.0
+    labels:
+      suite: olm
+      test: olm-bundle-validation-test
+    storage:
+      spec:
+        mountPath: {}
+  - entrypoint:
+    - scorecard-test
+    - olm-crds-have-validation
+    image: quay.io/operator-framework/scorecard-test:v1.32.0
+    labels:
+      suite: olm
+      test: olm-crds-have-validation-test
+    storage:
+      spec:
+        mountPath: {}
+  - entrypoint:
+    - scorecard-test
+    - olm-crds-have-resources
+    image: quay.io/operator-framework/scorecard-test:v1.32.0
+    labels:
+      suite: olm
+      test: olm-crds-have-resources-test
+    storage:
+      spec:
+        mountPath: {}
+  - entrypoint:
+    - scorecard-test
+    - olm-spec-descriptors
+    image: quay.io/operator-framework/scorecard-test:v1.32.0
+    labels:
+      suite: olm
+      test: olm-spec-descriptors-test
+    storage:
+      spec:
+        mountPath: {}
+  - entrypoint:
+    - scorecard-test
+    - olm-status-descriptors
+    image: quay.io/operator-framework/scorecard-test:v1.32.0
+    labels:
+      suite: olm
+      test: olm-status-descriptors-test
+    storage:
+      spec:
+        mountPath: {}
+storage:
+  spec:
+    mountPath: {}

cmd/manager/main.go

@@ -1,13 +0,0 @@
-package main
-
-import "github.com/jaegertracing/jaeger-operator/cmd"
-
-func main() {
-	// Note that this file should be identical to the main.go at the root of the project
-	// It would really be nice if this one here wouldn't be required, but the Operator SDK
-	// requires it...
-	// https://github.com/operator-framework/operator-sdk/blob/master/doc/migration/v0.1.0-migration-guide.md#copy-changes-from-maingo
-	// > operator-sdk now expects cmd/manager/main.go to be present in Go operator projects.
-	// > Go project-specific commands, ex. add [api, controller], will error if main.go is not found in its expected path.
-	cmd.Execute()
-}

config/certmanager/certificate.yaml

@@ -0,0 +1,28 @@
+# The following manifests contain a self-signed issuer CR and a certificate CR.
+# More document can be found at https://docs.cert-manager.io
+# WARNING: Targets CertManager v1.0. Check https://cert-manager.io/docs/installation/upgrading/ for breaking changes.
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: selfsigned-issuer
+  namespace: system
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: serving-cert  # this name should match the one appeared in kustomizeconfig.yaml
+  namespace: system
+spec:
+  # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize
+  dnsNames:
+  - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc
+  - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local
+  issuerRef:
+    kind: Issuer
+    name: selfsigned-issuer
+  secretName: jaeger-operator-service-cert # this secret will not be prefixed, since it's not managed by kustomize
+  subject:
+    organizationalUnits:
+      - "jaeger-operator"

config/certmanager/kustomization.yaml

@@ -0,0 +1,7 @@
+resources:
+- certificate.yaml
+
+namePrefix: jaeger-operator-
+
+configurations:
+- kustomizeconfig.yaml

config/certmanager/kustomizeconfig.yaml

@@ -0,0 +1,16 @@
+# This configuration is for teaching kustomize how to update name ref and var substitution 
+nameReference:
+- kind: Issuer
+  group: cert-manager.io
+  fieldSpecs:
+  - kind: Certificate
+    group: cert-manager.io
+    path: spec/issuerRef/name
+
+varReference:
+- kind: Certificate
+  group: cert-manager.io
+  path: spec/commonName
+- kind: Certificate
+  group: cert-manager.io
+  path: spec/dnsNames

config/crd/kustomization.yaml

@@ -0,0 +1,23 @@
+# This kustomization.yaml is not intended to be run by itself,
+# since it depends on service name and namespace that are out of this kustomize package.
+# It should be run by config/default
+resources:
+- bases/jaegertracing.io_jaegers.yaml
+#+kubebuilder:scaffold:crdkustomizeresource
+
+patchesStrategicMerge:
+# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
+# patches here are for enabling the conversion webhook for each CRD
+#- patches/webhook_in_jaegers.yaml
+#- patches/webhook_in_kafkas.yaml
+#+kubebuilder:scaffold:crdkustomizewebhookpatch
+
+# [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
+# patches here are for enabling the CA injection for each CRD
+- patches/cainjection_in_jaegers.yaml
+#- patches/cainjection_in_kafkas.yaml
+#+kubebuilder:scaffold:crdkustomizecainjectionpatch
+
+# the following config is for teaching kustomize how to do kustomization for CRDs.
+configurations:
+- kustomizeconfig.yaml

config/crd/kustomizeconfig.yaml

@@ -0,0 +1,19 @@
+# This file is for teaching kustomize how to substitute name and namespace reference in CRD
+nameReference:
+- kind: Service
+  version: v1
+  fieldSpecs:
+  - kind: CustomResourceDefinition
+    version: v1
+    group: apiextensions.k8s.io
+    path: spec/conversion/webhook/clientConfig/service/name
+
+namespace:
+- kind: CustomResourceDefinition
+  version: v1
+  group: apiextensions.k8s.io
+  path: spec/conversion/webhook/clientConfig/service/namespace
+  create: false
+
+varReference:
+- path: metadata/annotations

config/crd/patches/cainjection_in_jaegers.yaml

@@ -0,0 +1,7 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: jaegers.jaegertracing.io

config/crd/patches/webhook_in_jaegers.yaml

@@ -0,0 +1,16 @@
+# The following patch enables a conversion webhook for the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: jaegers.jaegertracing.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        service:
+          namespace: system
+          name: jaeger-operator-webhook-service
+          path: /convert
+      conversionReviewVersions:
+      - v1

config/default/kustomization.yaml

@@ -0,0 +1,69 @@
+# Adds namespace to all resources.
+namespace: observability
+
+# Value of this field is prepended to the
+# names of all resources, e.g. a deployment named
+# "wordpress" becomes "alices-wordpress".
+# Note that it should also match with the prefix (text before '-') of the namespace
+# field above.
+
+# The prefix is not used here because the manager's deployment name is jaeger-operator
+# which means that the manifest would have to contain an empty name which is not allowed.
+#namePrefix: jaeger-operator-
+
+# Labels to add to all resources and selectors.
+# https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/#labels
+commonLabels:
+  name: jaeger-operator
+
+bases:
+- ../crd
+- ../rbac
+- ../manager
+- ../webhook
+- ../certmanager
+# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
+#- ../prometheus
+
+patchesStrategicMerge:
+# Protect the /metrics endpoint by putting it behind auth.
+# If you want your controller-manager to expose the /metrics
+# endpoint w/o any authn/z, please comment the following line.
+- manager_auth_proxy_patch.yaml
+
+- manager_webhook_patch.yaml
+- webhookcainjection_patch.yaml
+
+# Mount the controller config file for loading manager configurations
+# through a ComponentConfig type
+#- manager_config_patch.yaml
+
+# the following config is for teaching kustomize how to do var substitution
+vars:
+# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
+- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
+  objref:
+    kind: Certificate
+    group: cert-manager.io
+    version: v1
+    name: serving-cert # this name should match the one in certificate.yaml
+  fieldref:
+    fieldpath: metadata.namespace
+- name: CERTIFICATE_NAME
+  objref:
+    kind: Certificate
+    group: cert-manager.io
+    version: v1
+    name: serving-cert # this name should match the one in certificate.yaml
+- name: SERVICE_NAMESPACE # namespace of the service
+  objref:
+    kind: Service
+    version: v1
+    name: webhook-service
+  fieldref:
+    fieldpath: metadata.namespace
+- name: SERVICE_NAME
+  objref:
+    kind: Service
+    version: v1
+    name: webhook-service

config/default/manager_auth_proxy_patch.yaml

@@ -0,0 +1,33 @@
+# This patch inject a sidecar container which is a HTTP proxy for the
+# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: jaeger-operator
+spec:
+  template:
+    spec:
+      containers:
+      - name: kube-rbac-proxy
+        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1
+        args:
+        - "--secure-listen-address=0.0.0.0:8443"
+        - "--upstream=http://127.0.0.1:8383/"
+        - "--logtostderr=true"
+        - "--v=0"
+        ports:
+        - containerPort: 8443
+          protocol: TCP
+          name: https
+        resources:
+          limits:
+            cpu: 500m
+            memory: 128Mi
+          requests:
+            cpu: 5m
+            memory: 64Mi
+      - name: jaeger-operator
+        args:
+        - "start"
+        - "--health-probe-bind-address=:8081"
+        - "--leader-elect"

config/default/manager_config_patch.yaml

@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: jaeger-operator
+spec:
+  template:
+    spec:
+      containers:
+      - name: manager
+        args:
+        - "--config=controller_manager_config.yaml"
+        volumeMounts:
+        - name: manager-config
+          mountPath: /controller_manager_config.yaml
+          subPath: controller_manager_config.yaml
+      volumes:
+      - name: manager-config
+        configMap:
+          name: manager-config

config/default/manager_webhook_patch.yaml

@@ -0,0 +1,22 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: jaeger-operator
+spec:
+  template:
+    spec:
+      containers:
+      - name: jaeger-operator
+        ports:
+        - containerPort: 9443
+          name: webhook-server
+          protocol: TCP
+        volumeMounts:
+        - mountPath: /tmp/k8s-webhook-server/serving-certs
+          name: cert
+          readOnly: true
+      volumes:
+      - name: cert
+        secret:
+          defaultMode: 420
+          secretName: jaeger-operator-service-cert

config/default/webhookcainjection_patch.yaml

@@ -0,0 +1,15 @@
+# This patch add annotation to admission webhook config and
+# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize.
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: mutating-webhook-configuration
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: validating-webhook-configuration
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)

config/manager/controller_manager_config.yaml

@@ -0,0 +1,11 @@
+apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
+kind: ControllerManagerConfig
+health:
+  healthProbeBindAddress: :8081
+metrics:
+  bindAddress: 127.0.0.1:8080
+webhook:
+  port: 9443
+leaderElection:
+  leaderElect: true
+  resourceName: 31e04290.jaegertracing.io

config/manager/kustomization.yaml

@@ -0,0 +1,8 @@
+resources:
+- manager.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+images:
+- name: controller
+  newName: quay.io/jaegertracing/jaeger-operator
+  newTag: 1.65.0

config/manager/manager.yaml

@@ -0,0 +1,83 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: jaeger-operator
+  labels:
+spec:
+  selector:
+    matchLabels:
+  strategy: {}
+  replicas: 1
+  template:
+    metadata:
+      labels:
+    spec:
+      securityContext:
+        runAsNonRoot: true
+      containers:
+        - command:
+            - /jaeger-operator
+          args:
+            - start
+            - --leader-elect
+          image: controller:latest
+          name: jaeger-operator
+          securityContext:
+            allowPrivilegeEscalation: false
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8081
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          readinessProbe:
+            httpGet:
+              path: /readyz
+              port: 8081
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          resources:
+            requests:
+              cpu: 100m
+              memory: 128Mi
+          env:
+            - name: WATCH_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.annotations['olm.targetNamespaces']
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: OPERATOR_NAME
+              value: "jaeger-operator"
+            - name: LOG-LEVEL
+              value: DEBUG
+            - name: KAFKA-PROVISIONING-MINIMAL
+              value: "true"
+            - name: LOG-LEVEL
+              value: DEBUG
+            - name: KAFKA-PROVISIONING-MINIMAL
+              value: "true"
+            - name: LOG-LEVEL
+              value: DEBUG
+            - name: KAFKA-PROVISIONING-MINIMAL
+              value: "true"
+            - name: LOG-LEVEL
+              value: DEBUG
+            - name: KAFKA-PROVISIONING-MINIMAL
+              value: "true"
+            - name: LOG-LEVEL
+              value: DEBUG
+            - name: KAFKA-PROVISIONING-MINIMAL
+              value: "true"
+            - name: LOG-LEVEL
+              value: DEBUG
+            - name: KAFKA-PROVISIONING-MINIMAL
+              value: "true"
+            - name: LOG-LEVEL
+              value: DEBUG
+            - name: KAFKA-PROVISIONING-MINIMAL
+              value: "true"
+      serviceAccountName: jaeger-operator
+      terminationGracePeriodSeconds: 10

config/manifests/bases/jaeger-operator.clusterserviceversion.yaml

@@ -15,30 +15,67 @@ metadata:
     capabilities: Deep Insights
     categories: Logging & Tracing
     certified: "false"
-    containerImage: docker.io/jaegertracing/jaeger-operator:1.15.1
-    createdAt: "2019-09-04T13:28:40+00:00"
+    containerImage: quay.io/jaegertracing/jaeger-operator:1.62.0
+    createdAt: "2023-05-16T04:47:12Z"
     description: Provides tracing, monitoring and troubleshooting for microservices-based
       distributed systems
+    operators.openshift.io/infrastructure-features: '["disconnected"]'
     repository: https://github.com/jaegertracing/jaeger-operator
     support: Jaeger Community
-  name: jaeger-operator.v1.15.1
+  name: jaeger-operator.v0.0.0
   namespace: placeholder
 spec:
   apiservicedefinitions: {}
   customresourcedefinitions:
     owned:
-    - description: A configuration file for a Jaeger custom resource.
+    - description: Jaeger is the Schema for the jaegers API
       displayName: Jaeger
       kind: Jaeger
       name: jaegers.jaegertracing.io
+      resources:
+      - kind: ConfigMaps
+        name: ""
+        version: v1
+      - kind: CronJob
+        name: ""
+        version: v1beta1
+      - kind: DaemonSets
+        name: ""
+        version: apps/v1
+      - kind: Deployment
+        name: ""
+        version: apps/v1
+      - kind: Ingress
+        name: ""
+        version: networking/v1
+      - kind: Pod
+        name: ""
+        version: v1
+      - kind: Service
+        name: ""
+        version: v1
+      - kind: StatefulSets
+        name: ""
+        version: apps/v1
+      specDescriptors:
+      - displayName: Strategy
+        path: allInOne.strategy
+      - displayName: Strategy
+        path: collector.strategy
+      - displayName: Strategy
+        path: query.strategy
+      - displayName: Strategy
+        path: strategy
+      statusDescriptors:
+      - displayName: Phase
+        path: phase
+      - displayName: Version
+        path: version
       version: v1
   description: |-
     Jaeger, inspired by [Dapper](https://research.google.com/pubs/pub36356.html) and [OpenZipkin](http://zipkin.io/), is a distributed tracing system released as open source by Uber Technologies. It is used for monitoring and troubleshooting microservices-based distributed systems.
-
     ### Core capabilities
-
     Jaeger is used for monitoring and troubleshooting microservices-based distributed systems, including:
-
     * Distributed context propagation
     * Distributed transaction monitoring
     * Root cause analysis
@@ -46,26 +83,16 @@ spec:
     * Performance / latency optimization
     * OpenTracing compatible data model
     * Multiple storage backends: Badger, Cassandra, Elasticsearch, Memory.
-
     ### Operator features
-
     * **Multiple modes** - Supports `allInOne`, `production` and `streaming` [modes of deployment](https://www.jaegertracing.io/docs/latest/operator/#deployment-strategies).
-
     * **Configuration** - The Operator manages [configuration information](https://www.jaegertracing.io/docs/latest/operator/#configuring-the-custom-resource) when installing Jaeger instances.
-
     * **Storage** - [Configure storage](https://www.jaegertracing.io/docs/latest/operator/#storage-options) used by Jaeger. By default, `memory` is used. Other options include `badger`, `cassandra` or `elasticsearch`. On OpenShift, the operator can delegate creation of an Elasticsearch cluster to the Elasticsearch Operator if deployed.
-
     * **Agent** - can be deployed as [sidecar](https://www.jaegertracing.io/docs/latest/operator/#auto-injecting-jaeger-agent-sidecars) (default) and/or [daemonset](https://www.jaegertracing.io/docs/latest/operator/#installing-the-agent-as-daemonset).
-
     * **UI** - Optionally setup ingress (Kubernetes) or secure route (OpenShift) to provide [access to the Jaeger UI](https://www.jaegertracing.io/docs/latest/operator/#accessing-the-jaeger-console-ui).
-
     ### Before you start
-
     1. Ensure that the appropriate storage solution, that will be used by the Jaeger instance, is available and configured.
     2. If intending to deploy an Elasticsearch cluster via the Jaeger custom resource, then the Elasticsearch Operator must first be installed.
-
     ### Troubleshooting
-
     * https://www.jaegertracing.io/docs/latest/troubleshooting/
   displayName: Community Jaeger Operator
   icon:
@@ -73,232 +100,14 @@ spec:
     mediatype: image/svg+xml
   install:
     spec:
-      clusterPermissions:
-      - rules:
-        - apiGroups:
-          - ""
-          resources:
-          - pods
-          - services
-          - services/finalizers
-          - endpoints
-          - persistentvolumeclaims
-          - events
-          - configmaps
-          - secrets
-          - serviceaccounts
-          verbs:
-          - '*'
-        - apiGroups:
-          - apps
-          resources:
-          - deployments
-          - daemonsets
-          - replicasets
-          - statefulsets
-          verbs:
-          - '*'
-        - apiGroups:
-          - monitoring.coreos.com
-          resources:
-          - servicemonitors
-          verbs:
-          - get
-          - create
-        - apiGroups:
-          - extensions
-          resources:
-          - replicasets
-          - deployments
-          - daemonsets
-          - statefulsets
-          - ingresses
-          verbs:
-          - '*'
-        - apiGroups:
-          - batch
-          resources:
-          - jobs
-          - cronjobs
-          verbs:
-          - '*'
-        - apiGroups:
-          - route.openshift.io
-          resources:
-          - routes
-          verbs:
-          - '*'
-        - apiGroups:
-          - logging.openshift.io
-          resources:
-          - elasticsearches
-          verbs:
-          - '*'
-        - apiGroups:
-          - jaegertracing.io
-          resources:
-          - '*'
-          verbs:
-          - '*'
-        - apiGroups:
-          - rbac.authorization.k8s.io
-          resources:
-          - clusterrolebindings
-          verbs:
-          - '*'
-        - apiGroups:
-          - apps
-          - extensions
-          resourceNames:
-          - jaeger-operator
-          resources:
-          - deployments/finalizers
-          verbs:
-          - update
-        - apiGroups:
-          - kafka.strimzi.io
-          resources:
-          - kafkas
-          - kafkausers
-          verbs:
-          - '*'
-        serviceAccountName: jaeger-operator
-      deployments:
-      - name: jaeger-operator
-        spec:
-          replicas: 1
-          selector:
-            matchLabels:
-              name: jaeger-operator
-          strategy: {}
-          template:
-            metadata:
-              labels:
-                name: jaeger-operator
-            spec:
-              containers:
-              - args:
-                - start
-                env:
-                - name: WATCH_NAMESPACE
-                  valueFrom:
-                    fieldRef:
-                      fieldPath: metadata.annotations['olm.targetNamespaces']
-                - name: POD_NAME
-                  valueFrom:
-                    fieldRef:
-                      fieldPath: metadata.name
-                - name: POD_NAMESPACE
-                  valueFrom:
-                    fieldRef:
-                      fieldPath: metadata.namespace
-                - name: OPERATOR_NAME
-                  value: jaeger-operator
-                image: jaegertracing/jaeger-operator:1.15.1
-                imagePullPolicy: Always
-                name: jaeger-operator
-                ports:
-                - containerPort: 8383
-                  name: metrics
-                resources: {}
-              serviceAccountName: jaeger-operator
-      permissions:
-      - rules:
-        - apiGroups:
-          - ""
-          resources:
-          - pods
-          - services
-          - services/finalizers
-          - endpoints
-          - persistentvolumeclaims
-          - events
-          - configmaps
-          - secrets
-          - serviceaccounts
-          verbs:
-          - '*'
-        - apiGroups:
-          - apps
-          resources:
-          - deployments
-          - daemonsets
-          - replicasets
-          - statefulsets
-          verbs:
-          - '*'
-        - apiGroups:
-          - monitoring.coreos.com
-          resources:
-          - servicemonitors
-          verbs:
-          - get
-          - create
-        - apiGroups:
-          - extensions
-          resources:
-          - replicasets
-          - deployments
-          - daemonsets
-          - statefulsets
-          - ingresses
-          verbs:
-          - '*'
-        - apiGroups:
-          - batch
-          resources:
-          - jobs
-          - cronjobs
-          verbs:
-          - '*'
-        - apiGroups:
-          - route.openshift.io
-          resources:
-          - routes
-          verbs:
-          - '*'
-        - apiGroups:
-          - logging.openshift.io
-          resources:
-          - elasticsearches
-          verbs:
-          - '*'
-        - apiGroups:
-          - jaegertracing.io
-          resources:
-          - '*'
-          verbs:
-          - '*'
-        - apiGroups:
-          - rbac.authorization.k8s.io
-          resources:
-          - clusterrolebindings
-          verbs:
-          - '*'
-        - apiGroups:
-          - apps
-          - extensions
-          resourceNames:
-          - jaeger-operator
-          resources:
-          - deployments/finalizers
-          verbs:
-          - update
-        - apiGroups:
-          - kafka.strimzi.io
-          resources:
-          - kafkas
-          - kafkausers
-          verbs:
-          - '*'
-        serviceAccountName: jaeger-operator
+      deployments: null
     strategy: deployment
   installModes:
-  - supported: true
+  - supported: false
     type: OwnNamespace
-  - supported: true
+  - supported: false
     type: SingleNamespace
-  - supported: true
+  - supported: false
     type: MultiNamespace
   - supported: true
     type: AllNamespaces
@@ -306,8 +115,6 @@ spec:
   - tracing
   - monitoring
   - troubleshooting
-  labels:
-    name: jaeger-operator
   links:
   - name: Jaeger Operator Source Code
     url: https://github.com/jaegertracing/jaeger-operator
@@ -315,10 +122,11 @@ spec:
   - email: jaeger-tracing@googlegroups.com
     name: Jaeger Google Group
   maturity: alpha
+  minKubeVersion: 1.19.0
   provider:
     name: CNCF
-  replaces: jaeger-operator.v1.15.0
+  replaces: jaeger-operator.v1.62.0
   selector:
     matchLabels:
       name: jaeger-operator
-  version: 1.15.1
+  version: 0.0.0

config/manifests/kustomization.yaml

@@ -0,0 +1,27 @@
+# These resources constitute the fully configured set of manifests
+# used to generate the 'manifests/' directory in a bundle.
+resources:
+- bases/jaeger-operator.clusterserviceversion.yaml
+- ../default
+- ../samples
+#- ../scorecard
+
+# [WEBHOOK] To enable webhooks, uncomment all the sections with [WEBHOOK] prefix.
+# Do NOT uncomment sections with prefix [CERTMANAGER], as OLM does not support cert-manager.
+# These patches remove the unnecessary "cert" volume and its manager container volumeMount.
+#patchesJson6902:
+#- target:
+#    group: apps
+#    version: v1
+#    kind: Deployment
+#    name: controller-manager
+#    namespace: system
+#  patch: |-
+#    # Remove the manager container's "cert" volumeMount, since OLM will create and mount a set of certs.
+#    # Update the indices in this path if adding or removing containers/volumeMounts in the manager's Deployment.
+#    - op: remove
+#      path: /spec/template/spec/containers/1/volumeMounts/0
+#    # Remove the "cert" volume, since OLM will create and mount a set of certs.
+#    # Update the indices in this path if adding or removing volumes in the manager's Deployment.
+#    - op: remove
+#      path: /spec/template/spec/volumes/0

config/namespaced/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../default
+
+components:
+  - ./patch

config/namespaced/patch/kustomization.yaml

@@ -0,0 +1,40 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+patches:
+- patch: |-
+    $patch: delete
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRole
+    metadata:
+      name: jaeger-operator-metrics-reader
+- patch: |
+    - op: replace
+      path: /kind
+      value: Role
+  target:
+    group: rbac.authorization.k8s.io
+    kind: ClusterRole
+- patch: |
+    - op: replace
+      path: /roleRef/kind
+      value: Role
+  target:
+    group: rbac.authorization.k8s.io
+    kind: ClusterRoleBinding
+- patch: |
+    - op: replace
+      path: /kind
+      value: RoleBinding
+  target:
+    group: rbac.authorization.k8s.io
+    kind: ClusterRoleBinding
+
+- target:
+    group: apps
+    version: v1
+    name: jaeger-operator
+    kind: Deployment
+  patch: |-
+    - op: replace
+      path: /spec/template/spec/containers/0/env/0/valueFrom/fieldRef/fieldPath
+      value: metadata.namespace

config/prometheus/kustomization.yaml

@@ -0,0 +1,2 @@
+resources:
+- monitor.yaml

config/prometheus/monitor.yaml

@@ -0,0 +1,22 @@
+
+# Prometheus Monitor Service (Metrics)
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    name: jaeger-operator
+  name: jaeger-operator-metrics-monitor
+spec:
+  endpoints:
+    - path: /metrics
+      targetPort: 8443
+      scheme: https
+      interval: 30s
+      scrapeTimeout: 10s
+      bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+      tlsConfig:
+        insecureSkipVerify: true
+  selector:
+    matchLabels:
+      name: jaeger-operator
+      app.kubernetes.io/component: metrics

config/rbac/auth_proxy_client_clusterrole.yaml

@@ -0,0 +1,9 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: jaeger-operator-metrics-reader
+rules:
+- nonResourceURLs:
+  - "/metrics"
+  verbs:
+  - get

config/rbac/auth_proxy_role.yaml

@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: proxy-role
+rules:
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create

config/rbac/auth_proxy_role_binding.yaml

@@ -1,12 +1,11 @@
-kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
 metadata:
-  name: jaeger-operator
+  name: jaeger-operator-proxy-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: proxy-role
 subjects:
 - kind: ServiceAccount
   name: jaeger-operator
-  namespace: "observability" # change to point to the namespace you installed your operator
-roleRef:
-  kind: ClusterRole
-  name: jaeger-operator
-  apiGroup: rbac.authorization.k8s.io

config/rbac/auth_proxy_service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    name: jaeger-operator
+    app.kubernetes.io/component: metrics
+  name: jaeger-operator-metrics
+spec:
+  ports:
+  - name: https
+    port: 8443
+    protocol: TCP
+    targetPort: https
+  selector:
+    name: jaeger-operator

config/rbac/jaeger_editor_role.yaml

@@ -0,0 +1,24 @@
+# permissions for end users to edit jaegers.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: jaeger-operator-editor-role
+rules:
+- apiGroups:
+  - jaegertracing.io
+  resources:
+  - jaegers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - jaegertracing.io
+  resources:
+  - jaegers/status
+  verbs:
+  - get

config/rbac/jaeger_viewer_role.yaml

@@ -0,0 +1,20 @@
+# permissions for end users to view jaegers.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: jaeger-operator-viewer-role
+rules:
+- apiGroups:
+  - jaegertracing.io
+  resources:
+  - jaegers
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - jaegertracing.io
+  resources:
+  - jaegers/status
+  verbs:
+  - get

config/rbac/kustomization.yaml

@@ -0,0 +1,20 @@
+resources:
+# All RBAC will be applied under this service account in
+# the deployment namespace. You may comment out this resource
+# if your manager will use a service account that exists at
+# runtime. Be sure to update RoleBinding and ClusterRoleBinding
+# subjects if changing service account names.
+- service_account.yaml
+- role.yaml
+- role_binding.yaml
+- leader_election_role.yaml
+- leader_election_role_binding.yaml
+# Comment the following 4 lines if you want to disable
+# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
+# which protects your /metrics endpoint.
+- auth_proxy_service.yaml
+- auth_proxy_role.yaml
+- auth_proxy_role_binding.yaml
+- auth_proxy_client_clusterrole.yaml
+- prometheus_role.yaml
+- prometheus_role_binding.yaml