Update README.md (#2888 )

Signed-off-by: domain <32405309+szu17dmy@users.noreply.github.com>
Update README.md (#2847 )
2025-05-06 10:45:50 +02:00 · 2025-03-09 09:19:28 +01:00 · 2025-03-06 10:08:53 +01:00 · 2025-03-05 10:13:36 +01:00 · 2025-03-05 10:13:29 +01:00 · 2025-03-03 10:52:46 +01:00
580 changed files with 82339 additions and 8664 deletions
--- a/.ci/after-success.sh
+++ b/.ci/after-success.sh
@ -1,4 +0,0 @@
-#!/bin/bash
-
-echo "Uploading code coverage results"
-bash <(curl -s https://codecov.io/bash)
--- a/.ci/format.sh
+++ b/.ci/format.sh
@ -1,3 +1,3 @@
 #!/bin/bash

-${GOPATH}/bin/goimports -local "github.com/jaegertracing/jaeger-operator" -l -w $(git ls-files "*\.go" | grep -v vendor)
+./bin/goimports -local "github.com/jaegertracing/jaeger-operator" -l -w $(git ls-files "*\.go" | grep -v vendor)
--- a/.ci/install-gomplate.sh
+++ b/.ci/install-gomplate.sh
@ -1,21 +0,0 @@
-#!/bin/bash
-VERSION="3.10.0"
-
-if [[ -z "${GOPATH}" ]]; then
-    DEST="/usr/local/bin/gomplate"
-    export PATH=$PATH:/usr/local/bin
-    SUDO="sudo"
-else
-    DEST="${GOPATH}/bin/gomplate"
-    SUDO=
-fi
-
-
-if [ ! -f ${DEST} ]; then
-    if [[ "$OSTYPE" == "darwin"* ]]; then
-        $SUDO curl https://github.com/hairyhenderson/gomplate/releases/download/v${VERSION}/gomplate_darwin-amd64-slim -sLo ${DEST}
-    else
-        $SUDO curl https://github.com/hairyhenderson/gomplate/releases/download/v${VERSION}/gomplate_linux-amd64-slim -sLo ${DEST}
-    fi
-    $SUDO chmod +x ${DEST}
-fi
--- a/.ci/install-kind.sh
+++ b/.ci/install-kind.sh
@ -1,5 +0,0 @@
-#!/usr/bin/env bash
-
-sudo curl -Lo /usr/local/bin/kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64
-sudo chmod +x /usr/local/bin/kind
-export PATH=$PATH:/usr/local/bin
--- a/.ci/install-kuttl.sh
+++ b/.ci/install-kuttl.sh
@ -1,5 +0,0 @@
-#!/usr/bin/env bash
-
-sudo curl -Lo /usr/local/bin/kubectl-kuttl https://github.com/kudobuilder/kuttl/releases/download/v0.11.1/kubectl-kuttl_0.11.1_linux_x86_64
-sudo chmod +x /usr/local/bin/kubectl-kuttl
-export PATH=$PATH:/usr/local/bin
--- a/.ci/lint.sh
+++ b/.ci/lint.sh
@ -1,16 +0,0 @@
-#!/bin/bash
-
-GOLINT=golint
-
-command -v ${GOLINT} > /dev/null
-if [ $? != 0 ]; then
-    if [ -n ${GOPATH} ]; then
-        GOLINT="${GOPATH}/bin/golint"
-    fi
-fi
-
-out=$(${GOLINT} ./... | grep -v pkg/storage/elasticsearch/v1 | grep -v zz_generated)
-if [[ $out ]]; then
-    echo "$out"
-    exit 1
-fi
--- a/.ci/prepare-release.sh
+++ b/.ci/prepare-release.sh
@ -1,11 +1,16 @@
 #!/bin/bash

-if [[ "${OPERATOR_VERSION}x" == "x" ]]; then
+if [[ -z $OPERATOR_VERSION ]]; then
    echo "OPERATOR_VERSION isn't set. Skipping process."
    exit 1
 fi


+
+JAEGER_VERSION=$(echo $JAEGER_VERSION | tr -d '"')
+JAEGER_AGENT_VERSION=$(echo $JAEGER_AGENT_VERSION | tr -d '"')
+
+
 PREVIOUS_VERSION=$(grep operator= versions.txt | awk -F= '{print $2}')

 # change the versions.txt, bump only operator version.
@ -14,4 +19,19 @@ sed "s~operator=${PREVIOUS_VERSION}~operator=${OPERATOR_VERSION}~gi" -i versions
 # changes to deploy/operator.yaml
 sed "s~replaces: jaeger-operator.v.*~replaces: jaeger-operator.v${PREVIOUS_VERSION}~i" -i config/manifests/bases/jaeger-operator.clusterserviceversion.yaml

+# Update the examples according to the release
+
+sed -i "s~all-in-one:.*~all-in-one:${JAEGER_VERSION}~gi" examples/all-in-one-with-options.yaml
+
+# statefulset-manual-sidecar
+sed -i "s~jaeger-agent:.*~jaeger-agent:${JAEGER_AGENT_VERSION}~gi" examples/statefulset-manual-sidecar.yaml
+
+# operator-with-tracing
+sed -i "s~jaeger-operator:.*~jaeger-operator:${OPERATOR_VERSION}~gi" examples/operator-with-tracing.yaml
+sed -i "s~jaeger-agent:.*~jaeger-agent:${JAEGER_AGENT_VERSION}~gi" examples/operator-with-tracing.yaml
+
+# tracegen
+sed -i "s~jaeger-tracegen:.*~jaeger-tracegen:${JAEGER_VERSION}~gi" examples/tracegen.yaml
+
+
 VERSION=${OPERATOR_VERSION} USER=jaegertracing make bundle
--- a/.ci/publish-images.sh
+++ b/.ci/publish-images.sh
@ -4,7 +4,7 @@ BASE_BUILD_IMAGE=${BASE_BUILD_IMAGE:-"jaegertracing/jaeger-operator"}
 OPERATOR_VERSION=${OPERATOR_VERSION:-$(git describe --tags)}

 ## if we are on a release tag, let's extract the version number
-## the other possible value, currently, is 'master' (or another branch name)
+## the other possible value, currently, is 'main' (or another branch name)
 ## if we are not running in the CI, it fallsback to the `git describe` above
 if [[ $OPERATOR_VERSION == v* ]]; then
    OPERATOR_VERSION=$(echo ${OPERATOR_VERSION} | grep -Po "([\d\.]+)")
@ -12,6 +12,7 @@ if [[ $OPERATOR_VERSION == v* ]]; then
 fi

 BUILD_IMAGE=${BUILD_IMAGE:-"${BASE_BUILD_IMAGE}:${OPERATOR_VERSION}"}
+DOCKER_USERNAME=${DOCKER_USERNAME:-"jaegertracingbot"}

 if [ "${DOCKER_PASSWORD}x" != "x" -a "${DOCKER_USERNAME}x" != "x" ]; then
    echo "Performing a 'docker login'"
--- a/.ci/setup-docker.sh
+++ b/.ci/setup-docker.sh
@ -1,11 +0,0 @@
-#!/bin/bash
-
-## this script is meant to be executed in a CI executor based on Ubuntu 18.04 and hasn't been tested anywhere else
-sudo apt-get remove docker docker-engine docker.io containerd runc
-sudo apt-get update
-sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common
-curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
-sudo apt-key fingerprint 0EBFCD88
-sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
-sudo apt-get update
-sudo apt-get install docker-ce docker-ce-cli containerd.io socat
--- a/.ci/upload-test-coverage.sh
+++ b/.ci/upload-test-coverage.sh
@ -1,3 +0,0 @@
-#!/bin/bash
-
-bash <(curl -s https://codecov.io/bash)
--- a/.ci/vgot.sh
+++ b/.ci/vgot.sh
@ -1,15 +0,0 @@
-#!/bin/sh
-if [ $# = 0 ]; then
-    echo usage: vgot cmdpackage[@version]... >&2
-    exit 2
-fi
-d=`mktemp -d`
-cd "$d"
-go mod init temp >/dev/null 2>&1
-for i; do
-    pkg=`echo $i | sed 's/@.*//'`
-    go get "$i" &&
-    go install "$pkg" &&
-    echo installed `go list -f '{{.ImportPath}}@{{.Module.Version}}' "$pkg"`
-done
-rm -r "$d"
--- a/.codecov.yml
+++ b/.codecov.yml
@ -1,3 +1,10 @@
+coverage:
+  status:
+    project:
+      default:
+        target: auto
+        # this allows a 0.1% drop from the previous base commit coverage
+        threshold: 0.1%
 ignore:
  - "apis/v1/zz_generated.deepcopy.go"
  - "apis/v1/zz_generated.defaults.go"
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -1,11 +1,62 @@
 version: 2
 updates:
+  - package-ecosystem: docker
+    directory: "/"
+    schedule:
+      interval: daily
+      time: "03:00"
+      timezone: "Europe/Berlin"
+    labels:
+      - dependencies
+      - docker
+      - ok-to-test
+  - package-ecosystem: docker
+    directory: "/tests"
+    schedule:
+      interval: daily
+      time: "03:00"
+      timezone: "Europe/Berlin"
+    labels:
+      - dependencies
+      - docker
+      - ok-to-test
  - package-ecosystem: gomod
    directory: "/"
    schedule:
      interval: daily
+      time: "03:00"
+      timezone: "Europe/Berlin"
+    labels:
+      - dependencies
+      - go
+      - ok-to-test
+    groups:
+      golang-org-x:
+        patterns:
+          - "golang.org/x/*"
+      opentelemetry:
+        patterns:
+          - "go.opentelemetry.io/*"
+      prometheus:
+        patterns:
+          - "github.com/prometheus-operator/prometheus-operator"
+          - "github.com/prometheus-operator/prometheus-operator/*"
+          - "github.com/prometheus/prometheus"
+          - "github.com/prometheus/prometheus/*"
+          - "github.com/prometheus/client_go"
+          - "github.com/prometheus/client_go/*"
+      kubernetes:
+        patterns:
+          - "k8s.io/*"
+          - "sigs.k8s.io/*"

  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "daily"
+      time: "03:00"
+      timezone: "Europe/Berlin"
+    labels:
+      - dependencies
+      - github_actions
+      - ok-to-test
--- a/.github/workflows/base-checks.yaml
+++ b/.github/workflows/base-checks.yaml
@ -2,36 +2,41 @@ name: "CI Workflow"

 on:
  push:
-    branches: [ master ]
+    branches: [ main ]
+    paths-ignore:
+      - '**.md'
  pull_request:
-    branches: [ master ]
+    branches: [ main ]
+    paths-ignore:
+      - '**.md'
+
+permissions:
+  contents: read

 jobs:
  basic-checks:
    runs-on: ubuntu-20.04
+    env:
+      USER: jaegertracing
    steps:
-    - name: Set up Go
-      uses: actions/setup-go@v2.1.4
-      with:
-        go-version: 1.16
-
    - name: Check out code into the Go module directory
-      uses: actions/checkout@v2.4.0
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+    - name: Set up Go
+      uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+      with:
+        go-version: "1.22"

    - name: "install kubebuilder"
-      run: ./hack/install-kubebuilder.sh
+      run: ./hack/install/install-kubebuilder.sh

    - name: "install kustomize"
-      run: ./hack/install-kustomize.sh
-
-    - uses: jpkrohling/setup-operator-sdk@v1.1.0
-      with:
-        operator-sdk-version: v1.13.1
+      run: ./hack/install/install-kustomize.sh

    - name: "basic checks"
      run: make install-tools ci

    - name: "upload test coverage report"
-      env:
-        CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-      run: ./.ci/upload-test-coverage.sh
+      uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0
+      with:
+        token: ${{ secrets.CODECOV_TOKEN }}
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -2,12 +2,23 @@ name: "CodeQL"

 on:
  push:
-    branches: [ master ]
+    branches: [ main ]
+    paths-ignore:
+      - '**.md'
  pull_request:
-    branches: [ master ]
+    branches: [ main ]
+    paths-ignore:
+      - '**.md'
+
+permissions:
+  contents: read

 jobs:
  codeql-analyze:
+    permissions:
+      actions: read  # for github/codeql-action/init to get workflow details
+      contents: read  # for actions/checkout to fetch code
+      security-events: write  # for github/codeql-action/autobuild to send a status report
    name: CodeQL Analyze
    runs-on: ubuntu-latest

@ -18,15 +29,24 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@v2.4.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: "Set up Go"
+        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+        with:
+          go-version-file: "go.mod"
+
+      # Disable CodeQL for tests
+      # https://github.com/github/codeql/issues/4786
+      - run: rm -rf ./tests

      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
+        uses: github/codeql-action/init@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
        with:
          languages: go

      - name: Autobuild
-        uses: github/codeql-action/autobuild@v1
+        uses: github/codeql-action/autobuild@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+        uses: github/codeql-action/analyze@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@ -1,282 +1,84 @@
-name: "End-to-end tests"
+name: E2E tests

 on:
  push:
-    branches: [ master ]
+    branches: [ main ]
+    paths-ignore:
+      - '**.md'
  pull_request:
-    branches: [ master ]
+    branches: [ main ]
+    paths-ignore:
+      - '**.md'
+concurrency:
+  group: e2e-tests-${{ github.ref }}-${{ github.workflow }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read

 jobs:
-  allinone-e2e-tests:
-    name: All in one E2E tests
+  e2e:
+    name: "Run ${{ matrix.testsuite.label }} E2E tests (${{ matrix.kube-version }})"
    runs-on: ubuntu-20.04
    strategy:
+      fail-fast: false
      matrix:
       kube-version:
-       - "1.19"
-       - "1.20"
-       - "1.21"
-       - "1.22"
+         - "1.19"
+         - "1.30"
+       testsuite:
+         - { name: "elasticsearch", label: "Elasticsearch" }
+         - { name: "examples", label: "Examples" }
+         - { name: "generate", label: "Generate" }
+         - { name: "miscellaneous", label: "Miscellaneous" }
+         - { name: "sidecar", label: "Sidecar" }
+         - { name: "streaming", label: "Streaming" }
+         - { name: "ui", label: "UI" }
+         - { name: "upgrade", label: "Upgrade" }
    steps:
-      - name: "Set up Go"
-        uses: actions/setup-go@v2.1.4
-        with:
-          go-version: 1.16
      - name: "Check out code into the Go module directory"
-        uses: actions/checkout@v2.4.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+      - name: "Set up Go"
+        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+        with:
+          go-version: "1.22"
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+        with:
+          install: true
+      - name: Cache Docker layers
+        uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
+        with:
+          path: /tmp/.buildx-cache
+          key: e2e-${{ github.sha }}
+          restore-keys: |
+            e2e-
      - name: "Install KIND"
-        run: ./.ci/install-kind.sh
+        run: ./hack/install/install-kind.sh
+        shell: bash
      - name: "Install KUTTL"
-        run: ./.ci/install-kuttl.sh
-      - name: "install gomplate"
-        run: ./.ci/install-gomplate.sh
+        run: ./hack/install/install-kuttl.sh
+        shell: bash
+      - name: "Install gomplate"
+        run: ./hack/install/install-gomplate.sh
+        shell: bash
      - name: "Install dependencies"
        run: make install-tools
-      - name: "Run E2E test suite"
+        shell: bash
+      - name: "Run ${{ matrix.testsuite.label }} E2E test suite on Kube ${{ matrix.kube-version }}"
        env:
-          KUBE_VERSION: ${{ matrix.kube-version }}
-        run: make run-e2e-tests-allinone
-  cassandra-e2e-tests:
-    name: Cassandra E2E tests
-    runs-on: ubuntu-20.04
-    strategy:
-      matrix:
-       kube-version:
-       - "1.19"
-       - "1.20"
-       - "1.21"
-       - "1.22"
-    steps:
-
-      - name: "Set up Go"
-        uses: actions/setup-go@v2.1.4
-        with:
-          go-version: 1.16
-      - name: "Check out code into the Go module directory"
-        uses: actions/checkout@v2.4.0
-      - name: "Install KUTTL"
-        run: ./.ci/install-kuttl.sh
-      - name: "install gomplate"
-        run: ./.ci/install-gomplate.sh
-      - name: "Install dependencies"
-        run: make install-tools
-      - name: "Run E2E test suite"
-        env:
-          KUBE_VERSION: ${{ matrix.kube-version }}
-        run: make run-e2e-tests-cassandra
-  elasticsearch-e2e-tests:
-    name: Elasticsearch E2E tests
-    runs-on: ubuntu-20.04
-    strategy:
-      matrix:
-       kube-version:
-       - "1.19"
-       - "1.20"
-       - "1.21"
-       - "1.22"
-    steps:
-      - name: "Set up Go"
-        uses: actions/setup-go@v2.1.4
-        with:
-          go-version: 1.16
-      - name: "Check out code into the Go module directory"
-        uses: actions/checkout@v2.4.0
-      - name: "Install KUTTL"
-        run: ./.ci/install-kuttl.sh
-      - name: "install gomplate"
-        run: ./.ci/install-gomplate.sh
-      - name: "Install dependencies"
-        run: make install-tools
-      - name: "Run E2E test suite"
-        env:
-          KUBE_VERSION: ${{ matrix.kube-version }}
-        run: make run-e2e-tests-elasticsearch
-  examples-e2e-tests:
-    name: Examples E2E tests
-    runs-on: ubuntu-20.04
-    strategy:
-      matrix:
-       kube-version:
-       - "1.19"
-       - "1.20"
-       - "1.21"
-       - "1.22"
-    steps:
-      - name: "Set up Go"
-        uses: actions/setup-go@v2.1.4
-        with:
-          go-version: 1.16
-      - name: "Check out code into the Go module directory"
-        uses: actions/checkout@v2.4.0
-      - name: "Install KUTTL"
-        run: ./.ci/install-kuttl.sh
-      - name: "install gomplate"
-        run: ./.ci/install-gomplate.sh
-      - name: "Install dependencies"
-        run: make install-tools
-      - name: "Run E2E test suite"
-        env:
-          KUBE_VERSION: ${{ matrix.kube-version }}
-        run: make run-e2e-tests-examples
-  generate-e2e-tests:
-    name: Generate E2E tests
-    runs-on: ubuntu-20.04
-    strategy:
-      matrix:
-       kube-version:
-       - "1.19"
-       - "1.20"
-       - "1.21"
-       - "1.22"
-    steps:
-      - name: "Set up Go"
-        uses: actions/setup-go@v2.1.4
-        with:
-          go-version: 1.16
-      - name: "Check out code into the Go module directory"
-        uses: actions/checkout@v2.4.0
-      - name: "Install KUTTL"
-        run: ./.ci/install-kuttl.sh
-      - name: "install gomplate"
-        run: ./.ci/install-gomplate.sh
-      - name: "Install dependencies"
-        run: make install-tools
-      - name: "Run E2E test suite"
-        env:
-          KUBE_VERSION: ${{ matrix.kube-version }}
-        run: make run-e2e-tests-generate
-  istio-e2e-tests:
-    name: Istio E2E tests
-    runs-on: ubuntu-20.04
-    strategy:
-      matrix:
-       kube-version:
-       - "1.19"
-       - "1.20"
-       - "1.21"
-       - "1.22"
-    steps:
-      - name: "Set up Go"
-        uses: actions/setup-go@v2.1.4
-        with:
-          go-version: 1.16
-      - name: "Check out code into the Go module directory"
-        uses: actions/checkout@v2.4.0
-      - name: "Install KUTTL"
-        run: ./.ci/install-kuttl.sh
-      - name: "install gomplate"
-        run: ./.ci/install-gomplate.sh
-      - name: "Install dependencies"
-        run: make install-tools
-      - name: "Run E2E test suite"
-        env:
-          KUBE_VERSION: ${{ matrix.kube-version }}
-        run: make run-e2e-tests-istio
-  outside-cluster-e2e-tests:
-    name: Outside cluster E2E tests
-    runs-on: ubuntu-20.04
-    strategy:
-      matrix:
-       kube-version:
-       - "1.19"
-       - "1.20"
-       - "1.21"
-       - "1.22"
-    steps:
-      - name: "Set up Go"
-        uses: actions/setup-go@v2.1.4
-        with:
-          go-version: 1.16
-      - name: "Check out code into the Go module directory"
-        uses: actions/checkout@v2.4.0
-      - name: "Install KUTTL"
-        run: ./.ci/install-kuttl.sh
-      - name: "install gomplate"
-        run: ./.ci/install-gomplate.sh
-      - name: "Install dependencies"
-        run: make install-tools
-      - name: "Run E2E test suite"
-        env:
-          KUBE_VERSION: ${{ matrix.kube-version }}
-        run: make run-e2e-tests-outside-cluster
-  smoke-e2e-tests:
-    name: Smoke E2E tests
-    runs-on: ubuntu-20.04
-    strategy:
-      matrix:
-       kube-version:
-       - "1.19"
-       - "1.20"
-       - "1.21"
-       - "1.22"
-    steps:
-      - name: "Set up Go"
-        uses: actions/setup-go@v2.1.4
-        with:
-          go-version: 1.16
-      - name: "Check out code into the Go module directory"
-        uses: actions/checkout@v2.4.0
-      - name: "Install KUTTL"
-        run: ./.ci/install-kuttl.sh
-      - name: "install gomplate"
-        run: ./.ci/install-gomplate.sh
-      - name: "Install dependencies"
-        run: make install-tools
-      - name: "Run E2E test suite"
-        env:
-          KUBE_VERSION: ${{ matrix.kube-version }}
-        run: make run-e2e-tests-smoke
-  streaming-e2e-tests:
-    name: Streaming E2E tests
-    runs-on: ubuntu-20.04
-    strategy:
-      matrix:
-       kube-version:
-       - "1.19"
-       - "1.20"
-       - "1.21"
-       - "1.22"
-    steps:
-      - name: "Set up Go"
-        uses: actions/setup-go@v2.1.4
-        with:
-          go-version: 1.16
-      - name: "Check out code into the Go module directory"
-        uses: actions/checkout@v2.4.0
-      - name: "Install KUTTL"
-        run: ./.ci/install-kuttl.sh
-      - name: "install gomplate"
-        run: ./.ci/install-gomplate.sh
-      - name: "Install dependencies"
-        run: make install-tools
-      - name: "Run E2E test suite"
-        env:
-          KUBE_VERSION: ${{ matrix.kube-version }}
-        run: make run-e2e-tests-streaming
-  upgrade-e2e-tests:
-    name: Upgrade E2E tests
-    runs-on: ubuntu-20.04
-    strategy:
-      matrix:
-       kube-version:
-       - "1.19"
-       - "1.20"
-       - "1.21"
-       - "1.22"
-    steps:
-      - name: "Set up Go"
-        uses: actions/setup-go@v2.1.4
-        with:
-          go-version: 1.16
-      - name: "Check out code into the Go module directory"
-        uses: actions/checkout@v2.4.0
-      - name: "Install KUTTL"
-        run: ./.ci/install-kuttl.sh
-      - name: "install gomplate"
-        run: ./.ci/install-gomplate.sh
-      - name: "Install dependencies"
-        run: make install-tools
-      - name: "Run E2E test suite"
-        env:
-          KUBE_VERSION: ${{ matrix.kube-version }}
-        run: make run-e2e-tests-upgrade
+          VERBOSE: "true"
+          KUBE_VERSION: "${{ matrix.kube-version }}"
+          DOCKER_BUILD_OPTIONS: "--cache-from	type=local,src=/tmp/.buildx-cache --cache-to type=local,dest=/tmp/.buildx-cache-new,mode=max --load"
+        run: make run-e2e-tests-${{ matrix.testsuite.name }}
+        shell: bash
+        # Temp fix
+        # https://github.com/docker/build-push-action/issues/252
+        # https://github.com/moby/buildkit/issues/1896
+      - name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+        shell: bash
--- a/.github/workflows/ossf-scorecard.yml
+++ b/.github/workflows/ossf-scorecard.yml
@ -0,0 +1,54 @@
+name: Scorecard supply-chain security
+on:
+  # For Branch-Protection check. Only the default branch is supported. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+  branch_protection_rule:
+  # To guarantee Maintained check is occasionally updated. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+  schedule:
+    - cron: '45 13 * * 1'
+  push:
+    branches: [ "main" ]
+
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Needed to publish results and get a badge (see publish_results below).
+      id-token: write
+      # Uncomment the permissions below if installing in a private repository.
+      # contents: read
+      # actions: read
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
+        with:
+          sarif_file: results.sarif
--- a/.github/workflows/publish-images.yaml
+++ b/.github/workflows/publish-images.yaml
@ -2,20 +2,27 @@ name: "Publish images"

 on:
  push:
-    branches: [ master ]
+    branches: [ main ]
+    paths-ignore:
+      - '**.md'
+
+permissions:
+  contents: read

 jobs:
  publish:
    runs-on: ubuntu-latest
+    env:
+      USER: jaegertracing
    steps:
-    - uses: actions/checkout@v2.4.0
-    - uses: docker/setup-qemu-action@v1.2.0
-    - uses: docker/setup-buildx-action@v1.6.0
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+    - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+    - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
    - name: "publishes the images"
      env:
        DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
-        DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+        DOCKER_PASSWORD: ${{ secrets.DOCKERHUB_TOKEN }}
        QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }}
        QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }}
-        OPERATOR_VERSION: master
+        OPERATOR_VERSION: main
      run: ./.ci/publish-images.sh
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@ -6,27 +6,25 @@ on:
    - 'v*'

 jobs:
-  unit-tests:
+  release:
    runs-on: ubuntu-20.04
+    env:
+      USER: jaegertracing
    steps:
    - name: Set up Go
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
      with:
-        go-version: 1.16
+        go-version: "1.22"

-    - uses: actions/checkout@v2.4.0
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

    - name: "install kubebuilder"
-      run: ./hack/install-kubebuilder.sh
+      run: ./hack/install/install-kubebuilder.sh

    - name: "install kustomize"
-      run: ./hack/install-kustomize.sh
-
-    - uses: jpkrohling/setup-operator-sdk@v1.1.0
-      with:
-        operator-sdk-version: v1.13.1
-    - uses: docker/setup-qemu-action@v1.2.0
-    - uses: docker/setup-buildx-action@v1.6.0
+      run: ./hack/install/install-kustomize.sh
+    - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+    - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0

    - name: "generate release resources"
      run: make release-artifacts USER=jaegertracing
@ -39,7 +37,7 @@ jobs:
    - name: "publishes the images"
      env:
        DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
-        DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+        DOCKER_PASSWORD: ${{ secrets.DOCKERHUB_TOKEN }}
        QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }}
        QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }}
      run: ./.ci/publish-images.sh
--- a/.github/workflows/sdk-scorecard.yaml
+++ b/.github/workflows/sdk-scorecard.yaml
@ -2,9 +2,16 @@ name: "Operator-SDK Scorecard"

 on:
  push:
-    branches: [ master ]
+    branches: [ main ]
+    paths-ignore:
+      - '**.md'
  pull_request:
-    branches: [ master ]
+    branches: [ main ]
+    paths-ignore:
+      - '**.md'
+
+permissions:
+  contents: read

 jobs:
  operator-sdk-scorecard:
@ -12,13 +19,12 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: "Check out code"
-        uses: actions/checkout@v2.4.0
-      - uses: jpkrohling/setup-operator-sdk@v1.1.0
-        with:
-          operator-sdk-version: v1.13.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: "Install KIND"
-        run: ./.ci/install-kind.sh
+        run: ./hack/install/install-kind.sh
      - name: "Install KUTTL"
-        run: ./.ci/install-kuttl.sh
+        run: ./hack/install/install-kuttl.sh
      - name: "Run Operator-SDK scorecard test"
+        env:
+          DOCKER_BUILD_OPTIONS: "--cache-from	type=local,src=/tmp/.buildx-cache --cache-to type=local,dest=/tmp/.buildx-cache-new,mode=max --load"
        run: make scorecard-tests-local
--- a/.gitignore
+++ b/.gitignore
@ -5,6 +5,8 @@ deploy/test
 vendor
 bin
 tests/_build
+_build
+logs
 # Created by https://www.gitignore.io/api/go,vim,emacs,visualstudiocode
 ### Emacs ###
 # -*- mode: gitignore; -*-
@ -88,3 +90,9 @@ import.log
 ### Kubernetes ###
 kubeconfig
 bin
+### Timestamp files to avoid rebuilding Docker images if not needed ###
+build-assert-job
+docker-e2e-upgrade-image
+build-e2e-upgrade-image
+### Reports for E2E tests
+reports
--- a/.golangci.yml
+++ b/.golangci.yml
@ -0,0 +1,33 @@
+issues:
+  # Excluding configuration per-path, per-linter, per-text and per-source
+  exclude-rules:
+    # Exclude some linters from running on tests files.
+    - path: _test\.go
+      linters:
+        - gosec
+    - linters:
+        - staticcheck
+      text: "SA1019:"
+
+linters-settings:
+  goimports:
+    local-prefixes: github.com/jaegertracing/jaeger-operator
+  gosimple:
+    go: "1.22"
+
+linters:
+  enable:
+    - bidichk
+    - errorlint
+    - gofumpt
+    - goimports
+    - gosec
+    - govet
+    - misspell
+    - testifylint
+  disable:
+    - errcheck
+
+run:
+  go: '1.22'
+  timeout: 10m
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,213 @@
 Changes by Version
 ==================
+## v1.65.0 (2025-01-22)
+
+* Pin agent version to 1.62.0 ([#2790](https://github.com/jaegertracing/jaeger-operator/pull/2790), [@rubenvp8510](https://github.com/rubenvp8510))
+* Added compatibility for Jaeger Operator v1.61.x and v1.62.x ([#2725](https://github.com/jaegertracing/jaeger-operator/pull/2725), [@mooneeb](https://github.com/mooneeb))
+
+## v1.62.0 (2024-10-10)
+
+* TRACING-4238 | Fix gatewat 502 timeout ([#2694](https://github.com/jaegertracing/jaeger-operator/pull/2694), [@pavolloffay](https://github.com/pavolloffay))
+* feat: added missing test for elasticsearch reconciler ([#2662](https://github.com/jaegertracing/jaeger-operator/pull/2662), [@Ankit152](https://github.com/Ankit152))
+
+## v1.61.0 (2024-09-16)
+
+* Bump google.golang.org/grpc from 1.66.0 to 1.66.1 ([#2675](https://github.com/jaegertracing/jaeger-operator/pull/2675), [@dependabot[bot]](https://github.com/apps/dependabot))
+* Bump google.golang.org/grpc from 1.65.0 to 1.66.0 ([#2670](https://github.com/jaegertracing/jaeger-operator/pull/2670), [@dependabot[bot]](https://github.com/apps/dependabot))
+* Bump the opentelemetry group with 9 updates ([#2668](https://github.com/jaegertracing/jaeger-operator/pull/2668), [@dependabot[bot]](https://github.com/apps/dependabot))
+
+## v1.60.0 (2024-08-13)
+* Fix Golang version in go.mod ([#2652](https://github.com/jaegertracing/jaeger-operator/pull/2652), [@iblancasa](https://github.com/iblancasa))
+
+## v1.60.0 (2024-08-09)
+* Test on k8s 1.30 ([#2647](https://github.com/jaegertracing/jaeger-operator/pull/2647), [@pavolloffay](https://github.com/pavolloffay))
+* Bump go to 1.22 and controller-gen to 1.14 ([#2646](https://github.com/jaegertracing/jaeger-operator/pull/2646), [@pavolloffay](https://github.com/pavolloffay))
+
+## v1.59.0 (2024-08-06)
+* Update compatibility matrix for v1.57.x ([#2594](https://github.com/jaegertracing/jaeger-operator/pull/2594), [@mooneeb](https://github.com/mooneeb))
+* imagePullSecrets is not set for agent DaemonSet ([#2563](https://github.com/jaegertracing/jaeger-operator/pull/2563), [@antoniomerlin](https://github.com/antoniomerlin))
+
+## v1.57.0 (2024-05-06)
+
+## v1.55.0 (2024-03-22)
+* Add server URL to JaegerMetricsStorageSpec ([#2481](https://github.com/jaegertracing/jaeger-operator/pull/2481), [@antoniomerlin](https://github.com/antoniomerlin))
+* Use the host set in the Ingess field for the OpenShift Route ([#2409](https://github.com/jaegertracing/jaeger-operator/pull/2409), [@iblancasa](https://github.com/iblancasa))
+* Add minimum Kubernetes and OpenShift versions ([#2492](https://github.com/jaegertracing/jaeger-operator/pull/2492), [@andreasgerstmayr](https://github.com/andreasgerstmayr))
+
+## v1.54.0 (2024-02-14)
+* apis/v1: add jaeger agent deprecation warning ([#2471](https://github.com/jaegertracing/jaeger-operator/pull/2471), [@frzifus](https://github.com/frzifus))
+
+## V1.53.0 (2024-01-17)
+* Choose the newer autoscaling version by default ([#2374](https://github.com/jaegertracing/jaeger-operator/pull/2374), [@iblancasa](https://github.com/iblancasa))
+* Upgrade operator-sdk to 1.32.0 ([#2388](https://github.com/jaegertracing/jaeger-operator/pull/2388), [@iblancasa](https://github.com/iblancasa))
+* Fix containerImage field and remove statement about failing CI ([#2386](https://github.com/jaegertracing/jaeger-operator/pull/2386), [@iblancasa](https://github.com/iblancasa))
+* Fix injection: prefer jaeger in the same namespace ([#2383](https://github.com/jaegertracing/jaeger-operator/pull/2383), [@pavolloffay](https://github.com/pavolloffay))
+
+## v1.52.0 (2023-12-07)
+* Add missing container security context settings and tests ([#2354](https://github.com/jaegertracing/jaeger-operator/pull/2354), [@tingeltangelthomas](https://github.com/tingeltangelthomas))
+
+## v1.51.0 (2023-11-17)
+* Support configuring images via RELATED_IMAGE_ environment variables ([#2355](https://github.com/jaegertracing/jaeger-operator/pull/2355), [@andreasgerstmayr](https://github.com/andreasgerstmayr))
+* Regenerate ES certificated when is close to 1 day for expire ([#2356](https://github.com/jaegertracing/jaeger-operator/pull/2356), [@rubenvp8510](https://github.com/rubenvp8510))
+* Bump actions/checkout from 3 to 4 ([#2316](https://github.com/jaegertracing/jaeger-operator/pull/2316), [@dependabot[bot]](https://github.com/apps/dependabot))
+* bump grpc to 1.58.3 ([#2346](https://github.com/jaegertracing/jaeger-operator/pull/2346), [@rubenvp8510](https://github.com/rubenvp8510))
+* Bump golang version to 1.21 ([#2347](https://github.com/jaegertracing/jaeger-operator/pull/2347), [@rubenvp8510](https://github.com/rubenvp8510))
+* Ensure oauth-proxy ImageStream is detected eventually ([#2340](https://github.com/jaegertracing/jaeger-operator/pull/2340), [@bverschueren](https://github.com/bverschueren))
+* Check if envFrom has ConfigMapRef set ([#2342](https://github.com/jaegertracing/jaeger-operator/pull/2342), [@edwardecook](https://github.com/edwardecook))
+* Bump golang.org/x/net from 0.13.0 to 0.17.0 ([#2343](https://github.com/jaegertracing/jaeger-operator/pull/2343), [@dependabot[bot]](https://github.com/apps/dependabot))
+* Fix issue related to new encoding in oauth-proxy image ([#2345](https://github.com/jaegertracing/jaeger-operator/pull/2345), [@iblancasa](https://github.com/iblancasa))
+* Always generate new oauth-proxy password ([#2333](https://github.com/jaegertracing/jaeger-operator/pull/2333), [@pavolloffay](https://github.com/pavolloffay))
+* Add v1.48.x and v1.49.x to the support map ([#2332](https://github.com/jaegertracing/jaeger-operator/pull/2332), [@ishaqkhattana](https://github.com/ishaqkhattana))
+* Pass proxy env vars to operands ([#2330](https://github.com/jaegertracing/jaeger-operator/pull/2330), [@pavolloffay](https://github.com/pavolloffay))
+* Protect auth delegator behind a mutex ([#2318](https://github.com/jaegertracing/jaeger-operator/pull/2318), [@iblancasa](https://github.com/iblancasa))
+
+## v1.49.1 (2023-09-07)
+* fix: protect the kafka-profision setting behind a mutex ([#2308](https://github.com/jaegertracing/jaeger-operator/pull/2308), [@iblancasa](https://github.com/iblancasa))
+
+## v1.48.1 (2023-09-04)
+* Use base image that does not require subscription (centos 9 stream) ([#2313](https://github.com/jaegertracing/jaeger-operator/pull/2313), [@pavolloffay](https://github.com/pavolloffay))
+* Update go dependencies to Kubernetes 0.28.1 ([#2301](https://github.com/jaegertracing/jaeger-operator/pull/2301), [@pavolloffay](https://github.com/pavolloffay))
+* Protect the ESProvisioning setting behind a mutex ([#2287](https://github.com/jaegertracing/jaeger-operator/pull/2287), [@iblancasa](https://github.com/iblancasa))
+
+## v1.48.0 (2023-08-28)
+
+* Remove the TokenReview after checking we can create it ([#2286](https://github.com/jaegertracing/jaeger-operator/pull/2286), [@iblancasa](https://github.com/iblancasa))
+* Fix apiVersion and kind are missing in jaeger-operator generate output ([#2281](https://github.com/jaegertracing/jaeger-operator/pull/2281), [@hiteshwani29](https://github.com/hiteshwani29))
+* Fix custom labels for the deployable components in production strategy  ([#2277](https://github.com/jaegertracing/jaeger-operator/pull/2277), [@hiteshwani29](https://github.com/hiteshwani29))
+* Ensure the OAuth Proxy image detection is run after the platform detection ([#2280](https://github.com/jaegertracing/jaeger-operator/pull/2280), [@iblancasa](https://github.com/iblancasa))
+* Added changes to respect env variable set from envFrom configMaps ([#2272](https://github.com/jaegertracing/jaeger-operator/pull/2272), [@hiteshwani29](https://github.com/hiteshwani29))
+* Refactor the autodetect module to reduce the number of writes/reads in viper configuration ([#2274](https://github.com/jaegertracing/jaeger-operator/pull/2274), [@iblancasa](https://github.com/iblancasa))
+
+## v1.47.0 (2023-07-12)
+* Expose admin ports for agent, collector, and query Deployments via the equivalent Service ([#2262](https://github.com/jaegertracing/jaeger-operator/pull/2262), [@thomaspaulin](https://github.com/thomaspaulin))
+* update otel sdk to v1.16.0/v0.39.0 ([#2261](https://github.com/jaegertracing/jaeger-operator/pull/2261), [@frzifus](https://github.com/frzifus))
+* Extended compatibility matrix ([#2255](https://github.com/jaegertracing/jaeger-operator/pull/2255), [@shazib-summar](https://github.com/shazib-summar))
+* Add support for Kubernetes 1.27 ([#2235](https://github.com/jaegertracing/jaeger-operator/pull/2235), [@iblancasa](https://github.com/iblancasa))
+* Jaeger Collector Config: `Lifecycle` and `TerminationGracePeriodSeconds` ([#2242](https://github.com/jaegertracing/jaeger-operator/pull/2242), [@taj-p](https://github.com/taj-p))
+
+## v1.46.0 (2023-06-16)
+* Missing exposed port 16685 in query deployments ([#2239](https://github.com/jaegertracing/jaeger-operator/pull/2239), [@iblancasa](https://github.com/iblancasa))
+* Use Golang 1.20 ([#2205](https://github.com/jaegertracing/jaeger-operator/pull/2205), [@iblancasa](https://github.com/iblancasa))
+* [BugFix] Properly set imagePullPolicy and containerSecurityContext for EsIndexCleaner cronjob container ([#2224](https://github.com/jaegertracing/jaeger-operator/pull/2224), [@michalschott](https://github.com/michalschott))
+* Remove resource limitation for the operator pod ([#2221](https://github.com/jaegertracing/jaeger-operator/pull/2221), [@iblancasa](https://github.com/iblancasa))
+* Add PriorityClass for AllInOne strategy ([#2218](https://github.com/jaegertracing/jaeger-operator/pull/2218), [@sonofgibs](https://github.com/sonofgibs))
+
+
+## v1.45.0 (2023-05-16)
+
+## v1.44.0 (2023-04-13)
+* Feat: add `NodeSelector` to jaeger collector, query, and ingestor ([#2200](https://github.com/jaegertracing/jaeger-operator/pull/2200), [@AhmedGrati](https://github.com/AhmedGrati))
+
+## v1.43.0 (2023-02-07)
+* update operator-sdk to 1.27.0 ([#2178](https://github.com/jaegertracing/jaeger-operator/pull/2178), [@iblancasa](https://github.com/iblancasa))
+* Support JaegerCommonSpec in JaegerCassandraCreateSchemaSpec ([#2176](https://github.com/jaegertracing/jaeger-operator/pull/2176), [@haanhvu](https://github.com/haanhvu))
+
+## v1.42.0 (2023-02-07)
+* Upgrade Kafka Operator default version to 0.32.0 ([#2150](https://github.com/jaegertracing/jaeger-operator/pull/2150), [@iblancasa](https://github.com/iblancasa))
+* Upgrade Kind, Kind images and add Kubernetes 1.26 ([#2161](https://github.com/jaegertracing/jaeger-operator/pull/2161), [@iblancasa](https://github.com/iblancasa))
+
+1.41.1 (2023-01-23)
+-------------------
+* Fix the Jaeger version for the Jaeger Operator 1.41.x  ([#2157](https://github.com/jaegertracing/jaeger-operator/pull/2157), [@iblancasa](https://github.com/iblancasa))
+
+1.40.0 (2022-12-23)
+-------------------
+* Support e2e tests on multi architecture environment ([#2139](https://github.com/jaegertracing/jaeger-operator/pull/2139), [@jkandasa](https://github.com/jkandasa))
+* limit the get of deployments to WATCH_NAMESPACE on sync ([#2126](https://github.com/jaegertracing/jaeger-operator/pull/2126), [@rubenvp8510](https://github.com/rubenvp8510))
+* choose first server address ([#2087](https://github.com/jaegertracing/jaeger-operator/pull/2087), [@Efrat19](https://github.com/Efrat19))
+* Fix query ingress when using streaming strategy ([#2120](https://github.com/jaegertracing/jaeger-operator/pull/2120), [@kevinearls](https://github.com/kevinearls))
+* Fix Liveness Probe for Ingester and Query ([#2122](https://github.com/jaegertracing/jaeger-operator/pull/2122), [@ricoberger](https://github.com/ricoberger))
+* Fix for min tls version to v1.2 ([#2119](https://github.com/jaegertracing/jaeger-operator/pull/2119), [@kangsheng89](https://github.com/kangsheng89))
+
+1.39.0 (2022-11-03)
+-------------------
+* Fix: svc port doesnt match istio convention ([#2101](https://github.com/jaegertracing/jaeger-operator/pull/2101), [@frzifus](https://github.com/frzifus))
+
+1.38.1 (2022-10-11)
+-------------------
+* Add ability to specify es proxy resources ([#2079](https://github.com/jaegertracing/jaeger-operator/pull/2079), [@rubenvp8510](https://github.com/rubenvp8510))
+* Fix: CVE-2022-27664 ([#2081](https://github.com/jaegertracing/jaeger-operator/pull/2081), [@albertlockett](https://github.com/albertlockett))
+* Add liveness and readiness probes to injected sidecar ([#2077](https://github.com/jaegertracing/jaeger-operator/pull/2077), [@MacroPower](https://github.com/MacroPower))
+* Add http- port prefix to follow istio naming conventions ([#2075](https://github.com/jaegertracing/jaeger-operator/pull/2075), [@cnvergence](https://github.com/cnvergence))
+
+1.38.0 (2022-09-19)
+-------------------
+* added pathType to ingress ([#2066](https://github.com/jaegertracing/jaeger-operator/pull/2066), [@giautm](https://github.com/giautm))
+* set alias enable variable for spark cronjob ([#2061](https://github.com/jaegertracing/jaeger-operator/pull/2061), [@miyunari](https://github.com/miyunari))
+* migrate autoscaling v2beta2 to v2 for Kubernetes 1.26 ([#2055](https://github.com/jaegertracing/jaeger-operator/pull/2055), [@iblancasa](https://github.com/iblancasa))
+* add container security context support ([#2033](https://github.com/jaegertracing/jaeger-operator/pull/2033), [@mjnagel](https://github.com/mjnagel))
+* change verbosity level and message of the log for autoprovisioned kafka ([#2026](https://github.com/jaegertracing/jaeger-operator/pull/2026), [@iblancasa](https://github.com/iblancasa))
+
+1.37.0 (2022-08-11)
+-------------------
+
+* Upgrade operator-sdk to 1.22.2 ([#2021](https://github.com/jaegertracing/jaeger-operator/pull/2021), [@iblancasa](https://github.com/iblancasa))
+* es-dependencies: support image pull secret ([#2012](https://github.com/jaegertracing/jaeger-operator/pull/2012), [@frzifus](https://github.com/frzifus))
+
+1.36.0 (2022-07-18)
+-------------------
+
+* added flag to change webhook port ([#1991](https://github.com/jaegertracing/jaeger-operator/pull/1991), [@klubi](https://github.com/klubi))
+* Upgrade operator-sdk to 1.22.0 ([#1951](https://github.com/jaegertracing/jaeger-operator/pull/1951), [@iblancasa](https://github.com/iblancasa))
+* Add elasticsearch storage date format config. ([#1325](https://github.com/jaegertracing/jaeger-operator/pull/1325), [@sniperking1234](https://github.com/sniperking1234))
+* Add support for custom liveness probe ([#1605](https://github.com/jaegertracing/jaeger-operator/pull/1605), [@ricoberger](https://github.com/ricoberger))
+* Add service annotations ([#1526](https://github.com/jaegertracing/jaeger-operator/pull/1526), [@herbguo](https://github.com/herbguo))
+
+1.35.0 (2022-06-16)
+-------------------
+
+* fix: point to a newer openshift oauth image 4.12 ([#1955](https://github.com/jaegertracing/jaeger-operator/pull/1955), [@frzifus](https://github.com/frzifus))
+* Expose OTLP collector and allInOne ports ([#1948](https://github.com/jaegertracing/jaeger-operator/pull/1948), [@rubenvp8510](https://github.com/rubenvp8510))
+* Add support for ImagePullSecrets in cronjobs ([#1935](https://github.com/jaegertracing/jaeger-operator/pull/1935), [@alexandrevilain](https://github.com/alexandrevilain))
+* fix: ocp es rollover #1932 ([#1937](https://github.com/jaegertracing/jaeger-operator/pull/1937), [@frzifus](https://github.com/frzifus))
+* add kafkaSecretName for collector and ingester ([#1910](https://github.com/jaegertracing/jaeger-operator/pull/1910), [@luohua13](https://github.com/luohua13))
+* Add autoscalability E2E test for OpenShift ([#1936](https://github.com/jaegertracing/jaeger-operator/pull/1936), [@iblancasa](https://github.com/iblancasa))
+* Fix version in Docker container. ([#1924](https://github.com/jaegertracing/jaeger-operator/pull/1924), [@iblancasa](https://github.com/iblancasa))
+* Verify namespace permissions before adding ns controller ([#1914](https://github.com/jaegertracing/jaeger-operator/pull/1914), [@rubenvp8510](https://github.com/rubenvp8510))
+* fix: skip dependencies on openshift platform ([#1921](https://github.com/jaegertracing/jaeger-operator/pull/1921), [@frzifus](https://github.com/frzifus))
+* fix: remove common name label ([#1920](https://github.com/jaegertracing/jaeger-operator/pull/1920), [@frzifus](https://github.com/frzifus))
+* Ignore not found error on 1.31.0 upgrade routine ([#1913](https://github.com/jaegertracing/jaeger-operator/pull/1913), [@rubenvp8510](https://github.com/rubenvp8510))
+
+1.34.1 (2022-05-24)
+-------------------
+Fix: storage.es.tls.enabled flag not passed to es-index-cleaner ([#1896](https://github.com/jaegertracing/jaeger-operator/pull/1896), [@indigostar-kr](https://github.com/indigostar-kr))
+
+1.34.0 (2022-05-18)
+-------------------
+* Fix: jaeger operator fails to parse Jaeger instance version ([#1885](https://github.com/jaegertracing/jaeger-operator/pull/1885), [@rubenvp8510](https://github.com/rubenvp8510))
+* Support Kubernetes 1.24 ([#1882](https://github.com/jaegertracing/jaeger-operator/pull/1882), [@iblancasa](https://github.com/iblancasa))
+* Cronjob migration ([#1856](https://github.com/jaegertracing/jaeger-operator/pull/1856), [@kevinearls](https://github.com/kevinearls))
+* Fix: setting default Istio annotation in Pod instead of Deployment ([#1860](https://github.com/jaegertracing/jaeger-operator/pull/1860), [@cnvergence](https://github.com/cnvergence))
+* Add http- prefix to port names in collector and agent services ([#1862](https://github.com/jaegertracing/jaeger-operator/pull/1862), [@cnvergence](https://github.com/cnvergence))
+
+1.33.0 (2022-04-14)
+-------------------
+* Adding priority-class for esIndexCleaner ([#1732](https://github.com/jaegertracing/jaeger-operator/pull/1732), [@swapnilpotnis](https://github.com/swapnilpotnis))
+* Fix: webhook deadlock  ([#1850](https://github.com/jaegertracing/jaeger-operator/pull/1850), [@frzifus](https://github.com/frzifus))
+* Fix: take namespace modifications into account ([#1839](https://github.com/jaegertracing/jaeger-operator/pull/1839), [@frzifus](https://github.com/frzifus))
+* Replace deployment reconciler with webhook ([#1828](https://github.com/jaegertracing/jaeger-operator/pull/1828), [@frzifus](https://github.com/frzifus))
+* Add managed by metric ([#1831](https://github.com/jaegertracing/jaeger-operator/pull/1831), [@rubenvp8510](https://github.com/rubenvp8510))
+* Fix admissionReviews version for operator-sdk upgrade ([#1827](https://github.com/jaegertracing/jaeger-operator/pull/1827), [@kevinearls](https://github.com/kevinearls))
+* Make RHOL Elasticsearch cert-management feature optional ([#1824](https://github.com/jaegertracing/jaeger-operator/pull/1824), [@pavolloffay](https://github.com/pavolloffay))
+* Update the operator-sdk to v1.17.0 ([#1825](https://github.com/jaegertracing/jaeger-operator/pull/1825), [@kevinearls](https://github.com/kevinearls))
+* Fix metrics selectors ([#1742](https://github.com/jaegertracing/jaeger-operator/pull/1742), [@rubenvp8510](https://github.com/rubenvp8510))
+
+1.32.0 (2022-03-09)
+-------------------
+
+* Custom Image Pull Policy ([#1798](https://github.com/jaegertracing/jaeger-operator/pull/1798), [@edenkoveshi](https://github.com/edenkoveshi))
+* add METRICS_STORAGE_TYPE for metrics query ([#1755](https://github.com/jaegertracing/jaeger-operator/pull/1755), [@JaredTan95](https://github.com/JaredTan95))
+* Make operator more resiliant to etcd defrag activity ([#1795](https://github.com/jaegertracing/jaeger-operator/pull/1795), [@pavolloffay](https://github.com/pavolloffay))
+* Automatically set num shards and replicas from referenced OCP ES ([#1737](https://github.com/jaegertracing/jaeger-operator/pull/1737), [@pavolloffay](https://github.com/pavolloffay))
+* support image pull secrets ([#1740](https://github.com/jaegertracing/jaeger-operator/pull/1740), [@frzifus](https://github.com/frzifus))
+* Fix webhook secret cert name ([#1772](https://github.com/jaegertracing/jaeger-operator/pull/1772), [@rubenvp8510](https://github.com/rubenvp8510))
+
+1.31.0 (2022-02-09)
+-------------------
+* Fix panic caused by an invalid type assertion ([#1738](https://github.com/jaegertracing/jaeger-operator/pull/1738), [@frzifus](https://github.com/frzifus))
+* Add ES autoprovisioning CR metric ([#1728](https://github.com/jaegertracing/jaeger-operator/pull/1728), [@rubenvp8510](https://github.com/rubenvp8510))
+* Use Elasticsearch provisioning from OpenShift Elasticsearch operator ([#1708](https://github.com/jaegertracing/jaeger-operator/pull/1708), [@pavolloffay](https://github.com/pavolloffay))
+
 1.30.0 (2022-01-18)
 -------------------
 * Only expose the query-http[s] port in the OpenShift route ([#1719](https://github.com/jaegertracing/jaeger-operator/pull/1719), [@rkukura](https://github.com/rkukura))
@ -14,7 +222,6 @@ Changes by Version
 * Add support for IBM Power (ppc64le) arch ([#1672](https://github.com/jaegertracing/jaeger-operator/pull/1672), [@Abhijit-Mane](https://github.com/Abhijit-Mane))
 * util.Truncate add the values to the truncated after the excess is 0 ([#1678](https://github.com/jaegertracing/jaeger-operator/pull/1678), [@mmatache](https://github.com/mmatache))

-
 1.29.1 (2021-12-15)
 -------------------
 * Register oschema for openshift resources  ([#1673](https://github.com/jaegertracing/jaeger-operator/pull/1673), [@rubenvp8510](https://github.com/rubenvp8510))
--- a/COMPATIBILITY.md
+++ b/COMPATIBILITY.md
@ -0,0 +1,34 @@
+The following table shows the compatibility of Jaeger Operator with three different components: Kubernetes, Strimzi Operator, and Cert-Manager.
+
+| Jaeger Operator | Kubernetes     | Strimzi Operator   | Cert-Manager |
+|-----------------|----------------|--------------------|--------------|
+| v1.62.x         | v1.19 to v1.30 | v0.32              | v1.6.1       |
+| v1.61.x         | v1.19 to v1.30 | v0.32              | v1.6.1       |
+| v1.60.x         | v1.19 to v1.30 | v0.32              | v1.6.1       |
+| v1.59.x         | v1.19 to v1.28 | v0.32              | v1.6.1       |
+| v1.58.x         | skipped        | skipped            | skipped      |
+| v1.57.x         | v1.19 to v1.28 | v0.32              | v1.6.1       |
+| v1.56.x         | v1.19 to v1.28 | v0.32              | v1.6.1       |
+| v1.55.x         | v1.19 to v1.28 | v0.32              | v1.6.1       |
+| v1.54.x         | v1.19 to v1.28 | v0.32              | v1.6.1       |
+| v1.53.x         | v1.19 to v1.28 | v0.32              | v1.6.1       |
+| v1.52.x         | v1.19 to v1.28 | v0.32              | v1.6.1       |
+| v1.51.x         | v1.19 to v1.28 | v0.32              | v1.6.1       |
+| v1.50.x         | v1.19 to v1.28 | v0.32              | v1.6.1       |
+| v1.49.x         | v1.19 to v1.28 | v0.32              | v1.6.1       |
+| v1.48.x         | v1.19 to v1.27 | v0.32              | v1.6.1       |
+| v1.47.x         | v1.19 to v1.27 | v0.32              | v1.6.1       |
+| v1.46.x         | v1.19 to v1.26 | v0.32              | v1.6.1       |
+| v1.45.x         | v1.19 to v1.26 | v0.32              | v1.6.1       |
+| v1.44.x         | v1.19 to v1.26 | v0.32              | v1.6.1       |
+| v1.43.x         | v1.19 to v1.26 | v0.32              | v1.6.1       |
+| v1.42.x         | v1.19 to v1.26 | v0.32              | v1.6.1       |
+| v1.41.x         | v1.19 to v1.25 | v0.30              | v1.6.1       |
+| v1.40.x         | v1.19 to v1.25 | v0.30              | v1.6.1       |
+| v1.39.x         | v1.19 to v1.25 | v0.30              | v1.6.1       |
+| v1.38.x         | v1.19 to v1.25 | v0.30              | v1.6.1       |
+| v1.37.x         | v1.19 to v1.24 | v0.23              | v1.6.1       |
+| v1.36.x         | v1.19 to v1.24 | v0.23              | v1.6.1       |
+| v1.35.x         | v1.19 to v1.24 | v0.23              | v1.6.1       |
+| v1.34.x         | v1.19 to v1.24 | v0.23              | v1.6.1       |
+| v1.33.x         | v1.19 to v1.23 | v0.23              | v1.6.1       |
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -6,96 +6,79 @@ This project is [Apache 2.0 licensed](LICENSE) and accepts contributions via Git

 We gratefully welcome improvements to documentation as well as to code.

-## Getting Started
-
 This project is a regular [Kubernetes Operator](https://coreos.com/operators/)  built using the Operator SDK. Refer to the Operator SDK documentation to understand the basic architecture of this operator.

-### Installing the Operator SDK command line tool
+## Installing the Operator SDK command line tool

-Follow the installation guidelines from [Operator SDK GitHub page](https://github.com/operator-framework/operator-sdk) or run `make install-sdk`.
+Follow the installation guidelines from [Operator SDK GitHub page](https://github.com/operator-framework/operator-sdk)

-### Developing
+## Developing

 As usual for operators following the Operator SDK in recent versions, the dependencies are managed using [`go modules`](https://golang.org/doc/go1.11#modules). Refer to that project's documentation for instructions on how to add or update dependencies.

-The first step is to get a local Kubernetes instance up and running. The recommended approach is using `minikube`. Refer to the Kubernetes'  [documentation](https://kubernetes.io/docs/tasks/tools/install-minikube/) for instructions on how to install it.
+The first step is to get a local Kubernetes instance up and running. The recommended approach for development is using `minikube` with *ingress* enabled. Refer to the Kubernetes'  [documentation](https://kubernetes.io/docs/tasks/tools/install-minikube/) for instructions on how to install it.

 Once `minikube` is installed, it can be started with:
-
-```
-minikube start
+```sh
+minikube start --addons=ingress
 ```

 NOTE: Make sure to read the documentation to learn the performance switches that can be applied to your platform.

-Once minikube has finished starting, get the Operator running:
+Log into docker (or another image registry):
+```sh
+docker login --username <dockerusername>
+```

+Once minikube has finished starting, get the Operator running:
+```sh
+make cert-manager
+IMG=docker.io/$USER/jaeger-operator:latest make generate bundle docker push deploy
 ```
-make run
-```
+
+NOTE: If your registry username is not the same as $USER, modify the previous command before executing it.  Also change *docker.io* if you are using a different image registry.

 At this point, a Jaeger instance can be installed:
-
-```
+```sh
 kubectl apply -f examples/simplest.yaml
 kubectl get jaegers
 kubectl get pods
 ```

-To remove the instance:
-
-```
-kubectl delete -f examples/simplest.yaml
+To verify the Jaeger instance is running, execute *minikube ip* and open that address in a browser, or follow the steps below
+```sh
+export MINIKUBE_IP=`minikube ip`
+curl http://{$MINIKUBE_IP}/api/services
 ```
+NOTE: you may have to execute the *curl* command twice to get a non-empty result

 Tests should be simple unit tests and/or end-to-end tests. For small changes, unit tests should be sufficient, but every new feature should be accompanied with end-to-end tests as well. Tests can be executed with:
-
-```
+```sh
 make test
 ```

-NOTE: you can adjust the Docker image namespace by overriding the variable `NAMESPACE`, like: `make test NAMESPACE=quay.io/my-username`. The full Docker image name can be customized by overriding `BUILD_IMAGE` instead, like: `make test BUILD_IMAGE=quay.io/my-username/jaeger-operator:0.0.1`
+#### Cleaning up
+To remove the instance:
+```sh
+kubectl delete -f examples/simplest.yaml
+```
+
+

 #### Model changes

 The Operator SDK generates the `pkg/apis/jaegertracing/v1/zz_generated.*.go` files via the command `make generate`. This should be executed whenever there's a model change (`pkg/apis/jaegertracing/v1/jaeger_types.go`)

-#### Ingress configuration
-
-Kubernetes comes with no ingress provider by default. For development purposes, when running `minikube`, the following command can be executed to install an ingress provider:
-
-```
-make ingress
-```
-
-This will install the `NGINX` ingress provider. It's recommended to wait for the ingress pods to be in the `READY` and `RUNNING` state before starting the operator. You can check it by running:
-
-```
-kubectl get pods -n ingress-nginx
-```
-
-To verify that it's working, deploy the `simplest.yaml` and check the ingress routes:
-
-```
-$ kubectl apply -f examples/simplest.yaml
-jaeger.jaegertracing.io/simplest created
-$ kubectl get ingress
-NAME             HOSTS     ADDRESS          PORTS     AGE
-simplest-query   *         192.168.122.69   80        12s
-```
-
-Accessing the provided "address" in your web browser should display the Jaeger UI.
-
-#### Storage configuration
+### Storage configuration

 There are a set of templates under the `test` directory that can be used to setup an Elasticsearch and/or Cassandra cluster. Alternatively, the following commands can be executed to install it:

-```
+```sh
 make es
 make cassandra
 ```

-#### Operator-Lifecycle-Manager Integration
+### Operator-Lifecycle-Manager Integration

 The [Operator-Lifecycle-Manager (OLM)](https://github.com/operator-framework/operator-lifecycle-manager/) can install, manage, and upgrade operators and their dependencies in a cluster.

@ -107,23 +90,22 @@ With OLM, users can:

 OLM also enforces some constraints on the components it manages in order to ensure a good user experience.

-The Jaeger community provides and maintains a [ClusterServiceVersion (CSV) YAML](https://github.com/operator-framework/operator-lifecycle-manager/blob/master/Documentation/design/building-your-csv.md/) to integrate with OLM.
+The Jaeger community provides and maintains a [ClusterServiceVersion (CSV) YAML](https://github.com/operator-framework/operator-lifecycle-manager/blob/master/doc/design/building-your-csv.md) to integrate with OLM.

 Starting from operator-sdk v0.5.0, one can generate and update CSVs based on the yaml files in the deploy folder.
 The Jaeger CSV can be updated to version 1.9.0 with the following command:

-```
+```sh
 $ operator-sdk generate csv --csv-version 1.9.0
 INFO[0000] Generating CSV manifest version 1.9.0
-INFO[0000] Create deploy/olm-catalog/jaeger-operator.csv.yaml 
-INFO[0000] Create deploy/olm-catalog/_generated.concat_crd.yaml 
+INFO[0000] Create deploy/olm-catalog/jaeger-operator.csv.yaml
+INFO[0000] Create deploy/olm-catalog/_generated.concat_crd.yaml
 ```

-The generated CSV yaml should then be compared and used to update the deploy/olm-catalog/jaeger.clusterserviceversion.yaml file which represents the stable version copied to the operatorhub following each jaeger operator release. Once merged, the jaeger-operator.csv.yaml file should be removed.
+The generated CSV yaml should then be compared and used to update the `deploy/olm-catalog/jaeger.clusterserviceversion.yaml` file which represents the stable version copied to the operatorhub following each jaeger operator release. Once merged, the `jaeger-operator.csv.yaml` file should be removed.

-The jaeger.clusterserviceversion.yaml file can then be tested with this command:
-
-```
+The `jaeger.clusterserviceversion.yaml` file can then be tested with this command:
+```sh
 $ operator-sdk scorecard --cr-manifest examples/simplest.yaml --csv-path deploy/olm-catalog/jaeger.clusterserviceversion.yaml --init-timeout 30
 Checking for existence of spec and status blocks in CR
 Checking that operator actions are reflected in status
@ -146,50 +128,113 @@ OLM Integration:
 Total Score: 4/18 points
 ```

-#### E2E tests
+## E2E tests

+### Requisites
+
+Before running the E2E tests you need to install:
+
+* [Kind](https://kind.sigs.k8s.io/docs/user/quick-start/#installation): a tool for running local Kubernetes clusters
+* [KUTTL](https://kuttl.dev/docs/cli.html#setup-the-kuttl-kubectl-plugin): a tool to run the Kubernetes tests
+
+
+### Runing the E2E tests
+
+#### Using KIND cluster
 The whole set of end-to-end tests can be executed via:

-```
-$ make e2e-tests
+```sh
+$ make run-e2e-tests
 ```

 The end-to-end tests are split into tags and can be executed in separate groups, such as:

-```
-$ make e2e-tests-smoke
+```sh
+$ make run-e2e-tests-examples
 ```

-Other targets include `e2e-tests-cassandra` and `e2e-tests-elasticsearch`. Refer to the `Makefile` for an up-to-date list of targets.
-
-If you face issues like the one below, make sure you don't have any Jaeger instances (`kubectl get jaegers`) running nor Ingresses (`kubectl get ingresses`):
-
-```
--- FAIL: TestSmoke (316.59s)
-    --- FAIL: TestSmoke/smoke (316.55s)
-        --- FAIL: TestSmoke/smoke/daemonset (115.54s)
-...
-...
-            daemonset.go:30: timed out waiting for the condition
-...
-...
+Other targets include `run-e2e-tests-cassandra` and `run-e2e-tests-elasticsearch`. You can list them running:
+```sh
+$ make e2e-test-suites
 ```

-##### Kuttl E2E tests
+**Note**: there are some variables you need to take into account in order to
+improve your experience running the E2E tests.

-There are some tests that uses [Kuttl](https://kuttl.dev/), those tests can be executed via:
+| Variable name     | Description                                         | Example usage                      |
+|-------------------|-----------------------------------------------------|------------------------------------|
+| KUTTL_OPTIONS     | Options to pass directly to the KUTTL call          | KUTTL_OPTIONS="--test es-rollover" |
+| E2E_TESTS_TIMEOUT | Timeout for each step in the E2E tests. In seconds  | E2E_TESTS_TIMEOUT=500              |
+| USE_KIND_CLUSTER  | Start a KIND cluster to run the E2E tests           | USE_KIND_CLUSTER=true              |
+| KIND_KEEP_CLUSTER | Not remove the KIND cluster after running the tests | KIND_KEEP_CLUSTER=true             |

-```
-$ make kuttl-e2e
+Also, you can enable/disable the installation of the different operators needed
+to run the tests:
+| Variable name  | Description                                 | Example usage       |
+|----------------|---------------------------------------------|---------------------|
+| JAEGER_OLM     | Jaeger Operator was installed using OLM     | JAEGER_OLM=true     |
+| KAFKA_OLM      | Kafka Operator was installed using OLM      | KAFKA_OLM=true      |
+| PROMETHEUS_OLM | Prometheus Operator was installed using OLM | PROMETHEUS_OLM=true |
+
+#### An external cluster (like OpenShift)
+The commands from the previous section are valid when running the E2E tests in an
+external cluster like OpenShift, minikube or other Kubernetes environment. The only
+difference are:
+* You need to log in your Kubernetes cluster before running the E2E tests
+* You need to provide the `USE_KIND_CLUSTER=false` parameter when calling `make`
+
+```sh
+$ make run-e2e-tests USE_KIND_CLUSTER=false
 ```

-You first need to install [Kind](https://kind.sigs.k8s.io/docs/user/quick-start/#installation) in order to run the based kuttle e2e tests
+### Developing new E2E tests
+
+E2E tests are located under `tests/e2e`. Each folder is associated to an E2E test suite. The
+Tests are developed using KUTTL. Before developing a new test, [learn how KUTTL test works](https://kuttl.dev/docs/what-is-kuttl.html).
+
+To add a new suite, it is needed to create a new folder with the name of the suite under `tests/e2e`.
+
+Each suite folder contains:
+* `Makefile`: describes the rules associated to rendering the files needed for your tests and run the tests
+* `render.sh`: renders all the files needed for your tests (or to skip them)
+* A folder per test to run
+
+When the test are rendered, each test folder is copied to `_build`. The files generated
+by `render.sh` are created under `_build/<test name>`.
+
+##### Makefile
+The `Makefile` file must contain two rules:
+
+```Makefile
+render-e2e-tests-<suite name>: set-assert-e2e-img-name
+	./tests/e2e/<suite name>/render.sh
+
+run-e2e-tests-<suite name>: TEST_SUITE_NAME=<suite name>
+run-e2e-tests-<suite name>: run-suite-tests
+```
+
+Where `<suite name>` is the name of your E2E test suite. Your E2E test suite
+will be automatically indexed in the `run-e2e-tests` Makefile target.
+
+##### render.sh
+
+This file renders all the YAML files that are part of the E2E test. The `render.sh`
+file must start with:
+
+```bash
+#!/bin/bash
+
+source $(dirname "$0")/../render-utils.sh
+```
+
+The `render-utils.sh` file contains multiple functions to make easier to develop E2E tests and reuse logic. You can go to it and review the documentation of each one of the functions to
+understand their parameters and effects.

 #### Building [OCI Images](https://github.com/opencontainers/image-spec/blob/master/spec.md) for multiple arch (linux/arm64, linux/amd64)

 OCI images could be built and published by [buildx](https://github.com/docker/buildx), it could be executed for local test via:

-```
+```sh
 $ OPERATOR_VERSION=devel ./.ci/publish-images.sh
 ```

@ -199,7 +244,7 @@ if we want to execute this in local env, need to setup buildx:

 1. install docker cli plugin

-```
+```sh
 $ export DOCKER_BUILDKIT=1
 $ docker build --platform=local -o . git://github.com/docker/buildx
 $ mkdir -p ~/.docker/cli-plugins
@ -209,13 +254,13 @@ $ mv buildx ~/.docker/cli-plugins/docker-buildx

 2. install qemu for multi arch

-```
+```sh
 $ docker run --privileged --rm tonistiigi/binfmt --install all
 ```
 (via https://github.com/docker/buildx#building-multi-platform-images)

 3. create a builder

-```
+```sh
 $ docker buildx create --use --name builder
 ```
--- a/22
+++ b/22
@ -1,14 +1,15 @@
 # Build the manager binary
-FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.16 as builder
-
+FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.22@sha256:f43c6f049f04cbbaeb28f0aad3eea15274a7d0a7899a617d0037aec48d7ab010 as builder

 WORKDIR /workspace
 # Copy the Go Modules manifests
-COPY go.mod go.mod
-COPY go.sum go.sum
 # cache deps before building and copying source so that we don't need to re-download as much
 # and so that source changes don't invalidate our downloaded layer
-RUN go mod download
+COPY hack/install/install-dependencies.sh hack/install/
+COPY hack/install/install-utils.sh hack/install/
+COPY go.mod .
+COPY go.sum .
+RUN ./hack/install/install-dependencies.sh

 # Copy the go source
 COPY main.go main.go
@ -20,6 +21,7 @@ COPY pkg/ pkg/
 COPY versions.txt versions.txt

 ARG JAEGER_VERSION
+ARG JAEGER_AGENT_VERSION
 ARG VERSION_PKG
 ARG VERSION
 ARG VERSION_DATE
@ -31,23 +33,23 @@ ARG VERSION_DATE
 # see last part of https://docs.docker.com/buildx/working-with-buildx/#build-multi-platform-images
 ARG TARGETARCH
 # Build
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} GO111MODULE=on go build -ldflags="-X ${VERSION_PKG}.version=${VERSION} -X ${VERSION_PKG}.buildDate=${VERSION_DATE} -X ${VERSION_PKG}.defaultJaeger=${JAEGER_VERSION}" -a -o jaeger-operator main.go
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} GO111MODULE=on go build -ldflags="-X ${VERSION_PKG}.version=${VERSION} -X ${VERSION_PKG}.buildDate=${VERSION_DATE} -X ${VERSION_PKG}.defaultJaeger=${JAEGER_VERSION}  -X ${VERSION_PKG}.defaultAgent=${JAEGER_AGENT_VERSION}" -a -o jaeger-operator main.go

-FROM registry.access.redhat.com/ubi8/ubi
+FROM quay.io/centos/centos:stream9

 ENV USER_UID=1001 \
    USER_NAME=jaeger-operator

 RUN INSTALL_PKGS="openssl" && \
-    yum install -y $INSTALL_PKGS && \
+    dnf install -y $INSTALL_PKGS && \
    rpm -V $INSTALL_PKGS && \
-    yum clean all && \
+    dnf clean all && \
    mkdir /tmp/_working_dir && \
    chmod og+w /tmp/_working_dir

 WORKDIR /
 COPY --from=builder /workspace/jaeger-operator .
-COPY scripts/ scripts/
+COPY scripts/cert_generation.sh scripts/cert_generation.sh

 USER ${USER_UID}:${USER_UID}

--- a/Dockerfile.asserts
+++ b/Dockerfile.asserts
@ -1,26 +1,35 @@
 # Build the manager binary
-FROM golang:1.16 as builder
+FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.22@sha256:f43c6f049f04cbbaeb28f0aad3eea15274a7d0a7899a617d0037aec48d7ab010 as builder

-WORKDIR /go/src/github.com/jaegertracing/jaeger-operator
+WORKDIR /workspace

 # Download the dependencies. Doing this, if there are changes in the source
 # code but not in the dependencies to download, the tool to build the image will
 # use the cached dependencies
-COPY go.mod /go/src/github.com/jaegertracing/jaeger-operator/go.mod
-COPY go.sum /go/src/github.com/jaegertracing/jaeger-operator/go.sum
-RUN go mod download
+COPY hack/install/install-dependencies.sh hack/install/
+COPY hack/install/install-utils.sh hack/install/
+COPY go.mod .
+COPY go.sum .
+RUN ./hack/install/install-dependencies.sh

-COPY . /go/src/github.com/jaegertracing/jaeger-operator/
+COPY tests tests
+
+ENV CGO_ENABLED=0

 # Build
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -o ./uiconfig -a ./tests/assert-jobs/uiconfig/main.go
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -o ./reporter -a ./tests/assert-jobs/reporter/main.go
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -o ./query -a ./tests/assert-jobs/query/main.go
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -o ./index -a ./tests/assert-jobs/index/main.go
+ARG TARGETOS
+ARG TARGETARCH

-FROM scratch
+RUN GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -o ./reporter -a ./tests/assert-jobs/reporter/main.go
+RUN GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -o ./reporter-otlp -a ./tests/assert-jobs/reporter-otlp/main.go
+RUN GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -o ./query -a ./tests/assert-jobs/query/main.go
+RUN GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -o ./index -a ./tests/assert-jobs/index/main.go
+
+# Use the curl container image to ensure we have curl installed. Also, it is a
+# minimal container image
+FROM curlimages/curl@sha256:94e9e444bcba979c2ea12e27ae39bee4cd10bc7041a472c4727a558e213744e6
 WORKDIR /
-COPY --from=builder /go/src/github.com/jaegertracing/jaeger-operator/uiconfig .
-COPY --from=builder /go/src/github.com/jaegertracing/jaeger-operator/reporter .
-COPY --from=builder /go/src/github.com/jaegertracing/jaeger-operator/query .
-COPY --from=builder /go/src/github.com/jaegertracing/jaeger-operator/index .
+COPY --from=builder /workspace/reporter .
+COPY --from=builder /workspace/reporter-otlp .
+COPY --from=builder /workspace/query .
+COPY --from=builder /workspace/index .
--- a/371
+++ b/371
@ -12,49 +12,90 @@ PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le
 GOARCH ?= $(go env GOARCH)
 GOOS ?= $(go env GOOS)
 GO_FLAGS ?= GOOS=$(GOOS) GOARCH=$(GOARCH) CGO_ENABLED=0 GO111MODULE=on
+GOPATH ?= "$(HOME)/go"
+GOROOT ?= "$(shell go env GOROOT)"
 WATCH_NAMESPACE ?= ""
 BIN_DIR ?= bin
 FMT_LOG=fmt.log
-
+ECHO ?= @echo $(echo_prefix)
+SED ?= "sed"
+# Jaeger Operator build variables
 OPERATOR_NAME ?= jaeger-operator
 IMG_PREFIX ?= quay.io/${USER}
 OPERATOR_VERSION ?= "$(shell grep -v '\#' versions.txt | grep operator | awk -F= '{print $$2}')"
-VERSION ?= "$(shell git describe --tags | sed 's/^v//')"
+VERSION ?=  "$(shell grep operator= versions.txt | awk -F= '{print $$2}')"
 IMG ?= ${IMG_PREFIX}/${OPERATOR_NAME}:${VERSION}
 BUNDLE_IMG ?= ${IMG_PREFIX}/${OPERATOR_NAME}-bundle:$(addprefix v,${VERSION})
 OUTPUT_BINARY ?= "$(BIN_DIR)/jaeger-operator"
 VERSION_PKG ?= "github.com/jaegertracing/jaeger-operator/pkg/version"
-JAEGER_VERSION ?= "$(shell grep jaeger= versions.txt | awk -F= '{print $$2}')"
-# Kafka and kafka operator variables
+export JAEGER_VERSION ?= "$(shell grep jaeger= versions.txt | awk -F= '{print $$2}')"
+# agent was removed in jaeger 1.62.0, and the new versions of jaeger doesn't distribute the images anymore
+# for that reason the last version of the agent is 1.62.0 and is pined here so we can update jaeger and maintain
+# the latest agent image.
+export JAEGER_AGENT_VERSION ?= "1.62.0"
+
+# Kafka and Kafka Operator variables
 STORAGE_NAMESPACE ?= "${shell kubectl get sa default -o jsonpath='{.metadata.namespace}' || oc project -q}"
 KAFKA_NAMESPACE ?= "kafka"
-KAFKA_EXAMPLE ?= "https://raw.githubusercontent.com/strimzi/strimzi-kafka-operator/0.23.0/examples/kafka/kafka-persistent-single.yaml"
-KAFKA_YAML ?= "https://github.com/strimzi/strimzi-kafka-operator/releases/download/0.23.0/strimzi-cluster-operator-0.23.0.yaml"
-ES_OPERATOR_NAMESPACE ?= openshift-logging
-ES_OPERATOR_BRANCH ?= release-4.4
-ES_OPERATOR_IMAGE ?= quay.io/openshift/origin-elasticsearch-operator:4.4
-# Istio binary path and version
-ISTIO_VERSION ?= 1.11.2
-ISTIO_PATH = ./tests/_build/
-ISTIOCTL="${ISTIO_PATH}istio/bin/istioctl"
-GOPATH ?= "$(HOME)/go"
-GOROOT ?= "$(shell go env GOROOT)"
-ECHO ?= @echo $(echo_prefix)
-SED ?= "sed"
-
+KAFKA_VERSION ?= 0.32.0
+KAFKA_EXAMPLE ?= "https://raw.githubusercontent.com/strimzi/strimzi-kafka-operator/${KAFKA_VERSION}/examples/kafka/kafka-persistent-single.yaml"
+KAFKA_YAML ?= "https://github.com/strimzi/strimzi-kafka-operator/releases/download/${KAFKA_VERSION}/strimzi-cluster-operator-${KAFKA_VERSION}.yaml"
+# Prometheus Operator variables
 PROMETHEUS_OPERATOR_TAG ?= v0.39.0
 PROMETHEUS_BUNDLE ?= https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/${PROMETHEUS_OPERATOR_TAG}/bundle.yaml
+# Metrics server variables
+METRICS_SERVER_TAG ?= v0.6.1
+METRICS_SERVER_YAML ?= https://github.com/kubernetes-sigs/metrics-server/releases/download/${METRICS_SERVER_TAG}/components.yaml
+# Ingress controller variables
+INGRESS_CONTROLLER_TAG ?= v1.0.1
+INGRESS_CONTROLLER_YAML ?= https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-${INGRESS_CONTROLLER_TAG}/deploy/static/provider/kind/deploy.yaml
+## Location to install tool dependencies
+LOCALBIN ?= $(shell pwd)/bin
+# Cert manager version to use
+CERTMANAGER_VERSION ?= 1.6.1
+CMCTL ?= $(LOCALBIN)/cmctl
+# Operator SDK
+OPERATOR_SDK ?= $(LOCALBIN)/operator-sdk
+OPERATOR_SDK_VERSION ?= 1.32.0
+# Minimum Kubernetes and OpenShift versions
+MIN_KUBERNETES_VERSION ?= 1.19.0
+MIN_OPENSHIFT_VERSION ?= 4.12
+# Use a KIND cluster for the E2E tests
+USE_KIND_CLUSTER ?= true
+ # Is Jaeger Operator installed via OLM?
+JAEGER_OLM ?= false
+# Is Kafka Operator installed via OLM?
+KAFKA_OLM ?= false
+# Is Prometheus Operator installed via OLM?
+PROMETHEUS_OLM ?= false
+# Istio binary path and version
+ISTIOCTL ?= $(LOCALBIN)/istioctl
+# Tools
+CRDOC ?= $(LOCALBIN)/crdoc
+KIND ?= $(LOCALBIN)/kind
+KUSTOMIZE ?= $(LOCALBIN)/kustomize


-LD_FLAGS ?= "-X $(VERSION_PKG).version=$(VERSION) -X $(VERSION_PKG).buildDate=$(VERSION_DATE) -X $(VERSION_PKG).defaultJaeger=$(JAEGER_VERSION)"
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
+ifeq (,$(shell go env GOBIN))
+GOBIN=$(shell go env GOPATH)/bin
+else
+GOBIN=$(shell go env GOBIN)
+endif
+
+LD_FLAGS ?= "-X $(VERSION_PKG).version=$(VERSION) -X $(VERSION_PKG).buildDate=$(VERSION_DATE) -X $(VERSION_PKG).defaultJaeger=$(JAEGER_VERSION) -X $(VERSION_PKG).defaultAgent=$(JAEGER_AGENT_VERSION)"

 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
-ENVTEST_K8S_VERSION = 1.22
-# Options for kuttl testing
-KUBE_VERSION ?= 1.20
+ENVTEST ?= $(LOCALBIN)/setup-envtest
+ENVTEST_K8S_VERSION = 1.30
+# Options for KIND version to use
+export KUBE_VERSION ?= 1.30
 KIND_CONFIG ?= kind-$(KUBE_VERSION).yaml

-SCORECARD_TEST_IMG ?= quay.io/operator-framework/scorecard-test:v1.13.1
+SCORECARD_TEST_IMG ?= quay.io/operator-framework/scorecard-test:v$(OPERATOR_SDK_VERSION)

 .DEFAULT_GOAL := build

@ -68,7 +109,7 @@ endif
 BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL)

 # Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
-CRD_OPTIONS ?= "crd:trivialVersions=true,preserveUnknownFields=false,maxDescLen=0,generateEmbeddedObjectMeta=true"
+CRD_OPTIONS ?= "crd:maxDescLen=0,generateEmbeddedObjectMeta=true"

 # If we are running in CI, run go test in verbose mode
 ifeq (,$(CI))
@ -80,51 +121,47 @@ endif
 all: manager

 .PHONY: check
-check:
+check: install-tools
 	$(ECHO) Checking...
-	$(VECHO)GOPATH=${GOPATH} .ci/format.sh > $(FMT_LOG)
+	$(VECHO)./.ci/format.sh > $(FMT_LOG)
 	$(VECHO)[ ! -s "$(FMT_LOG)" ] || (echo "Go fmt, license check, or import ordering failures, run 'make format'" | cat - $(FMT_LOG) && false)

 ensure-generate-is-noop: VERSION=$(OPERATOR_VERSION)
-ensure-generate-is-noop: USER=jaegertracing
 ensure-generate-is-noop: set-image-controller generate bundle
 	$(VECHO)# on make bundle config/manager/kustomization.yaml includes changes, which should be ignored for the below check
 	$(VECHO)git restore config/manager/kustomization.yaml
 	$(VECHO)git diff -s --exit-code api/v1/zz_generated.*.go || (echo "Build failed: a model has been changed but the generated resources aren't up to date. Run 'make generate' and update your PR." && exit 1)
 	$(VECHO)git diff -s --exit-code bundle config || (echo "Build failed: the bundle, config files has been changed but the generated bundle, config files aren't up to date. Run 'make bundle' and update your PR." && git diff && exit 1)
+	$(VECHO)git diff -s --exit-code docs/api.md || (echo "Build failed: the api.md file has been changed but the generated api.md file isn't up to date. Run 'make api-docs' and update your PR." && git diff && exit 1)


 .PHONY: format
-format:
+format: install-tools
 	$(ECHO) Formatting code...
-	$(VECHO)GOPATH=${GOPATH} .ci/format.sh
+	$(VECHO)./.ci/format.sh

 PHONY: lint
-lint:
+lint: install-tools
 	$(ECHO) Linting...
-	$(VECHO)GOPATH=${GOPATH} ./.ci/lint.sh
+	$(VECHO)$(LOCALBIN)/golangci-lint -v run

 .PHONY: vet
 vet: ## Run go vet against code.
 	go vet ./...

-.PHONY: security
-security:
-	$(ECHO) Security...
-	$(VECHO)${GOPATH}/bin/gosec -quiet -exclude=G104 ./... 2>/dev/null
-
 .PHONY: build
 build: format
 	$(ECHO) Building...
+	$(VECHO)./hack/install/install-dependencies.sh
 	$(VECHO)${GO_FLAGS} go build -ldflags $(LD_FLAGS) -o $(OUTPUT_BINARY) main.go

 .PHONY: docker
 docker:
-	$(VECHO)[ ! -z "$(PIPELINE)" ] || docker build --build-arg=GOPROXY=${GOPROXY} --build-arg=JAEGER_VERSION=${JAEGER_VERSION} --build-arg=TARGETARCH=$(GOARCH) --build-arg VERSION_DATE=${VERSION_DATE}  --build-arg VERSION_PKG=${VERSION_PKG} -t "$(IMG)" .
+	$(VECHO)[ ! -z "$(PIPELINE)" ] || docker build --build-arg=GOPROXY=${GOPROXY} --build-arg=VERSION=${VERSION} --build-arg=JAEGER_VERSION=${JAEGER_VERSION} --build-arg=JAEGER_AGENT_VERSION=${JAEGER_AGENT_VERSION} --build-arg=TARGETARCH=$(GOARCH) --build-arg VERSION_DATE=${VERSION_DATE}  --build-arg VERSION_PKG=${VERSION_PKG} -t "$(IMG)" . ${DOCKER_BUILD_OPTIONS}

 .PHONY: dockerx
 dockerx:
-	$(VECHO)[ ! -z "$(PIPELINE)" ] || docker buildx build --push --progress=plain --build-arg=JAEGER_VERSION=${JAEGER_VERSION} --build-arg=GOPROXY=${GOPROXY} --build-arg VERSION_DATE=${VERSION_DATE} --build-arg VERSION_PKG=${VERSION_PKG} --platform=$(PLATFORMS) $(IMAGE_TAGS) .
+	$(VECHO)[ ! -z "$(PIPELINE)" ] || docker buildx build --push --progress=plain --build-arg=VERSION=${VERSION} --build-arg=JAEGER_VERSION=${JAEGER_VERSION} --build-arg=JAEGER_AGENT_VERSION=${JAEGER_AGENT_VERSION} --build-arg=GOPROXY=${GOPROXY} --build-arg VERSION_DATE=${VERSION_DATE} --build-arg VERSION_PKG=${VERSION_PKG} --platform=$(PLATFORMS) $(IMAGE_TAGS) .

 .PHONY: push
 push:
@ -138,55 +175,24 @@ endif
 .PHONY: unit-tests
 unit-tests: envtest
 	@echo Running unit tests...
-	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test ${GOTEST_OPTS} ./... -cover -coverprofile=cover.out -ldflags $(LD_FLAGS)
-
-.PHONY: run
-run: manifests generate format vet
-	$(VECHO)rm -rf /tmp/_cert*
-	$(VECHO)go run -ldflags ${LD_FLAGS} ./main.go start ${CLI_FLAGS}
-
-.PHONY: run-debug
-run-debug: run
-run-debug: CLI_FLAGS = --log-level=debug --tracing-enabled=true
-
-.PHONY: set-max-map-count
-set-max-map-count:
-	# This is not required in OCP 4.1. The node tuning operator configures the property automatically
-	# when label tuned.openshift.io/elasticsearch=true label is present on the ES pod. The label
-	# is configured by ES operator.
-	$(VECHO)minishift ssh -- 'sudo sysctl -w vm.max_map_count=262144' > /dev/null 2>&1 || true
+	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test -p 1 ${GOTEST_OPTS} ./... -cover -coverprofile=cover.out -ldflags $(LD_FLAGS)

 .PHONY: set-node-os-linux
 set-node-os-linux:
 	# Elasticsearch requires labeled nodes. These labels are by default present in OCP 4.2
 	$(VECHO)kubectl label nodes --all kubernetes.io/os=linux --overwrite

-.PHONY: deploy-es-operator
-deploy-es-operator: set-node-os-linux set-max-map-count deploy-prometheus-operator
-ifeq ($(OLM),true)
-	$(ECHO) Skipping es-operator deployment, assuming it has been installed via OperatorHub
-else
-	$(VECHO)kubectl create namespace ${ES_OPERATOR_NAMESPACE} 2>&1 | grep -v "already exists" || true
-	$(VECHO)kubectl apply -f https://raw.githubusercontent.com/openshift/elasticsearch-operator/${ES_OPERATOR_BRANCH}/manifests/01-service-account.yaml -n ${ES_OPERATOR_NAMESPACE}
-	$(VECHO)kubectl apply -f https://raw.githubusercontent.com/openshift/elasticsearch-operator/${ES_OPERATOR_BRANCH}/manifests/02-role.yaml
-	$(VECHO)kubectl apply -f https://raw.githubusercontent.com/openshift/elasticsearch-operator/${ES_OPERATOR_BRANCH}/manifests/03-role-bindings.yaml
-	$(VECHO)kubectl apply -f https://raw.githubusercontent.com/openshift/elasticsearch-operator/${ES_OPERATOR_BRANCH}/manifests/04-crd.yaml -n ${ES_OPERATOR_NAMESPACE}
-	$(VECHO)kubectl apply -f https://raw.githubusercontent.com/openshift/elasticsearch-operator/${ES_OPERATOR_BRANCH}/manifests/05-deployment.yaml -n ${ES_OPERATOR_NAMESPACE}
-	$(VECHO)kubectl set image deployment/elasticsearch-operator elasticsearch-operator=${ES_OPERATOR_IMAGE} -n ${ES_OPERATOR_NAMESPACE}
-endif
+cert-manager: cmctl
+	# Consider using cmctl to install the cert-manager once install command is not experimental
+	kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v${CERTMANAGER_VERSION}/cert-manager.yaml
+	$(CMCTL) check api --wait=5m

-.PHONY: undeploy-es-operator
-undeploy-es-operator:
-ifeq ($(OLM),true)
-	$(ECHO) Skipping es-operator undeployment, as it should have been installed via OperatorHub
-else
-	$(VECHO)kubectl delete -f https://raw.githubusercontent.com/openshift/elasticsearch-operator/${ES_OPERATOR_BRANCH}/manifests/05-deployment.yaml -n ${ES_OPERATOR_NAMESPACE} --ignore-not-found=true || true
-	$(VECHO)kubectl delete -f https://raw.githubusercontent.com/openshift/elasticsearch-operator/${ES_OPERATOR_BRANCH}/manifests/04-crd.yaml -n ${ES_OPERATOR_NAMESPACE} --ignore-not-found=true || true
-	$(VECHO)kubectl delete -f https://raw.githubusercontent.com/openshift/elasticsearch-operator/${ES_OPERATOR_BRANCH}/manifests/03-role-bindings.yaml --ignore-not-found=true || true
-	$(VECHO)kubectl delete -f https://raw.githubusercontent.com/openshift/elasticsearch-operator/${ES_OPERATOR_BRANCH}/manifests/02-role.yaml --ignore-not-found=true || true
-	$(VECHO)kubectl delete -f https://raw.githubusercontent.com/openshift/elasticsearch-operator/${ES_OPERATOR_BRANCH}/manifests/01-service-account.yaml -n ${ES_OPERATOR_NAMESPACE} --ignore-not-found=true || true
-	$(VECHO)kubectl delete namespace ${ES_OPERATOR_NAMESPACE} --ignore-not-found=true 2>&1 || true
-endif
+undeploy-cert-manager:
+	kubectl delete --ignore-not-found=true -f https://github.com/jetstack/cert-manager/releases/download/v${CERTMANAGER_VERSION}/cert-manager.yaml
+
+cmctl: $(CMCTL)
+$(CMCTL): $(LOCALBIN)
+	./hack/install/install-cmctl.sh $(CERTMANAGER_VERSION)

 .PHONY: es
 es: storage
@ -199,15 +205,13 @@ endif
 .PHONY: istio
 istio:
 	$(ECHO) Install istio with minimal profile
-	$(VECHO)mkdir -p ${ISTIO_PATH}
-	[ -f "${ISTIOCTL}" ] || (curl -L https://istio.io/downloadIstio | ISTIO_VERSION=${ISTIO_VERSION} TARGET_ARCH=x86_64 sh - && mv ./istio-${ISTIO_VERSION} ${ISTIO_PATH}/istio/)
+	$(VECHO)./hack/install/install-istio.sh
 	$(VECHO)${ISTIOCTL} install --set profile=minimal -y

 .PHONY: undeploy-istio
 undeploy-istio:
-	$(VECHO)[ -f "${ISTIOCTL}" ] && (${ISTIOCTL} manifest generate --set profile=demo | kubectl delete --ignore-not-found=true -f -) || true
+	$(VECHO)${ISTIOCTL} manifest generate --set profile=demo | kubectl delete --ignore-not-found=true -f - || true
 	$(VECHO)kubectl delete namespace istio-system --ignore-not-found=true || true
-	$(VECHO)rm -rf ${ISTIO_PATH}

 .PHONY: cassandra
 cassandra: storage
@ -222,21 +226,21 @@ storage:
 deploy-kafka-operator:
 	$(ECHO) Creating namespace $(KAFKA_NAMESPACE)
 	$(VECHO)kubectl create namespace $(KAFKA_NAMESPACE) 2>&1 | grep -v "already exists" || true
-ifeq ($(OLM),true)
+ifeq ($(KAFKA_OLM),true)
 	$(ECHO) Skipping kafka-operator deployment, assuming it has been installed via OperatorHub
 else
-	$(VECHO)kubectl create clusterrolebinding strimzi-cluster-operator-namespaced --clusterrole=strimzi-cluster-operator-namespaced --serviceaccount ${KAFKA_NAMESPACE}:strimzi-cluster-operator 2>&1 | grep -v "already exists" || true
-	$(VECHO)kubectl create clusterrolebinding strimzi-cluster-operator-entity-operator-delegation --clusterrole=strimzi-entity-operator --serviceaccount ${KAFKA_NAMESPACE}:strimzi-cluster-operator 2>&1 | grep -v "already exists" || true
-	$(VECHO)kubectl create clusterrolebinding strimzi-cluster-operator-topic-operator-delegation --clusterrole=strimzi-topic-operator --serviceaccount ${KAFKA_NAMESPACE}:strimzi-cluster-operator 2>&1 | grep -v "already exists" || true
-	$(VECHO)curl --fail --location $(KAFKA_YAML) --output tests/_build/kafka-operator.yaml --create-dirs
-	$(VECHO)${SED} -i 's/namespace: .*/namespace: $(KAFKA_NAMESPACE)/' tests/_build/kafka-operator.yaml
-	$(VECHO) kubectl -n $(KAFKA_NAMESPACE) apply -f tests/_build/kafka-operator.yaml | grep -v "already exists" || true
-	$(VECHO)kubectl set env deployment strimzi-cluster-operator -n ${KAFKA_NAMESPACE} STRIMZI_NAMESPACE="*"
+	$(VECHO)curl --fail --location https://github.com/strimzi/strimzi-kafka-operator/releases/download/0.32.0/strimzi-0.32.0.tar.gz --output tests/_build/kafka-operator.tar.gz --create-dirs
+	$(VECHO)tar xf tests/_build/kafka-operator.tar.gz
+	$(VECHO)${SED} -i 's/namespace: .*/namespace: ${KAFKA_NAMESPACE}/' strimzi-${KAFKA_VERSION}/install/cluster-operator/*RoleBinding*.yaml
+	$(VECHO)kubectl create -f strimzi-${KAFKA_VERSION}/install/cluster-operator/020-RoleBinding-strimzi-cluster-operator.yaml -n ${KAFKA_NAMESPACE}
+	$(VECHO)kubectl create -f strimzi-${KAFKA_VERSION}/install/cluster-operator/023-RoleBinding-strimzi-cluster-operator.yaml -n ${KAFKA_NAMESPACE}
+	$(VECHO)kubectl create -f strimzi-${KAFKA_VERSION}/install/cluster-operator/031-RoleBinding-strimzi-cluster-operator-entity-operator-delegation.yaml -n ${KAFKA_NAMESPACE}
+	$(VECHO)kubectl apply -f strimzi-${KAFKA_VERSION}/install/cluster-operator/ -n ${KAFKA_NAMESPACE}
 endif

 .PHONY: undeploy-kafka-operator
 undeploy-kafka-operator:
-ifeq ($(OLM),true)
+ifeq ($(KAFKA_OLM),true)
 	$(ECHO) Skiping kafka-operator undeploy
 else
 	$(VECHO)kubectl delete --namespace $(KAFKA_NAMESPACE) -f tests/_build/kafka-operator.yaml --ignore-not-found=true 2>&1 || true
@ -244,7 +248,6 @@ else
 	$(VECHO)kubectl delete clusterrolebinding strimzi-cluster-operator-entity-operator-delegation --ignore-not-found=true || true
 	$(VECHO)kubectl delete clusterrolebinding strimzi-cluster-operator-topic-operator-delegation --ignore-not-found=true || true
 endif
-	$(VECHO)kubectl delete namespace $(KAFKA_NAMESPACE) --ignore-not-found=true 2>&1 || true

 .PHONY: kafka
 kafka: deploy-kafka-operator
@ -267,7 +270,7 @@ undeploy-kafka: undeploy-kafka-operator

 .PHONY: deploy-prometheus-operator
 deploy-prometheus-operator:
-ifeq ($(OLM),true)
+ifeq ($(PROMETHEUS_OLM),true)
 	$(ECHO) Skipping prometheus-operator deployment, assuming it has been installed via OperatorHub
 else
 	$(VECHO)kubectl apply -f ${PROMETHEUS_BUNDLE}
@ -275,14 +278,15 @@ endif

 .PHONY: undeploy-prometheus-operator
 undeploy-prometheus-operator:
-ifeq ($(OLM),true)
+ifeq ($(PROMETHEUS_OLM),true)
 	$(ECHO) Skipping prometheus-operator undeployment, as it should have been installed via OperatorHub
 else
 	$(VECHO)kubectl delete -f ${PROMETHEUS_BUNDLE} --ignore-not-found=true || true
 endif

 .PHONY: clean
-clean: undeploy-kafka undeploy-es-operator undeploy-prometheus-operator undeploy-istio
+clean: undeploy-kafka undeploy-prometheus-operator undeploy-istio undeploy-cert-manager
+	$(VECHO)kubectl delete namespace $(KAFKA_NAMESPACE) --ignore-not-found=true 2>&1 || true
 	$(VECHO)if [ -d tests/_build ]; then rm -rf tests/_build ; fi
 	$(VECHO)kubectl delete -f ./tests/cassandra.yml --ignore-not-found=true -n $(STORAGE_NAMESPACE) || true
 	$(VECHO)kubectl delete -f ./tests/elasticsearch.yml --ignore-not-found=true -n $(STORAGE_NAMESPACE) || true
@ -292,17 +296,21 @@ manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and Cust
 	$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases

 .PHONY: generate
-generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
+generate: controller-gen api-docs ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
 	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."

 .PHONY: test
-test: unit-tests e2e-tests
+test: unit-tests run-e2e-tests

 .PHONY: all
-all: check format lint security build test
+all: check format lint build test

 .PHONY: ci
-ci: ensure-generate-is-noop check format lint security build unit-tests
+ci: install-tools ensure-generate-is-noop check format lint build unit-tests
+
+##@ Deployment
+
+ignore-not-found ?= false

 .PHONY: install
 install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
@ -310,16 +318,18 @@ install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~

 .PHONY: uninstall
 uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config.
-	$(KUSTOMIZE) build config/crd | kubectl delete -f -
+	$(KUSTOMIZE) build config/crd | kubectl delete --ignore-not-found=$(ignore-not-found) -f -

 .PHONY: deploy
 deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
+	kubectl create namespace observability 2>&1 | grep -v "already exists" || true
 	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	./hack/enable-operator-features.sh
 	$(KUSTOMIZE) build config/default | kubectl apply -f -

 .PHONY: undeploy
-undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config.
-	$(KUSTOMIZE) build config/default | kubectl delete -f -
+undeploy: kustomize ## Undeploy controller from the K8s cluster specified in ~/.kube/config.
+	$(KUSTOMIZE) build config/default | kubectl delete --ignore-not-found=$(ignore-not-found) -f -

 .PHONY: operatorhub
 operatorhub: check-operatorhub-pr-template
@ -333,41 +343,30 @@ check-operatorhub-pr-template:
 .PHONY: changelog
 changelog:
 	$(ECHO) "Set env variable OAUTH_TOKEN before invoking, https://github.com/settings/tokens/new?description=GitHub%20Changelog%20Generator%20token"
-	$(VECHO)docker run --rm  -v "${PWD}:/app" pavolloffay/gch:latest --oauth-token ${OAUTH_TOKEN} --owner jaegertracing --repo jaeger-operator
+	$(VECHO)docker run --rm  -v "${PWD}:/app" pavolloffay/gch:latest --oauth-token ${OAUTH_TOKEN} --branch main --owner jaegertracing --repo jaeger-operator


 CONTROLLER_GEN = $(shell pwd)/bin/controller-gen
 controller-gen: ## Download controller-gen locally if necessary.
-	$(call go-get-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@v0.6.1)
+	$(VECHO)./hack/install/install-controller-gen.sh

-KUSTOMIZE = $(shell pwd)/bin/kustomize
-kustomize: ## Download kustomize locally if necessary.
-	$(call go-get-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/v3@v3.8.7)
-
-ENVTEST = $(shell pwd)/bin/setup-envtest
-envtest: ## Download envtest-setup locally if necessary.
-	$(call go-get-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest@latest)
-
-# go-get-tool will 'go get' any package $2 and install it to $1.
-PROJECT_DIR := $(shell git rev-parse --show-toplevel)
-define go-get-tool
-@[ -f $(1) ] || { \
-set -e ;\
-TMP_DIR=$$(mktemp -d) ;\
-cd $$TMP_DIR ;\
-go mod init tmp ;\
-echo "Downloading $(2)" ;\
-GOBIN=$(PROJECT_DIR)/bin go get $(2) ;\
-rm -rf $$TMP_DIR ;\
-}
-endef
+.PHONY: envtest
+envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
+$(ENVTEST): $(LOCALBIN)
+	test -s $(ENVTEST) || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest

 .PHONY: bundle
-bundle: manifests kustomize ## Generate bundle manifests and metadata, then validate generated files.
-	operator-sdk generate kustomize manifests -q
+bundle: manifests kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files.
+	$(SED) -i "s#containerImage: quay.io/jaegertracing/jaeger-operator:$(OPERATOR_VERSION)#containerImage: quay.io/jaegertracing/jaeger-operator:$(VERSION)#g" config/manifests/bases/jaeger-operator.clusterserviceversion.yaml
+	$(SED) -i 's/minKubeVersion: .*/minKubeVersion: $(MIN_KUBERNETES_VERSION)/' config/manifests/bases/jaeger-operator.clusterserviceversion.yaml
+	$(SED) -i 's/com.redhat.openshift.versions=.*/com.redhat.openshift.versions=v$(MIN_OPENSHIFT_VERSION)/' bundle.Dockerfile
+	$(SED) -i 's/com.redhat.openshift.versions: .*/com.redhat.openshift.versions: v$(MIN_OPENSHIFT_VERSION)/' bundle/metadata/annotations.yaml
+
+	$(OPERATOR_SDK) generate kustomize manifests -q
 	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
-	$(KUSTOMIZE) build config/manifests | operator-sdk generate bundle -q --overwrite --manifests --version $(VERSION) $(BUNDLE_METADATA_OPTS)
-	operator-sdk bundle validate ./bundle
+	$(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle -q --overwrite --manifests --version $(VERSION) $(BUNDLE_METADATA_OPTS)
+	$(OPERATOR_SDK) bundle validate ./bundle
+	./hack/ignore-createdAt-bundle.sh

 .PHONY: bundle-build
 bundle-build: ## Build the bundle image.
@ -375,7 +374,7 @@ bundle-build: ## Build the bundle image.

 .PHONY: bundle-push
 bundle-push: ## Push the bundle image.
-	$(MAKE) docker-push IMG=$(BUNDLE_IMG)
+	docker push $(BUNDLE_IMG)

 .PHONY: opm
 OPM = ./bin/opm
@ -420,24 +419,36 @@ catalog-push: ## Push a catalog image.

 .PHONY: start-kind
 start-kind: kind
+ifeq ($(USE_KIND_CLUSTER),true)
+	$(ECHO) Starting KIND cluster...
 # Instead of letting KUTTL create the Kind cluster (using the CLI or in the kuttl-tests.yaml
 # file), the cluster is created here. There are multiple reasons to do this:
 # 	* The kubectl command will not work outside KUTTL
 #	* Some KUTTL versions are not able to start properly a Kind cluster
 #	* The cluster will be removed after running KUTTL (this can be disabled). Sometimes,
 #		the cluster teardown is not done properly and KUTTL can not be run with the --start-kind flag
-# When the Kind cluster is not created by Kuttl, the
-# kindContainers parameter from kuttl-tests.yaml has not effect so, it is needed to load the
-# container images here.
+# When the Kind cluster is not created by Kuttl, the kindContainers parameter
+# from kuttl-tests.yaml has not effect so, it is needed to load the container
+# images here.
 	$(VECHO)$(KIND) create cluster --config $(KIND_CONFIG) 2>&1 | grep -v "already exists" || true
-	$(VECHO)$(KIND) load docker-image local/jaeger-operator:e2e
-	$(VECHO)$(KIND) load docker-image local/asserts:e2e
-	$(VECHO)$(KIND) load docker-image jaegertracing/vertx-create-span:operator-e2e-tests
-	$(VECHO)$(KIND) load docker-image local/jaeger-operator:next
-	$(VECHO)$(KIND) load docker-image docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.6
+# Install metrics-server for HPA
+	$(ECHO)"Installing the metrics-server in the kind cluster"
+	$(VECHO)kubectl apply -f $(METRICS_SERVER_YAML)
+	$(VECHO)kubectl patch deployment -n kube-system metrics-server --type "json" -p '[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": --kubelet-insecure-tls}]'
+# Install the ingress-controller
+	$(ECHO)"Installing the Ingress controller in the kind cluster"
+	$(VECHO)kubectl apply -f $(INGRESS_CONTROLLER_YAML)
+# Check the deployments were done properly
+	$(ECHO)"Checking the metrics-server was deployed properly"
+	$(VECHO)kubectl wait --for=condition=available deployment/metrics-server -n kube-system --timeout=5m
+	$(ECHO)"Checking the Ingress controller deployment was done successfully"
+	$(VECHO)kubectl wait --for=condition=available deployment ingress-nginx-controller -n ingress-nginx --timeout=5m
+else
+	$(ECHO)"KIND cluster creation disabled. Skipping..."
+endif

 stop-kind:
-	$(ECHO)Stopping the kind cluster
+	$(ECHO)"Stopping the kind cluster"
 	$(VECHO)kind delete cluster

 .PHONY: install-git-hooks
@ -449,59 +460,35 @@ release-artifacts: set-image-controller
 	mkdir -p dist
 	$(KUSTOMIZE) build config/default -o dist/jaeger-operator.yaml

-
-kuttl:
-ifeq (, $(shell which kubectl-kuttl))
-	echo ${PATH}
-	ls -l /usr/local/bin
-	which kubectl-kuttl
-
-	@{ \
-	set -e ;\
-	echo "" ;\
-	echo "ERROR: kuttl not found." ;\
-	echo "Please check https://kuttl.dev/docs/cli.html for installation instructions and try again." ;\
-	echo "" ;\
-	exit 1 ;\
-	}
-else
-KUTTL=$(shell which kubectl-kuttl)
-endif
-
 # Set the controller image parameters
 set-image-controller: manifests kustomize
 	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}

-kind:
-ifeq (, $(shell which kind))
-	@{ \
-	set -e ;\
-	echo "" ;\
-	echo "ERROR: KIND not found." ;\
-	echo "Please check https://kind.sigs.k8s.io/docs/user/quick-start/#installation for installation instructions and try again." ;\
-	echo "" ;\
-	exit 1 ;\
-	}
-else
-KIND=$(shell which kind)
-endif
-
+.PHONY: tools
 tools: kustomize controller-gen operator-sdk

 .PHONY: install-tools
-install-tools:
-	$(VECHO)${GO_FLAGS} ./.ci/vgot.sh \
-		golang.org/x/lint/golint \
-		golang.org/x/tools/cmd/goimports \
-		github.com/securego/gosec/cmd/gosec@v0.0.0-20191008095658-28c1128b7336
-	$(VECHO)./.ci/install-gomplate.sh
+install-tools: operator-sdk
+	$(VECHO)./hack/install/install-golangci-lint.sh
+	$(VECHO)./hack/install/install-goimports.sh
+
+.PHONY: kustomize
+kustomize: $(KUSTOMIZE)
+$(KUSTOMIZE): $(LOCALBIN)
+	./hack/install/install-kustomize.sh
+
+.PHONY: kind
+kind: $(KIND)
+$(KIND): $(LOCALBIN)
+	./hack/install/install-kind.sh

 .PHONY: prepare-release
 prepare-release:
 	$(VECHO)./.ci/prepare-release.sh

-scorecard-tests:
-	operator-sdk scorecard bundle -w 600s || (echo "scorecard test failed" && exit 1)
+scorecard-tests: operator-sdk
+	echo "Operator sdk is $(OPERATOR_SDK)"
+	$(OPERATOR_SDK) scorecard bundle -w 10m || (echo "scorecard test failed" && exit 1)

 scorecard-tests-local: kind
 	$(VECHO)$(KIND) create cluster --config $(KIND_CONFIG) 2>&1 | grep -v "already exists" || true
@ -509,3 +496,23 @@ scorecard-tests-local: kind
 	$(VECHO)$(KIND) load docker-image $(SCORECARD_TEST_IMG)
 	$(VECHO)kubectl wait --timeout=5m --for=condition=available deployment/coredns -n kube-system
 	$(VECHO)$(MAKE) scorecard-tests
+
+.PHONY: operator-sdk
+operator-sdk: $(OPERATOR_SDK)
+$(OPERATOR_SDK): $(LOCALBIN)
+	test -s $(OPERATOR_SDK) || curl -sLo $(OPERATOR_SDK) https://github.com/operator-framework/operator-sdk/releases/download/v${OPERATOR_SDK_VERSION}/operator-sdk_`go env GOOS`_`go env GOARCH`
+	@chmod +x $(OPERATOR_SDK)
+
+api-docs: crdoc kustomize
+	@{ \
+	set -e ;\
+	TMP_DIR=$$(mktemp -d) ; \
+	$(KUSTOMIZE) build config/crd -o $$TMP_DIR/crd-output.yaml ;\
+	$(CRDOC) --resources $$TMP_DIR/crd-output.yaml --output docs/api.md ;\
+	}
+
+.PHONY: crdoc
+crdoc: $(CRDOC)
+$(CRDOC): $(LOCALBIN)
+	test -s $(CRDOC) || GOBIN=$(LOCALBIN) go install fybrik.io/crdoc@v0.5.2
+	@chmod +x $(CRDOC)
--- a/4
+++ b/4
@ -16,4 +16,8 @@ resources:
  kind: Jaeger
  path: github.com/jaegertracing/jaeger-operator/apis/v1
  version: v1
+  webhooks:
+    defaulting: true
+    validation: true
+    webhookVersion: v1
 version: "3"
--- a/README.md
+++ b/README.md
@ -1,5 +1,4 @@
-
-[![Build Status][ci-img]][ci] [![Go Report Card][goreport-img]][goreport] [![Code Coverage][cov-img]][cov] [![GoDoc][godoc-img]][godoc]
+[![Build Status][ci-img]][ci] [![Go Report Card][goreport-img]][goreport] [![Code Coverage][cov-img]][cov] [![GoDoc][godoc-img]][godoc] [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/jaegertracing/jaeger-operator/badge)](https://securityscorecards.dev/viewer/?uri=github.com/jaegertracing/jaeger-operator)

 # Jaeger Operator for Kubernetes

@ -34,16 +33,11 @@ In this example, the Jaeger UI is available at http://192.168.122.34.

 The official documentation for the Jaeger Operator, including all its customization options, are available under the main [Jaeger Documentation](https://www.jaegertracing.io/docs/latest/operator/).

+CRD-API documentation can be found [here](./docs/api.md).
+
 ## Compatibility matrix

-The following table shows the compatibility of jaeger operator with different components, in this particular case we shows Kubernetes and Strimzi operator compatibility
-
-
-| Jaeger Operator | Kubernetes           | Strimzi Operator   |
-|-----------------|----------------------|---------------------
-| v1.24           | v1.19, v1.20, v1.21  | v0.23              |
-| v1.23           | v1.19, v1.20, v1.21  | v0.19, v0.20       |
-| v1.22           | v1.18 to v1.20       | v0.19              |
+See the compatibility matrix [here](./COMPATIBILITY.md).


 ### Jaeger Operator vs. Jaeger
@ -70,25 +64,157 @@ The jaeger Operator *might* work on other untested versions of Strimzi Operator,

 ## (experimental) Generate Kubernetes manifest file

-Sometimes it is preferable to generate plain manifests files instead of running an operator in a cluster. `jaeger-operator generate` generates kubernetes manifests from a given CR. In this example we apply the manifest generated by [examples/simplest.yaml](https://raw.githubusercontent.com/jaegertracing/jaeger-operator/master/examples/simplest.yaml) to the namespace `jaeger-test`:
+Sometimes it is preferable to generate plain manifests files instead of running an operator in a cluster. `jaeger-operator generate` generates kubernetes manifests from a given CR. In this example we apply the manifest generated by [examples/simplest.yaml](https://raw.githubusercontent.com/jaegertracing/jaeger-operator/main/examples/simplest.yaml) to the namespace `jaeger-test`:

 ```bash
-curl https://raw.githubusercontent.com/jaegertracing/jaeger-operator/master/examples/simplest.yaml | docker run -i --rm jaegertracing/jaeger-operator:master generate | kubectl apply -n jaeger-test -f -
+curl https://raw.githubusercontent.com/jaegertracing/jaeger-operator/main/examples/simplest.yaml | docker run -i --rm jaegertracing/jaeger-operator:main generate | kubectl apply -n jaeger-test -f -
 ```

 It is recommended to deploy the operator instead of generating a static manifest.

+## Jaeger V2 Operator
+
+As the Jaeger V2 is released, it is decided that Jaeger V2 will deployed on Kubernetes using [OpenTelemetry Operator](https://github.com/open-telemetry/opentelemetry-operator). This will benefit both the users of Jaeger and OpenTelemetry. To use Jaeger V2 with OpenTelemetry Operator, the steps are as follows:
+
+* Install the cert-manager in the existing cluster with the command:
+```bash
+kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.16.1/cert-manager.yaml
+```
+
+Please verify all the resources (e.g., Pods and Deployments) are in a ready state in the `cert-manager` namespace.
+
+* Install the OpenTelemetry Operator by running:
+```bash
+kubectl apply -f https://github.com/open-telemetry/opentelemetry-operator/releases/latest/download/opentelemetry-operator.yaml
+```
+
+Please verify all the resources (e.g., Pods and Deployments) are in a ready state in the `opentelemetry-operator-system` namespace.
+
+### Using Jaeger with in-memory storage
+
+Once all the resources are ready, create a Jaeger instance as follows:
+```yaml
+kubectl apply -f - <<EOF
+apiVersion: opentelemetry.io/v1beta1
+kind: OpenTelemetryCollector
+metadata:
+  name: jaeger-inmemory-instance
+spec:
+  image: jaegertracing/jaeger:latest
+  ports:
+  - name: jaeger
+    port: 16686
+  config:
+    service:
+      extensions: [jaeger_storage, jaeger_query]
+      pipelines:
+        traces:
+          receivers: [otlp]    
+          exporters: [jaeger_storage_exporter]
+    extensions:
+      jaeger_query:
+        storage:
+          traces: memstore
+      jaeger_storage:
+        backends:
+          memstore:
+            memory:
+              max_traces: 100000
+    receivers:
+      otlp:
+        protocols:
+          grpc:
+            endpoint: 0.0.0.0:4317
+          http:
+            endpoint: 0.0.0.0:4318
+    exporters:
+      jaeger_storage_exporter:
+        trace_storage: memstore
+EOF
+```
+
+To use the in-memory storage ui for Jaeger V2, expose the pod, deployment or the service as follows:
+```bash
+kubectl port-forward deployment/jaeger-inmemory-instance-collector 8080:16686
+```
+
+Or
+
+```bash
+kubectl port-forward service/jaeger-inmemory-instance-collector 8080:16686
+```
+
+Once done, type `localhost:8080` in the browser to interact with the UI.
+
+[Note] There's an ongoing development in OpenTelemetry Operator where users will be able to interact directly with the UI.
+
+### Using Jaeger with database to store traces
+To use Jaeger V2 with the supported database, it is mandatory to create database deployments and they should be in `ready` state [(ref)](https://www.jaegertracing.io/docs/2.0/storage/).
+
+Create a Kubernetes Service that exposes the database pods enabling communication between the database and Jaeger pods.
+
+This can be achieved by creating a service in two ways, first by creating it [manually](https://kubernetes.io/docs/concepts/services-networking/service/) or second by creating it using imperative command.
+
+```bash
+kubectl expose pods <pod-name> --port=<port-number> --name=<name-of-the-service>
+```
+
+Or
+
+```bash
+kubectl expose deployment <deployment-name> --port=<port-number> --name=<name-of-the-service>
+```
+
+After the service is created, add the name of the service as an endpoint in their respective config as follows:
+
+* [Cassandra DB](https://github.com/jaegertracing/jaeger/blob/main/cmd/jaeger/config-cassandra.yaml):
+```yaml
+jaeger_storage:
+  backends:
+    some_storage:
+      cassandra:
+        connection:
+          servers: [<name-of-the-service>]
+```
+
+* [ElasticSearch](https://github.com/jaegertracing/jaeger/blob/main/cmd/jaeger/config-elasticsearch.yaml):
+```yaml
+jaeger_storage:
+  backends:
+    some_storage:
+      elasticseacrh:
+        servers: [<name-of-the-service>]
+```
+
+Use the modified config to create Jaeger instance with the help of OpenTelemetry Operator.
+
+```yaml
+kubectl apply -f - <<EOF
+apiVersion: opentelemetry.io/v1beta1
+kind: OpenTelemetryCollector
+metadata:
+  name: jaeger-storage-instance # name of your choice
+spec:
+  image: jaegertracing/jaeger:latest
+  ports:
+  - name: jaeger
+    port: 16686
+  config:
+    # modified config
+EOF
+```
+
 ## Contributing and Developing

 Please see [CONTRIBUTING.md](CONTRIBUTING.md).

 ## License
-  
+
 [Apache 2.0 License](./LICENSE).

 [ci-img]: https://github.com/jaegertracing/jaeger-operator/workflows/CI%20Workflow/badge.svg
 [ci]: https://github.com/jaegertracing/jaeger-operator/actions
-[cov-img]: https://codecov.io/gh/jaegertracing/jaeger-operator/branch/master/graph/badge.svg
+[cov-img]: https://codecov.io/gh/jaegertracing/jaeger-operator/branch/main/graph/badge.svg
 [cov]: https://codecov.io/github/jaegertracing/jaeger-operator/
 [goreport-img]: https://goreportcard.com/badge/github.com/jaegertracing/jaeger-operator
 [goreport]: https://goreportcard.com/report/github.com/jaegertracing/jaeger-operator
--- a/RELEASE.md
+++ b/RELEASE.md
@ -1,42 +1,5 @@
 # Releasing the Jaeger Operator for Kubernetes

-Steps to release a new version of the Jaeger Operator:
-
-
-1. Change the `versions.txt `so that it lists the target version of the Jaeger (if it is required). Don't touch the operator version it will be changed automatically in the next step.
-
-1. Run `OPERATOR_VERSION=1.30.0 make prepare-release`, using the operator version that will be released.
-
-1. Prepare a changelog since last release. 
-
-1. Commit the changes and create a pull request:
-
-   ```
-   git commit -sm "Preparing release v1.30.0"
-   ```
-
-1. Once the changes above are merged and available in `master` tag it with the desired version, prefixed with `v`, eg. `v1.30.0`
-
-    ```
-    git checkout master
-    git tag v1.30.0
-    git push git@github.com:jaegertracing/jaeger-operator.git v1.30.0
-    ```
-
-1. The GitHub Workflow will take it from here, creating a GitHub release and publishing the images
-
-1. After the release, PRs needs to be created against the Operator Hub Community Operators repositories:
-
-    * One for the [upstream-community-operators](https://github.com/k8s-operatorhub/community-operators), used by OLM on Kubernetes.
-    * One for the [community-operators](https://github.com/redhat-openshift-ecosystem/community-operators-prod) used by OpenShift.
-
-This can be done with the following steps:
- Update master `git pull git@github.com:jaegertracing/jaeger-operator.git master`
- Clone both repositories `upstream-community-operators` and `community-operators` 
- Run `make operatorhub`
-  * If you have [`gh`](https://cli.github.com/) installed and configured, it will open the necessary PRs for you automatically.
-  * If you don't have it, the branches will be pushed to `origin` and you should be able to open the PR from there
-
 ## Generating the changelog

 - Get the `OAUTH_TOKEN` from [Github](https://github.com/settings/tokens/new?description=GitHub%20Changelog%20Generator%20token), select `repo:status` scope.
@ -45,3 +8,65 @@ This can be done with the following steps:
  * CI or testing-specific commits (e2e, unit test, ...)
  * bug fixes for problems that are not part of a release yet
  * version bumps for internal dependencies
+
+## Releasing
+
+Steps to release a new version of the Jaeger Operator:
+
+
+1. Change the `versions.txt `so that it lists the target version of the Jaeger (if it is required). **Don't touch the operator version**: it will be changed automatically in the next step.
+
+2. Confirm that `MIN_KUBERNETES_VERSION` and `MIN_OPENSHIFT_VERSION` in the `Makefile` are still up-to-date, and update them if required.
+
+2. Run `OPERATOR_VERSION=1.30.0 make prepare-release`, using the operator version that will be released.
+
+3. Run the E2E tests in OpenShift as described in [the CONTRIBUTING.md](CONTRIBUTING.md#an-external-cluster-like-openshift) file. The tests will be executed automatically in Kubernetes by the GitHub Actions CI later.
+
+4. Prepare a changelog since last release.
+
+4. Update the release manager schedule.
+
+5. Commit the changes and create a pull request:
+
+   ```sh
+   git commit -sm "Preparing release v1.30.0"
+   ```
+
+5. Once the changes above are merged and available in `main` tag it with the desired version, prefixed with `v`, eg. `v1.30.0`
+
+    ```sh
+    git checkout main
+    git tag v1.30.0
+    git push git@github.com:jaegertracing/jaeger-operator.git v1.30.0
+    ```
+
+6. The GitHub Workflow will take it from here, creating a GitHub release and publishing the images
+
+7. After the release, PRs needs to be created against the Operator Hub Community Operators repositories:
+
+    * One for the [upstream-community-operators](https://github.com/k8s-operatorhub/community-operators), used by OLM on Kubernetes.
+    * One for the [community-operators](https://github.com/redhat-openshift-ecosystem/community-operators-prod) used by OpenShift.
+
+This can be done with the following steps:
+- Update main `git pull git@github.com:jaegertracing/jaeger-operator.git main`
+- Clone both repositories `upstream-community-operators` and `community-operators`
+- Run `make operatorhub`
+  * If you have [`gh`](https://cli.github.com/) installed and configured, it will open the necessary PRs for you automatically.
+  * If you don't have it, the branches will be pushed to `origin` and you should be able to open the PR from there
+
+## Note
+After the PRs have been made it must be ensured that:
+- Images listed in the ClusterServiceVersion (CSV) have a versions tag [#1682](https://github.com/jaegertracing/jaeger-operator/issues/1682)
+- No `bundle` folder is included in the release
+- No foreign CRs like prometheus are in the manifests
+
+## Release managers
+
+The operator should be released within a week after the [Jaeger release](https://github.com/jaegertracing/jaeger/blob/main/RELEASE.md#release-managers).
+
+| Version | Release Manager                                          |
+|---------| -------------------------------------------------------- |
+| 1.63.0  | [Benedikt Bongartz](https://github.com/frzifus)          |
+| 1.64.0  | [Pavol Loffay](https://github.com/pavolloffay)           |
+| 1.65.0  | [Israel Blancas](https://github.com/iblancasa)           |
+| 1.66.0  | [Ruben Vargas](https://github.com/rubenvp8510)           |
--- a/apis/v1/deployment_strategy_test.go
+++ b/apis/v1/deployment_strategy_test.go
@ -5,6 +5,7 @@ import (
 	"testing"

 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )

 func TestUnmarshalJSON(t *testing.T) {
@ -28,7 +29,7 @@ func TestUnmarshalJSON(t *testing.T) {
 		t.Run(name, func(t *testing.T) {
 			ds := DeploymentStrategy("")
 			err := json.Unmarshal([]byte(tc.json), &ds)
-			assert.NoError(t, err)
+			require.NoError(t, err)
 			assert.Equal(t, tc.expected, ds)
 		})
 	}
@ -48,7 +49,7 @@ func TestMarshalJSON(t *testing.T) {
 	for name, tc := range tcs {
 		t.Run(name, func(t *testing.T) {
 			data, err := json.Marshal(tc.strategy)
-			assert.NoError(t, err)
+			require.NoError(t, err)
 			assert.Equal(t, tc.expected, string(data))
 		})
 	}
--- a/apis/v1/freeform_test.go
+++ b/apis/v1/freeform_test.go
@ -4,6 +4,7 @@ import (
 	"testing"

 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )

 func TestFreeForm(t *testing.T) {
@ -16,7 +17,7 @@ func TestFreeForm(t *testing.T) {
 		},
 	})
 	json, err := o.MarshalJSON()
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	assert.NotNil(t, json)
 	assert.Equal(t, uiconfig, string(*o.json))
 }
@ -26,7 +27,7 @@ func TestFreeFormUnmarhalMarshal(t *testing.T) {
 	o := NewFreeForm(nil)
 	o.UnmarshalJSON([]byte(uiconfig))
 	json, err := o.MarshalJSON()
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	assert.NotNil(t, json)
 	assert.Equal(t, uiconfig, string(*o.json))
 }
@ -66,9 +67,9 @@ func TestToMap(t *testing.T) {
 		f := NewFreeForm(test.m)
 		got, err := f.GetMap()
 		if test.err != "" {
-			assert.EqualError(t, err, test.err)
+			require.EqualError(t, err, test.err)
 		} else {
-			assert.NoError(t, err)
+			require.NoError(t, err)
 			assert.Equal(t, test.expected, got)
 		}
 	}
--- a/apis/v1/groupversion_info.go
+++ b/apis/v1/groupversion_info.go
@ -1,6 +1,6 @@
 // Package v1 contains API Schema definitions for the jaegertracing.io v1 API group
-//+kubebuilder:object:generate=true
-//+groupName=jaegertracing.io
+// +kubebuilder:object:generate=true
+// +groupName=jaegertracing.io
 package v1

 import (
--- a/apis/v1/jaeger_types.go
+++ b/apis/v1/jaeger_types.go
@ -1,11 +1,11 @@
 package v1

 import (
+	esv1 "github.com/openshift/elasticsearch-operator/apis/logging/v1"
 	appsv1 "k8s.io/api/apps/v1"
 	v1 "k8s.io/api/core/v1"
+	networkingv1 "k8s.io/api/networking/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-	esv1 "github.com/openshift/elasticsearch-operator/apis/logging/v1"
 )

 // IngressSecurityType represents the possible values for the security type
@ -18,36 +18,54 @@ type JaegerPhase string
 type JaegerStorageType string

 const (
-	// FlagPlatformKubernetes represents the value for the 'platform' flag for Kubernetes
-	FlagPlatformKubernetes = "kubernetes"
+	// FlagCronJobsVersion represents the version of the Kubernetes CronJob API
+	FlagCronJobsVersion = "cronjobs-version"

-	// FlagPlatformOpenShift represents the value for the 'platform' flag for OpenShift
-	FlagPlatformOpenShift = "openshift"
+	// FlagCronJobsVersionBatchV1 represents the batch/v1 version of the Kubernetes CronJob API, available as of 1.21
+	FlagCronJobsVersionBatchV1 = "batch/v1"
+
+	// FlagCronJobsVersionBatchV1Beta1 represents the batch/v1beta1 version of the Kubernetes CronJob API, no longer available as of 1.25
+	FlagCronJobsVersionBatchV1Beta1 = "batch/v1beta1"
+
+	// FlagAutoscalingVersion represents the version of the Kubernetes Autoscaling API
+	FlagAutoscalingVersion = "autoscaling-version"
+
+	// FlagAutoscalingVersionV2 represents the v2 version of the Kubernetes Autoscaling API, available as of 1.23
+	FlagAutoscalingVersionV2 = "autoscaling/v2"
+
+	// FlagAutoscalingVersionV2Beta2 represents the v2beta2 version of the Kubernetes Autoscaling API, no longer available as of 1.26
+	FlagAutoscalingVersionV2Beta2 = "autoscaling/v2beta2"
+
+	// FlagPlatform represents the flag to set the platform
+	FlagPlatform = "platform"

 	// FlagPlatformAutoDetect represents the "auto-detect" value for the platform flag
 	FlagPlatformAutoDetect = "auto-detect"

+	// FlagESProvision represents the 'es-provision' flag
+	FlagESProvision = "es-provision"
+
 	// FlagProvisionElasticsearchAuto represents the 'auto' value for the 'es-provision' flag
 	FlagProvisionElasticsearchAuto = "auto"

-	// FlagProvisionElasticsearchYes represents the value 'yes' for the 'es-provision' flag
-	FlagProvisionElasticsearchYes = "yes"
-
-	// FlagProvisionElasticsearchNo represents the value 'no' for the 'es-provision' flag
-	FlagProvisionElasticsearchNo = "no"
-
 	// FlagProvisionKafkaAuto represents the 'auto' value for the 'kafka-provision' flag
 	FlagProvisionKafkaAuto = "auto"

-	// FlagProvisionKafkaYes represents the value 'yes' for the 'kafka-provision' flag
-	FlagProvisionKafkaYes = "yes"
+	// FlagKafkaProvision represents the 'kafka-provision' flag.
+	FlagKafkaProvision = "kafka-provision"

-	// FlagProvisionKafkaNo represents the value 'no' for the 'kafka-provision' flag
-	FlagProvisionKafkaNo = "no"
+	// FlagAuthDelegatorAvailability represents the 'auth-delegator-available' flag.
+	FlagAuthDelegatorAvailability = "auth-delegator-available"
+
+	// FlagOpenShiftOauthProxyImage represents the 'openshift-oauth-proxy-image' flag.
+	FlagOpenShiftOauthProxyImage = "openshift-oauth-proxy-image"

 	// IngressSecurityNone disables any form of security for ingress objects (default)
 	IngressSecurityNone IngressSecurityType = ""

+	// FlagDefaultIngressClass represents the default Ingress class from the cluster
+	FlagDefaultIngressClass = "default-ingressclass"
+
 	// IngressSecurityNoneExplicit used when the user specifically set it to 'none'
 	IngressSecurityNoneExplicit IngressSecurityType = "none"

@ -157,8 +175,8 @@ type JaegerStatus struct {
 }

 // Jaeger is the Schema for the jaegers API
-//+kubebuilder:object:root=true
-//+kubebuilder:subresource:status
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
 // +operator-sdk:gen-csv:customresourcedefinitions.displayName="Jaeger"
 // +operator-sdk:csv:customresourcedefinitions:resources={{CronJob,v1beta1},{Pod,v1},{Deployment,apps/v1}, {Ingress,networking/v1},{DaemonSets,apps/v1},{StatefulSets,apps/v1},{ConfigMaps,v1},{Service,v1}}
 // +kubebuilder:subresource:status
@ -211,8 +229,21 @@ type JaegerCommonSpec struct {
 	// +optional
 	SecurityContext *v1.PodSecurityContext `json:"securityContext,omitempty"`

+	// +optional
+	ContainerSecurityContext *v1.SecurityContext `json:"containerSecurityContext,omitempty"`
+
 	// +optional
 	ServiceAccount string `json:"serviceAccount,omitempty"`
+
+	// +optional
+	LivenessProbe *v1.Probe `json:"livenessProbe,omitempty"`
+
+	// +optional
+	// +listType=atomic
+	ImagePullSecrets []v1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
+
+	// +optional
+	ImagePullPolicy v1.PullPolicy `json:"imagePullPolicy,omitempty"`
 }

 // JaegerQuerySpec defines the options to be used when deploying the query
@ -228,6 +259,9 @@ type JaegerQuerySpec struct {
 	// +kubebuilder:pruning:PreserveUnknownFields
 	Options Options `json:"options,omitempty"`

+	// +optional
+	MetricsStorage JaegerMetricsStorageSpec `json:"metricsStorage,omitempty"`
+
 	// +optional
 	JaegerCommonSpec `json:",inline,omitempty"`

@ -249,7 +283,7 @@ type JaegerQuerySpec struct {
 	// +optional
 	// TracingEnabled if set to false adds the JAEGER_DISABLED environment flag and removes the injected
 	// agent container from the query component to disable tracing requests to the query service.
-	// The default, if ommited, is true
+	// The default, if omitted, is true
 	TracingEnabled *bool `json:"tracingEnabled,omitempty"`

 	// +optional
@ -258,6 +292,10 @@ type JaegerQuerySpec struct {
 	// +optional
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Strategy"
 	Strategy *appsv1.DeploymentStrategy `json:"strategy,omitempty"`
+
+	// +optional
+	// +nullable
+	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
 }

 // JaegerUISpec defines the options to be used to configure the UI
@ -289,6 +327,9 @@ type JaegerIngressSpec struct {
 	// +listType=atomic
 	Hosts []string `json:"hosts,omitempty"`

+	// +optional
+	PathType networkingv1.PathType `json:"pathType,omitempty"`
+
 	// +optional
 	// +listType=atomic
 	TLS []JaegerIngressTLSSpec `json:"tls,omitempty"`
@ -333,6 +374,10 @@ type JaegerIngressOpenShiftSpec struct {
 	// SkipLogout tells the operator to not automatically add a "Log Out" menu option to the custom Jaeger configuration
 	// +optional
 	SkipLogout *bool `json:"skipLogout,omitempty"`
+
+	// Timeout defines client timeout from oauth-proxy to jaeger.
+	// +optional
+	Timeout *metav1.Duration `json:"timeout,omitempty"`
 }

 // JaegerAllInOneSpec defines the options to be used when deploying the query
@ -348,18 +393,24 @@ type JaegerAllInOneSpec struct {
 	// +kubebuilder:pruning:PreserveUnknownFields
 	Config FreeForm `json:"config,omitempty"`

+	// +optional
+	MetricsStorage JaegerMetricsStorageSpec `json:"metricsStorage,omitempty"`
+
 	// +optional
 	JaegerCommonSpec `json:",inline,omitempty"`

 	// +optional
 	// TracingEnabled if set to false adds the JAEGER_DISABLED environment flag and removes the injected
 	// agent container from the query component to disable tracing requests to the query service.
-	// The default, if ommited, is true
+	// The default, if omitted, is true
 	TracingEnabled *bool `json:"tracingEnabled,omitempty"`

 	// +optional
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Strategy"
 	Strategy *appsv1.DeploymentStrategy `json:"strategy,omitempty"`
+
+	// +optional
+	PriorityClassName string `json:"priorityClassName,omitempty"`
 }

 // AutoScaleSpec defines the common elements used for create HPAs
@ -378,7 +429,6 @@ type AutoScaleSpec struct {

 // JaegerCollectorSpec defines the options to be used when deploying the collector
 type JaegerCollectorSpec struct {
-
 	// +optional
 	AutoScaleSpec `json:",inline,omitempty"`

@ -413,6 +463,19 @@ type JaegerCollectorSpec struct {
 	// +optional
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Strategy"
 	Strategy *appsv1.DeploymentStrategy `json:"strategy,omitempty"`
+
+	// +optional
+	KafkaSecretName string `json:"kafkaSecretName"`
+
+	// +optional
+	// +nullable
+	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
+
+	// +optional
+	Lifecycle *v1.Lifecycle `json:"lifecycle,omitempty"`
+
+	// +optional
+	TerminationGracePeriodSeconds *int64 `json:"terminationGracePeriodSeconds,omitempty"`
 }

 // JaegerIngesterSpec defines the options to be used when deploying the ingester
@ -440,6 +503,13 @@ type JaegerIngesterSpec struct {

 	// +optional
 	Strategy *appsv1.DeploymentStrategy `json:"strategy,omitempty"`
+
+	// +optional
+	KafkaSecretName string `json:"kafkaSecretName"`
+
+	// +optional
+	// +nullable
+	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
 }

 // JaegerAgentSpec defines the options to be used when deploying the agent
@ -451,10 +521,6 @@ type JaegerAgentSpec struct {
 	// +optional
 	Image string `json:"image,omitempty"`

-	// +optional
-	// +listType=atomic
-	ImagePullSecrets []v1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
-
 	// +optional
 	// +kubebuilder:pruning:PreserveUnknownFields
 	Options Options `json:"options,omitempty"`
@ -510,8 +576,31 @@ type JaegerStorageSpec struct {
 	GRPCPlugin GRPCPluginSpec `json:"grpcPlugin,omitempty"`
 }

-// ElasticsearchSpec represents the ES configuration options that we pass down to the Elasticsearch operator
+// JaegerMetricsStorageSpec defines the Metrics storage options to be used for the query and collector.
+type JaegerMetricsStorageSpec struct {
+	// +optional
+	Type JaegerStorageType `json:"type,omitempty"`
+
+	// +optional
+	ServerUrl string `json:"server-url,omitempty"`
+}
+
+// ElasticsearchSpec represents the ES configuration options that we pass down to the OpenShift Elasticsearch operator.
 type ElasticsearchSpec struct {
+	// Name of the OpenShift Elasticsearch instance. Defaults to elasticsearch.
+	// +optional
+	Name string `json:"name,omitempty"`
+
+	// Whether Elasticsearch should be provisioned or not.
+	// +optional
+	DoNotProvision bool `json:"doNotProvision,omitempty"`
+
+	// Whether Elasticsearch cert management feature should be used.
+	// This is a preferred setting for new Jaeger deployments on OCP versions newer than 4.6.
+	// The cert management feature was added to Red Hat Openshift logging 5.2 in OCP 4.7.
+	// +optional
+	UseCertManagement *bool `json:"useCertManagement,omitempty"`
+
 	// +optional
 	Image string `json:"image,omitempty"`

@ -533,6 +622,9 @@ type ElasticsearchSpec struct {
 	// +optional
 	// +listType=atomic
 	Tolerations []v1.Toleration `json:"tolerations,omitempty"`
+
+	// +optional
+	ProxyResources *v1.ResourceRequirements `json:"proxyResources,omitempty"`
 }

 // JaegerCassandraCreateSchemaSpec holds the options related to the create-schema batch job
@ -542,7 +634,7 @@ type JaegerCassandraCreateSchemaSpec struct {

 	// Image specifies the container image to use to create the cassandra schema.
 	// The Image is used by a Kubernetes Job, defaults to the image provided through the cli flag "jaeger-cassandra-schema-image" (default: jaegertracing/jaeger-cassandra-schema).
-	// See here for the jaeger-provided image: https://github.com/jaegertracing/jaeger/tree/master/plugin/storage/cassandra
+	// See here for the jaeger-provided image: https://github.com/jaegertracing/jaeger/tree/main/plugin/storage/cassandra
 	// +optional
 	Image string `json:"image,omitempty"`

@ -653,6 +745,9 @@ type JaegerEsIndexCleanerSpec struct {

 	// +optional
 	JaegerCommonSpec `json:",inline,omitempty"`
+
+	// +optional
+	PriorityClassName string `json:"priorityClassName,omitempty"`
 }

 // JaegerEsRolloverSpec holds the options related to es-rollover
--- a/apis/v1/jaeger_webhook.go
+++ b/apis/v1/jaeger_webhook.go
@ -0,0 +1,164 @@
+package v1
+
+import (
+	"context"
+	"fmt"
+	"regexp"
+
+	esv1 "github.com/openshift/elasticsearch-operator/apis/logging/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	logf "sigs.k8s.io/controller-runtime/pkg/log"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+)
+
+const (
+	defaultElasticsearchName = "elasticsearch"
+)
+
+// log is for logging in this package.
+var (
+	jaegerlog = logf.Log.WithName("jaeger-resource")
+	cl        client.Client
+)
+
+// SetupWebhookWithManager adds Jaeger webook to the manager.
+func (j *Jaeger) SetupWebhookWithManager(mgr ctrl.Manager) error {
+	cl = mgr.GetClient()
+	return ctrl.NewWebhookManagedBy(mgr).
+		For(j).
+		Complete()
+}
+
+//+kubebuilder:webhook:path=/mutate-jaegertracing-io-v1-jaeger,mutating=true,failurePolicy=fail,sideEffects=None,groups=jaegertracing.io,resources=jaegers,verbs=create;update,versions=v1,name=mjaeger.kb.io,admissionReviewVersions={v1}
+
+func (j *Jaeger) objsWithOptions() []*Options {
+	return []*Options{
+		&j.Spec.AllInOne.Options, &j.Spec.Query.Options, &j.Spec.Collector.Options,
+		&j.Spec.Ingester.Options, &j.Spec.Agent.Options, &j.Spec.Storage.Options,
+	}
+}
+
+// Default implements webhook.Defaulter so a webhook will be registered for the type
+func (j *Jaeger) Default() {
+	jaegerlog.Info("default", "name", j.Name)
+	jaegerlog.Info("WARNING jaeger-agent is deprecated and will removed in v1.55.0. See https://github.com/jaegertracing/jaeger/issues/4739", "component", "agent")
+
+	if j.Spec.Storage.Elasticsearch.Name == "" {
+		j.Spec.Storage.Elasticsearch.Name = defaultElasticsearchName
+	}
+
+	if ShouldInjectOpenShiftElasticsearchConfiguration(j.Spec.Storage) && j.Spec.Storage.Elasticsearch.DoNotProvision {
+		// check if ES instance exists
+		es := &esv1.Elasticsearch{}
+		err := cl.Get(context.Background(), types.NamespacedName{
+			Namespace: j.Namespace,
+			Name:      j.Spec.Storage.Elasticsearch.Name,
+		}, es)
+		if errors.IsNotFound(err) {
+			return
+		}
+		j.Spec.Storage.Elasticsearch.NodeCount = OpenShiftElasticsearchNodeCount(es.Spec)
+	}
+
+	for _, opt := range j.objsWithOptions() {
+		optCopy := opt.DeepCopy()
+		if f := getAdditionalTLSFlags(optCopy.ToArgs()); f != nil {
+			newOpts := optCopy.GenericMap()
+			for k, v := range f {
+				newOpts[k] = v
+			}
+
+			if err := opt.parse(newOpts); err != nil {
+				jaegerlog.Error(err, "name", j.Name, "method", "Option.Parse")
+			}
+		}
+	}
+}
+
+// TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation.
+//+kubebuilder:webhook:path=/validate-jaegertracing-io-v1-jaeger,mutating=false,failurePolicy=fail,sideEffects=None,groups=jaegertracing.io,resources=jaegers,verbs=create;update,versions=v1,name=vjaeger.kb.io,admissionReviewVersions={v1}
+
+// ValidateCreate implements webhook.Validator so a webhook will be registered for the type
+func (j *Jaeger) ValidateCreate() (admission.Warnings, error) {
+	jaegerlog.Info("validate create", "name", j.Name)
+	return j.ValidateUpdate(nil)
+}
+
+// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
+func (j *Jaeger) ValidateUpdate(_ runtime.Object) (admission.Warnings, error) {
+	jaegerlog.Info("validate update", "name", j.Name)
+
+	if ShouldInjectOpenShiftElasticsearchConfiguration(j.Spec.Storage) && j.Spec.Storage.Elasticsearch.DoNotProvision {
+		// check if ES instance exists
+		es := &esv1.Elasticsearch{}
+		err := cl.Get(context.Background(), types.NamespacedName{
+			Namespace: j.Namespace,
+			Name:      j.Spec.Storage.Elasticsearch.Name,
+		}, es)
+		if errors.IsNotFound(err) {
+			return nil, fmt.Errorf("elasticsearch instance not found: %w", err)
+		}
+	}
+
+	for _, opt := range j.objsWithOptions() {
+		got := opt.DeepCopy().ToArgs()
+		if f := getAdditionalTLSFlags(got); f != nil {
+			return nil, fmt.Errorf("tls flags incomplete, got: %v", got)
+		}
+	}
+
+	return nil, nil
+}
+
+// ValidateDelete implements webhook.Validator so a webhook will be registered for the type
+func (j *Jaeger) ValidateDelete() (admission.Warnings, error) {
+	jaegerlog.Info("validate delete", "name", j.Name)
+	return nil, nil
+}
+
+// OpenShiftElasticsearchNodeCount returns total node count of Elasticsearch nodes.
+func OpenShiftElasticsearchNodeCount(spec esv1.ElasticsearchSpec) int32 {
+	nodes := int32(0)
+	for i := 0; i < len(spec.Nodes); i++ {
+		nodes += spec.Nodes[i].NodeCount
+	}
+	return nodes
+}
+
+// ShouldInjectOpenShiftElasticsearchConfiguration returns true if OpenShift Elasticsearch is used and its configuration should be used.
+func ShouldInjectOpenShiftElasticsearchConfiguration(s JaegerStorageSpec) bool {
+	if s.Type != JaegerESStorage {
+		return false
+	}
+	_, ok := s.Options.Map()["es.server-urls"]
+	return !ok
+}
+
+var (
+	tlsFlag          = regexp.MustCompile("--.*tls.*=")
+	tlsFlagIdx       = regexp.MustCompile("--.*tls")
+	tlsEnabledExists = regexp.MustCompile("--.*tls.enabled")
+)
+
+// getAdditionalTLSFlags returns additional tls arguments based on the argument
+// list. If no additional argument is needed, nil is returned.
+func getAdditionalTLSFlags(args []string) map[string]interface{} {
+	var res map[string]interface{}
+	for _, arg := range args {
+		a := []byte(arg)
+		if tlsEnabledExists.Match(a) {
+			// NOTE: if flag exists, we are done.
+			return nil
+		}
+		if tlsFlag.Match(a) && res == nil {
+			idx := tlsFlagIdx.FindIndex(a)
+			res = make(map[string]interface{})
+			res[arg[idx[0]+2:idx[1]]+".enabled"] = "true"
+		}
+	}
+	return res
+}
--- a/apis/v1/jaeger_webhook_test.go
+++ b/apis/v1/jaeger_webhook_test.go
@ -0,0 +1,369 @@
+package v1
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	esv1 "github.com/openshift/elasticsearch-operator/apis/logging/v1"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/client-go/kubernetes/scheme"
+	"sigs.k8s.io/controller-runtime/pkg/client/fake"
+	"sigs.k8s.io/controller-runtime/pkg/webhook"
+)
+
+var (
+	_ webhook.Defaulter = &Jaeger{}
+	_ webhook.Validator = &Jaeger{}
+)
+
+func TestDefault(t *testing.T) {
+	tests := []struct {
+		name     string
+		objs     []runtime.Object
+		j        *Jaeger
+		expected *Jaeger
+	}{
+		{
+			name: "set missing ES name",
+			j: &Jaeger{
+				Spec: JaegerSpec{
+					Storage: JaegerStorageSpec{
+						Elasticsearch: ElasticsearchSpec{
+							Name: "",
+						},
+					},
+				},
+			},
+			expected: &Jaeger{
+				Spec: JaegerSpec{
+					Storage: JaegerStorageSpec{
+						Elasticsearch: ElasticsearchSpec{
+							Name: "elasticsearch",
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "set ES node count",
+			objs: []runtime.Object{
+				&corev1.Namespace{
+					ObjectMeta: metav1.ObjectMeta{
+						Name: "project1",
+					},
+				},
+				&esv1.Elasticsearch{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "my-es",
+						Namespace: "project1",
+					},
+					Spec: esv1.ElasticsearchSpec{
+						Nodes: []esv1.ElasticsearchNode{
+							{
+								NodeCount: 3,
+							},
+						},
+					},
+				},
+			},
+			j: &Jaeger{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "project1",
+				},
+				Spec: JaegerSpec{
+					Storage: JaegerStorageSpec{
+						Type: "elasticsearch",
+						Elasticsearch: ElasticsearchSpec{
+							Name:           "my-es",
+							DoNotProvision: true,
+						},
+					},
+				},
+			},
+			expected: &Jaeger{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "project1",
+				},
+				Spec: JaegerSpec{
+					Storage: JaegerStorageSpec{
+						Type: "elasticsearch",
+						Elasticsearch: ElasticsearchSpec{
+							Name:           "my-es",
+							NodeCount:      3,
+							DoNotProvision: true,
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "do not set ES node count",
+			j: &Jaeger{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "project1",
+				},
+				Spec: JaegerSpec{
+					Storage: JaegerStorageSpec{
+						Type: "elasticsearch",
+						Elasticsearch: ElasticsearchSpec{
+							Name:           "my-es",
+							DoNotProvision: false,
+							NodeCount:      1,
+						},
+					},
+				},
+			},
+			expected: &Jaeger{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "project1",
+				},
+				Spec: JaegerSpec{
+					Storage: JaegerStorageSpec{
+						Type: "elasticsearch",
+						Elasticsearch: ElasticsearchSpec{
+							Name:           "my-es",
+							NodeCount:      1,
+							DoNotProvision: false,
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "missing tls enable flag",
+			j: &Jaeger{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "project1",
+				},
+				Spec: JaegerSpec{
+					Storage: JaegerStorageSpec{
+						Type:    JaegerMemoryStorage,
+						Options: NewOptions(map[string]interface{}{"stuff.tls.test": "something"}),
+					},
+				},
+			},
+			expected: &Jaeger{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "project1",
+				},
+				Spec: JaegerSpec{
+					Storage: JaegerStorageSpec{
+						Type: JaegerMemoryStorage,
+						Options: NewOptions(
+							map[string]interface{}{
+								"stuff.tls.test":    "something",
+								"stuff.tls.enabled": "true",
+							},
+						),
+						Elasticsearch: ElasticsearchSpec{
+							Name: defaultElasticsearchName,
+						},
+					},
+				},
+			},
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			require.NoError(t, esv1.AddToScheme(scheme.Scheme))
+			require.NoError(t, AddToScheme(scheme.Scheme))
+			fakeCl := fake.NewClientBuilder().WithRuntimeObjects(test.objs...).Build()
+			cl = fakeCl
+
+			test.j.Default()
+			assert.Equal(t, test.expected, test.j)
+		})
+	}
+}
+
+func TestValidateDelete(t *testing.T) {
+	warnings, err := new(Jaeger).ValidateDelete()
+	assert.Nil(t, warnings)
+	require.NoError(t, err)
+}
+
+func TestValidate(t *testing.T) {
+	tests := []struct {
+		name         string
+		objsToCreate []runtime.Object
+		current      *Jaeger
+		err          string
+	}{
+		{
+			name: "ES instance exists",
+			objsToCreate: []runtime.Object{
+				&corev1.Namespace{
+					ObjectMeta: metav1.ObjectMeta{
+						Name: "project1",
+					},
+				},
+				&esv1.Elasticsearch{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "my-es",
+						Namespace: "project1",
+					},
+					Spec: esv1.ElasticsearchSpec{
+						Nodes: []esv1.ElasticsearchNode{
+							{
+								NodeCount: 3,
+							},
+						},
+					},
+				},
+			},
+			current: &Jaeger{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "project1",
+				},
+				Spec: JaegerSpec{
+					Storage: JaegerStorageSpec{
+						Type: "elasticsearch",
+						Elasticsearch: ElasticsearchSpec{
+							Name:           "my-es",
+							DoNotProvision: true,
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "ES instance does not exist",
+			objsToCreate: []runtime.Object{
+				&corev1.Namespace{
+					ObjectMeta: metav1.ObjectMeta{
+						Name: "project1",
+					},
+				},
+			},
+			current: &Jaeger{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "project1",
+				},
+				Spec: JaegerSpec{
+					Storage: JaegerStorageSpec{
+						Type: "elasticsearch",
+						Elasticsearch: ElasticsearchSpec{
+							Name:           "my-es",
+							DoNotProvision: true,
+						},
+					},
+				},
+			},
+			err: `elasticsearch instance not found: elasticsearchs.logging.openshift.io "my-es" not found`,
+		},
+		{
+			name: "missing tls options",
+			current: &Jaeger{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "project1",
+				},
+				Spec: JaegerSpec{
+					Storage: JaegerStorageSpec{
+						Options: NewOptions(map[string]interface{}{
+							"something.tls.else": "fails",
+						}),
+						Type: JaegerMemoryStorage,
+					},
+				},
+			},
+			err: `tls flags incomplete, got: [--something.tls.else=fails]`,
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			require.NoError(t, esv1.AddToScheme(scheme.Scheme))
+			require.NoError(t, AddToScheme(scheme.Scheme))
+			fakeCl := fake.NewClientBuilder().WithRuntimeObjects(test.objsToCreate...).Build()
+			cl = fakeCl
+
+			warnings, err := test.current.ValidateCreate()
+			if test.err != "" {
+				require.Error(t, err)
+				assert.Equal(t, test.err, err.Error())
+			} else {
+				require.NoError(t, err)
+			}
+			assert.Nil(t, warnings)
+		})
+	}
+}
+
+func TestShouldDeployElasticsearch(t *testing.T) {
+	tests := []struct {
+		j        JaegerStorageSpec
+		expected bool
+	}{
+		{j: JaegerStorageSpec{}},
+		{j: JaegerStorageSpec{Type: JaegerCassandraStorage}},
+		{j: JaegerStorageSpec{Type: JaegerESStorage, Options: NewOptions(map[string]interface{}{"es.server-urls": "foo"})}},
+		{j: JaegerStorageSpec{Type: JaegerESStorage}, expected: true},
+	}
+	for i, test := range tests {
+		t.Run(fmt.Sprintf("%d", i), func(t *testing.T) {
+			assert.Equal(t, test.expected, ShouldInjectOpenShiftElasticsearchConfiguration(test.j))
+		})
+	}
+}
+
+func TestGetAdditionalTLSFlags(t *testing.T) {
+	tt := []struct {
+		name   string
+		args   []string
+		expect map[string]interface{}
+	}{
+		{
+			name:   "no tls flag",
+			args:   []string{"--something.else"},
+			expect: nil,
+		},
+		{
+			name:   "already enabled",
+			args:   []string{"--something.tls.enabled=true", "--something.tls.else=abc"},
+			expect: nil,
+		},
+		{
+			name:   "is disabled",
+			args:   []string{"--tls.enabled=false", "--something.else", "--something.tls.else=abc"},
+			expect: nil,
+		},
+		{
+			name: "must be enabled",
+			args: []string{"--something.tls.else=abc"},
+			expect: map[string]interface{}{
+				"something.tls.enabled": "true",
+			},
+		},
+		{
+			// NOTE: we want to avoid something like:
+			// --kafka.consumer.authentication=tls.enabled=true
+			name: "enable consumer tls",
+			args: []string{
+				"--es.server-urls=http://elasticsearch:9200",
+				"--kafka.consumer.authentication=tls",
+				"--kafka.consumer.brokers=my-cluster-kafka-bootstrap:9093",
+				"--kafka.consumer.tls.ca=/var/run/secrets/cluster-ca/ca.crt",
+				"--kafka.consumer.tls.cert=/var/run/secrets/kafkauser/user.crt",
+				"--kafka.consumer.tls.key=/var/run/secrets/kafkauser/user.key",
+			},
+			expect: map[string]interface{}{
+				"kafka.consumer.tls.enabled": "true",
+			},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.name, func(t *testing.T) {
+			got := getAdditionalTLSFlags(tc.args)
+			if !cmp.Equal(tc.expect, got) {
+				t.Error("err:", cmp.Diff(tc.expect, got))
+			}
+		})
+	}
+}
--- a/apis/v1/logger.go
+++ b/apis/v1/logger.go
@ -1,11 +1,14 @@
 package v1

-import log "github.com/sirupsen/logrus"
+import (
+	"github.com/go-logr/logr"
+	logf "sigs.k8s.io/controller-runtime/pkg/log"
+)

 // Logger returns a logger filled with context-related fields, such as Name and Namespace
-func (j *Jaeger) Logger() *log.Entry {
-	return log.WithFields(log.Fields{
-		"instance":  j.Name,
-		"namespace": j.Namespace,
-	})
+func (j *Jaeger) Logger() logr.Logger {
+	return logf.Log.WithValues(
+		"instance", j.Name,
+		"namespace", j.Namespace,
+	)
 }
--- a/apis/v1/options.go
+++ b/apis/v1/options.go
@ -14,12 +14,12 @@ type Values map[string]interface{}
 func (v *Values) DeepCopy() *Values {
 	out := make(Values, len(*v))
 	for key, val := range *v {
-		switch val.(type) {
+		switch val := val.(type) {
 		case string:
 			out[key] = val

 		case []string:
-			out[key] = append([]string(nil), val.([]string)...)
+			out[key] = append([]string(nil), val...)
 		}
 	}
 	return &out
@ -63,7 +63,9 @@ func (o *Options) UnmarshalJSON(b []byte) error {
 	if err := d.Decode(&entries); err != nil {
 		return err
 	}
-	o.parse(entries)
+	if err := o.parse(entries); err != nil {
+		return err
+	}
 	o.json = &b
 	return nil
 }
@ -85,30 +87,44 @@ func (o Options) MarshalJSON() ([]byte, error) {
 	return *o.json, nil
 }

-func (o *Options) parse(entries map[string]interface{}) {
+func (o *Options) parse(entries map[string]interface{}) error {
+	o.json = nil
 	o.opts = make(map[string]interface{})
+	var err error
 	for k, v := range entries {
-		o.opts = entry(o.opts, k, v)
+		o.opts, err = entry(o.opts, k, v)
+		if err != nil {
+			return err
+		}
 	}
+	return nil
 }

-func entry(entries map[string]interface{}, key string, value interface{}) map[string]interface{} {
-	switch value.(type) {
+func entry(entries map[string]interface{}, key string, value interface{}) (map[string]interface{}, error) {
+	switch val := value.(type) {
 	case map[string]interface{}:
-		for k, v := range value.(map[string]interface{}) {
-			entries = entry(entries, fmt.Sprintf("%s.%v", key, k), v)
+		var err error
+		for k, v := range val {
+			entries, err = entry(entries, fmt.Sprintf("%s.%v", key, k), v)
+			if err != nil {
+				return nil, err
+			}
 		}
-	case []interface{}:
-		values := make([]string, 0, len(value.([]interface{})))
-		for _, v := range value.([]interface{}) {
-			values = append(values, v.(string))
+	case []interface{}: // NOTE: content of the argument list is not returned as []string when decoding json.
+		values := make([]string, 0, len(val))
+		for _, v := range val {
+			str, ok := v.(string)
+			if !ok {
+				return nil, fmt.Errorf("invalid option type, expect: string, got: %T", v)
+			}
+			values = append(values, str)
 		}
 		entries[key] = values
 	case interface{}:
 		entries[key] = fmt.Sprintf("%v", value)
 	}

-	return entries
+	return entries, nil
 }

 // ToArgs converts the options to a value suitable for the Container.Args field
@ -116,11 +132,11 @@ func (o *Options) ToArgs() []string {
 	if len(o.opts) > 0 {
 		args := make([]string, 0, len(o.opts))
 		for k, v := range o.opts {
-			switch v.(type) {
+			switch v := v.(type) {
 			case string:
 				args = append(args, fmt.Sprintf("--%s=%v", k, v))
 			case []string:
-				for _, vv := range v.([]string) {
+				for _, vv := range v {
 					args = append(args, fmt.Sprintf("--%s=%v", k, vv))
 				}
 			}
@ -141,9 +157,9 @@ func (o *Options) Map() map[string]interface{} {
 func (o *Options) StringMap() map[string]string {
 	smap := make(map[string]string)
 	for k, v := range o.opts {
-		switch v.(type) {
+		switch v := v.(type) {
 		case string:
-			smap[k] = v.(string)
+			smap[k] = v
 		}
 	}
 	return smap
--- a/apis/v1/options_test.go
+++ b/apis/v1/options_test.go
@ -18,7 +18,7 @@ func TestSimpleOption(t *testing.T) {

 func TestNoOptions(t *testing.T) {
 	o := Options{}
-	assert.Len(t, o.ToArgs(), 0)
+	assert.Empty(t, o.ToArgs())
 }

 func TestNestedOption(t *testing.T) {
@ -40,7 +40,7 @@ func TestMarshalling(t *testing.T) {
 	})

 	b, err := json.Marshal(o)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	s := string(b)
 	assert.Contains(t, s, `"es.password":"changeme"`)
 	assert.Contains(t, s, `"es.server-urls":"http://elasticsearch.default.svc:9200"`)
@ -76,14 +76,18 @@ func TestUnmarshalToArgs(t *testing.T) {
 			in:   `{"a": 5000000000, "b": 15.222, "c":true, "d": "foo"}`,
 			args: []string{"--a=5000000000", "--b=15.222", "--c=true", "--d=foo"},
 		},
+		{
+			in:  `{"a": {"b": {"c": [{"d": "e", "f": {"g": {"h": "i"}}}]}}}`,
+			err: "invalid option type, expect: string, got: map[string]interface {}",
+		},
 	}
 	for _, test := range tests {
 		opts := Options{}
 		err := opts.UnmarshalJSON([]byte(test.in))
 		if test.err != "" {
-			assert.EqualError(t, err, test.err)
+			require.EqualError(t, err, test.err)
 		} else {
-			assert.NoError(t, err)
+			require.NoError(t, err)
 			args := opts.ToArgs()
 			sort.SliceStable(args, func(i, j int) bool {
 				return args[i] < args[j]
@ -125,7 +129,7 @@ func TestMarshallRaw(t *testing.T) {
 	o := NewOptions(nil)
 	o.json = &json
 	bytes, err := o.MarshalJSON()
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, bytes, json)
 }

@ -133,7 +137,7 @@ func TestMarshallEmpty(t *testing.T) {
 	o := NewOptions(nil)
 	json := []byte(`{}`)
 	bytes, err := o.MarshalJSON()
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, bytes, json)
 }

@ -147,7 +151,7 @@ func TestUpdate(t *testing.T) {
 	o.Map()["key"] = "new"

 	// verify
-	assert.Equal(t, o.opts["key"], "new")
+	assert.Equal(t, "new", o.opts["key"])
 }

 func TestStringMap(t *testing.T) {
@ -166,7 +170,7 @@ func TestDeepCopy(t *testing.T) {
 	require.NoError(t, err)
 	copy := o1.opts.DeepCopy()

-	assert.Equal(t, copy, &(o1.opts))
+	assert.Equal(t, &(o1.opts), copy)
 }

 func TestRepetitiveArguments(t *testing.T) {
@ -182,5 +186,4 @@ func TestRepetitiveArguments(t *testing.T) {

 	assert.Len(t, args, 3)
 	assert.Equal(t, expected, args)
-
 }
--- a/apis/v1/zz_generated.deepcopy.go
+++ b/apis/v1/zz_generated.deepcopy.go
@ -1,5 +1,4 @@
 //go:build !ignore_autogenerated
-// +build !ignore_autogenerated

 // Code generated by controller-gen. DO NOT EDIT.

@ -8,7 +7,8 @@ package v1
 import (
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
-	runtime "k8s.io/apimachinery/pkg/runtime"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 )

 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
@ -44,6 +44,11 @@ func (in *AutoScaleSpec) DeepCopy() *AutoScaleSpec {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ElasticsearchSpec) DeepCopyInto(out *ElasticsearchSpec) {
 	*out = *in
+	if in.UseCertManagement != nil {
+		in, out := &in.UseCertManagement, &out.UseCertManagement
+		*out = new(bool)
+		**out = **in
+	}
 	if in.Resources != nil {
 		in, out := &in.Resources, &out.Resources
 		*out = new(corev1.ResourceRequirements)
@ -64,6 +69,11 @@ func (in *ElasticsearchSpec) DeepCopyInto(out *ElasticsearchSpec) {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
+	if in.ProxyResources != nil {
+		in, out := &in.ProxyResources, &out.ProxyResources
+		*out = new(corev1.ResourceRequirements)
+		(*in).DeepCopyInto(*out)
+	}
 }

 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ElasticsearchSpec.
@ -145,11 +155,6 @@ func (in *Jaeger) DeepCopyObject() runtime.Object {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *JaegerAgentSpec) DeepCopyInto(out *JaegerAgentSpec) {
 	*out = *in
-	if in.ImagePullSecrets != nil {
-		in, out := &in.ImagePullSecrets, &out.ImagePullSecrets
-		*out = make([]corev1.LocalObjectReference, len(*in))
-		copy(*out, *in)
-	}
 	in.Options.DeepCopyInto(&out.Options)
 	in.JaegerCommonSpec.DeepCopyInto(&out.JaegerCommonSpec)
 	in.Config.DeepCopyInto(&out.Config)
@ -180,6 +185,7 @@ func (in *JaegerAllInOneSpec) DeepCopyInto(out *JaegerAllInOneSpec) {
 	*out = *in
 	in.Options.DeepCopyInto(&out.Options)
 	in.Config.DeepCopyInto(&out.Config)
+	out.MetricsStorage = in.MetricsStorage
 	in.JaegerCommonSpec.DeepCopyInto(&out.JaegerCommonSpec)
 	if in.TracingEnabled != nil {
 		in, out := &in.TracingEnabled, &out.TracingEnabled
@ -250,6 +256,23 @@ func (in *JaegerCollectorSpec) DeepCopyInto(out *JaegerCollectorSpec) {
 		*out = new(appsv1.DeploymentStrategy)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.NodeSelector != nil {
+		in, out := &in.NodeSelector, &out.NodeSelector
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	if in.Lifecycle != nil {
+		in, out := &in.Lifecycle, &out.Lifecycle
+		*out = new(corev1.Lifecycle)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.TerminationGracePeriodSeconds != nil {
+		in, out := &in.TerminationGracePeriodSeconds, &out.TerminationGracePeriodSeconds
+		*out = new(int64)
+		**out = **in
+	}
 }

 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JaegerCollectorSpec.
@ -311,6 +334,21 @@ func (in *JaegerCommonSpec) DeepCopyInto(out *JaegerCommonSpec) {
 		*out = new(corev1.PodSecurityContext)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.ContainerSecurityContext != nil {
+		in, out := &in.ContainerSecurityContext, &out.ContainerSecurityContext
+		*out = new(corev1.SecurityContext)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.LivenessProbe != nil {
+		in, out := &in.LivenessProbe, &out.LivenessProbe
+		*out = new(corev1.Probe)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.ImagePullSecrets != nil {
+		in, out := &in.ImagePullSecrets, &out.ImagePullSecrets
+		*out = make([]corev1.LocalObjectReference, len(*in))
+		copy(*out, *in)
+	}
 }

 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JaegerCommonSpec.
@ -458,6 +496,13 @@ func (in *JaegerIngesterSpec) DeepCopyInto(out *JaegerIngesterSpec) {
 		*out = new(appsv1.DeploymentStrategy)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.NodeSelector != nil {
+		in, out := &in.NodeSelector, &out.NodeSelector
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
 }

 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JaegerIngesterSpec.
@ -483,6 +528,11 @@ func (in *JaegerIngressOpenShiftSpec) DeepCopyInto(out *JaegerIngressOpenShiftSp
 		*out = new(bool)
 		**out = **in
 	}
+	if in.Timeout != nil {
+		in, out := &in.Timeout, &out.Timeout
+		*out = new(metav1.Duration)
+		**out = **in
+	}
 }

 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JaegerIngressOpenShiftSpec.
@ -587,6 +637,21 @@ func (in *JaegerList) DeepCopyObject() runtime.Object {
 	return nil
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *JaegerMetricsStorageSpec) DeepCopyInto(out *JaegerMetricsStorageSpec) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JaegerMetricsStorageSpec.
+func (in *JaegerMetricsStorageSpec) DeepCopy() *JaegerMetricsStorageSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(JaegerMetricsStorageSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *JaegerQuerySpec) DeepCopyInto(out *JaegerQuerySpec) {
 	*out = *in
@ -596,6 +661,7 @@ func (in *JaegerQuerySpec) DeepCopyInto(out *JaegerQuerySpec) {
 		**out = **in
 	}
 	in.Options.DeepCopyInto(&out.Options)
+	out.MetricsStorage = in.MetricsStorage
 	in.JaegerCommonSpec.DeepCopyInto(&out.JaegerCommonSpec)
 	if in.TracingEnabled != nil {
 		in, out := &in.TracingEnabled, &out.TracingEnabled
@ -607,6 +673,13 @@ func (in *JaegerQuerySpec) DeepCopyInto(out *JaegerQuerySpec) {
 		*out = new(appsv1.DeploymentStrategy)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.NodeSelector != nil {
+		in, out := &in.NodeSelector, &out.NodeSelector
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
 }

 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JaegerQuerySpec.
--- a/bundle.Dockerfile
+++ b/bundle.Dockerfile
@ -11,6 +11,9 @@ LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.13.0+git
 LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
 LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3

+# OpenShift specific labels.
+LABEL com.redhat.openshift.versions=v4.12
+
 # Copy files to locations specified by labels.
 COPY bundle/manifests /manifests/
 COPY bundle/metadata /metadata/
--- a/bundle/manifests/jaeger-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml
+++ b/bundle/manifests/jaeger-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml
@ -1,20 +0,0 @@
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  labels:
-    control-plane: controller-manager
-    name: jaeger-operator
-  name: jaeger-operator-metrics-monitor
-spec:
-  endpoints:
-  - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
-    interval: 30s
-    path: /metrics
-    scheme: https
-    scrapeTimeout: 10s
-    targetPort: 8443
-    tlsConfig:
-      insecureSkipVerify: true
-  selector:
-    matchLabels:
-      name: jaeger-operator
--- a/bundle/manifests/jaeger-operator-metrics_v1_service.yaml
+++ b/bundle/manifests/jaeger-operator-metrics_v1_service.yaml
@ -3,7 +3,7 @@ kind: Service
 metadata:
  creationTimestamp: null
  labels:
-    control-plane: jaeger-operator
+    app.kubernetes.io/component: metrics
    name: jaeger-operator
  name: jaeger-operator-metrics
 spec:
--- a/bundle/manifests/jaeger-operator-webhook-service_v1_service.yaml
+++ b/bundle/manifests/jaeger-operator-webhook-service_v1_service.yaml
@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  creationTimestamp: null
+  labels:
+    name: jaeger-operator
+  name: jaeger-operator-webhook-service
+spec:
+  ports:
+  - port: 443
+    protocol: TCP
+    targetPort: 9443
+  selector:
+    name: jaeger-operator
+status:
+  loadBalancer: {}
--- a/bundle/manifests/jaeger-operator.clusterserviceversion.yaml
+++ b/bundle/manifests/jaeger-operator.clusterserviceversion.yaml
@ -18,16 +18,16 @@ metadata:
    capabilities: Deep Insights
    categories: Logging & Tracing
    certified: "false"
-    containerImage: quay.io/jaegertracing/jaeger-operator
-    createdAt: "2019-09-04T13:28:40+00:00"
+    containerImage: quay.io/jaegertracing/jaeger-operator:1.62.0
+    createdAt: "2025-01-22T20:40:19Z"
    description: Provides tracing, monitoring and troubleshooting for microservices-based
      distributed systems
    operators.openshift.io/infrastructure-features: '["disconnected"]'
-    operators.operatorframework.io/builder: operator-sdk-v1.13.0+git
+    operators.operatorframework.io/builder: operator-sdk-v1.32.0
    operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
    repository: https://github.com/jaegertracing/jaeger-operator
    support: Jaeger Community
-  name: jaeger-operator.v1.30.0
+  name: jaeger-operator.v1.65.0
  namespace: placeholder
 spec:
  apiservicedefinitions: {}
@ -297,6 +297,18 @@ spec:
          - patch
          - update
          - watch
+        - apiGroups:
+          - logging.openshift.io
+          resources:
+          - elasticsearch
+          verbs:
+          - create
+          - delete
+          - get
+          - list
+          - patch
+          - update
+          - watch
        - apiGroups:
          - logging.openshift.io
          resources:
@ -324,6 +336,7 @@ spec:
        - apiGroups:
          - networking.k8s.io
          resources:
+          - ingressclasses
          - ingresses
          verbs:
          - create
@ -357,9 +370,17 @@ spec:
          - patch
          - update
          - watch
+        - apiGroups:
+          - route.openshift.io
+          resources:
+          - routes/custom-host
+          verbs:
+          - create
        serviceAccountName: jaeger-operator
      deployments:
-      - name: jaeger-operator
+      - label:
+          name: jaeger-operator
+        name: jaeger-operator
        spec:
          replicas: 1
          selector:
@ -372,18 +393,6 @@ spec:
                name: jaeger-operator
            spec:
              containers:
-              - args:
-                - --secure-listen-address=0.0.0.0:8443
-                - --upstream=http://127.0.0.1:8383/
-                - --logtostderr=true
-                - --v=10
-                image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
-                name: kube-rbac-proxy
-                ports:
-                - containerPort: 8443
-                  name: https
-                  protocol: TCP
-                resources: {}
              - args:
                - start
                - --health-probe-bind-address=:8081
@ -401,7 +410,11 @@ spec:
                      fieldPath: metadata.namespace
                - name: OPERATOR_NAME
                  value: jaeger-operator
-                image: quay.io/jaegertracing/jaeger-operator:1.30.0
+                - name: LOG-LEVEL
+                  value: DEBUG
+                - name: KAFKA-PROVISIONING-MINIMAL
+                  value: "true"
+                image: quay.io/jaegertracing/jaeger-operator:1.65.0
                livenessProbe:
                  httpGet:
                    path: /healthz
@ -409,6 +422,10 @@ spec:
                  initialDelaySeconds: 15
                  periodSeconds: 20
                name: jaeger-operator
+                ports:
+                - containerPort: 9443
+                  name: webhook-server
+                  protocol: TCP
                readinessProbe:
                  httpGet:
                    path: /readyz
@ -416,18 +433,42 @@ spec:
                  initialDelaySeconds: 5
                  periodSeconds: 10
                resources:
-                  limits:
-                    cpu: 500m
-                    memory: 512Mi
                  requests:
                    cpu: 100m
                    memory: 128Mi
                securityContext:
                  allowPrivilegeEscalation: false
+                volumeMounts:
+                - mountPath: /tmp/k8s-webhook-server/serving-certs
+                  name: cert
+                  readOnly: true
+              - args:
+                - --secure-listen-address=0.0.0.0:8443
+                - --upstream=http://127.0.0.1:8383/
+                - --logtostderr=true
+                - --v=0
+                image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1
+                name: kube-rbac-proxy
+                ports:
+                - containerPort: 8443
+                  name: https
+                  protocol: TCP
+                resources:
+                  limits:
+                    cpu: 500m
+                    memory: 128Mi
+                  requests:
+                    cpu: 5m
+                    memory: 64Mi
              securityContext:
                runAsNonRoot: true
              serviceAccountName: jaeger-operator
              terminationGracePeriodSeconds: 10
+              volumes:
+              - name: cert
+                secret:
+                  defaultMode: 420
+                  secretName: jaeger-operator-service-cert
      permissions:
      - rules:
        - apiGroups:
@ -483,10 +524,78 @@ spec:
  - email: jaeger-tracing@googlegroups.com
    name: Jaeger Google Group
  maturity: alpha
+  minKubeVersion: 1.19.0
  provider:
    name: CNCF
-  replaces: jaeger-operator.v1.29.1
+  replaces: jaeger-operator.v1.62.0
  selector:
    matchLabels:
      name: jaeger-operator
-  version: 1.30.0
+  version: 1.65.0
+  webhookdefinitions:
+  - admissionReviewVersions:
+    - v1
+    containerPort: 443
+    deploymentName: jaeger-operator
+    failurePolicy: Ignore
+    generateName: deployment.sidecar-injector.jaegertracing.io
+    objectSelector:
+      matchExpressions:
+      - key: name
+        operator: NotIn
+        values:
+        - jaeger-operator
+    rules:
+    - apiGroups:
+      - apps
+      apiVersions:
+      - v1
+      operations:
+      - CREATE
+      - UPDATE
+      resources:
+      - deployments
+    sideEffects: None
+    targetPort: 9443
+    type: MutatingAdmissionWebhook
+    webhookPath: /mutate-v1-deployment
+  - admissionReviewVersions:
+    - v1
+    containerPort: 443
+    deploymentName: jaeger-operator
+    failurePolicy: Fail
+    generateName: mjaeger.kb.io
+    rules:
+    - apiGroups:
+      - jaegertracing.io
+      apiVersions:
+      - v1
+      operations:
+      - CREATE
+      - UPDATE
+      resources:
+      - jaegers
+    sideEffects: None
+    targetPort: 9443
+    type: MutatingAdmissionWebhook
+    webhookPath: /mutate-jaegertracing-io-v1-jaeger
+  - admissionReviewVersions:
+    - v1
+    containerPort: 443
+    deploymentName: jaeger-operator
+    failurePolicy: Fail
+    generateName: vjaeger.kb.io
+    rules:
+    - apiGroups:
+      - jaegertracing.io
+      apiVersions:
+      - v1
+      operations:
+      - CREATE
+      - UPDATE
+      resources:
+      - jaegers
+    sideEffects: None
+    targetPort: 9443
+    type: ValidatingAdmissionWebhook
+    webhookPath: /validate-jaegertracing-io-v1-jaeger
--- a/bundle/manifests/jaegertracing.io_jaegers.yaml
+++ b/bundle/manifests/jaegertracing.io_jaegers.yaml
--- a/bundle/metadata/annotations.yaml
+++ b/bundle/metadata/annotations.yaml
@ -9,3 +9,6 @@ annotations:
  operators.operatorframework.io.metrics.builder: operator-sdk-v1.13.0+git
  operators.operatorframework.io.metrics.mediatype.v1: metrics+v1
  operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3
+
+  # OpenShift annotations
+  com.redhat.openshift.versions: v4.12
--- a/bundle/tests/scorecard/config.yaml
+++ b/bundle/tests/scorecard/config.yaml
@ -8,7 +8,7 @@ stages:
  - entrypoint:
    - scorecard-test
    - basic-check-spec
-    image: quay.io/operator-framework/scorecard-test:v1.13.1
+    image: quay.io/operator-framework/scorecard-test:v1.32.0
    labels:
      suite: basic
      test: basic-check-spec-test
@ -18,7 +18,7 @@ stages:
  - entrypoint:
    - scorecard-test
    - olm-bundle-validation
-    image: quay.io/operator-framework/scorecard-test:v1.13.1
+    image: quay.io/operator-framework/scorecard-test:v1.32.0
    labels:
      suite: olm
      test: olm-bundle-validation-test
@ -28,7 +28,7 @@ stages:
  - entrypoint:
    - scorecard-test
    - olm-crds-have-validation
-    image: quay.io/operator-framework/scorecard-test:v1.13.1
+    image: quay.io/operator-framework/scorecard-test:v1.32.0
    labels:
      suite: olm
      test: olm-crds-have-validation-test
@ -38,7 +38,7 @@ stages:
  - entrypoint:
    - scorecard-test
    - olm-crds-have-resources
-    image: quay.io/operator-framework/scorecard-test:v1.13.1
+    image: quay.io/operator-framework/scorecard-test:v1.32.0
    labels:
      suite: olm
      test: olm-crds-have-resources-test
@ -48,7 +48,7 @@ stages:
  - entrypoint:
    - scorecard-test
    - olm-spec-descriptors
-    image: quay.io/operator-framework/scorecard-test:v1.13.1
+    image: quay.io/operator-framework/scorecard-test:v1.32.0
    labels:
      suite: olm
      test: olm-spec-descriptors-test
@ -58,7 +58,7 @@ stages:
  - entrypoint:
    - scorecard-test
    - olm-status-descriptors
-    image: quay.io/operator-framework/scorecard-test:v1.13.1
+    image: quay.io/operator-framework/scorecard-test:v1.32.0
    labels:
      suite: olm
      test: olm-status-descriptors-test
--- a/config/certmanager/certificate.yaml
+++ b/config/certmanager/certificate.yaml
@ -0,0 +1,28 @@
+# The following manifests contain a self-signed issuer CR and a certificate CR.
+# More document can be found at https://docs.cert-manager.io
+# WARNING: Targets CertManager v1.0. Check https://cert-manager.io/docs/installation/upgrading/ for breaking changes.
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: selfsigned-issuer
+  namespace: system
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: serving-cert  # this name should match the one appeared in kustomizeconfig.yaml
+  namespace: system
+spec:
+  # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize
+  dnsNames:
+  - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc
+  - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local
+  issuerRef:
+    kind: Issuer
+    name: selfsigned-issuer
+  secretName: jaeger-operator-service-cert # this secret will not be prefixed, since it's not managed by kustomize
+  subject:
+    organizationalUnits:
+      - "jaeger-operator"
--- a/config/certmanager/kustomization.yaml
+++ b/config/certmanager/kustomization.yaml
@ -0,0 +1,7 @@
+resources:
+- certificate.yaml
+
+namePrefix: jaeger-operator-
+
+configurations:
+- kustomizeconfig.yaml
--- a/config/certmanager/kustomizeconfig.yaml
+++ b/config/certmanager/kustomizeconfig.yaml
@ -0,0 +1,16 @@
+# This configuration is for teaching kustomize how to update name ref and var substitution 
+nameReference:
+- kind: Issuer
+  group: cert-manager.io
+  fieldSpecs:
+  - kind: Certificate
+    group: cert-manager.io
+    path: spec/issuerRef/name
+
+varReference:
+- kind: Certificate
+  group: cert-manager.io
+  path: spec/commonName
+- kind: Certificate
+  group: cert-manager.io
+  path: spec/dnsNames
--- a/config/crd/bases/jaegertracing.io_jaegers.yaml
+++ b/config/crd/bases/jaegertracing.io_jaegers.yaml
--- a/config/crd/kustomization.yaml
+++ b/config/crd/kustomization.yaml
@ -14,7 +14,7 @@ patchesStrategicMerge:

 # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
 # patches here are for enabling the CA injection for each CRD
-#- patches/cainjection_in_jaegers.yaml
+- patches/cainjection_in_jaegers.yaml
 #- patches/cainjection_in_kafkas.yaml
 #+kubebuilder:scaffold:crdkustomizecainjectionpatch

--- a/config/crd/patches/webhook_in_jaegers.yaml
+++ b/config/crd/patches/webhook_in_jaegers.yaml
@ -10,7 +10,7 @@ spec:
      clientConfig:
        service:
          namespace: system
-          name: webhook-service
+          name: jaeger-operator-webhook-service
          path: /convert
      conversionReviewVersions:
      - v1
--- a/config/default/kustomization.yaml
+++ b/config/default/kustomization.yaml
@ -7,7 +7,12 @@ namespace: observability
 # Note that it should also match with the prefix (text before '-') of the namespace
 # field above.

+# The prefix is not used here because the manager's deployment name is jaeger-operator
+# which means that the manifest would have to contain an empty name which is not allowed.
+#namePrefix: jaeger-operator-
+
 # Labels to add to all resources and selectors.
+# https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/#labels
 commonLabels:
  name: jaeger-operator

@ -15,11 +20,8 @@ bases:
 - ../crd
 - ../rbac
 - ../manager
-# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
-# crd/kustomization.yaml
-#- ../webhook
-# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
-#- ../certmanager
+- ../webhook
+- ../certmanager
 # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
 #- ../prometheus

@ -29,45 +31,39 @@ patchesStrategicMerge:
 # endpoint w/o any authn/z, please comment the following line.
 - manager_auth_proxy_patch.yaml

+- manager_webhook_patch.yaml
+- webhookcainjection_patch.yaml
+
 # Mount the controller config file for loading manager configurations
 # through a ComponentConfig type
 #- manager_config_patch.yaml

-# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
-# crd/kustomization.yaml
-#- manager_webhook_patch.yaml
-
-# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
-# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
-# 'CERTMANAGER' needs to be enabled to use ca injection
-#- webhookcainjection_patch.yaml
-
 # the following config is for teaching kustomize how to do var substitution
 vars:
 # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
-#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
-#  objref:
-#    kind: Certificate
-#    group: cert-manager.io
-#    version: v1
-#    name: serving-cert # this name should match the one in certificate.yaml
-#  fieldref:
-#    fieldpath: metadata.namespace
-#- name: CERTIFICATE_NAME
-#  objref:
-#    kind: Certificate
-#    group: cert-manager.io
-#    version: v1
-#    name: serving-cert # this name should match the one in certificate.yaml
-#- name: SERVICE_NAMESPACE # namespace of the service
-#  objref:
-#    kind: Service
-#    version: v1
-#    name: webhook-service
-#  fieldref:
-#    fieldpath: metadata.namespace
-#- name: SERVICE_NAME
-#  objref:
-#    kind: Service
-#    version: v1
-#    name: webhook-service
+- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
+  objref:
+    kind: Certificate
+    group: cert-manager.io
+    version: v1
+    name: serving-cert # this name should match the one in certificate.yaml
+  fieldref:
+    fieldpath: metadata.namespace
+- name: CERTIFICATE_NAME
+  objref:
+    kind: Certificate
+    group: cert-manager.io
+    version: v1
+    name: serving-cert # this name should match the one in certificate.yaml
+- name: SERVICE_NAMESPACE # namespace of the service
+  objref:
+    kind: Service
+    version: v1
+    name: webhook-service
+  fieldref:
+    fieldpath: metadata.namespace
+- name: SERVICE_NAME
+  objref:
+    kind: Service
+    version: v1
+    name: webhook-service
--- a/config/default/manager_auth_proxy_patch.yaml
+++ b/config/default/manager_auth_proxy_patch.yaml
@ -9,16 +9,23 @@ spec:
    spec:
      containers:
      - name: kube-rbac-proxy
-        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
+        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1
        args:
        - "--secure-listen-address=0.0.0.0:8443"
        - "--upstream=http://127.0.0.1:8383/"
        - "--logtostderr=true"
-        - "--v=10"
+        - "--v=0"
        ports:
        - containerPort: 8443
          protocol: TCP
          name: https
+        resources:
+          limits:
+            cpu: 500m
+            memory: 128Mi
+          requests:
+            cpu: 5m
+            memory: 64Mi
      - name: jaeger-operator
        args:
        - "start"
--- a/config/default/manager_webhook_patch.yaml
+++ b/config/default/manager_webhook_patch.yaml
@ -0,0 +1,22 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: jaeger-operator
+spec:
+  template:
+    spec:
+      containers:
+      - name: jaeger-operator
+        ports:
+        - containerPort: 9443
+          name: webhook-server
+          protocol: TCP
+        volumeMounts:
+        - mountPath: /tmp/k8s-webhook-server/serving-certs
+          name: cert
+          readOnly: true
+      volumes:
+      - name: cert
+        secret:
+          defaultMode: 420
+          secretName: jaeger-operator-service-cert
--- a/config/default/webhookcainjection_patch.yaml
+++ b/config/default/webhookcainjection_patch.yaml
@ -0,0 +1,15 @@
+# This patch add annotation to admission webhook config and
+# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize.
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: mutating-webhook-configuration
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: validating-webhook-configuration
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
--- a/config/manager/kustomization.yaml
+++ b/config/manager/kustomization.yaml
@ -5,4 +5,4 @@ kind: Kustomization
 images:
 - name: controller
  newName: quay.io/jaegertracing/jaeger-operator
-  newTag: 1.30.0
+  newTag: 1.65.0
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@ -15,43 +15,69 @@ spec:
      securityContext:
        runAsNonRoot: true
      containers:
-      - command:
-        - /jaeger-operator
-        args:
-        - --leader-elect
-        image: controller:latest
-        name: jaeger-operator
-        securityContext:
-          allowPrivilegeEscalation: false
-        livenessProbe:
-          httpGet:
-            path: /healthz
-            port: 8081
-          initialDelaySeconds: 15
-          periodSeconds: 20
-        readinessProbe:
-          httpGet:
-            path: /readyz
-            port: 8081
-          initialDelaySeconds: 5
-          periodSeconds: 10
-        resources:
-          limits:
-            cpu: 500m
-            memory: 512Mi
-          requests:
-            cpu: 100m
-            memory: 128Mi
-        env:
-        - name: WATCH_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.annotations['olm.targetNamespaces']
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: OPERATOR_NAME
-          value: "jaeger-operator"
+        - command:
+            - /jaeger-operator
+          args:
+            - start
+            - --leader-elect
+          image: controller:latest
+          name: jaeger-operator
+          securityContext:
+            allowPrivilegeEscalation: false
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8081
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          readinessProbe:
+            httpGet:
+              path: /readyz
+              port: 8081
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          resources:
+            requests:
+              cpu: 100m
+              memory: 128Mi
+          env:
+            - name: WATCH_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.annotations['olm.targetNamespaces']
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: OPERATOR_NAME
+              value: "jaeger-operator"
+            - name: LOG-LEVEL
+              value: DEBUG
+            - name: KAFKA-PROVISIONING-MINIMAL
+              value: "true"
+            - name: LOG-LEVEL
+              value: DEBUG
+            - name: KAFKA-PROVISIONING-MINIMAL
+              value: "true"
+            - name: LOG-LEVEL
+              value: DEBUG
+            - name: KAFKA-PROVISIONING-MINIMAL
+              value: "true"
+            - name: LOG-LEVEL
+              value: DEBUG
+            - name: KAFKA-PROVISIONING-MINIMAL
+              value: "true"
+            - name: LOG-LEVEL
+              value: DEBUG
+            - name: KAFKA-PROVISIONING-MINIMAL
+              value: "true"
+            - name: LOG-LEVEL
+              value: DEBUG
+            - name: KAFKA-PROVISIONING-MINIMAL
+              value: "true"
+            - name: LOG-LEVEL
+              value: DEBUG
+            - name: KAFKA-PROVISIONING-MINIMAL
+              value: "true"
      serviceAccountName: jaeger-operator
      terminationGracePeriodSeconds: 10
--- a/config/manifests/bases/jaeger-operator.clusterserviceversion.yaml
+++ b/config/manifests/bases/jaeger-operator.clusterserviceversion.yaml
@ -15,8 +15,8 @@ metadata:
    capabilities: Deep Insights
    categories: Logging & Tracing
    certified: "false"
-    containerImage: quay.io/jaegertracing/jaeger-operator
-    createdAt: "2019-09-04T13:28:40+00:00"
+    containerImage: quay.io/jaegertracing/jaeger-operator:1.62.0
+    createdAt: "2023-05-16T04:47:12Z"
    description: Provides tracing, monitoring and troubleshooting for microservices-based
      distributed systems
    operators.openshift.io/infrastructure-features: '["disconnected"]'
@ -122,9 +122,10 @@ spec:
  - email: jaeger-tracing@googlegroups.com
    name: Jaeger Google Group
  maturity: alpha
+  minKubeVersion: 1.19.0
  provider:
    name: CNCF
-  replaces: jaeger-operator.v1.29.1
+  replaces: jaeger-operator.v1.62.0
  selector:
    matchLabels:
      name: jaeger-operator
--- a/config/namespaced/kustomization.yaml
+++ b/config/namespaced/kustomization.yaml
@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../default
+
+components:
+  - ./patch
--- a/config/namespaced/patch/kustomization.yaml
+++ b/config/namespaced/patch/kustomization.yaml
@ -0,0 +1,40 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+patches:
+- patch: |-
+    $patch: delete
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRole
+    metadata:
+      name: jaeger-operator-metrics-reader
+- patch: |
+    - op: replace
+      path: /kind
+      value: Role
+  target:
+    group: rbac.authorization.k8s.io
+    kind: ClusterRole
+- patch: |
+    - op: replace
+      path: /roleRef/kind
+      value: Role
+  target:
+    group: rbac.authorization.k8s.io
+    kind: ClusterRoleBinding
+- patch: |
+    - op: replace
+      path: /kind
+      value: RoleBinding
+  target:
+    group: rbac.authorization.k8s.io
+    kind: ClusterRoleBinding
+
+- target:
+    group: apps
+    version: v1
+    name: jaeger-operator
+    kind: Deployment
+  patch: |-
+    - op: replace
+      path: /spec/template/spec/containers/0/env/0/valueFrom/fieldRef/fieldPath
+      value: metadata.namespace
--- a/config/prometheus/monitor.yaml
+++ b/config/prometheus/monitor.yaml
@ -4,7 +4,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  labels:
-    control-plane: controller-manager
+    name: jaeger-operator
  name: jaeger-operator-metrics-monitor
 spec:
  endpoints:
@ -19,3 +19,4 @@ spec:
  selector:
    matchLabels:
      name: jaeger-operator
+      app.kubernetes.io/component: metrics
--- a/config/rbac/auth_proxy_service.yaml
+++ b/config/rbac/auth_proxy_service.yaml
@ -2,7 +2,8 @@ apiVersion: v1
 kind: Service
 metadata:
  labels:
-    control-plane:  jaeger-operator
+    name: jaeger-operator
+    app.kubernetes.io/component: metrics
  name: jaeger-operator-metrics
 spec:
  ports:
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@ -1,9 +1,7 @@
-
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  creationTimestamp: null
  name: manager-role
 rules:
 - apiGroups:
@ -184,6 +182,18 @@ rules:
  - patch
  - update
  - watch
+- apiGroups:
+  - logging.openshift.io
+  resources:
+  - elasticsearch
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
  - logging.openshift.io
  resources:
@ -211,6 +221,7 @@ rules:
 - apiGroups:
  - networking.k8s.io
  resources:
+  - ingressclasses
  - ingresses
  verbs:
  - create
@ -244,3 +255,9 @@ rules:
  - patch
  - update
  - watch
+- apiGroups:
+  - route.openshift.io
+  resources:
+  - routes/custom-host
+  verbs:
+  - create
--- a/config/webhook/deployment_inject_patch.yaml
+++ b/config/webhook/deployment_inject_patch.yaml
@ -0,0 +1,12 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: mutating-webhook-configuration
+webhooks:
+  - name: deployment.sidecar-injector.jaegertracing.io
+    objectSelector: # Skip resources with the name jaeger-operator
+      matchExpressions:
+        - key: name
+          operator: NotIn
+          values:
+            - "jaeger-operator"
--- a/config/webhook/kustomization.yaml
+++ b/config/webhook/kustomization.yaml
@ -0,0 +1,11 @@
+resources:
+- manifests.yaml
+- service.yaml
+
+namePrefix: jaeger-operator-
+
+configurations:
+- kustomizeconfig.yaml
+
+patchesStrategicMerge:
+  - deployment_inject_patch.yaml
--- a/config/webhook/kustomizeconfig.yaml
+++ b/config/webhook/kustomizeconfig.yaml
@ -0,0 +1,26 @@
+# the following config is for teaching kustomize where to look at when substituting vars.
+# It requires kustomize v2.1.0 or newer to work properly.
+
+nameReference:
+- kind: Service
+  version: v1
+  fieldSpecs:
+  - kind: MutatingWebhookConfiguration
+    group: admissionregistration.k8s.io
+    path: webhooks/clientConfig/service/name
+  - kind: ValidatingWebhookConfiguration
+    group: admissionregistration.k8s.io
+    path: webhooks/clientConfig/service/name
+
+namespace:
+- kind: MutatingWebhookConfiguration
+  group: admissionregistration.k8s.io
+  path: webhooks/clientConfig/service/namespace
+  create: true
+- kind: ValidatingWebhookConfiguration
+  group: admissionregistration.k8s.io
+  path: webhooks/clientConfig/service/namespace
+  create: true
+
+varReference:
+- path: metadata/annotations
--- a/config/webhook/manifests.yaml
+++ b/config/webhook/manifests.yaml
@ -0,0 +1,72 @@
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: system
+      path: /mutate-jaegertracing-io-v1-jaeger
+  failurePolicy: Fail
+  name: mjaeger.kb.io
+  rules:
+  - apiGroups:
+    - jaegertracing.io
+    apiVersions:
+    - v1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - jaegers
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: system
+      path: /mutate-v1-deployment
+  failurePolicy: Ignore
+  name: deployment.sidecar-injector.jaegertracing.io
+  rules:
+  - apiGroups:
+    - apps
+    apiVersions:
+    - v1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - deployments
+  sideEffects: None
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: validating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: system
+      path: /validate-jaegertracing-io-v1-jaeger
+  failurePolicy: Fail
+  name: vjaeger.kb.io
+  rules:
+  - apiGroups:
+    - jaegertracing.io
+    apiVersions:
+    - v1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - jaegers
+  sideEffects: None
--- a/config/webhook/service.yaml
+++ b/config/webhook/service.yaml
@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: webhook-service
+  namespace: system
+spec:
+  ports:
+    - port: 443
+      protocol: TCP
+      targetPort: 9443
--- a/controllers/appsv1/deployment_controller.go
+++ b/controllers/appsv1/deployment_controller.go
@ -1,45 +0,0 @@
-package appsv1
-
-import (
-	"context"
-
-	ctrl "sigs.k8s.io/controller-runtime"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/handler"
-	"sigs.k8s.io/controller-runtime/pkg/source"
-
-	appsv1 "k8s.io/api/apps/v1"
-	"k8s.io/apimachinery/pkg/runtime"
-
-	v1 "github.com/jaegertracing/jaeger-operator/apis/v1"
-	"github.com/jaegertracing/jaeger-operator/pkg/controller/deployment"
-)
-
-// DeploymentReconciler reconciles a Deployment object
-type DeploymentReconciler struct {
-	reconcilier *deployment.ReconcileDeployment
-}
-
-// NewDeploymentReconciler creates a new deployment reconcilier controller
-func NewDeploymentReconciler(client client.Client, clientReader client.Reader, scheme *runtime.Scheme) *DeploymentReconciler {
-	return &DeploymentReconciler{
-		reconcilier: deployment.New(client, clientReader, scheme),
-	}
-}
-
-// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups=apps,resources=deployments/status,verbs=get;update;patch
-
-// Reconcile deployment resource
-func (r *DeploymentReconciler) Reconcile(ctx context.Context, request ctrl.Request) (ctrl.Result, error) {
-	return r.reconcilier.Reconcile(ctx, request)
-}
-
-// SetupWithManager sets up the controller with the Manager.
-func (r *DeploymentReconciler) SetupWithManager(mgr ctrl.Manager) error {
-	err := ctrl.NewControllerManagedBy(mgr).
-		For(&appsv1.Deployment{}).
-		Watches(&source.Kind{Type: &v1.Jaeger{}}, handler.EnqueueRequestsFromMapFunc(r.reconcilier.SyncOnJaegerChanges)).
-		Complete(r)
-	return err
-}
--- a/controllers/appsv1/deployment_controller_test.go
+++ b/controllers/appsv1/deployment_controller_test.go
@ -1,31 +0,0 @@
-package appsv1_test
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	k8sconfig "sigs.k8s.io/controller-runtime/pkg/client/config"
-	"sigs.k8s.io/controller-runtime/pkg/manager"
-
-	"github.com/jaegertracing/jaeger-operator/controllers/appsv1"
-)
-
-func TestDeploymentControllerRegisterWithManager(t *testing.T) {
-	t.Skip("this test requires a real cluster, otherwise the GetConfigOrDie will die")
-
-	// prepare
-	mgr, err := manager.New(k8sconfig.GetConfigOrDie(), manager.Options{})
-	require.NoError(t, err)
-	reconciler := appsv1.NewDeploymentReconciler(
-		k8sClient,
-		k8sClient,
-		testScheme,
-	)
-
-	// test
-	err = reconciler.SetupWithManager(mgr)
-
-	// verify
-	assert.NoError(t, err)
-}
--- a/controllers/appsv1/deployment_webhook.go
+++ b/controllers/appsv1/deployment_webhook.go
@ -0,0 +1,222 @@
+package appsv1
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+	"strings"
+
+	"github.com/spf13/viper"
+	"go.opentelemetry.io/otel"
+	"go.opentelemetry.io/otel/attribute"
+	"go.opentelemetry.io/otel/trace"
+	appsv1 "k8s.io/api/apps/v1"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/log"
+	"sigs.k8s.io/controller-runtime/pkg/webhook"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+
+	v1 "github.com/jaegertracing/jaeger-operator/apis/v1"
+	"github.com/jaegertracing/jaeger-operator/pkg/config/ca"
+	"github.com/jaegertracing/jaeger-operator/pkg/inject"
+	"github.com/jaegertracing/jaeger-operator/pkg/tracing"
+)
+
+var _ webhook.AdmissionHandler = (*deploymentInterceptor)(nil)
+
+// NewDeploymentInterceptorWebhook creates a new deployment mutating webhook to be registered
+func NewDeploymentInterceptorWebhook(c client.Client, decoder *admission.Decoder) webhook.AdmissionHandler {
+	return &deploymentInterceptor{
+		client:  c,
+		decoder: decoder,
+	}
+}
+
+// You need to ensure the path here match the path in the marker.
+// +kubebuilder:webhook:path=/mutate-v1-deployment,mutating=true,failurePolicy=ignore,groups="apps",resources=deployments,sideEffects=None,verbs=create;update,versions=v1,name=deployment.sidecar-injector.jaegertracing.io,admissionReviewVersions=v1
+
+// +kubebuilder:rbac:groups=core,resources=namespaces,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=core,resources=namespaces/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=apps,resources=deployments/status,verbs=get;update;patch
+
+// deploymentInterceptor label pods if Sidecar is specified in deployment
+type deploymentInterceptor struct {
+	client  client.Client
+	decoder *admission.Decoder
+}
+
+func (d *deploymentInterceptor) shouldHandleDeployment(req admission.Request) bool {
+	if namespaces := viper.GetString(v1.ConfigWatchNamespace); namespaces != v1.WatchAllNamespaces {
+		for _, ns := range strings.Split(namespaces, ",") {
+			if strings.EqualFold(ns, req.Namespace) {
+				return true
+			}
+		}
+		return false
+	}
+	return true
+}
+
+// Handle adds a label to a generated pod if deployment or namespace provide annotaion
+func (d *deploymentInterceptor) Handle(ctx context.Context, req admission.Request) admission.Response {
+	tracer := otel.GetTracerProvider().Tracer(v1.ReconciliationTracer)
+	ctx, span := tracer.Start(ctx, "reconcileDeployment")
+	span.SetAttributes(
+		attribute.String("kind", req.Kind.String()),
+		attribute.String("name", req.Name),
+		attribute.String("namespace", req.Namespace),
+	)
+
+	if !d.shouldHandleDeployment(req) {
+		return admission.Allowed("not watching in namespace, we do not touch the deployment")
+	}
+
+	defer span.End()
+
+	logger := log.Log.WithValues("namespace", req.Namespace)
+	logger.V(-1).Info("verify deployment")
+
+	dep := &appsv1.Deployment{}
+	err := d.decoder.Decode(req, dep)
+	if err != nil {
+		logger.Error(err, "failed to decode deployment")
+		return admission.Errored(http.StatusBadRequest, err)
+	}
+
+	if dep.Labels["app"] == "jaeger" && dep.Labels["app.kubernetes.io/component"] != "query" {
+		// Don't touch jaeger deployments
+		return admission.Allowed("is jaeger deployment, we do not touch it")
+	}
+
+	ns := &corev1.Namespace{}
+	err = d.client.Get(ctx, types.NamespacedName{Name: req.Namespace}, ns)
+	// we shouldn't fail if the namespace object can't be obtained
+	if err != nil {
+		msg := "failed to get the namespace for the deployment, skipping injection based on namespace annotation"
+		logger.Error(err, msg)
+		span.AddEvent(msg, trace.WithAttributes(attribute.String("error", err.Error())))
+	}
+
+	jaegers := &v1.JaegerList{}
+	opts := []client.ListOption{}
+
+	if viper.GetString(v1.ConfigOperatorScope) == v1.OperatorScopeNamespace {
+		opts = append(opts, client.InNamespace(viper.GetString(v1.ConfigWatchNamespace)))
+	}
+
+	if err := d.client.List(ctx, jaegers, opts...); err != nil {
+		logger.Error(err, "failed to get the available Jaeger pods")
+		return admission.Errored(http.StatusInternalServerError, tracing.HandleError(err, span))
+	}
+
+	if inject.Needed(dep, ns) {
+		jaeger := inject.Select(dep, ns, jaegers)
+		if jaeger != nil && jaeger.GetDeletionTimestamp() == nil {
+			logger := logger.WithValues(
+				"jaeger", jaeger.Name,
+				"jaeger-namespace", jaeger.Namespace,
+			)
+			if jaeger.Namespace != dep.Namespace {
+				if err := reconcileConfigMaps(ctx, d.client, jaeger, dep); err != nil {
+					const msg = "failed to reconcile config maps for the namespace"
+					logger.Error(err, msg)
+					span.AddEvent(msg)
+				}
+			}
+
+			// a suitable jaeger instance was found! let's inject a sidecar pointing to it then
+			// Verified that jaeger instance was found and is not marked for deletion.
+			{
+				msg := "injecting Jaeger Agent sidecar"
+				logger.Info(msg)
+				span.AddEvent(msg)
+			}
+
+			envConfigMaps := corev1.ConfigMapList{}
+			d.client.List(ctx, &envConfigMaps, client.InNamespace(dep.Namespace))
+			dep = inject.Sidecar(jaeger, dep, inject.WithEnvFromConfigMaps(inject.GetConfigMapsMatchedEnvFromInDeployment(*dep, envConfigMaps.Items)))
+			marshaledDeploy, err := json.Marshal(dep)
+			if err != nil {
+				return admission.Errored(http.StatusInternalServerError, tracing.HandleError(err, span))
+			}
+
+			return admission.PatchResponseFromRaw(req.Object.Raw, marshaledDeploy)
+		}
+
+		const msg = "no suitable Jaeger instances found to inject a sidecar"
+		span.AddEvent(msg)
+		logger.V(-1).Info(msg)
+		return admission.Allowed(msg)
+	}
+
+	if hasAgent, _ := inject.HasJaegerAgent(dep); hasAgent {
+		if _, hasLabel := dep.Labels[inject.Label]; hasLabel {
+			const msg = "remove sidecar"
+			logger.Info(msg)
+			span.AddEvent(msg)
+			inject.CleanSidecar(dep.Labels[inject.Label], dep)
+			marshaledDeploy, err := json.Marshal(dep)
+			if err != nil {
+				return admission.Errored(http.StatusInternalServerError, tracing.HandleError(err, span))
+			}
+
+			return admission.PatchResponseFromRaw(req.Object.Raw, marshaledDeploy)
+		}
+	}
+	return admission.Allowed("no action needed")
+}
+
+// deploymentInterceptor implements admission.DecoderInjector.
+// A decoder will be automatically injected.
+
+// InjectDecoder injects the decoder.
+func (d *deploymentInterceptor) InjectDecoder(decoder *admission.Decoder) error {
+	d.decoder = decoder
+	return nil
+}
+
+func reconcileConfigMaps(ctx context.Context, cl client.Client, jaeger *v1.Jaeger, dep *appsv1.Deployment) error {
+	tracer := otel.GetTracerProvider().Tracer(v1.ReconciliationTracer)
+	ctx, span := tracer.Start(ctx, "reconcileConfigMaps")
+	defer span.End()
+
+	cms := []*corev1.ConfigMap{}
+	if cm := ca.GetTrustedCABundle(jaeger); cm != nil {
+		cms = append(cms, cm)
+	}
+	if cm := ca.GetServiceCABundle(jaeger); cm != nil {
+		cms = append(cms, cm)
+	}
+
+	for _, cm := range cms {
+		if err := reconcileConfigMap(ctx, cl, cm, dep); err != nil {
+			return tracing.HandleError(err, span)
+		}
+	}
+
+	return nil
+}
+
+func reconcileConfigMap(ctx context.Context, cl client.Client, cm *corev1.ConfigMap, dep *appsv1.Deployment) error {
+	tracer := otel.GetTracerProvider().Tracer(v1.ReconciliationTracer)
+	ctx, span := tracer.Start(ctx, "reconcileConfigMap")
+	defer span.End()
+
+	// Update the namespace to be the same as the Deployment being injected
+	cm.Namespace = dep.Namespace
+	span.SetAttributes(attribute.String("name", cm.Name), attribute.String("namespace", cm.Namespace))
+
+	if err := cl.Create(ctx, cm); err != nil {
+		if errors.IsAlreadyExists(err) {
+			span.AddEvent("config map exists already")
+		} else {
+			return tracing.HandleError(err, span)
+		}
+	}
+
+	return nil
+}
--- a/controllers/appsv1/deployment_webhook_test.go
+++ b/controllers/appsv1/deployment_webhook_test.go
@ -0,0 +1,436 @@
+package appsv1
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"sort"
+	"testing"
+
+	"github.com/spf13/viper"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	jsonpatch "gomodules.xyz/jsonpatch/v2"
+	admissionv1 "k8s.io/api/admission/v1"
+	appsv1 "k8s.io/api/apps/v1"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/client-go/kubernetes/scheme"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/client/fake"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+
+	v1 "github.com/jaegertracing/jaeger-operator/apis/v1"
+	"github.com/jaegertracing/jaeger-operator/pkg/autodetect"
+	"github.com/jaegertracing/jaeger-operator/pkg/inject"
+)
+
+func TestReconcileConfigMaps(t *testing.T) {
+	testCases := []struct {
+		desc     string
+		existing []runtime.Object
+		errors   errorGroup
+		expect   error
+	}{
+		{
+			desc: "all config maps missing",
+		},
+		{
+			desc: "none missing",
+			existing: []runtime.Object{
+				&corev1.ConfigMap{
+					ObjectMeta: metav1.ObjectMeta{
+						Namespace: "ns1",
+						Name:      "my-instance-trusted-ca",
+					},
+				},
+				&corev1.ConfigMap{
+					ObjectMeta: metav1.ObjectMeta{
+						Namespace: "ns1",
+						Name:      "my-instance-service-ca",
+					},
+				},
+			},
+		},
+		{
+			desc:   "can not create",
+			errors: errorGroup{createErr: fmt.Errorf("ups, cant create things")},
+			expect: fmt.Errorf("ups, cant create things"),
+			existing: []runtime.Object{
+				&corev1.ConfigMap{
+					ObjectMeta: metav1.ObjectMeta{
+						Namespace: "ns1",
+						Name:      "my-instance-trusted-ca",
+					},
+				},
+				&corev1.ConfigMap{
+					ObjectMeta: metav1.ObjectMeta{
+						Namespace: "ns1",
+						Name:      "my-instance-service-ca",
+					},
+				},
+			},
+		},
+	}
+	for _, tC := range testCases {
+		t.Run(tC.desc, func(t *testing.T) {
+			// prepare
+			jaeger := v1.NewJaeger(types.NamespacedName{
+				Namespace: "observability",
+				Name:      "my-instance",
+			})
+			dep := appsv1.Deployment{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "ns1",
+					Name:      "my-dep",
+				},
+			}
+
+			cl := &failingClient{
+				WithWatch: fake.NewClientBuilder().WithRuntimeObjects(tC.existing...).Build(),
+				errors:    tC.errors,
+			}
+
+			autodetect.OperatorConfiguration.SetPlatform(autodetect.OpenShiftPlatform)
+
+			// test
+			err := reconcileConfigMaps(context.Background(), cl, jaeger, &dep)
+
+			// verify
+			assert.Equal(t, tC.expect, err)
+
+			cms := corev1.ConfigMapList{}
+			err = cl.List(context.Background(), &cms)
+			require.NoError(t, err)
+
+			assert.Len(t, cms.Items, 2)
+		})
+	}
+}
+
+type failingClient struct {
+	client.WithWatch
+
+	errors errorGroup
+}
+
+type errorGroup struct {
+	listErr   error
+	getErr    error
+	createErr error
+}
+
+func (u *failingClient) List(ctx context.Context, list client.ObjectList, opts ...client.ListOption) error {
+	if u.errors.listErr != nil {
+		return u.errors.listErr
+	}
+	return u.WithWatch.List(ctx, list, opts...)
+}
+
+func (u *failingClient) Get(ctx context.Context, key client.ObjectKey, obj client.Object, opts ...client.GetOption) error {
+	if u.errors.getErr != nil {
+		return u.errors.getErr
+	}
+	return u.WithWatch.Get(ctx, key, obj, opts...)
+}
+
+func (u *failingClient) Create(ctx context.Context, obj client.Object, opts ...client.CreateOption) error {
+	if u.errors.createErr != nil {
+		return u.errors.createErr
+	}
+	return u.WithWatch.Create(ctx, obj, opts...)
+}
+
+func TestReconcilieDeployment(t *testing.T) {
+	namespacedName := types.NamespacedName{
+		Name:      "jaeger-query",
+		Namespace: "my-ns",
+	}
+
+	jaeger := v1.NewJaeger(types.NamespacedName{
+		Namespace: "observability",
+		Name:      "my-instance",
+	})
+
+	s := scheme.Scheme
+	s.AddKnownTypes(v1.GroupVersion, jaeger)
+	s.AddKnownTypes(v1.GroupVersion, &v1.JaegerList{})
+
+	testCases := []struct {
+		desc         string
+		dep          *appsv1.Deployment
+		jaeger       *v1.Jaeger
+		resp         admission.Response
+		errors       errorGroup
+		emptyRequest bool
+		watch_ns     string
+	}{
+		{
+			desc: "no content to decode",
+			dep:  &appsv1.Deployment{},
+			resp: admission.Response{
+				AdmissionResponse: admissionv1.AdmissionResponse{
+					Allowed: false,
+					Result: &metav1.Status{
+						Message: "there is no content to decode",
+						Code:    400,
+					},
+				},
+			},
+			emptyRequest: true,
+		},
+		{
+			desc: "can not get namespaces and list jaegers",
+			errors: errorGroup{
+				listErr: fmt.Errorf("ups cant list"),
+				getErr:  fmt.Errorf("ups cant get"),
+			},
+			dep: inject.Sidecar(jaeger, &appsv1.Deployment{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:        namespacedName.Name,
+					Namespace:   namespacedName.Namespace,
+					Annotations: map[string]string{},
+					Labels: map[string]string{
+						"app": "not jaeger",
+					},
+				},
+				Spec: appsv1.DeploymentSpec{
+					Template: corev1.PodTemplateSpec{
+						ObjectMeta: metav1.ObjectMeta{},
+						Spec: corev1.PodSpec{
+							Containers: []corev1.Container{{
+								Name: "only_container",
+							}},
+						},
+					},
+				},
+			}),
+			resp: admission.Response{
+				AdmissionResponse: admissionv1.AdmissionResponse{
+					Allowed: false,
+					Result: &metav1.Status{
+						Message: "ups cant list",
+						Code:    500,
+					},
+				},
+			},
+		},
+		{
+			desc: "Should not remove the instance from a jaeger component",
+			dep: inject.Sidecar(jaeger, &appsv1.Deployment{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:        namespacedName.Name,
+					Namespace:   namespacedName.Namespace,
+					Annotations: map[string]string{},
+					Labels: map[string]string{
+						"app": "jaeger",
+					},
+				},
+				Spec: appsv1.DeploymentSpec{
+					Template: corev1.PodTemplateSpec{
+						ObjectMeta: metav1.ObjectMeta{},
+						Spec: corev1.PodSpec{
+							Containers: []corev1.Container{{
+								Name: "only_container",
+							}},
+						},
+					},
+				},
+			}),
+			resp: admission.Response{
+				AdmissionResponse: admissionv1.AdmissionResponse{
+					Allowed: true,
+					Result: &metav1.Status{
+						Message: "is jaeger deployment, we do not touch it",
+						Code:    200,
+					},
+				},
+			},
+		},
+		{
+			desc: "Should remove the instance",
+			dep: inject.Sidecar(jaeger, &appsv1.Deployment{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:        namespacedName.Name,
+					Namespace:   namespacedName.Namespace,
+					Annotations: map[string]string{},
+				},
+				Spec: appsv1.DeploymentSpec{
+					Template: corev1.PodTemplateSpec{
+						ObjectMeta: metav1.ObjectMeta{},
+						Spec: corev1.PodSpec{
+							Containers: []corev1.Container{{
+								Name: "only_container",
+							}},
+						},
+					},
+				},
+			}),
+			resp: admission.Response{
+				Patches: []jsonpatch.JsonPatchOperation{
+					{
+						Operation: "remove",
+						Path:      "/metadata/labels",
+					},
+					{
+						Operation: "remove",
+						Path:      "/spec/template/spec/containers/1",
+					},
+				},
+				AdmissionResponse: admissionv1.AdmissionResponse{
+					Allowed:   true,
+					PatchType: func() *admissionv1.PatchType { str := admissionv1.PatchTypeJSONPatch; return &str }(),
+				},
+			},
+		},
+		{
+			desc: "Should inject but no jaeger instace found",
+			dep: inject.Sidecar(jaeger, &appsv1.Deployment{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      namespacedName.Name,
+					Namespace: namespacedName.Namespace,
+					Annotations: map[string]string{
+						inject.Annotation: "true",
+					},
+					Labels: map[string]string{
+						"app": "something",
+					},
+				},
+				Spec: appsv1.DeploymentSpec{
+					Template: corev1.PodTemplateSpec{
+						ObjectMeta: metav1.ObjectMeta{},
+						Spec: corev1.PodSpec{
+							Containers: []corev1.Container{{
+								Name: "only_container",
+							}},
+						},
+					},
+				},
+			}),
+			resp: admission.Response{
+				AdmissionResponse: admissionv1.AdmissionResponse{
+					Allowed: true,
+					Result: &metav1.Status{
+						Message: "no suitable Jaeger instances found to inject a sidecar",
+						Code:    200,
+					},
+				},
+			},
+		},
+		{
+			desc: "Should inject but empty instance - no patch",
+			dep: inject.Sidecar(jaeger, &appsv1.Deployment{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      namespacedName.Name,
+					Namespace: namespacedName.Namespace,
+					Annotations: map[string]string{
+						inject.Annotation: "true",
+					},
+					Labels: map[string]string{
+						"app": "something",
+					},
+				},
+				Spec: appsv1.DeploymentSpec{
+					Template: corev1.PodTemplateSpec{
+						ObjectMeta: metav1.ObjectMeta{},
+						Spec: corev1.PodSpec{
+							Containers: []corev1.Container{{
+								Name: "only_container",
+							}},
+						},
+					},
+				},
+			}),
+			resp: admission.Response{
+				Patches: []jsonpatch.JsonPatchOperation{},
+				AdmissionResponse: admissionv1.AdmissionResponse{
+					Allowed: true,
+				},
+			},
+			jaeger: &v1.Jaeger{},
+		},
+		{
+			desc: "should not touch deployment on other namespaces != watch_namespaces",
+			dep: &appsv1.Deployment{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:        namespacedName.Name,
+					Namespace:   namespacedName.Namespace,
+					Annotations: map[string]string{},
+					Labels: map[string]string{
+						"app": "not jaeger",
+					},
+				},
+				Spec: appsv1.DeploymentSpec{},
+			},
+			resp: admission.Response{
+				AdmissionResponse: admissionv1.AdmissionResponse{
+					Allowed: true,
+					Result: &metav1.Status{
+						Message: "not watching in namespace, we do not touch the deployment",
+						Code:    200,
+					},
+				},
+			},
+			watch_ns: "my-other-ns, other-ns-2",
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.desc, func(t *testing.T) {
+			viper.Set(v1.ConfigWatchNamespace, tc.watch_ns)
+			defer viper.Reset()
+			ns := &corev1.Namespace{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: namespacedName.Namespace,
+				},
+			}
+
+			res := []runtime.Object{tc.dep, ns}
+			if tc.jaeger != nil {
+				res = append(res, tc.jaeger)
+			}
+
+			cl := &failingClient{
+				WithWatch: fake.NewClientBuilder().WithRuntimeObjects(res...).Build(),
+				errors:    tc.errors,
+			}
+
+			decoder := admission.NewDecoder(scheme.Scheme)
+			r := NewDeploymentInterceptorWebhook(cl, decoder)
+
+			req := admission.Request{}
+			if !tc.emptyRequest {
+				req = admission.Request{
+					AdmissionRequest: admissionv1.AdmissionRequest{
+						Name:      tc.dep.Name,
+						Namespace: tc.dep.Namespace,
+						Object: runtime.RawExtension{
+							Raw: func() []byte {
+								var buf bytes.Buffer
+								if getErr := json.NewEncoder(&buf).Encode(tc.dep); getErr != nil {
+									t.Fatal(getErr)
+								}
+								return buf.Bytes()
+							}(),
+						},
+					},
+				}
+			}
+
+			resp := r.Handle(context.Background(), req)
+
+			assert.Len(t, resp.Patches, len(tc.resp.Patches))
+			sort.Slice(resp.Patches, func(i, j int) bool {
+				return resp.Patches[i].Path < resp.Patches[j].Path
+			})
+			sort.Slice(tc.resp.Patches, func(i, j int) bool {
+				return tc.resp.Patches[i].Path < tc.resp.Patches[j].Path
+			})
+
+			assert.Equal(t, tc.resp, resp)
+		})
+	}
+}
--- a/controllers/appsv1/namespace_controller.go
+++ b/controllers/appsv1/namespace_controller.go
@ -6,7 +6,7 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"

-	appsv1 "k8s.io/api/apps/v1"
+	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"

 	"github.com/jaegertracing/jaeger-operator/pkg/controller/namespace"
@ -37,7 +37,7 @@ func (r *NamespaceReconciler) Reconcile(ctx context.Context, request ctrl.Reques
 // SetupWithManager sets up the controller with the Manager.
 func (r *NamespaceReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	err := ctrl.NewControllerManagedBy(mgr).
-		For(&appsv1.Deployment{}).
+		For(&corev1.Namespace{}).
 		Complete(r)
 	return err
 }
--- a/controllers/appsv1/namespace_controller_test.go
+++ b/controllers/appsv1/namespace_controller_test.go
@ -1,13 +1,16 @@
 package appsv1_test

 import (
+	"context"
 	"testing"

-	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"k8s.io/apimachinery/pkg/types"
 	k8sconfig "sigs.k8s.io/controller-runtime/pkg/client/config"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
+	k8sreconcile "sigs.k8s.io/controller-runtime/pkg/reconcile"

+	v1 "github.com/jaegertracing/jaeger-operator/apis/v1"
 	"github.com/jaegertracing/jaeger-operator/controllers/appsv1"
 )

@ -27,5 +30,26 @@ func TestNamespaceControllerRegisterWithManager(t *testing.T) {
 	err = reconciler.SetupWithManager(mgr)

 	// verify
-	assert.NoError(t, err)
+	require.NoError(t, err)
+}
+
+func TestNewNamespaceInstance(t *testing.T) {
+	// prepare
+	nsn := types.NamespacedName{Name: "my-instance", Namespace: "default"}
+	reconciler := appsv1.NewNamespaceReconciler(
+		k8sClient,
+		k8sClient,
+		testScheme,
+	)
+
+	instance := v1.NewJaeger(nsn)
+	err := k8sClient.Create(context.Background(), instance)
+	require.NoError(t, err)
+
+	req := k8sreconcile.Request{
+		NamespacedName: nsn,
+	}
+
+	_, err = reconciler.Reconcile(context.Background(), req)
+	require.NoError(t, err)
 }
--- a/controllers/appsv1/suite_test.go
+++ b/controllers/appsv1/suite_test.go
@ -15,9 +15,11 @@ import (
 	// +kubebuilder:scaffold:imports
 )

-var k8sClient client.Client
-var testEnv *envtest.Environment
-var testScheme *runtime.Scheme = scheme.Scheme
+var (
+	k8sClient  client.Client
+	testEnv    *envtest.Environment
+	testScheme *runtime.Scheme = scheme.Scheme
+)

 func TestMain(m *testing.M) {
 	testEnv = &envtest.Environment{
--- a/controllers/elasticsearch/elasticsearch_controller.go
+++ b/controllers/elasticsearch/elasticsearch_controller.go
@ -0,0 +1,60 @@
+package elasticsearch
+
+import (
+	"context"
+
+	esv1 "github.com/openshift/elasticsearch-operator/apis/logging/v1"
+	"k8s.io/client-go/discovery"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	"github.com/jaegertracing/jaeger-operator/pkg/autodetect"
+	"github.com/jaegertracing/jaeger-operator/pkg/controller/elasticsearch"
+)
+
+// Reconciler reconciles a Deployment object
+type Reconciler struct {
+	reconcilier *elasticsearch.ReconcileElasticsearch
+}
+
+// NewReconciler creates a new deployment reconciler controller
+func NewReconciler(client client.Client, clientReader client.Reader) *Reconciler {
+	return &Reconciler{
+		reconcilier: elasticsearch.New(client, clientReader),
+	}
+}
+
+// +kubebuilder:rbac:groups=logging.openshift.io,resources=elasticsearch,verbs=get;list;watch;create;update;patch;delete
+
+// Reconcile deployment resource
+func (r *Reconciler) Reconcile(ctx context.Context, request ctrl.Request) (ctrl.Result, error) {
+	return r.reconcilier.Reconcile(ctx, request)
+}
+
+// SetupWithManager sets up the controller with the Manager.
+func (r *Reconciler) SetupWithManager(mgr ctrl.Manager) error {
+	esCRDInstalled, err := isOpenShiftESCRDAvailable(mgr)
+	if err != nil {
+		return err
+	}
+	if esCRDInstalled {
+		return ctrl.NewControllerManagedBy(mgr).
+			For(&esv1.Elasticsearch{}).
+			Complete(r)
+	}
+	return nil
+}
+
+const elasticsearchGroup = "logging.openshift.io"
+
+func isOpenShiftESCRDAvailable(mgr ctrl.Manager) (bool, error) {
+	dcl, err := discovery.NewDiscoveryClientForConfig(mgr.GetConfig())
+	if err != nil {
+		return false, err
+	}
+	apiLists, err := autodetect.AvailableAPIs(dcl, map[string]bool{elasticsearchGroup: true})
+	if err != nil {
+		return false, err
+	}
+	return autodetect.IsElasticsearchOperatorAvailable(apiLists), nil
+}
--- a/controllers/elasticsearch/elasticsearch_controller_test.go
+++ b/controllers/elasticsearch/elasticsearch_controller_test.go
@ -0,0 +1,77 @@
+package elasticsearch_test
+
+import (
+	"context"
+	"testing"
+
+	esv1 "github.com/openshift/elasticsearch-operator/apis/logging/v1"
+	"github.com/stretchr/testify/require"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	k8sconfig "sigs.k8s.io/controller-runtime/pkg/client/config"
+	"sigs.k8s.io/controller-runtime/pkg/client/fake"
+	"sigs.k8s.io/controller-runtime/pkg/manager"
+	k8sreconcile "sigs.k8s.io/controller-runtime/pkg/reconcile"
+
+	v1 "github.com/jaegertracing/jaeger-operator/apis/v1"
+	"github.com/jaegertracing/jaeger-operator/controllers/elasticsearch"
+)
+
+func TestElasticSearchSetupWithManager(t *testing.T) {
+	t.Skip("this test requires a real cluster, otherwise the GetConfigOrDie will die")
+
+	// prepare
+	mgr, err := manager.New(k8sconfig.GetConfigOrDie(), manager.Options{})
+	require.NoError(t, err)
+	reconciler := elasticsearch.NewReconciler(
+		k8sClient,
+		k8sClient,
+	)
+
+	// test
+	err = reconciler.SetupWithManager(mgr)
+
+	// verify
+	require.NoError(t, err)
+}
+
+func TestNewElasticSearchInstance(t *testing.T) {
+	// prepare
+	ns := &corev1.Namespace{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "test-ns",
+		},
+	}
+
+	es := &esv1.Elasticsearch{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "test-es",
+			Namespace: "test-ns",
+		},
+	}
+
+	jaeger := v1.NewJaeger(types.NamespacedName{
+		Name:      "test-jaeger",
+		Namespace: "test-jaeger",
+	})
+
+	esv1.AddToScheme(testScheme)
+	v1.AddToScheme(testScheme)
+
+	client := fake.NewClientBuilder().WithRuntimeObjects(ns, es, jaeger).Build()
+	reconciler := elasticsearch.NewReconciler(
+		client,
+		client,
+	)
+
+	req := k8sreconcile.Request{
+		NamespacedName: types.NamespacedName{
+			Name:      "test-es",
+			Namespace: "test-ns",
+		},
+	}
+
+	_, err := reconciler.Reconcile(context.Background(), req)
+	require.NoError(t, err)
+}
--- a/controllers/elasticsearch/suit_test.go
+++ b/controllers/elasticsearch/suit_test.go
@ -0,0 +1,57 @@
+package elasticsearch_test
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"testing"
+
+	v1 "github.com/jaegertracing/jaeger-operator/apis/v1"
+
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/client-go/kubernetes/scheme"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/envtest"
+	// +kubebuilder:scaffold:imports
+)
+
+var (
+	k8sClient  client.Client
+	testEnv    *envtest.Environment
+	testScheme *runtime.Scheme = scheme.Scheme
+)
+
+func TestMain(m *testing.M) {
+	testEnv = &envtest.Environment{
+		CRDDirectoryPaths: []string{filepath.Join("..", "..", "config", "crd", "bases")},
+	}
+
+	cfg, err := testEnv.Start()
+	if err != nil {
+		fmt.Printf("failed to start testEnv: %v", err)
+		os.Exit(1)
+	}
+
+	if err := v1.AddToScheme(scheme.Scheme); err != nil {
+		fmt.Printf("failed to register scheme: %v", err)
+		os.Exit(1)
+	}
+
+	// +kubebuilder:scaffold:scheme
+
+	k8sClient, err = client.New(cfg, client.Options{Scheme: testScheme})
+	if err != nil {
+		fmt.Printf("failed to setup a Kubernetes client: %v", err)
+		os.Exit(1)
+	}
+
+	code := m.Run()
+
+	err = testEnv.Stop()
+	if err != nil {
+		fmt.Printf("failed to stop testEnv: %v", err)
+		os.Exit(1)
+	}
+
+	os.Exit(code)
+}
--- a/controllers/jaegertracing/jaeger_controller.go
+++ b/controllers/jaegertracing/jaeger_controller.go
@ -22,7 +22,6 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/source"

 	"github.com/operator-framework/operator-lib/handler"

@ -49,8 +48,9 @@ func NewReconciler(client client.Client, clientReader client.Reader, scheme *run
 // +kubebuilder:rbac:groups=apps,resources=deployments;daemonsets;replicasets;statefulsets,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=extensions,resources=ingresses,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=autoscaling,resources=horizontalpodautoscalers,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses;ingressclasses,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=route.openshift.io,resources=routes,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=route.openshift.io,resources=routes/custom-host,verbs=create
 // +kubebuilder:rbac:groups=console.openshift.io,resources=consolelinks,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=batch,resources=jobs;cronjobs,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=monitoring.coreos.com,resources=servicemonitors,verbs=get;list;watch;create;update;patch;delete
@ -69,7 +69,10 @@ func (r *JaegerReconciler) Reconcile(ctx context.Context, request ctrl.Request)
 func (r *JaegerReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	err := ctrl.NewControllerManagedBy(mgr).
 		For(&v1.Jaeger{}).
-		Watches(&source.Kind{Type: &v1.Jaeger{}}, &handler.InstrumentedEnqueueRequestForObject{}).
+		Watches(
+			&v1.Jaeger{},
+			&handler.InstrumentedEnqueueRequestForObject{},
+		).
 		Complete(r)
 	return err
 }
--- a/controllers/jaegertracing/jaeger_controller_test.go
+++ b/controllers/jaegertracing/jaeger_controller_test.go
@ -4,7 +4,6 @@ import (
 	"context"
 	"testing"

-	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"k8s.io/apimachinery/pkg/types"
 	k8sconfig "sigs.k8s.io/controller-runtime/pkg/client/config"
@ -52,5 +51,5 @@ func TestRegisterWithManager(t *testing.T) {
 	err = reconciler.SetupWithManager(mgr)

 	// verify
-	assert.NoError(t, err)
+	require.NoError(t, err)
 }
--- a/controllers/jaegertracing/suite_test.go
+++ b/controllers/jaegertracing/suite_test.go
@ -15,9 +15,11 @@ import (
 	// +kubebuilder:scaffold:imports
 )

-var k8sClient client.Client
-var testEnv *envtest.Environment
-var testScheme *runtime.Scheme = scheme.Scheme
+var (
+	k8sClient  client.Client
+	testEnv    *envtest.Environment
+	testScheme *runtime.Scheme = scheme.Scheme
+)

 func TestMain(m *testing.M) {
 	testEnv = &envtest.Environment{
--- a/docs/api.md
+++ b/docs/api.md
--- a/examples/agent-with-priority-class.yaml
+++ b/examples/agent-with-priority-class.yaml
@ -1,4 +1,4 @@
-apiVersion: scheduling.k8s.io/v1 
+apiVersion: scheduling.k8s.io/v1
 kind: PriorityClass
 metadata:
  name: high-priority # priorityClassName here
@ -13,4 +13,4 @@ metadata:
 spec:
  agent:
    strategy: DaemonSet
-    PriorityClassName: high-priority # priorityClassName here
+    priorityClassName: high-priority # priorityClassName here
--- a/examples/all-in-one-with-metrics-query.yaml
+++ b/examples/all-in-one-with-metrics-query.yaml
@ -0,0 +1,20 @@
+apiVersion: jaegertracing.io/v1
+kind: "Jaeger"
+metadata:
+  name: "my-jaeger"
+spec:
+  strategy: allInOne
+  allInOne:
+    image: jaegertracing/all-in-one:1.31
+    options:
+      log-level: debug
+      query:
+        base-path: /jaeger
+      prometheus:
+        server-url: "http://prometheus:9090"
+    metricsStorage:
+      type: prometheus
+  storage:
+    options:
+      memory:
+        max-traces: 100000
--- a/examples/all-in-one-with-options.yaml
+++ b/examples/all-in-one-with-options.yaml
@ -5,7 +5,7 @@ metadata:
 spec:
  strategy: allInOne
  allInOne:
-    image: jaegertracing/all-in-one:1.13
+    image: jaegertracing/all-in-one:1.65.0
    options:
      log-level: debug
      query:
--- a/examples/all-in-one-with-priority-class.yaml
+++ b/examples/all-in-one-with-priority-class.yaml
@ -0,0 +1,17 @@
+apiVersion: scheduling.k8s.io/v1
+kind: PriorityClass
+metadata:
+  name: high-priority # priorityClassName here
+value: 1000000
+globalDefault: false
+description: "This priority class should be used for XYZ service pods only."
+---
+apiVersion: jaegertracing.io/v1
+kind: "Jaeger"
+metadata:
+  name: "my-jaeger"
+spec:
+  strategy: allInOne
+  allInOne:
+    image: jaegertracing/all-in-one:1.30.0
+    priorityClassName: high-priority # priorityClassName here
--- a/examples/collector-with-priority-class.yaml
+++ b/examples/collector-with-priority-class.yaml
@ -1,4 +1,4 @@
-apiVersion: scheduling.k8s.io/v1 
+apiVersion: scheduling.k8s.io/v1
 kind: PriorityClass
 metadata:
  name: collector-high-priority
@ -12,4 +12,4 @@ metadata:
  name: collector-with-high-priority
 spec:
  collector:
-    priorityClassName: collector-high-priority
+    priorityClassName: collector-high-priority
--- a/examples/ingress-with-host-pathType.yaml
+++ b/examples/ingress-with-host-pathType.yaml
@ -0,0 +1,13 @@
+apiVersion: jaegertracing.io/v1
+kind: Jaeger
+metadata:
+  name: ingress-with-hosts
+spec:
+  query:
+    options:
+      base-path: "/"
+  ingress:
+    enabled: true
+    pathType: Prefix
+    hosts:
+      - mesh-jaeger.xxx.com #your domain name.
--- a/examples/openshift/hostport-scc-daemonset.yaml
+++ b/examples/openshift/hostport-scc-daemonset.yaml
@ -9,3 +9,9 @@ runAsUser:
 seLinuxContext:
  type: RunAsAny
 allowHostPorts: true
+allowHostDirVolumePlugin: false
+allowHostIPC: false
+allowHostNetwork: false
+allowHostPID: false
+allowPrivilegedContainer: false
+readOnlyRootFilesystem: false
--- a/examples/operator-with-tracing.yaml
+++ b/examples/operator-with-tracing.yaml
@ -17,7 +17,7 @@ spec:
      serviceAccountName: jaeger-operator
      containers:
      - name: jaeger-operator
-        image: jaegertracing/jaeger-operator:1.20.0
+        image: jaegertracing/jaeger-operator:1.65.0
        ports:
        - containerPort: 8383
          name: http-metrics
@ -41,7 +41,7 @@ spec:
        - name: OPERATOR_NAME
          value: "jaeger-operator"
      - name: jaeger-agent
-        image: jaegertracing/jaeger-agent:1.20
+        image: jaegertracing/jaeger-agent:1.62.0
        env:
        - name: POD_NAMESPACE
          valueFrom:
--- a/examples/statefulset-manual-sidecar.yaml
+++ b/examples/statefulset-manual-sidecar.yaml
@ -23,7 +23,7 @@ spec:
            - containerPort: 8080
              protocol: TCP
        - name: jaeger-agent
-          image: jaegertracing/jaeger-agent:1.17.0  # The agent version should match the operator version
+          image: jaegertracing/jaeger-agent:1.62.0
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 5775
--- a/examples/tracegen.yaml
+++ b/examples/tracegen.yaml
@ -1,7 +1,7 @@
 # this is a deployment for the tracegen utility that is delivered with Jaeger
 # use with care, as it generates quite some load in the current setting
 # this deployment was especially designed to test the autoscaling capabilities
-# and requires an instance named 'simple-prod'. 
+# and requires an instance named 'simple-prod'.
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@ -20,20 +20,10 @@ spec:
    spec:
      containers:
      - name: tracegen
-        image: jaegertracing/jaeger-tracegen:1.17
+        image: jaegertracing/jaeger-tracegen:1.65.0
        args:
        - -duration=30m
        - -workers=10
-      - name: jaeger-agent
-        image: jaegertracing/jaeger-agent:1.17
-        args:
-        - --reporter.grpc.host-port=dns:///simple-prod-collector-headless.default:14250
-        env:
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.name
        ports:
        - containerPort: 6831
          name: jg-compact-trft
--- a/go.mod
+++ b/go.mod
@ -1,36 +1,116 @@
 module github.com/jaegertracing/jaeger-operator

-go 1.16
+go 1.22.0

 require (
 	github.com/Masterminds/semver v1.5.0
-	github.com/googleapis/gnostic v0.5.5
+	github.com/go-logr/logr v1.4.2
+	github.com/google/gnostic-models v0.6.9
+	github.com/google/go-cmp v0.7.0
 	github.com/mitchellh/go-homedir v1.1.0
-	github.com/openshift/api v0.0.0-20210713130143-be21c6cb1bea
-	github.com/openshift/elasticsearch-operator v0.0.0-20210921091239-caf25067d56d
-	github.com/opentracing/opentracing-go v1.1.0
-	github.com/operator-framework/operator-lib v0.9.0
-	github.com/pkg/errors v0.9.1
-	github.com/prometheus/client_golang v1.11.0
-	github.com/sirupsen/logrus v1.8.1
-	github.com/spf13/cobra v1.3.0
-	github.com/spf13/pflag v1.0.5
-	github.com/spf13/viper v1.10.0
-	github.com/stretchr/testify v1.7.0
-	github.com/uber/jaeger-client-go v2.20.1+incompatible
-	go.opentelemetry.io/otel v0.20.0
-	go.opentelemetry.io/otel/exporters/metric/prometheus v0.20.0
-	go.opentelemetry.io/otel/exporters/trace/jaeger v0.20.0
-	go.opentelemetry.io/otel/metric v0.20.0
-	go.opentelemetry.io/otel/oteltest v0.20.0
-	go.opentelemetry.io/otel/sdk v0.20.0
-	go.opentelemetry.io/otel/sdk/export/metric v0.20.0
-	go.opentelemetry.io/otel/sdk/metric v0.20.0
-	go.opentelemetry.io/otel/trace v0.20.0
-	k8s.io/api v0.21.3
-	k8s.io/apimachinery v0.21.3
-	k8s.io/client-go v12.0.0+incompatible
-	sigs.k8s.io/controller-runtime v0.9.6
+	github.com/openshift/api v0.0.0-20231206170337-f356bd9e2ff6
+	github.com/openshift/elasticsearch-operator v0.0.0-20231013125000-a5c132efd4e0
+	github.com/openshift/library-go v0.0.0-20231130204458-653f82d961a1
+	github.com/opentracing/opentracing-go v1.2.0
+	github.com/operator-framework/operator-lib v0.13.0
+	github.com/sirupsen/logrus v1.9.3
+	github.com/spf13/cobra v1.9.1
+	github.com/spf13/pflag v1.0.6
+	github.com/spf13/viper v1.19.0
+	github.com/stretchr/testify v1.10.0
+	github.com/uber/jaeger-client-go v2.30.0+incompatible
+	go.opentelemetry.io/otel v1.35.0
+	go.opentelemetry.io/otel/exporters/jaeger v1.17.0
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0
+	go.opentelemetry.io/otel/exporters/prometheus v0.57.0
+	go.opentelemetry.io/otel/metric v1.35.0
+	go.opentelemetry.io/otel/sdk v1.35.0
+	go.opentelemetry.io/otel/sdk/metric v1.35.0
+	go.opentelemetry.io/otel/trace v1.35.0
+	go.uber.org/zap v1.27.0
+	gomodules.xyz/jsonpatch/v2 v2.4.0
+	google.golang.org/grpc v1.71.0
+	k8s.io/api v0.29.3
+	k8s.io/apimachinery v0.29.3
+	k8s.io/client-go v0.29.3
+	k8s.io/component-base v0.29.3
+	sigs.k8s.io/controller-runtime v0.17.3
 )

-replace k8s.io/client-go => k8s.io/client-go v0.21.2 // Required by prometheus-operator
+require (
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/codahale/hdrhistogram v0.0.0-00010101000000-000000000000 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/emicklei/go-restful/v3 v3.11.2 // indirect
+	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
+	github.com/evanphx/json-patch/v5 v5.8.0 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/go-logr/zapr v1.3.0 // indirect
+	github.com/go-openapi/jsonpointer v0.20.2 // indirect
+	github.com/go-openapi/jsonreference v0.20.4 // indirect
+	github.com/go-openapi/swag v0.22.9 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.1 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/imdario/mergo v0.3.16 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/klauspost/compress v1.17.9 // indirect
+	github.com/magiconair/properties v1.8.7 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/prometheus/client_golang v1.20.5 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/common v0.62.0 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
+	github.com/sagikazarmark/locafero v0.4.0 // indirect
+	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
+	github.com/sourcegraph/conc v0.3.0 // indirect
+	github.com/spf13/afero v1.11.0 // indirect
+	github.com/spf13/cast v1.6.0 // indirect
+	github.com/subosito/gotenv v1.6.0 // indirect
+	github.com/uber/jaeger-lib v2.2.0+incompatible // indirect
+	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.5.0 // indirect
+	go.uber.org/atomic v1.10.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	golang.org/x/exp v0.0.0-20240213143201-ec583247a57a // indirect
+	golang.org/x/net v0.35.0 // indirect
+	golang.org/x/oauth2 v0.26.0 // indirect
+	golang.org/x/sys v0.30.0 // indirect
+	golang.org/x/term v0.29.0 // indirect
+	golang.org/x/text v0.22.0 // indirect
+	golang.org/x/time v0.5.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20250218202821-56aae31c358a // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250218202821-56aae31c358a // indirect
+	google.golang.org/protobuf v1.36.5 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/apiextensions-apiserver v0.29.2 // indirect
+	k8s.io/klog/v2 v2.120.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20240221221325-2ac9dc51f3f1 // indirect
+	k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+	sigs.k8s.io/yaml v1.4.0 // indirect
+)
+
+replace github.com/codahale/hdrhistogram => github.com/HdrHistogram/hdrhistogram-go v1.1.2
--- a/go.sum
+++ b/go.sum
--- a/hack/common.sh
+++ b/hack/common.sh
@ -0,0 +1,12 @@
+#!/bin/bash
+
+# Folders
+export TEST_DIR=$ROOT_DIR/tests
+export TEMPLATES_DIR=$TEST_DIR/templates
+export EXAMPLES_DIR=$ROOT_DIR/examples
+
+# Tools
+export GOMPLATE=$ROOT_DIR/bin/gomplate
+export YQ=$ROOT_DIR/bin/yq
+export KUTTL=$ROOT_DIR/bin/kubectl-kuttl
+export KUSTOMIZE=$ROOT_DIR/bin/kustomize
--- a/hack/enable-operator-features.sh
+++ b/hack/enable-operator-features.sh
@ -0,0 +1,19 @@
+#!/bin/bash
+
+export ROOT_DIR=$(realpath $(dirname ${BASH_SOURCE[0]})/../)
+$ROOT_DIR/hack/install/install-yq.sh > /dev/null
+source $ROOT_DIR/hack/common.sh
+
+set -e
+
+if [ ! -z "$JAEGER_OPERATOR_VERBOSITY"  ]; then
+    $YQ -i e \
+    '.spec.template.spec.containers[0].env += {"name": "LOG-LEVEL", "value": "DEBUG"}' \
+    $ROOT_DIR/config/manager/manager.yaml
+fi
+
+if [ "$JAEGER_OPERATOR_KAFKA_MINIMAL" = true  ]; then
+    $YQ -i e \
+        '.spec.template.spec.containers[0].env += {"name": "KAFKA-PROVISIONING-MINIMAL", "value": "true"} ' \
+        $ROOT_DIR/config/manager/manager.yaml
+fi
--- a/Show More
+++ b/Show More