From 1f120d59c896a62ecba5df136ad22c24c1cd52bb Mon Sep 17 00:00:00 2001
From: Dom Del Nano <ddelnano@gmail.com>
Date: Tue, 10 Dec 2024 01:57:56 +0000
Subject: [PATCH 1/3] Add Job to ensure OLM operator ns finalizers complete

Signed-off-by: Dom Del Nano <ddelnano@gmail.com>
---
 k8s/operator/helm/templates/00_olm.yaml | 51 +++++++++++++++++++++++++
 1 file changed, 51 insertions(+)

diff --git a/k8s/operator/helm/templates/00_olm.yaml b/k8s/operator/helm/templates/00_olm.yaml
index 186c9ace866..b3d16544fda 100644
--- a/k8s/operator/helm/templates/00_olm.yaml
+++ b/k8s/operator/helm/templates/00_olm.yaml
@@ -229,3 +229,54 @@ spec:
   targetNamespaces:
     - {{ .Values.olmNamespace }}
 {{- end}}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: csv-deleter
+  namespace: {{ .Values.olmNamespace }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-delete-policy": hook-succeeded,hook-failed
+spec:
+  template:
+    spec:
+      restartPolicy: Never
+      serviceAccountName: olm-operator-serviceaccount
+      containers:
+        - name: trigger-csv-finalizer
+          image: curlimages/curl:latest
+          command:
+            - /bin/sh
+            - -c
+            - |
+              NAMESPACE="{{ .Values.olmOperatorNamespace }}"
+              API_SERVER="https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT"
+              CA_CERT=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+              TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
+
+              DELETE_STATUS=$(curl --cacert $CA_CERT \
+                                    -H "Authorization: Bearer $TOKEN" \
+                                    -X DELETE -s \
+                                    -o /dev/null -w "%{http_code}" \
+                                    $API_SERVER/api/v1/namespaces/$NAMESPACE)
+
+              if [ "$DELETE_STATUS" -ne 200 ] && [ "$DELETE_STATUS" -ne 202 ]; then
+                echo "Failed to initiate deletion for namespace $NAMESPACE. HTTP status code: $DELETE_STATUS"
+                exit 1
+              fi
+
+              echo "Waiting for finalizer in $NAMESPACE to complete..."
+              while true; do
+                STATUS=$(curl --cacert $CA_CERT \
+                              -H "Authorization: Bearer $TOKEN" \
+                              -o /dev/null -w "%{http_code}" -s \
+                              $API_SERVER/api/v1/namespaces/$NAMESPACE)
+                if [ "$STATUS" = "404" ]; then
+                  echo "Namespace $NAMESPACE finalizer completed."
+                  break
+                else
+                  echo "Finalizer still running in $NAMESPACE. Retrying in 5 seconds..."
+                  sleep 5
+                fi
+              done

From 6334dae0633ba16d450a99dc39a5bd81a895608a Mon Sep 17 00:00:00 2001
From: Dom Del Nano <ddelnano@gmail.com>
Date: Wed, 11 Dec 2024 03:45:33 +0000
Subject: [PATCH 2/3] Pin the curl image's sha and ensure Job is only deployed
 if OLM is

Signed-off-by: Dom Del Nano <ddelnano@gmail.com>
---
 k8s/operator/helm/templates/00_olm.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/k8s/operator/helm/templates/00_olm.yaml b/k8s/operator/helm/templates/00_olm.yaml
index b3d16544fda..9751665e1a6 100644
--- a/k8s/operator/helm/templates/00_olm.yaml
+++ b/k8s/operator/helm/templates/00_olm.yaml
@@ -228,7 +228,6 @@ metadata:
 spec:
   targetNamespaces:
     - {{ .Values.olmNamespace }}
-{{- end}}
 ---
 apiVersion: batch/v1
 kind: Job
@@ -245,7 +244,7 @@ spec:
       serviceAccountName: olm-operator-serviceaccount
       containers:
         - name: trigger-csv-finalizer
-          image: curlimages/curl:latest
+          image: curlimages/curl@sha256:83a505ba2ba62f208ed6e410c268b7b9aa48f0f7b403c8108b9773b44199dbba  # v8.11.0
           command:
             - /bin/sh
             - -c
@@ -280,3 +279,4 @@ spec:
                   sleep 5
                 fi
               done
+{{- end}}

From 164589d2ac3f2025e4239b37772d476dcf02dbf8 Mon Sep 17 00:00:00 2001
From: Dom Del Nano <ddelnano@gmail.com>
Date: Mon, 16 Dec 2024 18:35:09 +0000
Subject: [PATCH 3/3] Use correct curl image

Signed-off-by: Dom Del Nano <ddelnano@gmail.com>
---
 k8s/operator/helm/templates/00_olm.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/k8s/operator/helm/templates/00_olm.yaml b/k8s/operator/helm/templates/00_olm.yaml
index 9751665e1a6..de9c5e30478 100644
--- a/k8s/operator/helm/templates/00_olm.yaml
+++ b/k8s/operator/helm/templates/00_olm.yaml
@@ -244,7 +244,7 @@ spec:
       serviceAccountName: olm-operator-serviceaccount
       containers:
         - name: trigger-csv-finalizer
-          image: curlimages/curl@sha256:83a505ba2ba62f208ed6e410c268b7b9aa48f0f7b403c8108b9773b44199dbba  # v8.11.0
+          image: ghcr.io/pixie-io/pixie-oss-pixie-dev-public-curl:multiarch-7.87.0@sha256:f7f265d5c64eb4463a43a99b6bf773f9e61a50aaa7cefaf564f43e42549a01dd
           command:
             - /bin/sh
             - -c