Provide different OpenShift and non-OpenShift watches yaml files

build/Dockerfile

@@ -10,7 +10,8 @@ USER ${USER_UID}
 
 COPY roles/ ${HOME}/roles/
 COPY playbooks/ ${HOME}/playbooks/
-COPY watches.yaml ${HOME}/watches.yaml
+COPY watches-k8s.yaml ${HOME}/watches-k8s.yaml
+COPY watches-os.yaml ${HOME}/watches-os.yaml
 
 COPY requirements.yml ${HOME}/requirements.yml
 RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \

manifests/kiali-community/1.76.0/manifests/kiali.v1.76.0.clusterserviceversion.yaml

@@ -257,6 +257,7 @@ spec:
                 args:
                 - "--zap-log-level=info"
                 - "--leader-election-id=kiali-operator"
+                - "--watches-file=./watches-os.yaml"
                 securityContext:
                   allowPrivilegeEscalation: false
                   privileged: false

manifests/kiali-ossm/manifests/kiali.clusterserviceversion.yaml

@@ -257,6 +257,7 @@ spec:
                 args:
                 - "--zap-log-level=info"
                 - "--leader-election-id=kiali-operator"
+                - "--watches-file=./watches-os.yaml"
                 securityContext:
                   allowPrivilegeEscalation: false
                   privileged: false

manifests/kiali-upstream/1.76.0/manifests/kiali.v1.76.0.clusterserviceversion.yaml

@@ -37,20 +37,6 @@ metadata:
               "web_root": "/mykiali"
             }
           }
-        },
-        {
-          "apiVersion": "kiali.io/v1alpha1",
-          "kind": "OSSMConsole",
-          "metadata": {
-            "name": "ossmconsole"
-          },
-          "spec": {
-            "kiali": {
-              "serviceName": "",
-              "serviceNamespace": "",
-              "servicePort": 0
-            }
-          }
         }
       ]
 spec:
@@ -87,10 +73,6 @@ spec:
     '/kiali' though you can change this by configuring the 'web_root' setting in
     the Kiali CR.
 
-    If on OpenShift, you can create an OSSMConsole CR to have the operator
-    install the OpenShift ServiceMesh Console plugin to the OpenShift Console
-    thus providing an interface directly integrated with the OpenShift Console.
-
     ## About this Operator
 
     ### Kiali Custom Resource Configuration Settings
@@ -193,35 +175,6 @@ spec:
         path: server.web_root
         x-descriptors:
         - 'urn:alm:descriptor:com.tectonic.ui:label'
-    - name: ossmconsoles.kiali.io
-      group: kiali.io
-      description: A configuration file for a OpenShift Service Mesh Console installation.
-      displayName: OpenShift Service Mesh Console
-      kind: OSSMConsole
-      version: v1alpha1
-      resources:
-      - kind: Deployment
-        version: apps/v1
-      - kind: Pod
-        version: v1
-      - kind: ConfigMap
-        version: v1
-      specDescriptors:
-      - displayName: Kiali Service Name
-        description: "The internal Kiali service that the OS Console will use to proxy API calls. If empty, an attempt will be made to auto-discover it from the Kiali OpenShift Route."
-        path: kiali.serviceName
-        x-descriptors:
-        - 'urn:alm:descriptor:com.tectonic.ui:text'
-      - displayName: Kiali Service Namespace
-        description: "The namespace where the Kiali service is deployed. If empty, an attempt will be made to auto-discover it from the Kiali OpenShift Route. It will assume that the OpenShift Route and the Kiali service are deployed in the same namespace."
-        path: kiali.serviceNamespace
-        x-descriptors:
-        - 'urn:alm:descriptor:com.tectonic.ui:text'
-      - displayName: Kiali Service Port
-        description: "The internal port used by the Kiali service for the API. If empty, an attempt will be made to auto-discover it from the Kiali OpenShift Route."
-        path: kiali.servicePort
-        x-descriptors:
-        - 'urn:alm:descriptor:com.tectonic.ui:text'
   apiservicedefinitions: {}
   install:
     strategy: deployment
@@ -257,6 +210,7 @@ spec:
                 args:
                 - "--zap-log-level=info"
                 - "--leader-election-id=kiali-operator"
+                - "--watches-file=./watches-k8s.yaml"
                 securityContext:
                   allowPrivilegeEscalation: false
                   privileged: false
@@ -284,8 +238,6 @@ spec:
                   value: "false"
                 - name: ALLOW_AD_HOC_KIALI_IMAGE
                   value: "false"
-                - name: ALLOW_AD_HOC_OSSMCONSOLE_IMAGE
-                  value: "false"
                 - name: ALLOW_SECURITY_CONTEXT_OVERRIDE
                   value: "false"
                 - name: ALLOW_ALL_ACCESSIBLE_NAMESPACES
@@ -298,8 +250,6 @@ spec:
                   value: "True"
                 - name: ANSIBLE_VERBOSITY_KIALI_KIALI_IO
                   value: "1"
-                - name: ANSIBLE_VERBOSITY_OSSMCONSOLE_KIALI_IO
-                  value: "1"
                 - name: ANSIBLE_CONFIG
                   value: "/etc/ansible/ansible.cfg"
                 ports:
@@ -495,27 +445,6 @@ spec:
           - patch
           - update
           - watch
-        # The permissions below are for OSSMC operator capabilities
-        - apiGroups: ["console.openshift.io"]
-          resources:
-          - consoleplugins
-          verbs:
-          - create
-          - delete
-          - get
-          - list
-          - patch
-          - update
-          - watch
-        - apiGroups: ["operator.openshift.io"]
-          resources:
-          - consoles
-          verbs:
-          - get
-          - list
-          - patch
-          - update
-          - watch
         # The permissions below are for Kiali itself; operator needs these so it can escalate when creating Kiali's roles
         - apiGroups: [""]
           resources:

watches-k8s.yaml

@@ -0,0 +1,24 @@
+# KUBERNETES/NON-OPENSHIFT WATCHES YAML
+---
+# The normal Kiali CR processing playbook
+- version: v1alpha1
+  group: kiali.io
+  kind: Kiali
+  playbook: playbooks/kiali-deploy.yml
+  reconcilePeriod: "0s"
+  watchDependentResources: False
+  watchClusterScopedResources: False
+  watchAnnotationsChanges: True
+  finalizer:
+    name: kiali.io/finalizer
+    playbook: playbooks/kiali-remove.yml
+# Watching new namespaces so the operator can determine if they should be accessible to Kiali
+- version: v1
+  group: ""
+  kind: Namespace
+  playbook: playbooks/kiali-new-namespace-detected.yml
+  reconcilePeriod: "0s"
+  manageStatus: False
+  watchDependentResources: False
+  watchClusterScopedResources: False
+  watchAnnotationsChanges: False

watches.yaml → watches-os.yaml

@@ -1,3 +1,4 @@
+# OPENSHIFT WATCHES YAML
 ---
 # The normal Kiali CR processing playbook
 - version: v1alpha1