openstack-lightspeed · openshift-merge-bot · Nov 18, 2025 · Nov 5, 2025 · Nov 14, 2025 · Nov 12, 2025
diff --git a/Makefile b/Makefile
@@ -146,7 +146,7 @@ build: manifests generate fmt vet ## Build manager binary.
 
 .PHONY: run
 run: manifests generate fmt vet ## Run a controller from your host.
-	go run ./cmd/main.go
+	source ./scripts/env.sh && go run ./cmd/main.go
 
 # If you wish to build the manager image targeting other platforms you can use the --platform flag.
 # (i.e. docker build --platform linux/arm64). However, you must enable docker buildKit for it.
@@ -217,18 +217,18 @@ undeploy: kustomize ## Undeploy controller from the K8s cluster specified in ~/.
 	$(KUSTOMIZE) build config/default | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f -
 
 # Deploy using the catalog image.
-.PHONY: catalog-deploy
-catalog-deploy: export OUTPUT_DIR = out
-catalog-deploy: ## Deploy using a catalog image.
+.PHONY: openstack-lightspeed-deploy
+openstack-lightspeed-deploy: export OUTPUT_DIR = out
+openstack-lightspeed-deploy: ## Deploy using a catalog image.
 	bash scripts/gen-catalog.sh $(CATALOG_IMG) $(CATALOG_NAME)
 	oc apply -f $(OUTPUT_DIR)/catalog
 	bash scripts/gen-rhosls.sh $(CATALOG_NAME) $(CATALOG_CHANNEL)
 	oc apply -f $(OUTPUT_DIR)/rhosls
 
 # Deploy using the catalog image.
-.PHONY: catalog-undeploy
-catalog-undeploy: export OUTPUT_DIR = out
-catalog-undeploy: ## Undeploy using a catalog image.
+.PHONY: openstack-lightspeed-undeploy
+openstack-lightspeed-undeploy: export OUTPUT_DIR = out
+openstack-lightspeed-undeploy: ## Undeploy using a catalog image.
 	find out/{catalog,rhosls} -name "*.yaml" -printf " -f %p" | xargs oc delete --ignore-not-found=true
 
 CATALOG_NAME ?= openstack-lightspeed-catalog
@@ -250,7 +250,7 @@ GOLANGCI_LINT = $(LOCALBIN)/golangci-lint
 
 ## Tool Versions
 KUSTOMIZE_VERSION ?= v5.4.2
-CONTROLLER_TOOLS_VERSION ?= v0.15.0
+CONTROLLER_TOOLS_VERSION ?= v0.16.5
 ENVTEST_VERSION ?= release-0.18
 GOLANGCI_LINT_VERSION ?= v2.6.0
 

diff --git a/README.md b/README.md
@@ -37,7 +37,7 @@ eval $(crc oc-env)
 cd ../..
 ```
 
-### Deploy OpenShift and OpenStack Lightspeed Operators
+### Deploy OpenStack Lightspeed Operator
 
 Get the operator repository:
 
@@ -46,20 +46,15 @@ git clone https://github.com/openstack-lightspeed/operator.git
 cd operator
 ```
 
-First, deploy OpenShift Lightspeed, then proceed to deploy OpenStack Lightspeed:
+First, deploy OpenStack Lightspeed Operator:
 
 ```bash
-make ols-deploy
-make catalog-deploy
+make openstack-lightspeed-deploy
 ```
 
-Now verify that they are up and running:
+Next, verify that the OpenStack Lightspeed Operator pod is running:
 
 ```bash
-$ oc get -n openshift-lightspeed pods
-NAME                                                      READY   STATUS    RESTARTS   AGE
-lightspeed-operator-controller-manager-7f4698b55c-8w8vn   1/1     Running   0          81s
-
 $ oc get -n openstack-lightspeed pods
 NAME                                                              READY   STATUS    RESTARTS   AGE
 openstack-lightspeed-operator-controller-manager-76df7fbfb5wggr   1/1     Running   0          72s

diff --git a/api/v1beta1/conditions.go b/api/v1beta1/conditions.go
@@ -22,6 +22,10 @@ const (
 	// OpenStackLightspeedReadyCondition Status=True condition which indicates if OpenStackLightspeedReadyCondition
 	// is configured and operational
 	OpenStackLightspeedReadyCondition condition.Type = "OpenStackLightspeedReady"
+
+	// OpenShift Lightspeed Operator Status=True condition which indicates if OpenShift Lightspeed is installed and
+	// operational and it can be used by OpenStack Lihgtspeed operator.
+	OpenShiftLightspeedOperatorReadyCondition condition.Type = "OpenShiftLightspeedOperatorReady"
 )
 
 // Common Messages used by API objects.
@@ -34,4 +38,10 @@ const (
 
 	// OpenStackLightspeedWaitingVectorDBMessage
 	OpenStackLightspeedWaitingVectorDBMessage = "Waiting for OpenStackLightspeed vector DB pod to become ready"
+
+	// OpenShiftLightspeedOperatorWaiting
+	OpenShiftLightspeedOperatorWaiting = "Waiting for the OpenShift Lightspeed operator to deploy."
+
+	// OpenShiftLigthspeedOperatorReady
+	OpenShiftLightspeedOperatorReady = "OpenShift Lightspeed operator is ready."
 )
diff --git a/api/v1beta1/openstacklightspeed_types.go b/api/v1beta1/openstacklightspeed_types.go
@@ -67,6 +67,16 @@ type OpenStackLightspeedCore struct {
 	// +kubebuilder:validation:Optional
 	// MaxTokensForResponse defines the maximum number of tokens to be used for the response generation
 	MaxTokensForResponse int `json:"maxTokensForResponse,omitempty"`
+
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:default="openshift-marketplace"
+	// Namespace where the CatalogSource containing the OLS operator is located
+	CatalogSourceNamespace string `json:"catalogSourceNamespace"`
+
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:default="redhat-operators"
+	// Name of the CatalogSource that contains the OLS Operator
+	CatalogSourceName string `json:"catalogSourceName"`
 }
 
 // OpenStackLightspeedStatus defines the observed state of OpenStackLightspeed

diff --git a/cmd/main.go b/cmd/main.go
@@ -19,6 +19,7 @@ package main
 import (
 	"crypto/tls"
 	"flag"
+	"fmt"
 	"os"
 
 	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
@@ -29,12 +30,15 @@ import (
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/cache"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 	"sigs.k8s.io/controller-runtime/pkg/metrics/filters"
 	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 
+	operatorsv1alpha1 "github.com/operator-framework/api/pkg/operators/v1alpha1"
+
 	apiv1beta1 "github.com/openstack-lightspeed/operator/api/v1beta1"
 	"github.com/openstack-lightspeed/operator/internal/controller"
 	// +kubebuilder:scaffold:imports
@@ -48,6 +52,8 @@ var (
 func init() {
 	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
 
+	utilruntime.Must(operatorsv1alpha1.AddToScheme(scheme))
+
 	utilruntime.Must(apiv1beta1.AddToScheme(scheme))
 	// +kubebuilder:scaffold:scheme
 }
@@ -120,13 +126,23 @@ func main() {
 		metricsServerOptions.FilterProvider = filters.WithAuthenticationAndAuthorization
 	}
 
+	watchNamespace, err := getWatchNamespace()
+	if err != nil {
+		setupLog.Error(err, "unable to get WatchNamespace, "+
+			"the manager will watch and manage resources in all namespaces")
+		os.Exit(1)
+	}
+
 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
 		Scheme:                 scheme,
 		Metrics:                metricsServerOptions,
 		WebhookServer:          webhookServer,
 		HealthProbeBindAddress: probeAddr,
 		LeaderElection:         enableLeaderElection,
 		LeaderElectionID:       "c83b0a4f.lightspeed.openstack.org",
+		Cache: cache.Options{
+			DefaultNamespaces: map[string]cache.Config{watchNamespace: {}},
+		},
 		// LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily
 		// when the Manager ends. This requires the binary to immediately end when the
 		// Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
@@ -171,3 +187,17 @@ func main() {
 		os.Exit(1)
 	}
 }
+
+// getWatchNamespace returns the Namespace the operator should be watching for changes
+func getWatchNamespace() (string, error) {
+	// WatchNamespaceEnvVar is the constant for env variable WATCH_NAMESPACE
+	// which specifies the Namespace to watch.
+	// An empty value means the operator is running with cluster scope.
+	var watchNamespaceEnvVar = "WATCH_NAMESPACE"
+
+	ns, found := os.LookupEnv(watchNamespaceEnvVar)
+	if !found {
+		return "", fmt.Errorf("%s must be set", watchNamespaceEnvVar)
+	}
+	return ns, nil
+}
diff --git a/config/crd/bases/lightspeed.openstack.org_openstacklightspeeds.yaml b/config/crd/bases/lightspeed.openstack.org_openstacklightspeeds.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.15.0
+    controller-gen.kubebuilder.io/version: v0.16.5
   name: openstacklightspeeds.lightspeed.openstack.org
 spec:
   group: lightspeed.openstack.org
@@ -40,6 +40,15 @@ spec:
           spec:
             description: OpenStackLightspeedSpec defines the desired state of OpenStackLightspeed
             properties:
+              catalogSourceName:
+                default: redhat-operators
+                description: Name of the CatalogSource that contains the OLS Operator
+                type: string
+              catalogSourceNamespace:
+                default: openshift-marketplace
+                description: Namespace where the CatalogSource containing the OLS
+                  operator is located
+                type: string
               llmCredentials:
                 description: |-
                   Secret name containing API token for the LLMEndpoint. The key for the field

diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -65,6 +65,13 @@ spec:
           - --health-probe-bind-address=:8081
         image: controller:latest
         name: manager
+        env:
+          - name: "OPENSHIFT_LIGHTSPEED_OPERATOR_VERSION"
+            value: "latest"
+          - name: WATCH_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
         securityContext:
           allowPrivilegeEscalation: false
           capabilities:

diff --git a/config/manifests/bases/openstack-lightspeed-operator.clusterserviceversion.yaml b/config/manifests/bases/openstack-lightspeed-operator.clusterserviceversion.yaml
@@ -4,10 +4,10 @@ metadata:
   annotations:
     alm-examples: '[]'
     capabilities: Basic Install
-    operatorframework.io/suggested-namespace: openstack-lightspeed
+    operatorframework.io/suggested-namespace: openshift-lightspeed
     repository: https://github.com/openstack-lightspeed/operator
   name: openstack-lightspeed-operator.v0.0.0
-  namespace: openstack-lightspeed
+  namespace: openshift-lightspeed
 spec:
   apiservicedefinitions: {}
   customresourcedefinitions: {}

diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
@@ -7,6 +7,7 @@ resources:
 - service_account.yaml
 - role.yaml
 - role_binding.yaml
+- namespace_role_binding.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
 # The following RBAC configurations are used to protect

diff --git a/config/rbac/namespace_role_binding.yaml b/config/rbac/namespace_role_binding.yaml
@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: openstack-lightspeed-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: manager-rolebinding
+  namespace: openstack-lightspeed
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: manager-role
+subjects:
+- kind: ServiceAccount
+  name: controller-manager
+  namespace: system
+
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -93,3 +93,33 @@ rules:
   verbs:
   - get
   - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: manager-role
+  namespace: openstack-lightspeed
+rules:
+- apiGroups:
+  - operators.coreos.com
+  resources:
+  - clusterserviceversions
+  verbs:
+  - create
+  - delete
+  - patch
+  - update
+- apiGroups:
+  - operators.coreos.com
+  resources:
+  - installplans
+  - subscriptions
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch