feat: Add custom CatalogSource support and per-operator catalog overr…

[akrzos]

…ides

Allow custom CatalogSource resources to be applied post-install and enable each operator to use a different catalog source via override variables. This supports installing operators from custom or third-party operator indexes alongside or instead of the default redhat-operators.

Summary by CodeRabbit

• New Features

  • Support for applying custom Operator CatalogSources during post-install
  • Per-operator catalog source overrides (ODF, GitOps, Local Storage, AAP, PAO)

• Behavior

  • Catalog selection precedence: per-operator override → bastion-registry-generated catalog → default

• Documentation

  • New guide with examples for defining, mapping, and applying custom CatalogSources during post-install

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 6a0c2577-d012-40b9-999e-22db6700f77e

📥 Commits

Reviewing files that changed from the base of the PR and between 5490cbf and 5e037e6.

📒 Files selected for processing (17)

• README.md
• ansible/roles/mno-post-cluster-install/defaults/main/main.yml
• ansible/roles/mno-post-cluster-install/defaults/main/odf.yml
• ansible/roles/mno-post-cluster-install/tasks/main.yml
• ansible/roles/mno-post-cluster-install/templates/ansible-automation-platform-operator.yml.j2
• ansible/roles/mno-post-cluster-install/templates/catalogsource.yml.j2
• ansible/roles/mno-post-cluster-install/templates/localstorage.yml.j2
• ansible/roles/mno-post-cluster-install/templates/odf.yml.j2
• ansible/roles/mno-post-cluster-install/templates/openshift-gitops-operator.yml.j2
• ansible/roles/mno-post-cluster-install/templates/performance-addon-operator.yml.j2
• ansible/roles/sno-post-cluster-install/defaults/main/main.yml
• ansible/roles/sno-post-cluster-install/tasks/main.yml
• ansible/roles/sno-post-cluster-install/templates/catalogsource.yml.j2
• ansible/roles/sno-post-cluster-install/templates/localstorage.yml.j2
• ansible/roles/sno-post-cluster-install/templates/openshift-gitops-operator.yml.j2
• ansible/roles/sno-post-cluster-install/templates/performance-addon-operator.yml.j2
• docs/custom-catalogsources.md

✅ Files skipped from review due to trivial changes (4)

• ansible/roles/mno-post-cluster-install/templates/performance-addon-operator.yml.j2
• README.md
• docs/custom-catalogsources.md
• ansible/roles/sno-post-cluster-install/defaults/main/main.yml

🚧 Files skipped from review as they are similar to previous changes (13)

• ansible/roles/mno-post-cluster-install/templates/catalogsource.yml.j2
• ansible/roles/mno-post-cluster-install/defaults/main/odf.yml
• ansible/roles/mno-post-cluster-install/templates/localstorage.yml.j2
• ansible/roles/sno-post-cluster-install/templates/performance-addon-operator.yml.j2
• ansible/roles/sno-post-cluster-install/tasks/main.yml
• ansible/roles/sno-post-cluster-install/templates/catalogsource.yml.j2
• ansible/roles/mno-post-cluster-install/templates/odf.yml.j2
• ansible/roles/sno-post-cluster-install/templates/localstorage.yml.j2
• ansible/roles/mno-post-cluster-install/defaults/main/main.yml
• ansible/roles/mno-post-cluster-install/templates/openshift-gitops-operator.yml.j2
• ansible/roles/mno-post-cluster-install/tasks/main.yml
• ansible/roles/sno-post-cluster-install/templates/openshift-gitops-operator.yml.j2
• ansible/roles/mno-post-cluster-install/templates/ansible-automation-platform-operator.yml.j2

---

📝 Walkthrough

Walkthrough

Adds per-operator catalogsource defaults, templates to render optional custom OpenShift CatalogSource manifests, task wiring to create/apply them when provided, Subscription template conditionals using operator-specific catalogsource variables, and new documentation with a README link.

Changes

Custom CatalogSources Feature

Layer / File(s)	Summary
Configuration Variables and Defaults ansible/roles/mno-post-cluster-install/defaults/main/main.yml, ansible/roles/mno-post-cluster-install/defaults/main/odf.yml, ansible/roles/sno-post-cluster-install/defaults/main/main.yml	New Ansible variables added: per-operator catalog source variables (aap_catalogsource, gitops_catalogsource, lso_catalogsource, odf_catalogsource, pao_catalogsource) default to redhat-operators, and custom_catalogsources list defaults to an empty array.
Task Orchestration and Directory Setup ansible/roles/mno-post-cluster-install/tasks/main.yml, ansible/roles/sno-post-cluster-install/tasks/main.yml	Both roles now create catalogsources/ configuration directories, render catalogsource.yml.j2 into catalogsources/catalogsource.yml, and conditionally oc apply the generated manifest when custom_catalogsources is non-empty.
CatalogSource Manifest Templates ansible/roles/mno-post-cluster-install/templates/catalogsource.yml.j2, ansible/roles/sno-post-cluster-install/templates/catalogsource.yml.j2	New Jinja2 templates iterate over custom_catalogsources and render one OpenShift CatalogSource resource per entry with openshift-marketplace namespace, grpc sourceType, and defaulted displayName/publisher.
Operator Subscription Catalog Source Logic ansible/roles/mno-post-cluster-install/templates/{ansible-automation-platform-operator,localstorage,odf,openshift-gitops-operator,performance-addon-operator}.yml.j2, ansible/roles/sno-post-cluster-install/templates/{localstorage,openshift-gitops-operator,performance-addon-operator}.yml.j2	Subscription templates now conditionally select the generated operator index only when use_bastion_registry is true AND the operator-specific catalogsource equals redhat-operators; otherwise they use the operator-specific catalogsource variable (no hardcoded redhat-operators).
User Documentation README.md, docs/custom-catalogsources.md	Adds docs/custom-catalogsources.md explaining custom_catalogsources, per-operator override variables and precedence (per-operator override > bastion registry generated index > redhat-operators), plus examples; README linked to the new doc.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I hopped through templates, vars, and tasks,
Placed catalogs where marketplace basks,
Per-operator maps and rendered YAML delight,
Subscriptions pick sources just right,
A little rabbit celebrates this config flight.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main feature: adding custom CatalogSource support and per-operator catalog override capability, which aligns with all the substantive changes across templates, defaults, and documentation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[akrzos]

/test ?

[akrzos]

/test deploy-mno

[akrzos]

/test deploy-sno

[mcornea]

/lgtm

[akrzos]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.

[akrzos]

/test deploy-mno

[mcornea]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

docs/custom-catalogsources.md (1)

132-148: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Close the YAML code block to avoid broken Markdown rendering.

The second example block appears to be missing a closing triple-backtick fence after Line 147, which can break formatting for the rest of the page. Add a closing ``` on Line 148.

As per coding guidelines, "docs/**: Documentation files. Check for: ... Consistent formatting with existing documentation."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/custom-catalogsources.md` around lines 132 - 148, The YAML example block
under custom_catalogsources (showing entries like odf-staging and gitops-nightly
and the odf_catalogsource/gitops_catalogsource settings) is missing its closing
triple-backtick fence which breaks Markdown rendering; fix by adding a closing
``` after the YAML example so the fenced code block is properly terminated and
the rest of docs render correctly.

🧹 Nitpick comments (2)

ansible/roles/sno-post-cluster-install/tasks/main.yml (1)

119-122: ⚡ Quick win

Consider using kubernetes.core.k8s module instead of shell for applying CatalogSources.

The kubernetes.core collection is not currently available in this project's dependencies. To use the native k8s module, add kubernetes.core to a requirements.yml or declare it as a collection dependency. This refactor is worth considering as part of broader work to replace shell: oc apply patterns throughout the role with native Ansible modules, but it requires upfront dependency management setup.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ansible/roles/sno-post-cluster-install/tasks/main.yml` around lines 119 -
122, Replace the shell task named "Apply custom CatalogSources" that runs
"KUBECONFIG=... oc apply -f .../catalogsource.yml" with the kubernetes.core.k8s
module: add the kubernetes.core collection to project dependencies
(requirements.yml or collections in meta/main.yml), then use the k8s module
pointing at the kubeconfig (kubeconfig: "{{ bastion_cluster_config_dir }}/{{
groups['sno'][0] }}/kubeconfig") and load the manifest file (definition:
lookup('file', '{{ bastion_cluster_config_dir }}/{{ groups['sno'][0]
}}/catalogsources/catalogsource.yml') or use src parameter) with state: present;
keep the existing when: custom_catalogsources | length > 0. Ensure the task
references the same variables (bastion_cluster_config_dir, groups['sno'][0],
custom_catalogsources) and remove the shell/oc use.

ansible/roles/mno-post-cluster-install/tasks/main.yml (1)

141-144: ⚡ Quick win

Add kubernetes.core collection dependency before refactoring to kubernetes.core.k8s module.

Using kubernetes.core.k8s improves idempotency and error handling over shell, but the collection is not currently declared in the project. First add kubernetes.core to a requirements.yml file (or equivalent collection requirements), then migrate this task and the other 25+ similar shell/oc tasks in the role.

♻️ Suggested change (requires collection prerequisite)

 - name: Apply custom CatalogSources
-  shell: |
-    KUBECONFIG={{ bastion_cluster_config_dir }}/kubeconfig oc apply -f {{ bastion_cluster_config_dir }}/catalogsources/catalogsource.yml
+  kubernetes.core.k8s:
+    kubeconfig: "{{ bastion_cluster_config_dir }}/kubeconfig"
+    state: present
+    src: "{{ bastion_cluster_config_dir }}/catalogsources/catalogsource.yml"
   when: custom_catalogsources | length > 0

Note: This pattern affects many tasks throughout the role (oc apply, oc create, oc patch, oc label, etc.). Consider a broader refactoring strategy once the collection dependency is in place.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ansible/roles/mno-post-cluster-install/tasks/main.yml` around lines 141 -
144, Add the kubernetes.core collection to the project's collection requirements
(e.g., add "kubernetes.core" to requirements.yml) before refactoring shell-based
oc calls; then replace the "Apply custom CatalogSources" shell task (the task
named "Apply custom CatalogSources" that runs "KUBECONFIG={{
bastion_cluster_config_dir }}/kubeconfig oc apply -f {{
bastion_cluster_config_dir }}/catalogsources/catalogsource.yml") with the
kubernetes.core.k8s module using the kubeconfig parameter and the appropriate
definition/file argument to ensure idempotency and error handling, and apply the
same migration pattern to the other ~25 shell/oc tasks (oc
apply/create/patch/label) in the role.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@ansible/roles/sno-post-cluster-install/templates/performance-addon-operator.yml.j2`:
- Around line 23-27: In performance-addon-operator.yml.j2, when the conditional
branch checks use_bastion_registry and pao_catalogsource == 'redhat-operators',
replace the reference to operator_index_name with
generated_operator_index_name_tag so the spec.source uses the same bastion
registry tag variable as other operator templates; keep the conditional logic
(use_bastion_registry and pao_catalogsource) unchanged and only swap the
variable name to generated_operator_index_name_tag.

---

Outside diff comments:
In `@docs/custom-catalogsources.md`:
- Around line 132-148: The YAML example block under custom_catalogsources
(showing entries like odf-staging and gitops-nightly and the
odf_catalogsource/gitops_catalogsource settings) is missing its closing
triple-backtick fence which breaks Markdown rendering; fix by adding a closing
``` after the YAML example so the fenced code block is properly terminated and
the rest of docs render correctly.

---

Nitpick comments:
In `@ansible/roles/mno-post-cluster-install/tasks/main.yml`:
- Around line 141-144: Add the kubernetes.core collection to the project's
collection requirements (e.g., add "kubernetes.core" to requirements.yml) before
refactoring shell-based oc calls; then replace the "Apply custom CatalogSources"
shell task (the task named "Apply custom CatalogSources" that runs
"KUBECONFIG={{ bastion_cluster_config_dir }}/kubeconfig oc apply -f {{
bastion_cluster_config_dir }}/catalogsources/catalogsource.yml") with the
kubernetes.core.k8s module using the kubeconfig parameter and the appropriate
definition/file argument to ensure idempotency and error handling, and apply the
same migration pattern to the other ~25 shell/oc tasks (oc
apply/create/patch/label) in the role.

In `@ansible/roles/sno-post-cluster-install/tasks/main.yml`:
- Around line 119-122: Replace the shell task named "Apply custom
CatalogSources" that runs "KUBECONFIG=... oc apply -f .../catalogsource.yml"
with the kubernetes.core.k8s module: add the kubernetes.core collection to
project dependencies (requirements.yml or collections in meta/main.yml), then
use the k8s module pointing at the kubeconfig (kubeconfig: "{{
bastion_cluster_config_dir }}/{{ groups['sno'][0] }}/kubeconfig") and load the
manifest file (definition: lookup('file', '{{ bastion_cluster_config_dir }}/{{
groups['sno'][0] }}/catalogsources/catalogsource.yml') or use src parameter)
with state: present; keep the existing when: custom_catalogsources | length > 0.
Ensure the task references the same variables (bastion_cluster_config_dir,
groups['sno'][0], custom_catalogsources) and remove the shell/oc use.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: eb656161-38ea-454e-b684-38f34e6c84e8

📥 Commits

Reviewing files that changed from the base of the PR and between 41cc2ed and 5490cbf.

📒 Files selected for processing (17)

• README.md
• ansible/roles/mno-post-cluster-install/defaults/main/main.yml
• ansible/roles/mno-post-cluster-install/defaults/main/odf.yml
• ansible/roles/mno-post-cluster-install/tasks/main.yml
• ansible/roles/mno-post-cluster-install/templates/ansible-automation-platform-operator.yml.j2
• ansible/roles/mno-post-cluster-install/templates/catalogsource.yml.j2
• ansible/roles/mno-post-cluster-install/templates/localstorage.yml.j2
• ansible/roles/mno-post-cluster-install/templates/odf.yml.j2
• ansible/roles/mno-post-cluster-install/templates/openshift-gitops-operator.yml.j2
• ansible/roles/mno-post-cluster-install/templates/performance-addon-operator.yml.j2
• ansible/roles/sno-post-cluster-install/defaults/main/main.yml
• ansible/roles/sno-post-cluster-install/tasks/main.yml
• ansible/roles/sno-post-cluster-install/templates/catalogsource.yml.j2
• ansible/roles/sno-post-cluster-install/templates/localstorage.yml.j2
• ansible/roles/sno-post-cluster-install/templates/openshift-gitops-operator.yml.j2
• ansible/roles/sno-post-cluster-install/templates/performance-addon-operator.yml.j2
• docs/custom-catalogsources.md

[mcornea]

/lgtm

[mcornea]

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mcornea

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [mcornea]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment