From a266692316618fe4c15ba6600019a1f33a628df8 Mon Sep 17 00:00:00 2001
From: Michael Montgomery <mmontg1@gmail.com>
Date: Thu, 19 Oct 2023 11:39:24 -0500
Subject: [PATCH 1/2] Allow setting additional operator flags.

Signed-off-by: Michael Montgomery <mmontg1@gmail.com>
---
 deploy/eck-operator/templates/configmap.yaml | 11 +++++++++++
 deploy/eck-operator/values.yaml              | 12 ++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/deploy/eck-operator/templates/configmap.yaml b/deploy/eck-operator/templates/configmap.yaml
index 047641192f..3c235eb435 100644
--- a/deploy/eck-operator/templates/configmap.yaml
+++ b/deploy/eck-operator/templates/configmap.yaml
@@ -25,9 +25,13 @@ data:
     ca-cert-rotate-before: {{ .Values.config.caRotateBefore }}
     cert-validity: {{ .Values.config.certificatesValidity }}
     cert-rotate-before: {{ .Values.config.certificatesRotateBefore }}
+    disable-config-watch: {{ .Values.config.disableConfigWatch }}
     {{- with .Values.config.exposedNodeLabels }}
     exposed-node-labels: [{{ join "," .  }}]
     {{- end }}
+    {{- with .Values.config.ipFamily }}
+    ip-family: {{ . }}
+    {{- end }}
     set-default-security-context: {{ .Values.config.setDefaultSecurityContext }}
     kube-client-timeout: {{ .Values.config.kubeClientTimeout }}
     {{- with .Values.config.kubeClientQPS }}
@@ -58,5 +62,12 @@ data:
     {{- with .Values.managedNamespaces }}
     namespaces: [{{ join "," . }}]
     {{- end }}
+    operator-namespace: {{ .Release.Namespace }}
     enable-leader-election: {{ .Values.config.enableLeaderElection }}
     elasticsearch-observation-interval: {{ .Values.config.elasticsearchObservationInterval }}
+    {{- if not .Values.config.containerSuffix }}
+    ubi-only: {{ .Values.config.ubiOnly }}
+    {{- end }}
+    {{- with .Values.webhook.secret }}
+    webhook-secret: {{ . }}
+    {{- end }}
diff --git a/deploy/eck-operator/values.yaml b/deploy/eck-operator/values.yaml
index 8c8118b896..e1048bb0b4 100644
--- a/deploy/eck-operator/values.yaml
+++ b/deploy/eck-operator/values.yaml
@@ -128,6 +128,8 @@ webhook:
   objectSelector: {}
   # port is the port that the validating webhook binds to.
   port: 9443
+  # secret specifies the Kubernetes secret to be mounted into the path designated by the certsDir value to be used for webhook certificates.
+  secret: ""
 
 # hostNetwork allows a Pod to use the Node network namespace.
 # This is required to allow for communication with the kube API when using some alternate CNIs in conjunction with webhook enabled.
@@ -184,9 +186,15 @@ config:
   # certificatesRotateBefore defines when to rotate a certificate that is due to expire.
   certificatesRotateBefore: 24h
 
+  # disableConfigWatch specifies whether the operator watches the configuration file for changes.
+  disableConfigWatch: false
+
   # exposedNodeLabels is an array of regular expressions of node labels which are allowed to be copied as annotations on Elasticsearch Pods.
   exposedNodeLabels: [ "topology.kubernetes.io/.*", "failure-domain.beta.kubernetes.io/.*" ]
 
+  # ipFamily specifies the IP family to use. Possible values: IPv4, IPv6 and "" (auto-detect)
+  ipFamily: ""
+
   # setDefaultSecurityContext determines whether a default security context is set on application containers created by the operator.
   # *note* that the default option now is "auto-detect" to attempt to set this properly automatically when both running
   # in an openshift cluster, and a standard kubernetes cluster.  Valid values are as follows:
@@ -211,6 +219,10 @@ config:
   # Interval between observations of Elasticsearch health, non-positive values disable asynchronous observation.
   elasticsearchObservationInterval: 10s
 
+  # ubiOnly specifies whether the operator will use only UBI container images to deploy Elastic Stack applications. UBI images are only available from 7.10.0 onward.
+  # Cannot be combined with the containerSuffix value.
+  ubiOnly: false
+
 # Prometheus PodMonitor configuration
 # Reference: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#podmonitor
 podMonitor:

From 14a3cf253ceef826c6b8c07508bbd5f8ef81910b Mon Sep 17 00:00:00 2001
From: Michael Montgomery <mmontg1@gmail.com>
Date: Thu, 19 Oct 2023 12:01:22 -0500
Subject: [PATCH 2/2] Adjust eck.yaml defaults.

Signed-off-by: Michael Montgomery <mmontg1@gmail.com>
---
 config/eck.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/config/eck.yaml b/config/eck.yaml
index 9d9522f2a4..549435a4ed 100644
--- a/config/eck.yaml
+++ b/config/eck.yaml
@@ -6,6 +6,7 @@ ca-cert-validity: 8760h
 ca-cert-rotate-before: 24h
 cert-validity: 8760h
 cert-rotate-before: 24h
+disable-config-watch: false
 exposed-node-labels: [topology.kubernetes.io/.*,failure-domain.beta.kubernetes.io/.*]
 set-default-security-context: auto-detect
 kube-client-timeout: 60s
@@ -14,5 +15,7 @@ disable-telemetry: false
 distribution-channel: image
 validate-storage-class: true
 enable-webhook: false
+operator-namespace: elastic-system
 enable-leader-election: true
 elasticsearch-observation-interval: 10s
+ubi-only: false