operator-framework · joelanford · Mar 30, 2026 · Copilot · Apr 3, 2026 · tmshort
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -74,23 +74,6 @@ builds:
     ldflags:
     - -X {{ .Env.PKG }}/pkg/version.GitCommit={{ .FullCommit }}
     - -X {{ .Env.PKG }}/pkg/version.OLMVersion={{ .Tag }}
-  - id: copy-content
-    main: ./cmd/copy-content
-    binary: copy-content
-    goos:
-      - linux
-    goarch:
-      - amd64
-      - arm64
-      - ppc64le
-      - s390x
-    tags:
-      - json1
-    flags:
-      - -mod=vendor
-    ldflags:
-      - -X {{ .Env.PKG }}/pkg/version.GitCommit={{ .FullCommit }}
-      - -X {{ .Env.PKG }}/pkg/version.OLMVersion={{ .Tag }}
 dockers:
 - image_templates:
   - "{{ .Env.IMAGE_REPO }}:{{ .Tag }}-amd64"

diff --git a/AGENTS.md b/AGENTS.md
@@ -67,8 +67,7 @@ operator-lifecycle-manager/
 ├── cmd/                          # Entry point binaries
 │   ├── catalog/                  # Catalog Operator main
 │   ├── olm/                      # OLM Operator main
-│   ├── package-server/           # Package API server
-│   └── copy-content/             # Content copy utility
+│   └── package-server/           # Package API server
 │
 ├── pkg/                          # Core implementation
 │   ├── api/                      # API client and wrappers

diff --git a/Dockerfile b/Dockerfile
@@ -7,7 +7,6 @@ RUN ["/busybox/ln", "-s", "/busybox/cp", "/bin/cp"]
 COPY olm /bin/olm
 COPY catalog /bin/catalog
 COPY package-server /bin/package-server
-COPY copy-content /bin/copy-content
 COPY cpb /bin/cpb
 EXPOSE 8080
 EXPOSE 5443

diff --git a/cmd/copy-content/main.go b/cmd/copy-content/main.go
diff --git a/pkg/controller/operators/catalog/operator.go b/pkg/controller/operators/catalog/operator.go
@@ -221,7 +221,7 @@ func NewOperator(ctx context.Context, kubeconfigPath string, clock utilclock.Clo
 	op.sources = grpc.NewSourceStore(logger, 10*time.Second, 10*time.Minute, op.syncSourceState)
 	op.resolverSourceProvider = resolver.SourceProviderFromRegistryClientProvider(op.sources, lister.OperatorsV1alpha1().CatalogSourceLister(), logger)
 	op.operatorCacheProvider = resolver.NewOperatorCacheProvider(lister, crClient, op.resolverSourceProvider, logger)
-	op.reconciler = reconciler.NewRegistryReconcilerFactory(lister, opClient, configmapRegistryImage, op.now, ssaClient, workloadUserID, opmImage, utilImage)
+	op.reconciler = reconciler.NewRegistryReconcilerFactory(lister, opClient, configmapRegistryImage, op.now, ssaClient, workloadUserID, opmImage)
 	res := resolver.NewOperatorStepResolver(lister, crClient, operatorNamespace, op.operatorCacheProvider, logger)
 	op.resolver = resolver.NewInstrumentedResolver(res, metrics.RegisterDependencyResolutionSuccess, metrics.RegisterDependencyResolutionFailure)
 

diff --git a/pkg/controller/operators/catalog/operator_test.go b/pkg/controller/operators/catalog/operator_test.go
@@ -2279,7 +2279,7 @@ func NewFakeOperator(ctx context.Context, namespace string, namespaces []string,
 			return nil, err
 		}
 		applier := controllerclient.NewFakeApplier(s, "testowner")
-		op.reconciler = reconciler.NewRegistryReconcilerFactory(lister, op.opClient, "test:pod", op.now, applier, 1001, "", "")
+		op.reconciler = reconciler.NewRegistryReconcilerFactory(lister, op.opClient, "test:pod", op.now, applier, 1001, "")
 	}
 
 	op.RunInformers(ctx)
@@ -2447,7 +2447,7 @@ func pod(t *testing.T, s v1alpha1.CatalogSource) *corev1.Pod {
 			Name:      s.GetName(),
 		},
 	}
-	pod, err := reconciler.Pod(&s, "registry-server", "central-opm", "central-util", s.Spec.Image, serviceAccount, s.GetLabels(), s.GetAnnotations(), 5, 10, 1001, v1alpha1.Legacy)
+	pod, err := reconciler.Pod(&s, "registry-server", "central-opm", s.Spec.Image, serviceAccount, s.GetLabels(), s.GetAnnotations(), 5, 10, 1001, v1alpha1.Legacy)
 	if err != nil {
 		t.Fatal(err)
 	}

diff --git a/pkg/controller/registry/reconciler/configmap.go b/pkg/controller/registry/reconciler/configmap.go
@@ -113,7 +113,7 @@ func (s *configMapCatalogSourceDecorator) Service() (*corev1.Service, error) {
 }
 
 func (s *configMapCatalogSourceDecorator) Pod(image string, defaultPodSecurityConfig v1alpha1.SecurityConfig) (*corev1.Pod, error) {
-	pod, err := Pod(s.CatalogSource, "configmap-registry-server", "", "", image, nil, s.Labels(), s.Annotations(), 5, 5, s.runAsUser, defaultPodSecurityConfig)
+	pod, err := Pod(s.CatalogSource, "configmap-registry-server", "", image, nil, s.Labels(), s.Annotations(), 5, 5, s.runAsUser, defaultPodSecurityConfig)
 	if err != nil {
 		return nil, err
 	}

diff --git a/pkg/controller/registry/reconciler/grpc.go b/pkg/controller/registry/reconciler/grpc.go
@@ -39,7 +39,6 @@ type grpcCatalogSourceDecorator struct {
 	*v1alpha1.CatalogSource
 	createPodAsUser int64
 	opmImage        string
-	utilImage       string
 }
 
 type UpdateNotReadyErr struct {
@@ -144,7 +143,7 @@ func (s *grpcCatalogSourceDecorator) ServiceAccount() *corev1.ServiceAccount {
 }
 
 func (s *grpcCatalogSourceDecorator) Pod(serviceAccount *corev1.ServiceAccount, defaultPodSecurityConfig v1alpha1.SecurityConfig) (*corev1.Pod, error) {
-	pod, err := Pod(s.CatalogSource, "registry-server", s.opmImage, s.utilImage, s.Spec.Image, serviceAccount, s.Labels(), s.Annotations(), 5, 10, s.createPodAsUser, defaultPodSecurityConfig)
+	pod, err := Pod(s.CatalogSource, "registry-server", s.opmImage, s.Spec.Image, serviceAccount, s.Labels(), s.Annotations(), 5, 10, s.createPodAsUser, defaultPodSecurityConfig)
 	if err != nil {
 		return nil, err
 	}
@@ -159,7 +158,6 @@ type GrpcRegistryReconciler struct {
 	SSAClient       *controllerclient.ServerSideApplier
 	createPodAsUser int64
 	opmImage        string
-	utilImage       string
 }
 
 var _ RegistryReconciler = &GrpcRegistryReconciler{}
@@ -262,23 +260,26 @@ func (c *GrpcRegistryReconciler) currentPodsWithCorrectImageAndSpec(logger *logr
 }
 
 func correctImages(source grpcCatalogSourceDecorator, pod *corev1.Pod) bool {
+	if len(pod.Spec.InitContainers) != 0 || len(pod.Spec.Containers) != 1 {
+		return false
+	}
+	if pod.Spec.Containers[0].Image != source.CatalogSource.Spec.Image {
+		return false
+	}
 	if source.CatalogSource.Spec.GrpcPodConfig != nil && source.CatalogSource.Spec.GrpcPodConfig.ExtractContent != nil {
-		if len(pod.Spec.InitContainers) != 2 {
+		if len(pod.Spec.Volumes) == 0 {
 			return false
 		}
-		if len(pod.Spec.Containers) != 1 {
-			return false
-		}
-		return pod.Spec.InitContainers[0].Image == source.utilImage &&
-			pod.Spec.InitContainers[1].Image == source.CatalogSource.Spec.Image &&
-			pod.Spec.Containers[0].Image == source.opmImage
+		return pod.Spec.Volumes[0].Name == opmVolumeName &&
+			pod.Spec.Volumes[0].VolumeSource.Image != nil &&
+			pod.Spec.Volumes[0].VolumeSource.Image.Reference == source.opmImage
-		return pod.Spec.Volumes[0].Name == opmVolumeName &&
-			pod.Spec.Volumes[0].VolumeSource.Image != nil &&
-			pod.Spec.Volumes[0].VolumeSource.Image.Reference == source.opmImage
+		for _, volume := range pod.Spec.Volumes {
+			if volume.Name != opmVolumeName {
+				continue
+			}
+			return volume.VolumeSource.Image != nil &&
+				volume.VolumeSource.Image.Reference == source.opmImage
+		}
+		return false
-		return pod.Spec.Volumes[0].Name == opmVolumeName &&
-			pod.Spec.Volumes[0].VolumeSource.Image != nil &&
-			pod.Spec.Volumes[0].VolumeSource.Image.Reference == source.opmImage
+		for _, volume := range pod.Spec.Volumes {
+			if volume.Name != opmVolumeName {
+				continue
+			}
+			return volume.VolumeSource.Image != nil &&
+				volume.VolumeSource.Image.Reference == source.opmImage
+		}
+		return false
 	}
-	return pod.Spec.Containers[0].Image == source.CatalogSource.Spec.Image
+	return true
 }
 
 // EnsureRegistryServer ensures that all components of registry server are up to date.
 func (c *GrpcRegistryReconciler) EnsureRegistryServer(logger *logrus.Entry, catalogSource *v1alpha1.CatalogSource) error {
-	source := grpcCatalogSourceDecorator{CatalogSource: catalogSource, createPodAsUser: c.createPodAsUser, opmImage: c.opmImage, utilImage: c.utilImage}
+	source := grpcCatalogSourceDecorator{CatalogSource: catalogSource, createPodAsUser: c.createPodAsUser, opmImage: c.opmImage}
 
 	// if service status is nil, we force create every object to ensure they're created the first time
 	valid, err := isRegistryServiceStatusValid(&source)
@@ -618,21 +619,16 @@ func isPodDead(pod *corev1.Pod) bool {
 	return false
 }
 
-// imageID returns the ImageID of the primary catalog source container or an empty string if the image ID isn't available yet.
+// imageID returns the ImageID of the catalog source container or an empty string if the image ID isn't available yet.
 // Note: the pod must be running and the container in a ready status to return a valid ImageID.
 func imageID(pod *corev1.Pod) string {
-	if len(pod.Status.InitContainerStatuses) == 2 && len(pod.Status.ContainerStatuses) == 1 {
-		// spec.grpcPodConfig.extractContent mode was used for this pod
-		return pod.Status.InitContainerStatuses[1].ImageID
-	}
-	if len(pod.Status.InitContainerStatuses) == 0 && len(pod.Status.ContainerStatuses) == 1 {
-		// spec.grpcPodConfig.extractContent mode was NOT used for this pod (i.e. we're just running the catalog image directly)
+	if len(pod.Status.ContainerStatuses) == 1 {
 		return pod.Status.ContainerStatuses[0].ImageID
 	}
-	if len(pod.Status.InitContainerStatuses) == 0 && len(pod.Status.ContainerStatuses) == 0 {
-		logrus.WithField("CatalogSource", pod.GetName()).Warn("pod status unknown; pod has not yet populated initContainer and container status")
+	if len(pod.Status.ContainerStatuses) == 0 {
+		logrus.WithField("CatalogSource", pod.GetName()).Warn("pod status unknown; pod has not yet populated container status")
 	} else {
-		logrus.WithField("CatalogSource", pod.GetName()).Warn("pod status unknown; pod contains unexpected initContainer and container configuration")
+		logrus.WithField("CatalogSource", pod.GetName()).Warn("pod status unknown; pod contains unexpected container configuration")
 	}
 	return ""
 }
@@ -648,7 +644,7 @@ func (c *GrpcRegistryReconciler) removePods(pods []*corev1.Pod, namespace string
 
 // CheckRegistryServer returns true if the given CatalogSource is considered healthy; false otherwise.
 func (c *GrpcRegistryReconciler) CheckRegistryServer(logger *logrus.Entry, catalogSource *v1alpha1.CatalogSource) (bool, error) {
-	source := grpcCatalogSourceDecorator{CatalogSource: catalogSource, createPodAsUser: c.createPodAsUser, opmImage: c.opmImage, utilImage: c.utilImage}
+	source := grpcCatalogSourceDecorator{CatalogSource: catalogSource, createPodAsUser: c.createPodAsUser, opmImage: c.opmImage}
 
 	// The CheckRegistryServer function is called by the CatalogSoruce controller before the registry resources are created,
 	// returning a IsNotFound error will cause the controller to exit and never create the resources, so we should

diff --git a/pkg/controller/registry/reconciler/grpc_test.go b/pkg/controller/registry/reconciler/grpc_test.go
@@ -722,25 +722,12 @@ func TestGetPodImageID(t *testing.T) {
 		result      string
 	}{
 		{
-			description: "default pod has status: return status",
+			description: "pod has single container status: return imageID",
 			pod:         &corev1.Pod{Status: corev1.PodStatus{ContainerStatuses: []corev1.ContainerStatus{{ImageID: "xyz123"}}}},
 			result:      "xyz123",
 		},
 		{
-			description: "extractConfig pod has status: return status",
-			pod: &corev1.Pod{Status: corev1.PodStatus{
-				InitContainerStatuses: []corev1.ContainerStatus{
-					{ImageID: "xyz123"},
-					{ImageID: "abc456"},
-				},
-				ContainerStatuses: []corev1.ContainerStatus{
-					{ImageID: "xyz123"},
-				},
-			}},
-			result: "abc456",
-		},
-		{
-			description: "pod has unexpected container config",
+			description: "pod has unexpected multiple container statuses",
 			pod: &corev1.Pod{Status: corev1.PodStatus{ContainerStatuses: []corev1.ContainerStatus{
 				{ImageID: "xyz123"},
 				{ImageID: "abc456"},