We utilize cert-manager upstream for generating the TLS certificates used by catalogd (and the CA used by operator-controller for verification) to serve catalog contents over HTTPS.

OpenShift has it's own operator for managing certificates: https://github.com/openshift/service-ca-operator

To align with the rest of the OpenShift org and continue serving catalog contents over HTTPS we need to add a downstream only kustomize overlay so that the manifests generated for catalogd downstream creates certificates via service-ca-operator.

An example of this overlay approach can be seen here: https://github.com/openshift/operator-framework-rukpak/tree/main/openshift/kustomize/overlays/openshift