diff --git a/Dockerfile b/Dockerfile index 07794f4..21afb20 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Build the manager binary -FROM europe-docker.pkg.dev/kyma-project/prod/external/golang:1.22.2-alpine3.19 as builder +FROM golang:1.22.3 as builder ARG TARGETOS ARG TARGETARCH diff --git a/Makefile b/Makefile index 1b3618a..206faa4 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ # Image URL to use all building/pushing image targets IMG ?= compass-manager:latest # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. -ENVTEST_K8S_VERSION = 1.26.0 +ENVTEST_K8S_VERSION = 1.28.0 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) ifeq (,$(shell go env GOBIN)) @@ -145,7 +145,7 @@ ENVTEST ?= $(LOCALBIN)/setup-envtest ## Tool Versions KUSTOMIZE_VERSION ?= v4.5.6 -CONTROLLER_TOOLS_VERSION ?= v0.11.2 +CONTROLLER_TOOLS_VERSION ?= v0.14.0 KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" .PHONY: kustomize diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go index 36ecebd..7551902 100644 --- a/api/v1beta1/zz_generated.deepcopy.go +++ b/api/v1beta1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated // Code generated by controller-gen. DO NOT EDIT. diff --git a/config/crd/bases/operator.kyma-project.io_compassmanagermappings.yaml b/config/crd/bases/operator.kyma-project.io_compassmanagermappings.yaml index 79732d8..c2c5114 100644 --- a/config/crd/bases/operator.kyma-project.io_compassmanagermappings.yaml +++ b/config/crd/bases/operator.kyma-project.io_compassmanagermappings.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: compassmanagermappings.operator.kyma-project.io spec: group: operator.kyma-project.io @@ -22,14 +21,19 @@ spec: API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object diff --git a/config/rbac/compassmanager_editor_role.yaml b/config/rbac/compassmanager_editor_role.yaml index 8fdfc49..d7061c2 100644 --- a/config/rbac/compassmanager_editor_role.yaml +++ b/config/rbac/compassmanager_editor_role.yaml @@ -1,15 +1,16 @@ # permissions for end users to edit compassmanagers. apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: Role metadata: labels: - app.kubernetes.io/name: clusterrole + app.kubernetes.io/name: role app.kubernetes.io/instance: compassmanager-editor-role app.kubernetes.io/component: rbac app.kubernetes.io/created-by: compass-manager app.kubernetes.io/part-of: compass-manager app.kubernetes.io/managed-by: kustomize name: compassmanager-editor-role + namespace: kcp-system rules: - apiGroups: - operator.kyma-project.io diff --git a/config/rbac/compassmanager_viewer_role.yaml b/config/rbac/compassmanager_viewer_role.yaml index 3270be3..d47aed5 100644 --- a/config/rbac/compassmanager_viewer_role.yaml +++ b/config/rbac/compassmanager_viewer_role.yaml @@ -1,15 +1,16 @@ # permissions for end users to view compassmanagers. apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: Role metadata: labels: - app.kubernetes.io/name: clusterrole + app.kubernetes.io/name: role app.kubernetes.io/instance: compassmanager-viewer-role app.kubernetes.io/component: rbac app.kubernetes.io/created-by: compass-manager app.kubernetes.io/part-of: compass-manager app.kubernetes.io/managed-by: kustomize name: compassmanager-viewer-role + namespace: kcp-system rules: - apiGroups: - operator.kyma-project.io diff --git a/config/rbac/compassmanagermapping_editor_role.yaml b/config/rbac/compassmanagermapping_editor_role.yaml index 6e8a856..43b96e5 100644 --- a/config/rbac/compassmanagermapping_editor_role.yaml +++ b/config/rbac/compassmanagermapping_editor_role.yaml @@ -1,15 +1,16 @@ # permissions for end users to edit compassmanagermappings. apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: Role metadata: labels: - app.kubernetes.io/name: clusterrole + app.kubernetes.io/name: role app.kubernetes.io/instance: compassmanagermapping-editor-role app.kubernetes.io/component: rbac app.kubernetes.io/created-by: compass-manager app.kubernetes.io/part-of: compass-manager app.kubernetes.io/managed-by: kustomize name: compassmanagermapping-editor-role + namespace: kcp-system rules: - apiGroups: - operator.kyma-project.io diff --git a/config/rbac/compassmanagermapping_viewer_role.yaml b/config/rbac/compassmanagermapping_viewer_role.yaml index 8caac98..7f6988e 100644 --- a/config/rbac/compassmanagermapping_viewer_role.yaml +++ b/config/rbac/compassmanagermapping_viewer_role.yaml @@ -1,15 +1,16 @@ # permissions for end users to view compassmanagermappings. apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: Role metadata: labels: - app.kubernetes.io/name: clusterrole + app.kubernetes.io/name: role app.kubernetes.io/instance: compassmanagermapping-viewer-role app.kubernetes.io/component: rbac app.kubernetes.io/created-by: compass-manager app.kubernetes.io/part-of: compass-manager app.kubernetes.io/managed-by: kustomize name: compassmanagermapping-viewer-role + namespace: kcp-system rules: - apiGroups: - operator.kyma-project.io diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml index 4eda575..684d17c 100644 --- a/config/rbac/leader_election_role.yaml +++ b/config/rbac/leader_election_role.yaml @@ -10,6 +10,7 @@ metadata: app.kubernetes.io/part-of: compass-manager app.kubernetes.io/managed-by: kustomize name: compass-manager-le-role + namespace: kcp-system rules: - apiGroups: - "" diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index bd438f6..e21ef7a 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -1,18 +1,10 @@ --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: Role metadata: - creationTimestamp: null name: compass-manager-role + namespace: kcp-system rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch - apiGroups: - "" resources: diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml index e813e9b..74afad5 100644 --- a/config/rbac/role_binding.yaml +++ b/config/rbac/role_binding.yaml @@ -1,19 +1,20 @@ apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: RoleBinding metadata: labels: - app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/name: rolebinding app.kubernetes.io/instance: compass-manager-rolebinding app.kubernetes.io/component: rbac app.kubernetes.io/created-by: compass-manager app.kubernetes.io/part-of: compass-manager app.kubernetes.io/managed-by: kustomize name: compass-manager-rolebinding + namespace: kcp-system roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole + kind: Role name: compass-manager-role subjects: - kind: ServiceAccount name: compass-manager - namespace: kcp-system + namespace: kcp-system \ No newline at end of file diff --git a/controllers/compassmanager_controller.go b/controllers/compassmanager_controller.go index be5d895..e8c5c56 100644 --- a/controllers/compassmanager_controller.go +++ b/controllers/compassmanager_controller.go @@ -57,12 +57,11 @@ func (e *DirectorError) Error() string { return fmt.Sprintf("error from director: %s", e.message) } -//+kubebuilder:rbac:groups=apiextensions.k8s.io,resources=customresourcedefinitions,verbs=get;list;watch -//+kubebuilder:rbac:groups=operator.kyma-project.io,resources=kymas,verbs=get;list;watch -//+kubebuilder:rbac:groups=operator.kyma-project.io,resources=compassmanagermappings,verbs=create;get;list;delete;watch;update -//+kubebuilder:rbac:groups=operator.kyma-project.io,resources=compassmanagermappings/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=operator.kyma-project.io,resources=compassmanagermappings/finalizers,verbs=update;get -//+kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch +//+kubebuilder:rbac:groups=operator.kyma-project.io,resources=kymas,verbs=get;list;watch,namespace=kcp-system +//+kubebuilder:rbac:groups=operator.kyma-project.io,resources=compassmanagermappings,verbs=create;get;list;delete;watch;update,namespace=kcp-system +//+kubebuilder:rbac:groups=operator.kyma-project.io,resources=compassmanagermappings/status,verbs=get;update;patch,namespace=kcp-system +//+kubebuilder:rbac:groups=operator.kyma-project.io,resources=compassmanagermappings/finalizers,verbs=update;get,namespace=kcp-system +//+kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch,namespace=kcp-system //go:generate mockery --name=Configurator type Configurator interface { diff --git a/go.mod b/go.mod index c58f231..a715200 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/kyma-project/compass-manager -go 1.22.2 +go 1.22.3 require ( github.com/99designs/gqlgen v0.17.43 @@ -232,15 +232,15 @@ require ( go.step.sm/crypto v0.44.2 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/crypto v0.22.0 // indirect + golang.org/x/crypto v0.23.0 // indirect golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect golang.org/x/mod v0.17.0 // indirect - golang.org/x/net v0.24.0 // indirect + golang.org/x/net v0.25.0 // indirect golang.org/x/oauth2 v0.19.0 // indirect golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.19.0 // indirect - golang.org/x/term v0.19.0 // indirect - golang.org/x/text v0.14.0 // indirect + golang.org/x/sys v0.20.0 // indirect + golang.org/x/term v0.20.0 // indirect + golang.org/x/text v0.15.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.20.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum index 4482451..3218259 100644 --- a/go.sum +++ b/go.sum @@ -920,6 +920,8 @@ golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= +golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= +golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.19.0 h1:9+E/EZBCbTLNrbN35fHv/a/d/mOBatymz1zbtQrXpIg= golang.org/x/oauth2 v0.19.0/go.mod h1:vYi7skDa1x015PmRRYZ7+s1cWyPgrPiSYRe4rnsexc8= @@ -943,6 +945,8 @@ golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= +golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= +golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= diff --git a/main.go b/main.go index bfd848b..f18c15d 100644 --- a/main.go +++ b/main.go @@ -19,12 +19,16 @@ import ( "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/vrischmann/envconfig" + corev1 "k8s.io/api/core/v1" + k8slabels "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/runtime" utilruntime "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/apimachinery/pkg/util/yaml" clientgoscheme "k8s.io/client-go/kubernetes/scheme" _ "k8s.io/client-go/plugin/pkg/client/auth" ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/cache" + "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/healthz" "sigs.k8s.io/controller-runtime/pkg/log/zap" metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" @@ -95,6 +99,7 @@ func main() { HealthProbeBindAddress: probeAddr, LeaderElection: enableLeaderElection, LeaderElectionID: "2647ec81.kyma-project.io", + Cache: setCacheOptions(), }) if err != nil { setupLog.Error(err, "unable to start manager") @@ -192,3 +197,26 @@ func exitOnError(err error, context string) { log.Fatal(wrappedError) } } + +func setCacheOptions() cache.Options { + return cache.Options{ + ByObject: map[client.Object]cache.ByObject{ + &corev1.Secret{}: { + Label: k8slabels.Everything(), + Namespaces: map[string]cache.Config{ + "kcp-system": {}, + }, + }, + &kyma.Kyma{}: { + Namespaces: map[string]cache.Config{ + "kcp-system": {}, + }, + }, + &v1beta1.CompassManagerMapping{}: { + Namespaces: map[string]cache.Config{ + "kcp-system": {}, + }, + }, + }, + } +}