From c432e219f8bf6ca3ee5989f1bac72199aa9a9531 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C5=82=20Foks?= Date: Wed, 8 May 2024 10:14:12 +0200 Subject: [PATCH 1/9] Compass Manager is namespace wide --- api/v1beta1/zz_generated.deepcopy.go | 1 - ...yma-project.io_compassmanagermappings.yaml | 3 +- config/rbac/compassmanager_editor_role.yaml | 3 +- config/rbac/compassmanager_viewer_role.yaml | 3 +- .../compassmanagermapping_editor_role.yaml | 3 +- .../compassmanagermapping_viewer_role.yaml | 3 +- config/rbac/role.yaml | 8 +++- config/rbac/role_binding.yaml | 25 ++++++++++- controllers/compassmanager_controller.go | 10 ++--- main.go | 44 ++++++++++++++++--- 10 files changed, 83 insertions(+), 20 deletions(-) diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go index 36ecebd..7551902 100644 --- a/api/v1beta1/zz_generated.deepcopy.go +++ b/api/v1beta1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated // Code generated by controller-gen. DO NOT EDIT. diff --git a/config/crd/bases/operator.kyma-project.io_compassmanagermappings.yaml b/config/crd/bases/operator.kyma-project.io_compassmanagermappings.yaml index 79732d8..42020e4 100644 --- a/config/crd/bases/operator.kyma-project.io_compassmanagermappings.yaml +++ b/config/crd/bases/operator.kyma-project.io_compassmanagermappings.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.13.0 name: compassmanagermappings.operator.kyma-project.io spec: group: operator.kyma-project.io diff --git a/config/rbac/compassmanager_editor_role.yaml b/config/rbac/compassmanager_editor_role.yaml index 8fdfc49..43a70ef 100644 --- a/config/rbac/compassmanager_editor_role.yaml +++ b/config/rbac/compassmanager_editor_role.yaml @@ -1,6 +1,6 @@ # permissions for end users to edit compassmanagers. apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: Role metadata: labels: app.kubernetes.io/name: clusterrole @@ -10,6 +10,7 @@ metadata: app.kubernetes.io/part-of: compass-manager app.kubernetes.io/managed-by: kustomize name: compassmanager-editor-role + namespace: kcp-system rules: - apiGroups: - operator.kyma-project.io diff --git a/config/rbac/compassmanager_viewer_role.yaml b/config/rbac/compassmanager_viewer_role.yaml index 3270be3..7fc1adf 100644 --- a/config/rbac/compassmanager_viewer_role.yaml +++ b/config/rbac/compassmanager_viewer_role.yaml @@ -1,6 +1,6 @@ # permissions for end users to view compassmanagers. apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: Role metadata: labels: app.kubernetes.io/name: clusterrole @@ -10,6 +10,7 @@ metadata: app.kubernetes.io/part-of: compass-manager app.kubernetes.io/managed-by: kustomize name: compassmanager-viewer-role + namespace: kcp-system rules: - apiGroups: - operator.kyma-project.io diff --git a/config/rbac/compassmanagermapping_editor_role.yaml b/config/rbac/compassmanagermapping_editor_role.yaml index 6e8a856..b8c3cf9 100644 --- a/config/rbac/compassmanagermapping_editor_role.yaml +++ b/config/rbac/compassmanagermapping_editor_role.yaml @@ -1,6 +1,6 @@ # permissions for end users to edit compassmanagermappings. apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: Role metadata: labels: app.kubernetes.io/name: clusterrole @@ -10,6 +10,7 @@ metadata: app.kubernetes.io/part-of: compass-manager app.kubernetes.io/managed-by: kustomize name: compassmanagermapping-editor-role + namespace: kcp-system rules: - apiGroups: - operator.kyma-project.io diff --git a/config/rbac/compassmanagermapping_viewer_role.yaml b/config/rbac/compassmanagermapping_viewer_role.yaml index 8caac98..7345902 100644 --- a/config/rbac/compassmanagermapping_viewer_role.yaml +++ b/config/rbac/compassmanagermapping_viewer_role.yaml @@ -1,6 +1,6 @@ # permissions for end users to view compassmanagermappings. apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: Role metadata: labels: app.kubernetes.io/name: clusterrole @@ -10,6 +10,7 @@ metadata: app.kubernetes.io/part-of: compass-manager app.kubernetes.io/managed-by: kustomize name: compassmanagermapping-viewer-role + namespace: kcp-system rules: - apiGroups: - operator.kyma-project.io diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index bd438f6..1a20e79 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -2,7 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - creationTimestamp: null name: compass-manager-role rules: - apiGroups: @@ -13,6 +12,13 @@ rules: - get - list - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: compass-manager-role + namespace: kcp-system +rules: - apiGroups: - "" resources: diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml index e813e9b..34fd6f6 100644 --- a/config/rbac/role_binding.yaml +++ b/config/rbac/role_binding.yaml @@ -1,5 +1,5 @@ apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: RoleBinding metadata: labels: app.kubernetes.io/name: clusterrolebinding @@ -9,11 +9,32 @@ metadata: app.kubernetes.io/part-of: compass-manager app.kubernetes.io/managed-by: kustomize name: compass-manager-rolebinding + namespace: kcp-system roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole + kind: Role name: compass-manager-role subjects: - kind: ServiceAccount name: compass-manager namespace: kcp-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/instance: compass-manager-cluster-rolebinding + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: compass-manager + app.kubernetes.io/part-of: compass-manager + app.kubernetes.io/managed-by: kustomize + name: compass-manager-cluster-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: compass-manager-role +subjects: +- kind: ServiceAccount + name: compass-manager + namespace: kcp-system diff --git a/controllers/compassmanager_controller.go b/controllers/compassmanager_controller.go index be5d895..59fda56 100644 --- a/controllers/compassmanager_controller.go +++ b/controllers/compassmanager_controller.go @@ -58,11 +58,11 @@ func (e *DirectorError) Error() string { } //+kubebuilder:rbac:groups=apiextensions.k8s.io,resources=customresourcedefinitions,verbs=get;list;watch -//+kubebuilder:rbac:groups=operator.kyma-project.io,resources=kymas,verbs=get;list;watch -//+kubebuilder:rbac:groups=operator.kyma-project.io,resources=compassmanagermappings,verbs=create;get;list;delete;watch;update -//+kubebuilder:rbac:groups=operator.kyma-project.io,resources=compassmanagermappings/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=operator.kyma-project.io,resources=compassmanagermappings/finalizers,verbs=update;get -//+kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch +//+kubebuilder:rbac:groups=operator.kyma-project.io,resources=kymas,verbs=get;list;watch,namespace=kcp-system +//+kubebuilder:rbac:groups=operator.kyma-project.io,resources=compassmanagermappings,verbs=create;get;list;delete;watch;update,namespace=kcp-system +//+kubebuilder:rbac:groups=operator.kyma-project.io,resources=compassmanagermappings/status,verbs=get;update;patch,namespace=kcp-system +//+kubebuilder:rbac:groups=operator.kyma-project.io,resources=compassmanagermappings/finalizers,verbs=update;get,namespace=kcp-system +//+kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch,namespace=kcp-system //go:generate mockery --name=Configurator type Configurator interface { diff --git a/main.go b/main.go index bfd848b..de97d72 100644 --- a/main.go +++ b/main.go @@ -4,11 +4,6 @@ import ( "crypto/tls" "flag" "fmt" - "log" - "net/http" - "os" - "time" - "github.com/kyma-project/compass-manager/api/v1beta1" "github.com/kyma-project/compass-manager/controllers" "github.com/kyma-project/compass-manager/controllers/metrics" @@ -19,15 +14,23 @@ import ( "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/vrischmann/envconfig" + apicorev1 "k8s.io/api/core/v1" + k8slabels "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/runtime" utilruntime "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/apimachinery/pkg/util/yaml" clientgoscheme "k8s.io/client-go/kubernetes/scheme" _ "k8s.io/client-go/plugin/pkg/client/auth" + "log" + "net/http" + "os" ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/cache" + "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/healthz" "sigs.k8s.io/controller-runtime/pkg/log/zap" metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" + "time" ) var ( @@ -87,6 +90,13 @@ func main() { ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts))) + //namespaces := []string{"kcp-system"} + //defaultNamespaces := make(map[string]cache.Config) + // + //for _, ns := range namespaces { + // defaultNamespaces[ns] = cache.Config{} + //} + mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ Scheme: scheme, Metrics: metricsserver.Options{ @@ -95,6 +105,7 @@ func main() { HealthProbeBindAddress: probeAddr, LeaderElection: enableLeaderElection, LeaderElectionID: "2647ec81.kyma-project.io", + Cache: setCacheOptions(), }) if err != nil { setupLog.Error(err, "unable to start manager") @@ -192,3 +203,26 @@ func exitOnError(err error, context string) { log.Fatal(wrappedError) } } + +func setCacheOptions() cache.Options { + return cache.Options{ + ByObject: map[client.Object]cache.ByObject{ + &apicorev1.Secret{}: { + Label: k8slabels.Everything(), + Namespaces: map[string]cache.Config{ + "kcp-system": {}, + }, + }, + &kyma.Kyma{}: { + Namespaces: map[string]cache.Config{ + "kcp-system": {}, + }, + }, + &v1beta1.CompassManagerMapping{}: { + Namespaces: map[string]cache.Config{ + "kcp-system": {}, + }, + }, + }, + } +} From ba7a99a3a9b5f955b9ba5914e4f68d3e059925d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C5=82=20Foks?= Date: Thu, 9 May 2024 09:05:31 +0200 Subject: [PATCH 2/9] Compass Manager using only Roles --- config/rbac/role.yaml | 14 --------- config/rbac/role_binding.yaml | 40 ++++++++++++------------ controllers/compassmanager_controller.go | 1 - main.go | 11 ++----- 4 files changed, 22 insertions(+), 44 deletions(-) diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 1a20e79..e21ef7a 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -1,19 +1,5 @@ --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: compass-manager-role -rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: compass-manager-role diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml index 34fd6f6..7b01ac9 100644 --- a/config/rbac/role_binding.yaml +++ b/config/rbac/role_binding.yaml @@ -18,23 +18,23 @@ subjects: - kind: ServiceAccount name: compass-manager namespace: kcp-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: clusterrolebinding - app.kubernetes.io/instance: compass-manager-cluster-rolebinding - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: compass-manager - app.kubernetes.io/part-of: compass-manager - app.kubernetes.io/managed-by: kustomize - name: compass-manager-cluster-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: compass-manager-role -subjects: -- kind: ServiceAccount - name: compass-manager - namespace: kcp-system +#--- +#apiVersion: rbac.authorization.k8s.io/v1 +#kind: ClusterRoleBinding +#metadata: +# labels: +# app.kubernetes.io/name: clusterrolebinding +# app.kubernetes.io/instance: compass-manager-cluster-rolebinding +# app.kubernetes.io/component: rbac +# app.kubernetes.io/created-by: compass-manager +# app.kubernetes.io/part-of: compass-manager +# app.kubernetes.io/managed-by: kustomize +# name: compass-manager-cluster-rolebinding +#roleRef: +# apiGroup: rbac.authorization.k8s.io +# kind: ClusterRole +# name: compass-manager-role +#subjects: +#- kind: ServiceAccount +# name: compass-manager +# namespace: kcp-system diff --git a/controllers/compassmanager_controller.go b/controllers/compassmanager_controller.go index 59fda56..e8c5c56 100644 --- a/controllers/compassmanager_controller.go +++ b/controllers/compassmanager_controller.go @@ -57,7 +57,6 @@ func (e *DirectorError) Error() string { return fmt.Sprintf("error from director: %s", e.message) } -//+kubebuilder:rbac:groups=apiextensions.k8s.io,resources=customresourcedefinitions,verbs=get;list;watch //+kubebuilder:rbac:groups=operator.kyma-project.io,resources=kymas,verbs=get;list;watch,namespace=kcp-system //+kubebuilder:rbac:groups=operator.kyma-project.io,resources=compassmanagermappings,verbs=create;get;list;delete;watch;update,namespace=kcp-system //+kubebuilder:rbac:groups=operator.kyma-project.io,resources=compassmanagermappings/status,verbs=get;update;patch,namespace=kcp-system diff --git a/main.go b/main.go index de97d72..a762799 100644 --- a/main.go +++ b/main.go @@ -14,7 +14,7 @@ import ( "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/vrischmann/envconfig" - apicorev1 "k8s.io/api/core/v1" + corev1 "k8s.io/api/core/v1" k8slabels "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/runtime" utilruntime "k8s.io/apimachinery/pkg/util/runtime" @@ -90,13 +90,6 @@ func main() { ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts))) - //namespaces := []string{"kcp-system"} - //defaultNamespaces := make(map[string]cache.Config) - // - //for _, ns := range namespaces { - // defaultNamespaces[ns] = cache.Config{} - //} - mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ Scheme: scheme, Metrics: metricsserver.Options{ @@ -207,7 +200,7 @@ func exitOnError(err error, context string) { func setCacheOptions() cache.Options { return cache.Options{ ByObject: map[client.Object]cache.ByObject{ - &apicorev1.Secret{}: { + &corev1.Secret{}: { Label: k8slabels.Everything(), Namespaces: map[string]cache.Config{ "kcp-system": {}, From 37c9d88c0f24b13a23141788fa1c1d397dd07d5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C5=82=20Foks?= Date: Thu, 9 May 2024 09:18:44 +0200 Subject: [PATCH 3/9] Fix RBACs --- config/rbac/leader_election_role.yaml | 1 + config/rbac/role_binding.yaml | 22 +--------------------- 2 files changed, 2 insertions(+), 21 deletions(-) diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml index 4eda575..684d17c 100644 --- a/config/rbac/leader_election_role.yaml +++ b/config/rbac/leader_election_role.yaml @@ -10,6 +10,7 @@ metadata: app.kubernetes.io/part-of: compass-manager app.kubernetes.io/managed-by: kustomize name: compass-manager-le-role + namespace: kcp-system rules: - apiGroups: - "" diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml index 7b01ac9..1de0cfd 100644 --- a/config/rbac/role_binding.yaml +++ b/config/rbac/role_binding.yaml @@ -17,24 +17,4 @@ roleRef: subjects: - kind: ServiceAccount name: compass-manager - namespace: kcp-system -#--- -#apiVersion: rbac.authorization.k8s.io/v1 -#kind: ClusterRoleBinding -#metadata: -# labels: -# app.kubernetes.io/name: clusterrolebinding -# app.kubernetes.io/instance: compass-manager-cluster-rolebinding -# app.kubernetes.io/component: rbac -# app.kubernetes.io/created-by: compass-manager -# app.kubernetes.io/part-of: compass-manager -# app.kubernetes.io/managed-by: kustomize -# name: compass-manager-cluster-rolebinding -#roleRef: -# apiGroup: rbac.authorization.k8s.io -# kind: ClusterRole -# name: compass-manager-role -#subjects: -#- kind: ServiceAccount -# name: compass-manager -# namespace: kcp-system + namespace: kcp-system \ No newline at end of file From dc82dfb87338ac7b2022c97f0a78a9c2c064c732 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C5=82=20Foks?= Date: Thu, 9 May 2024 09:34:01 +0200 Subject: [PATCH 4/9] Fix lint, and sec vuln --- Dockerfile | 2 +- main.go | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 07794f4..21afb20 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Build the manager binary -FROM europe-docker.pkg.dev/kyma-project/prod/external/golang:1.22.2-alpine3.19 as builder +FROM golang:1.22.3 as builder ARG TARGETOS ARG TARGETARCH diff --git a/main.go b/main.go index a762799..f18c15d 100644 --- a/main.go +++ b/main.go @@ -4,6 +4,11 @@ import ( "crypto/tls" "flag" "fmt" + "log" + "net/http" + "os" + "time" + "github.com/kyma-project/compass-manager/api/v1beta1" "github.com/kyma-project/compass-manager/controllers" "github.com/kyma-project/compass-manager/controllers/metrics" @@ -21,16 +26,12 @@ import ( "k8s.io/apimachinery/pkg/util/yaml" clientgoscheme "k8s.io/client-go/kubernetes/scheme" _ "k8s.io/client-go/plugin/pkg/client/auth" - "log" - "net/http" - "os" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/cache" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/healthz" "sigs.k8s.io/controller-runtime/pkg/log/zap" metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" - "time" ) var ( From 868ecd3edef847db0573cc3612cf6a4844d5f8aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C5=82=20Foks?= Date: Thu, 9 May 2024 09:49:54 +0200 Subject: [PATCH 5/9] Go update --- go.mod | 12 ++++++------ go.sum | 4 ++++ 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 60afb55..d0c1962 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/kyma-project/compass-manager -go 1.22.2 +go 1.22.3 require ( github.com/99designs/gqlgen v0.17.43 @@ -232,15 +232,15 @@ require ( go.step.sm/crypto v0.44.2 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/crypto v0.22.0 // indirect + golang.org/x/crypto v0.23.0 // indirect golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect golang.org/x/mod v0.17.0 // indirect - golang.org/x/net v0.24.0 // indirect + golang.org/x/net v0.25.0 // indirect golang.org/x/oauth2 v0.19.0 // indirect golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.19.0 // indirect - golang.org/x/term v0.19.0 // indirect - golang.org/x/text v0.14.0 // indirect + golang.org/x/sys v0.20.0 // indirect + golang.org/x/term v0.20.0 // indirect + golang.org/x/text v0.15.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.20.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum index 9daf55e..ad84425 100644 --- a/go.sum +++ b/go.sum @@ -920,6 +920,8 @@ golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= +golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= +golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.19.0 h1:9+E/EZBCbTLNrbN35fHv/a/d/mOBatymz1zbtQrXpIg= golang.org/x/oauth2 v0.19.0/go.mod h1:vYi7skDa1x015PmRRYZ7+s1cWyPgrPiSYRe4rnsexc8= @@ -943,6 +945,8 @@ golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= +golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= +golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= From 4d66fe7d243df9f78b13ea18544c94fba2fc92e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C5=82=20Foks?= Date: Thu, 9 May 2024 13:23:40 +0200 Subject: [PATCH 6/9] Bump envtest k8s version and contoller tools --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 1b3618a..206faa4 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ # Image URL to use all building/pushing image targets IMG ?= compass-manager:latest # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. -ENVTEST_K8S_VERSION = 1.26.0 +ENVTEST_K8S_VERSION = 1.28.0 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) ifeq (,$(shell go env GOBIN)) @@ -145,7 +145,7 @@ ENVTEST ?= $(LOCALBIN)/setup-envtest ## Tool Versions KUSTOMIZE_VERSION ?= v4.5.6 -CONTROLLER_TOOLS_VERSION ?= v0.11.2 +CONTROLLER_TOOLS_VERSION ?= v0.14.0 KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" .PHONY: kustomize From 774b63d4ddce1db0e215550dad36791e2e7b8de7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C5=82=20Foks?= Date: Thu, 9 May 2024 13:44:53 +0200 Subject: [PATCH 7/9] Change to CRD after make generate --- ...yma-project.io_compassmanagermappings.yaml | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/config/crd/bases/operator.kyma-project.io_compassmanagermappings.yaml b/config/crd/bases/operator.kyma-project.io_compassmanagermappings.yaml index 42020e4..c2c5114 100644 --- a/config/crd/bases/operator.kyma-project.io_compassmanagermappings.yaml +++ b/config/crd/bases/operator.kyma-project.io_compassmanagermappings.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: compassmanagermappings.operator.kyma-project.io spec: group: operator.kyma-project.io @@ -21,14 +21,19 @@ spec: API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object From c09a768379d958bb2cd61f907e089b966bba7710 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C5=82=20Foks?= Date: Mon, 13 May 2024 08:58:38 +0200 Subject: [PATCH 8/9] Apply review suggestions --- config/rbac/compassmanager_editor_role.yaml | 2 +- config/rbac/compassmanager_viewer_role.yaml | 2 +- config/rbac/compassmanagermapping_editor_role.yaml | 2 +- config/rbac/compassmanagermapping_viewer_role.yaml | 2 +- config/rbac/role.yaml | 7 +++++++ config/rbac/role_binding.yaml | 2 +- 6 files changed, 12 insertions(+), 5 deletions(-) diff --git a/config/rbac/compassmanager_editor_role.yaml b/config/rbac/compassmanager_editor_role.yaml index 43a70ef..d7061c2 100644 --- a/config/rbac/compassmanager_editor_role.yaml +++ b/config/rbac/compassmanager_editor_role.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - app.kubernetes.io/name: clusterrole + app.kubernetes.io/name: role app.kubernetes.io/instance: compassmanager-editor-role app.kubernetes.io/component: rbac app.kubernetes.io/created-by: compass-manager diff --git a/config/rbac/compassmanager_viewer_role.yaml b/config/rbac/compassmanager_viewer_role.yaml index 7fc1adf..d47aed5 100644 --- a/config/rbac/compassmanager_viewer_role.yaml +++ b/config/rbac/compassmanager_viewer_role.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - app.kubernetes.io/name: clusterrole + app.kubernetes.io/name: role app.kubernetes.io/instance: compassmanager-viewer-role app.kubernetes.io/component: rbac app.kubernetes.io/created-by: compass-manager diff --git a/config/rbac/compassmanagermapping_editor_role.yaml b/config/rbac/compassmanagermapping_editor_role.yaml index b8c3cf9..43b96e5 100644 --- a/config/rbac/compassmanagermapping_editor_role.yaml +++ b/config/rbac/compassmanagermapping_editor_role.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - app.kubernetes.io/name: clusterrole + app.kubernetes.io/name: role app.kubernetes.io/instance: compassmanagermapping-editor-role app.kubernetes.io/component: rbac app.kubernetes.io/created-by: compass-manager diff --git a/config/rbac/compassmanagermapping_viewer_role.yaml b/config/rbac/compassmanagermapping_viewer_role.yaml index 7345902..7f6988e 100644 --- a/config/rbac/compassmanagermapping_viewer_role.yaml +++ b/config/rbac/compassmanagermapping_viewer_role.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - app.kubernetes.io/name: clusterrole + app.kubernetes.io/name: role app.kubernetes.io/instance: compassmanagermapping-viewer-role app.kubernetes.io/component: rbac app.kubernetes.io/created-by: compass-manager diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index e21ef7a..e5b6335 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -2,6 +2,13 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: + labels: + app.kubernetes.io/name: role + app.kubernetes.io/instance: compass-manager-role + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: compass-manager + app.kubernetes.io/part-of: compass-manager + app.kubernetes.io/managed-by: kustomize name: compass-manager-role namespace: kcp-system rules: diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml index 1de0cfd..74afad5 100644 --- a/config/rbac/role_binding.yaml +++ b/config/rbac/role_binding.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: - app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/name: rolebinding app.kubernetes.io/instance: compass-manager-rolebinding app.kubernetes.io/component: rbac app.kubernetes.io/created-by: compass-manager From a2aa3a6027b81d3cbdff38ddbb9fdb8e5c92dd57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C5=82=20Foks?= Date: Mon, 13 May 2024 09:10:42 +0200 Subject: [PATCH 9/9] Apply review suggestions --- config/rbac/role.yaml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index e5b6335..e21ef7a 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -2,13 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - labels: - app.kubernetes.io/name: role - app.kubernetes.io/instance: compass-manager-role - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: compass-manager - app.kubernetes.io/part-of: compass-manager - app.kubernetes.io/managed-by: kustomize name: compass-manager-role namespace: kcp-system rules: