kyma-project · kyma-bot · May 13, 2024 · May 8, 2024 · May 9, 2024 · May 9, 2024
@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM europe-docker.pkg.dev/kyma-project/prod/external/golang:1.22.2-alpine3.19 as builder
+FROM golang:1.22.3 as builder
 ARG TARGETOS
 ARG TARGETARCH
 

@@ -2,7 +2,7 @@
 # Image URL to use all building/pushing image targets
 IMG ?= compass-manager:latest
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
-ENVTEST_K8S_VERSION = 1.26.0
+ENVTEST_K8S_VERSION = 1.28.0
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
@@ -145,7 +145,7 @@ ENVTEST ?= $(LOCALBIN)/setup-envtest
 
 ## Tool Versions
 KUSTOMIZE_VERSION ?= v4.5.6
-CONTROLLER_TOOLS_VERSION ?= v0.11.2
+CONTROLLER_TOOLS_VERSION ?= v0.14.0
 
 KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
 .PHONY: kustomize

@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.11.2
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: compassmanagermappings.operator.kyma-project.io
 spec:
   group: operator.kyma-project.io
@@ -22,14 +21,19 @@ spec:
           API
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object

@@ -1,15 +1,16 @@
 # permissions for end users to edit compassmanagers.
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
+kind: Role
 metadata:
   labels:
-    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/name: role
     app.kubernetes.io/instance: compassmanager-editor-role
     app.kubernetes.io/component: rbac
     app.kubernetes.io/created-by: compass-manager
     app.kubernetes.io/part-of: compass-manager
     app.kubernetes.io/managed-by: kustomize
   name: compassmanager-editor-role
+  namespace: kcp-system
 rules:
 - apiGroups:
   - operator.kyma-project.io

@@ -1,15 +1,16 @@
 # permissions for end users to view compassmanagers.
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
+kind: Role
 metadata:
   labels:
-    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/name: role
     app.kubernetes.io/instance: compassmanager-viewer-role
     app.kubernetes.io/component: rbac
     app.kubernetes.io/created-by: compass-manager
     app.kubernetes.io/part-of: compass-manager
     app.kubernetes.io/managed-by: kustomize
   name: compassmanager-viewer-role
+  namespace: kcp-system
 rules:
 - apiGroups:
   - operator.kyma-project.io

@@ -1,15 +1,16 @@
 # permissions for end users to edit compassmanagermappings.
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
+kind: Role
 metadata:
   labels:
-    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/name: role
     app.kubernetes.io/instance: compassmanagermapping-editor-role
     app.kubernetes.io/component: rbac
     app.kubernetes.io/created-by: compass-manager
     app.kubernetes.io/part-of: compass-manager
     app.kubernetes.io/managed-by: kustomize
   name: compassmanagermapping-editor-role
+  namespace: kcp-system
 rules:
 - apiGroups:
   - operator.kyma-project.io

@@ -1,15 +1,16 @@
 # permissions for end users to view compassmanagermappings.
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
+kind: Role
 metadata:
   labels:
-    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/name: role
     app.kubernetes.io/instance: compassmanagermapping-viewer-role
     app.kubernetes.io/component: rbac
     app.kubernetes.io/created-by: compass-manager
     app.kubernetes.io/part-of: compass-manager
     app.kubernetes.io/managed-by: kustomize
   name: compassmanagermapping-viewer-role
+  namespace: kcp-system
 rules:
 - apiGroups:
   - operator.kyma-project.io

@@ -10,6 +10,7 @@ metadata:
     app.kubernetes.io/part-of: compass-manager
     app.kubernetes.io/managed-by: kustomize
   name: compass-manager-le-role
+  namespace: kcp-system
 rules:
 - apiGroups:
   - ""

@@ -1,18 +1,10 @@
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
+kind: Role
 metadata:
-  creationTimestamp: null
   name: compass-manager-role
+  namespace: kcp-system
 rules:
-- apiGroups:
-  - apiextensions.k8s.io
-  resources:
-  - customresourcedefinitions
-  verbs:
-  - get
-  - list
-  - watch
 - apiGroups:
   - ""
   resources:

@@ -1,19 +1,20 @@
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
+kind: RoleBinding
 metadata:
   labels:
-    app.kubernetes.io/name: clusterrolebinding
+    app.kubernetes.io/name: rolebinding
     app.kubernetes.io/instance: compass-manager-rolebinding
     app.kubernetes.io/component: rbac
     app.kubernetes.io/created-by: compass-manager
     app.kubernetes.io/part-of: compass-manager
     app.kubernetes.io/managed-by: kustomize
   name: compass-manager-rolebinding
+  namespace: kcp-system
 roleRef:
   apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
+  kind: Role
   name: compass-manager-role
 subjects:
 - kind: ServiceAccount
   name: compass-manager
-  namespace: kcp-system
+  namespace: kcp-system
@@ -57,12 +57,11 @@ func (e *DirectorError) Error() string {
 	return fmt.Sprintf("error from director: %s", e.message)
 }
 
-//+kubebuilder:rbac:groups=apiextensions.k8s.io,resources=customresourcedefinitions,verbs=get;list;watch
-//+kubebuilder:rbac:groups=operator.kyma-project.io,resources=kymas,verbs=get;list;watch
-//+kubebuilder:rbac:groups=operator.kyma-project.io,resources=compassmanagermappings,verbs=create;get;list;delete;watch;update
-//+kubebuilder:rbac:groups=operator.kyma-project.io,resources=compassmanagermappings/status,verbs=get;update;patch
-//+kubebuilder:rbac:groups=operator.kyma-project.io,resources=compassmanagermappings/finalizers,verbs=update;get
-//+kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch
+//+kubebuilder:rbac:groups=operator.kyma-project.io,resources=kymas,verbs=get;list;watch,namespace=kcp-system
+//+kubebuilder:rbac:groups=operator.kyma-project.io,resources=compassmanagermappings,verbs=create;get;list;delete;watch;update,namespace=kcp-system
+//+kubebuilder:rbac:groups=operator.kyma-project.io,resources=compassmanagermappings/status,verbs=get;update;patch,namespace=kcp-system
+//+kubebuilder:rbac:groups=operator.kyma-project.io,resources=compassmanagermappings/finalizers,verbs=update;get,namespace=kcp-system
+//+kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch,namespace=kcp-system
 
 //go:generate mockery --name=Configurator
 type Configurator interface {

@@ -1,6 +1,6 @@
 module github.com/kyma-project/compass-manager
 
-go 1.22.2
+go 1.22.3
 
 require (
 	github.com/99designs/gqlgen v0.17.43
@@ -232,15 +232,15 @@ require (
 	go.step.sm/crypto v0.44.2 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
-	golang.org/x/crypto v0.22.0 // indirect
+	golang.org/x/crypto v0.23.0 // indirect
 	golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect
 	golang.org/x/mod v0.17.0 // indirect
-	golang.org/x/net v0.24.0 // indirect
+	golang.org/x/net v0.25.0 // indirect
 	golang.org/x/oauth2 v0.19.0 // indirect
 	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/sys v0.19.0 // indirect
-	golang.org/x/term v0.19.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/sys v0.20.0 // indirect
+	golang.org/x/term v0.20.0 // indirect
+	golang.org/x/text v0.15.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/tools v0.20.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect

@@ -920,6 +920,8 @@ golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
 golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
+golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
+golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.19.0 h1:9+E/EZBCbTLNrbN35fHv/a/d/mOBatymz1zbtQrXpIg=
 golang.org/x/oauth2 v0.19.0/go.mod h1:vYi7skDa1x015PmRRYZ7+s1cWyPgrPiSYRe4rnsexc8=
@@ -943,6 +945,8 @@ golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
 golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q=
 golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk=
+golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw=
+golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=

@@ -19,12 +19,16 @@ import (
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"github.com/vrischmann/envconfig"
+	corev1 "k8s.io/api/core/v1"
+	k8slabels "k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apimachinery/pkg/util/yaml"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/cache"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
@@ -95,6 +99,7 @@ func main() {
 		HealthProbeBindAddress: probeAddr,
 		LeaderElection:         enableLeaderElection,
 		LeaderElectionID:       "2647ec81.kyma-project.io",
+		Cache:                  setCacheOptions(),
 	})
 	if err != nil {
 		setupLog.Error(err, "unable to start manager")
@@ -192,3 +197,26 @@ func exitOnError(err error, context string) {
 		log.Fatal(wrappedError)
 	}
 }
+
+func setCacheOptions() cache.Options {
+	return cache.Options{
+		ByObject: map[client.Object]cache.ByObject{
+			&corev1.Secret{}: {
+				Label: k8slabels.Everything(),
+				Namespaces: map[string]cache.Config{
+					"kcp-system": {},
+				},
+			},
+			&kyma.Kyma{}: {
+				Namespaces: map[string]cache.Config{
+					"kcp-system": {},
+				},
+			},
+			&v1beta1.CompassManagerMapping{}: {
+				Namespaces: map[string]cache.Config{
+					"kcp-system": {},
+				},
+			},
+		},
+	}
+}