Merge pull request #509 from redhatrises/sdk_update

feat: update to operator-sdk 1.34.1

Makefile

@@ -48,12 +48,12 @@ endif
 
 # Set the Operator SDK version to use. By default, what is installed on the system is used.
 # This is useful for CI or a project to utilize a specific version of the operator-sdk toolkit.
-OPERATOR_SDK_VERSION ?= v1.33.0
+OPERATOR_SDK_VERSION ?= v1.34.1
 
 # Image URL to use all building/pushing image targets
 IMG ?= controller:latest
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
-ENVTEST_K8S_VERSION = 1.27.1
+ENVTEST_K8S_VERSION = 1.28.3
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
@@ -123,9 +123,11 @@ vet: ## Run go vet against code.
 test: manifests generate fmt vet envtest ## Run tests.
 	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test $$(go list ./... | grep -v /test/) -coverprofile cover.out
 
-.PHONY: test-e2e # You will need to have a Kind cluster up in running to run this target
+# Utilize Kind or modify the e2e tests to load the image locally, enabling compatibility with other vendors.
+.PHONY: test-e2e  # Run the e2e tests against a Kind k8s instance that is spun up.
 test-e2e:
 	go test ./test/e2e/ -v -ginkgo.v
+
 GOLANGCI_LINT = $(shell pwd)/bin/golangci-lint
 GOLANGCI_LINT_VERSION ?= v1.54.2
 golangci-lint:
@@ -217,8 +219,8 @@ CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
 ENVTEST ?= $(LOCALBIN)/setup-envtest
 
 ## Tool Versions
-KUSTOMIZE_VERSION ?= v5.0.1
-CONTROLLER_TOOLS_VERSION ?= v0.12.0
+KUSTOMIZE_VERSION ?= v5.2.1
+CONTROLLER_TOOLS_VERSION ?= v0.13.0
 
 .PHONY: kustomize
 kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. If wrong version is installed, it will be removed before downloading.
@@ -259,7 +261,7 @@ endif
 
 .PHONY: bundle
 bundle: manifests kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files.
-	$(OPERATOR_SDK) generate kustomize manifests -q --apis-dir api
+	$(OPERATOR_SDK) generate kustomize manifests -q
 	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
 	$(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle $(BUNDLE_GEN_FLAGS)
 	$(OPERATOR_SDK) bundle validate ./bundle
@@ -281,7 +283,7 @@ ifeq (,$(shell which opm 2>/dev/null))
 	set -e ;\
 	mkdir -p $(dir $(OPM)) ;\
 	OS=$(shell go env GOOS) && ARCH=$(shell go env GOARCH) && \
-	curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.29.0/$${OS}-$${ARCH}-opm ;\
+	curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.23.0/$${OS}-$${ARCH}-opm ;\
 	chmod +x $(OPM) ;\
 	}
 else

api/falcon/v1alpha1/zz_generated.deepcopy.go

@@ -1,5 +1,4 @@
 //go:build !ignore_autogenerated
-// +build !ignore_autogenerated
 
 /*
 

config/crd/bases/falcon.crowdstrike.com_falconadmissions.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.0
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: falconadmissions.falcon.crowdstrike.com
 spec:
   group: falcon.crowdstrike.com

config/crd/bases/falcon.crowdstrike.com_falconcontainers.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.0
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: falconcontainers.falcon.crowdstrike.com
 spec:
   group: falcon.crowdstrike.com

config/crd/bases/falcon.crowdstrike.com_falconimages.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.0
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: falconimages.falcon.crowdstrike.com
 spec:
   group: falcon.crowdstrike.com

config/crd/bases/falcon.crowdstrike.com_falconnodesensors.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.0
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: falconnodesensors.falcon.crowdstrike.com
 spec:
   group: falcon.crowdstrike.com

config/crd/kustomization.yaml

@@ -25,6 +25,8 @@ patches:
 #- path: patches/cainjection_in_falconimages.yaml
 #+kubebuilder:scaffold:crdkustomizecainjectionpatch
 
+# [WEBHOOK] To enable webhook, uncomment the following section
 # the following config is for teaching kustomize how to do kustomization for CRDs.
-configurations:
-- kustomizeconfig.yaml
+
+#configurations:
+#- kustomizeconfig.yaml

config/default/kustomization.yaml

@@ -26,20 +26,20 @@ resources:
 # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
 #- ../prometheus
 
-patchesStrategicMerge:
+patches:
 # Protect the /metrics endpoint by putting it behind auth.
 # If you want your controller-manager to expose the /metrics
 # endpoint w/o any authn/z, please comment the following line.
-- manager_auth_proxy_patch.yaml
+- path: manager_auth_proxy_patch.yaml
 
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
-#- manager_webhook_patch.yaml
+#- path: manager_webhook_patch.yaml
 
 # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
 # Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
 # 'CERTMANAGER' needs to be enabled to use ca injection
-#- webhookcainjection_patch.yaml
+#- path: webhookcainjection_patch.yaml
 
 # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
 # Uncomment the following replacements to add the cert-manager CA injection annotations

config/default/manager_auth_proxy_patch.yaml

@@ -30,8 +30,8 @@ spec:
           allowPrivilegeEscalation: false
           capabilities:
             drop:
-              - "ALL"
-        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.1
+            - "ALL"
+        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0
         args:
         - "--secure-listen-address=0.0.0.0:8443"
         - "--upstream=http://127.0.0.1:8080/"
@@ -48,3 +48,8 @@ spec:
           requests:
             cpu: 5m
             memory: 64Mi
+      - name: manager
+        args:
+        - "--health-probe-bind-address=:8081"
+        - "--metrics-bind-address=127.0.0.1:8080"
+        - "--leader-elect"

config/manager/manager.yaml

@@ -56,9 +56,8 @@ spec:
                       - linux
       securityContext:
         runAsNonRoot: true
-        # Uncomment the following code when OpenShift < 4.11 is no longer supported.
-        # seccompProfile:
-        #   type: RuntimeDefault
+        seccompProfile:
+          type: RuntimeDefault
       containers:
       - command:
         - /manager

config/manifests/bases/falcon-operator.clusterserviceversion.yaml

@@ -590,7 +590,7 @@ spec:
   - email: [email protected]
     name: CrowdStrike Solutions Architecture
   maturity: alpha
-  minKubeVersion: 1.17.0
+  minKubeVersion: 1.22.0
   provider:
     name: CrowdStrike
     url: https://crowdStrike.com

config/non-olm/kustomization.yaml

@@ -9,13 +9,15 @@ namespace: falcon-operator
 namePrefix: falcon-operator-
 
 # Labels to add to all resources and selectors.
-#commonLabels:
-#  someName: someValue
+#labels:
+#- includeSelectors: true
+#  pairs:
+#    someName: someValue
 
-bases:
-  - ../crd
-  - ../rbac
-  - ../manager
+resources:
+- ../crd
+- ../rbac
+- ../manager
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
 #- ../webhook
@@ -24,24 +26,11 @@ bases:
 # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
 #- ../prometheus
 
-patchesStrategicMerge:
-  - patches/auth_proxy_client_clusterrole.yaml
-  - patches/auth_proxy_role.yaml
-  - patches/auth_proxy_role_binding.yaml
-  - patches/auth_proxy_service.yaml
-  - patches/manager_patch.yaml
-  - patches/namespace_patch.yaml
-  - patches/falconnodesensor_role.yaml
-
-# Since the WATCH_NAMESPACE value needs to be null for terraform, we need to use a JSON Patch
-# to add a null value, because kustomize will strip it. When kustomize version 5 or greater is used
-# this patch can be revisited and probably removed.
-patchesJson6902:
-  - target:
-      version: v1
-      kind: Deployment
-      name: controller-manager
-    patch: |-
-      - op: add
-        path: /spec/template/spec/containers/0/env/0/value
-        value: null
+patches:
+- path: patches/auth_proxy_client_clusterrole.yaml
+- path: patches/auth_proxy_role.yaml
+- path: patches/auth_proxy_role_binding.yaml
+- path: patches/auth_proxy_service.yaml
+- path: patches/manager_patch.yaml
+- path: patches/namespace_patch.yaml
+- path: patches/falconnodesensor_role.yaml

config/scorecard/patches/basic.config.yaml

@@ -4,7 +4,7 @@
     entrypoint:
     - scorecard-test
     - basic-check-spec
-    image: quay.io/operator-framework/scorecard-test:v1.33.0
+    image: quay.io/operator-framework/scorecard-test:v1.34.1
     labels:
       suite: basic
       test: basic-check-spec-test

config/scorecard/patches/olm.config.yaml

@@ -4,7 +4,7 @@
     entrypoint:
     - scorecard-test
     - olm-bundle-validation
-    image: quay.io/operator-framework/scorecard-test:v1.33.0
+    image: quay.io/operator-framework/scorecard-test:v1.34.1
     labels:
       suite: olm
       test: olm-bundle-validation-test
@@ -14,7 +14,7 @@
     entrypoint:
     - scorecard-test
     - olm-crds-have-validation
-    image: quay.io/operator-framework/scorecard-test:v1.33.0
+    image: quay.io/operator-framework/scorecard-test:v1.34.1
     labels:
       suite: olm
       test: olm-crds-have-validation-test
@@ -24,7 +24,7 @@
     entrypoint:
     - scorecard-test
     - olm-crds-have-resources
-    image: quay.io/operator-framework/scorecard-test:v1.33.0
+    image: quay.io/operator-framework/scorecard-test:v1.34.1
     labels:
       suite: olm
       test: olm-crds-have-resources-test
@@ -34,7 +34,7 @@
     entrypoint:
     - scorecard-test
     - olm-spec-descriptors
-    image: quay.io/operator-framework/scorecard-test:v1.33.0
+    image: quay.io/operator-framework/scorecard-test:v1.34.1
     labels:
       suite: olm
       test: olm-spec-descriptors-test
@@ -44,7 +44,7 @@
     entrypoint:
     - scorecard-test
     - olm-status-descriptors
-    image: quay.io/operator-framework/scorecard-test:v1.33.0
+    image: quay.io/operator-framework/scorecard-test:v1.34.1
     labels:
       suite: olm
       test: olm-status-descriptors-test

deploy/falcon-operator.yaml

@@ -17,7 +17,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.0
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: falconadmissions.falcon.crowdstrike.com
 spec:
   group: falcon.crowdstrike.com
@@ -563,7 +563,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.0
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: falconcontainers.falcon.crowdstrike.com
 spec:
   group: falcon.crowdstrike.com
@@ -2570,7 +2570,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.0
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: falconimages.falcon.crowdstrike.com
 spec:
   group: falcon.crowdstrike.com
@@ -2619,7 +2619,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.0
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: falconnodesensors.falcon.crowdstrike.com
 spec:
   group: falcon.crowdstrike.com
@@ -3828,7 +3828,6 @@ spec:
         - /manager
         env:
         - name: WATCH_NAMESPACE
-          value: null
         - name: OPERATOR_NAME
           value: falcon-operator
         image: quay.io/crowdstrike/falcon-operator:0.9.1
@@ -3861,5 +3860,7 @@ spec:
       securityContext:
         fsGroup: 65534
         runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
       serviceAccountName: falcon-operator-controller-manager
       terminationGracePeriodSeconds: 10

docs/developer_guide.md

@@ -6,7 +6,7 @@ The following tools are required to develop the Falcon Operator:
 
 - [git][git-tool]
 - [go][go-tool] version 1.20
-- [operator-sdk][operator-sdk] version 1.33.0
+- [operator-sdk][operator-sdk] version 1.34.1
 - [docker][docker] (required for multi-arch builds) or [podman][podman] (if desired for single arch builds)
 
 Running `make` at any point will install additional tooling and go dependencies as required by the various `Makefile` targets. For example: