Bump Kubernetes API to v0.35.1 (#4042)

Also bump all dependencies.

Signed-off-by: Nahshon Unna Tsameret <nunnatsa@redhat.com>

Author: nunnatsa

config/crd/bases/hco.kubevirt.io_hyperconvergeds.yaml

@@ -464,7 +464,7 @@ spec:
                                     resources:
                                       description: |-
                                         resources represents the minimum resources the volume should have.
-                                        If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+                                        Users are allowed to specify resource requirements
                                         that are lower than previous value but must still be higher than capacity recorded in the
                                         status field of the claim.
                                         More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
@@ -2229,9 +2229,10 @@ spec:
                             operator:
                               description: |-
                                 Operator represents a key's relationship to the value.
-                                Valid operators are Exists and Equal. Defaults to Equal.
+                                Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal.
                                 Exists is equivalent to wildcard for value, so that a pod can
                                 tolerate all taints of a particular category.
+                                Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators).
                               type: string
                             tolerationSeconds:
                               description: |-
@@ -2932,16 +2933,11 @@ spec:
                       looks like this:
 
                         ciphers:
-
                           - ECDHE-ECDSA-CHACHA20-POLY1305
-
                           - ECDHE-RSA-CHACHA20-POLY1305
-
                           - ECDHE-RSA-AES128-GCM-SHA256
-
                           - ECDHE-ECDSA-AES128-GCM-SHA256
-
-                        minTLSVersion: VersionTLS11
+                        minTLSVersion: TLSv1.1
                     nullable: true
                     properties:
                       ciphers:
@@ -2955,14 +2951,13 @@ spec:
                         items:
                           type: string
                         type: array
-                        x-kubernetes-list-type: atomic
                       minTLSVersion:
                         description: |-
                           minTLSVersion is used to specify the minimal version of the TLS protocol
                           that is negotiated during the TLS handshake. For example, to use TLS
                           versions 1.1, 1.2 and 1.3 (yaml):
 
-                            minTLSVersion: VersionTLS11
+                            minTLSVersion: TLSv1.1
 
                           NOTE: currently the highest minTLSVersion allowed is VersionTLS12
                         enum:
@@ -2981,30 +2976,18 @@ spec:
                       and looks like this (yaml):
 
                         ciphers:
-
                           - TLS_AES_128_GCM_SHA256
-
                           - TLS_AES_256_GCM_SHA384
-
                           - TLS_CHACHA20_POLY1305_SHA256
-
                           - ECDHE-ECDSA-AES128-GCM-SHA256
-
                           - ECDHE-RSA-AES128-GCM-SHA256
-
                           - ECDHE-ECDSA-AES256-GCM-SHA384
-
                           - ECDHE-RSA-AES256-GCM-SHA384
-
                           - ECDHE-ECDSA-CHACHA20-POLY1305
-
                           - ECDHE-RSA-CHACHA20-POLY1305
-
                           - DHE-RSA-AES128-GCM-SHA256
-
                           - DHE-RSA-AES256-GCM-SHA384
-
-                        minTLSVersion: VersionTLS12
+                        minTLSVersion: TLSv1.2
                     nullable: true
                     type: object
                   modern:
@@ -3016,14 +2999,12 @@ spec:
                       and looks like this (yaml):
 
                         ciphers:
-
                           - TLS_AES_128_GCM_SHA256
-
                           - TLS_AES_256_GCM_SHA384
-
                           - TLS_CHACHA20_POLY1305_SHA256
+                        minTLSVersion: TLSv1.3
 
-                        minTLSVersion: VersionTLS13
+                      NOTE: Currently unsupported.
                     nullable: true
                     type: object
                   old:
@@ -3035,66 +3016,36 @@ spec:
                       and looks like this (yaml):
 
                         ciphers:
-
                           - TLS_AES_128_GCM_SHA256
-
                           - TLS_AES_256_GCM_SHA384
-
                           - TLS_CHACHA20_POLY1305_SHA256
-
                           - ECDHE-ECDSA-AES128-GCM-SHA256
-
                           - ECDHE-RSA-AES128-GCM-SHA256
-
                           - ECDHE-ECDSA-AES256-GCM-SHA384
-
                           - ECDHE-RSA-AES256-GCM-SHA384
-
                           - ECDHE-ECDSA-CHACHA20-POLY1305
-
                           - ECDHE-RSA-CHACHA20-POLY1305
-
                           - DHE-RSA-AES128-GCM-SHA256
-
                           - DHE-RSA-AES256-GCM-SHA384
-
                           - DHE-RSA-CHACHA20-POLY1305
-
                           - ECDHE-ECDSA-AES128-SHA256
-
                           - ECDHE-RSA-AES128-SHA256
-
                           - ECDHE-ECDSA-AES128-SHA
-
                           - ECDHE-RSA-AES128-SHA
-
                           - ECDHE-ECDSA-AES256-SHA384
-
                           - ECDHE-RSA-AES256-SHA384
-
                           - ECDHE-ECDSA-AES256-SHA
-
                           - ECDHE-RSA-AES256-SHA
-
                           - DHE-RSA-AES128-SHA256
-
                           - DHE-RSA-AES256-SHA256
-
                           - AES128-GCM-SHA256
-
                           - AES256-GCM-SHA384
-
                           - AES128-SHA256
-
                           - AES256-SHA256
-
                           - AES128-SHA
-
                           - AES256-SHA
-
                           - DES-CBC3-SHA
-
-                        minTLSVersion: VersionTLS10
+                        minTLSVersion: TLSv1.0
                     nullable: true
                     type: object
                   type:
@@ -4183,9 +4134,10 @@ spec:
                             operator:
                               description: |-
                                 Operator represents a key's relationship to the value.
-                                Valid operators are Exists and Equal. Defaults to Equal.
+                                Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal.
                                 Exists is equivalent to wildcard for value, so that a pod can
                                 tolerate all taints of a particular category.
+                                Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators).
                               type: string
                             tolerationSeconds:
                               description: |-
@@ -4501,7 +4453,7 @@ spec:
                                     resources:
                                       description: |-
                                         resources represents the minimum resources the volume should have.
-                                        If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+                                        Users are allowed to specify resource requirements
                                         that are lower than previous value but must still be higher than capacity recorded in the
                                         status field of the claim.
                                         More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources

controllers/alerts/serviceMonitor.go

@@ -85,23 +85,7 @@ func NewServiceMonitor(namespace string, owner metav1.OwnerReference) *monitorin
 			MatchLabels: labels,
 		},
 		Endpoints: []monitoringv1.Endpoint{
-			{
-				Port:   OperatorPortName,
-				Scheme: "https",
-				Authorization: &monitoringv1.SafeAuthorization{
-					Credentials: &corev1.SecretKeySelector{
-						LocalObjectReference: corev1.LocalObjectReference{
-							Name: secretName,
-						},
-						Key: "token",
-					},
-				},
-				TLSConfig: &monitoringv1.TLSConfig{
-					SafeTLSConfig: monitoringv1.SafeTLSConfig{
-						InsecureSkipVerify: ptr.To(true),
-					},
-				},
-			},
+			CreateEndpoint(secretName),
 		},
 	}
 
@@ -119,3 +103,30 @@ func NewServiceMonitor(namespace string, owner metav1.OwnerReference) *monitorin
 		Spec: spec,
 	}
 }
+
+func CreateEndpoint(bearerTokenSecretName string) monitoringv1.Endpoint {
+
+	return monitoringv1.Endpoint{
+		Port:   OperatorPortName,
+		Scheme: ptr.To[monitoringv1.Scheme]("https"),
+		HTTPConfigWithProxyAndTLSFiles: monitoringv1.HTTPConfigWithProxyAndTLSFiles{
+			HTTPConfigWithTLSFiles: monitoringv1.HTTPConfigWithTLSFiles{
+				HTTPConfigWithoutTLS: monitoringv1.HTTPConfigWithoutTLS{
+					Authorization: &monitoringv1.SafeAuthorization{
+						Credentials: &corev1.SecretKeySelector{
+							LocalObjectReference: corev1.LocalObjectReference{
+								Name: bearerTokenSecretName,
+							},
+							Key: "token",
+						},
+					},
+				},
+				TLSConfig: &monitoringv1.TLSConfig{
+					SafeTLSConfig: monitoringv1.SafeTLSConfig{
+						InsecureSkipVerify: ptr.To(true),
+					},
+				},
+			},
+		},
+	}
+}

controllers/commontestutils/clusterMock.go

@@ -8,12 +8,15 @@ import (
 	"k8s.io/apimachinery/pkg/api/meta"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/events"
 	"k8s.io/client-go/tools/record"
 	"sigs.k8s.io/controller-runtime/pkg/cache"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/cluster"
 )
 
+var _ cluster.Cluster = &clusterMock{}
+
 type clusterMock struct {
 	// config is the rest.config used to talk to the apiserver.  Required.
 	config *rest.Config
@@ -78,6 +81,10 @@ func (cm *clusterMock) GetEventRecorderFor(_ string) record.EventRecorder {
 	return nil
 }
 
+func (cm *clusterMock) GetEventRecorder(_ string) events.EventRecorder {
+	return nil
+}
+
 func (cm *clusterMock) GetRESTMapper() meta.RESTMapper {
 	return cm.mapper
 }

controllers/commontestutils/managerMock.go

@@ -4,7 +4,9 @@ import (
 	"context"
 	"net/http"
 
+	"k8s.io/client-go/tools/events"
 	"sigs.k8s.io/controller-runtime/pkg/config"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/conversion"
 
 	"github.com/go-logr/logr"
 	"k8s.io/apimachinery/pkg/api/meta"
@@ -19,6 +21,8 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 )
 
+var _ manager.Manager = &ManagerMock{}
+
 type ManagerMock struct {
 	runnables []manager.Runnable
 
@@ -79,6 +83,10 @@ func (mm *ManagerMock) GetConfig() *rest.Config {
 	return mm.cluster.GetConfig()
 }
 
+func (mm *ManagerMock) GetConverterRegistry() conversion.Registry {
+	return nil
+}
+
 func (mm *ManagerMock) GetClient() client.Client {
 	return mm.cluster.GetClient()
 }
@@ -99,6 +107,10 @@ func (mm *ManagerMock) GetEventRecorderFor(name string) record.EventRecorder {
 	return mm.cluster.GetEventRecorderFor(name)
 }
 
+func (mm *ManagerMock) GetEventRecorder(name string) events.EventRecorder {
+	return mm.cluster.GetEventRecorder(name)
+}
+
 func (mm *ManagerMock) GetRESTMapper() meta.RESTMapper {
 	return mm.cluster.GetRESTMapper()
 }
@@ -134,15 +146,15 @@ func (mm *ManagerMock) GetRunnables() []manager.Runnable {
 // NewManagerMock returns a new mocked Manager for unit test which involves Controller Managers
 func NewManagerMock(config *rest.Config, options manager.Options, client client.Client, logger logr.Logger) (manager.Manager, error) {
 
-	cluster, err := NewClusterMock(config, cluster.Options{Scheme: options.Scheme}, client, logger)
+	fakeCluster, err := NewClusterMock(config, cluster.Options{Scheme: options.Scheme}, client, logger)
 	if err != nil {
 		return nil, err
 	}
 
 	runnables := make([]manager.Runnable, 0)
 
 	return &ManagerMock{
-		cluster:           cluster,
+		cluster:           fakeCluster,
 		runnables:         runnables,
 		controllerOptions: options.Controller,
 		logger:            logger,

controllers/commontestutils/testClient.go

@@ -144,6 +144,8 @@ func (c *HcoTestClient) RESTMapper() meta.RESTMapper {
 	return c.client.RESTMapper()
 }
 
+var _ client.StatusWriter = &HcoTestStatusWriter{}
+
 type HcoTestStatusWriter struct {
 	client client.SubResourceWriter
 	errors TestErrors
@@ -170,6 +172,10 @@ func (sw *HcoTestStatusWriter) Patch(ctx context.Context, obj client.Object, pat
 	return sw.client.Patch(ctx, obj, patch, opts...)
 }
 
+func (sw *HcoTestStatusWriter) Apply(ctx context.Context, obj runtime.ApplyConfiguration, opts ...client.SubResourceApplyOption) error {
+	return sw.client.Apply(ctx, obj, opts...)
+}
+
 func (sw *HcoTestStatusWriter) InitiateErrors(errs ...error) {
 	sw.errors = errs
 }

controllers/webhooks/bearer-token-controller/serviceMonitor.go

@@ -2,9 +2,7 @@ package bearer_token_controller
 
 import (
 	monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
-	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/utils/ptr"
 
 	"github.com/kubevirt/hyperconverged-cluster-operator/controllers/alerts"
 )
@@ -20,23 +18,7 @@ func newServiceMonitor(namespace string, owner metav1.OwnerReference) *monitorin
 			MatchLabels: smLabels,
 		},
 		Endpoints: []monitoringv1.Endpoint{
-			{
-				Port:   alerts.OperatorPortName,
-				Scheme: "https",
-				Authorization: &monitoringv1.SafeAuthorization{
-					Credentials: &corev1.SecretKeySelector{
-						LocalObjectReference: corev1.LocalObjectReference{
-							Name: secretName,
-						},
-						Key: "token",
-					},
-				},
-				TLSConfig: &monitoringv1.TLSConfig{
-					SafeTLSConfig: monitoringv1.SafeTLSConfig{
-						InsecureSkipVerify: ptr.To(true),
-					},
-				},
-			},
+			alerts.CreateEndpoint(secretName),
 		},
 	}