Update Operator SDK to v1.22.2 (#28)

lucacome · web-flow · commit 2fcba594a8ff · 2022-08-02T09:05:28.000-07:00
diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml
@@ -63,4 +63,4 @@ template: |
   ## Compatibility
 
   - NGINX Ingress Controller NIC_VERSION_REPLACE_ME!
-  - Openshift 4.5 or newer.
+  - OpenShift 4.5 or newer.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM quay.io/operator-framework/helm-operator:v1.22.0
+FROM quay.io/operator-framework/helm-operator:v1.22.2
 
 ARG VERSION
 
diff --git a/Makefile b/Makefile
@@ -130,7 +130,7 @@ ifeq (,$(shell which helm-operator 2>/dev/null))
 	@{ \
 	set -e ;\
 	mkdir -p $(dir $(HELM_OPERATOR)) ;\
-	curl -sSLo $(HELM_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.16.0/helm-operator_$(OS)_$(ARCH) ;\
+	curl -sSLo $(HELM_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.22.2/helm-operator_$(OS)_$(ARCH) ;\
 	chmod +x $(HELM_OPERATOR) ;\
 	}
 else
@@ -140,9 +140,11 @@ endif
 
 .PHONY: bundle
 bundle: kustomize ## Generate bundle manifests and metadata, then validate generated files.
-	operator-sdk generate kustomize manifests -q
+	operator-sdk generate kustomize manifests --interactive=false -q
 	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
-	$(KUSTOMIZE) build config/manifests | operator-sdk generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS)
+	$(KUSTOMIZE) build config/manifests | operator-sdk generate bundle $(BUNDLE_GEN_FLAGS)
+	@printf "%s\n" '' 'LABEL com.redhat.openshift.versions="v4.6"' 'LABEL com.redhat.delivery.operator.bundle=true' 'LABEL com.redhat.delivery.backport=true' >> bundle.Dockerfile
+	@printf "%s\n" '' '  # OpenShift annotations.' '  com.redhat.openshift.versions: v4.6' >> bundle/metadata/annotations.yaml
 	operator-sdk bundle validate ./bundle
 
 .PHONY: bundle-build
@@ -161,7 +163,7 @@ ifeq (,$(shell which opm 2>/dev/null))
 	@{ \
 	set -e ;\
 	mkdir -p $(dir $(OPM)) ;\
-	curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.19.1/$(OS)-$(ARCH)-opm ;\
+	curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.23.0/$${OS}-$${ARCH}-opm ;\
 	chmod +x $(OPM) ;\
 	}
 else
diff --git a/README.md b/README.md
@@ -8,7 +8,7 @@ Learn more about operators in the [Kubernetes Documentation](https://kubernetes.
 
 To install a specific version of the NGINX Ingress Controller with the operator, a specific version of the NGINX Ingress Operator is required.
 
-Up until version 0.5.1, this Operator was Go based. Version 1.0.0 marks an uncompatible upgrade as this release swtiched the Operator to being Helm-based, built from the [NGINX Ingress Controller Helm chart](http://helm.nginx.com/#nginx-ingress-controller). The configuration for the Helm chart can be seen in the [NGINX Ingress Controller documentation](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-helm/#configuration).
+Up until version 0.5.1, this Operator was Go based. Version 1.0.0 marks an incompatible upgrade as this release switched the Operator to being Helm-based, built from the [NGINX Ingress Controller Helm chart](http://helm.nginx.com/#nginx-ingress-controller). The configuration for the Helm chart can be seen in the [NGINX Ingress Controller documentation](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-helm/#configuration).
 
 The following table shows the relation between the versions of the two projects:
 
@@ -32,10 +32,10 @@ Note: The NGINX Ingress Operator works only for NGINX Ingress Controller version
 
 1. Install the NGINX Ingress Operator. See [docs](./docs/installation.md).
    <br> NOTE: To use TransportServers as part of your NGINX Ingress Controller configuration, a GlobalConfiguration resource must be created *before* starting the Operator - [see the notes](./examples/deployment-oss-min/README.md#TransportServers)
-2. Create a default server secret on the cluster - an example yaml for this can be found in the [examples folder](https://github.com/nginxinc/nginx-ingress-helm-operator/blob/v1.0.0/examples/default-server-secret.yaml)
+2. Create a default server secret on the cluster - an example yaml for this can be found in the [examples folder](https://github.com/nginxinc/nginx-ingress-helm-operator/blob/v1.1.0/examples/default-server-secret.yaml)
 3. (If using OpenShift) Create the scc resource on the cluster by applying the scc.yaml file found in the `resources` folder of this repo:
   ```shell
-  kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-ingress-operator-helm/v1.0.0/resources/scc.yaml
+  kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-ingress-operator-helm/v1.1.0/resources/scc.yaml
   ```
 4. Deploy a new NGINX Ingress Controller using the [NginxIngress](./config/samples/charts_v1alpha1_nginxingress.yaml) Custom Resource:
     * Use the name of the default server secret created above for `controller.defaultTLS.secret` field (needs to be in the form `namespace/name`)
@@ -61,15 +61,15 @@ See [upgrade docs](./docs/upgrades)
 ## NGINX Ingress Operator Releases
 We publish NGINX Ingress Operator releases on GitHub. See our [releases page](https://github.com/nginxinc/nginx-ingress-helm-operator/releases).
 
-The latest stable release is [1.0.0](https://github.com/nginxinc/nginx-ingress-helm-operator/releases/tag/v1.0.0). For production use, we recommend that you choose the latest stable release.
+The latest stable release is [1.1.0](https://github.com/nginxinc/nginx-ingress-helm-operator/releases/tag/v1.1.0). For production use, we recommend that you choose the latest stable release.
 
 ## Development
 
 It is possible to run the operator in your local machine. This is useful for testing or during development.
 
 ### Run Operator locally
 
-1. Have access to a Kubernetes/Openshift cluster.
+1. Have access to a Kubernetes/OpenShift cluster.
 1. Apply the IC CRD:
    ```
     make install
diff --git a/bundle.Dockerfile b/bundle.Dockerfile
@@ -7,7 +7,7 @@ LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
 LABEL operators.operatorframework.io.bundle.package.v1=nginx-ingress-operator
 LABEL operators.operatorframework.io.bundle.channels.v1=alpha
 LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha
-LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.16.0-ocp
+LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.22.2
 LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
 LABEL operators.operatorframework.io.metrics.project_layout=helm.sdk.operatorframework.io/v1
 
diff --git a/bundle/manifests/nginx-ingress-operator.clusterserviceversion.yaml b/bundle/manifests/nginx-ingress-operator.clusterserviceversion.yaml
@@ -33,7 +33,6 @@ metadata:
               },
               "enableCertManager": false,
               "enableCustomResources": true,
-              "enableExternalDNS": false,
               "enableLatencyMetrics": false,
               "enableOIDC": false,
               "enablePreviewPolicies": false,
@@ -147,7 +146,7 @@ metadata:
     description: The NGINX Ingress Operator is a Kubernetes/OpenShift component which
       deploys and manages one or more NGINX/NGINX Plus Ingress Controllers
     operatorframework.io/suggested-namespace: nginx-ingress
-    operators.operatorframework.io/builder: operator-sdk-v1.16.0-ocp
+    operators.operatorframework.io/builder: operator-sdk-v1.22.2
     operators.operatorframework.io/project_layout: helm.sdk.operatorframework.io/v1
     repository: https://github.com/nginxinc/nginx-ingress-helm-operator
     support: NGINX Inc.
@@ -292,7 +291,9 @@ spec:
           - create
         serviceAccountName: nginx-ingress-operator-controller-manager
       deployments:
-      - name: nginx-ingress-operator-controller-manager
+      - label:
+          control-plane: controller-manager
+        name: nginx-ingress-operator-controller-manager
         spec:
           replicas: 1
           selector:
@@ -307,6 +308,29 @@ spec:
                 control-plane: controller-manager
             spec:
               containers:
+              - args:
+                - --secure-listen-address=0.0.0.0:8443
+                - --upstream=http://127.0.0.1:8080/
+                - --logtostderr=true
+                - --v=0
+                image: gcr.io/kubebuilder/kube-rbac-proxy:v0.11.0
+                name: kube-rbac-proxy
+                ports:
+                - containerPort: 8443
+                  name: https
+                  protocol: TCP
+                resources:
+                  limits:
+                    cpu: 500m
+                    memory: 128Mi
+                  requests:
+                    cpu: 5m
+                    memory: 64Mi
+                securityContext:
+                  allowPrivilegeEscalation: false
+                  capabilities:
+                    drop:
+                    - ALL
               - args:
                 - --health-probe-bind-address=:8081
                 - --metrics-bind-address=127.0.0.1:8080
@@ -335,20 +359,13 @@ spec:
                     memory: 128Mi
                 securityContext:
                   allowPrivilegeEscalation: false
-              - args:
-                - --secure-listen-address=0.0.0.0:8443
-                - --upstream=http://127.0.0.1:8080/
-                - --logtostderr=true
-                - --v=10
-                image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
-                name: kube-rbac-proxy
-                ports:
-                - containerPort: 8443
-                  name: https
-                  protocol: TCP
-                resources: {}
+                  capabilities:
+                    drop:
+                    - ALL
               securityContext:
                 runAsNonRoot: true
+                seccompProfile:
+                  type: RuntimeDefault
               serviceAccountName: nginx-ingress-operator-controller-manager
               terminationGracePeriodSeconds: 10
       permissions:
diff --git a/bundle/metadata/annotations.yaml b/bundle/metadata/annotations.yaml
@@ -6,7 +6,7 @@ annotations:
   operators.operatorframework.io.bundle.package.v1: nginx-ingress-operator
   operators.operatorframework.io.bundle.channels.v1: alpha
   operators.operatorframework.io.bundle.channel.default.v1: alpha
-  operators.operatorframework.io.metrics.builder: operator-sdk-v1.16.0-ocp
+  operators.operatorframework.io.metrics.builder: operator-sdk-v1.22.2
   operators.operatorframework.io.metrics.mediatype.v1: metrics+v1
   operators.operatorframework.io.metrics.project_layout: helm.sdk.operatorframework.io/v1
 
diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml
@@ -10,16 +10,28 @@ spec:
     spec:
       containers:
       - name: kube-rbac-proxy
-        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+              - "ALL"
+        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.11.0
         args:
         - "--secure-listen-address=0.0.0.0:8443"
         - "--upstream=http://127.0.0.1:8080/"
         - "--logtostderr=true"
-        - "--v=10"
+        - "--v=0"
         ports:
         - containerPort: 8443
           protocol: TCP
           name: https
+        resources:
+          limits:
+            cpu: 500m
+            memory: 128Mi
+          requests:
+            cpu: 5m
+            memory: 64Mi
       - name: manager
         args:
         - "--health-probe-bind-address=:8081"
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -26,6 +26,8 @@ spec:
     spec:
       securityContext:
         runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
       containers:
       - args:
         - --leader-elect
@@ -34,6 +36,9 @@ spec:
         name: manager
         securityContext:
           allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+              - "ALL"
         livenessProbe:
           httpGet:
             path: /healthz
diff --git a/docs/installation.md b/docs/installation.md
@@ -1,7 +1,7 @@
 # Installation
 
 We currently support 2 methods of installation:
-1. [Installation in an Openshift cluster](./openshift-installation.md) using the [OLM](https://github.com/operator-framework/operator-lifecycle-manager).
-1. [Manual installation](./manual-installation.md) in a Kubernetes or Openshift cluster by manually deploying the operator manifests.
-   
+1. [Installation in an OpenShift cluster](./openshift-installation.md) using the [OLM](https://github.com/operator-framework/operator-lifecycle-manager).
+1. [Manual installation](./manual-installation.md) in a Kubernetes or OpenShift cluster by manually deploying the operator manifests.
+
 After installation, use the [sample CR definition](../config/samples/charts_v1alpha1_nginxingress.yaml) to deploy the NGINX Ingress Controller using the operator.
diff --git a/docs/manual-installation.md b/docs/manual-installation.md
@@ -8,17 +8,17 @@ This will deploy the operator in the `nginx-ingress-operator-system` namespace.
     ```
     git clone https://github.com/nginxinc/nginx-ingress-helm-operator/
     cd nginx-ingress-helm-operator/
-    git checkout v1.0.0
+    git checkout v1.1.0
     ```
 
-   2. `Openshift` To deploy the Operator and associated resources to an OpenShift environment, run:
+   2. `OpenShift` To deploy the Operator and associated resources to an OpenShift environment, run:
     ```
-    make deploy IMG=nginx/nginx-ingress-operator:1.0.0
+    make deploy IMG=nginx/nginx-ingress-operator:1.1.0
     ```
 
    3. Alternatively, to deploy the Operator and associated resources to all other environments:
     ```
-    make deploy IMG=nginx/nginx-ingress-operator:1.0.0
+    make deploy IMG=nginx/nginx-ingress-operator:1.1.0
     ```
 
 2. Check that the Operator is running:
@@ -29,8 +29,8 @@ This will deploy the operator in the `nginx-ingress-operator-system` namespace.
     nginx-ingress-operator-controller-manager   1/1     1            1           15s
     ```
 
-3. `Openshift` Additional steps:
+3. `OpenShift` Additional steps:
 
 In order to deploy NGINX Ingress Controller instances into OpenShift environments, a new SCC is required to be created on the cluster which will be used to bind the specific required capabilities to the NGINX Ingress service account(s). To do so, please run the following command (assuming you are logged in with administrator access to the cluster):
 
-`kubectl -f https://github.com/nginxinc/nginx-ingress-helm-operator/v1.0.0/resources/scc.yaml`
+`kubectl -f https://raw.githubusercontent.com/nginxinc/nginx-ingress-helm-operator/v1.1.0/resources/scc.yaml`
diff --git a/docs/openshift-installation.md b/docs/openshift-installation.md
@@ -1,26 +1,26 @@
-# Installation in an Openshift cluster using the OLM
+# Installation in an OpenShift cluster using the OLM
 
-This installation method is the recommended way for Openshift users. **Note**: Openshift version must be 4.2 or higher.
+This installation method is the recommended way for OpenShift users. **Note**: OpenShift version must be 4.2 or higher.
 
 **Note: The `nginx-ingress-operator` supports `Basic Install` only - we do not support auto-updates. When you are installing the Operator using the OLM, the auto-update feature should be disabled to avoid breaking changes being auto-applied. In OpenShift, this can be done by setting the `Approval Strategy` to `Manual`. Please see the [Operator SDK docs](https://sdk.operatorframework.io/docs/advanced-topics/operator-capabilities/operator-capabilities/) for more details on the Operator Capability Levels.**
 
 The NGINX Ingress Operator is a [RedHat certified Operator](https://connect.redhat.com/en/partner-with-us/red-hat-openshift-operator-certification).
 
-1. In the Openshift dashboard, click `Operators` > `Operator Hub` in the left menu and use the search box to type `nginx ingress`:
+1. In the OpenShift dashboard, click `Operators` > `Operator Hub` in the left menu and use the search box to type `nginx ingress`:
 ![alt text](./images/openshift1.png "Operators")
 1. Click the `NGINX Ingress Operator` and click `Install`:
 ![alt text](./images/openshift2.png "NGINX Ingress Operator")
 1. Click `Subscribe`:
 ![alt text](./images/openshift3.png "NGINX Ingress Operator Install")
 
-Openshift will install the NGINX Ingress Operator:
+OpenShift will install the NGINX Ingress Operator:
 
 ![alt text](./images/openshift4.png "NGINX Ingress Operator Subscribe")
 
 Additional steps:
 
 In order to deploy NGINX Ingress Controller instances into OpenShift environments, a new SCC is required to be created on the cluster which will be used to bind the specific required capabilities to the NGINX Ingress service account(s). To do so, please run the following command (assuming you are logged in with administrator access to the cluster):
 
-`kubectl -f https://github.com/nginxinc/nginx-ingress-helm-operator/v1.0.0/resources/scc.yaml`
+`kubectl -f https://raw.githubusercontent.com/nginxinc/nginx-ingress-helm-operator/v1.1.0/resources/scc.yaml`
 
 You can now deploy the NGINX Ingress Controller instances.
diff --git a/examples/deployment-oss-min/README.md b/examples/deployment-oss-min/README.md
@@ -12,31 +12,31 @@ If you would like to use TransportServers, refer to [this section](README.md#Tra
 1. Create a new namespace for our Ingress Controller instance:
     ```
     kubectl create -f ns.yaml
-    ```  
+    ```
 
-2. Create a new NginxIngressController resource that defines our NGINX Ingress Controller instance (**Note**: If using Openshift, change the `image.tag` to `edge-ubi`):
+2. Create a new NginxIngressController resource that defines our NGINX Ingress Controller instance (**Note**: If using OpenShift, change the `image.tag` to `edge-ubi`):
     ```
     kubectl create -f nginx-ingress-controller.yaml
     ```
 
- 
 
-This will deploy an NGINX Ingress Controller instance using a [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/) in the `my-nginx-controller` namespace. 
+
+This will deploy an NGINX Ingress Controller instance using a [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/) in the `my-nginx-controller` namespace.
 
 3. Check if all resources were deployed:
 
     ```
     kubectl -n my-nginx-ingress  get all
-    
+
     NAME                                               READY   STATUS    RESTARTS   AGE
     pod/my-nginx-ingress-controller-666854fb5f-f67fs   1/1     Running   0          3s
-    
+
     NAME                                  TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
     service/my-nginx-ingress-controller   NodePort   10.103.105.52   <none>        80:30298/TCP,443:32576/TCP   3s
-    
+
     NAME                                          READY   UP-TO-DATE   AVAILABLE   AGE
     deployment.apps/my-nginx-ingress-controller   1/1     1            1           4s
-    
+
     NAME                                                     DESIRED   CURRENT   READY   AGE
     replicaset.apps/my-nginx-ingress-controller-666854fb5f   1         1         1       4s
     ```
@@ -48,17 +48,17 @@ For more information about how to configure the NGINX Ingress Controller, check
 1. Delete the NginxIngressController:
     ```
     kubectl delete -f nginx-ingress-controller.yaml
-    ``` 
+    ```
 
 1. Delete the namespace:
     ```
     kubectl delete namespace my-nginx-ingress
     ```
-   
+
 ## TransportServers
 
-TransportServers provide support for TCP/UDP but are in active development and provided as a preview feature. 
-A GlobalConfiguration resource is used to specify the TCP/UDP listeners and is required by TransportServers. 
+TransportServers provide support for TCP/UDP but are in active development and provided as a preview feature.
+A GlobalConfiguration resource is used to specify the TCP/UDP listeners and is required by TransportServers.
 To use TransportServers, you must create a GlobalConfiguration resource *after* creating the namespace and *before* starting the Operator.
 
 
diff --git a/examples/deployment-plus-min/README.md b/examples/deployment-plus-min/README.md

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-FROM quay.io/operator-framework/helm-operator:v1.22.0`
	`1`	`+FROM quay.io/operator-framework/helm-operator:v1.22.2`
`2`	`2`
`3`	`3`	`ARG VERSION`
`4`	`4`