[OSPRH-21958] Upgrade to Operator SDK 1.41.1

[abays]

This commit migrates the ironic-operator from Operator SDK 1.31.0 to 1.41.1, following the new project structure and best practices introduced in the newer SDK version.

Major Changes:

Project Structure Reorganization:

• Moved entry point from root main.go to cmd/main.go
• Created internal/ directory structure following operator-sdk 1.41.1 conventions:
  • internal/controller/ - Contains all controllers (moved from controllers/)
  • internal/webhook/v1beta1/ - Contains webhook setup functions
• Updated all import paths and package declarations accordingly

Build System Updates:

• Updated Makefile to use operator-sdk v1.41.1
• Updated CONTROLLER_TOOLS_VERSION to v0.16.4 for compatibility
• Updated Dockerfile to use new main.go location
• Updated build and run targets for new project structure

Configuration Enhancements:

• Enhanced certmanager configuration with separate certificates for metrics and webhooks
• Added network-policy configuration for secure traffic control:
  • allow-metrics-traffic.yaml - Restricts metrics access to openstack namespace
  • allow-webhook-traffic.yaml - Allows webhook traffic from all namespaces
• Enhanced RBAC configuration:
  • Added metrics_auth_role.yaml for TokenReview and SubjectAccessReview permissions
  • Added ironic_admin_role.yaml for full Ironic resource management
  • Updated existing roles with proper operator-sdk 1.41.1 labels and metadata
• Updated manager configuration:
  • Added cert_metrics_manager_patch.yaml for TLS certificate mounting
  • Added manager_metrics_patch.yaml with kube-rbac-proxy sidecar for secure metrics
• Enhanced Prometheus monitoring with TLS support via monitor_tls_patch.yaml

Controller and Webhook Updates:

• Migrated webhook registration to function-based approach:
  • Created SetupIronicWebhookWithManager() function in internal/webhook/v1beta1/
  • Updated cmd/main.go to use new webhook setup pattern
• Updated all controller package declarations and imports
• Fixed test imports in tests/functional/suite_test.go

Dependency Management:

• Updated go.mod and go.sum with compatible dependency versions
• Resolved go.work version conflicts
• Maintained compatibility with existing OpenStack operator ecosystem

The upgrade maintains 100% backward compatibility while modernizing the codebase to align with operator-sdk 1.41.1 best practices for security, monitoring, and deployment configurations.

All ironic-operator resources continue to function correctly:

• Ironic (main resource with webhooks)
• IronicAPI
• IronicConductor
• IronicInspector
• IronicNeutronAgent

Verified functionality:

• Build: PASS
• Manifests generation: PASS
• Bundle generation: PASS
• Unit tests: PASS

Related: https://issues.redhat.com/browse/OSPRH-21958

Co-Authored-By: Claude [email protected]

Depends-On: openstack-k8s-operators/openstack-operator#1683

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: abays

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [abays]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@abays: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/precommit-check	725b4da	link	true	/test precommit-check

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.