Merge pull request #639 from stakater/sa-7353-remove-kube-rbac-proxy

Removed kube-rbac-proxy and upgraded to operator-sdk 1.39.2

Author: msafwankarim

.github/workflows/push.yml

@@ -14,9 +14,9 @@ on:
 env:
   DOCKER_FILE_PATH: Dockerfile
   BUNDLE_DOCKER_FILE_PATH: bundle.Dockerfile
-  GOLANG_VERSION: 1.21
-  OPERATOR_SDK_VERSION: "1.19.0"
-  KUSTOMIZE_VERSION: "4.5.7"
+  GOLANG_VERSION: 1.22
+  OPERATOR_SDK_VERSION: "1.39.2"
+  KUSTOMIZE_VERSION: "5.4.3"
   KUBERNETES_VERSION: "1.23.5"
   KIND_VERSION: "v0.17.0"
   HELM_REGISTRY_URL: "https://stakater.github.io/stakater-charts"

Dockerfile

@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.21 as builder
+FROM golang:1.22 AS builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
@@ -10,13 +10,14 @@ COPY go.sum go.sum
 RUN go mod download
 
 # Copy the go source
-COPY main.go main.go
+COPY cmd/main.go cmd/main.go
 COPY api/ api/
 COPY pkg/ pkg/
+COPY internal/ internal/
 
 # Build
 ARG TARGETARCH
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=$TARGETARCH GO111MODULE=on go build -mod=mod -a -o manager main.go
+RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager cmd/main.go
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details

Makefile

@@ -47,7 +47,7 @@ ifeq ($(USE_IMAGE_DIGESTS), true)
 endif
 
 # Image URL to use all building/pushing image targets
-IMG ?= controller:latest
+IMG ?= stakater/ingressmonitorcontroller:v2.2.4
 
 # GOLANGCI_LINT env
 GOLANGCI_LINT = _output/tools/golangci-lint
@@ -100,44 +100,67 @@ vet: ## Run go vet against code.
 	go vet ./...
 
 ENVTEST_ASSETS_DIR = $(shell pwd)/testbin
+ENVTEST_K8S_VERSION = 1.31.0
 .PHONY: test
 test: generate fmt vet manifests envtest
 	$(ENVTEST) use -p path 1.28.x!
-	go test ./... -count=1 -coverprofile cover.out
+	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test ./... -coverprofile cover.out,
+
 
 ##@ Build
 
-build: generate fmt vet ## Build manager binary.
-	go build -o bin/manager main.go
+.PHONY: build
+build: manifests generate fmt vet ## Build manager binary.
+	go build -o bin/manager cmd/main.go
 
+.PHONY: run
 run: manifests generate fmt vet ## Run a controller from your host.
-	go run ./main.go
+	go run ./cmd/main.go
 
 docker-build: test ## Build docker image with the manager.
 	docker build -t ${IMG} .
 
 docker-push: ## Push docker image with the manager.
 	docker push ${IMG}
 
+# PLATFORMS defines the target platforms for  the manager image be build to provide support to multiple
+# architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to:
+# - able to use docker buildx . More info: https://docs.docker.com/build/buildx/
+# - have enable BuildKit, More info: https://docs.docker.com/develop/develop-images/build_enhancements/
+# - be able to push the image for your registry (i.e. if you do not inform a valid value via IMG=<myregistry/image:<tag>> than the export will fail)
+# To properly provided solutions that supports more than one platform you should use this option.
+PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le
+.PHONY: docker-buildx
+docker-buildx: ## Build and push docker image for the manager for cross-platform support
+	- docker buildx create --name project-v3-builder
+	docker buildx use project-v3-builder
+	- docker buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile .
+	- docker buildx rm project-v3-builder
 
 ifndef ignore-not-found
   ignore-not-found = false
 endif
 
+.PHONY: build-installer
+build-installer: manifests generate kustomize ## Generate a consolidated YAML with CRDs and deployment.
+	mkdir -p dist
+	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	$(KUSTOMIZE) build config/default > dist/install.yaml
+
 ##@ Deployment
 
 install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
-	$(KUSTOMIZE) build config/crd | kubectl apply -f -
+	$(KUSTOMIZE) build config/crd | $(KUBECTL) apply -f -
 
 uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config.
-	$(KUSTOMIZE) build config/crd | kubectl delete -f - --ignore-not-found=$(ignore-not-found)
+	$(KUSTOMIZE) build config/crd | $(KUBECTL) delete -f - --ignore-not-found=$(ignore-not-found)
 
 deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
 	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
-	$(KUSTOMIZE) build config/default | kubectl apply -f -
+	$(KUSTOMIZE) build config/default | $(KUBECTL) apply -f -
 
 undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config.
-	$(KUSTOMIZE) build config/default | kubectl delete -f - --ignore-not-found=$(ignore-not-found)
+	$(KUSTOMIZE) build config/default | $(KUBECTL) delete -f - --ignore-not-found=$(ignore-not-found)
 
 
 ##@ Build Dependencies
@@ -148,29 +171,53 @@ $(LOCALBIN):
 	mkdir -p $(LOCALBIN)
 
 ## Tool Binaries
+KUBECTL ?= kubectl
 KUSTOMIZE ?= $(LOCALBIN)/kustomize
 CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
 ENVTEST ?= $(LOCALBIN)/setup-envtest
+GOLANGCI_LINT = $(LOCALBIN)/golangci-lint
 
 ## Tool Versions
-KUSTOMIZE_VERSION ?= v3.8.7
-CONTROLLER_TOOLS_VERSION ?= v0.9.0
+KUSTOMIZE_VERSION ?= v5.4.3
+CONTROLLER_TOOLS_VERSION ?= v0.16.1
+ENVTEST_VERSION ?= release-0.19
+GOLANGCI_LINT_VERSION ?= v1.59.1
 
-KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
 .PHONY: kustomize
 kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
 $(KUSTOMIZE): $(LOCALBIN)
-	@[ -f $(LOCALBIN)/kustomize ] || curl -s $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN)
+	$(call go-install-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/v5,$(KUSTOMIZE_VERSION))
 
 .PHONY: controller-gen
 controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary.
 $(CONTROLLER_GEN): $(LOCALBIN)
-	GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_TOOLS_VERSION)
+	$(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen,$(CONTROLLER_TOOLS_VERSION))
 
 .PHONY: envtest
-envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
+envtest: $(ENVTEST) ## Download setup-envtest locally if necessary.
 $(ENVTEST): $(LOCALBIN)
-	GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
+	$(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest,$(ENVTEST_VERSION))
+
+.PHONY: golangci-lint
+golangci-lint: $(GOLANGCI_LINT) ## Download golangci-lint locally if necessary.
+$(GOLANGCI_LINT): $(LOCALBIN)
+	$(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/golangci-lint,$(GOLANGCI_LINT_VERSION))
+
+# go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist
+# $1 - target path with name of binary (ideally with version)
+# $2 - package url which can be installed
+# $3 - specific version of package
+define go-install-tool
+@[ -f "$(1)-$(3)" ] || { \
+set -e; \
+package=$(2)@$(3) ;\
+echo "Downloading $${package}" ;\
+rm -f $(1) || true ;\
+GOBIN=$(LOCALBIN) go install $${package} ;\
+mv $(1) $(1)-$(3) ;\
+} ;\
+ln -sf $(1)-$(3) $(1) 
+endef
 
 .PHONY: bundle
 bundle: manifests kustomize ## Generate bundle manifests and metadata, then validate generated files.
@@ -228,9 +275,6 @@ catalog-build: opm ## Build a catalog image.
 catalog-push: ## Push a catalog image.
 	$(MAKE) docker-push IMG=$(CATALOG_IMG)
 
-$(GOLANGCI_LINT):
-	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(dir $@) $(GOLANGCI_LINT_VERSION)
-
 verify-golangci-lint: $(GOLANGCI_LINT)
 	GOLANGCI_LINT_CACHE=$(GOLANGCI_LINT_CACHE) $(GOLANGCI_LINT) run --timeout=300s ./...
 

PROJECT

@@ -1,6 +1,6 @@
 domain: stakater.com
 layout:
-- go.kubebuilder.io/v3
+- go.kubebuilder.io/v4
 plugins:
   manifests.sdk.operatorframework.io/v2: {}
   scorecard.sdk.operatorframework.io/v2: {}

README.md

@@ -172,10 +172,6 @@ Join and talk to us on the #tools-ingressmonitor channel for discussing the Ingr
 [![Join Slack](https://stakater.github.io/README/stakater-join-slack-btn.png)](https://slack.stakater.com/)
 [![Chat](https://stakater.github.io/README/stakater-chat-btn.png)](https://stakater-community.slack.com/messages/CA66MMYSE)
 
-## Known Issues
-
-- Latest image of kube-rbac-proxy fails on openshift with permission issues. To resolve use `registry.redhat.io/openshift4/ose-kube-rbac-proxy:v4.7.0` instead of kube-rbac-proxy. This issue can be tracked [here](https://github.com/operator-framework/operator-sdk/issues/4684).
-
 ## License
 
 Apache2 © [Stakater][website]

api/v1alpha1/zz_generated.deepcopy.go

@@ -7,9 +7,9 @@ LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
 LABEL operators.operatorframework.io.bundle.package.v1=ingressmonitorcontroller
 LABEL operators.operatorframework.io.bundle.channels.v1=alpha
 LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha
-LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.18.0+git
+LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.39.2
 LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
-LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3
+LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v4
 
 # Labels for testing.
 LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1

bundle.Dockerfile

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.9.0
+    controller-gen.kubebuilder.io/version: v0.16.1
   creationTimestamp: null
   name: endpointmonitors.endpointmonitor.stakater.com
 spec:
@@ -20,14 +20,19 @@ spec:
         description: EndpointMonitor is the Schema for the endpointmonitors API
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
@@ -64,9 +69,9 @@ spec:
                 properties:
                   alertSensitivity:
                     default: none
-                    description: The alertSensitivity value defaults to none if there
-                      are no alerts or can be set to low, medium, or high to correspond
-                      to the check alert levels.
+                    description: |-
+                      The alertSensitivity value defaults to none if there are no alerts or can be set to low, medium,
+                      or high to correspond to the check alert levels.
                     enum:
                     - none
                     - low
@@ -79,11 +84,10 @@ spec:
                     format: int64
                     type: integer
                   probes:
-                    description: Probes are the monitoring agents responsible for
-                      simulating user interactions with your web applications or services.
-                      These agents periodically send requests to predefined URLs and
-                      record the responses, checking for expected outcomes and measuring
-                      performance.
+                    description: |-
+                      Probes are the monitoring agents responsible for simulating user interactions with your web applications
+                      or services. These agents periodically send requests to predefined URLs and record the responses,
+                      checking for expected outcomes and measuring performance.
                     items:
                       type: string
                     type: array
@@ -113,18 +117,17 @@ spec:
                     description: Set to "true" to pause checks
                     type: boolean
                   postDataEnvVar:
-                    description: Data that should be posted to the web page, for example
-                      submission data for a sign-up or login form. The data needs
-                      to be formatted in the same way as a web browser would send
-                      it to the web server. Because post data contains sensitive secret
-                      this field is only a reference to an environment variable.
+                    description: |-
+                      Data that should be posted to the web page, for example submission data for a sign-up or login form.
+                      The data needs to be formatted in the same way as a web browser would send it to the web server.
+                      Because post data contains sensitive secret this field is only a reference to an environment variable.
                     type: string
                   requestHeaders:
                     description: Custom request headers
                     type: string
                   requestHeadersEnvVar:
-                    description: Custom request headers that should be read from an
-                      environment variable as it possibly contains sensitive data.
+                    description: |-
+                      Custom request headers that should be read from an environment variable as it possibly contains sensitive data.
                       An example would be an API token.
                     type: string
                   resolution:
@@ -138,11 +141,10 @@ spec:
                       HTML code of the page
                     type: string
                   sslDownDaysBefore:
-                    description: Consider down prior to certificate expiring Select
-                      the number of days prior to your certificate expiry date that
-                      you want to consider the check down. At this day your check
-                      will be considered down and if applicable a down alert will
-                      be sent.
+                    description: |-
+                      Consider down prior to certificate expiring
+                      Select the number of days prior to your certificate expiry date that you want to consider the check down.
+                      At this day your check will be considered down and if applicable a down alert will be sent.
                     type: integer
                   tags:
                     description: Comma separated set of tags to apply to check (e.g.
@@ -152,11 +154,11 @@ spec:
                     description: '`-` separated team id''s (e.g. "1234567_8_9-9876543_2_1")'
                     type: string
                   verifyCertificate:
-                    description: Monitor SSL/TLS certificate Monitor the validity
-                      of your SSL/TLS certificate. With this enabled Uptime checks
-                      will be considered DOWN when the certificate becomes invalid
-                      or expires. SSL/TLS certificate monitoring is available for
-                      HTTP checks.
+                    description: |-
+                      Monitor SSL/TLS certificate
+                      Monitor the validity of your SSL/TLS certificate. With this enabled Uptime checks will be considered DOWN when
+                      the certificate becomes invalid or expires.
+                      SSL/TLS certificate monitoring is available for HTTP checks.
                     type: boolean
                 type: object
               pingdomTransactionConfig:
@@ -217,18 +219,17 @@ spec:
                         args:
                           additionalProperties:
                             type: string
-                          description: 'contains the html element with assigned value
-                            the key element is always lowercase for example {"url":
-                            "https://www.pingdom.com"} see available values at https://pkg.go.dev/github.com/karlderkaefer/pingdom-golang-client@latest/pkg/pingdom/client/tmschecks#StepArg'
+                          description: |-
+                            contains the html element with assigned value
+                            the key element is always lowercase for example {"url": "https://www.pingdom.com"}
+                            see available values at https://pkg.go.dev/github.com/karlderkaefer/pingdom-golang-client@latest/pkg/pingdom/client/tmschecks#StepArg
                           type: object
                         function:
-                          description: 'contains the function that is executed as
-                            part of the step commands: go_to, click, fill, check,
-                            uncheck, sleep, select_radio, basic_auth, submit, wait_for_element,
-                            wait_for_contains validations: url, exists, not_exists,
-                            contains, not_contains, field_contains, field_not_contains,
-                            is_checked, is_not_checked, radio_selected, dropdown_selected,
-                            dropdown_not_selected see updated list https://docs.pingdom.com/api/#section/TMS-Steps-Vocabulary/Script-transaction-checks'
+                          description: |-
+                            contains the function that is executed as part of the step
+                            commands: go_to, click, fill, check, uncheck, sleep, select_radio, basic_auth, submit, wait_for_element, wait_for_contains
+                            validations: url, exists, not_exists, contains, not_contains, field_contains, field_not_contains, is_checked, is_not_checked, radio_selected, dropdown_selected, dropdown_not_selected
+                            see updated list https://docs.pingdom.com/api/#section/TMS-Steps-Vocabulary/Script-transaction-checks
                           type: string
                       required:
                       - args
@@ -360,9 +361,9 @@ spec:
                       this monitor
                     type: string
                   customHTTPStatuses:
-                    description: 'Defines which http status codes are treated as up
-                      or down For ex: 200:0_401:1_503:1 (to accept 200 as down and
-                      401 and 503 as up)'
+                    description: |-
+                      Defines which http status codes are treated as up or down
+                      For ex: 200:0_401:1_503:1 (to accept 200 as down and 401 and 503 as up)
                     type: string
                   interval:
                     description: The uptimerobot check interval in seconds