Merge branch 'main' into quickstart

cryostatio · Nov 23, 2023 · 7184e59 · 7184e59
2 parents 9fae209 + 79edc22
commit 7184e59
Show file tree

Hide file tree

Showing 44 changed files with 2,564 additions and 167 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1,2 +1,2 @@
-go.mod @cryostatio/maintainers 
-go.sum @cryostatio/maintainers 
+go.mod @cryostatio/maintainers
+go.sum @cryostatio/maintainers
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -5,8 +5,6 @@ updates:
     directory: /
     schedule:
       interval: daily
-    reviewers:
-      - "cryostatio/reviewers"
     labels:
       - "dependencies"
       - "chore"

diff --git a/.github/workflows/test-ci-command.yml b/.github/workflows/test-ci-command.yml
@@ -54,6 +54,7 @@ jobs:
       PR_head_ref: ${{ fromJSON(steps.comment-branch.outputs.result).ref }}
       PR_num: ${{ fromJSON(steps.comment-branch.outputs.result).num }}
       PR_repo: ${{ fromJSON(steps.comment-branch.outputs.result).repo }}
+      PR_head_sha: ${{ fromJSON(steps.comment-branch.outputs.result).head_sha }}
     steps:
     - uses: actions/github-script@v6
       id: comment-branch
@@ -64,7 +65,7 @@ jobs:
             repo: context.repo.repo,
             pull_number: context.issue.number
           })
-          return { repo: result.data.head.repo.full_name, num: result.data.number, ref: result.data.head.ref }
+          return { repo: result.data.head.repo.full_name, num: result.data.number, ref: result.data.head.ref, head_sha: result.data.head.sha }
   
   get-test-image-tag:
     runs-on: ubuntu-latest
@@ -87,8 +88,10 @@ jobs:
     uses: ./.github/workflows/test-ci-reusable.yml
     needs: [get-test-image-tag, checkout-branch]
     permissions:
+      statuses: write
       packages: write
     with:
       repository: ${{ needs.checkout-branch.outputs.PR_repo }}
       ref: ${{ needs.checkout-branch.outputs.PR_head_ref }}
       tag: ${{ needs.get-test-image-tag.outputs.tag }}
+      sha: ${{ needs.checkout-branch.outputs.PR_head_sha }}
diff --git a/.github/workflows/test-ci-push.yml b/.github/workflows/test-ci-push.yml
@@ -13,6 +13,13 @@ on:
       - cryostat-v[0-9]+.[0-9]+
 
 jobs:
+  check-before-test:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Fail if needs-triage label applied
+      if: ${{ contains(github.event.pull_request.labels.*.name, 'needs-triage') }}
+      run: exit 1
+
   get-test-image-tag:
     runs-on: ubuntu-latest
     outputs:
@@ -30,5 +37,9 @@ jobs:
   run-test-jobs:
     uses: ./.github/workflows/test-ci-reusable.yml
     needs: [get-test-image-tag]
+    permissions:
+      packages: write
+      statuses: write
     with:
       tag: ${{ needs.get-test-image-tag.outputs.tag }}
+      sha: ${{ needs.checkout-branch.outputs.PR_head_sha }}
diff --git a/.github/workflows/test-ci-reusable.yml b/.github/workflows/test-ci-reusable.yml
@@ -10,11 +10,18 @@ on:
       ref:
         required: false
         type: string
+      sha:
+        required: true
+        type: string
 
 env:
   OPENSUSE_UNOFFICIAL_LIBCONTAINERS_KEY_URL: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_22.04/Release.key"
   OPENSUSE_UNOFFICIAL_LIBCONTAINERS_SOURCE_URL: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_22.04"
 
+permissions:
+  statuses: write
+  packages: write
+
 jobs:
   clean-up-test-images:
     runs-on: ubuntu-latest
@@ -44,6 +51,14 @@ jobs:
         go-version: '1.20.*'
     - name: Run controller tests
       run: make test-envtest
+    - name: Set latest commit status as ${{ job.status }}
+      uses: myrotvorets/set-commit-status-action@master
+      if: always()
+      with:
+        sha: ${{ inputs.sha }}
+        token: ${{ secrets.GITHUB_TOKEN }}
+        status: ${{ job.status }}
+        context: ${{ github.job }}
 
   scorecard-test:
     runs-on: ubuntu-latest
@@ -127,3 +142,11 @@ jobs:
         make test-scorecard
     - name: Clean up Kind cluster
       run: kind delete cluster -n ci-${{ github.run_id }}
+    - name: Set latest commit status as ${{ job.status }}
+      uses: myrotvorets/set-commit-status-action@master
+      if: always()
+      with:
+        sha: ${{ inputs.sha }}
+        token: ${{ secrets.GITHUB_TOKEN }}
+        status: ${{ job.status }}
+        context: ${{ github.job }}
diff --git a/Makefile b/Makefile
@@ -8,7 +8,8 @@ OS = $(shell go env GOOS)
 ARCH = $(shell go env GOARCH)
 
 # Current Operator version
-IMAGE_VERSION ?= 2.5.0-dev
+export OPERATOR_VERSION ?= 2.5.0-dev
+IMAGE_VERSION ?= $(OPERATOR_VERSION)
 BUNDLE_VERSION ?= $(IMAGE_VERSION)
 DEFAULT_NAMESPACE ?= quay.io/cryostat
 IMAGE_NAMESPACE ?= $(DEFAULT_NAMESPACE)
@@ -95,7 +96,7 @@ CUSTOM_SCORECARD_VERSION ?= 2.5.0-$(shell date -u '+%Y%m%d%H%M%S')
 export CUSTOM_SCORECARD_IMG ?= $(IMAGE_TAG_BASE)-scorecard:$(CUSTOM_SCORECARD_VERSION)
 
 DEPLOY_NAMESPACE ?= cryostat-operator-system
-TARGET_NAMESPACES ?= $(DEPLOY_NAMESPACE)
+TARGET_NAMESPACES ?= $(DEPLOY_NAMESPACE) # A space-separated list of target namespaces
 SCORECARD_NAMESPACE ?= cryostat-operator-scorecard
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
@@ -120,6 +121,19 @@ ifneq ("$(wildcard $(GINKGO))","")
 GO_TEST="$(GINKGO)" -cover -output-dir=.
 endif
 
+# Optional Red Hat Insights integration
+ENABLE_INSIGHTS ?= false
+ifeq ($(ENABLE_INSIGHTS), true)
+KUSTOMIZE_DIR ?= config/insights
+INSIGHTS_PROXY_NAMESPACE ?= quay.io/3scale
+INSIGHTS_PROXY_NAME ?= apicast
+INSIGHTS_PROXY_VERSION ?= insights-01
+export INSIGHTS_PROXY_IMG ?= $(INSIGHTS_PROXY_NAMESPACE)/$(INSIGHTS_PROXY_NAME):$(INSIGHTS_PROXY_VERSION)
+export INSIGHTS_BACKEND ?= console.redhat.com
+else
+KUSTOMIZE_DIR ?= config/default
+endif
+
 ##@ General
 
 .PHONY: all
@@ -275,6 +289,9 @@ manifests: controller-gen ## Generate manifests e.g. CRD, RBAC, etc.
 	$(CONTROLLER_GEN) rbac:roleName=role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
 	envsubst < hack/image_tag_patch.yaml.in > config/default/image_tag_patch.yaml
 	envsubst < hack/image_pull_patch.yaml.in > config/default/image_pull_patch.yaml
+ifeq ($(ENABLE_INSIGHTS), true)
+	envsubst < hack/insights_patch.yaml.in > config/insights/insights_patch.yaml
+endif
 
 .PHONY: fmt
 fmt: add-license ## Run go fmt against code.
@@ -435,11 +452,11 @@ predeploy:
 
 .PHONY: print_deploy_config
 print_deploy_config: predeploy ## Print deployment configurations for the controller.
-	$(KUSTOMIZE) build config/default
+	$(KUSTOMIZE) build $(KUSTOMIZE_DIR)
 
 .PHONY: deploy
 deploy: check_cert_manager manifests kustomize predeploy ## Deploy controller in the configured cluster in ~/.kube/config
-	$(KUSTOMIZE) build config/default | $(CLUSTER_CLIENT) apply -f -
+	$(KUSTOMIZE) build $(KUSTOMIZE_DIR) | $(CLUSTER_CLIENT) apply -f -
 ifeq ($(DISABLE_SERVICE_TLS), true)
 	@echo "Disabling TLS for in-cluster communication between Services"
 	@$(CLUSTER_CLIENT) -n $(DEPLOY_NAMESPACE) set env deployment/cryostat-operator-controller-manager DISABLE_SERVICE_TLS=true
@@ -449,7 +466,7 @@ endif
 undeploy: ## Undeploy controller from the configured cluster in ~/.kube/config.
 	- $(CLUSTER_CLIENT) delete --ignore-not-found=$(ignore-not-found) -f config/samples/operator_v1beta1_cryostat.yaml
 	- $(CLUSTER_CLIENT) delete --ignore-not-found=$(ignore-not-found) -f config/samples/operator_v1beta1_clustercryostat.yaml
-	- $(KUSTOMIZE) build config/default | $(CLUSTER_CLIENT) delete --ignore-not-found=$(ignore-not-found) -f -
+	- $(KUSTOMIZE) build $(KUSTOMIZE_DIR) | $(CLUSTER_CLIENT) delete --ignore-not-found=$(ignore-not-found) -f -
 
 .PHONY: deploy_bundle
 deploy_bundle: check_cert_manager undeploy_bundle ## Deploy the controller in the bundle format with OLM.
@@ -482,7 +499,7 @@ create_clustercryostat_cr: destroy_clustercryostat_cr ## Create a cluster-wide C
 	target_ns_json=$$(jq -nc '$$ARGS.positional' --args -- $(TARGET_NAMESPACES)) && \
 	$(CLUSTER_CLIENT) patch -f config/samples/operator_v1beta1_clustercryostat.yaml --local=true --type=merge \
 	-p "{\"spec\": {\"installNamespace\": \"$(DEPLOY_NAMESPACE)\", \"targetNamespaces\": $$target_ns_json}}" -o yaml | \
-	oc apply -f -
+	$(CLUSTER_CLIENT) apply -f -
 
 .PHONY: destroy_cryostat_cr
 destroy_cryostat_cr: ## Delete a namespaced Cryostat instance.

diff --git a/bundle/manifests/cryostat-operator.clusterserviceversion.yaml b/bundle/manifests/cryostat-operator.clusterserviceversion.yaml
@@ -54,7 +54,7 @@ metadata:
     capabilities: Seamless Upgrades
     categories: Monitoring, Developer Tools
     containerImage: quay.io/cryostat/cryostat-operator:2.5.0-dev
-    createdAt: "2023-10-11T14:49:05Z"
+    createdAt: "2023-11-13T21:47:45Z"
     description: JVM monitoring and profiling tool
     operatorframework.io/initialization-resource: |-
       {
@@ -879,6 +879,15 @@ spec:
     spec:
       clusterPermissions:
       - rules:
+        - apiGroups:
+          - ""
+          resources:
+          - configmaps
+          - configmaps/finalizers
+          - secrets
+          - services
+          verbs:
+          - '*'
         - apiGroups:
           - ""
           resources:
@@ -916,6 +925,13 @@ spec:
           - statefulsets
           verbs:
           - '*'
+        - apiGroups:
+          - apps
+          resources:
+          - deployments
+          - deployments/finalizers
+          verbs:
+          - '*'
         - apiGroups:
           - apps.openshift.io
           resources:
@@ -955,6 +971,14 @@ spec:
           - list
           - update
           - watch
+        - apiGroups:
+          - config.openshift.io
+          resources:
+          - clusterversions
+          verbs:
+          - get
+          - list
+          - watch
         - apiGroups:
           - console.openshift.io
           resources:
@@ -1084,6 +1108,10 @@ spec:
                   valueFrom:
                     fieldRef:
                       fieldPath: metadata.annotations['olm.targetNamespaces']
+                - name: NAMESPACE
+                  valueFrom:
+                    fieldRef:
+                      fieldPath: metadata.namespace
                 image: quay.io/cryostat/cryostat-operator:2.5.0-dev
                 imagePullPolicy: Always
                 livenessProbe:

diff --git a/config/insights/insights_patch.yaml b/config/insights/insights_patch.yaml
@@ -0,0 +1,17 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+      - name: manager
+        env:
+        - name: RELATED_IMAGE_INSIGHTS_PROXY
+          value: "quay.io/3scale/apicast:insights-01"
+        - name: INSIGHTS_ENABLED
+          value: "true"
+        - name: INSIGHTS_BACKEND_DOMAIN
+          value: "console.redhat.com"
diff --git a/config/insights/kustomization.yaml b/config/insights/kustomization.yaml
@@ -0,0 +1,5 @@
+resources:
+- ../default
+
+patchesStrategicMerge:
+- insights_patch.yaml
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -49,6 +49,10 @@ spec:
         env:
         - name: WATCH_NAMESPACE
           value: ""
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
         resources:
           limits:
             cpu: 1000m

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -5,6 +5,15 @@ metadata:
   creationTimestamp: null
   name: role
 rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - configmaps/finalizers
+  - secrets
+  - services
+  verbs:
+  - '*'
 - apiGroups:
   - ""
   resources:
@@ -42,6 +51,13 @@ rules:
   - statefulsets
   verbs:
   - '*'
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - deployments/finalizers
+  verbs:
+  - '*'
 - apiGroups:
   - apps.openshift.io
   resources:
@@ -81,6 +97,14 @@ rules:
   - list
   - update
   - watch
+- apiGroups:
+  - config.openshift.io
+  resources:
+  - clusterversions
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - console.openshift.io
   resources:

diff --git a/go.mod b/go.mod
@@ -5,16 +5,16 @@ go 1.20
 require (
 	github.com/blang/semver/v4 v4.0.0
 	github.com/cert-manager/cert-manager v1.11.5
-	github.com/go-logr/logr v1.2.4
-	github.com/google/go-cmp v0.5.9
+	github.com/go-logr/logr v1.3.0
+	github.com/google/go-cmp v0.6.0
 	github.com/onsi/ginkgo/v2 v2.6.1
 	github.com/onsi/gomega v1.24.2
 	github.com/openshift/api v0.0.0-20230406152840-ce21e3fe5da2 // release-4.15
 	github.com/operator-framework/api v0.17.3
-	k8s.io/api v0.26.8
-	k8s.io/apimachinery v0.26.8
-	k8s.io/client-go v0.26.8
-	sigs.k8s.io/controller-runtime v0.14.6
+	k8s.io/api v0.26.10
+	k8s.io/apimachinery v0.26.10
+	k8s.io/client-go v0.26.10
+	sigs.k8s.io/controller-runtime v0.14.7
 )
 
 require (
@@ -65,8 +65,8 @@ require (
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiextensions-apiserver v0.26.4 // indirect
-	k8s.io/component-base v0.26.4 // indirect
+	k8s.io/apiextensions-apiserver v0.26.10 // indirect
+	k8s.io/component-base v0.26.10 // indirect
 	k8s.io/klog/v2 v2.80.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20221207184640-f3cff1453715 // indirect
 	k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 // indirect