mirror of
https://github.com/1Password/onepassword-operator.git
synced 2025-10-24 08:20:45 +00:00

* Add missing improvements from Operator SDK 1.34.1 These were not mentioned in the upgrade documentation for version 1.34.x (https://sdk.operatorframework.io/docs/upgrading-sdk-version/v1.34.0/), but I've found them by compating the release with the previous one (https://github.com/operator-framework/operator-sdk/compare/v1.33.0...v1.34.1). * Upgrade to Operator SDK 1.36.0 Source of upgrade steps: https://sdk.operatorframework.io/docs/upgrading-sdk-version/v1.36.0/ Key differences: - Go packages `k8s.io/*` are already at a version higher than the one in the upgrade. - `ENVTEST_K8S_VERSION` is at a version higher than the one in the upgrade - We didn't have the golangci-lint make command before, thus we only needed to add things. * Upgrade to Operator SDK 1.38.0 Source of upgrade steps: https://sdk.operatorframework.io/docs/upgrading-sdk-version/v1.38.0/ * Upgrade to Operator SDK 1.39.0 Source of upgrade steps: https://sdk.operatorframework.io/docs/upgrading-sdk-version/v1.39.0/ * Upgrade to Operator SDK 1.40.0 Source of upgrade steps: https://sdk.operatorframework.io/docs/upgrading-sdk-version/v1.40.0/ I didn't do the "Add app.kubernetes.io/name label to your manifests" since it seems that we have it already, and it's customized. * Address lint errors * Update golangci-lint version used to support Go 1.24 * Improve workflows - Make workflow targets more specific. - Make build workflow only build (i.e. remove test part of it). - Rearrange steps and improve naming for build workflow. * Add back deleted test Initially the test has been removed due to lint saying that it was duplicate code, but it falsely errored since the values are different. * Improve code and add missing upgrade pieces * Upgrade to Operator SDK 1.41.1 Source of upgrade steps: https://sdk.operatorframework.io/docs/upgrading-sdk-version/v1.41.0/ Upgrading to 1.41.1 from 1.40.0 doesn't have any migration steps. Key elements: - Upgrade to golangci-lint v2 - Made the manifests using the updated controller tools * Address linter errors golanci-lint v2 seems to be more robust than the previous one, which is beneficial. Thus, we address the linter errors thrown by v2 and improve our code even further. * Add Makefile improvements These were brought in by comparing the Makefile of a freshly created operator using the latest operator-sdk with ours. * Add missing default kustomization for 1.40.0 upgrade * Bring default kustomization to latest version This is done by putting the file's content from a newly-generated operator. * Switch metrics-bind-address default value back to 8080 This ensures that the upgrade is backwards-compatible. * Add webhook-related scaffolding This enables us to easily add support for webhooks by running `operator-sdk create webhook` whenever we want to add them. * Fix typo
235 lines
7.4 KiB
YAML
235 lines
7.4 KiB
YAML
# Adds namespace to all resources.
|
|
# namespace: onepassword-connect-operator
|
|
|
|
# Value of this field is prepended to the
|
|
# names of all resources, e.g. a deployment named
|
|
# "wordpress" becomes "alices-wordpress".
|
|
# Note that it should also match with the prefix (text before '-') of the namespace
|
|
# field above.
|
|
# namePrefix: onepassword-connect-
|
|
|
|
# Labels to add to all resources and selectors.
|
|
#labels:
|
|
#- includeSelectors: true
|
|
# pairs:
|
|
# someName: someValue
|
|
|
|
resources:
|
|
- ../crd
|
|
- ../rbac
|
|
- ../manager
|
|
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
|
|
# crd/kustomization.yaml
|
|
#- ../webhook
|
|
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
|
|
#- ../certmanager
|
|
# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
|
|
#- ../prometheus
|
|
# [METRICS] Expose the controller manager metrics service.
|
|
- metrics_service.yaml
|
|
# [NETWORK POLICY] Protect the /metrics endpoint and Webhook Server with NetworkPolicy.
|
|
# Only Pod(s) running a namespace labeled with 'metrics: enabled' will be able to gather the metrics.
|
|
# Only CR(s) which requires webhooks and are applied on namespaces labeled with 'webhooks: enabled' will
|
|
# be able to communicate with the Webhook Server.
|
|
#- ../network-policy
|
|
|
|
# Uncomment the patches line if you enable Metrics
|
|
patches:
|
|
# [METRICS] The following patch will enable the metrics endpoint using HTTPS and the port :8443.
|
|
# More info: https://book.kubebuilder.io/reference/metrics
|
|
- path: manager_metrics_patch.yaml
|
|
target:
|
|
kind: Deployment
|
|
|
|
# Uncomment the patches line if you enable Metrics and CertManager
|
|
# [METRICS-WITH-CERTS] To enable metrics protected with certManager, uncomment the following line.
|
|
# This patch will protect the metrics with certManager self-signed certs.
|
|
#- path: cert_metrics_manager_patch.yaml
|
|
# target:
|
|
# kind: Deployment
|
|
|
|
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
|
|
# crd/kustomization.yaml
|
|
#- path: manager_webhook_patch.yaml
|
|
# target:
|
|
# kind: Deployment
|
|
|
|
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
|
|
# Uncomment the following replacements to add the cert-manager CA injection annotations
|
|
#replacements:
|
|
# - source: # Uncomment the following block to enable certificates for metrics
|
|
# kind: Service
|
|
# version: v1
|
|
# name: controller-manager-metrics-service
|
|
# fieldPath: metadata.name
|
|
# targets:
|
|
# - select:
|
|
# kind: Certificate
|
|
# group: cert-manager.io
|
|
# version: v1
|
|
# name: metrics-certs
|
|
# fieldPaths:
|
|
# - spec.dnsNames.0
|
|
# - spec.dnsNames.1
|
|
# options:
|
|
# delimiter: '.'
|
|
# index: 0
|
|
# create: true
|
|
# - select: # Uncomment the following to set the Service name for TLS config in Prometheus ServiceMonitor
|
|
# kind: ServiceMonitor
|
|
# group: monitoring.coreos.com
|
|
# version: v1
|
|
# name: controller-manager-metrics-monitor
|
|
# fieldPaths:
|
|
# - spec.endpoints.0.tlsConfig.serverName
|
|
# options:
|
|
# delimiter: '.'
|
|
# index: 0
|
|
# create: true
|
|
#
|
|
# - source:
|
|
# kind: Service
|
|
# version: v1
|
|
# name: controller-manager-metrics-service
|
|
# fieldPath: metadata.namespace
|
|
# targets:
|
|
# - select:
|
|
# kind: Certificate
|
|
# group: cert-manager.io
|
|
# version: v1
|
|
# name: metrics-certs
|
|
# fieldPaths:
|
|
# - spec.dnsNames.0
|
|
# - spec.dnsNames.1
|
|
# options:
|
|
# delimiter: '.'
|
|
# index: 1
|
|
# create: true
|
|
# - select: # Uncomment the following to set the Service namespace for TLS in Prometheus ServiceMonitor
|
|
# kind: ServiceMonitor
|
|
# group: monitoring.coreos.com
|
|
# version: v1
|
|
# name: controller-manager-metrics-monitor
|
|
# fieldPaths:
|
|
# - spec.endpoints.0.tlsConfig.serverName
|
|
# options:
|
|
# delimiter: '.'
|
|
# index: 1
|
|
# create: true
|
|
#
|
|
# - source: # Uncomment the following block if you have any webhook
|
|
# kind: Service
|
|
# version: v1
|
|
# name: webhook-service
|
|
# fieldPath: .metadata.name # Name of the service
|
|
# targets:
|
|
# - select:
|
|
# kind: Certificate
|
|
# group: cert-manager.io
|
|
# version: v1
|
|
# name: serving-cert
|
|
# fieldPaths:
|
|
# - .spec.dnsNames.0
|
|
# - .spec.dnsNames.1
|
|
# options:
|
|
# delimiter: '.'
|
|
# index: 0
|
|
# create: true
|
|
# - source:
|
|
# kind: Service
|
|
# version: v1
|
|
# name: webhook-service
|
|
# fieldPath: .metadata.namespace # Namespace of the service
|
|
# targets:
|
|
# - select:
|
|
# kind: Certificate
|
|
# group: cert-manager.io
|
|
# version: v1
|
|
# name: serving-cert
|
|
# fieldPaths:
|
|
# - .spec.dnsNames.0
|
|
# - .spec.dnsNames.1
|
|
# options:
|
|
# delimiter: '.'
|
|
# index: 1
|
|
# create: true
|
|
#
|
|
# - source: # Uncomment the following block if you have a ValidatingWebhook (--programmatic-validation)
|
|
# kind: Certificate
|
|
# group: cert-manager.io
|
|
# version: v1
|
|
# name: serving-cert # This name should match the one in certificate.yaml
|
|
# fieldPath: .metadata.namespace # Namespace of the certificate CR
|
|
# targets:
|
|
# - select:
|
|
# kind: ValidatingWebhookConfiguration
|
|
# fieldPaths:
|
|
# - .metadata.annotations.[cert-manager.io/inject-ca-from]
|
|
# options:
|
|
# delimiter: '/'
|
|
# index: 0
|
|
# create: true
|
|
# - source:
|
|
# kind: Certificate
|
|
# group: cert-manager.io
|
|
# version: v1
|
|
# name: serving-cert
|
|
# fieldPath: .metadata.name
|
|
# targets:
|
|
# - select:
|
|
# kind: ValidatingWebhookConfiguration
|
|
# fieldPaths:
|
|
# - .metadata.annotations.[cert-manager.io/inject-ca-from]
|
|
# options:
|
|
# delimiter: '/'
|
|
# index: 1
|
|
# create: true
|
|
#
|
|
# - source: # Uncomment the following block if you have a DefaultingWebhook (--defaulting )
|
|
# kind: Certificate
|
|
# group: cert-manager.io
|
|
# version: v1
|
|
# name: serving-cert
|
|
# fieldPath: .metadata.namespace # Namespace of the certificate CR
|
|
# targets:
|
|
# - select:
|
|
# kind: MutatingWebhookConfiguration
|
|
# fieldPaths:
|
|
# - .metadata.annotations.[cert-manager.io/inject-ca-from]
|
|
# options:
|
|
# delimiter: '/'
|
|
# index: 0
|
|
# create: true
|
|
# - source:
|
|
# kind: Certificate
|
|
# group: cert-manager.io
|
|
# version: v1
|
|
# name: serving-cert
|
|
# fieldPath: .metadata.name
|
|
# targets:
|
|
# - select:
|
|
# kind: MutatingWebhookConfiguration
|
|
# fieldPaths:
|
|
# - .metadata.annotations.[cert-manager.io/inject-ca-from]
|
|
# options:
|
|
# delimiter: '/'
|
|
# index: 1
|
|
# create: true
|
|
#
|
|
# - source: # Uncomment the following block if you have a ConversionWebhook (--conversion)
|
|
# kind: Certificate
|
|
# group: cert-manager.io
|
|
# version: v1
|
|
# name: serving-cert
|
|
# fieldPath: .metadata.namespace # Namespace of the certificate CR
|
|
# targets: # Do not remove or uncomment the following scaffold marker; required to generate code for target CRD.
|
|
# +kubebuilder:scaffold:crdkustomizecainjectionns
|
|
# - source:
|
|
# kind: Certificate
|
|
# group: cert-manager.io
|
|
# version: v1
|
|
# name: serving-cert
|
|
# fieldPath: .metadata.name
|
|
# targets: # Do not remove or uncomment the following scaffold marker; required to generate code for target CRD.
|
|
# +kubebuilder:scaffold:crdkustomizecainjectionname
|