mirror of
				https://github.com/1Password/onepassword-operator.git
				synced 2025-10-25 08:50:45 +00:00 
			
		
		
		
	 cabc020cc6
			
		
	
	cabc020cc6
	
	
	
		
			
			* Add missing improvements from Operator SDK 1.34.1 These were not mentioned in the upgrade documentation for version 1.34.x (https://sdk.operatorframework.io/docs/upgrading-sdk-version/v1.34.0/), but I've found them by compating the release with the previous one (https://github.com/operator-framework/operator-sdk/compare/v1.33.0...v1.34.1). * Upgrade to Operator SDK 1.36.0 Source of upgrade steps: https://sdk.operatorframework.io/docs/upgrading-sdk-version/v1.36.0/ Key differences: - Go packages `k8s.io/*` are already at a version higher than the one in the upgrade. - `ENVTEST_K8S_VERSION` is at a version higher than the one in the upgrade - We didn't have the golangci-lint make command before, thus we only needed to add things. * Upgrade to Operator SDK 1.38.0 Source of upgrade steps: https://sdk.operatorframework.io/docs/upgrading-sdk-version/v1.38.0/ * Upgrade to Operator SDK 1.39.0 Source of upgrade steps: https://sdk.operatorframework.io/docs/upgrading-sdk-version/v1.39.0/ * Upgrade to Operator SDK 1.40.0 Source of upgrade steps: https://sdk.operatorframework.io/docs/upgrading-sdk-version/v1.40.0/ I didn't do the "Add app.kubernetes.io/name label to your manifests" since it seems that we have it already, and it's customized. * Address lint errors * Update golangci-lint version used to support Go 1.24 * Improve workflows - Make workflow targets more specific. - Make build workflow only build (i.e. remove test part of it). - Rearrange steps and improve naming for build workflow. * Add back deleted test Initially the test has been removed due to lint saying that it was duplicate code, but it falsely errored since the values are different. * Improve code and add missing upgrade pieces * Upgrade to Operator SDK 1.41.1 Source of upgrade steps: https://sdk.operatorframework.io/docs/upgrading-sdk-version/v1.41.0/ Upgrading to 1.41.1 from 1.40.0 doesn't have any migration steps. Key elements: - Upgrade to golangci-lint v2 - Made the manifests using the updated controller tools * Address linter errors golanci-lint v2 seems to be more robust than the previous one, which is beneficial. Thus, we address the linter errors thrown by v2 and improve our code even further. * Add Makefile improvements These were brought in by comparing the Makefile of a freshly created operator using the latest operator-sdk with ours. * Add missing default kustomization for 1.40.0 upgrade * Bring default kustomization to latest version This is done by putting the file's content from a newly-generated operator. * Switch metrics-bind-address default value back to 8080 This ensures that the upgrade is backwards-compatible. * Add webhook-related scaffolding This enables us to easily add support for webhooks by running `operator-sdk create webhook` whenever we want to add them. * Fix typo
		
			
				
	
	
		
			134 lines
		
	
	
		
			4.7 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			134 lines
		
	
	
		
			4.7 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
| apiVersion: v1
 | |
| kind: Namespace
 | |
| metadata:
 | |
|   labels:
 | |
|     control-plane: onepassword-connect-operator
 | |
|     app.kubernetes.io/name: namespace
 | |
|     app.kubernetes.io/instance: system
 | |
|     app.kubernetes.io/component: manager
 | |
|     app.kubernetes.io/created-by: onepassword-connect-operator
 | |
|     app.kubernetes.io/part-of: onepassword-connect-operator
 | |
|     app.kubernetes.io/managed-by: kustomize
 | |
|   name: system
 | |
| ---
 | |
| apiVersion: apps/v1
 | |
| kind: Deployment
 | |
| metadata:
 | |
|   name: onepassword-connect-operator
 | |
|   namespace: system
 | |
|   labels:
 | |
|     control-plane: controller-manager
 | |
|     app.kubernetes.io/name: deployment
 | |
|     app.kubernetes.io/instance: controller-manager
 | |
|     app.kubernetes.io/component: manager
 | |
|     app.kubernetes.io/created-by: onepassword-connect-operator
 | |
|     app.kubernetes.io/part-of: onepassword-connect-operator
 | |
|     app.kubernetes.io/managed-by: kustomize
 | |
| spec:
 | |
|   selector:
 | |
|     matchLabels:
 | |
|       name: onepassword-connect-operator
 | |
|       control-plane: onepassword-connect-operator
 | |
|   replicas: 1
 | |
|   template:
 | |
|     metadata:
 | |
|       annotations:
 | |
|         kubectl.kubernetes.io/default-container: manager
 | |
|       labels:
 | |
|         name: onepassword-connect-operator
 | |
|         control-plane: onepassword-connect-operator
 | |
|     spec:
 | |
|       # TODO(user): Uncomment the following code to configure the nodeAffinity expression
 | |
|       # according to the platforms which are supported by your solution.
 | |
|       # It is considered best practice to support multiple architectures. You can
 | |
|       # build your manager image using the makefile target docker-buildx.
 | |
|       # affinity:
 | |
|       #   nodeAffinity:
 | |
|       #     requiredDuringSchedulingIgnoredDuringExecution:
 | |
|       #       nodeSelectorTerms:
 | |
|       #         - matchExpressions:
 | |
|       #           - key: kubernetes.io/arch
 | |
|       #             operator: In
 | |
|       #             values:
 | |
|       #               - amd64
 | |
|       #               - arm64
 | |
|       #               - ppc64le
 | |
|       #               - s390x
 | |
|       #           - key: kubernetes.io/os
 | |
|       #             operator: In
 | |
|       #             values:
 | |
|       #               - linux
 | |
|       securityContext:
 | |
|         runAsNonRoot: true
 | |
|         # TODO(user): For common cases that do not require escalating privileges
 | |
|         # it is recommended to ensure that all your Pods/Containers are restrictive.
 | |
|         # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
 | |
|         # Please uncomment the following code if your project does NOT have to work on old Kubernetes
 | |
|         # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
 | |
|         # seccompProfile:
 | |
|         #   type: RuntimeDefault
 | |
|       containers:
 | |
|       - command:
 | |
|         - /manager
 | |
|         args:
 | |
|         - --leader-elect
 | |
|         - --health-probe-bind-address=:8081
 | |
|         image: 1password/onepassword-operator:latest
 | |
|         name: manager
 | |
|         env:
 | |
|           - name: OPERATOR_NAME
 | |
|             value: "onepassword-connect-operator"
 | |
|           - name: POD_NAME
 | |
|             valueFrom:
 | |
|               fieldRef:
 | |
|                 fieldPath: metadata.name
 | |
|           - name: WATCH_NAMESPACE
 | |
|             value: "default"
 | |
|           - name: POLLING_INTERVAL
 | |
|             value: "10"
 | |
|           - name: AUTO_RESTART
 | |
|             value: "false"
 | |
|           - name: OP_CONNECT_HOST
 | |
|             value: "http://onepassword-connect:8080"
 | |
|           - name: OP_CONNECT_TOKEN
 | |
|             valueFrom:
 | |
|               secretKeyRef:
 | |
|                 name: onepassword-token
 | |
|                 key: token
 | |
|           - name: MANAGE_CONNECT
 | |
|             value: "false"
 | |
| #            Uncomment the following lines to enable service account token and comment out the OP_CONNECT_TOKEN, OP_CONNECT_HOST and MANAGE_CONNECT env vars.
 | |
| #          - name: OP_SERVICE_ACCOUNT_TOKEN
 | |
| #            valueFrom:
 | |
| #              secretKeyRef:
 | |
| #                name: onepassword-service-account-token
 | |
| #                key: token
 | |
|         securityContext:
 | |
|           allowPrivilegeEscalation: false
 | |
|           capabilities:
 | |
|             drop:
 | |
|             - "ALL"
 | |
|         livenessProbe:
 | |
|           httpGet:
 | |
|             path: /healthz
 | |
|             port: 8081
 | |
|           initialDelaySeconds: 15
 | |
|           periodSeconds: 20
 | |
|         readinessProbe:
 | |
|           httpGet:
 | |
|             path: /readyz
 | |
|             port: 8081
 | |
|           initialDelaySeconds: 5
 | |
|           periodSeconds: 10
 | |
|         # TODO(user): Configure the resources accordingly based on the project requirements.
 | |
|         # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 | |
|         resources:
 | |
|           limits:
 | |
|             cpu: 500m
 | |
|             memory: 512Mi
 | |
|           requests:
 | |
|             cpu: 100m
 | |
|             memory: 128Mi
 | |
|       serviceAccountName: onepassword-connect-operator
 | |
|       terminationGracePeriodSeconds: 10
 |