Merge pull request #281 from redhat-marketplace/release/2.4.1

Release 2.4.1

authchecker/v2/pkg/authchecker/authchecker.go

@@ -109,7 +109,7 @@ func (a *AuthChecker) Reconcile(req reconcile.Request) (reconcile.Result, error)
 	err = a.Client.List(context.TODO(), secrets)
 
 	if err != nil {
-		a.Logger.Error(err, "failed to get pod")
+		a.Logger.Error(err, "failed to list secrets")
 		a.Checker.SetErr(err)
 		return reconcile.Result{}, err
 	}

v2/Makefile

@@ -2,6 +2,9 @@
 VERSION ?= $(shell cd ./tools/version && go run ./main.go)
 UNAME_S := $(shell uname -s)
 UNAME := $(shell echo `uname` | tr '[:upper:]' '[:lower:]')
+OPENSHIFT_VERSIONS ?= v4.6-v4.9
+CHANNELS ?= beta,stable
+DEFAULT_CHANNEL ?= stable
 
 export VERSION
 
@@ -56,7 +59,7 @@ IMG ?= $(OPERATOR_IMAGE)
 IMAGE ?= $(OPERATOR_IMAGE)
 # Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
 # CRD_OPTIONS ?= "crd:trivialVersions=true"
-CRD_OPTIONS ?= "crd:crdVersions={v1},trivialVersions=false,preserveUnknownFields=false"
+CRD_OPTIONS ?= "crd:crdVersions={v1}"
 
 GOPATH=$(shell go env GOPATH)
 
@@ -172,6 +175,7 @@ docker-manifest:
 	docker manifest push $(IMAGE)
 
 CSV_YAML_BUNDLE_FILE=bundle/manifests/redhat-marketplace-operator.clusterserviceversion.yaml
+ANNOTATIONS_YAML_BUNDLE_FILE=bundle/metadata/annotations.yaml
 CREATED_TIME ?= $(shell date +"%FT%H:%M:%SZ")
 
 # Generate bundle manifests and metadata, then validate generated files.
@@ -185,6 +189,7 @@ bundle: clean manifests kustomize helm operator-sdk yq
 	--set authCheckImage=$(AUTHCHECK_IMAGE) \
 	--set dqLiteImage=$(DQLITE_IMAGE) \
 	--post-renderer ./config/manifests/kustomize | $(OPERATOR_SDK) generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS)
+	$(YQ) eval -i '.annotations."com.redhat.openshift.versions" = "$(OPENSHIFT_VERSIONS)"' $(ANNOTATIONS_YAML_BUNDLE_FILE)
 	$(YQ) eval -i '.spec.webhookdefinitions[].targetPort = 9443' $(CSV_YAML_BUNDLE_FILE)
 	$(YQ) eval -i '.spec.webhookdefinitions[].containerPort = 9443' $(CSV_YAML_BUNDLE_FILE)
 	$(YQ) eval -i ".metadata.annotations.containerImage = \"$(OPERATOR_IMAGE)\"" $(CSV_YAML_BUNDLE_FILE)
@@ -325,3 +330,17 @@ PIDs ?=
 wait-and-publish:
 	cd tools/connect ; \
 	go run main.go wait-and-publish --timeout $(TIMEOUT) --tag $(TAG) $(PIDS)
+
+# Pin images in bundle
+.PHONY: bundle-pin-images
+bundle-pin-images:
+	docker run \
+	--pull always \
+	-v ${HOME}/.docker:/dockercfg \
+	-v $(shell pwd)/bundle/manifests:/manifests quay.io/operator-framework/operator-manifest-tools:latest \
+	pinning pin -a /dockercfg/config.json /manifests
+
+# Run certification test
+.PHONY: test-certify
+test-certify: bundle bundle-pin-images
+	cd hack/certify && ./certify.sh

v2/apis/marketplace/v1alpha1/remoteresources3_types.go

@@ -145,6 +145,7 @@ type Header map[string]string
 
 // RemoteResourceS3Spec defines the desired state of RemoteResourceS3
 // +k8s:openapi-gen=true
+// +kubebuilder:pruning:PreserveUnknownFields
 type RemoteResourceS3Spec struct {
 	// +operator-sdk:gen-csv:customresourcedefinitions.specDescriptors=true
 	// Auth provides options to authenticate to a remote location

v2/assets/prometheus-operator/deployment-v4.5.yaml

@@ -26,13 +26,13 @@ spec:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
-            - matchExpressions:
-                - key: kubernetes.io/arch
-                  operator: In
-                  values:
-                    - amd64
-                    - ppc64le
-                    - s390x    
+              - matchExpressions:
+                  - key: kubernetes.io/arch
+                    operator: In
+                    values:
+                      - amd64
+                      - ppc64le
+                      - s390x
       containers:
         - image: redhat-marketplace-authcheck:latest
           imagePullPolicy: IfNotPresent
@@ -43,13 +43,13 @@ spec:
               memory: 20Mi
             limits:
               cpu: 10m
-              memory: 25Mi              
+              memory: 25Mi
           terminationMessagePolicy: FallbackToLogsOnError
           securityContext:
             allowPrivilegeEscalation: false
             capabilities:
               drop:
-              - ALL
+                - ALL
             privileged: false
             readOnlyRootFilesystem: true
             runAsNonRoot: true
@@ -76,15 +76,15 @@ spec:
               memory: 60Mi
             limits:
               cpu: 10m
-              memory: 60Mi              
+              memory: 200Mi
           securityContext:
             allowPrivilegeEscalation: false
             capabilities:
               drop:
-              - ALL
+                - ALL
             privileged: false
             readOnlyRootFilesystem: true
-            runAsNonRoot: true 
+            runAsNonRoot: true
           terminationMessagePolicy: FallbackToLogsOnError
           volumeMounts:
             - mountPath: /etc/tls/private
@@ -109,15 +109,15 @@ spec:
               memory: 40Mi
             limits:
               cpu: 1m
-              memory: 40Mi           
+              memory: 40Mi
           securityContext:
             allowPrivilegeEscalation: false
             capabilities:
               drop:
-              - ALL
+                - ALL
             privileged: false
             readOnlyRootFilesystem: true
-            runAsNonRoot: true 
+            runAsNonRoot: true
           terminationMessagePolicy: FallbackToLogsOnError
           volumeMounts:
             - mountPath: /etc/tls/private

v2/assets/prometheus-operator/deployment-v4.6.yaml

@@ -71,7 +71,7 @@ spec:
               memory: 60Mi
             limits:
               cpu: 10m
-              memory: 60Mi
+              memory: 200Mi
           securityContext:
             allowPrivilegeEscalation: false
             capabilities:

v2/assets/razee/rrs3-controller-deployment.yaml

@@ -91,14 +91,18 @@ spec:
               memory: 75Mi
           terminationMessagePolicy: FallbackToLogsOnError
           volumeMounts:
-            - mountPath: /usr/src/app/download-cache
+            - mountPath: /home/node/download-cache
               name: cache-volume
+            - mountPath: /usr/src/app/download-cache
+              name: cache-volume-2
             - mountPath: /usr/src/app/config
               name: razeedeploy-config
       serviceAccountName: redhat-marketplace-remoteresources3deployment
       volumes:
         - emptyDir: {}
           name: cache-volume
+        - emptyDir: {}
+          name: cache-volume-2
         - configMap:
             defaultMode: 440
             name: razeedeploy-config

v2/config/crd/bases/marketplace.redhat.com_marketplaceconfigs.yaml

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.7.0
   creationTimestamp: null
   name: marketplaceconfigs.marketplace.redhat.com
 spec:

v2/config/crd/bases/marketplace.redhat.com_meterbases.yaml

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.7.0
   creationTimestamp: null
   name: meterbases.marketplace.redhat.com
 spec:

v2/config/crd/bases/marketplace.redhat.com_meterdefinitions.yaml

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.7.0
   creationTimestamp: null
   name: meterdefinitions.marketplace.redhat.com
 spec:

v2/config/crd/bases/marketplace.redhat.com_meterreports.yaml

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.7.0
   creationTimestamp: null
   name: meterreports.marketplace.redhat.com
 spec:

v2/config/crd/bases/marketplace.redhat.com_razeedeployments.yaml

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.7.0
   creationTimestamp: null
   name: razeedeployments.marketplace.redhat.com
 spec:

v2/config/crd/bases/marketplace.redhat.com_remoteresources3s.yaml

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.7.0
   creationTimestamp: null
   name: remoteresources3s.marketplace.redhat.com
 spec:
@@ -209,6 +209,7 @@ spec:
                   type: object
                 type: array
             type: object
+            x-kubernetes-preserve-unknown-fields: true
           status:
             description: RemoteResourceS3Status defines the observed state of RemoteResourceS3
             properties:

v2/config/rbac/classic/role.yaml

@@ -12,30 +12,6 @@ rules:
       - '*'
     verbs:
       - '*'
-  - apiGroups:
-      - ''
-    resources:
-      - namespaces
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - apiextensions.k8s.io
-    resources:
-      - customresourcedefinitions
-    verbs:
-      - update
-    resourceNames:
-      - meterdefinitions.marketplace.redhat.com
-  - apiGroups:
-      - 'route.openshift.io'
-    resources:
-      - routes
-    verbs:
-      - get
-      - list
-      - watch
 ---
 # Source: redhat-marketplace-operator-template-chart/templates/role.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -205,7 +181,9 @@ rules:
       - ''
     resources:
       - pods
+      - secrets
     verbs:
+      - get
       - watch
       - list
 ---
@@ -229,6 +207,7 @@ rules:
     resources:
       - secrets
     verbs:
+      - get
       - list
       - watch
 ---

v2/controllers/marketplace/razeedeployment_controller.go

@@ -15,6 +15,7 @@
 package marketplace
 
 import (
+	"bytes"
 	"context"
 	"fmt"
 	"reflect"
@@ -24,6 +25,7 @@ import (
 
 	"github.com/go-logr/logr"
 	"github.com/gotidy/ptr"
+	"github.com/imdario/mergo"
 	marketplacev1alpha1 "github.com/redhat-marketplace/redhat-marketplace-operator/v2/apis/marketplace/v1alpha1"
 	"github.com/redhat-marketplace/redhat-marketplace-operator/v2/pkg/config"
 	"github.com/redhat-marketplace/redhat-marketplace-operator/v2/pkg/manifests"
@@ -911,7 +913,7 @@ func (r *RazeeDeploymentReconciler) Reconcile(request reconcile.Request) (reconc
 			return reconcile.Result{}, err
 		}
 
-		if !reflect.DeepEqual(watchKeeperSecret.Data, updatedWatchKeeperSecret.Data) {
+		if !isMapStringByteEqual(watchKeeperSecret.Data, updatedWatchKeeperSecret.Data) {
 			err = r.Client.Update(context.TODO(), &watchKeeperSecret)
 			if err != nil {
 				reqLogger.Error(err, "Failed to create resource", "resource: ", utils.WATCH_KEEPER_SECRET_NAME)
@@ -981,13 +983,13 @@ func (r *RazeeDeploymentReconciler) Reconcile(request reconcile.Request) (reconc
 			return reconcile.Result{}, err
 		}
 
-		if !reflect.DeepEqual(ibmCosReaderKey.Data, updatedibmCosReaderKey.Data) {
+		if !isMapStringByteEqual(ibmCosReaderKey.Data, updatedibmCosReaderKey.Data) {
 			err = r.Client.Update(context.TODO(), &ibmCosReaderKey)
 			if err != nil {
-				reqLogger.Error(err, "Failed to create resource", "resource: ", utils.WATCH_KEEPER_SECRET_NAME)
+				reqLogger.Error(err, "Failed to create resource", "resource: ", utils.COS_READER_KEY_NAME)
 				return reconcile.Result{}, err
 			}
-			reqLogger.Info("Resource updated successfully", "resource: ", utils.WATCH_KEEPER_SECRET_NAME)
+			reqLogger.Info("Resource updated successfully", "resource: ", utils.COS_READER_KEY_NAME)
 			return reconcile.Result{Requeue: true}, nil
 		}
 
@@ -1877,15 +1879,15 @@ func (r *RazeeDeploymentReconciler) createOrUpdateRemoteResourceS3Deployment(
 	instance *marketplacev1alpha1.RazeeDeployment,
 ) (reconcile.Result, error) {
 	rrs3Deployment, err := r.factory.NewRemoteResourceS3Deployment()
-
 	if err != nil {
 		return reconcile.Result{}, err
 	}
 
 	err = retry.RetryOnConflict(retry.DefaultBackoff, func() error {
 		_, err := controllerutil.CreateOrUpdate(context.TODO(), r.Client, rrs3Deployment, func() error {
-			r.factory.SetControllerReference(instance, rrs3Deployment)
-			return r.factory.UpdateRemoteResourceS3Deployment(rrs3Deployment)
+			rrs3Dep, _ := r.factory.NewRemoteResourceS3Deployment()
+			r.factory.SetControllerReference(instance, rrs3Dep)
+			return mergo.Merge(rrs3Deployment, rrs3Dep, mergo.WithOverride)
 		})
 		return err
 	})
@@ -1922,8 +1924,9 @@ func (r *RazeeDeploymentReconciler) createOrUpdateWatchKeeperDeployment(
 
 	err = retry.RetryOnConflict(retry.DefaultBackoff, func() error {
 		_, err := controllerutil.CreateOrUpdate(context.TODO(), r.Client, watchKeeperDeployment, func() error {
-			r.factory.SetControllerReference(instance, watchKeeperDeployment)
-			return r.factory.UpdateWatchKeeperDeployment(watchKeeperDeployment)
+			watchKeeperDep, _ := r.factory.NewWatchKeeperDeployment()
+			r.factory.SetControllerReference(instance, watchKeeperDep)
+			return mergo.Merge(watchKeeperDeployment, watchKeeperDep, mergo.WithOverride)
 		})
 		return err
 	})
@@ -1948,3 +1951,25 @@ func (r *RazeeDeploymentReconciler) createOrUpdateWatchKeeperDeployment(
 
 	return reconcile.Result{}, nil
 }
+
+func isMapStringByteEqual(d1, d2 map[string][]byte) bool {
+	for key, value := range d1 {
+		value2, ok := d2[key]
+		if !ok {
+			return false
+		}
+
+		if bytes.Compare(value, value2) != 0 {
+			return false
+		}
+	}
+
+	for key := range d2 {
+		_, ok := d1[key]
+		if !ok {
+			return false
+		}
+	}
+
+	return true
+}