From f23780202ba8935e112babd3852cc4e19116e510 Mon Sep 17 00:00:00 2001 From: Rashmi Gottipati Date: Tue, 13 Apr 2021 14:21:38 -0400 Subject: [PATCH 1/4] Release v1.6.0 Signed-off-by: Rashmi Gottipati --- Makefile | 2 +- changelog/fragments/add-declarative.yaml | 7 - changelog/fragments/add-plugins.yaml | 7 - changelog/fragments/add_common_kb.yaml | 60 ------ changelog/fragments/alpha-config-gen.yaml | 6 - changelog/fragments/ansible-2.10.7.yaml | 5 - changelog/fragments/ansible-dep-bump.yaml | 21 -- changelog/fragments/ansible-helm-flags.yaml | 109 ---------- .../fragments/ansible-helm-makefile-help.yaml | 35 --- changelog/fragments/ansible-helm-ssc.yaml | 46 ---- changelog/fragments/bugfix-csv-webhooks.yaml | 32 --- .../fragments/ca-secret-name-run-bundle.yaml | 5 - .../fragments/helm-handle-list-kind.yaml | 11 - .../fragments/helm-uninstall-wait-anno.yml | 6 - changelog/fragments/kubebuilder-646f742.yaml | 32 --- changelog/fragments/make-catalog-build.yaml | 72 ------- .../fragments/mark-variables-unsafe.yaml | 5 - .../fragments/optional-flags-cleanup.yaml | 5 - .../pin-ansible-galaxy-collections.yaml | 11 - .../fragments/run-bundle-with-secret.yaml | 10 - changelog/fragments/service_account.yaml | 86 -------- .../fragments/update-ansible-collections.yaml | 5 - changelog/fragments/urllib3-1.26.4.yaml | 5 - ...ipenv-for-python-package-installation.yaml | 18 -- changelog/generated/v1.6.0.md | 50 +++++ website/config.toml | 4 + .../content/en/docs/installation/_index.md | 2 +- .../en/docs/upgrading-sdk-version/v1.6.0.md | 201 ++++++++++++++++++ 28 files changed, 257 insertions(+), 601 deletions(-) delete mode 100644 changelog/fragments/add-declarative.yaml delete mode 100644 changelog/fragments/add-plugins.yaml delete mode 100644 changelog/fragments/add_common_kb.yaml delete mode 100644 changelog/fragments/alpha-config-gen.yaml delete mode 100644 changelog/fragments/ansible-2.10.7.yaml delete mode 100644 changelog/fragments/ansible-dep-bump.yaml delete mode 100644 changelog/fragments/ansible-helm-flags.yaml delete mode 100644 changelog/fragments/ansible-helm-makefile-help.yaml delete mode 100644 changelog/fragments/ansible-helm-ssc.yaml delete mode 100644 changelog/fragments/bugfix-csv-webhooks.yaml delete mode 100644 changelog/fragments/ca-secret-name-run-bundle.yaml delete mode 100644 changelog/fragments/helm-handle-list-kind.yaml delete mode 100644 changelog/fragments/helm-uninstall-wait-anno.yml delete mode 100644 changelog/fragments/kubebuilder-646f742.yaml delete mode 100644 changelog/fragments/make-catalog-build.yaml delete mode 100644 changelog/fragments/mark-variables-unsafe.yaml delete mode 100644 changelog/fragments/optional-flags-cleanup.yaml delete mode 100644 changelog/fragments/pin-ansible-galaxy-collections.yaml delete mode 100644 changelog/fragments/run-bundle-with-secret.yaml delete mode 100644 changelog/fragments/service_account.yaml delete mode 100644 changelog/fragments/update-ansible-collections.yaml delete mode 100644 changelog/fragments/urllib3-1.26.4.yaml delete mode 100644 changelog/fragments/use-pipenv-for-python-package-installation.yaml create mode 100644 changelog/generated/v1.6.0.md create mode 100644 website/content/en/docs/upgrading-sdk-version/v1.6.0.md diff --git a/Makefile b/Makefile index f747d7c3a6..e33d869897 100644 --- a/Makefile +++ b/Makefile @@ -4,7 +4,7 @@ SHELL = /bin/bash # This value must be updated to the release tag of the most recent release, a change that must # occur in the release commit. IMAGE_VERSION will be removed once each subproject that uses this # version is moved to a separate repo and release process. -export IMAGE_VERSION = v1.5.0 +export IMAGE_VERSION = v1.6.0 # Build-time variables to inject into binaries export SIMPLE_VERSION = $(shell (test "$(shell git describe)" = "$(shell git describe --abbrev=0)" && echo $(shell git describe)) || echo $(shell git describe --abbrev=0)+git) export GIT_VERSION = $(shell git describe --dirty --tags --always) diff --git a/changelog/fragments/add-declarative.yaml b/changelog/fragments/add-declarative.yaml deleted file mode 100644 index ceec21f075..0000000000 --- a/changelog/fragments/add-declarative.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# entries is a list of entries to include in -# release notes and/or the migration guide -entries: - - description: > - For Golang-based operators, added the `declarative.go/v1` plugin which customizes initialized projects with patterns from [kubernetes-sigs/kubebuilder-declarative-pattern](https://github.com/kubernetes-sigs/kubebuilder-declarative-pattern). (e.g `operator-sdk create api --plugins=go/v3,declarative`) - kind: "addition" - breaking: false diff --git a/changelog/fragments/add-plugins.yaml b/changelog/fragments/add-plugins.yaml deleted file mode 100644 index fc39ab0ddc..0000000000 --- a/changelog/fragments/add-plugins.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# entries is a list of entries to include in -# release notes and/or the migration guide -entries: - - description: > - Added `kustomize.common/v1` plugin which scaffolds the a commonly used project base that leverages `kustomize`. - kind: "addition" - breaking: false diff --git a/changelog/fragments/add_common_kb.yaml b/changelog/fragments/add_common_kb.yaml deleted file mode 100644 index 30b4088865..0000000000 --- a/changelog/fragments/add_common_kb.yaml +++ /dev/null @@ -1,60 +0,0 @@ -# entries is a list of entries to include in -# release notes and/or the migration guide -entries: - - description: > - (ansible/v1,helm/v1) Add componentConfig option. For further information check [here](https://master.book.kubebuilder.io/component-config-tutorial/tutorial.html) - kind: "addition" - breaking: false - migration: - header: (ansible/v1,helm/v1) Add componentConfig option. - body: > - To add this option your project you will need to: - - Create the file [/config/default/manager_config_patch.yaml](https://github.com/operator-framework/operator-sdk/blob/v1.6.0/testdata/ansible/memcached-operator/config/default/manager_config_patch.yaml). - - Create the file [/config/default/manager_config_patch.yaml](https://github.com/operator-framework/operator-sdk/blob/v1.6.0/testdata/ansible/memcached-operator/config/manager/controller_manager_config.yaml) . - - Update the `config/default/kustomization.yaml` by adding: - ```yaml - # Mount the controller config file for loading manager configurations - # through a ComponentConfig type - #- manager_config_patch.yaml - ``` - - Update the `config/manager/kustomization.yaml` by adding: - ```yaml - generatorOptions: - disableNameSuffixHash: true - - configMapGenerator: - - files: - - controller_manager_config.yaml - name: manager-config - apiVersion: kustomize.config.k8s.io/v1beta1 - kind: Kustomization - images: - - name: controller - newName: quay.io/example/memcached-operator - newTag: v0.0.1 - ``` - - description: > - (golang/v3) Not scaffold the specific webhooks config manifests by default - kind: "bugfix" - - # Is this a breaking change? - breaking: false - - description: > - (ansible/v1,helm/v1) Add rules for leader election - kind: "addition" - - # Is this a breaking change? - breaking: false - migration: - header: (ansible/v1,helm/v1) Add rules for leader election. - body: > - Add the rule for the `apiGroups` `coordination.k8s.io` and the resource `leases` in config/rbac/leader_election_role.yaml: - ```yaml - rules: - - apiGroups: - - "" - - coordination.k8s.io - resources: - - configmaps - - leases - ``` diff --git a/changelog/fragments/alpha-config-gen.yaml b/changelog/fragments/alpha-config-gen.yaml deleted file mode 100644 index 78676f21ff..0000000000 --- a/changelog/fragments/alpha-config-gen.yaml +++ /dev/null @@ -1,6 +0,0 @@ -entries: - - description: > - Added [`alpha config-gen`](https://github.com/kubernetes-sigs/kubebuilder/tree/master/pkg/cli/alpha/config-gen), - a kustomize plugin to specialize configuration for kubebuilder-style projects. This feature is *alpha* - and subject to breaking changes. - kind: addition diff --git a/changelog/fragments/ansible-2.10.7.yaml b/changelog/fragments/ansible-2.10.7.yaml deleted file mode 100644 index ed142a4d2d..0000000000 --- a/changelog/fragments/ansible-2.10.7.yaml +++ /dev/null @@ -1,5 +0,0 @@ -entries: - - description: > - Bumped ansible and ansible-base in ansible-operator-base and ansible-operator images - to 2.10.7 for a security fix. - kind: change diff --git a/changelog/fragments/ansible-dep-bump.yaml b/changelog/fragments/ansible-dep-bump.yaml deleted file mode 100644 index 5f5c834822..0000000000 --- a/changelog/fragments/ansible-dep-bump.yaml +++ /dev/null @@ -1,21 +0,0 @@ -entries: - - description: | - For Ansible-based Operators: Update Python dependencies. - - openshift (0.11.2 -> 0.12.0) - - kubernetes (11.0.0 -> 12.0.1) - - ansible-runner (1.4.6 -> 1.4.7) - - ansible (2.9.15 -> 2.9.19) - kind: "change" - breaking: false - - - description: | - (ansible/v1) Update scaffolded requirements.yml to pull in newer versions of the Ansible collections. - - community.kubernetes (1.1.1 -> 1.2.1) - - operator_sdk.util (0.1.0 -> 0.2.0) - kind: "change" - breaking: false - migration: - header: (ansible/v1) Update Ansible collections - body: > - In your requirements.yml, change the `version` field for community.kubernetes to `1.2.1`, - and the `version` field for `operator_sdk.util` to `0.2.0`. diff --git a/changelog/fragments/ansible-helm-flags.yaml b/changelog/fragments/ansible-helm-flags.yaml deleted file mode 100644 index d2defe3055..0000000000 --- a/changelog/fragments/ansible-helm-flags.yaml +++ /dev/null @@ -1,109 +0,0 @@ -# entries is a list of entries to include in -# release notes and/or the migration guide -entries: - - description: > - (ansible/v1, helm/v1) The flags `--enable-leader-election` and `--metrics-addr` were deprecated in favor of `--leader-elect` and `--metrics-bind-address`, respectively, to follow upstream conventions. - - # kind is one of: - # - addition - # - change - # - deprecation - # - removal - # - bugfix - kind: "deprecation" - - # Is this a breaking change? - breaking: false - - # NOTE: ONLY USE `pull_request_override` WHEN ADDING THIS - # FILE FOR A PREVIOUSLY MERGED PULL_REQUEST! - # - # The generator auto-detects the PR number from the commit - # message in which this file was originally added. - # - # What is the pull request number (without the "#")? - # pull_request_override: 0 - - - # Migration can be defined to automatically add a section to - # the migration guide. This is required for breaking changes. - migration: - header: (helm/v1) Replace deprecated leader election and metrics address flags - body: > - Replace deprecated flags `--enable-leader-election` and `--metrics-addr` with `--leader-elect` and `--metrics-bind-address`, respectively. - - description: > - (helm/v1) Explicitly set `--health-probe-bind-address` in the manager's auth proxy patch. - - # kind is one of: - # - addition - # - change - # - deprecation - # - removal - # - bugfix - kind: "change" - - # Is this a breaking change? - breaking: false - - # NOTE: ONLY USE `pull_request_override` WHEN ADDING THIS - # FILE FOR A PREVIOUSLY MERGED PULL_REQUEST! - # - # The generator auto-detects the PR number from the commit - # message in which this file was originally added. - # - # What is the pull request number (without the "#")? - # pull_request_override: 0 - - - # Migration can be defined to automatically add a section to - # the migration guide. This is required for breaking changes. - migration: - header: (helm/v1) Explicitly set `--health-probe-bind-address` in the manager's auth proxy patch. - body: > - Add the arg `--health-probe-bind-address=:8081` to the `config/default/manager_auth_proxy_patch.yaml`: - ```yaml - - "--health-probe-bind-address=:8081" - - "--metrics-bind-address=127.0.0.1:8080" - - "--leader-elect" - ``` - - description: > - (ansible/v1) Explicitly set `--health-probe-bind-address` in the manager's auth proxy patch. - - # kind is one of: - # - addition - # - change - # - deprecation - # - removal - # - bugfix - kind: "change" - - # Is this a breaking change? - breaking: false - - # NOTE: ONLY USE `pull_request_override` WHEN ADDING THIS - # FILE FOR A PREVIOUSLY MERGED PULL_REQUEST! - # - # The generator auto-detects the PR number from the commit - # message in which this file was originally added. - # - # What is the pull request number (without the "#")? - # pull_request_override: 0 - - - # Migration can be defined to automatically add a section to - # the migration guide. This is required for breaking changes. - migration: - header: (ansible/v1) Explicitly set `--health-probe-bind-address` in the manager's auth proxy patch. - body: > - Add the arg `--health-probe-bind-address=:8081` to the `config/default/manager_auth_proxy_patch.yaml`: - ```yaml - - "--health-probe-bind-address=:6789" - - "--metrics-bind-address=127.0.0.1:6789" - - "--leader-elect" - ``` - - - - - - diff --git a/changelog/fragments/ansible-helm-makefile-help.yaml b/changelog/fragments/ansible-helm-makefile-help.yaml deleted file mode 100644 index fed0ba39ef..0000000000 --- a/changelog/fragments/ansible-helm-makefile-help.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# entries is a list of entries to include in -# release notes and/or the migration guide -entries: - - description: > - (helm/v1, ansible/v1) Added Makefile `help` target - - # kind is one of: - # - addition - # - change - # - deprecation - # - removal - # - bugfix - kind: "addition" - - # Is this a breaking change? - breaking: false - - # NOTE: ONLY USE `pull_request_override` WHEN ADDING THIS - # FILE FOR A PREVIOUSLY MERGED PULL_REQUEST! - # - # The generator auto-detects the PR number from the commit - # message in which this file was originally added. - # - # What is the pull request number (without the "#")? - # pull_request_override: 0 - - - # Migration can be defined to automatically add a section to - # the migration guide. This is required for breaking changes. - migration: - header: (helm/v1, ansible/v1) Add `help` target to Makefile. - body: > - Ansible/Helm projects now provide a Makefile `help` target, similar to a `--help` flag. - You can copy and paste this target from the relevant sample's Makefile - ([helm]((https://github.com/operator-framework/operator-sdk/blob/v1.5.0/testdata/helm/memcached-operator/Makefile), [ansible]((https://github.com/operator-framework/operator-sdk/blob/v1.5.0/testdata/ansible/memcached-operator/Makefile)). diff --git a/changelog/fragments/ansible-helm-ssc.yaml b/changelog/fragments/ansible-helm-ssc.yaml deleted file mode 100644 index 28e1035d9a..0000000000 --- a/changelog/fragments/ansible-helm-ssc.yaml +++ /dev/null @@ -1,46 +0,0 @@ -# entries is a list of entries to include in -# release notes and/or the migration guide -entries: - - description: > - ansible/v1, helm/v1) Added `securityContext`'s to the manager's Deployment to disallow running as root user. - - # kind is one of: - # - addition - # - change - # - deprecation - # - removal - # - bugfix - kind: "addition" - - # Is this a breaking change? - breaking: false - - # NOTE: ONLY USE `pull_request_override` WHEN ADDING THIS - # FILE FOR A PREVIOUSLY MERGED PULL_REQUEST! - # - # The generator auto-detects the PR number from the commit - # message in which this file was originally added. - # - # What is the pull request number (without the "#")? - # pull_request_override: 0 - - - # Migration can be defined to automatically add a section to - # the migration guide. This is required for breaking changes. - migration: - header: (ansible/v1, helm/v1) Add `securityContext`'s to your manager's Deployment. - body: > - In `config/manager/manager.yaml`, add the following security contexts: - ```yaml - spec: - ... - template: - ... - spec: - securityContext: - runAsNonRoot: true - containers: - - name: manager - securityContext: - allowPrivilegeEscalation: false - ``` diff --git a/changelog/fragments/bugfix-csv-webhooks.yaml b/changelog/fragments/bugfix-csv-webhooks.yaml deleted file mode 100644 index 6d519f56bb..0000000000 --- a/changelog/fragments/bugfix-csv-webhooks.yaml +++ /dev/null @@ -1,32 +0,0 @@ -entries: - - description: > - (manifests/v2) Added a `config/manifests` kustomize patch to remove the cert-manager - volume and volumeMount from manifests destined for `generate ` - kind: bugfix - migration: - header: (manifests/v2) Add a kustomize patch to remove the cert-manager volume/volumeMount from your CSV - body: > - OLM does [not yet support cert-manager](https://olm.operatorframework.io/docs/advanced-tasks/adding-admission-and-conversion-webhooks/#certificate-authority-requirements), - so a JSON patch was added to remove this volume and mount such that - OLM can itself create and manage certs for your Operator. - - In `config/manifests/kustomization.yaml`, add the following: - - ```yaml - patchesJson6902: - - target: - group: apps - version: v1 - kind: Deployment - name: controller-manager - namespace: system - patch: |- - # Remove the manager container's "cert" volumeMount, since OLM will create and mount a set of certs. - # Update the indices in this path if adding or removing containers/volumeMounts in the manager's Deployment. - - op: remove - path: /spec/template/spec/containers/1/volumeMounts/0 - # Remove the "cert" volume, since OLM will create and mount a set of certs. - # Update the indices in this path if adding or removing volumes in the manager's Deployment. - - op: remove - path: /spec/template/spec/volumes/0 - ``` diff --git a/changelog/fragments/ca-secret-name-run-bundle.yaml b/changelog/fragments/ca-secret-name-run-bundle.yaml deleted file mode 100644 index 222abf840a..0000000000 --- a/changelog/fragments/ca-secret-name-run-bundle.yaml +++ /dev/null @@ -1,5 +0,0 @@ -entries: - - description: > - Added `--ca-secret-name` to `run bundle` and `run bundle-upgrade` to configure - the registry Pod with an in-cluster certificate Secret to use TLS with a private registry. - kind: addition diff --git a/changelog/fragments/helm-handle-list-kind.yaml b/changelog/fragments/helm-handle-list-kind.yaml deleted file mode 100644 index 6192990fed..0000000000 --- a/changelog/fragments/helm-handle-list-kind.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# entries is a list of entries to include in -# release notes and/or the migration guide -entries: - - description: > - For Helm-based operators, fixes handling of `kind: List` whereby the - operator fails when trying to set watch on the object. The fix now sets - the watch on the objects of the list instead. - - kind: "bugfix" - - breaking: false diff --git a/changelog/fragments/helm-uninstall-wait-anno.yml b/changelog/fragments/helm-uninstall-wait-anno.yml deleted file mode 100644 index 19e9b8358a..0000000000 --- a/changelog/fragments/helm-uninstall-wait-anno.yml +++ /dev/null @@ -1,6 +0,0 @@ -entries: - - description: > - For Helm based-operators, added annotation `helm.sdk.operatorframework.io/uninstall-wait: "true"` - to allow all resources to be deleted before removing the custom resource's finalizer. - kind: "addition" - breaking: false diff --git a/changelog/fragments/kubebuilder-646f742.yaml b/changelog/fragments/kubebuilder-646f742.yaml deleted file mode 100644 index adfe352b81..0000000000 --- a/changelog/fragments/kubebuilder-646f742.yaml +++ /dev/null @@ -1,32 +0,0 @@ -entries: - - description: > - (go/v2, go/v3, ansible/v1, helm/v1) Fixed the Prometheus `ServiceMonitor` metrics endpoint, - which was not configured to be scraped correctly. - kind: bugfix - migration: - header: (go/v2, go/v3, ansible/v1, helm/v1) Add scheme, token, and TLS config to the Prometheus `ServiceMonitor` metrics endpoint. - body: > - The `/metrics` endpoint, while specifying the `https` port on the manager Pod, was not actually configured - to serve over https because no tlsConfig was set. Since kube-rbac-proxy secures this endpoint as a - manager sidecar, using the service account token mounted into the Pod by default corrects this problem. - - The changes should look like: - - ```diff - # config/prometheus/monitor.yaml - - spec: - endpoints: - - path: /metrics - port: https - + scheme: https - + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - + tlsConfig: - + insecureSkipVerify: true - selector: - matchLabels: - control-plane: controller-manager - ``` - - **Note:** if you have removed kube-rbac-proxy from your project, make sure to secure the `/metrics` - endpoint using a proper [TLS configuration](https://prometheus.io/docs/guides/tls-encryption/). diff --git a/changelog/fragments/make-catalog-build.yaml b/changelog/fragments/make-catalog-build.yaml deleted file mode 100644 index 02787af1ca..0000000000 --- a/changelog/fragments/make-catalog-build.yaml +++ /dev/null @@ -1,72 +0,0 @@ -entries: - - description: > - (go/v2, go/v3, ansible/v1, helm/v1) Added the `opm` and `catalog-build` Makefile targets to - download [`opm`](https://github.com/operator-framework/operator-registry/blob/v1.15.1/docs/design/opm-tooling.md) - and build operator catalogs either from scratch or an existing catalog. - kind: addition - migration: - header: (go/v2, go/v3, ansible/v1, helm/v1) Add `opm` and `catalog-build` Makefile targets - body: > - The `opm` and `catalog-build` Makefile targets were added so operator developers who - want to create their own catalogs for their operator or add their operator's bundle(s) to an - existing catalog can do so. If this sounds like you, add the following lines to the bottom - of your Makefile: - - ```make - .PHONY: opm - OPM = ./bin/opm - opm: - ifeq (,$(wildcard $(OPM))) - ifeq (,$(shell which opm 2>/dev/null)) - @{ \ - set -e ;\ - mkdir -p $(dir $(OPM)) ;\ - curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.15.1/$(OS)-$(ARCH)-opm ;\ - chmod +x $(OPM) ;\ - } - else - OPM = $(shell which opm) - endif - endif - - BUNDLE_IMGS ?= $(BUNDLE_IMG) - CATALOG_IMG ?= $(IMAGE_TAG_BASE)-catalog:v$(VERSION) - ifneq ($(origin CATALOG_BASE_IMG), undefined) - FROM_INDEX_OPT := --from-index $(CATALOG_BASE_IMG) - endif - .PHONY: catalog-build - catalog-build: opm - $(OPM) index add --container-tool docker --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT) - - # Push the catalog image. - .PHONY: catalog-push - catalog-push: - $(MAKE) docker-push IMG=$(CATALOG_IMG) - ``` - - If updating a Go operator project, additionally add the following Makefile variables: - - ```make - OS = $(shell go env GOOS) - ARCH = $(shell go env GOARCH) - ``` - - description: > - (go/v2, go/v3, ansible/v1, helm/v1) Changed `BUNDLE_IMG` and added `IMAGE_TAG_BASE` Makefile variables - to allow one line bundle and catalog image builds. - kind: change - migration: - header: (go/v2, go/v3, ansible/v1, helm/v1) Changed `BUNDLE_IMG` and added `IMAGE_TAG_BASE` Makefile variables - body: > - The following Makefile changes were made to allow `make bundle-build bundle-push catalog-build catalog-push` - and encode image repo/namespace information in the Makefile by default: - - ```diff - +IMAGE_TAG_BASE ?= / - + - -BUNDLE_IMG ?= controller-bundle:$(VERSION) - +BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION) - ``` - - For example, if `IMAGE_TAG_BASE ?= foo/bar-operator` then running `make bundle-build bundle-push catalog-build catalog-push` - would build `foo/bar-operator-bundle:v0.0.1` and `foo/bar-operator-catalog:v0.0.1` then push them to the - `docker.io/foo` namespaced registry. diff --git a/changelog/fragments/mark-variables-unsafe.yaml b/changelog/fragments/mark-variables-unsafe.yaml deleted file mode 100644 index 933b62663e..0000000000 --- a/changelog/fragments/mark-variables-unsafe.yaml +++ /dev/null @@ -1,5 +0,0 @@ -entries: - - description: > - Mark the input variables from custom resources as unsafe by default in Ansible operators. - kind: bugfix - breaking: false diff --git a/changelog/fragments/optional-flags-cleanup.yaml b/changelog/fragments/optional-flags-cleanup.yaml deleted file mode 100644 index 67f03584bb..0000000000 --- a/changelog/fragments/optional-flags-cleanup.yaml +++ /dev/null @@ -1,5 +0,0 @@ -entries: - - description: > - Added new optional flags `--delete-all`, `--delete-crds` and `--delete-operator-groups` to the cleanup command - kind: "addition" - breaking: false diff --git a/changelog/fragments/pin-ansible-galaxy-collections.yaml b/changelog/fragments/pin-ansible-galaxy-collections.yaml deleted file mode 100644 index 3f4cadf7b0..0000000000 --- a/changelog/fragments/pin-ansible-galaxy-collections.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# entries is a list of entries to include in -# release notes and/or the migration guide -entries: - - description: > - For Ansible-based operators, collections as main dependencies for the operator installed with ansible-galaxy are - pinned to specific versions to prevent hard to track bugs. - - kind: change - - # Is this a breaking change? - breaking: false diff --git a/changelog/fragments/run-bundle-with-secret.yaml b/changelog/fragments/run-bundle-with-secret.yaml deleted file mode 100644 index 9ecb4f2619..0000000000 --- a/changelog/fragments/run-bundle-with-secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ -entries: - - description: > - Added `--service-account` to `run bundle` and `run bundle-upgrade` to bind - registry objects to a non-default service account. - kind: addition - - description: > - Added `--pull-secret-name` to `run bundle` and `run bundle-upgrade` to configure - the registry Pod with an in-cluster docker config Secret - to pull bundle images from private registries. - kind: addition diff --git a/changelog/fragments/service_account.yaml b/changelog/fragments/service_account.yaml deleted file mode 100644 index a593b6b8b3..0000000000 --- a/changelog/fragments/service_account.yaml +++ /dev/null @@ -1,86 +0,0 @@ -# entries is a list of entries to include in -# release notes and/or the migration guide -entries: - - description: > - (ansible/v1, helm/v1) Create and bind to a non-default service account ([kubebuilder#2070](https://github.com/kubernetes-sigs/kubebuilder/pull/2070)) - kind: "addition" - breaking: false - - # NOTE: ONLY USE `pull_request_override` WHEN ADDING THIS - # FILE FOR A PREVIOUSLY MERGED PULL_REQUEST! - # - # The generator auto-detects the PR number from the commit - # message in which this file was originally added. - # - # What is the pull request number (without the "#")? - # pull_request_override: 0 - - - # Migration can be defined to automatically add a section to - # the migration guide. This is required for breaking changes. - migration: - header: (ansible/v1, helm/v1) Add a `system:controller-manager` ServiceAccount to your project. - body: > - A non-default ServiceAccount `controller-manager` is scaffolded on `operator-sdk init`, - to improve security for operators installed in shared namespaces. To add this ServiceAccount - to your project, do the following: - ```sh - # Create the ServiceAccount. - cat < config/rbac/service_account.yaml - apiVersion: v1 - kind: ServiceAccount - metadata: - name: controller-manager - namespace: system - EOF - # Add it to the list of RBAC resources. - echo "- service_account.yaml" >> config/rbac/kustomization.yaml - # Update all RoleBinding and ClusterRoleBinding subjects that reference the operator's ServiceAccount. - find config/rbac -name *_binding.yaml -exec sed -i -E 's/ name: default/ name: controller-manager/g' {} \; - # Add the ServiceAccount name to the manager Deployment's spec.template.spec.serviceAccountName. - sed -i -E 's/([ ]+)(terminationGracePeriodSeconds:)/\1serviceAccountName: controller-manager\n\1\2/g' config/manager/manager.yaml - ``` - The changes should look like: - ```diff - # config/manager/manager.yaml - requests: - cpu: 100m - memory: 20Mi - + serviceAccountName: controller-manager - terminationGracePeriodSeconds: 10 - # config/rbac/auth_proxy_role_binding.yaml - name: proxy-role - subjects: - - kind: ServiceAccount - - name: default - + name: controller-manager - namespace: system - # config/rbac/kustomization.yaml - resources: - +- service_account.yaml - - role.yaml - - role_binding.yaml - - leader_election_role.yaml - # config/rbac/leader_election_role_binding.yaml - name: leader-election-role - subjects: - - kind: ServiceAccount - - name: default - + name: controller-manager - namespace: system - # config/rbac/role_binding.yaml - name: manager-role - subjects: - - kind: ServiceAccount - - name: default - + name: controller-manager - namespace: system - # config/rbac/service_account.yaml - +apiVersion: v1 - +kind: ServiceAccount - +metadata: - + name: controller-manager - + namespace: system - ``` - - diff --git a/changelog/fragments/update-ansible-collections.yaml b/changelog/fragments/update-ansible-collections.yaml deleted file mode 100644 index 18f59e50ed..0000000000 --- a/changelog/fragments/update-ansible-collections.yaml +++ /dev/null @@ -1,5 +0,0 @@ -entries: - - description: > - Update community Kubernetes Ansible collection to version 1.1.1 - kind: "change" - breaking: false diff --git a/changelog/fragments/urllib3-1.26.4.yaml b/changelog/fragments/urllib3-1.26.4.yaml deleted file mode 100644 index 7bfdf21cc1..0000000000 --- a/changelog/fragments/urllib3-1.26.4.yaml +++ /dev/null @@ -1,5 +0,0 @@ -entries: - - description: > - Bumped urllib3 in ansible-operator-base and ansible-operator images to 1.26.4 - for a security fix. - kind: change diff --git a/changelog/fragments/use-pipenv-for-python-package-installation.yaml b/changelog/fragments/use-pipenv-for-python-package-installation.yaml deleted file mode 100644 index 8d33c19522..0000000000 --- a/changelog/fragments/use-pipenv-for-python-package-installation.yaml +++ /dev/null @@ -1,18 +0,0 @@ -entries: - - description: > - For Ansible-based operators, Python package installation in the Docker - image is delegated to a pipenv managed Pipfile and Pipfile.lock, pinning - both the main installed packages and their subdependencies. This prevents - installing conflicting (sub)dependencies - - kind: change - - breaking: false - - - description: > - For Ansible-based operators, the Python following packages were updated: - `openshift` was updated to 0.11.2, `ansible-runner` was updated to 1.4.6. - - kind: change - - breaking: false diff --git a/changelog/generated/v1.6.0.md b/changelog/generated/v1.6.0.md new file mode 100644 index 0000000000..35acad2abe --- /dev/null +++ b/changelog/generated/v1.6.0.md @@ -0,0 +1,50 @@ +## v1.6.0 + +### Additions + +- For Golang-based operators, added the `declarative.go/v1` plugin which customizes initialized projects with patterns from [kubernetes-sigs/kubebuilder-declarative-pattern](https://github.com/kubernetes-sigs/kubebuilder-declarative-pattern). (e.g `operator-sdk create api --plugins=go/v3,declarative`). ([#4731](https://github.com/operator-framework/operator-sdk/pull/4731)) +- Added `kustomize.common/v1` plugin which scaffolds the a commonly used project base that leverages `kustomize`. ([#4730](https://github.com/operator-framework/operator-sdk/pull/4730)) +- (ansible/v1,helm/v1) Add componentConfig option. For further information check [here](https://master.book.kubebuilder.io/component-config-tutorial/tutorial.html). ([#4701](https://github.com/operator-framework/operator-sdk/pull/4701)) +- (ansible/v1,helm/v1) Add rules for leader election. ([#4701](https://github.com/operator-framework/operator-sdk/pull/4701)) +- Added [`alpha config-gen`](https://github.com/kubernetes-sigs/kubebuilder/tree/master/pkg/cli/alpha/config-gen), a kustomize plugin to specialize configuration for kubebuilder-style projects. This feature is *alpha* and subject to breaking changes. ([#4670](https://github.com/operator-framework/operator-sdk/pull/4670)) +- (helm/v1, ansible/v1) Added Makefile `help` target. ([#4660](https://github.com/operator-framework/operator-sdk/pull/4660)) +- ansible/v1, helm/v1) Added `securityContext`'s to the manager's Deployment to disallow running as root user. ([#4655](https://github.com/operator-framework/operator-sdk/pull/4655)) +- Added `--ca-secret-name` to `run bundle` and `run bundle-upgrade` to configure the registry Pod with an in-cluster certificate Secret to use TLS with a private registry. ([#4703](https://github.com/operator-framework/operator-sdk/pull/4703)) +- For Helm based-operators, added annotation `helm.sdk.operatorframework.io/uninstall-wait: "true"` to allow all resources to be deleted before removing the custom resource's finalizer. ([#4487](https://github.com/operator-framework/operator-sdk/pull/4487)) +- (go/v2, go/v3, ansible/v1, helm/v1) Added the `opm` and `catalog-build` Makefile targets to download [`opm`](https://github.com/operator-framework/operator-registry/blob/v1.15.1/docs/design/opm-tooling.md) and build operator catalogs either from scratch or an existing catalog. ([#4406](https://github.com/operator-framework/operator-sdk/pull/4406)) +- Added new optional flags `--delete-all`, `--delete-crds` and `--delete-operator-groups` to the cleanup command. ([#4619](https://github.com/operator-framework/operator-sdk/pull/4619)) +- Added `--service-account` to `run bundle` and `run bundle-upgrade` to bind registry objects to a non-default service account. ([#4694](https://github.com/operator-framework/operator-sdk/pull/4694)) +- Added `--pull-secret-name` to `run bundle` and `run bundle-upgrade` to configure the registry Pod with an in-cluster docker config Secret to pull bundle images from private registries. ([#4694](https://github.com/operator-framework/operator-sdk/pull/4694)) +- (ansible/v1, helm/v1) Create and bind to a non-default service account ([kubebuilder#2070](https://github.com/kubernetes-sigs/kubebuilder/pull/2070)). ([#4653](https://github.com/operator-framework/operator-sdk/pull/4653)) + +### Changes + +- Bumped ansible and ansible-base in ansible-operator-base and ansible-operator images to 2.10.7 for a security fix. ([#4728](https://github.com/operator-framework/operator-sdk/pull/4728)) +- For Ansible-based Operators: Update Python dependencies. + - openshift (0.11.2 -> 0.12.0) + - kubernetes (11.0.0 -> 12.0.1) + - ansible-runner (1.4.6 -> 1.4.7) + - ansible (2.9.15 -> 2.9.19). ([#4734](https://github.com/operator-framework/operator-sdk/pull/4734)) +- (ansible/v1) Update scaffolded requirements.yml to pull in newer versions of the Ansible collections. + - community.kubernetes (1.1.1 -> 1.2.1) + - operator_sdk.util (0.1.0 -> 0.2.0). ([#4734](https://github.com/operator-framework/operator-sdk/pull/4734)) +- (helm/v1) Explicitly set `--health-probe-bind-address` in the manager's auth proxy patch. ([#4654](https://github.com/operator-framework/operator-sdk/pull/4654)) +- (ansible/v1) Explicitly set `--health-probe-bind-address` in the manager's auth proxy patch. ([#4654](https://github.com/operator-framework/operator-sdk/pull/4654)) +- (go/v2, go/v3, ansible/v1, helm/v1) Changed `BUNDLE_IMG` and added `IMAGE_TAG_BASE` Makefile variables to allow one line bundle and catalog image builds. ([#4406](https://github.com/operator-framework/operator-sdk/pull/4406)) +- For Ansible-based operators, collections as main dependencies for the operator installed with ansible-galaxy are pinned to specific versions to prevent hard to track bugs. ([#4529](https://github.com/operator-framework/operator-sdk/pull/4529)) +- Update community Kubernetes Ansible collection to version 1.1.1. ([#4594](https://github.com/operator-framework/operator-sdk/pull/4594)) +- Bumped urllib3 in ansible-operator-base and ansible-operator images to 1.26.4 for a security fix. ([#4723](https://github.com/operator-framework/operator-sdk/pull/4723)) +- For Ansible-based operators, Python package installation in the Docker image is delegated to a pipenv managed Pipfile and Pipfile.lock, pinning both the main installed packages and their subdependencies. This prevents installing conflicting (sub)dependencies. ([#4494](https://github.com/operator-framework/operator-sdk/pull/4494)) +- For Ansible-based operators, the Python following packages were updated: `openshift` was updated to 0.11.2, `ansible-runner` was updated to 1.4.6. ([#4494](https://github.com/operator-framework/operator-sdk/pull/4494)) + +### Deprecations + +- (ansible/v1, helm/v1) The flags `--enable-leader-election` and `--metrics-addr` were deprecated in favor of `--leader-elect` and `--metrics-bind-address`, respectively, to follow upstream conventions. ([#4654](https://github.com/operator-framework/operator-sdk/pull/4654)) + +### Bug Fixes + +- (golang/v3) Not scaffold the specific webhooks config manifests by default. ([#4701](https://github.com/operator-framework/operator-sdk/pull/4701)) +- (manifests/v2) Added a `config/manifests` kustomize patch to remove the cert-manager volume and volumeMount from manifests destined for `generate `. ([#4623](https://github.com/operator-framework/operator-sdk/pull/4623)) +- For Helm-based operators, fixes handling of `kind: List` whereby the operator fails when trying to set watch on the object. The fix now sets the watch on the objects of the list instead. ([#4682](https://github.com/operator-framework/operator-sdk/pull/4682)) +- (go/v2, go/v3, ansible/v1, helm/v1) Fixed the Prometheus `ServiceMonitor` metrics endpoint, which was not configured to be scraped correctly. ([#4680](https://github.com/operator-framework/operator-sdk/pull/4680)) +- Mark the input variables from custom resources as unsafe by default in Ansible operators. ([#4566](https://github.com/operator-framework/operator-sdk/pull/4566)) diff --git a/website/config.toml b/website/config.toml index 74ce4bdd1e..52f7410ef9 100644 --- a/website/config.toml +++ b/website/config.toml @@ -95,6 +95,10 @@ algolia_docsearch = true ##RELEASE_ADDME## +[[params.versions]] + version = "v1.6" + url = "https://v1-6-x.sdk.operatorframework.io" + [[params.versions]] version = "v1.5" url = "https://v1-5-x.sdk.operatorframework.io" diff --git a/website/content/en/docs/installation/_index.md b/website/content/en/docs/installation/_index.md index 6b162acd3b..8d0db6283b 100644 --- a/website/content/en/docs/installation/_index.md +++ b/website/content/en/docs/installation/_index.md @@ -36,7 +36,7 @@ export OS=$(uname | awk '{print tolower($0)}') Download the binary for your platform: ```sh -export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/v1.5.0 +export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/v1.6.0 curl -LO ${OPERATOR_SDK_DL_URL}/operator-sdk_${OS}_${ARCH} ``` diff --git a/website/content/en/docs/upgrading-sdk-version/v1.6.0.md b/website/content/en/docs/upgrading-sdk-version/v1.6.0.md new file mode 100644 index 0000000000..99775cfd41 --- /dev/null +++ b/website/content/en/docs/upgrading-sdk-version/v1.6.0.md @@ -0,0 +1,201 @@ +--- +title: v1.6.0 +weight: 998994000 +--- + +## (ansible/v1,helm/v1) Add componentConfig option. + +To add this option your project you will need to: - Create the file [/config/default/manager_config_patch.yaml](https://github.com/operator-framework/operator-sdk/blob/v1.6.0/testdata/ansible/memcached-operator/config/default/manager_config_patch.yaml). - Create the file [/config/default/manager_config_patch.yaml](https://github.com/operator-framework/operator-sdk/blob/v1.6.0/testdata/ansible/memcached-operator/config/manager/controller_manager_config.yaml) . - Update the `config/default/kustomization.yaml` by adding: + ```yaml + # Mount the controller config file for loading manager configurations + # through a ComponentConfig type + #- manager_config_patch.yaml + ``` +- Update the `config/manager/kustomization.yaml` by adding: + ```yaml + generatorOptions: + disableNameSuffixHash: true + + configMapGenerator: + - files: + - controller_manager_config.yaml + name: manager-config + apiVersion: kustomize.config.k8s.io/v1beta1 + kind: Kustomization + images: + - name: controller + newName: quay.io/example/memcached-operator + newTag: v0.0.1 + ``` + +_See [#4701](https://github.com/operator-framework/operator-sdk/pull/4701) for more details._ + +## (ansible/v1,helm/v1) Add rules for leader election. + +Add the rule for the `apiGroups` `coordination.k8s.io` and the resource `leases` in config/rbac/leader_election_role.yaml: ```yaml rules: + - apiGroups: + - "" + - coordination.k8s.io + resources: + - configmaps + - leases +``` + +_See [#4701](https://github.com/operator-framework/operator-sdk/pull/4701) for more details._ + +## (ansible/v1) Update Ansible collections + +In your requirements.yml, change the `version` field for community.kubernetes to `1.2.1`, and the `version` field for `operator_sdk.util` to `0.2.0`. + +_See [#4734](https://github.com/operator-framework/operator-sdk/pull/4734) for more details._ + +## (helm/v1) Replace deprecated leader election and metrics address flags + +Replace deprecated flags `--enable-leader-election` and `--metrics-addr` with `--leader-elect` and `--metrics-bind-address`, respectively. + +_See [#4654](https://github.com/operator-framework/operator-sdk/pull/4654) for more details._ + +## (helm/v1) Explicitly set `--health-probe-bind-address` in the manager's auth proxy patch. + +Add the arg `--health-probe-bind-address=:8081` to the `config/default/manager_auth_proxy_patch.yaml`: ```yaml - "--health-probe-bind-address=:8081" - "--metrics-bind-address=127.0.0.1:8080" - "--leader-elect" ``` + +_See [#4654](https://github.com/operator-framework/operator-sdk/pull/4654) for more details._ + +## (ansible/v1) Explicitly set `--health-probe-bind-address` in the manager's auth proxy patch. + +Add the arg `--health-probe-bind-address=:8081` to the `config/default/manager_auth_proxy_patch.yaml`: ```yaml - "--health-probe-bind-address=:6789" - "--metrics-bind-address=127.0.0.1:6789" - "--leader-elect" ``` + +_See [#4654](https://github.com/operator-framework/operator-sdk/pull/4654) for more details._ + +## (helm/v1, ansible/v1) Add `help` target to Makefile. + +Ansible/Helm projects now provide a Makefile `help` target, similar to a `--help` flag. You can copy and paste this target from the relevant sample's Makefile ([helm]((https://github.com/operator-framework/operator-sdk/blob/v1.5.0/testdata/helm/memcached-operator/Makefile), [ansible]((https://github.com/operator-framework/operator-sdk/blob/v1.5.0/testdata/ansible/memcached-operator/Makefile)). + +_See [#4660](https://github.com/operator-framework/operator-sdk/pull/4660) for more details._ + +## (ansible/v1, helm/v1) Add `securityContext`'s to your manager's Deployment. + +In `config/manager/manager.yaml`, add the following security contexts: ```yaml spec: + ... + template: + ... + spec: + securityContext: + runAsNonRoot: true + containers: + - name: manager + securityContext: + allowPrivilegeEscalation: false +``` + +_See [#4655](https://github.com/operator-framework/operator-sdk/pull/4655) for more details._ + +## (manifests/v2) Add a kustomize patch to remove the cert-manager volume/volumeMount from your CSV + +OLM does [not yet support cert-manager](https://olm.operatorframework.io/docs/advanced-tasks/adding-admission-and-conversion-webhooks/#certificate-authority-requirements), so a JSON patch was added to remove this volume and mount such that OLM can itself create and manage certs for your Operator. +In `config/manifests/kustomization.yaml`, add the following: +```yaml patchesJson6902: - target: + group: apps + version: v1 + kind: Deployment + name: controller-manager + namespace: system + patch: |- + # Remove the manager container's "cert" volumeMount, since OLM will create and mount a set of certs. + # Update the indices in this path if adding or removing containers/volumeMounts in the manager's Deployment. + - op: remove + path: /spec/template/spec/containers/1/volumeMounts/0 + # Remove the "cert" volume, since OLM will create and mount a set of certs. + # Update the indices in this path if adding or removing volumes in the manager's Deployment. + - op: remove + path: /spec/template/spec/volumes/0 +``` + +_See [#4623](https://github.com/operator-framework/operator-sdk/pull/4623) for more details._ + +## (go/v2, go/v3, ansible/v1, helm/v1) Add scheme, token, and TLS config to the Prometheus `ServiceMonitor` metrics endpoint. + +The `/metrics` endpoint, while specifying the `https` port on the manager Pod, was not actually configured to serve over https because no tlsConfig was set. Since kube-rbac-proxy secures this endpoint as a manager sidecar, using the service account token mounted into the Pod by default corrects this problem. +The changes should look like: +```diff # config/prometheus/monitor.yaml +spec: + endpoints: + - path: /metrics + port: https ++ scheme: https + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + tlsConfig: + insecureSkipVerify: true + selector: + matchLabels: + control-plane: controller-manager +``` +**Note:** if you have removed kube-rbac-proxy from your project, make sure to secure the `/metrics` endpoint using a proper [TLS configuration](https://prometheus.io/docs/guides/tls-encryption/). + +_See [#4680](https://github.com/operator-framework/operator-sdk/pull/4680) for more details._ + +## (go/v2, go/v3, ansible/v1, helm/v1) Add `opm` and `catalog-build` Makefile targets + +The `opm` and `catalog-build` Makefile targets were added so operator developers who want to create their own catalogs for their operator or add their operator's bundle(s) to an existing catalog can do so. If this sounds like you, add the following lines to the bottom of your Makefile: +```make .PHONY: opm OPM = ./bin/opm opm: ifeq (,$(wildcard $(OPM))) ifeq (,$(shell which opm 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p $(dir $(OPM)) ;\ + curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.15.1/$(OS)-$(ARCH)-opm ;\ + chmod +x $(OPM) ;\ + } +else OPM = $(shell which opm) endif endif +BUNDLE_IMGS ?= $(BUNDLE_IMG) CATALOG_IMG ?= $(IMAGE_TAG_BASE)-catalog:v$(VERSION) ifneq ($(origin CATALOG_BASE_IMG), undefined) FROM_INDEX_OPT := --from-index $(CATALOG_BASE_IMG) endif .PHONY: catalog-build catalog-build: opm + $(OPM) index add --container-tool docker --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT) + +# Push the catalog image. .PHONY: catalog-push catalog-push: + $(MAKE) docker-push IMG=$(CATALOG_IMG) +``` +If updating a Go operator project, additionally add the following Makefile variables: +```make OS = $(shell go env GOOS) ARCH = $(shell go env GOARCH) ``` + +_See [#4406](https://github.com/operator-framework/operator-sdk/pull/4406) for more details._ + +## (go/v2, go/v3, ansible/v1, helm/v1) Changed `BUNDLE_IMG` and added `IMAGE_TAG_BASE` Makefile variables + +The following Makefile changes were made to allow `make bundle-build bundle-push catalog-build catalog-push` and encode image repo/namespace information in the Makefile by default: +```diff +IMAGE_TAG_BASE ?= / + -BUNDLE_IMG ?= controller-bundle:$(VERSION) +BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION) ``` +For example, if `IMAGE_TAG_BASE ?= foo/bar-operator` then running `make bundle-build bundle-push catalog-build catalog-push` would build `foo/bar-operator-bundle:v0.0.1` and `foo/bar-operator-catalog:v0.0.1` then push them to the `docker.io/foo` namespaced registry. + +_See [#4406](https://github.com/operator-framework/operator-sdk/pull/4406) for more details._ + +## (ansible/v1, helm/v1) Add a `system:controller-manager` ServiceAccount to your project. + +A non-default ServiceAccount `controller-manager` is scaffolded on `operator-sdk init`, to improve security for operators installed in shared namespaces. To add this ServiceAccount to your project, do the following: ```sh # Create the ServiceAccount. cat < config/rbac/service_account.yaml apiVersion: v1 kind: ServiceAccount metadata: + name: controller-manager + namespace: system +EOF # Add it to the list of RBAC resources. echo "- service_account.yaml" >> config/rbac/kustomization.yaml # Update all RoleBinding and ClusterRoleBinding subjects that reference the operator's ServiceAccount. find config/rbac -name *_binding.yaml -exec sed -i -E 's/ name: default/ name: controller-manager/g' {} \; # Add the ServiceAccount name to the manager Deployment's spec.template.spec.serviceAccountName. sed -i -E 's/([ ]+)(terminationGracePeriodSeconds:)/\1serviceAccountName: controller-manager\n\1\2/g' config/manager/manager.yaml ``` The changes should look like: ```diff # config/manager/manager.yaml + requests: + cpu: 100m + memory: 20Mi ++ serviceAccountName: controller-manager + terminationGracePeriodSeconds: 10 +# config/rbac/auth_proxy_role_binding.yaml + name: proxy-role + subjects: + - kind: ServiceAccount +- name: default + name: controller-manager + namespace: system +# config/rbac/kustomization.yaml + resources: ++- service_account.yaml + - role.yaml + - role_binding.yaml + - leader_election_role.yaml +# config/rbac/leader_election_role_binding.yaml + name: leader-election-role + subjects: + - kind: ServiceAccount +- name: default + name: controller-manager + namespace: system +# config/rbac/role_binding.yaml + name: manager-role + subjects: + - kind: ServiceAccount +- name: default + name: controller-manager + namespace: system +# config/rbac/service_account.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller-manager + namespace: system ``` + +_See [#4653](https://github.com/operator-framework/operator-sdk/pull/4653) for more details._ From 50ba1dda61e58dd868f96fd01666138e983d5f20 Mon Sep 17 00:00:00 2001 From: rashmigottipati Date: Tue, 13 Apr 2021 16:30:12 -0400 Subject: [PATCH 2/4] Address review feedback Signed-off-by: rashmigottipati --- changelog/generated/v1.6.0.md | 19 ++--- .../en/docs/upgrading-sdk-version/v1.6.0.md | 82 +++++++++++++++---- 2 files changed, 73 insertions(+), 28 deletions(-) diff --git a/changelog/generated/v1.6.0.md b/changelog/generated/v1.6.0.md index 35acad2abe..3d416a28b1 100644 --- a/changelog/generated/v1.6.0.md +++ b/changelog/generated/v1.6.0.md @@ -4,22 +4,21 @@ - For Golang-based operators, added the `declarative.go/v1` plugin which customizes initialized projects with patterns from [kubernetes-sigs/kubebuilder-declarative-pattern](https://github.com/kubernetes-sigs/kubebuilder-declarative-pattern). (e.g `operator-sdk create api --plugins=go/v3,declarative`). ([#4731](https://github.com/operator-framework/operator-sdk/pull/4731)) - Added `kustomize.common/v1` plugin which scaffolds the a commonly used project base that leverages `kustomize`. ([#4730](https://github.com/operator-framework/operator-sdk/pull/4730)) -- (ansible/v1,helm/v1) Add componentConfig option. For further information check [here](https://master.book.kubebuilder.io/component-config-tutorial/tutorial.html). ([#4701](https://github.com/operator-framework/operator-sdk/pull/4701)) -- (ansible/v1,helm/v1) Add rules for leader election. ([#4701](https://github.com/operator-framework/operator-sdk/pull/4701)) +- (ansible/v1, helm/v1) Added the option to configure `ansible-operator` and `helm-operator` with a [component config](https://master.book.kubebuilder.io/component-config-tutorial/tutorial.html). ([#4701](https://github.com/operator-framework/operator-sdk/pull/4701)) +- (ansible/v1, helm/v1) Add rules for leader election. ([#4701](https://github.com/operator-framework/operator-sdk/pull/4701)) - Added [`alpha config-gen`](https://github.com/kubernetes-sigs/kubebuilder/tree/master/pkg/cli/alpha/config-gen), a kustomize plugin to specialize configuration for kubebuilder-style projects. This feature is *alpha* and subject to breaking changes. ([#4670](https://github.com/operator-framework/operator-sdk/pull/4670)) - (helm/v1, ansible/v1) Added Makefile `help` target. ([#4660](https://github.com/operator-framework/operator-sdk/pull/4660)) -- ansible/v1, helm/v1) Added `securityContext`'s to the manager's Deployment to disallow running as root user. ([#4655](https://github.com/operator-framework/operator-sdk/pull/4655)) +- (ansible/v1, helm/v1) Added `securityContext`'s to the manager's Deployment to disallow running as root user. ([#4655](https://github.com/operator-framework/operator-sdk/pull/4655)) - Added `--ca-secret-name` to `run bundle` and `run bundle-upgrade` to configure the registry Pod with an in-cluster certificate Secret to use TLS with a private registry. ([#4703](https://github.com/operator-framework/operator-sdk/pull/4703)) - For Helm based-operators, added annotation `helm.sdk.operatorframework.io/uninstall-wait: "true"` to allow all resources to be deleted before removing the custom resource's finalizer. ([#4487](https://github.com/operator-framework/operator-sdk/pull/4487)) - (go/v2, go/v3, ansible/v1, helm/v1) Added the `opm` and `catalog-build` Makefile targets to download [`opm`](https://github.com/operator-framework/operator-registry/blob/v1.15.1/docs/design/opm-tooling.md) and build operator catalogs either from scratch or an existing catalog. ([#4406](https://github.com/operator-framework/operator-sdk/pull/4406)) - Added new optional flags `--delete-all`, `--delete-crds` and `--delete-operator-groups` to the cleanup command. ([#4619](https://github.com/operator-framework/operator-sdk/pull/4619)) - Added `--service-account` to `run bundle` and `run bundle-upgrade` to bind registry objects to a non-default service account. ([#4694](https://github.com/operator-framework/operator-sdk/pull/4694)) - Added `--pull-secret-name` to `run bundle` and `run bundle-upgrade` to configure the registry Pod with an in-cluster docker config Secret to pull bundle images from private registries. ([#4694](https://github.com/operator-framework/operator-sdk/pull/4694)) -- (ansible/v1, helm/v1) Create and bind to a non-default service account ([kubebuilder#2070](https://github.com/kubernetes-sigs/kubebuilder/pull/2070)). ([#4653](https://github.com/operator-framework/operator-sdk/pull/4653)) +- (ansible/v1, helm/v1) Create and bind controller-manager to a non-default service account ([kubebuilder#2070](https://github.com/kubernetes-sigs/kubebuilder/pull/2070)). ([#4653](https://github.com/operator-framework/operator-sdk/pull/4653)) ### Changes -- Bumped ansible and ansible-base in ansible-operator-base and ansible-operator images to 2.10.7 for a security fix. ([#4728](https://github.com/operator-framework/operator-sdk/pull/4728)) - For Ansible-based Operators: Update Python dependencies. - openshift (0.11.2 -> 0.12.0) - kubernetes (11.0.0 -> 12.0.1) @@ -34,8 +33,8 @@ - For Ansible-based operators, collections as main dependencies for the operator installed with ansible-galaxy are pinned to specific versions to prevent hard to track bugs. ([#4529](https://github.com/operator-framework/operator-sdk/pull/4529)) - Update community Kubernetes Ansible collection to version 1.1.1. ([#4594](https://github.com/operator-framework/operator-sdk/pull/4594)) - Bumped urllib3 in ansible-operator-base and ansible-operator images to 1.26.4 for a security fix. ([#4723](https://github.com/operator-framework/operator-sdk/pull/4723)) -- For Ansible-based operators, Python package installation in the Docker image is delegated to a pipenv managed Pipfile and Pipfile.lock, pinning both the main installed packages and their subdependencies. This prevents installing conflicting (sub)dependencies. ([#4494](https://github.com/operator-framework/operator-sdk/pull/4494)) -- For Ansible-based operators, the Python following packages were updated: `openshift` was updated to 0.11.2, `ansible-runner` was updated to 1.4.6. ([#4494](https://github.com/operator-framework/operator-sdk/pull/4494)) +- For Ansible-based operators, Python package installation in the Docker image is delegated to a pipenv managed Pipfile and Pipfile.lock, pinning both the main installed packages and their subdependencies. This prevents installing conflicting (sub)dependencies. ([#4543](https://github.com/operator-framework/operator-sdk/pull/4543)) +- For Ansible-based operators, Python package installation in the Docker image is delegated to a pipenv managed Pipfile and Pipfile.lock, pinning both the main installed packages and their subdependencies. This prevents installing conflicting (sub)dependencies. ([#4543](https://github.com/operator-framework/operator-sdk/pull/4543)) ### Deprecations @@ -43,8 +42,8 @@ ### Bug Fixes -- (golang/v3) Not scaffold the specific webhooks config manifests by default. ([#4701](https://github.com/operator-framework/operator-sdk/pull/4701)) +- (go/v3) Create webhook manifests in `config/` on running `create webhook`, not `init`. ([#4701](https://github.com/operator-framework/operator-sdk/pull/4701)) - (manifests/v2) Added a `config/manifests` kustomize patch to remove the cert-manager volume and volumeMount from manifests destined for `generate `. ([#4623](https://github.com/operator-framework/operator-sdk/pull/4623)) -- For Helm-based operators, fixes handling of `kind: List` whereby the operator fails when trying to set watch on the object. The fix now sets the watch on the objects of the list instead. ([#4682](https://github.com/operator-framework/operator-sdk/pull/4682)) +- For Helm-based operators, fixed handling of `kind: List` whereby the operator fails when trying to set watch on the object. Watches are created for objects in the list instead. ([#4682](https://github.com/operator-framework/operator-sdk/pull/4682)) - (go/v2, go/v3, ansible/v1, helm/v1) Fixed the Prometheus `ServiceMonitor` metrics endpoint, which was not configured to be scraped correctly. ([#4680](https://github.com/operator-framework/operator-sdk/pull/4680)) -- Mark the input variables from custom resources as unsafe by default in Ansible operators. ([#4566](https://github.com/operator-framework/operator-sdk/pull/4566)) +- In Ansible-based operators, mark the input variables from custom resources as unsafe by default. ([#4566](https://github.com/operator-framework/operator-sdk/pull/4566)) diff --git a/website/content/en/docs/upgrading-sdk-version/v1.6.0.md b/website/content/en/docs/upgrading-sdk-version/v1.6.0.md index 99775cfd41..a972269bee 100644 --- a/website/content/en/docs/upgrading-sdk-version/v1.6.0.md +++ b/website/content/en/docs/upgrading-sdk-version/v1.6.0.md @@ -3,13 +3,16 @@ title: v1.6.0 weight: 998994000 --- -## (ansible/v1,helm/v1) Add componentConfig option. +## (ansible/v1, helm/v1) Optional: configure `ansible-operator` and `helm-operator` with a component config. -To add this option your project you will need to: - Create the file [/config/default/manager_config_patch.yaml](https://github.com/operator-framework/operator-sdk/blob/v1.6.0/testdata/ansible/memcached-operator/config/default/manager_config_patch.yaml). - Create the file [/config/default/manager_config_patch.yaml](https://github.com/operator-framework/operator-sdk/blob/v1.6.0/testdata/ansible/memcached-operator/config/manager/controller_manager_config.yaml) . - Update the `config/default/kustomization.yaml` by adding: +To add this option your project you will need to: +- Create the file [config/default/manager_config_patch.yaml](https://github.com/operator-framework/operator-sdk/blob/2a1bd03/testdata/ansible/memcached-operator/config/default/manager_config_patch.yaml). +- Create the file [config/manager/controller_manager_config.yaml](https://github.com/operator-framework/operator-sdk/blob/2a1bd03/testdata/ansible/memcached-operator/config/manager/controller_manager_config.yaml). +- Update the `config/default/kustomization.yaml` by adding the following to `resources`: ```yaml - # Mount the controller config file for loading manager configurations - # through a ComponentConfig type - #- manager_config_patch.yaml + resources: + ... + - manager_config_patch.yaml ``` - Update the `config/manager/kustomization.yaml` by adding: ```yaml @@ -30,9 +33,10 @@ To add this option your project you will need to: - Create the file [/config/def _See [#4701](https://github.com/operator-framework/operator-sdk/pull/4701) for more details._ -## (ansible/v1,helm/v1) Add rules for leader election. +## (ansible/v1, helm/v1) Add Role rules for leader election. -Add the rule for the `apiGroups` `coordination.k8s.io` and the resource `leases` in config/rbac/leader_election_role.yaml: ```yaml rules: +Add the rule for the `apiGroups` `coordination.k8s.io` and the resource `leases` in config/rbac/leader_election_role.yaml: +```yaml rules: - apiGroups: - "" - coordination.k8s.io @@ -57,13 +61,33 @@ _See [#4654](https://github.com/operator-framework/operator-sdk/pull/4654) for m ## (helm/v1) Explicitly set `--health-probe-bind-address` in the manager's auth proxy patch. -Add the arg `--health-probe-bind-address=:8081` to the `config/default/manager_auth_proxy_patch.yaml`: ```yaml - "--health-probe-bind-address=:8081" - "--metrics-bind-address=127.0.0.1:8080" - "--leader-elect" ``` +Add the arg `--health-probe-bind-address=:8081` to the `config/default/manager_auth_proxy_patch.yaml`: +```yaml +spec: + template: + spec: + containers: + - name: manager + args: + - "--health-probe-bind-address=:8081" + ... +``` _See [#4654](https://github.com/operator-framework/operator-sdk/pull/4654) for more details._ ## (ansible/v1) Explicitly set `--health-probe-bind-address` in the manager's auth proxy patch. -Add the arg `--health-probe-bind-address=:8081` to the `config/default/manager_auth_proxy_patch.yaml`: ```yaml - "--health-probe-bind-address=:6789" - "--metrics-bind-address=127.0.0.1:6789" - "--leader-elect" ``` +Add the arg `--health-probe-bind-address=:6789` to the `config/default/manager_auth_proxy_patch.yaml`: +```yaml +spec: + template: + spec: + containers: + - name: manager + args: + - "--health-probe-bind-address=:6789" + ... +``` _See [#4654](https://github.com/operator-framework/operator-sdk/pull/4654) for more details._ @@ -75,7 +99,8 @@ _See [#4660](https://github.com/operator-framework/operator-sdk/pull/4660) for m ## (ansible/v1, helm/v1) Add `securityContext`'s to your manager's Deployment. -In `config/manager/manager.yaml`, add the following security contexts: ```yaml spec: +In `config/manager/manager.yaml`, add the following security contexts: +```yaml spec: ... template: ... @@ -94,7 +119,9 @@ _See [#4655](https://github.com/operator-framework/operator-sdk/pull/4655) for m OLM does [not yet support cert-manager](https://olm.operatorframework.io/docs/advanced-tasks/adding-admission-and-conversion-webhooks/#certificate-authority-requirements), so a JSON patch was added to remove this volume and mount such that OLM can itself create and manage certs for your Operator. In `config/manifests/kustomization.yaml`, add the following: -```yaml patchesJson6902: - target: +```yaml +patchesJson6902: +- target: group: apps version: v1 kind: Deployment @@ -117,12 +144,16 @@ _See [#4623](https://github.com/operator-framework/operator-sdk/pull/4623) for m The `/metrics` endpoint, while specifying the `https` port on the manager Pod, was not actually configured to serve over https because no tlsConfig was set. Since kube-rbac-proxy secures this endpoint as a manager sidecar, using the service account token mounted into the Pod by default corrects this problem. The changes should look like: -```diff # config/prometheus/monitor.yaml +```diff +# config/prometheus/monitor.yaml spec: endpoints: - path: /metrics port: https -+ scheme: https + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + tlsConfig: + insecureSkipVerify: true ++ scheme: https ++ bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token ++ tlsConfig: ++ insecureSkipVerify: true selector: matchLabels: control-plane: controller-manager @@ -134,22 +165,37 @@ _See [#4680](https://github.com/operator-framework/operator-sdk/pull/4680) for m ## (go/v2, go/v3, ansible/v1, helm/v1) Add `opm` and `catalog-build` Makefile targets The `opm` and `catalog-build` Makefile targets were added so operator developers who want to create their own catalogs for their operator or add their operator's bundle(s) to an existing catalog can do so. If this sounds like you, add the following lines to the bottom of your Makefile: -```make .PHONY: opm OPM = ./bin/opm opm: ifeq (,$(wildcard $(OPM))) ifeq (,$(shell which opm 2>/dev/null)) +```make +.PHONY: opm +OPM = ./bin/opm +opm: +ifeq (,$(wildcard $(OPM))) +ifeq (,$(shell which opm 2>/dev/null)) @{ \ set -e ;\ mkdir -p $(dir $(OPM)) ;\ curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.15.1/$(OS)-$(ARCH)-opm ;\ chmod +x $(OPM) ;\ } -else OPM = $(shell which opm) endif endif -BUNDLE_IMGS ?= $(BUNDLE_IMG) CATALOG_IMG ?= $(IMAGE_TAG_BASE)-catalog:v$(VERSION) ifneq ($(origin CATALOG_BASE_IMG), undefined) FROM_INDEX_OPT := --from-index $(CATALOG_BASE_IMG) endif .PHONY: catalog-build catalog-build: opm +else +OPM = $(shell which opm) +endif +endif +BUNDLE_IMGS ?= $(BUNDLE_IMG) +CATALOG_IMG ?= $(IMAGE_TAG_BASE)-catalog:v$(VERSION) ifneq ($(origin CATALOG_BASE_IMG), undefined) FROM_INDEX_OPT := --from-index $(CATALOG_BASE_IMG) endif +.PHONY: catalog-build +catalog-build: opm $(OPM) index add --container-tool docker --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT) -# Push the catalog image. .PHONY: catalog-push catalog-push: +.PHONY: catalog-push +catalog-push: ## Push the catalog image. $(MAKE) docker-push IMG=$(CATALOG_IMG) ``` If updating a Go operator project, additionally add the following Makefile variables: -```make OS = $(shell go env GOOS) ARCH = $(shell go env GOARCH) ``` +```make +OS = $(shell go env GOOS) +ARCH = $(shell go env GOARCH) +``` _See [#4406](https://github.com/operator-framework/operator-sdk/pull/4406) for more details._ From 1b461781dbfa21b19af20004b7155cb3aebcfff8 Mon Sep 17 00:00:00 2001 From: rashmigottipati Date: Tue, 13 Apr 2021 17:11:02 -0400 Subject: [PATCH 3/4] Address review feedback #2 Signed-off-by: rashmigottipati --- .../en/docs/upgrading-sdk-version/v1.6.0.md | 56 ++++++++++++++----- 1 file changed, 43 insertions(+), 13 deletions(-) diff --git a/website/content/en/docs/upgrading-sdk-version/v1.6.0.md b/website/content/en/docs/upgrading-sdk-version/v1.6.0.md index a972269bee..416227cdd1 100644 --- a/website/content/en/docs/upgrading-sdk-version/v1.6.0.md +++ b/website/content/en/docs/upgrading-sdk-version/v1.6.0.md @@ -15,7 +15,7 @@ To add this option your project you will need to: - manager_config_patch.yaml ``` - Update the `config/manager/kustomization.yaml` by adding: - ```yaml +```yaml generatorOptions: disableNameSuffixHash: true @@ -29,14 +29,15 @@ To add this option your project you will need to: - name: controller newName: quay.io/example/memcached-operator newTag: v0.0.1 - ``` +``` _See [#4701](https://github.com/operator-framework/operator-sdk/pull/4701) for more details._ ## (ansible/v1, helm/v1) Add Role rules for leader election. Add the rule for the `apiGroups` `coordination.k8s.io` and the resource `leases` in config/rbac/leader_election_role.yaml: -```yaml rules: +```yaml +rules: - apiGroups: - "" - coordination.k8s.io @@ -100,7 +101,8 @@ _See [#4660](https://github.com/operator-framework/operator-sdk/pull/4660) for m ## (ansible/v1, helm/v1) Add `securityContext`'s to your manager's Deployment. In `config/manager/manager.yaml`, add the following security contexts: -```yaml spec: +```yaml +spec: ... template: ... @@ -119,7 +121,7 @@ _See [#4655](https://github.com/operator-framework/operator-sdk/pull/4655) for m OLM does [not yet support cert-manager](https://olm.operatorframework.io/docs/advanced-tasks/adding-admission-and-conversion-webhooks/#certificate-authority-requirements), so a JSON patch was added to remove this volume and mount such that OLM can itself create and manage certs for your Operator. In `config/manifests/kustomization.yaml`, add the following: -```yaml +```yaml patchesJson6902: - target: group: apps @@ -202,17 +204,36 @@ _See [#4406](https://github.com/operator-framework/operator-sdk/pull/4406) for m ## (go/v2, go/v3, ansible/v1, helm/v1) Changed `BUNDLE_IMG` and added `IMAGE_TAG_BASE` Makefile variables The following Makefile changes were made to allow `make bundle-build bundle-push catalog-build catalog-push` and encode image repo/namespace information in the Makefile by default: -```diff +IMAGE_TAG_BASE ?= / + -BUNDLE_IMG ?= controller-bundle:$(VERSION) +BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION) ``` +```diff ++IMAGE_TAG_BASE ?= / ++ +-BUNDLE_IMG ?= controller-bundle:$(VERSION) +BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION) +``` + For example, if `IMAGE_TAG_BASE ?= foo/bar-operator` then running `make bundle-build bundle-push catalog-build catalog-push` would build `foo/bar-operator-bundle:v0.0.1` and `foo/bar-operator-catalog:v0.0.1` then push them to the `docker.io/foo` namespaced registry. _See [#4406](https://github.com/operator-framework/operator-sdk/pull/4406) for more details._ -## (ansible/v1, helm/v1) Add a `system:controller-manager` ServiceAccount to your project. +## (ansible/v1, helm/v1) Add the `controller-manager` ServiceAccount to your project. -A non-default ServiceAccount `controller-manager` is scaffolded on `operator-sdk init`, to improve security for operators installed in shared namespaces. To add this ServiceAccount to your project, do the following: ```sh # Create the ServiceAccount. cat < config/rbac/service_account.yaml apiVersion: v1 kind: ServiceAccount metadata: +A non-default ServiceAccount `controller-manager` is scaffolded on `operator-sdk init`, to improve security for operators installed in shared namespaces. To add this ServiceAccount to your project, do the following: ```sh +# Create the ServiceAccount. +cat < config/rbac/service_account.yaml apiVersion: v1 +kind: ServiceAccount +metadata: name: controller-manager namespace: system -EOF # Add it to the list of RBAC resources. echo "- service_account.yaml" >> config/rbac/kustomization.yaml # Update all RoleBinding and ClusterRoleBinding subjects that reference the operator's ServiceAccount. find config/rbac -name *_binding.yaml -exec sed -i -E 's/ name: default/ name: controller-manager/g' {} \; # Add the ServiceAccount name to the manager Deployment's spec.template.spec.serviceAccountName. sed -i -E 's/([ ]+)(terminationGracePeriodSeconds:)/\1serviceAccountName: controller-manager\n\1\2/g' config/manager/manager.yaml ``` The changes should look like: ```diff # config/manager/manager.yaml +EOF +# Add it to the list of RBAC resources. +echo "- service_account.yaml" >> config/rbac/kustomization.yaml +# Update all RoleBinding and ClusterRoleBinding subjects that reference the operator's ServiceAccount. +find config/rbac -name *_binding.yaml -exec sed -i -E 's/ name: default/ name: controller-manager/g' {} \; # Add the ServiceAccount name to the manager Deployment's spec.template.spec.serviceAccountName. sed -i -E 's/([ ]+)(terminationGracePeriodSeconds:)/\1serviceAccountName: controller-manager\n\1\2/g' config/manager/manager.yaml +``` + +The changes should look like: + +```diff +# config/manager/manager.yaml requests: cpu: 100m memory: 20Mi @@ -222,7 +243,8 @@ EOF # Add it to the list of RBAC resources. echo "- service_account.yaml" >> con name: proxy-role subjects: - kind: ServiceAccount -- name: default + name: controller-manager +- name: default ++ name: controller-manager namespace: system # config/rbac/kustomization.yaml resources: @@ -234,14 +256,22 @@ EOF # Add it to the list of RBAC resources. echo "- service_account.yaml" >> con name: leader-election-role subjects: - kind: ServiceAccount -- name: default + name: controller-manager +- name: default ++ name: controller-manager namespace: system # config/rbac/role_binding.yaml name: manager-role subjects: - kind: ServiceAccount -- name: default + name: controller-manager +- name: default ++ name: controller-manager namespace: system -# config/rbac/service_account.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller-manager + namespace: system ``` +# config/rbac/service_account.yaml ++apiVersion: v1 ++kind: ServiceAccount ++metadata: ++ name: controller-manager ++ namespace: system +``` _See [#4653](https://github.com/operator-framework/operator-sdk/pull/4653) for more details._ From 4bf0467819dbd15edd09329d6b14834e6ce2656c Mon Sep 17 00:00:00 2001 From: rashmigottipati Date: Tue, 13 Apr 2021 23:28:58 -0400 Subject: [PATCH 4/4] ran `make generate` Signed-off-by: rashmigottipati --- testdata/ansible/memcached-operator/Dockerfile | 2 +- testdata/ansible/memcached-operator/Makefile | 2 +- .../bundle/tests/scorecard/config.yaml | 12 ++++++------ .../config/scorecard/patches/basic.config.yaml | 2 +- .../config/scorecard/patches/olm.config.yaml | 10 +++++----- .../bundle/tests/scorecard/config.yaml | 12 ++++++------ .../config/scorecard/patches/basic.config.yaml | 2 +- .../config/scorecard/patches/olm.config.yaml | 10 +++++----- .../bundle/tests/scorecard/config.yaml | 12 ++++++------ .../config/scorecard/patches/basic.config.yaml | 2 +- .../config/scorecard/patches/olm.config.yaml | 10 +++++----- testdata/helm/memcached-operator/Dockerfile | 2 +- testdata/helm/memcached-operator/Makefile | 2 +- .../bundle/tests/scorecard/config.yaml | 12 ++++++------ .../config/scorecard/patches/basic.config.yaml | 2 +- .../config/scorecard/patches/olm.config.yaml | 10 +++++----- .../content/en/docs/upgrading-sdk-version/v1.6.0.md | 5 +++-- 17 files changed, 55 insertions(+), 54 deletions(-) diff --git a/testdata/ansible/memcached-operator/Dockerfile b/testdata/ansible/memcached-operator/Dockerfile index 464a197d33..7fe8d33725 100644 --- a/testdata/ansible/memcached-operator/Dockerfile +++ b/testdata/ansible/memcached-operator/Dockerfile @@ -1,4 +1,4 @@ -FROM quay.io/operator-framework/ansible-operator:v1.5.0 +FROM quay.io/operator-framework/ansible-operator:v1.6.0 COPY requirements.yml ${HOME}/requirements.yml RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \ diff --git a/testdata/ansible/memcached-operator/Makefile b/testdata/ansible/memcached-operator/Makefile index 7c4c38c76d..0625ecd84a 100644 --- a/testdata/ansible/memcached-operator/Makefile +++ b/testdata/ansible/memcached-operator/Makefile @@ -109,7 +109,7 @@ ifeq (,$(shell which ansible-operator 2>/dev/null)) @{ \ set -e ;\ mkdir -p $(dir $(ANSIBLE_OPERATOR)) ;\ - curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.5.0/ansible-operator_$(OS)_$(ARCH) ;\ + curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.6.0/ansible-operator_$(OS)_$(ARCH) ;\ chmod +x $(ANSIBLE_OPERATOR) ;\ } else diff --git a/testdata/ansible/memcached-operator/bundle/tests/scorecard/config.yaml b/testdata/ansible/memcached-operator/bundle/tests/scorecard/config.yaml index fa798691e2..102f82a7df 100644 --- a/testdata/ansible/memcached-operator/bundle/tests/scorecard/config.yaml +++ b/testdata/ansible/memcached-operator/bundle/tests/scorecard/config.yaml @@ -8,42 +8,42 @@ stages: - entrypoint: - scorecard-test - basic-check-spec - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: basic test: basic-check-spec-test - entrypoint: - scorecard-test - olm-bundle-validation - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-bundle-validation-test - entrypoint: - scorecard-test - olm-crds-have-validation - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-crds-have-validation-test - entrypoint: - scorecard-test - olm-crds-have-resources - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-crds-have-resources-test - entrypoint: - scorecard-test - olm-spec-descriptors - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-spec-descriptors-test - entrypoint: - scorecard-test - olm-status-descriptors - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-status-descriptors-test diff --git a/testdata/ansible/memcached-operator/config/scorecard/patches/basic.config.yaml b/testdata/ansible/memcached-operator/config/scorecard/patches/basic.config.yaml index 9a2562c843..82c03ac2be 100644 --- a/testdata/ansible/memcached-operator/config/scorecard/patches/basic.config.yaml +++ b/testdata/ansible/memcached-operator/config/scorecard/patches/basic.config.yaml @@ -4,7 +4,7 @@ entrypoint: - scorecard-test - basic-check-spec - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: basic test: basic-check-spec-test diff --git a/testdata/ansible/memcached-operator/config/scorecard/patches/olm.config.yaml b/testdata/ansible/memcached-operator/config/scorecard/patches/olm.config.yaml index f2284ce825..61942fa26a 100644 --- a/testdata/ansible/memcached-operator/config/scorecard/patches/olm.config.yaml +++ b/testdata/ansible/memcached-operator/config/scorecard/patches/olm.config.yaml @@ -4,7 +4,7 @@ entrypoint: - scorecard-test - olm-bundle-validation - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-bundle-validation-test @@ -14,7 +14,7 @@ entrypoint: - scorecard-test - olm-crds-have-validation - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-crds-have-validation-test @@ -24,7 +24,7 @@ entrypoint: - scorecard-test - olm-crds-have-resources - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-crds-have-resources-test @@ -34,7 +34,7 @@ entrypoint: - scorecard-test - olm-spec-descriptors - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-spec-descriptors-test @@ -44,7 +44,7 @@ entrypoint: - scorecard-test - olm-status-descriptors - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-status-descriptors-test diff --git a/testdata/go/v2/memcached-operator/bundle/tests/scorecard/config.yaml b/testdata/go/v2/memcached-operator/bundle/tests/scorecard/config.yaml index fa798691e2..102f82a7df 100644 --- a/testdata/go/v2/memcached-operator/bundle/tests/scorecard/config.yaml +++ b/testdata/go/v2/memcached-operator/bundle/tests/scorecard/config.yaml @@ -8,42 +8,42 @@ stages: - entrypoint: - scorecard-test - basic-check-spec - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: basic test: basic-check-spec-test - entrypoint: - scorecard-test - olm-bundle-validation - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-bundle-validation-test - entrypoint: - scorecard-test - olm-crds-have-validation - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-crds-have-validation-test - entrypoint: - scorecard-test - olm-crds-have-resources - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-crds-have-resources-test - entrypoint: - scorecard-test - olm-spec-descriptors - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-spec-descriptors-test - entrypoint: - scorecard-test - olm-status-descriptors - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-status-descriptors-test diff --git a/testdata/go/v2/memcached-operator/config/scorecard/patches/basic.config.yaml b/testdata/go/v2/memcached-operator/config/scorecard/patches/basic.config.yaml index 9a2562c843..82c03ac2be 100644 --- a/testdata/go/v2/memcached-operator/config/scorecard/patches/basic.config.yaml +++ b/testdata/go/v2/memcached-operator/config/scorecard/patches/basic.config.yaml @@ -4,7 +4,7 @@ entrypoint: - scorecard-test - basic-check-spec - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: basic test: basic-check-spec-test diff --git a/testdata/go/v2/memcached-operator/config/scorecard/patches/olm.config.yaml b/testdata/go/v2/memcached-operator/config/scorecard/patches/olm.config.yaml index f2284ce825..61942fa26a 100644 --- a/testdata/go/v2/memcached-operator/config/scorecard/patches/olm.config.yaml +++ b/testdata/go/v2/memcached-operator/config/scorecard/patches/olm.config.yaml @@ -4,7 +4,7 @@ entrypoint: - scorecard-test - olm-bundle-validation - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-bundle-validation-test @@ -14,7 +14,7 @@ entrypoint: - scorecard-test - olm-crds-have-validation - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-crds-have-validation-test @@ -24,7 +24,7 @@ entrypoint: - scorecard-test - olm-crds-have-resources - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-crds-have-resources-test @@ -34,7 +34,7 @@ entrypoint: - scorecard-test - olm-spec-descriptors - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-spec-descriptors-test @@ -44,7 +44,7 @@ entrypoint: - scorecard-test - olm-status-descriptors - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-status-descriptors-test diff --git a/testdata/go/v3/memcached-operator/bundle/tests/scorecard/config.yaml b/testdata/go/v3/memcached-operator/bundle/tests/scorecard/config.yaml index fa798691e2..102f82a7df 100644 --- a/testdata/go/v3/memcached-operator/bundle/tests/scorecard/config.yaml +++ b/testdata/go/v3/memcached-operator/bundle/tests/scorecard/config.yaml @@ -8,42 +8,42 @@ stages: - entrypoint: - scorecard-test - basic-check-spec - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: basic test: basic-check-spec-test - entrypoint: - scorecard-test - olm-bundle-validation - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-bundle-validation-test - entrypoint: - scorecard-test - olm-crds-have-validation - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-crds-have-validation-test - entrypoint: - scorecard-test - olm-crds-have-resources - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-crds-have-resources-test - entrypoint: - scorecard-test - olm-spec-descriptors - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-spec-descriptors-test - entrypoint: - scorecard-test - olm-status-descriptors - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-status-descriptors-test diff --git a/testdata/go/v3/memcached-operator/config/scorecard/patches/basic.config.yaml b/testdata/go/v3/memcached-operator/config/scorecard/patches/basic.config.yaml index 9a2562c843..82c03ac2be 100644 --- a/testdata/go/v3/memcached-operator/config/scorecard/patches/basic.config.yaml +++ b/testdata/go/v3/memcached-operator/config/scorecard/patches/basic.config.yaml @@ -4,7 +4,7 @@ entrypoint: - scorecard-test - basic-check-spec - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: basic test: basic-check-spec-test diff --git a/testdata/go/v3/memcached-operator/config/scorecard/patches/olm.config.yaml b/testdata/go/v3/memcached-operator/config/scorecard/patches/olm.config.yaml index f2284ce825..61942fa26a 100644 --- a/testdata/go/v3/memcached-operator/config/scorecard/patches/olm.config.yaml +++ b/testdata/go/v3/memcached-operator/config/scorecard/patches/olm.config.yaml @@ -4,7 +4,7 @@ entrypoint: - scorecard-test - olm-bundle-validation - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-bundle-validation-test @@ -14,7 +14,7 @@ entrypoint: - scorecard-test - olm-crds-have-validation - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-crds-have-validation-test @@ -24,7 +24,7 @@ entrypoint: - scorecard-test - olm-crds-have-resources - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-crds-have-resources-test @@ -34,7 +34,7 @@ entrypoint: - scorecard-test - olm-spec-descriptors - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-spec-descriptors-test @@ -44,7 +44,7 @@ entrypoint: - scorecard-test - olm-status-descriptors - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-status-descriptors-test diff --git a/testdata/helm/memcached-operator/Dockerfile b/testdata/helm/memcached-operator/Dockerfile index f4fea7229a..067a66fa46 100644 --- a/testdata/helm/memcached-operator/Dockerfile +++ b/testdata/helm/memcached-operator/Dockerfile @@ -1,5 +1,5 @@ # Build the manager binary -FROM quay.io/operator-framework/helm-operator:v1.5.0 +FROM quay.io/operator-framework/helm-operator:v1.6.0 ENV HOME=/opt/helm COPY watches.yaml ${HOME}/watches.yaml diff --git a/testdata/helm/memcached-operator/Makefile b/testdata/helm/memcached-operator/Makefile index 693d5d8cdd..11928a2b3e 100644 --- a/testdata/helm/memcached-operator/Makefile +++ b/testdata/helm/memcached-operator/Makefile @@ -109,7 +109,7 @@ ifeq (,$(shell which helm-operator 2>/dev/null)) @{ \ set -e ;\ mkdir -p $(dir $(HELM_OPERATOR)) ;\ - curl -sSLo $(HELM_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.5.0/helm-operator_$(OS)_$(ARCH) ;\ + curl -sSLo $(HELM_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.6.0/helm-operator_$(OS)_$(ARCH) ;\ chmod +x $(HELM_OPERATOR) ;\ } else diff --git a/testdata/helm/memcached-operator/bundle/tests/scorecard/config.yaml b/testdata/helm/memcached-operator/bundle/tests/scorecard/config.yaml index fa798691e2..102f82a7df 100644 --- a/testdata/helm/memcached-operator/bundle/tests/scorecard/config.yaml +++ b/testdata/helm/memcached-operator/bundle/tests/scorecard/config.yaml @@ -8,42 +8,42 @@ stages: - entrypoint: - scorecard-test - basic-check-spec - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: basic test: basic-check-spec-test - entrypoint: - scorecard-test - olm-bundle-validation - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-bundle-validation-test - entrypoint: - scorecard-test - olm-crds-have-validation - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-crds-have-validation-test - entrypoint: - scorecard-test - olm-crds-have-resources - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-crds-have-resources-test - entrypoint: - scorecard-test - olm-spec-descriptors - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-spec-descriptors-test - entrypoint: - scorecard-test - olm-status-descriptors - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-status-descriptors-test diff --git a/testdata/helm/memcached-operator/config/scorecard/patches/basic.config.yaml b/testdata/helm/memcached-operator/config/scorecard/patches/basic.config.yaml index 9a2562c843..82c03ac2be 100644 --- a/testdata/helm/memcached-operator/config/scorecard/patches/basic.config.yaml +++ b/testdata/helm/memcached-operator/config/scorecard/patches/basic.config.yaml @@ -4,7 +4,7 @@ entrypoint: - scorecard-test - basic-check-spec - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: basic test: basic-check-spec-test diff --git a/testdata/helm/memcached-operator/config/scorecard/patches/olm.config.yaml b/testdata/helm/memcached-operator/config/scorecard/patches/olm.config.yaml index f2284ce825..61942fa26a 100644 --- a/testdata/helm/memcached-operator/config/scorecard/patches/olm.config.yaml +++ b/testdata/helm/memcached-operator/config/scorecard/patches/olm.config.yaml @@ -4,7 +4,7 @@ entrypoint: - scorecard-test - olm-bundle-validation - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-bundle-validation-test @@ -14,7 +14,7 @@ entrypoint: - scorecard-test - olm-crds-have-validation - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-crds-have-validation-test @@ -24,7 +24,7 @@ entrypoint: - scorecard-test - olm-crds-have-resources - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-crds-have-resources-test @@ -34,7 +34,7 @@ entrypoint: - scorecard-test - olm-spec-descriptors - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-spec-descriptors-test @@ -44,7 +44,7 @@ entrypoint: - scorecard-test - olm-status-descriptors - image: quay.io/operator-framework/scorecard-test:v1.5.0 + image: quay.io/operator-framework/scorecard-test:v1.6.0 labels: suite: olm test: olm-status-descriptors-test diff --git a/website/content/en/docs/upgrading-sdk-version/v1.6.0.md b/website/content/en/docs/upgrading-sdk-version/v1.6.0.md index 416227cdd1..490a793be7 100644 --- a/website/content/en/docs/upgrading-sdk-version/v1.6.0.md +++ b/website/content/en/docs/upgrading-sdk-version/v1.6.0.md @@ -94,7 +94,7 @@ _See [#4654](https://github.com/operator-framework/operator-sdk/pull/4654) for m ## (helm/v1, ansible/v1) Add `help` target to Makefile. -Ansible/Helm projects now provide a Makefile `help` target, similar to a `--help` flag. You can copy and paste this target from the relevant sample's Makefile ([helm]((https://github.com/operator-framework/operator-sdk/blob/v1.5.0/testdata/helm/memcached-operator/Makefile), [ansible]((https://github.com/operator-framework/operator-sdk/blob/v1.5.0/testdata/ansible/memcached-operator/Makefile)). +Ansible/Helm projects now provide a Makefile `help` target, similar to a `--help` flag. You can copy and paste this target from the relevant sample's Makefile ([helm](https://github.com/operator-framework/operator-sdk/blob/v1.5.0/testdata/helm/memcached-operator/Makefile), [ansible](https://github.com/operator-framework/operator-sdk/blob/v1.5.0/testdata/ansible/memcached-operator/Makefile)). _See [#4660](https://github.com/operator-framework/operator-sdk/pull/4660) for more details._ @@ -207,7 +207,8 @@ The following Makefile changes were made to allow `make bundle-build bundle-push ```diff +IMAGE_TAG_BASE ?= / + --BUNDLE_IMG ?= controller-bundle:$(VERSION) +BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION) +-BUNDLE_IMG ?= controller-bundle:$(VERSION) ++BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION) ``` For example, if `IMAGE_TAG_BASE ?= foo/bar-operator` then running `make bundle-build bundle-push catalog-build catalog-push` would build `foo/bar-operator-bundle:v0.0.1` and `foo/bar-operator-catalog:v0.0.1` then push them to the `docker.io/foo` namespaced registry.