Merge branch 'release/v2.2.0' into main

cloudogu · Sep 25, 2024 · 39ba1c7 · 39ba1c7
2 parents 445c3c4 + b30c410
commit 39ba1c7
Show file tree

Hide file tree

Showing 92 changed files with 2,189 additions and 2,132 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [v2.2.0] - 2024-09-25
+### Changed
+- [#196] Update k8s-registry-lib to v0.4.1
+
+### Fixed
+- [#192] Add missing clientSet-dependency to ManagerSet
+    - This fixes a bug when removing component service-accounts
+- [#190] Fix a bug where the dogu operator could not install dogus with optional dependencies because the old etcd not found error was used in dependency validation instead of the k8s not found error.
+
 ## [v2.1.0] - 2024-09-18
 ### Changed
 - Relicense to AGPL-3.0-only

diff --git a/Dockerfile b/Dockerfile
@@ -38,7 +38,7 @@ RUN make compile-generic
 FROM gcr.io/distroless/static:nonroot
 LABEL maintainer="hello@cloudogu.com" \
       NAME="k8s-dogu-operator" \
-      VERSION="2.1.0"
+      VERSION="2.2.0"
 
 WORKDIR /
 COPY --from=builder /workspace/target/k8s-dogu-operator .

diff --git a/Makefile b/Makefile
@@ -1,13 +1,12 @@
 # Set these to the desired values
 ARTIFACT_ID=k8s-dogu-operator
-VERSION=2.1.0
+VERSION=2.2.0
 
 IMAGE=cloudogu/${ARTIFACT_ID}:${VERSION}
 GOTAG=1.22.5
-MAKEFILES_VERSION=9.0.4
+MAKEFILES_VERSION=9.2.0
 LINT_VERSION=v1.57.2
 
-K8S_RUN_PRE_TARGETS = setup-etcd-port-forward
 PRE_COMPILE = generate-deepcopy
 K8S_COMPONENT_SOURCE_VALUES = ${HELM_SOURCE_DIR}/values.yaml
 K8S_COMPONENT_TARGET_VALUES = ${HELM_TARGET_DIR}/values.yaml
@@ -52,10 +51,6 @@ helm-values-replace-image-repo: $(BINARY_YQ)
 
 ##@ Deployment
 
-.PHONY: setup-etcd-port-forward
-setup-etcd-port-forward:
-	kubectl -n ${NAMESPACE} port-forward etcd-0 4001:2379 &
-
 .PHONY: template-stage
 template-stage: $(BINARY_YQ)
 	@if [[ ${STAGE} == "development" ]]; then \

diff --git a/build/make/bats.mk b/build/make/bats.mk
@@ -9,7 +9,7 @@ BATS_SUPPORT=$(BATS_LIBRARY_DIR)/bats-support
 BATS_FILE=$(BATS_LIBRARY_DIR)/bats-file
 BATS_BASE_IMAGE?=bats/bats
 BATS_CUSTOM_IMAGE?=cloudogu/bats
-BATS_TAG?=1.2.1
+BATS_TAG?=1.11.0
 BATS_DIR=build/make/bats
 BATS_WORKDIR="${WORKDIR}"/"${BATS_DIR}"
 

diff --git a/build/make/bats/Dockerfile b/build/make/bats/Dockerfile
@@ -1,7 +1,9 @@
 ARG BATS_BASE_IMAGE
 ARG BATS_TAG
 
-FROM ${BATS_BASE_IMAGE}:${BATS_TAG}
+FROM ${BATS_BASE_IMAGE:-bats/bats}:${BATS_TAG:-1.11.0}
 
 # Make bash more findable by scripts and tests
 RUN apk add make git bash
+# suppress git "detected dubious ownership" error/warning for repos which are checked out later
+RUN git config --global --add safe.directory /workspace
diff --git a/build/make/build.mk b/build/make/build.mk
@@ -3,7 +3,7 @@
 ADDITIONAL_LDFLAGS?=-extldflags -static
 LDFLAGS?=-ldflags "$(ADDITIONAL_LDFLAGS) -X main.Version=$(VERSION) -X main.CommitID=$(COMMIT_ID)"
 GOIMAGE?=golang
-GOTAG?=1.14.13
+GOTAG?=1.22
 GOOS?=linux
 GOARCH?=amd64
 PRE_COMPILE?=

diff --git a/build/make/k8s-component.mk b/build/make/k8s-component.mk
@@ -2,7 +2,9 @@ COMPONENT_DEV_VERSION?=${VERSION}-dev
 
 include ${BUILD_DIR}/make/k8s.mk
 
-BINARY_HELM_ADDITIONAL_PUSH_ARGS?=--plain-http
+ifeq (${RUNTIME_ENV}, local)
+	BINARY_HELM_ADDITIONAL_PUSH_ARGS?=--plain-http
+endif
 BINARY_HELM_ADDITIONAL_PACK_ARGS?=
 BINARY_HELM_ADDITIONAL_UNINST_ARGS?=
 BINARY_HELM_ADDITIONAL_UPGR_ARGS?=
@@ -12,6 +14,9 @@ HELM_SOURCE_DIR ?= k8s/helm
 HELM_RELEASE_TGZ=${HELM_TARGET_DIR}/${ARTIFACT_ID}-${VERSION}.tgz
 HELM_DEV_RELEASE_TGZ=${HELM_TARGET_DIR}/${ARTIFACT_ID}-${COMPONENT_DEV_VERSION}.tgz
 HELM_ARTIFACT_NAMESPACE?=k8s
+ifeq (${RUNTIME_ENV}, remote)
+	HELM_ARTIFACT_NAMESPACE?=testing/k8s
+endif
 
 K8S_RESOURCE_COMPONENT ?= "${K8S_RESOURCE_TEMP_FOLDER}/component-${ARTIFACT_ID}-${VERSION}.yaml"
 K8S_RESOURCE_COMPONENT_CR_TEMPLATE_YAML ?= $(BUILD_DIR)/make/k8s-component.tpl
@@ -75,24 +80,24 @@ helm-update-dependencies: ${BINARY_HELM} ## Update Helm chart dependencies
 .PHONY: helm-apply
 helm-apply: ${BINARY_HELM} check-k8s-namespace-env-var ${IMAGE_IMPORT_TARGET} helm-generate ${HELM_PRE_APPLY_TARGETS} ## Generates and installs the Helm chart.
 	@echo "Apply generated helm chart"
-	@${BINARY_HELM} upgrade -i ${ARTIFACT_ID} ${HELM_TARGET_DIR} ${BINARY_HELM_ADDITIONAL_UPGR_ARGS} --namespace ${NAMESPACE}
+	@${BINARY_HELM} --kube-context="${KUBE_CONTEXT_NAME}" upgrade -i ${ARTIFACT_ID} ${HELM_TARGET_DIR} ${BINARY_HELM_ADDITIONAL_UPGR_ARGS} --namespace ${NAMESPACE}
 
 .PHONY: helm-delete
 helm-delete: ${BINARY_HELM} check-k8s-namespace-env-var ## Uninstalls the current Helm chart.
 	@echo "Uninstall helm chart"
-	@${BINARY_HELM} uninstall ${ARTIFACT_ID} --namespace=${NAMESPACE} ${BINARY_HELM_ADDITIONAL_UNINST_ARGS} || true
+	@${BINARY_HELM} --kube-context="${KUBE_CONTEXT_NAME}" uninstall ${ARTIFACT_ID} --namespace=${NAMESPACE} ${BINARY_HELM_ADDITIONAL_UNINST_ARGS} || true
 
 .PHONY: helm-reinstall
 helm-reinstall: helm-delete helm-apply ## Uninstalls the current helm chart and reinstalls it.
 
 .PHONY: helm-chart-import
 helm-chart-import: ${CHECK_VAR_TARGETS} helm-generate helm-package ${IMAGE_IMPORT_TARGET} ## Imports the currently available chart into the cluster-local registry.
 	@if [[ ${STAGE} == "development" ]]; then \
-		echo "Import ${HELM_DEV_RELEASE_TGZ} into K8s cluster ${K3CES_REGISTRY_URL_PREFIX}..."; \
-		${BINARY_HELM} push ${HELM_DEV_RELEASE_TGZ} oci://${K3CES_REGISTRY_URL_PREFIX}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \
+		echo "Import ${HELM_DEV_RELEASE_TGZ} into K8s cluster ${CES_REGISTRY_HOST}..."; \
+		${BINARY_HELM} push ${HELM_DEV_RELEASE_TGZ} oci://${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \
 	else \
-	  	echo "Import ${HELM_RELEASE_TGZ} into K8s cluster ${K3CES_REGISTRY_URL_PREFIX}..."; \
-        ${BINARY_HELM} push ${HELM_RELEASE_TGZ} oci://${K3CES_REGISTRY_URL_PREFIX}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \
+	  	echo "Import ${HELM_RELEASE_TGZ} into K8s cluster ${CES_REGISTRY_HOST}..."; \
+        ${BINARY_HELM} push ${HELM_RELEASE_TGZ} oci://${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \
     fi
 	@echo "Done."
 
@@ -138,12 +143,12 @@ ${K8S_RESOURCE_COMPONENT_CR_TEMPLATE_YAML}: ${K8S_RESOURCE_TEMP_FOLDER}
 
 .PHONY: component-apply
 component-apply: check-k8s-namespace-env-var ${COMPONENT_PRE_APPLY_TARGETS} ${IMAGE_IMPORT_TARGET} helm-generate helm-chart-import component-generate ## Applies the component yaml resource to the actual defined context.
-	@kubectl apply -f "${K8S_RESOURCE_COMPONENT}" --namespace="${NAMESPACE}"
+	@kubectl apply -f "${K8S_RESOURCE_COMPONENT}" --namespace="${NAMESPACE}" --context="${KUBE_CONTEXT_NAME}"
 	@echo "Done."
 
 .PHONY: component-delete
 component-delete: check-k8s-namespace-env-var component-generate $(K8S_POST_GENERATE_TARGETS) ## Deletes the component yaml resource from the actual defined context.
-	@kubectl delete -f "${K8S_RESOURCE_COMPONENT}" --namespace="${NAMESPACE}" || true
+	@kubectl delete -f "${K8S_RESOURCE_COMPONENT}" --namespace="${NAMESPACE}" --context="${KUBE_CONTEXT_NAME}" || true
 	@echo "Done."
 
 .PHONY: component-reinstall

diff --git a/build/make/k8s-crd.mk b/build/make/k8s-crd.mk
@@ -62,12 +62,12 @@ validate-crd-chart:
 .PHONY: crd-helm-apply
 crd-helm-apply: ${BINARY_HELM} check-k8s-namespace-env-var crd-helm-generate ## Generates and installs the Helm CRD chart.
 	@echo "Apply generated Helm CRD chart"
-	@${BINARY_HELM} upgrade -i ${ARTIFACT_CRD_ID} ${HELM_CRD_TARGET_DIR} ${BINARY_HELM_ADDITIONAL_UPGR_ARGS} --namespace ${NAMESPACE}
+	@${BINARY_HELM} --kube-context="${KUBE_CONTEXT_NAME}" upgrade -i ${ARTIFACT_CRD_ID} ${HELM_CRD_TARGET_DIR} ${BINARY_HELM_ADDITIONAL_UPGR_ARGS} --namespace ${NAMESPACE}
 
 .PHONY: crd-helm-delete
 crd-helm-delete: ${BINARY_HELM} check-k8s-namespace-env-var ## Uninstalls the current Helm CRD chart.
 	@echo "Uninstall Helm CRD chart"
-	@${BINARY_HELM} uninstall ${ARTIFACT_CRD_ID} --namespace=${NAMESPACE} ${BINARY_HELM_ADDITIONAL_UNINST_ARGS} || true
+	@${BINARY_HELM} --kube-context="${KUBE_CONTEXT_NAME}" uninstall ${ARTIFACT_CRD_ID} --namespace=${NAMESPACE} ${BINARY_HELM_ADDITIONAL_UNINST_ARGS} || true
 
 .PHONY: crd-helm-package
 crd-helm-package: crd-helm-delete-existing-tgz ${HELM_CRD_RELEASE_TGZ} ## Generates and packages the Helm CRD chart.
@@ -83,11 +83,11 @@ ${HELM_CRD_RELEASE_TGZ}: ${BINARY_HELM} crd-helm-generate ## Generates and packa
 .PHONY: crd-helm-chart-import
 crd-helm-chart-import: ${CHECK_VAR_TARGETS} check-k8s-artifact-id crd-helm-generate crd-helm-package ## Imports the currently available Helm CRD chart into the cluster-local registry.
 	@if [[ ${STAGE} == "development" ]]; then \
-		echo "Import ${HELM_CRD_DEV_RELEASE_TGZ} into K8s cluster ${K3CES_REGISTRY_URL_PREFIX}..."; \
-		${BINARY_HELM} push ${HELM_CRD_DEV_RELEASE_TGZ} oci://${K3CES_REGISTRY_URL_PREFIX}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \
+		echo "Import ${HELM_CRD_DEV_RELEASE_TGZ} into K8s cluster ${CES_REGISTRY_HOST}..."; \
+		${BINARY_HELM} push ${HELM_CRD_DEV_RELEASE_TGZ} oci://${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \
 	else \
-	  	echo "Import ${HELM_CRD_RELEASE_TGZ} into K8s cluster ${K3CES_REGISTRY_URL_PREFIX}..."; \
-        ${BINARY_HELM} push ${HELM_CRD_RELEASE_TGZ} oci://${K3CES_REGISTRY_URL_PREFIX}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \
+	  	echo "Import ${HELM_CRD_RELEASE_TGZ} into K8s cluster ${CES_REGISTRY_HOST}..."; \
+        ${BINARY_HELM} push ${HELM_CRD_RELEASE_TGZ} oci://${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \
     fi
 	@echo "Done."
 
@@ -106,10 +106,10 @@ crd-component-generate: ${K8S_RESOURCE_TEMP_FOLDER} ## Generate the CRD componen
 
 .PHONY: crd-component-apply
 crd-component-apply: check-k8s-namespace-env-var crd-helm-chart-import crd-component-generate ## Applies the CRD component YAML resource to the actual defined context.
-	@kubectl apply -f "${K8S_RESOURCE_CRD_COMPONENT}" --namespace="${NAMESPACE}"
+	@kubectl apply -f "${K8S_RESOURCE_CRD_COMPONENT}" --namespace="${NAMESPACE}" --context="${KUBE_CONTEXT_NAME}"
 	@echo "Done."
 
 .PHONY: crd-component-delete
 crd-component-delete: check-k8s-namespace-env-var crd-component-generate ## Deletes the CRD component YAML resource from the actual defined context.
-	@kubectl delete -f "${K8S_RESOURCE_CRD_COMPONENT}" --namespace="${NAMESPACE}" || true
+	@kubectl delete -f "${K8S_RESOURCE_CRD_COMPONENT}" --namespace="${NAMESPACE}" --context="${KUBE_CONTEXT_NAME}" || true
 	@echo "Done."
diff --git a/build/make/k8s-dogu.mk b/build/make/k8s-dogu.mk
@@ -10,8 +10,6 @@ ARTIFACT_NAMESPACE=$(shell $(BINARY_YQ) -oy -e ".Name" $(DOGU_JSON_FILE) | sed "
 VERSION=$(shell $(BINARY_YQ) -oy -e ".Version" $(DOGU_JSON_FILE))
 # Image of the dogu is extracted from the dogu.json
 IMAGE=$(shell $(BINARY_YQ) -oy -e ".Image" $(DOGU_JSON_FILE)):$(VERSION)
-IMAGE_DEV_WITHOUT_TAG=$(shell $(BINARY_YQ) -oy -e ".Image" $(DOGU_JSON_FILE) | sed "s|registry\.cloudogu\.com\(.\+\)|${K3CES_REGISTRY_URL_PREFIX}\1|g")
-IMAGE_DEV=${IMAGE_DEV_WITHOUT_TAG}
 
 include $(BUILD_DIR)/make/k8s.mk
 
@@ -37,13 +35,13 @@ create-dogu-resource: ${BINARY_YQ} $(K8S_RESOURCE_TEMP_FOLDER)
 
 .PHONY: apply-dogu-resource
 apply-dogu-resource:
-	@kubectl apply -f "$(K8S_RESOURCE_DOGU)"
+	@kubectl --context="${KUBE_CONTEXT_NAME}" --namespace=${NAMESPACE} apply -f "$(K8S_RESOURCE_DOGU)"
 
 ##@ K8s - Dogu
 
 .PHONY: install-dogu-descriptor
 install-dogu-descriptor: ${BINARY_YQ} $(TARGET_DIR) ## Installs a configmap with current dogu.json into the cluster.
 	@echo "Generate configmap from dogu.json..."
-	@$(BINARY_YQ) -oj ".Image=\"${IMAGE_DEV_WITHOUT_TAG}\"" ${DOGU_JSON_FILE} > ${DOGU_JSON_DEV_FILE}
-	@kubectl create configmap "$(ARTIFACT_ID)-descriptor" --from-file=$(DOGU_JSON_DEV_FILE) --dry-run=client -o yaml | kubectl apply -f - --namespace=${NAMESPACE}
+	@$(BINARY_YQ) -oj ".Image=\"${IMAGE_DEV}\" | .Version=\"${VERSION}\""  ${DOGU_JSON_FILE} > ${DOGU_JSON_DEV_FILE}
+	@kubectl --context="${KUBE_CONTEXT_NAME}" create configmap "$(ARTIFACT_ID)-descriptor" --from-file=$(DOGU_JSON_DEV_FILE) --dry-run=client -o yaml | kubectl --context="${KUBE_CONTEXT_NAME}" --namespace=${NAMESPACE} apply -f -
 	@echo "Done."
diff --git a/build/make/k8s.mk b/build/make/k8s.mk
@@ -22,14 +22,48 @@ SHELL = /usr/bin/env bash -o pipefail
 IMAGE ?=
 
 # Set production as default stage. Use "development" as stage in your .env file to generate artifacts
-# with development images pointing to K3S_CLUSTER_FQDN.
+# with development images pointing to CES_REGISTRY_URL_PREFIX.
 STAGE?=production
+
+# Set the "local" as runtime-environment, to push images to the container-registry of the local cluster and to apply resources to the local cluster.
+# Use "remote" as runtime-environment in your .env file to push images to the container-registry at "registry.cloudogu.com/testing" and to apply resources to the configured kubernetes-context in KUBE_CONTEXT_NAME.
+RUNTIME_ENV?=local
+$(info RUNTIME_ENV=$(RUNTIME_ENV))
+
+# The host and port of the local cluster
 K3S_CLUSTER_FQDN?=k3ces.local
 K3S_LOCAL_REGISTRY_PORT?=30099
-K3CES_REGISTRY_URL_PREFIX="${K3S_CLUSTER_FQDN}:${K3S_LOCAL_REGISTRY_PORT}"
+
+# The URL of the container-registry to use. Defaults to the registry of the local-cluster.
+# If RUNTIME_ENV is "remote" it is "registry.cloudogu.com/testing"
+CES_REGISTRY_HOST?="${K3S_CLUSTER_FQDN}:${K3S_LOCAL_REGISTRY_PORT}"
+CES_REGISTRY_NAMESPACE ?=
+ifeq (${RUNTIME_ENV}, remote)
+	CES_REGISTRY_HOST="registry.cloudogu.com"
+	CES_REGISTRY_NAMESPACE="/testing"
+endif
+$(info CES_REGISTRY_HOST=$(CES_REGISTRY_HOST))
+
+# The name of the kube-context to use for applying resources.
+# If KUBE_CONTEXT_NAME is empty and RUNTIME_ENV is "remote" the currently configured kube-context is used.
+# If KUBE_CONTEXT_NAME is empty and RUNTIME_ENV is not "remote" the "k3ces.local" is used as kube-context.
+ifeq (${KUBE_CONTEXT_NAME}, )
+	ifeq (${RUNTIME_ENV}, remote)
+		KUBE_CONTEXT_NAME = $(shell kubectl config current-context)
+	else
+		KUBE_CONTEXT_NAME = k3ces.local
+	endif
+endif
+$(info KUBE_CONTEXT_NAME=$(KUBE_CONTEXT_NAME))
+
+# The git branch-name in lowercase, shortened to 63 bytes, and with everything except 0-9 and a-z replaced with -. No leading / trailing -.
+GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD | tr '[:upper:]' '[:lower:]' | sed -E 's/[^a-z0-9]+/-/g; s/^-+|-+$$//g' | cut -c1-63)
+# The short git commit-hash
+GIT_HASH := $(shell git rev-parse --short HEAD)
+
 ## Image URL to use all building/pushing image targets
-IMAGE_DEV?=${K3CES_REGISTRY_URL_PREFIX}/${ARTIFACT_ID}
-IMAGE_DEV_VERSION=${IMAGE_DEV}:${VERSION}
+IMAGE_DEV?=$(CES_REGISTRY_HOST)$(CES_REGISTRY_NAMESPACE)/$(ARTIFACT_ID)/$(GIT_BRANCH)
+IMAGE_DEV_VERSION=$(IMAGE_DEV):$(VERSION)
 
 # Variables for the temporary yaml files. These are used as template to generate a development resource containing
 # the current namespace and the dev image.
@@ -64,13 +98,36 @@ check-k8s-artifact-id:
 
 .PHONY: check-etc-hosts
 check-etc-hosts:
-	@grep -E "^.+\s+${K3S_CLUSTER_FQDN}\$$" /etc/hosts > /dev/null || \
-		(echo "Missing /etc/hosts entry for ${K3S_CLUSTER_FQDN}" && exit 1)
+	@if [[ ${RUNTIME_ENV} == "local" ]]; then \
+		grep -E "^.+\s+${K3S_CLUSTER_FQDN}\$$" /etc/hosts > /dev/null || \
+      		(echo "Missing /etc/hosts entry for ${K3S_CLUSTER_FQDN}" && exit 1) \
+	fi
 
 .PHONY: check-insecure-cluster-registry
 check-insecure-cluster-registry:
-	@grep "${K3CES_REGISTRY_URL_PREFIX}" /etc/docker/daemon.json > /dev/null || \
-		(echo "Missing /etc/docker/daemon.json for ${K3CES_REGISTRY_URL_PREFIX}" && exit 1)
+	@if [[ ${RUNTIME_ENV} == "local" ]]; then \
+		grep "${CES_REGISTRY_HOST}" /etc/docker/daemon.json > /dev/null || \
+			(echo "Missing /etc/docker/daemon.json for ${CES_REGISTRY_HOST}" && exit 1) \
+	fi
+
+# If the RUNTIME_ENV is "remote" checks if the current docker-client has credentials for CES_REGISTRY_HOST
+# If no credentials could be found, the credentials are queried and docker-login is performed
+check-docker-credentials:
+	@if [[ "$(RUNTIME_ENV)" == "remote" ]]; then \
+		if ! grep -q $(CES_REGISTRY_HOST) ~/.docker/config.json ; then \
+			echo "Error: Docker is not logged in to $(CES_REGISTRY_HOST)"; \
+			read -p "Enter Docker Username for $(CES_REGISTRY_HOST): " username; \
+			read -sp "Enter Docker Password for $(CES_REGISTRY_HOST): " password; \
+			echo ""; \
+			echo "$$password" | docker login -u "$$username" --password-stdin $(CES_REGISTRY_HOST); \
+			if [ $$? -eq 0 ]; then \
+				echo "Docker login to $(CES_REGISTRY_HOST) successful"; \
+			else \
+				echo "Docker login to $(CES_REGISTRY_HOST) failed"; \
+				exit 1; \
+			fi \
+		fi \
+	fi
 
 ##@ K8s - Resources
 
@@ -81,7 +138,7 @@ ${K8S_RESOURCE_TEMP_FOLDER}:
 ##@ K8s - Docker
 
 .PHONY: docker-build
-docker-build: check-k8s-image-env-var ## Builds the docker image of the K8s app.
+docker-build: check-docker-credentials check-k8s-image-env-var ## Builds the docker image of the K8s app.
 	@echo "Building docker image $(IMAGE)..."
 	@DOCKER_BUILDKIT=1 docker build . -t $(IMAGE)
 
@@ -93,13 +150,13 @@ docker-dev-tag: check-k8s-image-dev-var docker-build ## Tags a Docker image for
 .PHONY: check-k8s-image-dev-var
 check-k8s-image-dev-var:
 ifeq (${IMAGE_DEV},)
-	@echo "Missing make variable IMAGE_DEV detected. It should look like \$${K3CES_REGISTRY_URL_PREFIX}/docker-image:tag"
+	@echo "Missing make variable IMAGE_DEV detected. It should look like \$${CES_REGISTRY_HOST}/docker-image:tag"
 	@exit 19
 endif
 
 .PHONY: image-import
-image-import: check-all-vars check-k8s-artifact-id docker-dev-tag ## Imports the currently available image into the cluster-local registry.
-	@echo "Import $(IMAGE_DEV_VERSION) into K8s cluster ${K3S_CLUSTER_FQDN}..."
+image-import: check-all-vars check-k8s-artifact-id docker-dev-tag ## Imports the currently available image into the configured ces-registry.
+	@echo "Import $(IMAGE_DEV_VERSION) into K8s cluster ${KUBE_CONTEXT_NAME}..."
 	@docker push $(IMAGE_DEV_VERSION)
 	@echo "Done."
 

diff --git a/build/make/static-analysis.mk b/build/make/static-analysis.mk
@@ -2,14 +2,14 @@
 
 STATIC_ANALYSIS_DIR=$(TARGET_DIR)/static-analysis
 GOIMAGE?=golang
-GOTAG?=1.18
+GOTAG?=1.22
 CUSTOM_GO_MOUNT?=-v /tmp:/tmp
 
 REVIEW_DOG=$(TMP_DIR)/bin/reviewdog
 LINT=$(TMP_DIR)/bin/golangci-lint
-LINT_VERSION?=v1.49.0
+LINT_VERSION?=v1.58.2
 # ignore tests and mocks
-LINTFLAGS=--tests=false --skip-files="^.*_mock.go$$" --skip-files="^.*/mock.*.go$$" --timeout 10m --issues-exit-code 0
+LINTFLAGS=--tests=false --exclude-files="^.*_mock.go$$" --exclude-files="^.*/mock.*.go$$" --timeout 10m --issues-exit-code 0
 ADDITIONAL_LINTER=-E bodyclose -E containedctx -E contextcheck -E decorder -E dupl -E errname -E forcetypeassert -E funlen -E unparam
 
 .PHONY: static-analysis

diff --git a/build/make/vulnerability-scan.mk b/build/make/vulnerability-scan.mk
@@ -0,0 +1,13 @@
+##@ Vulnerability scan
+
+GOVULNCHECK_BIN=${UTILITY_BIN_PATH}/govulncheck
+GOVULNCHECK_VERSION?=latest
+
+${GOVULNCHECK_BIN}: ${UTILITY_BIN_PATH}
+	$(call go-get-tool,$(GOVULNCHECK_BIN),golang.org/x/vuln/cmd/govulncheck@$(GOVULNCHECK_VERSION))
+
+.PHONY: govulncheck
+govulncheck: ${GOVULNCHECK_BIN} ## This target is used to scan the go repository against known vulnerabilities
+	@echo "Start vulnerability against repository"
+	${GOVULNCHECK_BIN} -show verbose ./...
+	@echo "Finished scan"
diff --git a/config/samples/hallowelt/bluespice-pdfrenderer.yaml b/config/samples/hallowelt/bluespice-pdfrenderer.yaml
@@ -6,4 +6,4 @@ metadata:
     app: ces
 spec:
   name: hallowelt/bluespice-pdfrenderer
-  version: 4.2.1-1
+  version: 4.3.0-2
diff --git a/config/samples/hallowelt/bluespice.yaml b/config/samples/hallowelt/bluespice.yaml
@@ -6,4 +6,4 @@ metadata:
     app: ces
 spec:
   name: hallowelt/bluespice
-  version: 4.2.6-1
+  version: 4.4.3-5
diff --git a/config/samples/hallowelt/drawio.yaml b/config/samples/hallowelt/drawio.yaml
@@ -6,4 +6,4 @@ metadata:
     app: ces
 spec:
   name: hallowelt/drawio
-  version: 20.3.7-1
+  version: 20.3.7-4