feat: upgrade controller-runtime and golang (#95)

.circleci/config.yml

@@ -6,26 +6,47 @@ jobs:
   ##################################################
   release:
     working_directory: /home/circleci/gogo/src/github.com/isindir/sops-secrets-operator
-    machine:
+    # UPDATE_HERE
+    machine: &machine
       # https://circleci.com/docs/2.0/configuration-reference/#available-machine-images
-      image: ubuntu-2004:202107-02
-    environment:
+      #  ubuntu-2004:202111-01 - Ubuntu 20.04, Docker v20.10.11, Docker Compose v1.29.2,
+      #  ubuntu-2004:202107-02 - Ubuntu 20.04, Docker v20.10.7, Docker Compose v1.29.2,
+      # https://githubmemory.com/repo/rancher/k3d/issues/807
+      #  It doesn't happen anymore after upgrading from Docker 2.10.2 and containerd 1.4.3 to Docker 2.10.9 and containerd 1.4.11
+      image: ubuntu-2004:202111-01
+    environment: &versions
+      # https://github.com/kubernetes/kubernetes/releases
+      KUBECTL_VERSION: v1.23.1
+      # https://hub.docker.com/r/rancher/k3s/tags
+      K3S_VERSION: v1.22.5-k3s1
+      # https://github.com/rancher/k3d/releases
+      K3D_VERSION: v4.4.8
+      # https://github.com/helm/helm/releases
+      HELM_VERSION: v3.7.2
       # https://golang.org/dl/
-      GOLANG_VERSION: "1.17.2"
+      GOLANG_VERSION: "1.17.5"
       # https://github.com/kubernetes-sigs/kubebuilder/releases
       KUBEBUILDER_VERSION: 3.2.0
+      # https://github.com/mozilla/sops/releases
+      SOPS_VERSION: v3.7.1
       # https://github.com/kubernetes-sigs/kustomize/releases
-      KUSTOMIZE_VERSION: v4.4.0
+      KUSTOMIZE_VERSION: v4.4.1
+      # https://github.com/quintush/helm-unittest/releases
+      HELM_UNITTEST_VERSION: 0.2.8
+      # https://github.com/instrumenta/kubeval/releases
+      KUBEVAL_VERSION: 0.16.1
       # https://github.com/github/hub/releases
       HUB_VERSION: 2.14.2
       # https://github.com/git-chglog/git-chglog/releases
-      GIT_CHGLOG_VERSION: 0.15.0
+      GIT_CHGLOG_VERSION: 0.15.1
       # https://github.com/docker/buildx/releases
-      BUILDX_BINARY_VERSION: 0.6.3
+      BUILDX_BINARY_VERSION: 0.7.1
 
       DOCKER_BUILDKIT: 1
       BUILDX_PLATFORMS: linux/amd64,linux/arm64
 
+      KUBECONFIG: /home/circleci/.kube/config
+
       GOPATH: /home/circleci/gogo
       GOROOT: /usr/local/go
       GO111MODULE: "on"
@@ -96,47 +117,24 @@ jobs:
   ##################################################
   build:
     working_directory: /home/circleci/gogo/src/github.com/isindir/sops-secrets-operator
-    machine:
-      # https://circleci.com/docs/2.0/configuration-reference/#available-machine-images
-      image: ubuntu-2004:202107-02
-    environment:
-      # https://github.com/kubernetes/kubernetes/releases
-      KUBECTL_VERSION: v1.22.2
-      # https://github.com/rancher/k3d/releases
-      K3D_VERSION: v4.4.7
-      # https://github.com/helm/helm/releases
-      HELM_VERSION: v3.7.1
-      # https://golang.org/dl/
-      GOLANG_VERSION: "1.17.2"
-      # https://github.com/kubernetes-sigs/kubebuilder/releases
-      KUBEBUILDER_VERSION: 3.2.0
-      # https://github.com/mozilla/sops/releases
-      SOPS_VERSION: v3.7.1
-      # https://github.com/kubernetes-sigs/kustomize/releases
-      KUSTOMIZE_VERSION: v4.4.0
-      # https://github.com/quintush/helm-unittest/releases
-      HELM_UNITTEST_VERSION: 0.2.7
-      # https://github.com/instrumenta/kubeval/releases
-      KUBEVAL_VERSION: 0.16.1
-      # https://github.com/docker/buildx/releases
-      BUILDX_BINARY_VERSION: 0.6.3
-
-      DOCKER_BUILDKIT: 1
-      BUILDX_PLATFORMS: linux/amd64,linux/arm64
-
-      KUBECONFIG: /home/circleci/.kube/config
-
-      GOPATH: /home/circleci/gogo
-      GOROOT: /usr/local/go
-      GO111MODULE: "on"
-      GO15VENDOREXPERIMENT: 1
+    machine: *machine
+    environment: *versions
     steps:
       - checkout
       - restore-cache:
           keys:
             - v2-modules-{{ .Branch }}-{{ checksum "go.sum" }}
             - v2-modules-{{ .Branch }}-
             - v2-modules-
+      - run:
+          name: install gpg2
+          command: |
+            sudo apt update
+            sudo apt install -f
+            sudo apt-get install gnupg2 -y
+            sudo apt-get install qemu-user-static -y
+            #sudo apt-get --only-upgrade install containerd -y
+          background: true
       - run:
           name: install buildx
           command: |
@@ -161,13 +159,6 @@ jobs:
             go version
             go env
           background: true
-      - run:
-          name: install gpg2
-          command: |
-            sudo apt update
-            sudo apt install -f
-            sudo apt-get install gnupg2 -y
-          background: true
       - run:
           name: install sops
           command: |
@@ -229,7 +220,8 @@ jobs:
       - run:
           name: start k3d
           command: |
-            k3d cluster create operator --agents 1 --image rancher/k3s:${KUBECTL_VERSION}-k3s2
+            docker version
+            k3d cluster create operator --agents 1 --image rancher/k3s:${K3S_VERSION}
             JSONPATH='{range .items[*]}{@.metadata.name}:{range @.status.conditions[*]}{@.type}={@.status};{end}{end}';
             until kubectl get nodes -o jsonpath="$JSONPATH" 2>&1 | grep -q "Ready=True"; do
               sleep 1;
@@ -255,6 +247,7 @@ jobs:
           command: |
             make docker-login
             make docker-cross-build
+          no_output_timeout: 1h
       - save_cache:
           key: v2-modules-{{ .Branch }}-{{ checksum "go.sum" }}
           paths:

.gitignore

@@ -12,6 +12,7 @@ vendor
 build/_output
 build/_test
 index.html
+.vscode/
 
 ############################################################
 ############################################################

.tool-versions

@@ -1,18 +1,21 @@
+# UPDATE_HERE
 # https://github.com/kubernetes-sigs/kubebuilder/releases
 kubebuilder 3.2.0
 # https://golang.org/dl/
-golang 1.17.2
+golang 1.17.5
 # https://github.com/mozilla/sops/releases
 sops 3.7.1
 # https://github.com/kubernetes-sigs/kustomize/releases
-kustomize 4.4.0
+kustomize 4.4.1
 # https://github.com/rancher/k3d/releases
-k3d 4.4.7
+k3d 4.4.8
 # https://github.com/kubernetes/kubernetes/releases
-kubectl 1.22.2
+kubectl 1.23.1
 # https://github.com/helm/helm/releases
-helm 3.7.1
+helm 3.7.2
+# https://github.com/norwoodj/helm-docs/releases
+helm-docs 1.5.0
 # https://github.com/instrumenta/kubeval/releases
 kubeval v0.16.1
 # https://github.com/git-chglog/git-chglog/releases
-git-chglog 0.15.0
+git-chglog 0.15.1

Dockerfile

@@ -1,7 +1,8 @@
+# UPDATE_HERE
 # Build the manager binary
 # https://www.debian.org/releases/
 # https://hub.docker.com/_/golang?tab=tags&page=1&ordering=last_updated
-FROM golang:1.17.2-bullseye as builder
+FROM golang:1.17.5-bullseye as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests

Makefile

@@ -1,12 +1,13 @@
+# UPDATE_HERE
 GO := GOPROXY=https://proxy.golang.org go
-SOPS_SEC_OPERATOR_VERSION := 0.3.7
+SOPS_SEC_OPERATOR_VERSION := 0.4.0
 
 # https://github.com/kubernetes-sigs/controller-tools/releases
 CONTROLLER_GEN_VERSION := "v0.7.0"
 # https://github.com/kubernetes-sigs/controller-runtime/releases
-CONTROLLER_RUNTIME_VERSION := "v0.10.2"
+CONTROLLER_RUNTIME_VERSION := "v0.11.0"
 # https://github.com/kubernetes-sigs/kustomize/releases
-KUSTOMIZE_VERSION := "v4.4.0"
+KUSTOMIZE_VERSION := "v4.4.1"
 # use `setup-envtest list` to obtain the list of available versions
 # until fixed, can't use newer version, see:
 #   https://github.com/kubernetes-sigs/controller-runtime/issues/1571
@@ -98,12 +99,21 @@ test-helm: ## Tests helm chart.
 
 ##@ Development
 
+.PHONY: update-here
+update-here: ## Helper target to start editing all occurances with UPDATE_HERE.
+	@echo "Update following files for release:"
+	@grep --color -nHR UPDATE_HERE
+
+.PHONY: envtest-list
+envtest-list: envtest ## List of the available setup-envtest versions.
+	$(ENVTEST) list
+
 .PHONY: manifests
 manifests: tidy controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
 	$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
 
 .PHONY: generate
-generate: controller-gen tidy ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
+generate: manifests ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
 	@echo
 	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
 
@@ -116,7 +126,7 @@ vet: ## Run go vet against code.
 	$(GO) vet ./...
 
 .PHONY: test
-test: manifests generate fmt vet envtest ## Run tests.
+test: generate fmt vet envtest ## Run tests.
 	SOPS_AGE_RECIPIENTS="age1pnmp2nq5qx9z4lpmachyn2ld07xjumn98hpeq77e4glddu96zvms9nn7c8" SOPS_AGE_KEY_FILE="${PWD}/config/age-test-key/key-file.txt" KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path --force)" $(GO) test ./... -coverpkg=./controllers/... -coverprofile=$(TMP_COVER_FILE)
 
 cover: test ## Run tests with coverage.
@@ -130,17 +140,17 @@ build: generate fmt vet ## Build manager binary.
 	$(GO) build -o bin/manager main.go
 
 .PHONY: run
-run: manifests generate fmt vet ## Run a controller from your host.
+run: generate fmt vet ## Run a controller from your host.
 	$(GO) run ./main.go
 
 docker-login: ## Performs logging to dockerhub using DOCKERHUB_USERNAME and DOCKERHUB_PASS environment variables.
 	echo "${DOCKERHUB_PASS}" | base64 -d | docker login -u "${DOCKERHUB_USERNAME}" --password-stdin
 	docker buildx create --name mybuilder --use
 
 docker-cross-build: ## Build multi-arch docker image.
-	docker buildx build --quiet --cache-from=${IMG_CACHE} --cache-to=${IMG_CACHE} --platform ${BUILDX_PLATFORMS} -t ${IMG} .
+	docker buildx build --cache-from=${IMG_CACHE} --cache-to=${IMG_CACHE} --platform ${BUILDX_PLATFORMS} -t ${IMG} .
 
-docker-build-dont-test: generate fmt vet manifests ## Build the docker image without running tests.
+docker-build-dont-test: generate fmt vet ## Build the docker image without running tests.
 	docker build -t ${IMG} .
 	docker tag ${IMG} ${IMG_LATEST}
 
@@ -163,7 +173,7 @@ endif
 # TODO: re-tag with crane image to latest
 #       https://michaelsauter.github.io/crane/docs.html
 .PHONY: release
-release: controller-gen generate fmt vet manifests ## Creates github release and pushes docker image to dockerhub.
+release: generate fmt vet ## Creates github release and pushes docker image to dockerhub.
 	@{ \
 		set +e ; \
 		git tag "${SOPS_SEC_OPERATOR_VERSION}" ; \
@@ -201,6 +211,8 @@ deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in
 undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
 	$(KUSTOMIZE) build config/default | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
 
+##@ Misc
+
 CONTROLLER_GEN = $(shell pwd)/bin/controller-gen
 .PHONY: controller-gen
 controller-gen: ## Download controller-gen locally if necessary.

PROJECT

@@ -3,6 +3,7 @@ layout:
 - go.kubebuilder.io/v3
 projectName: sops-secrets-operator
 repo: github.com/isindir/sops-secrets-operator
+# UPDATE_HERE
 resources:
 - api:
     crdVersion: v1

README.md

@@ -21,6 +21,7 @@ encrypted files stored in `git` repository.
 
 | Kubernetes | Sops | Chart | Operator |
 |---|---|---|---|
+| v1.23.x | v3.7.1 | 0.10.0 | 0.4.0 |
 | v1.22.x | v3.7.1 | 0.9.7 | 0.3.7 |
 | v1.21.x | v3.7.1 | 0.9.6 | 0.3.6 |
 

chart/helm3/sops-secrets-operator/Chart.yaml

@@ -1,6 +1,7 @@
 apiVersion: v2
-version: 0.9.7
-appVersion: 0.3.7
+# UPDATE_HERE
+version: 0.10.0
+appVersion: 0.4.0
 type: application
 description: Helm chart deploys sops-secrets-operator
 name: sops-secrets-operator

chart/helm3/sops-secrets-operator/Makefile

@@ -3,11 +3,7 @@
 CHART_NAME?=$(shell cat Chart.yaml | awk 'BEGIN { FS=": " } $$0~/^name:/ { gsub(/['\'',]/, ""); print $$2; }')
 VERSION_TAG?=$(shell cat Chart.yaml | awk 'BEGIN { FS=": " } $$0~/^version/ { gsub(/['\'',]/, ""); print $$2; }')
 
-# use `setup-envtest list` to obtain the list of available versions
-# until fixed, can't use newer version, see:
-#   https://github.com/kubernetes-sigs/controller-runtime/issues/1571
-# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
-ENVTEST_K8S_VERSION := "1.22.1"
+K8S_VERSION := "1.23.1"
 
 SHELL=/bin/bash
 
@@ -55,5 +51,5 @@ validate: ## validates rendered chart templates using 'kubeval'
 		| kubeval --force-color \
 				--strict \
 				--schema-location https://raw.githubusercontent.com/Onemind-Services-LLC/kubernetes-json-schema/master/schema \
-				--kubernetes-version $(ENVTEST_K8S_VERSION) -
+				--kubernetes-version $(K8S_VERSION) -
 	@echo '--------------------'

chart/helm3/sops-secrets-operator/README.md

@@ -131,7 +131,7 @@ The following table lists the configurable parameters of the Sops-secrets-operat
 | healthProbes.readiness | object | `{"initialDelaySeconds":5,"periodSeconds":10}` | Readiness probe configuration |
 | image.pullPolicy | string | `"Always"` | Operator image pull policy |
 | image.repository | string | `"isindir/sops-secrets-operator"` | Operator image name |
-| image.tag | string | `"0.3.7"` | Operator image tag |
+| image.tag | string | `"0.4.0"` | Operator image tag |
 | imagePullSecrets | list | `[]` | Secrets to pull image from private docker repository |
 | initImage.pullPolicy | string | `"Always"` | Init container image pull policy |
 | initImage.repository | string | `"ubuntu"` | Init container image name |

chart/helm3/sops-secrets-operator/tests/operator_test.yaml

@@ -26,12 +26,13 @@ tests:
           value: sops-sops-secrets-operator
       - equal:
           path: metadata.labels
+          # UPDATE_HERE
           value:
             app.kubernetes.io/instance: sops
             app.kubernetes.io/managed-by: Helm
             app.kubernetes.io/name: sops-secrets-operator
-            app.kubernetes.io/version: 0.3.7
-            helm.sh/chart: sops-secrets-operator-0.9.7
+            app.kubernetes.io/version: 0.4.0
+            helm.sh/chart: sops-secrets-operator-0.10.0
 
   # custom name
   - it: should correctly render custome name
@@ -167,9 +168,10 @@ tests:
   # container image and pull policy
   - it: should set default image
     asserts:
+      # UPDATE_HERE
       - equal:
           path: spec.template.spec.containers[0].image
-          value: isindir/sops-secrets-operator:0.3.7
+          value: isindir/sops-secrets-operator:0.4.0
       - equal:
           path: spec.template.spec.containers[0].imagePullPolicy
           value: Always

chart/helm3/sops-secrets-operator/values.yaml

@@ -8,14 +8,16 @@
 # -- Deployment replica count - should not be modified
 replicaCount: 1
 
+# UPDATE_HERE
 image:
   # -- Operator image name
   repository: isindir/sops-secrets-operator
   # -- Operator image tag
-  tag: 0.3.7
+  tag: 0.4.0
   # -- Operator image pull policy
   pullPolicy: Always
 
+# UPDATE_HERE
 initImage:
   # -- Init container image name
   repository: ubuntu

config/crd/bases/isindir.github.com_sopssecrets.yaml

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
+    controller-gen.kubebuilder.io/version: v0.6.2
   creationTimestamp: null
   name: sopssecrets.isindir.github.com
 spec: