From fd451dd00280131214490b225855228a0979e20c Mon Sep 17 00:00:00 2001
From: "andrew.greene" <andrew@defenseunicorns.com>
Date: Thu, 17 Nov 2022 15:08:48 -0700
Subject: [PATCH] feat: updgrade CDI to v1.55.0
---
CHANGELOG.md | 4 ++++
README.md | 16 ++++++++--------
chart/Chart.yaml | 4 ++--
...resourcedefinition_cdis.cdi.kubevirt.io.yaml | 5 +++--
.../cdi_apps_v1_deployment_cdi-operator.yaml | 17 ++++++++++-------
...thorization.k8s.io_v1_role_cdi-operator.yaml | 6 +-----
...tion.k8s.io_v1_rolebinding_cdi-operator.yaml | 6 +-----
...map_cdi-operator-leader-election-helper.yaml | 5 -----
.../cdi_v1_serviceaccount_cdi-operator.yaml | 5 -----
...default_cdi.kubevirt.io_v1beta1_cdi_cdi.yaml | 7 -------
....io_v1_clusterrole_cdi-operator-cluster.yaml | 11 ++++++-----
...s.io_v1_clusterrolebinding_cdi-operator.yaml | 5 -----
chart/values.yaml | 14 +++++++-------
scripts/update-chart.sh | 2 +-
utils/skopeo-cdi-sync.yaml | 7 +++++++
zarf.yaml | 16 ++++++++--------
16 files changed, 58 insertions(+), 72 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9da16b0..aa20855 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,10 @@
Format: [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+## [1.55.0-bb.0] - 2022-11-17
+### Changed
+- Updated from upstream CDI v1.55.0
+
## [1.53.0-bb.0] - 2022-08-12
### Changed
- Updated from upstream CDI v1.53.0
diff --git a/README.md b/README.md
index 286e4a5..6326424 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
# cdi-operator
-  
+  
Containerized Data Importer helm chart package
@@ -33,25 +33,25 @@ helm install cdi-operator chart/
| deployment.spec.replicas | int | `1` | |
| deployment.spec.template.spec.containers.operator.image.name | string | `"cdi-operator"` | |
| deployment.spec.template.spec.containers.operator.image.registry | string | `"registry.dso.mil/platform-one/big-bang/apps/sandbox/cdi"` | |
-| deployment.spec.template.spec.containers.operator.image.version | string | `"v1.53.0"` | |
+| deployment.spec.template.spec.containers.operator.image.version | string | `"v1.55.0"` | |
| deployment.spec.template.spec.containers.controller.image.name | string | `"cdi-controller"` | |
| deployment.spec.template.spec.containers.controller.image.registry | string | `"registry.dso.mil/platform-one/big-bang/apps/sandbox/cdi"` | |
-| deployment.spec.template.spec.containers.controller.image.version | string | `"v1.53.0"` | |
+| deployment.spec.template.spec.containers.controller.image.version | string | `"v1.55.0"` | |
| deployment.spec.template.spec.containers.importer.image.name | string | `"cdi-importer"` | |
| deployment.spec.template.spec.containers.importer.image.registry | string | `"registry.dso.mil/platform-one/big-bang/apps/sandbox/cdi"` | |
-| deployment.spec.template.spec.containers.importer.image.version | string | `"v1.53.0"` | |
+| deployment.spec.template.spec.containers.importer.image.version | string | `"v1.55.0"` | |
| deployment.spec.template.spec.containers.cloner.image.name | string | `"cdi-cloner"` | |
| deployment.spec.template.spec.containers.cloner.image.registry | string | `"registry.dso.mil/platform-one/big-bang/apps/sandbox/cdi"` | |
-| deployment.spec.template.spec.containers.cloner.image.version | string | `"v1.53.0"` | |
+| deployment.spec.template.spec.containers.cloner.image.version | string | `"v1.55.0"` | |
| deployment.spec.template.spec.containers.apiserver.image.name | string | `"cdi-apiserver"` | |
| deployment.spec.template.spec.containers.apiserver.image.registry | string | `"registry.dso.mil/platform-one/big-bang/apps/sandbox/cdi"` | |
-| deployment.spec.template.spec.containers.apiserver.image.version | string | `"v1.53.0"` | |
+| deployment.spec.template.spec.containers.apiserver.image.version | string | `"v1.55.0"` | |
| deployment.spec.template.spec.containers.uploadServer.image.name | string | `"cdi-uploadserver"` | |
| deployment.spec.template.spec.containers.uploadServer.image.registry | string | `"registry.dso.mil/platform-one/big-bang/apps/sandbox/cdi"` | |
-| deployment.spec.template.spec.containers.uploadServer.image.version | string | `"v1.53.0"` | |
+| deployment.spec.template.spec.containers.uploadServer.image.version | string | `"v1.55.0"` | |
| deployment.spec.template.spec.containers.uploadProxy.image.name | string | `"cdi-uploadproxy"` | |
| deployment.spec.template.spec.containers.uploadProxy.image.registry | string | `"registry.dso.mil/platform-one/big-bang/apps/sandbox/cdi"` | |
-| deployment.spec.template.spec.containers.uploadProxy.image.version | string | `"v1.53.0"` | |
+| deployment.spec.template.spec.containers.uploadProxy.image.version | string | `"v1.55.0"` | |
| deployment.spec.template.spec.containers.ports.metricsPort | int | `8443` | |
| deployment.spec.template.spec.containers.resources.requests.cpu | string | `"10m"` | |
| deployment.spec.template.spec.containers.resources.requests.memory | string | `"150Mi"` | |
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index bf1ca27..5ce046d 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -2,5 +2,5 @@ apiVersion: v2
name: cdi-operator
description: Containerized Data Importer helm chart package
type: application
-version: 1.53.0-bb.0
-appVersion: "1.53.0"
+version: 1.55.0-bb.0
+appVersion: "1.55.0"
diff --git a/chart/crds/apiextensions.k8s.io_v1_customresourcedefinition_cdis.cdi.kubevirt.io.yaml b/chart/crds/apiextensions.k8s.io_v1_customresourcedefinition_cdis.cdi.kubevirt.io.yaml
index 6434140..d65cf33 100644
--- a/chart/crds/apiextensions.k8s.io_v1_customresourcedefinition_cdis.cdi.kubevirt.io.yaml
+++ b/chart/crds/apiextensions.k8s.io_v1_customresourcedefinition_cdis.cdi.kubevirt.io.yaml
@@ -2201,8 +2201,9 @@ spec:
description: CDIConfig at CDI level
properties:
dataVolumeTTLSeconds:
- description: dataVolumeTTLSeconds is the time in seconds after
- DataVolume completion it can be garbage collected.
+ description: DataVolumeTTLSeconds is the time in seconds after
+ DataVolume completion it can be garbage collected. The default
+ is 0 sec. To disable GC use -1.
format: int32
type: integer
featureGates:
diff --git a/chart/templates/cdi_apps_v1_deployment_cdi-operator.yaml b/chart/templates/cdi_apps_v1_deployment_cdi-operator.yaml
index 2e7d5ca..7138383 100644
--- a/chart/templates/cdi_apps_v1_deployment_cdi-operator.yaml
+++ b/chart/templates/cdi_apps_v1_deployment_cdi-operator.yaml
@@ -5,11 +5,6 @@ metadata:
name: cdi-operator
operator.cdi.kubevirt.io: ""
prometheus.cdi.kubevirt.io: "true"
- helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- app.kubernetes.io/name: "cdi"
- app.kubernetes.io/instance: {{ .Release.Name }}
- app.kubernetes.io/version: {{ .Chart.AppVersion }}
- app.kubernetes.io/managed-by: {{ .Release.Service }}
name: cdi-operator
namespace: {{ .Release.Namespace }}
spec:
@@ -32,7 +27,7 @@ spec:
- name: DEPLOY_CLUSTER_RESOURCES
value: "true"
- name: OPERATOR_VERSION
- value: v1.53.0
+ value: {{ .controller.image.version }}
- name: CONTROLLER_IMAGE
value: {{ .controller.image.registry }}/{{ .controller.image.name }}:{{ .controller.image.version }}
- name: IMPORTER_IMAGE
@@ -52,7 +47,7 @@ spec:
- name: MONITORING_NAMESPACE
image: {{ .operator.image.registry }}/{{ .operator.image.name }}:{{ .operator.image.version }}
imagePullPolicy: IfNotPresent
- name: cdi-operator
+ name: {{ .operator.image.name }}
ports:
- containerPort: {{ .ports.metricsPort }}
name: metrics
@@ -62,6 +57,14 @@ spec:
cpu: {{ .resources.requests.cpu }}
memory: {{ .resources.requests.memory }}
{{- end }}
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
nodeSelector:
kubernetes.io/os: linux
securityContext:
diff --git a/chart/templates/cdi_rbac.authorization.k8s.io_v1_role_cdi-operator.yaml b/chart/templates/cdi_rbac.authorization.k8s.io_v1_role_cdi-operator.yaml
index 52ca857..07c3019 100644
--- a/chart/templates/cdi_rbac.authorization.k8s.io_v1_role_cdi-operator.yaml
+++ b/chart/templates/cdi_rbac.authorization.k8s.io_v1_role_cdi-operator.yaml
@@ -3,12 +3,8 @@ kind: Role
metadata:
labels:
app.kubernetes.io/component: storage
- cdi.kubevirt.io: ""
- helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- app.kubernetes.io/name: "cdi"
- app.kubernetes.io/instance: {{ .Release.Name }}
- app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/managed-by: {{ .Release.Service | default "cdi-operator"}}
+ cdi.kubevirt.io: ""
name: cdi-operator
namespace: {{ .Release.Namespace }}
rules:
diff --git a/chart/templates/cdi_rbac.authorization.k8s.io_v1_rolebinding_cdi-operator.yaml b/chart/templates/cdi_rbac.authorization.k8s.io_v1_rolebinding_cdi-operator.yaml
index 2c13f81..4d07bd4 100644
--- a/chart/templates/cdi_rbac.authorization.k8s.io_v1_rolebinding_cdi-operator.yaml
+++ b/chart/templates/cdi_rbac.authorization.k8s.io_v1_rolebinding_cdi-operator.yaml
@@ -3,12 +3,8 @@ kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: storage
- cdi.kubevirt.io: ""
- helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- app.kubernetes.io/name: {{ .Chart.Name }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/managed-by: {{ .Release.Service | default "cdi-operator"}}
+ cdi.kubevirt.io: ""
name: {{ .Chart.Name }}
namespace: {{ .Release.Namespace }}
roleRef:
diff --git a/chart/templates/cdi_v1_configmap_cdi-operator-leader-election-helper.yaml b/chart/templates/cdi_v1_configmap_cdi-operator-leader-election-helper.yaml
index bab662b..7daae77 100644
--- a/chart/templates/cdi_v1_configmap_cdi-operator-leader-election-helper.yaml
+++ b/chart/templates/cdi_v1_configmap_cdi-operator-leader-election-helper.yaml
@@ -3,10 +3,5 @@ kind: ConfigMap
metadata:
labels:
operator.cdi.kubevirt.io: ""
- helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- app.kubernetes.io/name: "cdi"
- app.kubernetes.io/instance: {{ .Release.Name }}
- app.kubernetes.io/version: {{ .Chart.AppVersion }}
- app.kubernetes.io/managed-by: {{ .Release.Service | default "cdi-operator"}}
name: cdi-operator-leader-election-helper
namespace: {{ .Release.Namespace }}
diff --git a/chart/templates/cdi_v1_serviceaccount_cdi-operator.yaml b/chart/templates/cdi_v1_serviceaccount_cdi-operator.yaml
index 1c68a4e..5803b1e 100644
--- a/chart/templates/cdi_v1_serviceaccount_cdi-operator.yaml
+++ b/chart/templates/cdi_v1_serviceaccount_cdi-operator.yaml
@@ -3,10 +3,5 @@ kind: ServiceAccount
metadata:
labels:
operator.cdi.kubevirt.io: ""
- helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- app.kubernetes.io/name: "cdi"
- app.kubernetes.io/instance: {{ .Release.Name }}
- app.kubernetes.io/version: {{ .Chart.AppVersion }}
- app.kubernetes.io/managed-by: {{ .Release.Service | default "cdi-operator" }}
name: cdi-operator
namespace: {{ .Release.Namespace }}
diff --git a/chart/templates/default_cdi.kubevirt.io_v1beta1_cdi_cdi.yaml b/chart/templates/default_cdi.kubevirt.io_v1beta1_cdi_cdi.yaml
index 40212c0..9e78f1a 100644
--- a/chart/templates/default_cdi.kubevirt.io_v1beta1_cdi_cdi.yaml
+++ b/chart/templates/default_cdi.kubevirt.io_v1beta1_cdi_cdi.yaml
@@ -2,13 +2,6 @@ apiVersion: cdi.kubevirt.io/v1beta1
kind: CDI
metadata:
name: cdi
- namespace: {{ .Release.Namespace }}
- labels:
- helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- app.kubernetes.io/name: "cdi"
- app.kubernetes.io/instance: {{ .Release.Name }}
- app.kubernetes.io/version: {{ .Chart.AppVersion }}
- app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
imagePullPolicy: IfNotPresent
infra:
diff --git a/chart/templates/rbac.authorization.k8s.io_v1_clusterrole_cdi-operator-cluster.yaml b/chart/templates/rbac.authorization.k8s.io_v1_clusterrole_cdi-operator-cluster.yaml
index b1d3ff8..5990c77 100644
--- a/chart/templates/rbac.authorization.k8s.io_v1_clusterrole_cdi-operator-cluster.yaml
+++ b/chart/templates/rbac.authorization.k8s.io_v1_clusterrole_cdi-operator-cluster.yaml
@@ -3,11 +3,6 @@ kind: ClusterRole
metadata:
labels:
operator.cdi.kubevirt.io: ""
- helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- app.kubernetes.io/name: "cdi"
- app.kubernetes.io/instance: {{ .Release.Name }}
- app.kubernetes.io/version: {{ .Chart.AppVersion }}
- app.kubernetes.io/managed-by: {{ .Release.Service | default "cdi-operator"}}
name: cdi-operator-cluster
rules:
- apiGroups:
@@ -233,6 +228,12 @@ rules:
verbs:
- list
- watch
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - virtualmachines/finalizers
+ verbs:
+ - update
- apiGroups:
- ""
resources:
diff --git a/chart/templates/rbac.authorization.k8s.io_v1_clusterrolebinding_cdi-operator.yaml b/chart/templates/rbac.authorization.k8s.io_v1_clusterrolebinding_cdi-operator.yaml
index 3c89e6e..2596ea9 100644
--- a/chart/templates/rbac.authorization.k8s.io_v1_clusterrolebinding_cdi-operator.yaml
+++ b/chart/templates/rbac.authorization.k8s.io_v1_clusterrolebinding_cdi-operator.yaml
@@ -3,11 +3,6 @@ kind: ClusterRoleBinding
metadata:
labels:
operator.cdi.kubevirt.io: ""
- helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- app.kubernetes.io/name: "cdi"
- app.kubernetes.io/instance: {{ .Release.Name }}
- app.kubernetes.io/version: {{ .Chart.AppVersion }}
- app.kubernetes.io/managed-by: {{ .Release.Service | default "cdi-operator"}}
name: cdi-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
diff --git a/chart/values.yaml b/chart/values.yaml
index 004ee4e..ee98537 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -8,37 +8,37 @@ deployment:
image:
name: cdi-operator
registry: registry.dso.mil/platform-one/big-bang/apps/sandbox/cdi
- version: v1.53.0
+ version: v1.55.0
controller:
image:
name: cdi-controller
registry: registry.dso.mil/platform-one/big-bang/apps/sandbox/cdi
- version: v1.53.0
+ version: v1.55.0
importer:
image:
name: cdi-importer
registry: registry.dso.mil/platform-one/big-bang/apps/sandbox/cdi
- version: v1.53.0
+ version: v1.55.0
cloner:
image:
name: cdi-cloner
registry: registry.dso.mil/platform-one/big-bang/apps/sandbox/cdi
- version: v1.53.0
+ version: v1.55.0
apiserver:
image:
name: cdi-apiserver
registry: registry.dso.mil/platform-one/big-bang/apps/sandbox/cdi
- version: v1.53.0
+ version: v1.55.0
uploadServer:
image:
name: cdi-uploadserver
registry: registry.dso.mil/platform-one/big-bang/apps/sandbox/cdi
- version: v1.53.0
+ version: v1.55.0
uploadProxy:
image:
name: cdi-uploadproxy
registry: registry.dso.mil/platform-one/big-bang/apps/sandbox/cdi
- version: v1.53.0
+ version: v1.55.0
ports:
metricsPort: 8443
resources:
diff --git a/scripts/update-chart.sh b/scripts/update-chart.sh
index 1b2c9f1..31053e2 100755
--- a/scripts/update-chart.sh
+++ b/scripts/update-chart.sh
@@ -1,6 +1,6 @@
#!/bin/sh
-export VERSION=v1.53.0
+export VERSION=v1.55.0
echo "Downloading manifests for $VERSION"
curl -sSLO https://github.com/kubevirt/containerized-data-importer/releases/download/${VERSION}/cdi-operator.yaml
curl -sSLO https://github.com/kubevirt/containerized-data-importer/releases/download/${VERSION}/cdi-cr.yaml
diff --git a/utils/skopeo-cdi-sync.yaml b/utils/skopeo-cdi-sync.yaml
index 25a762a..483cd01 100644
--- a/utils/skopeo-cdi-sync.yaml
+++ b/utils/skopeo-cdi-sync.yaml
@@ -1,23 +1,30 @@
quay.io/kubevirt:
images:
cdi-operator:
+ - v1.55.0
- v1.53.0
- v1.52.0
cdi-controller:
+ - v1.55.0
- v1.53.0
- v1.52.0
cdi-importer:
+ - v1.55.0
- v1.53.0
- v1.52.0
cdi-cloner:
+ - v1.55.0
- v1.53.0
- v1.52.0
cdi-apiserver:
+ - v1.55.0
- v1.53.0
- v1.52.0
cdi-uploadserver:
+ - v1.55.0
- v1.53.0
- v1.52.0
cdi-uploadproxy:
+ - v1.55.0
- v1.53.0
- v1.52.0
\ No newline at end of file
diff --git a/zarf.yaml b/zarf.yaml
index 6777496..8370c53 100644
--- a/zarf.yaml
+++ b/zarf.yaml
@@ -10,17 +10,17 @@ components:
charts:
- name: cdi
url: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/cdi.git
- version: 0.0.1-bb.1
+ version: 1.55.0-bb.0
gitPath: chart
namespace: cdi
valuesFiles:
- chart/values.yaml
images:
- - registry.dso.mil/platform-one/big-bang/apps/sandbox/cdi/cdi-operator:v1.52.0
- - registry.dso.mil/platform-one/big-bang/apps/sandbox/cdi/cdi-controller:v1.52.0
- - registry.dso.mil/platform-one/big-bang/apps/sandbox/cdi/cdi-importer:v1.52.0
- - registry.dso.mil/platform-one/big-bang/apps/sandbox/cdi/cdi-cloner:v1.52.0
- - registry.dso.mil/platform-one/big-bang/apps/sandbox/cdi/cdi-apiserver:v1.52.0
- - registry.dso.mil/platform-one/big-bang/apps/sandbox/cdi/cdi-uploadserver:v1.52.0
- - registry.dso.mil/platform-one/big-bang/apps/sandbox/cdi/cdi-uploadproxy:v1.52.0
+ - registry.dso.mil/platform-one/big-bang/apps/sandbox/cdi/cdi-operator:v1.55.0
+ - registry.dso.mil/platform-one/big-bang/apps/sandbox/cdi/cdi-controller:v1.55.0
+ - registry.dso.mil/platform-one/big-bang/apps/sandbox/cdi/cdi-importer:v1.55.0
+ - registry.dso.mil/platform-one/big-bang/apps/sandbox/cdi/cdi-cloner:v1.55.0
+ - registry.dso.mil/platform-one/big-bang/apps/sandbox/cdi/cdi-apiserver:v1.55.0
+ - registry.dso.mil/platform-one/big-bang/apps/sandbox/cdi/cdi-uploadserver:v1.55.0
+ - registry.dso.mil/platform-one/big-bang/apps/sandbox/cdi/cdi-uploadproxy:v1.55.0
--
GitLab