Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🌱 Rebase with master branch to do a patch release 4.3.1 #4310

Merged
merged 65 commits into from
Nov 9, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
65 commits
Select commit Hold shift + click to select a range
eae8b21
🌱 fix GoReleaser by adding permission to write content (#4226)
camilamacedo86 Oct 22, 2024
a3c69d6
fix(docs): update Quick Start guide with information on using the mas…
camilamacedo86 Oct 22, 2024
9b6a837
Fix incorrect image reference for DeployImage plugin in test data
camilamacedo86 Oct 25, 2024
d140b7a
e2e tests: increase coverage by validating webhooks with installer-ba…
camilamacedo86 Oct 25, 2024
08adfea
Merge pull request #4230 from camilamacedo86/fix-image-testdata
k8s-ci-robot Oct 25, 2024
ce1a2c8
Merge pull request #4231 from camilamacedo86/e2e-test-increase-coverage
k8s-ci-robot Oct 25, 2024
cfd0dfc
fix and simplify external plugin e2e tests after bump kubebuilder to …
dependabot[bot] Oct 28, 2024
81cf04f
Merge pull request #4233 from camilamacedo86/fix-simplify-external-pl…
k8s-ci-robot Oct 29, 2024
5255f40
✨ Upgrade controller-runtime from v0.19.0 to v0.19.1 (#4234)
camilamacedo86 Oct 29, 2024
f3de87c
✨ Upgrade kustomize version from v5.4.3 to v5.5.0 (#4235)
camilamacedo86 Oct 29, 2024
ca02865
Upgrade golangci-lint from v1.59 to v1.61 and resolve new lint issues
camilamacedo86 Oct 29, 2024
a86d73a
Merge pull request #4236 from camilamacedo86/upgrade-lint-v1-61
k8s-ci-robot Oct 29, 2024
a906126
🌱 Upgrade GoReleaser version from v2.1.0 to v2.3.2 used in the GitHub…
camilamacedo86 Oct 29, 2024
f7a02ad
:book: Upgrade controller-gen version used to generate documentation …
camilamacedo86 Oct 29, 2024
43cf1dd
Correct misleading information in production note for metrics configu…
camilamacedo86 Oct 29, 2024
9916697
clarify usage of alpha generate command as internal-only
camilamacedo86 Oct 30, 2024
f54fc89
Add SBOM generation for Cyber Resilience Act compliance
camilamacedo86 Oct 30, 2024
cd51aaa
Update Dependabot configuration
camilamacedo86 Oct 30, 2024
655c129
doc: move Versions Compatibility and Supportability info to a dedicat…
camilamacedo86 Oct 30, 2024
33083b2
:book: Resolve navigation bar CSS issue and sidebar toggle functional…
thiha-min-thant Oct 29, 2024
81ce166
🐛 fix internal layout: move main.go boilerplate to cmd/ directory (#4…
camilamacedo86 Oct 30, 2024
e02bbd4
Merge pull request #4242 from thiha-min-thant/navbar-sidebar-issues
k8s-ci-robot Oct 30, 2024
31cdaa9
Merge pull request #4249 from camilamacedo86/update-dependabot
k8s-ci-robot Oct 30, 2024
d4c2792
:seedling: Bump github.com/onsi/gomega from 1.34.2 to 1.35.0
dependabot[bot] Oct 30, 2024
50821c0
:seeding: Update dependabot.yml to just raise PRs against project-v4 …
camilamacedo86 Oct 30, 2024
9c4c261
Merge pull request #4256 from kubernetes-sigs/dependabot/go_modules/g…
k8s-ci-robot Oct 30, 2024
470a843
:seedling: Bump github.com/onsi/ginkgo/v2 from 2.20.2 to 2.21.0
dependabot[bot] Oct 30, 2024
063bc3f
Merge pull request #4257 from kubernetes-sigs/dependabot/go_modules/g…
k8s-ci-robot Oct 30, 2024
c813602
Merge pull request #4250 from camilamacedo86/move-support-note-its-doc
k8s-ci-robot Oct 30, 2024
7dc2f08
Merge pull request #4244 from camilamacedo86/doc-metrics-fix-not-prod
k8s-ci-robot Oct 30, 2024
cd15f73
Fix misleading metrics configuration comments in cmd/main.go and impr…
camilamacedo86 Oct 29, 2024
d4ddf42
Add GitHub workflow for CodeQL security scanning
camilamacedo86 Oct 30, 2024
83a7738
Merge pull request #4245 from camilamacedo86/fix-info-comment-main.go
k8s-ci-robot Oct 31, 2024
64161fe
Merge pull request #4247 from camilamacedo86/add-comment-to-clatify-a…
k8s-ci-robot Oct 31, 2024
fd86838
Merge pull request #4248 from camilamacedo86/sboms
k8s-ci-robot Oct 31, 2024
dd6b632
Merge pull request #4252 from camilamacedo86/add-codeql-sec
k8s-ci-robot Oct 31, 2024
d500f48
🐛 fix: ensure --make=false option is available for webhook creation f…
camilamacedo86 Oct 31, 2024
2232cd2
🌱 Update codeql.yml to run the workflow once per week only (#4277)
camilamacedo86 Oct 31, 2024
8b7e17d
🌱 fix: optimize and improve testdata scaffolding for webhook conversi…
camilamacedo86 Oct 31, 2024
c331b70
Merge pull request #4228 from camilamacedo86/quick-start
k8s-ci-robot Oct 31, 2024
ecf865d
:seedling: Bump actions/setup-go from 4 to 5
dependabot[bot] Oct 31, 2024
1ee18cb
:seedling: Bump github.com/onsi/gomega from 1.35.0 to 1.35.1
dependabot[bot] Oct 31, 2024
d299ab5
Merge pull request #4279 from kubernetes-sigs/dependabot/go_modules/g…
k8s-ci-robot Nov 1, 2024
324e0e4
Merge pull request #4278 from kubernetes-sigs/dependabot/github_actio…
k8s-ci-robot Nov 1, 2024
35a0f4f
🌱 Add bundle installer for sample projects in docs (#4281)
camilamacedo86 Nov 1, 2024
5456002
(kustomize/v2,go/v4): Move cert-manager uncomment block to top of kus…
camilamacedo86 Nov 2, 2024
4852a8d
Merge pull request #4283 from camilamacedo86/make-easy-certmanager-un…
k8s-ci-robot Nov 2, 2024
01ff68b
Generate config/crd/patches only for CRDs created with kubebuilder cr…
camilamacedo86 Nov 1, 2024
5f8342e
Merge pull request #4280 from camilamacedo86/fix-conversion-webhooks
k8s-ci-robot Nov 2, 2024
ae3bcf6
Fix issue with scaffolding multiple webhooks for the same resource
camilamacedo86 Nov 4, 2024
5ce0387
Merge pull request #4286 from camilamacedo86/e2e-test-go-v4-conversion
k8s-ci-robot Nov 5, 2024
4355adc
📖 (doc) - Fix broken URLs
monteiro-renato Nov 6, 2024
5c8befa
Merge pull request #4298 from monteiro-renato/patch-1
k8s-ci-robot Nov 6, 2024
17bb261
:seedling: Bump golang.org/x/text from 0.19.0 to 0.20.0
dependabot[bot] Nov 7, 2024
c8733dd
📖 (doc) - Fix Add missing Reference-style Link
monteiro-renato Nov 8, 2024
6a46e63
Fix webhook core path scaffold bug
damsien Nov 7, 2024
e07a500
Merge pull request #4303 from kubernetes-sigs/dependabot/go_modules/g…
k8s-ci-robot Nov 8, 2024
3ccda32
Merge pull request #4304 from monteiro-renato/patch-1
k8s-ci-robot Nov 8, 2024
02653c3
Merge pull request #4301 from damsien/fix-webhook-core-path
k8s-ci-robot Nov 8, 2024
7bd3623
:seedling: Bump golang.org/x/tools from 0.26.0 to 0.27.0
dependabot[bot] Nov 8, 2024
f3a65b6
Merge pull request #4307 from kubernetes-sigs/dependabot/go_modules/g…
k8s-ci-robot Nov 9, 2024
c372328
clearified instructions on make command for manifests
vtrenton Nov 8, 2024
b1db95f
revert the changes done in the PR #4286
camilamacedo86 Nov 9, 2024
d79cfa6
Merge pull request #4306 from vtrenton/make-generate-fix
k8s-ci-robot Nov 9, 2024
a9ee390
Merge pull request #4308 from camilamacedo86/fix-follow-up
k8s-ci-robot Nov 9, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 11 additions & 23 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ updates:
# default location of `.github/workflows`
directory: "/"
schedule:
interval: "weekly"
interval: "daily"
commit-message:
prefix: ":seedling:"
labels:
Expand All @@ -21,48 +21,36 @@ updates:
- package-ecosystem: "gomod"
directory: "/"
schedule:
interval: "weekly"
interval: "daily"
commit-message:
prefix: ":seedling:"
labels:
- "ok-to-test"

# Maintain dependencies for dockerfile in the branches
- package-ecosystem: docker
directory: "/build/thirdparty/darwin"
target-branch: "tools-releases"
schedule:
interval: daily
commit-message:
prefix: ":seedling:"
- package-ecosystem: docker
directory: "/build/thirdparty/linux"
target-branch: "tools-releases"
# Maintain dependencies for go
- package-ecosystem: "gomod"
directory: "/testdata/project-v4"
schedule:
interval: "weekly"
interval: "daily"
commit-message:
prefix: ":seedling:"
labels:
- "ok-to-test"

# Maintain dependencies for dockerfile scaffold in the projects
- package-ecosystem: docker
directory: "testdata/project-v3"
schedule:
interval: daily
commit-message:
prefix: ":seedling:"
- package-ecosystem: docker
directory: "testdata/project-v4"
schedule:
interval: "weekly"
interval: daily
commit-message:
prefix: ":seedling:"

# Maintain dependencies for go in external plugin sample
- package-ecosystem: "gomod"
directory: "docs/book/src/simple-external-plugin-tutorial/testdata/sampleexternalplugin/v1"
schedule:
interval: "weekly"
interval: "daily"
commit-message:
prefix: ":seedling:"
prefix: ":book:"
labels:
- "ok-to-test"
54 changes: 54 additions & 0 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
name: "CodeQL Advanced"

on:
# We are checking both `master` and `book-v4` branches:
# - `master` represents the latest development work.
# - `book-v4` is the latest stable release branch, which contains the latest published code,
# ensuring that any issues in production are identified and addressed promptly.
schedule:
- cron: '30 20 * * 1' # Runs every Monday at 8:30 PM

jobs:
analyze:
name: Analyze Go
runs-on: ubuntu-latest
permissions:
security-events: write
packages: read
actions: read
contents: read

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: '1.22'

- name: Build and install Kubebuilder CLI
run: make install

# Preparing the project-v4 sample for CodeQL analysis:
# - `go mod tidy` ensures dependencies are fully resolved.
# - `make manifests` generates required manifests for a complete project structure.
# - `make build` builds the project code, ensuring all components are ready for CodeQL analysis.
- name: Build project-v4 sample project
run: |
cd testdata/project-v4
go mod tidy
echo 'Running build commands for Go in project-v4'
make manifests
make build

- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: go
build-mode: autobuild

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:go"
74 changes: 74 additions & 0 deletions .github/workflows/external-plugin.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
name: External Plugin

on:
push:
paths:
- 'pkg/'
- 'docs/book/src/simple-external-plugin-tutorial/testdata/sampleexternalplugin'
- '.github/workflows/external-plugin.yml'
pull_request:
paths:
- 'pkg/'
- 'docs/book/src/simple-external-plugin-tutorial/testdata/sampleexternalplugin'
- '.github/workflows/external-plugin.yml'

jobs:
external:
name: Verify external plugin
runs-on: ubuntu-latest
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
steps:
- name: Clone the code
uses: actions/checkout@v4
with:
fetch-depth: 1 # Minimal history to avoid .git permissions issues

- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: '1.22.3'

- name: Build Sample External Plugin
working-directory: docs/book/src/simple-external-plugin-tutorial/testdata/sampleexternalplugin/v1
run: |
mkdir -p ./bin
make build

- name: Move Plugin Binary to Plugin Path
run: |
# Define the plugin destination for Linux (XDG_CONFIG_HOME path)
XDG_CONFIG_HOME="${HOME}/.config"
PLUGIN_DEST="$XDG_CONFIG_HOME/kubebuilder/plugins/sampleexternalplugin/v1"

# Ensure destination exists and move the built binary
mkdir -p "$PLUGIN_DEST"
mv docs/book/src/simple-external-plugin-tutorial/testdata/sampleexternalplugin/v1/bin/sampleexternalplugin "$PLUGIN_DEST/sampleexternalplugin"
chmod +x "$PLUGIN_DEST/sampleexternalplugin" # Ensure the binary is executable

- name: Build Kubebuilder Binary and Setup Environment
env:
KUBEBUILDER_ASSETS: $GITHUB_WORKSPACE/bin
run: |
# Build Kubebuilder Binary
export kb_root_dir=$(pwd)
go build -o "${kb_root_dir}/bin/kubebuilder" ./cmd
chmod +x "${kb_root_dir}/bin/kubebuilder" # Ensure kubebuilder binary is executable
echo "${kb_root_dir}/bin" >> $GITHUB_PATH # Add to PATH

- name: Create Directory, Run Kubebuilder Commands, and Validate Results
env:
KUBEBUILDER_ASSETS: $GITHUB_WORKSPACE/bin
run: |
# Create a directory named testplugin for running kubebuilder commands
mkdir testplugin
cd testplugin

# Run Kubebuilder commands inside the testplugin directory
kubebuilder init --plugins sampleexternalplugin/v1 --domain sample.domain.com
kubebuilder create api --plugins sampleexternalplugin/v1 --number=2 --group=example --version=v1alpha1 --kind=ExampleKind
kubebuilder create webhook --plugins sampleexternalplugin/v1 --hooked --group=example --version=v1alpha1 --kind=ExampleKind

# Validate generated file contents
grep "DOMAIN: sample.domain.com" ./initFile.txt || exit 1
grep "NUMBER: 2" ./apiFile.txt || exit 1
grep "HOOKED!" ./webhookFile.txt || exit 1
2 changes: 1 addition & 1 deletion .github/workflows/lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
- name: Run linter
uses: golangci/golangci-lint-action@v6
with:
version: v1.59
version: v1.61

yamllint:
runs-on: ubuntu-latest
Expand Down
10 changes: 9 additions & 1 deletion .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,13 @@ on:
tags:
- '*'

permissions:
contents: write

jobs:
goreleaser:
runs-on: ubuntu-latest

steps:
- name: Checkout
uses: actions/checkout@v4
Expand All @@ -20,10 +24,14 @@ jobs:
go-version: '~1.22'
- name: Clean dist directory
run: rm -rf dist || true
- name: Install Syft to generate SBOMs
run: |
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b $HOME/bin
echo "$HOME/bin" >> $GITHUB_PATH
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v6
with:
version: v2.1.0
version: v2.3.2
args: release -f ./build/.goreleaser.yml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/test-e2e-samples.yml
Original file line number Diff line number Diff line change
Expand Up @@ -82,8 +82,8 @@ jobs:
sed -i '25s/^#//' $KUSTOMIZATION_FILE_PATH
# Uncomment only ValidatingWebhookConfiguration
# from cert-manager replaces
sed -i '50,80s/^#//' $KUSTOMIZATION_FILE_PATH
sed -i '144,177s/^#//' $KUSTOMIZATION_FILE_PATH
sed -i '50,116s/^#//' $KUSTOMIZATION_FILE_PATH
sed -i '148,177s/^#//' $KUSTOMIZATION_FILE_PATH
cd testdata/project-v4-with-plugins/
go mod tidy

Expand Down
2 changes: 1 addition & 1 deletion .golangci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ linters:
enable:
- dupl
- errcheck
- exportloopref
- copyloopvar
- ginkgolinter
- goconst
- gocyclo
Expand Down
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ GOLANGCI_LINT = $(shell pwd)/bin/golangci-lint
golangci-lint:
@[ -f $(GOLANGCI_LINT) ] || { \
set -e ;\
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(shell dirname $(GOLANGCI_LINT)) v1.59.1 ;\
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(shell dirname $(GOLANGCI_LINT)) v1.61.0 ;\
}

.PHONY: apidiff
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ See the [Getting Started](https://book.kubebuilder.io/quick-start.html) document

![Quick Start](docs/gif/kb-demo.v3.11.1.svg)

Also, ensure that you check out the [Deploy Image](https://book.kubebuilder.io/plugins/deploy-image-plugin-v1-alpha.html)
Also, ensure that you check out the [Deploy Image](./docs/book/src/plugins/available/deploy-image-plugin-v1-alpha.md)
Plugin. This plugin allows users to scaffold API/Controllers to deploy and manage an
Operand (image) on the cluster following the guidelines and best practices. It abstracts the
complexities of achieving this goal while allowing users to customize the generated code.
Expand Down
9 changes: 9 additions & 0 deletions build/.goreleaser.yml
Original file line number Diff line number Diff line change
Expand Up @@ -68,3 +68,12 @@ release:
github:
owner: kubernetes-sigs
name: kubebuilder

# Add the SBOM configuration at the end to generate SBOM files
sboms:
- id: kubebuilder-sbom
artifacts: binary
cmd: syft
args: ["$artifact", "--output", "cyclonedx-json=$document"]
documents:
- "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}.cyclonedx.sbom.json"
2 changes: 1 addition & 1 deletion designs/code-generate-image-plugin.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
| Authors | Creation Date | Status | Extra |
|---------------|---------------|-------------|---|
| @camilamacedo86 | 2021-02-14 | Implemented | [deploy-image-plugin-v1-alpha](https://book.kubebuilder.io/plugins/deploy-image-plugin-v1-alpha.html) |
| @camilamacedo86 | 2021-02-14 | Implemented | [deploy-image-plugin-v1-alpha](../docs/book/src/plugins/available/deploy-image-plugin-v1-alpha.md) |

# New Plugin (`deploy-image.go.kubebuilder.io/v1beta1`) to generate code

Expand Down
6 changes: 3 additions & 3 deletions docs/book/install-and-build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -63,15 +63,15 @@ esac

# grab mdbook
# we hardcode linux/amd64 since rust uses a different naming scheme and it's a pain to tran
echo "downloading mdBook-v0.4.34-${arch}-${target}.${ext}"
echo "downloading mdBook-v0.4.40-${arch}-${target}.${ext}"
set -x
curl -sL -o /tmp/mdbook.${ext} https://github.com/rust-lang/mdBook/releases/download/v0.4.34/mdBook-v0.4.34-${arch}-${target}.${ext}
curl -sL -o /tmp/mdbook.${ext} https://github.com/rust-lang/mdBook/releases/download/v0.4.40/mdBook-v0.4.40-${arch}-${target}.${ext}
${cmd} /tmp/mdbook.${ext}
chmod +x /tmp/mdbook

echo "grabbing the latest released controller-gen"
go version
go install sigs.k8s.io/controller-tools/cmd/[email protected].1
go install sigs.k8s.io/controller-tools/cmd/[email protected].4

# make sure we add the go bin directory to our path
gobin=$(go env GOBIN)
Expand Down
1 change: 1 addition & 0 deletions docs/book/src/SUMMARY.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@

[Getting Started](./getting-started.md)

[Versions Compatibility and Supportability](./versions_compatibility_supportability.md)
---

- [Tutorial: Building CronJob](cronjob-tutorial/cronjob-tutorial.md)
Expand Down
2 changes: 2 additions & 0 deletions docs/book/src/cronjob-tutorial/running.md
Original file line number Diff line number Diff line change
Expand Up @@ -98,3 +98,5 @@ privileges or be logged in as admin. See [Prerequisites for using Kubernetes RBA

If we list cronjobs again like we did before, we should see the controller
functioning again!

[pre-rbc-gke]: https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control#iam-rolebinding-bootstrap
Original file line number Diff line number Diff line change
Expand Up @@ -20,4 +20,4 @@ jobs:
- name: Run linter
uses: golangci/golangci-lint-action@v6
with:
version: v1.59
version: v1.61
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ linters:
enable:
- dupl
- errcheck
- exportloopref
- copyloopvar
- ginkgolinter
- goconst
- gocyclo
Expand Down
4 changes: 2 additions & 2 deletions docs/book/src/cronjob-tutorial/testdata/project/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -174,10 +174,10 @@ ENVTEST ?= $(LOCALBIN)/setup-envtest
GOLANGCI_LINT = $(LOCALBIN)/golangci-lint

## Tool Versions
KUSTOMIZE_VERSION ?= v5.4.3
KUSTOMIZE_VERSION ?= v5.5.0
CONTROLLER_TOOLS_VERSION ?= v0.16.4
ENVTEST_VERSION ?= release-0.19
GOLANGCI_LINT_VERSION ?= v1.59.1
GOLANGCI_LINT_VERSION ?= v1.61.0

.PHONY: kustomize
kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
Expand Down
16 changes: 7 additions & 9 deletions docs/book/src/cronjob-tutorial/testdata/project/cmd/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -118,26 +118,24 @@ func main() {

// Metrics endpoint is enabled in 'config/default/kustomization.yaml'. The Metrics options configure the server.
// More info:
// - https://pkg.go.dev/sigs.k8s.io/[email protected].0/pkg/metrics/server
// - https://pkg.go.dev/sigs.k8s.io/[email protected].1/pkg/metrics/server
// - https://book.kubebuilder.io/reference/metrics.html
metricsServerOptions := metricsserver.Options{
BindAddress: metricsAddr,
SecureServing: secureMetrics,
// TODO(user): TLSOpts is used to allow configuring the TLS config used for the server. If certificates are
// not provided, self-signed certificates will be generated by default. This option is not recommended for
// production environments as self-signed certificates do not offer the same level of trust and security
// as certificates issued by a trusted Certificate Authority (CA). The primary risk is potentially allowing
// unauthorized access to sensitive metrics data. Consider replacing with CertDir, CertName, and KeyName
// to provide certificates, ensuring the server communicates using trusted and secure certificates.
TLSOpts: tlsOpts,
TLSOpts: tlsOpts,
}

if secureMetrics {
// FilterProvider is used to protect the metrics endpoint with authn/authz.
// These configurations ensure that only authorized users and service accounts
// can access the metrics endpoint. The RBAC are configured in 'config/rbac/kustomization.yaml'. More info:
// https://pkg.go.dev/sigs.k8s.io/[email protected].0/pkg/metrics/filters#WithAuthenticationAndAuthorization
// https://pkg.go.dev/sigs.k8s.io/[email protected].1/pkg/metrics/filters#WithAuthenticationAndAuthorization
metricsServerOptions.FilterProvider = filters.WithAuthenticationAndAuthorization

// TODO(user): If CertDir, CertName, and KeyName are not specified, controller-runtime will automatically
// generate self-signed certificates for the metrics server. While convenient for development and testing,
// this setup is not recommended for production.
}

mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
Expand Down
Loading
Loading