Merge pull request #85 from SolaceDev/v1.1.0

Release v1.1.0

.github/workflows/build-test-dev.yml

@@ -6,7 +6,7 @@ on:
       - main
 
 env:
-  VERSION: 1.0.3
+  VERSION: 1.1.0
   IMAGE_NAME: pubsubplus-eventbroker-operator
   VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
   GCLOUD_PROJECT_ID_DEV: ${{ secrets.GCLOUD_PROJECT_ID }}
@@ -121,6 +121,11 @@ jobs:
           exportToken: true
           secrets: |
             secret/data/development/gcp-gcr GCP_SERVICE_ACCOUNT | GCP_DEV_SERVICE_ACCOUNT
+        env:
+          VERSION: 1.1.0
+          IMAGE_NAME: pubsubplus-eventbroker-operator
+          VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
+          GCLOUD_PROJECT_ID_DEV: ${{ secrets.GCLOUD_PROJECT_ID }}
 
       - name: Log in to gcr development docker registry
         uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
@@ -138,6 +143,12 @@ jobs:
           tags: |
             gcr.io/${{ env.GCLOUD_PROJECT_ID_DEV }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }}
           push: true
+        env:
+          VERSION: 1.1.0
+          IMAGE_NAME: pubsubplus-eventbroker-operator
+          VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
+          GCLOUD_PROJECT_ID_DEV: ${{ secrets.GCLOUD_PROJECT_ID }}
+
 
       - name: Run Vulnerability PreCheck for Prisma
         uses: ./maas-build-actions/.github/actions/prisma-vulnerability-checker

.github/workflows/prep-release.yml

@@ -4,7 +4,7 @@ on:
       release_tag:
         description: 'Release tag'
         required: true
-        default: '1.0.3-dev'
+        default: '1.1.0'
       prep_internal_release:
         # Need to distinguish between internal and external releases
         # Internal release: Will use default internal location for created images (ghcr.io) and will tag and push operator candidate there

.github/workflows/test-broker-chaos-situation.yml

@@ -72,7 +72,7 @@ jobs:
           kubectl create secret tls monitoring-tls --key="tls.private.pem" --cert="tls.public.pem"
           kubectl apply -f ci/manifests/eventbroker-ha.yaml | grep "test-ha created"
           sleep 10 ; kubectl get all
-          kubectl wait pods --selector app.kubernetes.io/instance=test-ha --for condition=Ready --timeout=300s
+          kubectl wait pods --selector app.kubernetes.io/instance=test-ha --for condition=Ready --timeout=500s
           kubectl get po --show-labels -n $TESTNAMESPACE | grep test-ha | grep "1/1"
           kubectl get po --show-labels -n $TESTNAMESPACE | grep test-ha | grep active=true
           kubectl get sts -n $TESTNAMESPACE | grep test-ha
@@ -99,7 +99,7 @@ jobs:
         run: |
           openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tlsupdated.key -out tlsupdated.crt -subj "/CN=*"
           kubectl create secret tls test-tlsupdated --key="tlsupdated.key" --cert="tlsupdated.crt"
-          kubectl wait pods --selector node-type=message-routing-primary --for condition=Ready --timeout=300s
+          kubectl wait pods --selector node-type=message-routing-primary --for condition=Ready --timeout=400s
           kubectl get all        
           kubectl apply -f ci/manifests/chaos-manifests/admin-secret-update.yaml | grep "configured"
           kubectl get all
@@ -113,11 +113,11 @@ jobs:
 
       - name: Testing the Operator - HA - Chaos Scenario 3 - Update Scaling Parameters and confirm recovery for message delivery
         run: |
-          kubectl wait pods --selector node-type=message-routing-primary --for condition=Ready --timeout=300s
+          kubectl wait pods --selector node-type=message-routing-primary --for condition=Ready --timeout=400s
           kubectl get all
           kubectl apply -f ci/manifests/chaos-manifests/scaling-parameter-update.yaml | grep "configured"
           kubectl get all
-          kubectl wait pods --selector node-type=message-routing-primary --for condition=Ready --timeout=300s
+          kubectl wait pods --selector node-type=message-routing-primary --for condition=Ready --timeout=400s
           kubectl get all
           kubectl port-forward svc/test-ha-pubsubplus -n $TESTNAMESPACE 55558:55555 &
           sleep 5
@@ -127,7 +127,7 @@ jobs:
 
       - name: Testing the Operator - HA - Chaos Scenario 4 - Kill 2 Nodes and confirm recovery for message delivery
         run: |
-          kubectl wait pods --selector node-type=message-routing-primary --for condition=Ready --timeout=300s
+          kubectl wait pods --selector node-type=message-routing-primary --for condition=Ready --timeout=400s
           kubectl get all
           kubectl get pods -n $TESTNAMESPACE --selector node-type=message-routing-primary | grep Running | awk '{print $1}' | xargs kubectl delete pod
           kubectl get pods -n $TESTNAMESPACE --selector node-type=message-routing-backup | grep Running | awk '{print $1}' | xargs kubectl delete pod
@@ -143,7 +143,7 @@ jobs:
         run: |
           kubectl get sts -n $TESTNAMESPACE  | grep 1/1 | awk '{print $1}' | xargs kubectl delete sts
           kubectl get all
-          kubectl wait pods --selector node-type=message-routing-primary --for condition=Ready --timeout=300s
+          kubectl wait pods --selector node-type=message-routing-primary --for condition=Ready --timeout=400s
           sleep 120          
           kubectl get all
           kubectl port-forward svc/test-ha-pubsubplus -n $TESTNAMESPACE 55552:55555 &

.github/workflows/vulncheck_periodic.yml

@@ -1,7 +1,14 @@
 name: Vuln check
 on:
   schedule:
-    - cron: '0 */6 * * *'
+    - cron: '0 */ * * *'
+
+env:
+  VERSION: 1.1.0
+  IMAGE_NAME: pubsubplus-eventbroker-operator
+  VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
+  GCLOUD_PROJECT_ID_DEV: ${{ secrets.GCLOUD_PROJECT_ID }}
+
 
 permissions:
   contents: read
@@ -57,6 +64,11 @@ jobs:
           exportToken: true
           secrets: |
             secret/data/development/gcp-gcr GCP_SERVICE_ACCOUNT | GCP_DEV_SERVICE_ACCOUNT
+        env:
+          VERSION: 1.1.0
+          IMAGE_NAME: pubsubplus-eventbroker-operator
+          VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
+          GCLOUD_PROJECT_ID_DEV: ${{ secrets.GCLOUD_PROJECT_ID }}
 
       - name: Log in to gcr development docker registry
         uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
@@ -72,6 +84,12 @@ jobs:
           tags: |
             gcr.io/${{ env.GCLOUD_PROJECT_ID_DEV }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }}
           push: true
+        env:
+          VERSION: 1.1.0
+          IMAGE_NAME: pubsubplus-eventbroker-operator
+          VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
+          GCLOUD_PROJECT_ID_DEV: ${{ secrets.GCLOUD_PROJECT_ID }}
+
 
       - name: Run Vulnerability PreCheck for Prisma
         uses: ./maas-build-actions/.github/actions/prisma-vulnerability-checker

Dockerfile

@@ -19,12 +19,12 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o manager main.go
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM registry.access.redhat.com/ubi9/ubi-minimal:latest
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4-1134
 
 LABEL name="solace/pubsubplus-eventbroker-operator"
 LABEL vendor="Solace Corporation"
-LABEL version="1.0.3"
-LABEL release="1.0.3"
+LABEL version="1.1.0"
+LABEL release="1.1.0"
 LABEL summary="Solace PubSub+ Event Broker Kubernetes Operator"
 LABEL description="The Solace PubSub+ Event Broker Kubernetes Operator deploys and manages the lifecycle of PubSub+ Event Brokers"
 

Makefile

@@ -3,7 +3,7 @@
 # To re-generate a bundle for another specific version without changing the standard setup, you can:
 # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
 # - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
-VERSION ?= 1.0.3
+VERSION ?= 1.1.0
 
 # API_VERSION defines the API version for the PubSubPlusEventBroker CRD
 API_VERSION ?= v1beta1

README.md

@@ -196,7 +196,9 @@ kubectl get pods --show-labels --watch
 kubectl wait --for=condition=ServiceReady eventbroker non-ha-monitoring-enabled-example
 kubectl wait --for=condition=MonitoringReady eventbroker non-ha-monitoring-enabled-example
 ```
-For more information about Prometheus monitoring, see [Exposing Metrics to Prometheus](/docs/EventBrokerOperatorUserGuide.md#exposing-metrics-to-prometheus) in the detailed PubSub+ Operator documentation. 
+For more information about Prometheus monitoring, see [Exposing Metrics to Prometheus](/docs/EventBrokerOperatorUserGuide.md#exposing-metrics-to-prometheus) in the detailed PubSub+ Operator documentation.
+
+> Solace Pubsub+ Prometheus Exporter End of Life Notice : Please note that Solace will end of life Pubsub+ Prometheus Exporter version 1.0.1 as of June ,2024. This means there will be no releases for Pubsub+ Prometheus Exporter after June ,2024, however, Solace will continue to provide technical support for it until June, 2025. Refer  https://solace.com/legal/technical-product-support/  for support terminologies. If you have monitoring enabled, the operator will default to downloading the Solace version of Pubsub+ Prometheus Exporter 1.0.1. The community version of the Prometheus Exporter available at  https://github.com/solacecommunity/solace-prometheus-exporter   can be deployed with Pubsub+ Event Broker Operator. Note that Solace does not officially support the community version of the Prometheus Exporter.
 
 ### 4. Test the deployment
 

api/v1beta1/eventbroker_types.go

@@ -20,6 +20,7 @@ import (
 	"encoding/json"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 )
 
 // EventBrokerSpec defines the desired state of PubSubPlusEventBroker
@@ -39,6 +40,8 @@ type EventBrokerSpec struct {
 	Developer bool `json:"developer"`
 	//+optional
 	//+kubebuilder:validation:Type:=object
+	//+kubebuilder:pruning:PreserveUnknownFields
+	//+kubebuilder:validation:Schemaless
 	//+operator-sdk:csv:customresourcedefinitions:type=spec,order=3
 	// SystemScaling provides exact fine-grained specification of the event broker scaling parameters
 	// and the assigned CPU / memory resources to the Pod.
@@ -110,6 +113,15 @@ type EventBrokerSpec struct {
 	// SecurityContext defines the pod security context for the event broker.
 	SecurityContext SecurityContext `json:"securityContext,omitempty"`
 	//+kubebuilder:validation:Type:=object
+	// ContainerSecurityContext defines the container security context for the PubSubPlusEventBroker.
+	BrokerSecurityContext ContainerSecurityContext `json:"brokerContainerSecurity,omitempty"`
+	//+optional
+	//+kubebuilder:validation:Type:=boolean
+	//+kubebuilder:default:=false
+	// EnableServiceLinks indicates whether information about services should be injected into pod's environment
+	// variables, matching the syntax of Docker links. Optional: Defaults to false.
+	EnableServiceLinks bool `json:"enableServiceLinks,omitempty"`
+	//+kubebuilder:validation:Type:=object
 	// ServiceAccount defines a ServiceAccount dedicated to the PubSubPlusEventBroker
 	ServiceAccount BrokerServiceAccount `json:"serviceAccount,omitempty"`
 	//+kubebuilder:validation:Type:=object
@@ -214,6 +226,7 @@ type BrokerPersistentVolumeClaim struct {
 	ClaimName string `json:"claimName"`
 }
 
+// +kubebuilder:pruning:PreserveUnknownFields
 type SystemScaling struct {
 	// +kubebuilder:default:=100
 	MaxConnections int `json:"maxConnections,omitempty"`
@@ -225,6 +238,8 @@ type SystemScaling struct {
 	MessagingNodeCpu string `json:"messagingNodeCpu,omitempty"`
 	// +kubebuilder:default:="4025Mi"
 	MessagingNodeMemory string `json:"messagingNodeMemory,omitempty"`
+	//+kubebuilder:pruning:PreserveUnknownFields
+	runtime.RawExtension `json:"-"`
 }
 
 // BrokerTLS defines TLS configuration for the PubSubPlusEventBroker
@@ -269,6 +284,16 @@ type ExtraEnvVar struct {
 	Value string `json:"value"`
 }
 
+// MonitoringExtraEnvVar defines environment variables to be added to the Prometheus Exporter container for Monitoring
+type MonitoringExtraEnvVar struct {
+	//+kubebuilder:validation:Type:=string
+	// Specifies the Name of an environment variable to be added to the Prometheus Exporter container for Monitoring
+	Name string `json:"name"`
+	//+kubebuilder:validation:Type:=string
+	// Specifies the Value of an environment variable to be added to the Prometheus Exporter container for Monitoring
+	Value string `json:"value"`
+}
+
 // BrokerImage defines Image details and pulling configurations
 type BrokerImage struct {
 	//+optional
@@ -333,6 +358,18 @@ type SecurityContext struct {
 	RunAsUser int64 `json:"runAsUser"`
 }
 
+// ContainerSecurityContext defines the container security context for the PubSubPlusEventBroker
+type ContainerSecurityContext struct {
+	//+optional
+	//+kubebuilder:validation:Type:=number
+	// Specifies runAsGroup in container security context. 0 or unset defaults either to 1000002, or if OpenShift detected to unspecified (see documentation)
+	RunAsGroup int64 `json:"runAsGroup"`
+	//+optional
+	//+kubebuilder:validation:Type:=number
+	// Specifies runAsUser in container security context. 0 or unset defaults either to 1000001, or if OpenShift detected to unspecified (see documentation)
+	RunAsUser int64 `json:"runAsUser"`
+}
+
 // MonitoringImage defines Image details and pulling configurations for the Prometheus Exporter for Monitoring
 type MonitoringImage struct {
 	//+kubebuilder:validation:Type:=string
@@ -360,6 +397,10 @@ type Monitoring struct {
 	// Enabled true enables the setup of the Prometheus Exporter.
 	Enabled bool `json:"enabled"`
 	//+optional
+	//+kubebuilder:validation:Type:=array
+	// List of extra environment variables to be added to the Prometheus Exporter container.
+	ExtraEnvVars []*MonitoringExtraEnvVar `json:"extraEnvVars"`
+	//+optional
 	//+kubebuilder:validation:Type:=object
 	// Image defines container image parameters for the Prometheus Exporter.
 	MonitoringImage *MonitoringImage `json:"image,omitempty"`

bundle/manifests/pubsubplus-eventbroker-operator.clusterserviceversion.yaml

@@ -20,16 +20,16 @@ metadata:
     certified: "true"
     com.redhat.delivery.operator.bundle: "true"
     com.redhat.openshift.versions: v4.10
-    containerImage: docker.io/solace/pubsubplus-eventbroker-operator:1.0.3
-    createdAt: "2024-04-23T16:09:41Z"
+    containerImage: docker.io/solace/pubsubplus-eventbroker-operator:1.1.0
+    createdAt: "2024-07-01T12:25:04Z"
     description: The Solace PubSub+ Event Broker Operator deploys and manages the
       lifecycle of PubSub+ Event Brokers
     operators.openshift.io/valid-subscription: '[]'
-    operators.operatorframework.io/builder: operator-sdk-v1.27.0
+    operators.operatorframework.io/builder: operator-sdk-v1.34.1
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
     repository: https://github.com/SolaceProducts/pubsubplus-kubernetes-quickstart
     support: Solace Products
-  name: pubsubplus-eventbroker-operator.v1.0.3
+  name: pubsubplus-eventbroker-operator.v1.1.0
   namespace: placeholder
 spec:
   apiservicedefinitions: {}
@@ -296,7 +296,7 @@ spec:
                   valueFrom:
                     fieldRef:
                       fieldPath: metadata.annotations['olm.targetNamespaces']
-                image: docker.io/solace/pubsubplus-eventbroker-operator:1.0.3
+                image: docker.io/solace/pubsubplus-eventbroker-operator:1.1.0
                 imagePullPolicy: Always
                 livenessProbe:
                   httpGet:
@@ -411,4 +411,4 @@ spec:
   provider:
     name: Solace Corporation
     url: www.solace.com
-  version: 1.0.3
+  version: 1.1.0