From aa0d08379d9d757dee83c38737f3dfd3d4036972 Mon Sep 17 00:00:00 2001 From: Sascha Grunert Date: Wed, 22 Mar 2023 09:42:33 +0100 Subject: [PATCH] Bump to v0.7.0 Signed-off-by: Sascha Grunert --- VERSION | 2 +- ...rity-profiles-operator.clusterserviceversion.yaml | 12 ++++++------ dependencies.yaml | 2 +- deploy/base/clusterserviceversion.yaml | 4 ++-- deploy/catalog-preamble.json | 4 ++-- deploy/helm/Chart.yaml | 4 ++-- deploy/kustomize-deployment/kustomization.yaml | 10 +++++----- deploy/namespace-operator.yaml | 2 +- deploy/openshift-dev.yaml | 2 +- deploy/openshift-downstream.yaml | 2 +- deploy/operator.yaml | 2 +- deploy/webhook-operator.yaml | 2 +- examples/olm/install-resources.yaml | 2 +- hack/ci/e2e-olm.sh | 4 ++-- hack/deploy-localhost.patch | 2 +- hack/release.sh | 11 ++++++++++- installation-usage.md | 4 ++-- release.md | 1 + test/e2e_test.go | 4 ++-- 19 files changed, 43 insertions(+), 33 deletions(-) diff --git a/VERSION b/VERSION index 2feed2fef8..faef31a435 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.6.1-dev +0.7.0 diff --git a/bundle/manifests/security-profiles-operator.clusterserviceversion.yaml b/bundle/manifests/security-profiles-operator.clusterserviceversion.yaml index 4b20e38d2e..759b91a742 100644 --- a/bundle/manifests/security-profiles-operator.clusterserviceversion.yaml +++ b/bundle/manifests/security-profiles-operator.clusterserviceversion.yaml @@ -241,15 +241,15 @@ metadata: ] capabilities: Basic Install categories: Security - containerImage: registry.k8s.io/security-profiles-operator/security-profiles-operator:v0.6.0 - olm.skipRange: '>=0.4.1 <0.6.1-dev' + containerImage: registry.k8s.io/security-profiles-operator/security-profiles-operator:v0.7.0 + olm.skipRange: '>=0.4.1 <0.7.0' operatorframework.io/cluster-monitoring: "true" operatorframework.io/suggested-namespace: security-profiles-operator operators.openshift.io/valid-subscription: '["OpenShift Kubernetes Engine", "OpenShift Container Platform", "OpenShift Platform Plus"]' operators.operatorframework.io/builder: operator-sdk-v1.25.0 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 - name: security-profiles-operator.v0.6.1-dev + name: security-profiles-operator.v0.7.0 namespace: placeholder spec: apiservicedefinitions: {} @@ -862,7 +862,7 @@ spec: fieldPath: spec.nodeName - name: KUBELET_DIR value: /var/lib/kubelet - image: gcr.io/k8s-staging-sp-operator/security-profiles-operator:latest + image: registry.k8s.io/security-profiles-operator/security-profiles-operator:v0.7.0 imagePullPolicy: Always name: security-profiles-operator resources: @@ -968,5 +968,5 @@ spec: name: rbac-proxy - image: quay.io/security-profiles-operator/selinuxd name: selinuxd - replaces: security-profiles-operator.v0.5.0 - version: 0.6.1-dev + replaces: security-profiles-operator.v0.6.0 + version: 0.7.0 diff --git a/dependencies.yaml b/dependencies.yaml index 3a2bd98293..867dcc05cd 100644 --- a/dependencies.yaml +++ b/dependencies.yaml @@ -206,7 +206,7 @@ dependencies: match: BOM_VERSION - name: spo-current - version: 0.6.1-dev + version: 0.7.0 refPaths: - path: VERSION match: ^.* diff --git a/deploy/base/clusterserviceversion.yaml b/deploy/base/clusterserviceversion.yaml index 746fd49828..02aaca4b07 100644 --- a/deploy/base/clusterserviceversion.yaml +++ b/deploy/base/clusterserviceversion.yaml @@ -6,7 +6,7 @@ metadata: alm-examples: '[]' capabilities: Basic Install categories: Security - containerImage: registry.k8s.io/security-profiles-operator/security-profiles-operator:v0.6.0 + containerImage: registry.k8s.io/security-profiles-operator/security-profiles-operator:v0.7.0 olm.skipRange: '>=0.4.1 <0.4.2-dev' operatorframework.io/suggested-namespace: security-profiles-operator operators.openshift.io/valid-subscription: '["OpenShift Kubernetes Engine", "OpenShift Container Platform", "OpenShift Platform Plus"]' @@ -89,5 +89,5 @@ spec: provider: name: Kubernetes SIGs url: https://github.com/kubernetes-sigs - replaces: security-profiles-operator.v0.5.0 + replaces: security-profiles-operator.v0.6.0 version: 0.0.0 diff --git a/deploy/catalog-preamble.json b/deploy/catalog-preamble.json index 04a4e3a1c4..115bab13ab 100644 --- a/deploy/catalog-preamble.json +++ b/deploy/catalog-preamble.json @@ -13,8 +13,8 @@ "package": "security-profiles-operator", "entries": [ { - "name": "security-profiles-operator.v0.6.1-dev", - "skipRange": ">=0.4.1 <0.6.1-dev" + "name": "security-profiles-operator.v0.7.0", + "skipRange": ">=0.4.1 <0.7.0" } ] } diff --git a/deploy/helm/Chart.yaml b/deploy/helm/Chart.yaml index fffdd65748..a6f8851c7c 100644 --- a/deploy/helm/Chart.yaml +++ b/deploy/helm/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: security-profiles-operator description: "The Kubernetes Security Profiles Operator." type: application -version: "0.6.1-dev" -appVersion: "0.6.1-dev" +version: "0.7.0" +appVersion: "0.7.0" diff --git a/deploy/kustomize-deployment/kustomization.yaml b/deploy/kustomize-deployment/kustomization.yaml index a745a044c2..77fbb60049 100644 --- a/deploy/kustomize-deployment/kustomization.yaml +++ b/deploy/kustomize-deployment/kustomization.yaml @@ -3,11 +3,11 @@ kind: Kustomization images: - name: security-profiles-operator - newName: gcr.io/k8s-staging-sp-operator/security-profiles-operator - newTag: latest - # For images to be released: - # newName: registry.k8s.io/security-profiles-operator/security-profiles-operator - # newTag: v0.6.1 + # newName: gcr.io/k8s-staging-sp-operator/security-profiles-operator + # newTag: latest + # For images to be released: + newName: registry.k8s.io/security-profiles-operator/security-profiles-operator + newTag: v0.7.0 resources: diff --git a/deploy/namespace-operator.yaml b/deploy/namespace-operator.yaml index 5f9df1d455..f35f48f6a2 100644 --- a/deploy/namespace-operator.yaml +++ b/deploy/namespace-operator.yaml @@ -3008,7 +3008,7 @@ spec: fieldPath: spec.nodeName - name: KUBELET_DIR value: /var/lib/kubelet - image: gcr.io/k8s-staging-sp-operator/security-profiles-operator:latest + image: registry.k8s.io/security-profiles-operator/security-profiles-operator:v0.7.0 imagePullPolicy: Always name: security-profiles-operator resources: diff --git a/deploy/openshift-dev.yaml b/deploy/openshift-dev.yaml index 8ed8bf9afa..2828f78693 100644 --- a/deploy/openshift-dev.yaml +++ b/deploy/openshift-dev.yaml @@ -2999,7 +2999,7 @@ spec: fieldPath: spec.nodeName - name: KUBELET_DIR value: /var/lib/kubelet - image: image-registry.openshift-image-registry.svc:5000/openshift/security-profiles-operator:latest + image: registry.k8s.io/security-profiles-operator/security-profiles-operator:v0.7.0 imagePullPolicy: Always name: security-profiles-operator resources: diff --git a/deploy/openshift-downstream.yaml b/deploy/openshift-downstream.yaml index 5d7b0f4ad1..00312e6ff1 100644 --- a/deploy/openshift-downstream.yaml +++ b/deploy/openshift-downstream.yaml @@ -3019,7 +3019,7 @@ spec: fieldPath: spec.nodeName - name: KUBELET_DIR value: /var/lib/kubelet - image: gcr.io/k8s-staging-sp-operator/security-profiles-operator:latest + image: registry.k8s.io/security-profiles-operator/security-profiles-operator:v0.7.0 imagePullPolicy: Always name: security-profiles-operator resources: diff --git a/deploy/operator.yaml b/deploy/operator.yaml index 92d0a7a573..c50397d8e3 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -3006,7 +3006,7 @@ spec: fieldPath: spec.nodeName - name: KUBELET_DIR value: /var/lib/kubelet - image: gcr.io/k8s-staging-sp-operator/security-profiles-operator:latest + image: registry.k8s.io/security-profiles-operator/security-profiles-operator:v0.7.0 imagePullPolicy: Always name: security-profiles-operator resources: diff --git a/deploy/webhook-operator.yaml b/deploy/webhook-operator.yaml index 3d71414a3c..2e79adc0f3 100644 --- a/deploy/webhook-operator.yaml +++ b/deploy/webhook-operator.yaml @@ -3006,7 +3006,7 @@ spec: fieldPath: spec.nodeName - name: KUBELET_DIR value: /var/lib/kubelet - image: gcr.io/k8s-staging-sp-operator/security-profiles-operator:latest + image: registry.k8s.io/security-profiles-operator/security-profiles-operator:v0.7.0 imagePullPolicy: Always name: security-profiles-operator resources: diff --git a/examples/olm/install-resources.yaml b/examples/olm/install-resources.yaml index fd2c49734e..abd64c7305 100644 --- a/examples/olm/install-resources.yaml +++ b/examples/olm/install-resources.yaml @@ -17,7 +17,7 @@ metadata: namespace: olm spec: sourceType: grpc - image: gcr.io/k8s-staging-sp-operator/security-profiles-operator-catalog:latest + image: registry.k8s.io/security-profiles-operator/security-profiles-operator-catalog:v0.7.0 --- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription diff --git a/hack/ci/e2e-olm.sh b/hack/ci/e2e-olm.sh index 483faf2a7c..0b62f82020 100755 --- a/hack/ci/e2e-olm.sh +++ b/hack/ci/e2e-olm.sh @@ -45,7 +45,7 @@ function build_and_push_packages() { # Create a manifest with local image cp deploy/operator.yaml ${OPERATOR_MANIFEST} - sed -i "s#gcr.io/k8s-staging-sp-operator/security-profiles-operator.*\$#${IMG}#" ${OPERATOR_MANIFEST} + sed -i "s#registry.k8s.io/security-profiles-operator.*\$#${IMG}#" ${OPERATOR_MANIFEST} grep ${IMG} ${OPERATOR_MANIFEST} || exit 1 # this is a kludge, we need to make sure kustomize can be overwritten @@ -73,7 +73,7 @@ function deploy_deps() { kubectl -ncert-manager wait --for condition=ready pod -l app.kubernetes.io/instance=cert-manager # All installation methods run off the same catalog - sed -i "s#gcr.io/k8s-staging-sp-operator/security-profiles-operator-catalog:latest#${CATALOG_IMG}#g" examples/olm/install-resources.yaml + sed -i "s#registry.k8s.io/security-profiles-operator/security-profiles-operator-catalog:v0.7.0#${CATALOG_IMG}#g" examples/olm/install-resources.yaml } diff --git a/hack/deploy-localhost.patch b/hack/deploy-localhost.patch index 5e6bbf305a..b741d050a4 100644 --- a/hack/deploy-localhost.patch +++ b/hack/deploy-localhost.patch @@ -15,7 +15,7 @@ index d7bf1964..d2a9c614 100644 fieldPath: spec.nodeName - name: KUBELET_DIR value: /var/lib/kubelet -- image: gcr.io/k8s-staging-sp-operator/security-profiles-operator:latest +- image: registry.k8s.io/security-profiles-operator/security-profiles-operator:v0.7.0 - imagePullPolicy: Always + image: localhost/security-profiles-operator:latest + imagePullPolicy: IfNotPresent diff --git a/hack/release.sh b/hack/release.sh index 48e2516d7f..0590fdd454 100755 --- a/hack/release.sh +++ b/hack/release.sh @@ -43,9 +43,13 @@ sed -i 's;image: .*;image: registry.k8s.io/security-profiles-operator/security-p # Update e2e tests # shellcheck disable=SC2016 -sed -i 's;gcr.io/k8s-staging-sp-operator.*;registry.k8s.io/security-profiles-operator/security-profiles-operator-catalog:v'"$VERSION"'#${CATALOG_IMG}#g" examples/olm/install-resources.yaml;g' hack/ci/e2e-olm.sh +sed -i 's;gcr.io.*catalog.*;registry.k8s.io/security-profiles-operator/security-profiles-operator-catalog:v'"$VERSION"'#${CATALOG_IMG}#g" examples/olm/install-resources.yaml;g' hack/ci/e2e-olm.sh +sed -i 's;gcr.io/k8s-staging-sp-operator/;registry.k8s.io/;g' hack/ci/e2e-olm.sh sed -i 's;gcr.io/k8s-staging-sp-operator/;registry.k8s.io/;g' test/e2e_test.go +# Update patches +sed -i 's;gcr.io.*;registry.k8s.io/security-profiles-operator/security-profiles-operator:v'"$VERSION"';g' hack/deploy-localhost.patch + # Update dependencies.yaml FILES=( dependencies.yaml @@ -63,7 +67,12 @@ OPERATOR_VERSION=$(curl -sSfL --retry 5 --retry-delay 3 "https://operatorhub.io/ sed -i 's;replaces:.*;replaces: '"$OPERATOR_VERSION"';g' $FILE sed -i 's;containerImage:.*;containerImage: registry.k8s.io/security-profiles-operator/security-profiles-operator:v'"$VERSION"';g' $FILE +# Stage the sources, because `make bundle` will use `git restore` +git add . + # Build bundle make bundle +git add . + echo "Done. Commit the changes to a new branch and create a PR from it" diff --git a/installation-usage.md b/installation-usage.md index 9179f1c609..875cb03597 100644 --- a/installation-usage.md +++ b/installation-usage.md @@ -204,9 +204,9 @@ kubectl annotate ns $spo_ns \ --overwrite # Install the chart from the release URL (or a file path if desired) -helm install security-profiles-operator --namespace security-profiles-operator https://github.com/kubernetes-sigs/security-profiles-operator/releases/download/v0.6.1-dev/security-profiles-operator-0.6.1-dev.tgz +helm install security-profiles-operator --namespace security-profiles-operator https://github.com/kubernetes-sigs/security-profiles-operator/releases/download/v0.7.0/security-profiles-operator-0.7.0.tgz # Or update it with -# helm upgrade --install security-profiles-operator --namespace security-profiles-operator https://github.com/kubernetes-sigs/security-profiles-operator/releases/download/v0.6.1-dev/security-profiles-operator-0.6.1-dev.tgz +# helm upgrade --install security-profiles-operator --namespace security-profiles-operator https://github.com/kubernetes-sigs/security-profiles-operator/releases/download/v0.7.0/security-profiles-operator-0.7.0.tgz ``` #### Troubleshooting and maintenance diff --git a/release.md b/release.md index 6dfefa2054..5519c0a900 100644 --- a/release.md +++ b/release.md @@ -29,6 +29,7 @@ The script basically: - updates [./dependencies.yaml](./dependencies.yaml) `spo-current` version as well as its linked files. Run `make verify-dependencies` to verify the results. +- updates ./hack/deploy-localhost.patch to match the new deployment - updates [./deploy/base/clusterserviceversion.yaml](./deploy/base/clusterserviceversion.yaml) to change `replaces` to the latest available version on OperatorHub as well as update the `containerImage`. diff --git a/test/e2e_test.go b/test/e2e_test.go index 526f47728d..83753ee991 100644 --- a/test/e2e_test.go +++ b/test/e2e_test.go @@ -289,8 +289,8 @@ func (e *e2e) deployOperator(manifest string) { // ones from the nodes e.logf("Setting imagePullPolicy to '%s' in manifest: %s", e.pullPolicy, manifest) e.updateManifest(manifest, "imagePullPolicy: Always", fmt.Sprintf("imagePullPolicy: %s", e.pullPolicy)) - e.updateManifest(manifest, "image: .*gcr.io/k8s-staging-sp-operator/.*", fmt.Sprintf("image: %s", e.testImage)) - e.updateManifest(manifest, "value: .*gcr.io/k8s-staging-sp-operator/.*", fmt.Sprintf("value: %s", e.testImage)) + e.updateManifest(manifest, "image: .*registry.k8s.io/.*", fmt.Sprintf("image: %s", e.testImage)) + e.updateManifest(manifest, "value: .*registry.k8s.io/.*", fmt.Sprintf("value: %s", e.testImage)) e.updateManifest(manifest, "value: .*quay.io/.*/selinuxd.*", fmt.Sprintf("value: %s", e.selinuxdImage)) if e.selinuxEnabled { e.updateManifest(manifest, "enableSelinux: false", "enableSelinux: true")