cryostatio · andrewazores · Apr 23, 2024 · Feb 12, 2024 · Feb 13, 2024 · Feb 13, 2024
diff --git a/.github/workflows/build-ci.yml b/.github/workflows/build-ci.yml
@@ -97,7 +97,7 @@ jobs:
     - name: Get scorecard image tag
       id: get-image-tag
       run: |
-        SCORECARD_TAG=$(yq '[.stages[0].tests[].image | capture("cryostat-operator-scorecard:(?P<tag>[\w.\-_]+)$")][0].tag' bundle/tests/scorecard/config.yaml)
+        SCORECARD_TAG=$(yq '[.stages[1].tests[].image | capture("cryostat-operator-scorecard:(?P<tag>[\w.\-_]+)$")][0].tag' bundle/tests/scorecard/config.yaml)
         echo "tag=$SCORECARD_TAG" >> $GITHUB_OUTPUT
     - name: Check if scorecard image tag already exists
       id: check-tag-exists

diff --git a/.github/workflows/test-ci-command.yml b/.github/workflows/test-ci-command.yml
@@ -95,3 +95,42 @@ jobs:
       ref: ${{ needs.checkout-branch.outputs.PR_head_ref }}
       tag: ${{ needs.get-test-image-tag.outputs.tag }}
       sha: ${{ needs.checkout-branch.outputs.PR_head_sha }}
+
+  successful-test:
+    runs-on: ubuntu-latest
+    needs: [run-test-jobs]
+    permissions:
+      pull-requests: write
+    steps:
+    - name: Leave Actions Run Comment
+      uses: actions/github-script@v6
+      with:
+        script: |
+          const runURL = `https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${{ github.run_id }}`;
+          const commentBody = `\`/build_test\` completed successfully ✅. \n[View Actions Run](${runURL}).`;
+          github.rest.issues.createComment({
+            issue_number: context.issue.number,
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            body: commentBody
+            });
+
+  cancelled-test:
+    if: (always() && contains(needs.*.result, 'failure'))
+    runs-on: ubuntu-latest
+    needs: [run-test-jobs]
+    permissions:
+      pull-requests: write
+    steps:
+    - name: Leave Actions Run Comment
+      uses: actions/github-script@v6
+      with:
+        script: |
+          const runURL = `https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${{ github.run_id }}`;
+          const commentBody = `\`/build_test\` : At least one test failed ❌. \n[View Actions Run](${runURL}).`;
+          github.rest.issues.createComment({
+            issue_number: context.issue.number,
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            body: commentBody
+            });
diff --git a/.github/workflows/test-ci-reusable.yml b/.github/workflows/test-ci-reusable.yml
@@ -48,7 +48,7 @@ jobs:
         ref: ${{ inputs.ref }}
     - uses: actions/setup-go@v4
       with:
-        go-version: '1.20.*'
+        go-version: '1.21.*'
     - name: Run controller tests
       run: make test-envtest
     - name: Set latest commit status as ${{ job.status }}
@@ -118,11 +118,29 @@ jobs:
         username: ${{ github.repository_owner }}
         password: ${{ secrets.GITHUB_TOKEN }}
     - name: Set up Kind cluster
+      uses: helm/kind-action@v1.8.0
+      with:
+        config: .github/kind-config.yaml
+        cluster_name: ci-${{ github.run_id }}
+        wait: 1m
+        ignore_failed_clean: true
+    - name: Set up Ingress Controller
       run: |
-        kind create cluster --config=".github/kind-config.yaml" -n ci-${{ github.run_id }}
-        # Enabling Ingress
+        # Install nginx ingress controller
         kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
-        kubectl rollout status -w deployment/ingress-nginx-controller -n ingress-nginx --timeout 5m
+        kubectl rollout status -w \
+          deployment/ingress-nginx-controller \
+          -n ingress-nginx --timeout 5m
+
+        # Lower the number of worker processes
+        kubectl patch cm/ingress-nginx-controller \
+          --type merge \
+          -p '{"data":{"worker-processes":"1"}}' \
+          -n ingress-nginx
+
+        # Modify /etc/hosts to resolve hostnames
+        ip_address=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ci-${{ github.run_id }}-control-plane)
+        echo "$ip_address testing.cryostat" | sudo tee -a /etc/hosts
     - name: Install Operator Lifecycle Manager
       run: curl -sL https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.24.0/install.sh | bash -s v0.24.0
     - name: Install Cert Manager
@@ -140,8 +158,6 @@ jobs:
         SCORECARD_REGISTRY_PASSWORD="${{ secrets.GITHUB_TOKEN }}" \
         BUNDLE_IMG="${{ steps.push-bundle-to-ghcr.outputs.registry-path }}" \
         make test-scorecard
-    - name: Clean up Kind cluster
-      run: kind delete cluster -n ci-${{ github.run_id }}
     - name: Set latest commit status as ${{ job.status }}
       uses: myrotvorets/set-commit-status-action@master
       if: always()

diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM docker.io/library/golang:1.20 as builder
+FROM docker.io/library/golang:1.21 as builder
 ARG TARGETOS
 ARG TARGETARCH
 

diff --git a/Makefile b/Makefile
@@ -8,7 +8,7 @@ OS = $(shell go env GOOS)
 ARCH = $(shell go env GOARCH)
 
 # Current Operator version
-export OPERATOR_VERSION ?= 2.5.0-dev
+export OPERATOR_VERSION ?= 3.0.0-dev
 IMAGE_VERSION ?= $(OPERATOR_VERSION)
 BUNDLE_VERSION ?= $(IMAGE_VERSION)
 DEFAULT_NAMESPACE ?= quay.io/cryostat
@@ -62,7 +62,7 @@ export APP_NAME ?= Cryostat
 # Images used by the operator
 CORE_NAMESPACE ?= $(DEFAULT_NAMESPACE)
 CORE_NAME ?= cryostat
-CORE_VERSION ?= latest
+CORE_VERSION ?= 3.0.0-snapshot
 export CORE_IMG ?= $(CORE_NAMESPACE)/$(CORE_NAME):$(CORE_VERSION)
 DATASOURCE_NAMESPACE ?= $(DEFAULT_NAMESPACE)
 DATASOURCE_NAME ?= jfr-datasource
@@ -76,6 +76,14 @@ REPORTS_NAMESPACE ?= $(DEFAULT_NAMESPACE)
 REPORTS_NAME ?= cryostat-reports
 REPORTS_VERSION ?= latest
 export REPORTS_IMG ?= $(REPORTS_NAMESPACE)/$(REPORTS_NAME):$(REPORTS_VERSION)
+DATABASE_NAMESPACE ?= $(DEFAULT_NAMESPACE)
+DATABASE_NAME ?= cryostat-db
+DATABASE_VERSION ?= latest
+export DATABASE_IMG ?= $(DATABASE_NAMESPACE)/$(DATABASE_NAME):$(DATABASE_VERSION)
+STORAGE_NAMESPACE ?= $(DEFAULT_NAMESPACE)
+STORAGE_NAME ?= cryostat-storage
+STORAGE_VERSION ?= latest
+export STORAGE_IMG ?= $(STORAGE_NAMESPACE)/$(STORAGE_NAME):$(STORAGE_VERSION)
 
 CERT_MANAGER_VERSION ?= 1.11.5
 CERT_MANAGER_MANIFEST ?= \
@@ -134,6 +142,14 @@ else
 KUSTOMIZE_DIR ?= config/default
 endif
 
+# Specify which scorecard tests/suites to run
+ifneq ($(SCORECARD_TEST_SELECTION),)
+SCORECARD_TEST_SELECTOR := --selector='test in ($(SCORECARD_TEST_SELECTION))'
+endif
+ifneq ($(SCORECARD_TEST_SUITE),)
+SCORECARD_TEST_SELECTOR := --selector=suite=$(SCORECARD_TEST_SUITE)
+endif
+
 ##@ General
 
 .PHONY: all
@@ -158,9 +174,9 @@ endif
 test-scorecard: check_cert_manager kustomize operator-sdk ## Run scorecard tests.
 ifneq ($(SKIP_TESTS), true)
 	$(call scorecard-setup)
-	$(call scorecard-cleanup); \
-	trap cleanup EXIT; \
-	$(OPERATOR_SDK) scorecard -n $(SCORECARD_NAMESPACE) -s cryostat-scorecard -w 20m $(BUNDLE_IMG) --pod-security=restricted
+	$(call scorecard-cleanup) ; \
+	trap cleanup EXIT ; \
+	$(OPERATOR_SDK) scorecard -n $(SCORECARD_NAMESPACE) -s cryostat-scorecard -w 20m $(BUNDLE_IMG) --pod-security=restricted $(SCORECARD_TEST_SELECTOR)
 endif
 
 .PHONY: clean-scorecard

diff --git a/README.md b/README.md
@@ -50,7 +50,7 @@ kubectl get secret ${CRYOSTAT_NAME}-jmx-auth -o jsonpath='{$.data.CRYOSTAT_RJMX_
 
 # Building
 ## Requirements
-- `go` v1.20
+- `go` v1.21
 - [`operator-sdk`](https://github.com/operator-framework/operator-sdk) v1.31.0
 - [`cert-manager`](https://github.com/cert-manager/cert-manager) v1.11.5+ (Recommended)
 - `podman` or `docker`

diff --git a/api/v1beta1/cryostat_types.go b/api/v1beta1/cryostat_types.go
@@ -141,6 +141,8 @@ type CryostatStatus struct {
 	// +optional
 	// +operator-sdk:csv:customresourcedefinitions:type=status,order=2,xDescriptors={"urn:alm:descriptor:io.kubernetes:Secret"}
 	GrafanaSecret string `json:"grafanaSecret,omitempty"`
+	// Name of the Secret containing the cryostat storage connection key
+	StorageSecret string `json:"storageSecret,omitempty"`
 	// Address of the deployed Cryostat web application.
 	// +operator-sdk:csv:customresourcedefinitions:type=status,order=1,xDescriptors={"urn:alm:descriptor:org.w3:link"}
 	ApplicationURL string `json:"applicationUrl"`
@@ -287,6 +289,13 @@ type GrafanaServiceConfig struct {
 	ServiceConfig `json:",inline"`
 }
 
+type StorageServiceConfig struct {
+	// HTTP port number for the cryostat storage service.
+	// Defaults to 8333
+	HTTPPort      *int32 `json:"httpPort,omitempty"`
+	ServiceConfig `json:",inline"`
+}
+
 // ReportsServiceConfig provides customization for the service handling
 // traffic for the cryostat-reports sidecars.
 type ReportsServiceConfig struct {
@@ -309,6 +318,9 @@ type ServiceConfigList struct {
 	// Specification for the service responsible for the cryostat-reports sidecars.
 	// +optional
 	ReportsConfig *ReportsServiceConfig `json:"reportsConfig,omitempty"`
+	// Specification for the service responsible for the cryostat storage container.
+	// +optional
+	StorageConfig *StorageServiceConfig `json:"storageConfig,omitEmpty"`
 }
 
 // NetworkConfiguration provides customization for how to expose a Cryostat
@@ -502,6 +514,14 @@ type SecurityOptions struct {
 	// +optional
 	// +operator-sdk:csv:customresourcedefinitions:type=spec
 	GrafanaSecurityContext *corev1.SecurityContext `json:"grafanaSecurityContext,omitempty"`
+	// Security Context to apply to the storage container.
+	// +optional
+	// +operator-sdk:csv:customresourcedefinitions:type=spec
+	StorageSecurityContext *corev1.SecurityContext `json:"storageSecurityContext,omitempty"`
+	// Security Context to apply to the storage container.
+	// +optional
+	// +operator-sdk:csv:customresourcedefinitions:type=spec
+	DatabaseSecurityContext *corev1.SecurityContext `json:"databaseSecurityContext,omitempty"`
 }
 
 // ReportsSecurityOptions contains Security Context customizations for the

diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
diff --git a/api/v1beta2/cryostat_types.go b/api/v1beta2/cryostat_types.go
@@ -527,6 +527,14 @@ type SecurityOptions struct {
 	// +optional
 	// +operator-sdk:csv:customresourcedefinitions:type=spec
 	GrafanaSecurityContext *corev1.SecurityContext `json:"grafanaSecurityContext,omitempty"`
+	// Security Context to apply to the storage container.
+	// +optional
+	// +operator-sdk:csv:customresourcedefinitions:type=spec
+	StorageSecurityContext *corev1.SecurityContext `json:"storageSecurityContext,omitempty"`
+	// Security Context to apply to the storage container.
+	// +optional
+	// +operator-sdk:csv:customresourcedefinitions:type=spec
+	DatabaseSecurityContext *corev1.SecurityContext `json:"databaseSecurityContext,omitempty"`
 }
 
 // ReportsSecurityOptions contains Security Context customizations for the

diff --git a/api/v1beta2/zz_generated.deepcopy.go b/api/v1beta2/zz_generated.deepcopy.go
diff --git a/bundle.Dockerfile b/bundle.Dockerfile
@@ -6,7 +6,7 @@ LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
 LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
 LABEL operators.operatorframework.io.bundle.package.v1=cryostat-operator
 LABEL operators.operatorframework.io.bundle.channels.v1=alpha
-LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.31.0
+LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.32.0
 LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
 LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3