Merge branch 'main' into token-review

.github/workflows/push_image.yml

@@ -28,7 +28,7 @@ jobs:
       - name: checkout
         uses: actions/checkout@v3
       - name: build images
-        run: make ci-images-build
+        run: IMG=${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAGS }} make ci-images-build
       - name: podman login to quay.io
         uses: redhat-actions/podman-login@v1
         with:

.github/workflows/push_image_pr.yml

@@ -28,7 +28,7 @@ jobs:
         with:
           ref: "refs/pull/${{ github.event.number }}/merge"
       - name: build images
-        run: VERSION=temp make ci-images-build
+        run: IMG=${{ env.REGISTRY }}/${{ env.IMAGE }}:temp make ci-images-build
       - name: podman login to quay.io
         uses: redhat-actions/podman-login@v1
         with:

.github/workflows/release.yml

@@ -37,7 +37,7 @@ jobs:
         with:
           go-version: ${{ matrix.go }}
       - name: build operator
-        run: VERSION=${{ env.tag }} IMAGE_TAG_BASE=${{ env.REGISTRY }}/${{ env.IMAGE }} make image-build
+        run: IMG=${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.tag }} make image-build
       - name: podman login to quay.io
         uses: redhat-actions/podman-login@v1
         with:

Makefile

@@ -3,17 +3,18 @@ VERSION ?= main
 BUILD_VERSION := $(shell git describe --long HEAD)
 BUILD_DATE := $(shell date +%Y-%m-%d\ %H:%M)
 BUILD_SHA := $(shell git rev-parse --short HEAD)
-
+# Default image repo
+REPO ?= quay.io/netobserv
 # Component versions to use in bundle / release (do not use $VERSION for that)
-PREVIOUS_VERSION ?= v0.2.2
-BUNDLE_VERSION ?= 1.0.1
+PREVIOUS_VERSION ?= v1.0.1
+BUNDLE_VERSION ?= 1.0.2
 OPERATOR_VERSION ?= $(BUNDLE_VERSION)
 # console plugin
-export PLG_VERSION ?= v0.1.8
+export PLG_VERSION ?= v0.1.9
 # flowlogs-pipeline
-export FLP_VERSION ?= v0.1.7
+export FLP_VERSION ?= v0.1.8
 # eBPF agent
-export BPF_VERSION ?= v0.2.4
+export BPF_VERSION ?= v0.3.0
 
 # Allows building bundles in Mac replacing BSD 'sed' command by GNU-compatible 'gsed'
 SED ?= sed
@@ -47,14 +48,14 @@ BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL)
 #
 # For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both
 # netobserv/network-observability-operator-bundle:$BUNDLE_VERSION and netobserv/network-observability-operator-catalog:$BUNDLE_VERSION.
-IMAGE_TAG_BASE ?= quay.io/netobserv/network-observability-operator
+IMAGE_TAG_BASE ?= $(REPO)/network-observability-operator
 
 # BUNDLE_IMG defines the image:tag used for the bundle.
 # You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=<some-registry>/<project-name-bundle>:<tag>)
 BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(BUNDLE_VERSION)
 
 # Image URL to use all building/pushing image targets
-IMG ?= $(IMAGE_TAG_BASE):$(VERSION)
+IMG ?= $(IMAGE_TAG_BASE):$(OPERATOR_VERSION)
 IMG_SHA = $(IMAGE_TAG_BASE):$(BUILD_SHA)
 # Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
 CRD_OPTIONS ?= "crd:trivialVersions=true,preserveUnknownFields=false"
@@ -121,6 +122,12 @@ CONVERSION_GEN_BIN := conversion-gen
 # in generated files.
 CONVERSION_GEN := $(abspath $(TOOLS_BIN_DIR)/$(CONVERSION_GEN_BIN))
 CONVERSION_GEN_PKG := k8s.io/code-generator/cmd/conversion-gen
+# Set --output-base for conversion-gen if we are not within GOPATH
+ifneq ($(abspath $(ROOT_DIR)),$(shell go env GOPATH)/src/network-observability-operator)
+	CONVERSION_GEN_OUTPUT_BASE := --output-base=$(ROOT_DIR)
+else
+	export GOPATH := $(shell go env GOPATH)
+endif
 
 ##@ Development
 manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
@@ -129,15 +136,15 @@ manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and Cust
 gencode: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
 	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
 
-doc: crdoc ## Generate 
+doc: crdoc ## Generate
 	$(CRDOC) --resources config/crd/bases/flows.netobserv.io_flowcollectors.yaml --output docs/FlowCollector.md
 
 generate-go-conversions: $(CONVERSION_GEN) ## Run all generate-go-conversions
 		$(MAKE) clean-generated-conversions SRC_DIRS="./api/v1alpha1"
 		$(CONVERSION_GEN) \
 		--input-dirs=./api/v1alpha1 \
 		--build-tag=ignore_autogenerated_core \
-		--output-file-base=zz_generated.conversion \
+		--output-file-base=zz_generated.conversion $(CONVERSION_GEN_OUTPUT_BASE)\
 		--go-header-file=./hack/boilerplate/boilerplate.generatego.txt
 
 generate: gencode manifests doc generate-go-conversions
@@ -274,7 +281,7 @@ endif
 .PHONY: bundle-prepare
 bundle-prepare: OPSDK generate kustomize ## Generate bundle manifests and metadata, then validate generated files.
 	$(OPSDK) generate kustomize manifests -q
-	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMAGE_TAG_BASE):$(OPERATOR_VERSION)
+	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
 	$(SED) -i -r 's~ebpf-agent:.+~ebpf-agent:$(BPF_VERSION)~' ./config/manager/manager.yaml
 	$(SED) -i -r 's~flowlogs-pipeline:.+~flowlogs-pipeline:$(FLP_VERSION)~' ./config/manager/manager.yaml
 	$(SED) -i -r 's~console-plugin:.+~console-plugin:$(PLG_VERSION)~' ./config/manager/manager.yaml

RELEASE.md

@@ -36,7 +36,7 @@ Edit the [Makefile](./Makefile) to update `PREVIOUS_VERSION`, `BUNDLE_VERSION`,
 make bundle
 
 # Set desired operator version - CAREFUL, no leading "v" here
-version="1.0.1"
+version="1.0.2"
 vv=v$version
 test_branch=test-$vv
 
@@ -84,7 +84,7 @@ Check also the "Create a discussion for this release" option, in category "Annou
 Before publishing, we should check that upgrading the operator from a previous version isn't broken. We can use `operator-sdk` for that:
 
 ```bash
-previous=v0.2.2
+previous=v1.0.1
 bin/operator-sdk run bundle quay.io/netobserv/network-observability-operator-bundle:$previous --timeout 5m
 bin/operator-sdk run bundle-upgrade quay.io/netobserv/network-observability-operator-bundle:$vv --timeout 5m
 ```

bundle.Dockerfile

@@ -7,7 +7,7 @@ LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
 LABEL operators.operatorframework.io.bundle.package.v1=netobserv-operator
 LABEL operators.operatorframework.io.bundle.channels.v1=latest,v1.0.x
 LABEL operators.operatorframework.io.bundle.channel.default.v1=latest
-LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.25.0-ocp
+LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.25.3
 LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
 LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3
 

bundle/manifests/flows.netobserv.io_flowcollectors.yaml

@@ -2,9 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
     controller-gen.kubebuilder.io/version: v0.6.1
-    service.beta.openshift.io/inject-cabundle: "true"
   creationTimestamp: null
   name: flowcollectors.flows.netobserv.io
 spec:

bundle/manifests/netobserv-operator.clusterserviceversion.yaml

@@ -328,13 +328,13 @@ metadata:
     capabilities: Seamless Upgrades
     categories: Monitoring
     console.openshift.io/plugins: '["netobserv-plugin"]'
-    containerImage: quay.io/netobserv/network-observability-operator:1.0.1
-    createdAt: "2023-02-17T16:08:58Z"
+    containerImage: quay.io/netobserv/network-observability-operator:1.0.2
+    createdAt: "2023-02-21T08:20:07Z"
     description: Network flows collector and monitoring solution
     operators.operatorframework.io/builder: operator-sdk-v1.25.3
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
     repository: https://github.com/netobserv/network-observability-operator
-  name: netobserv-operator.v1.0.1
+  name: netobserv-operator.v1.0.2
   namespace: placeholder
 spec:
   apiservicedefinitions: {}
@@ -387,7 +387,7 @@ spec:
 
     ## Configuration
 
-    The `FlowCollector` resource is used to configure the operator and its managed components. A comprehensive documentation is [available here](https://github.com/netobserv/network-observability-operator/blob/1.0.1/docs/FlowCollector.md), and a full sample file [there](https://github.com/netobserv/network-observability-operator/blob/1.0.1/config/samples/flows_v1alpha1_flowcollector.yaml).
+    The `FlowCollector` resource is used to configure the operator and its managed components. A comprehensive documentation is [available here](https://github.com/netobserv/network-observability-operator/blob/1.0.2/docs/FlowCollector.md), and a full sample file [there](https://github.com/netobserv/network-observability-operator/blob/1.0.2/config/samples/flows_v1alpha1_flowcollector.yaml).
 
     To edit configuration in cluster, run:
 
@@ -405,7 +405,7 @@ spec:
 
     - Loki (`spec.loki`): configure here how to reach Loki. The default values match the Loki quick install paths mentioned above, but you may have to configure differently if you used another installation method.
 
-    - Quick filters (`spec.consolePlugin.quickFilters`): configure preset filters to be displayed in the Console plugin. They offer a way to quickly switch from filters to others, such as showing / hiding pods network, or infrastructure network, or application network, etc. They can be tuned to reflect the different workloads running on your cluster. For a list of available filters, [check this page](https://github.com/netobserv/network-observability-operator/blob/1.0.1/docs/QuickFilters.md).
+    - Quick filters (`spec.consolePlugin.quickFilters`): configure preset filters to be displayed in the Console plugin. They offer a way to quickly switch from filters to others, such as showing / hiding pods network, or infrastructure network, or application network, etc. They can be tuned to reflect the different workloads running on your cluster. For a list of available filters, [check this page](https://github.com/netobserv/network-observability-operator/blob/1.0.2/docs/QuickFilters.md).
 
     - Kafka (`spec.deploymentModel: KAFKA` and `spec.kafka`): when enabled, integrates the flow collection pipeline with Kafka, by splitting ingestion from transformation (kube enrichment, derived metrics, ...). Kafka can provide better scalability, resiliency and high availability ([view more details](https://www.redhat.com/en/topics/integration/what-is-apache-kafka)). Assumes Kafka is already deployed and a topic is created.
 
@@ -650,12 +650,12 @@ spec:
                 - /manager
                 env:
                 - name: RELATED_IMAGE_EBPF_AGENT
-                  value: quay.io/netobserv/netobserv-ebpf-agent:v0.2.4
+                  value: quay.io/netobserv/netobserv-ebpf-agent:v0.3.0
                 - name: RELATED_IMAGE_FLOWLOGS_PIPELINE
-                  value: quay.io/netobserv/flowlogs-pipeline:v0.1.7
+                  value: quay.io/netobserv/flowlogs-pipeline:v0.1.8
                 - name: RELATED_IMAGE_CONSOLE_PLUGIN
-                  value: quay.io/netobserv/network-observability-console-plugin:v0.1.8
-                image: quay.io/netobserv/network-observability-operator:1.0.1
+                  value: quay.io/netobserv/network-observability-console-plugin:v0.1.9
+                image: quay.io/netobserv/network-observability-operator:1.0.2
                 imagePullPolicy: Always
                 livenessProbe:
                   httpGet:
@@ -788,14 +788,14 @@ spec:
     name: Red Hat
     url: https://www.redhat.com
   relatedImages:
-  - image: quay.io/netobserv/netobserv-ebpf-agent:v0.2.4
+  - image: quay.io/netobserv/netobserv-ebpf-agent:v0.3.0
     name: ebpf-agent
-  - image: quay.io/netobserv/flowlogs-pipeline:v0.1.7
+  - image: quay.io/netobserv/flowlogs-pipeline:v0.1.8
     name: flowlogs-pipeline
-  - image: quay.io/netobserv/network-observability-console-plugin:v0.1.8
+  - image: quay.io/netobserv/network-observability-console-plugin:v0.1.9
     name: console-plugin
-  replaces: netobserv-operator.v0.2.2
-  version: 1.0.1
+  replaces: netobserv-operator.v1.0.1
+  version: 1.0.2
   webhookdefinitions:
   - admissionReviewVersions:
     - v1alpha1
@@ -819,7 +819,7 @@ spec:
     - apiGroups:
       - netobserv.io
       apiVersions:
-      - v1alpha1
+      - v1beta1
       operations:
       - CREATE
       - UPDATE

bundle/metadata/annotations.yaml

@@ -6,7 +6,7 @@ annotations:
   operators.operatorframework.io.bundle.package.v1: netobserv-operator
   operators.operatorframework.io.bundle.channels.v1: latest,v1.0.x
   operators.operatorframework.io.bundle.channel.default.v1: latest
-  operators.operatorframework.io.metrics.builder: operator-sdk-v1.25.0-ocp
+  operators.operatorframework.io.metrics.builder: operator-sdk-v1.25.3
   operators.operatorframework.io.metrics.mediatype.v1: metrics+v1
   operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3
 

config/crd/kustomization.yaml

@@ -13,7 +13,7 @@ patchesStrategicMerge:
 
 # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
 # patches here are for enabling the CA injection for each CRD
-- patches/cainjection_in_flowcollectors.yaml
+#- patches/cainjection_in_flowcollectors.yaml
 #+kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 patches:

config/manager/kustomization.yaml

@@ -15,6 +15,6 @@ kind: Kustomization
 images:
 - name: controller
   newName: quay.io/netobserv/network-observability-operator
-  newTag: 1.0.1
+  newTag: 1.0.2
 commonLabels:
   app: netobserv-operator

config/manager/manager.yaml

@@ -29,11 +29,11 @@ spec:
         - --console-plugin-image=$(RELATED_IMAGE_CONSOLE_PLUGIN)
         env:
           - name: RELATED_IMAGE_EBPF_AGENT
-            value: quay.io/netobserv/netobserv-ebpf-agent:v0.2.4
+            value: quay.io/netobserv/netobserv-ebpf-agent:v0.3.0
           - name: RELATED_IMAGE_FLOWLOGS_PIPELINE
-            value: quay.io/netobserv/flowlogs-pipeline:v0.1.7
+            value: quay.io/netobserv/flowlogs-pipeline:v0.1.8
           - name: RELATED_IMAGE_CONSOLE_PLUGIN
-            value: quay.io/netobserv/network-observability-console-plugin:v0.1.8
+            value: quay.io/netobserv/network-observability-console-plugin:v0.1.9
         image: controller:latest
         name: manager
         imagePullPolicy: Always

config/manifests/bases/description-ocp.md

@@ -32,7 +32,7 @@ oc apply -f <(curl -L https://raw.githubusercontent.com/netobserv/documents/252b
 
 ## Configuration
 
-The `FlowCollector` resource is used to configure the operator and its managed components. A comprehensive documentation is [available here](https://github.com/netobserv/network-observability-operator/blob/1.0.1/docs/FlowCollector.md), and a full sample file [there](https://github.com/netobserv/network-observability-operator/blob/1.0.1/config/samples/flows_v1alpha1_flowcollector.yaml).
+The `FlowCollector` resource is used to configure the operator and its managed components. A comprehensive documentation is [available here](https://github.com/netobserv/network-observability-operator/blob/1.0.2/docs/FlowCollector.md), and a full sample file [there](https://github.com/netobserv/network-observability-operator/blob/1.0.2/config/samples/flows_v1alpha1_flowcollector.yaml).
 
 To edit configuration in cluster, run:
 
@@ -48,7 +48,7 @@ A couple of settings deserve special attention:
 
 - Loki (`spec.loki`): configure here how to reach Loki. The default values match the Loki quick install paths mentioned above, but you may have to configure differently if you used another installation method.
 
-- Quick filters (`spec.consolePlugin.quickFilters`): configure preset filters to be displayed in the Console plugin. They offer a way to quickly switch from filters to others, such as showing / hiding pods network, or infrastructure network, or application network, etc. They can be tuned to reflect the different workloads running on your cluster. For a list of available filters, [check this page](https://github.com/netobserv/network-observability-operator/blob/1.0.1/docs/QuickFilters.md).
+- Quick filters (`spec.consolePlugin.quickFilters`): configure preset filters to be displayed in the Console plugin. They offer a way to quickly switch from filters to others, such as showing / hiding pods network, or infrastructure network, or application network, etc. They can be tuned to reflect the different workloads running on your cluster. For a list of available filters, [check this page](https://github.com/netobserv/network-observability-operator/blob/1.0.2/docs/QuickFilters.md).
 
 - Kafka (`spec.deploymentModel: KAFKA` and `spec.kafka`): when enabled, integrates the flow collection pipeline with Kafka, by splitting ingestion from transformation (kube enrichment, derived metrics, ...). Kafka can provide better scalability, resiliency and high availability ([view more details](https://www.redhat.com/en/topics/integration/what-is-apache-kafka)). Assumes Kafka is already deployed and a topic is created.
 

config/manifests/bases/description-upstream.md

@@ -32,7 +32,7 @@ kubectl apply -f <(curl -L https://raw.githubusercontent.com/netobserv/documents
 
 ## Configuration
 
-The `FlowCollector` resource is used to configure the operator and its managed components. A comprehensive documentation is [available here](https://github.com/netobserv/network-observability-operator/blob/1.0.1/docs/FlowCollector.md), and a full sample file [there](https://github.com/netobserv/network-observability-operator/blob/1.0.1/config/samples/flows_v1alpha1_flowcollector.yaml).
+The `FlowCollector` resource is used to configure the operator and its managed components. A comprehensive documentation is [available here](https://github.com/netobserv/network-observability-operator/blob/1.0.2/docs/FlowCollector.md), and a full sample file [there](https://github.com/netobserv/network-observability-operator/blob/1.0.2/config/samples/flows_v1alpha1_flowcollector.yaml).
 
 To edit configuration in cluster, run:
 
@@ -50,7 +50,7 @@ A couple of settings deserve special attention:
 
 - Loki (`spec.loki`): configure here how to reach Loki. The default values match the Loki quick install paths mentioned above, but you may have to configure differently if you used another installation method.
 
-- Quick filters (`spec.consolePlugin.quickFilters`): configure preset filters to be displayed in the Console plugin. They offer a way to quickly switch from filters to others, such as showing / hiding pods network, or infrastructure network, or application network, etc. They can be tuned to reflect the different workloads running on your cluster. For a list of available filters, [check this page](https://github.com/netobserv/network-observability-operator/blob/1.0.1/docs/QuickFilters.md).
+- Quick filters (`spec.consolePlugin.quickFilters`): configure preset filters to be displayed in the Console plugin. They offer a way to quickly switch from filters to others, such as showing / hiding pods network, or infrastructure network, or application network, etc. They can be tuned to reflect the different workloads running on your cluster. For a list of available filters, [check this page](https://github.com/netobserv/network-observability-operator/blob/1.0.2/docs/QuickFilters.md).
 
 - Kafka (`spec.deploymentModel: KAFKA` and `spec.kafka`): when enabled, integrates the flow collection pipeline with Kafka, by splitting ingestion from transformation (kube enrichment, derived metrics, ...). Kafka can provide better scalability, resiliency and high availability ([view more details](https://www.redhat.com/en/topics/integration/what-is-apache-kafka)). Assumes Kafka is already deployed and a topic is created.
 

config/manifests/bases/netobserv-operator.clusterserviceversion.yaml

@@ -76,5 +76,5 @@ spec:
   provider:
     name: Red Hat
     url: https://www.redhat.com
-  replaces: netobserv-operator.v0.2.2
+  replaces: netobserv-operator.v1.0.1
   version: 0.0.0

config/manifests/kustomization.yaml

@@ -2,7 +2,7 @@
 # used to generate the 'manifests/' directory in a bundle.
 resources:
 - bases/netobserv-operator.clusterserviceversion.yaml
-- ../openshift
+- ../openshift-olm
 - ../samples
 
 # [WEBHOOK] To enable webhooks, uncomment all the sections with [WEBHOOK] prefix.

config/openshift-olm/kustomization.yaml

@@ -0,0 +1,22 @@
+# Adds namespace to all resources.
+namespace: netobserv
+
+# Value of this field is prepended to the
+# names of all resources, e.g. a deployment named
+# "wordpress" becomes "alices-wordpress".
+# Note that it should also match with the prefix (text before '-') of the namespace
+# field above.
+namePrefix: netobserv-
+
+# Labels to add to all resources and selectors.
+#commonLabels:
+#  someName: someValue
+
+bases:
+- ../crd
+- ../rbac
+- ../manager
+- ../webhook
+- namespace.yaml
+patchesStrategicMerge:
+- patch.yaml

config/openshift-olm/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: netobserv