From bbbf33040346af536de8347e3b4b0d27f46216e7 Mon Sep 17 00:00:00 2001 From: steven Date: Tue, 19 Nov 2024 16:56:22 +0800 Subject: [PATCH] refactor: bump operator-go to 0.12-dev (#163) * refactor: bump domain to kubedoop.dev * bump(deps): bump operator-go to 0.12-dev --- .github/ISSUE_TEMPLATE/feature_request.yml | 2 +- Makefile | 43 ++-- PROJECT | 6 +- README.md | 2 +- api/v1alpha1/groupversion_info.go | 4 +- cmd/csi_driver/main.go | 2 +- cmd/main.go | 2 +- ...=> secrets.kubedoo.dev_secretclasses.yaml} | 4 +- .../secrets.kubedoop.dev_secretclasses.yaml | 199 ++++++++++++++++++ ...l => secrets.kubedoop.dev_secretcsis.yaml} | 4 +- config/crd/kustomization.yaml | 4 +- .../patches/cainjection_in_secretclasses.yaml | 2 +- .../patches/cainjection_in_secretcsis.yaml | 2 +- .../crd/patches/webhook_in_secretclasses.yaml | 2 +- config/crd/patches/webhook_in_secretcsis.yaml | 2 +- config/csi/csidriver.yaml | 2 +- config/csi/daemonset.yaml | 4 +- config/csi/secretclass.yaml | 2 +- config/csi/storageclass.yaml | 4 +- config/default/kustomization.yaml | 4 +- config/rbac/role.yaml | 6 +- config/rbac/secretclass_editor_role.yaml | 4 +- config/rbac/secretclass_viewer_role.yaml | 4 +- config/rbac/secretcsi_editor_role.yaml | 4 +- config/rbac/secretcsi_viewer_role.yaml | 4 +- .../samples/secrets_v1alpha1_secretclass.yaml | 4 +- .../samples/secrets_v1alpha1_secretcsi.yaml | 2 +- examples/simple-https.yaml | 6 +- examples/simple-shell.yaml | 8 +- go.mod | 2 +- go.sum | 4 +- internal/controller/secretclass_controller.go | 6 +- internal/controller/secretcsi/controller.go | 6 +- internal/controller/secretcsi/csidriver.go | 2 +- internal/controller/secretcsi/rbac.go | 2 +- internal/controller/secretcsi/storageclass.go | 4 +- internal/csi/controller.go | 2 +- internal/csi/driver.go | 2 +- internal/csi/node.go | 6 +- pkg/kerberos/config.go | 2 +- pkg/volume/volume.go | 18 +- test/e2e/krb5/chainsaw-test.yaml | 6 +- test/e2e/krb5/node-scope.yaml | 14 +- test/e2e/krb5/pod-scope.yaml | 14 +- test/e2e/krb5/service-scope.yaml | 12 +- .../search-in-default-ns/00-secretclass.yml | 2 +- .../search-in-default-ns/01-pod-for-ns.yaml | 4 +- test/e2e/search-in-default-ns/01-secret.yaml | 2 +- .../search-in-default-ns/10-secretclass.yaml | 2 +- .../search-in-default-ns/11-pod-for-pod.yaml | 4 +- test/e2e/search-in-default-ns/11-secret.yaml | 2 +- .../21-pod-with-scope.yaml | 6 +- test/e2e/search-in-default-ns/21-secret.yaml | 4 +- test/e2e/tls/autotls.yaml | 14 +- test/e2e/tls/secretcsi-assert.yaml | 2 +- 55 files changed, 341 insertions(+), 141 deletions(-) rename config/crd/bases/{secrets.zncdata.dev_secretclasses.yaml => secrets.kubedoo.dev_secretclasses.yaml} (99%) create mode 100644 config/crd/bases/secrets.kubedoop.dev_secretclasses.yaml rename config/crd/bases/{secrets.zncdata.dev_secretcsis.yaml => secrets.kubedoop.dev_secretcsis.yaml} (99%) diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml index 8da7fc9..16800c1 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.yml +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -6,7 +6,7 @@ body: - type: markdown attributes: value: | - First, check out our [Collaboration Guide](https://zncdata.dev/docs/developer-manual/collaboration) + First, check out our [Collaboration Guide](https://kubedoop.dev/docs/developer-manual/collaboration) Please provide a searchable summary of the issue in the title above ⬆️. - type: dropdown attributes: diff --git a/Makefile b/Makefile index 139ae93..1207475 100644 --- a/Makefile +++ b/Makefile @@ -134,7 +134,7 @@ docker-push: ## Push docker image with the manager. .PHONY: docker-buildx docker-buildx: ## Build and push docker image for the manager for cross-platform support # copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile - sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross + sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' build/Dockerfile > Dockerfile.cross - $(CONTAINER_TOOL) buildx create --name $(PROJECT_NAME)-builder $(CONTAINER_TOOL) buildx use $(PROJECT_NAME)-builder - $(CONTAINER_TOOL) buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross . @@ -266,26 +266,6 @@ mv $(1) $(1)-$(3) ;\ ln -sf $(1)-$(3) $(1) endef -HELM_DEPENDS ?= commons-operator listener-operator -TEST_NAMESPACE = kubedoop-operators - -.PHONY: helm-install-depends -helm-install-depends: helm ## Install the helm chart depends. - $(HELM) repo add kubedoop https://zncdatadev.github.io/kubedoop-helm-charts/ -ifneq ($(strip $(HELM_DEPENDS)),) - for dep in $(HELM_DEPENDS); do \ - $(HELM) upgrade --install --create-namespace --namespace $(TEST_NAMESPACE) --wait $$dep kubedoop/$$dep --version $(VERSION); \ - done -endif - -## helm uninstall depends -.PHONY: helm-uninstall-depends -helm-uninstall-depends: helm ## Uninstall the helm chart depends. -ifneq ($(strip $(HELM_DEPENDS)),) - for dep in $(HELM_DEPENDS); do \ - $(HELM) uninstall --namespace $(TEST_NAMESPACE) $$dep; \ - done -endif ##@ Chainsaw-E2E @@ -298,6 +278,9 @@ KIND_KUBECONFIG ?= ./kind-kubeconfig-$(KINDTEST_K8S_VERSION) KIND_CLUSTER_NAME ?= ${PROJECT_NAME}-$(KINDTEST_K8S_VERSION) KIND_CONFIG ?= test/e2e/kind-config.yaml +HELM_DEPENDS ?= commons-operator listener-operator +TEST_NAMESPACE = kubedoop-operators + CHAINSAW = $(LOCALBIN)/chainsaw # Create a kind cluster @@ -309,6 +292,24 @@ kind-create: kind ## Create a kind cluster. kind-delete: kind ## Delete a kind cluster. $(KIND) delete cluster --name $(KIND_CLUSTER_NAME) +.PHONY: helm-install-depends +helm-install-depends: helm ## Install the helm chart depends. + $(HELM) repo add kubedoop https://zncdatadev.github.io/kubedoop-helm-charts/ +ifneq ($(strip $(HELM_DEPENDS)),) + for dep in $(HELM_DEPENDS); do \ + $(HELM) upgrade --install --create-namespace --namespace $(TEST_NAMESPACE) --wait $$dep kubedoop/$$dep --version $(VERSION); \ + done +endif + +## helm uninstall depends +.PHONY: helm-uninstall-depends +helm-uninstall-depends: helm ## Uninstall the helm chart depends. +ifneq ($(strip $(HELM_DEPENDS)),) + for dep in $(HELM_DEPENDS); do \ + $(HELM) uninstall --namespace $(TEST_NAMESPACE) $$dep; \ + done +endif + # chainsaw # Use `grep 0.2.6 > /dev/null` instead of `grep -q 0.2.6`. It will not be able to determine the version number, diff --git a/PROJECT b/PROJECT index 20917be..3c648a5 100644 --- a/PROJECT +++ b/PROJECT @@ -2,7 +2,7 @@ # This file is used to track the info used to scaffold your project # and allow the plugins properly work. # More info: https://book.kubebuilder.io/reference/project-config.html -domain: zncdata.dev +domain: kubedoop.dev layout: - go.kubebuilder.io/v4 projectName: secret-operator @@ -12,7 +12,7 @@ resources: crdVersion: v1 namespaced: true controller: true - domain: zncdata.dev + domain: kubedoop.dev group: secrets kind: SecretClass path: github.com/zncdatadev/secret-operator/api/v1alpha1 @@ -21,7 +21,7 @@ resources: crdVersion: v1 namespaced: true controller: true - domain: zncdata.dev + domain: kubedoop.dev group: secrets kind: SecretCSI path: github.com/zncdatadev/secret-operator/api/v1alpha1 diff --git a/README.md b/README.md index ffef4eb..08a4de6 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ Kubedoop built-in operators: ## Contributing -If you'd like to contribute to Kubedoop, please refer to our [Contributing Guide](https://zncdata.dev/docs/developer-manual/collaboration) for more information. +If you'd like to contribute to Kubedoop, please refer to our [Contributing Guide](https://kubedoop.dev/docs/developer-manual/collaboration) for more information. We welcome contributions of all kinds, including but not limited to code, documentation, and use cases. ## License diff --git a/api/v1alpha1/groupversion_info.go b/api/v1alpha1/groupversion_info.go index facde43..42240c8 100644 --- a/api/v1alpha1/groupversion_info.go +++ b/api/v1alpha1/groupversion_info.go @@ -16,7 +16,7 @@ limitations under the License. // Package v1alpha1 contains API Schema definitions for the secrets v1alpha1 API group // +kubebuilder:object:generate=true -// +groupName=secrets.zncdata.dev +// +groupName=secrets.kubedoop.dev package v1alpha1 import ( @@ -26,7 +26,7 @@ import ( var ( // GroupVersion is group version used to register these objects - GroupVersion = schema.GroupVersion{Group: "secrets.zncdata.dev", Version: "v1alpha1"} + GroupVersion = schema.GroupVersion{Group: "secrets.kubedoop.dev", Version: "v1alpha1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} diff --git a/cmd/csi_driver/main.go b/cmd/csi_driver/main.go index 45ab8c4..45ab5b3 100644 --- a/cmd/csi_driver/main.go +++ b/cmd/csi_driver/main.go @@ -79,7 +79,7 @@ func main() { Scheme: scheme, HealthProbeBindAddress: *probeAddr, LeaderElection: *enableLeaderElection, - LeaderElectionID: "8b74b19a.zncdata.dev", + LeaderElectionID: "8b74b19a.kubedoop.dev", // LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily // when the Manager ends. This requires the binary to immediately end when the // Manager is stopped, otherwise, this setting is unsafe. Setting this significantly diff --git a/cmd/main.go b/cmd/main.go index 6a0243e..c767f67 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -119,7 +119,7 @@ func main() { HealthProbeBindAddress: *probeAddr, LeaderElection: *enableLeaderElection, WebhookServer: webhookServer, - LeaderElectionID: "8b74b19a.zncdata.dev", + LeaderElectionID: "8b74b19a.kubedoop.dev", // LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily // when the Manager ends. This requires the binary to immediately end when the // Manager is stopped, otherwise, this setting is unsafe. Setting this significantly diff --git a/config/crd/bases/secrets.zncdata.dev_secretclasses.yaml b/config/crd/bases/secrets.kubedoo.dev_secretclasses.yaml similarity index 99% rename from config/crd/bases/secrets.zncdata.dev_secretclasses.yaml rename to config/crd/bases/secrets.kubedoo.dev_secretclasses.yaml index b62186c..f4e1587 100644 --- a/config/crd/bases/secrets.zncdata.dev_secretclasses.yaml +++ b/config/crd/bases/secrets.kubedoo.dev_secretclasses.yaml @@ -4,9 +4,9 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.5 - name: secretclasses.secrets.zncdata.dev + name: secretclasses.secrets.kubedoop.dev spec: - group: secrets.zncdata.dev + group: secrets.kubedoop.dev names: kind: SecretClass listKind: SecretClassList diff --git a/config/crd/bases/secrets.kubedoop.dev_secretclasses.yaml b/config/crd/bases/secrets.kubedoop.dev_secretclasses.yaml new file mode 100644 index 0000000..f4e1587 --- /dev/null +++ b/config/crd/bases/secrets.kubedoop.dev_secretclasses.yaml @@ -0,0 +1,199 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + name: secretclasses.secrets.kubedoop.dev +spec: + group: secrets.kubedoop.dev + names: + kind: SecretClass + listKind: SecretClassList + plural: secretclasses + singular: secretclass + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: SecretClass is the Schema for the secretclasses API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: SecretClassSpec defines the desired state of SecretClass + properties: + backend: + properties: + autoTls: + properties: + ca: + properties: + autoGenerated: + default: false + type: boolean + caCertificateLifeTime: + default: 8760h + description: |- + Use time.ParseDuration to parse the string + Default is 8760h (1 year) + type: string + secret: + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + required: + - secret + type: object + maxCertificateLifeTime: + default: 360h + description: |- + Use time.ParseDuration to parse the string + Default is 360h (15 days) + type: string + required: + - ca + type: object + k8sSearch: + properties: + searchNamespace: + properties: + name: + type: string + pod: + type: object + type: object + required: + - searchNamespace + type: object + kerberosKeytab: + properties: + adminKeytabSecret: + properties: + name: + description: Contains the `keytab` name of the secret + type: string + namespace: + type: string + required: + - name + - namespace + type: object + adminPrincipal: + type: string + adminServer: + properties: + mit: + properties: + kadminServer: + type: string + required: + - kadminServer + type: object + required: + - mit + type: object + kdc: + type: string + realm: + type: string + required: + - adminKeytabSecret + - adminPrincipal + - adminServer + - kdc + - realm + type: object + type: object + type: object + status: + description: SecretClassStatus defines the observed state of SecretClass + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/secrets.zncdata.dev_secretcsis.yaml b/config/crd/bases/secrets.kubedoop.dev_secretcsis.yaml similarity index 99% rename from config/crd/bases/secrets.zncdata.dev_secretcsis.yaml rename to config/crd/bases/secrets.kubedoop.dev_secretcsis.yaml index 889475b..88accec 100644 --- a/config/crd/bases/secrets.zncdata.dev_secretcsis.yaml +++ b/config/crd/bases/secrets.kubedoop.dev_secretcsis.yaml @@ -4,9 +4,9 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.5 - name: secretcsis.secrets.zncdata.dev + name: secretcsis.secrets.kubedoop.dev spec: - group: secrets.zncdata.dev + group: secrets.kubedoop.dev names: kind: SecretCSI listKind: SecretCSIList diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index 3c829d9..7c78200 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -2,8 +2,8 @@ # since it depends on service name and namespace that are out of this kustomize package. # It should be run by config/default resources: -- bases/secrets.zncdata.dev_secretclasses.yaml -- bases/secrets.zncdata.dev_secretcsis.yaml +- bases/secrets.kubedoop.dev_secretclasses.yaml +- bases/secrets.kubedoop.dev_secretcsis.yaml #+kubebuilder:scaffold:crdkustomizeresource patches: diff --git a/config/crd/patches/cainjection_in_secretclasses.yaml b/config/crd/patches/cainjection_in_secretclasses.yaml index 112da46..e4836a3 100644 --- a/config/crd/patches/cainjection_in_secretclasses.yaml +++ b/config/crd/patches/cainjection_in_secretclasses.yaml @@ -4,4 +4,4 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME - name: secretclasses.secrets.zncdata.dev + name: secretclasses.secrets.kubedoop.dev diff --git a/config/crd/patches/cainjection_in_secretcsis.yaml b/config/crd/patches/cainjection_in_secretcsis.yaml index 1d9bdf6..8783efd 100644 --- a/config/crd/patches/cainjection_in_secretcsis.yaml +++ b/config/crd/patches/cainjection_in_secretcsis.yaml @@ -4,4 +4,4 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME - name: secretcsis.secrets.zncdata.dev + name: secretcsis.secrets.kubedoop.dev diff --git a/config/crd/patches/webhook_in_secretclasses.yaml b/config/crd/patches/webhook_in_secretclasses.yaml index 82de0c4..d19b0b3 100644 --- a/config/crd/patches/webhook_in_secretclasses.yaml +++ b/config/crd/patches/webhook_in_secretclasses.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: secretclasses.secrets.zncdata.dev + name: secretclasses.secrets.kubedoop.dev spec: conversion: strategy: Webhook diff --git a/config/crd/patches/webhook_in_secretcsis.yaml b/config/crd/patches/webhook_in_secretcsis.yaml index b5b8c7c..ee31d0d 100644 --- a/config/crd/patches/webhook_in_secretcsis.yaml +++ b/config/crd/patches/webhook_in_secretcsis.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: secretcsis.secrets.zncdata.dev + name: secretcsis.secrets.kubedoop.dev spec: conversion: strategy: Webhook diff --git a/config/csi/csidriver.yaml b/config/csi/csidriver.yaml index 5954445..8581c4c 100644 --- a/config/csi/csidriver.yaml +++ b/config/csi/csidriver.yaml @@ -2,7 +2,7 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: secrets.zncdata.dev + name: secrets.kubedoop.dev labels: control-plane: controller-manager app.kubernetes.io/name: secret-operator diff --git a/config/csi/daemonset.yaml b/config/csi/daemonset.yaml index 29693b0..92d5de5 100644 --- a/config/csi/daemonset.yaml +++ b/config/csi/daemonset.yaml @@ -93,7 +93,7 @@ spec: - name: ADDRESS value: unix:///csi/csi.sock - name: DRIVER_REG_SOCK_PATH - value: /var/lib/kubelet/plugins/secrets.zncdata.dev/csi.sock + value: /var/lib/kubelet/plugins/secrets.kubedoop.dev/csi.sock args: - --csi-address=$(ADDRESS) - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) @@ -125,7 +125,7 @@ spec: - name: plugin-dir hostPath: type: DirectoryOrCreate - path: /var/lib/kubelet/plugins/secrets.zncdata.dev/ + path: /var/lib/kubelet/plugins/secrets.kubedoop.dev/ - name: mountpoint-dir hostPath: type: DirectoryOrCreate diff --git a/config/csi/secretclass.yaml b/config/csi/secretclass.yaml index 2f26dc6..0727af4 100644 --- a/config/csi/secretclass.yaml +++ b/config/csi/secretclass.yaml @@ -1,4 +1,4 @@ -apiVersion: secrets.zncdata.dev/v1alpha1 +apiVersion: secrets.kubedoop.dev/v1alpha1 kind: SecretClass metadata: name: tls diff --git a/config/csi/storageclass.yaml b/config/csi/storageclass.yaml index bad8025..818e031 100644 --- a/config/csi/storageclass.yaml +++ b/config/csi/storageclass.yaml @@ -1,10 +1,10 @@ apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: - name: secrets.zncdata.dev + name: secrets.kubedoop.dev labels: control-plane: controller-manager app.kubernetes.io/name: secret-operator app.kubernetes.io/instance: controller-manager app.kubernetes.io/managed-by: kustomize -provisioner: secrets.zncdata.dev +provisioner: secrets.kubedoop.dev diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index e1f46cd..b16c840 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -44,7 +44,7 @@ resources: replacements: - source: kind: CustomResourceDefinition - name: secretcsis.secrets.zncdata.dev + name: secretcsis.secrets.kubedoop.dev fieldPath: spec.group targets: - select: @@ -58,7 +58,7 @@ replacements: patchesJson6902: # patches can not be applied currently - target: - group: secrets.zncdata.dev + group: secrets.kubedoop.dev kind: SecretClass name: secret-operator-tls version: v1alpha1 diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 384f424..3df3266 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -65,7 +65,7 @@ rules: - update - watch - apiGroups: - - secrets.zncdata.dev + - secrets.kubedoop.dev resources: - secretclasses - secretcsis @@ -78,14 +78,14 @@ rules: - update - watch - apiGroups: - - secrets.zncdata.dev + - secrets.kubedoop.dev resources: - secretclasses/finalizers - secretcsis/finalizers verbs: - update - apiGroups: - - secrets.zncdata.dev + - secrets.kubedoop.dev resources: - secretclasses/status - secretcsis/status diff --git a/config/rbac/secretclass_editor_role.yaml b/config/rbac/secretclass_editor_role.yaml index c320576..b21e0ce 100644 --- a/config/rbac/secretclass_editor_role.yaml +++ b/config/rbac/secretclass_editor_role.yaml @@ -12,7 +12,7 @@ metadata: name: secretclass-editor-role rules: - apiGroups: - - secrets.zncdata.dev + - secrets.kubedoop.dev resources: - secretclasses verbs: @@ -24,7 +24,7 @@ rules: - update - watch - apiGroups: - - secrets.zncdata.dev + - secrets.kubedoop.dev resources: - secretclasses/status verbs: diff --git a/config/rbac/secretclass_viewer_role.yaml b/config/rbac/secretclass_viewer_role.yaml index 28ea29b..4fdc9f1 100644 --- a/config/rbac/secretclass_viewer_role.yaml +++ b/config/rbac/secretclass_viewer_role.yaml @@ -12,7 +12,7 @@ metadata: name: secretclass-viewer-role rules: - apiGroups: - - secrets.zncdata.dev + - secrets.kubedoop.dev resources: - secretclasses verbs: @@ -20,7 +20,7 @@ rules: - list - watch - apiGroups: - - secrets.zncdata.dev + - secrets.kubedoop.dev resources: - secretclasses/status verbs: diff --git a/config/rbac/secretcsi_editor_role.yaml b/config/rbac/secretcsi_editor_role.yaml index 324b914..7a4130f 100644 --- a/config/rbac/secretcsi_editor_role.yaml +++ b/config/rbac/secretcsi_editor_role.yaml @@ -12,7 +12,7 @@ metadata: name: secretcsi-editor-role rules: - apiGroups: - - secrets.zncdata.dev + - secrets.kubedoop.dev resources: - secretcsis verbs: @@ -24,7 +24,7 @@ rules: - update - watch - apiGroups: - - secrets.zncdata.dev + - secrets.kubedoop.dev resources: - secretcsis/status verbs: diff --git a/config/rbac/secretcsi_viewer_role.yaml b/config/rbac/secretcsi_viewer_role.yaml index a950c36..8191563 100644 --- a/config/rbac/secretcsi_viewer_role.yaml +++ b/config/rbac/secretcsi_viewer_role.yaml @@ -12,7 +12,7 @@ metadata: name: secretcsi-viewer-role rules: - apiGroups: - - secrets.zncdata.dev + - secrets.kubedoop.dev resources: - secretcsis verbs: @@ -20,7 +20,7 @@ rules: - list - watch - apiGroups: - - secrets.zncdata.dev + - secrets.kubedoop.dev resources: - secretcsis/status verbs: diff --git a/config/samples/secrets_v1alpha1_secretclass.yaml b/config/samples/secrets_v1alpha1_secretclass.yaml index 3102381..495a8ad 100644 --- a/config/samples/secrets_v1alpha1_secretclass.yaml +++ b/config/samples/secrets_v1alpha1_secretclass.yaml @@ -1,4 +1,4 @@ -apiVersion: secrets.zncdata.dev/v1alpha1 +apiVersion: secrets.kubedoop.dev/v1alpha1 kind: SecretClass metadata: labels: @@ -14,7 +14,7 @@ spec: searchNamespace: name: default --- -apiVersion: secrets.zncdata.dev/v1alpha1 +apiVersion: secrets.kubedoop.dev/v1alpha1 kind: SecretClass metadata: name: tls diff --git a/config/samples/secrets_v1alpha1_secretcsi.yaml b/config/samples/secrets_v1alpha1_secretcsi.yaml index 6c7a098..303bd5f 100644 --- a/config/samples/secrets_v1alpha1_secretcsi.yaml +++ b/config/samples/secrets_v1alpha1_secretcsi.yaml @@ -1,4 +1,4 @@ -apiVersion: secrets.zncdata.dev/v1alpha1 +apiVersion: secrets.kubedoop.dev/v1alpha1 kind: SecretCSI metadata: labels: diff --git a/examples/simple-https.yaml b/examples/simple-https.yaml index ef45264..9d1c2e8 100644 --- a/examples/simple-https.yaml +++ b/examples/simple-https.yaml @@ -38,10 +38,10 @@ spec: volumeClaimTemplate: metadata: annotations: - secrets.zncdata.dev/class: tls - secrets.zncdata.dev/scope: node,pod,service=secret-consumer-nginx + secrets.kubedoop.dev/class: tls + secrets.kubedoop.dev/scope: node,pod,service=secret-consumer-nginx spec: - storageClassName: secrets.zncdata.dev + storageClassName: secrets.kubedoop.dev accessModes: [ "ReadWriteOnce" ] resources: requests: diff --git a/examples/simple-shell.yaml b/examples/simple-shell.yaml index 6aabe56..4d73b91 100644 --- a/examples/simple-shell.yaml +++ b/examples/simple-shell.yaml @@ -34,9 +34,9 @@ spec: volumeClaimTemplate: metadata: annotations: - secrets.zncdata.dev/class: secret # k8sSearch will search the secret with the same label + secrets.kubedoop.dev/class: secret # k8sSearch will search the secret with the same label spec: - storageClassName: secrets.zncdata.dev + storageClassName: secrets.kubedoop.dev accessModes: [ "ReadWriteOnce" ] resources: requests: @@ -53,14 +53,14 @@ metadata: name: mysecret labels: # Secret must set the label to the same value with pvc template annonation by k8sSearch - secrets.zncdata.dev/class: secret + secrets.kubedoop.dev/class: secret type: Opaque stringData: username: admin password: admin --- -apiVersion: secrets.zncdata.dev/v1alpha1 +apiVersion: secrets.kubedoop.dev/v1alpha1 kind: SecretClass metadata: name: secret diff --git a/go.mod b/go.mod index 001f60c..1d9477e 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/kubernetes-csi/csi-lib-utils v0.19.0 github.com/onsi/ginkgo/v2 v2.21.0 github.com/onsi/gomega v1.35.1 - github.com/zncdatadev/operator-go v0.11.2 + github.com/zncdatadev/operator-go v0.11.3-0.20241119024050-350d91b7a332 google.golang.org/grpc v1.68.0 k8s.io/api v0.31.2 k8s.io/apimachinery v0.31.2 diff --git a/go.sum b/go.sum index eeba759..e8ef31e 100644 --- a/go.sum +++ b/go.sum @@ -140,8 +140,8 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/zncdatadev/operator-go v0.11.2 h1:/3ti+26D9w38gZV2eQLIz62mPe45em3Ej8iePoSj/04= -github.com/zncdatadev/operator-go v0.11.2/go.mod h1:Thc0Jo5LuXnwrb73shfI63PKlxC+7cGq7SClzo3Y5qI= +github.com/zncdatadev/operator-go v0.11.3-0.20241119024050-350d91b7a332 h1:KzD7yCE09cm7caFGk6/LWIJQ5rKNFWTxB7zESmmALpw= +github.com/zncdatadev/operator-go v0.11.3-0.20241119024050-350d91b7a332/go.mod h1:9QGIaH5gTDgpv0kftcGkBGqCIj7cboC5ZMES9fZy4XI= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg= go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo= diff --git a/internal/controller/secretclass_controller.go b/internal/controller/secretclass_controller.go index 8b668a0..21f1482 100644 --- a/internal/controller/secretclass_controller.go +++ b/internal/controller/secretclass_controller.go @@ -33,9 +33,9 @@ type SecretClassReconciler struct { Scheme *runtime.Scheme } -// +kubebuilder:rbac:groups=secrets.zncdata.dev,resources=secretclasses,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=secrets.zncdata.dev,resources=secretclasses/status,verbs=get;update;patch -// +kubebuilder:rbac:groups=secrets.zncdata.dev,resources=secretclasses/finalizers,verbs=update +// +kubebuilder:rbac:groups=secrets.kubedoop.dev,resources=secretclasses,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=secrets.kubedoop.dev,resources=secretclasses/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=secrets.kubedoop.dev,resources=secretclasses/finalizers,verbs=update // Reconcile is part of the main kubernetes reconciliation loop which aims to // move the current state of the cluster closer to the desired state. diff --git a/internal/controller/secretcsi/controller.go b/internal/controller/secretcsi/controller.go index 2045ad7..308c1ea 100644 --- a/internal/controller/secretcsi/controller.go +++ b/internal/controller/secretcsi/controller.go @@ -42,9 +42,9 @@ type SecretCSIReconciler struct { Scheme *runtime.Scheme } -// +kubebuilder:rbac:groups=secrets.zncdata.dev,resources=secretcsis,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=secrets.zncdata.dev,resources=secretcsis/status,verbs=get;update;patch -// +kubebuilder:rbac:groups=secrets.zncdata.dev,resources=secretcsis/finalizers,verbs=update +// +kubebuilder:rbac:groups=secrets.kubedoop.dev,resources=secretcsis,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=secrets.kubedoop.dev,resources=secretcsis/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=secrets.kubedoop.dev,resources=secretcsis/finalizers,verbs=update // +kubebuilder:rbac:groups=storage.k8s.io,resources=csidrivers,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=storage.k8s.io,resources=storageclasses,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=core,resources=events,verbs=get;list;watch;create;update;patch diff --git a/internal/controller/secretcsi/csidriver.go b/internal/controller/secretcsi/csidriver.go index 6cb355f..4064f4a 100644 --- a/internal/controller/secretcsi/csidriver.go +++ b/internal/controller/secretcsi/csidriver.go @@ -40,7 +40,7 @@ func (r *CSIDriver) build() *storage.CSIDriver { obj := &storage.CSIDriver{ ObjectMeta: metav1.ObjectMeta{ - Name: "secrets.zncdata.dev", + Name: "secrets.kubedoop.dev", Labels: map[string]string{ "app.kubernetes.io/managed-by": "secret-operator", }, diff --git a/internal/controller/secretcsi/rbac.go b/internal/controller/secretcsi/rbac.go index 89e3bc8..bf4200e 100644 --- a/internal/controller/secretcsi/rbac.go +++ b/internal/controller/secretcsi/rbac.go @@ -129,7 +129,7 @@ func (r *RBAC) buildClusterRole() *rbacv1.ClusterRole { Verbs: []string{"get", "list", "watch"}, }, { - APIGroups: []string{"secrets.zncdata.dev"}, + APIGroups: []string{"secrets.kubedoop.dev"}, Resources: []string{"secretclasses"}, Verbs: []string{"get", "list", "watch"}, }, diff --git a/internal/controller/secretcsi/storageclass.go b/internal/controller/secretcsi/storageclass.go index 01a258d..45787ba 100644 --- a/internal/controller/secretcsi/storageclass.go +++ b/internal/controller/secretcsi/storageclass.go @@ -36,12 +36,12 @@ func (r *StorageClass) build() *storage.StorageClass { obj := &storage.StorageClass{ ObjectMeta: metav1.ObjectMeta{ - Name: "secrets.zncdata.dev", + Name: "secrets.kubedoop.dev", Labels: map[string]string{ "app.kubernetes.io/managed-by": "secret-operator", }, }, - Provisioner: "secrets.zncdata.dev", + Provisioner: "secrets.kubedoop.dev", } return obj diff --git a/internal/csi/controller.go b/internal/csi/controller.go index 66742e2..9a0f0df 100644 --- a/internal/csi/controller.go +++ b/internal/csi/controller.go @@ -119,7 +119,7 @@ func (c *ControllerServer) getPvc(name, namespace string) (*corev1.PersistentVol // When adding '--extra-create-metadata' args in sidecar of registry.k8s.io/sig-storage/csi-provisioner container, we can get // 'csi.storage.k8s.io/pvc/name' and 'csi.storage.k8s.io/pvc/namespace' from params. // - get PVC by k8s client with PVC name and namespace, then get annotations from PVC. -// - get 'secrets.zncdata.dev/class' and 'secrets.zncdata.dev/scope' from PVC annotations. +// - get 'secrets.kubedoop.dev/class' and 'secrets.kubedoop.dev/scope' from PVC annotations. func (c *ControllerServer) getVolumeContext(createVolumeRequestParams map[string]string) (*volume.SecretVolumeSelector, error) { pvcName, pvcNameExists := createVolumeRequestParams["csi.storage.k8s.io/pvc/name"] pvcNamespace, pvcNamespaceExists := createVolumeRequestParams["csi.storage.k8s.io/pvc/namespace"] diff --git a/internal/csi/driver.go b/internal/csi/driver.go index 77006fc..47123d2 100644 --- a/internal/csi/driver.go +++ b/internal/csi/driver.go @@ -11,7 +11,7 @@ import ( ) const ( - DefaultDriverName = "secrets.zncdata.dev" + DefaultDriverName = "secrets.kubedoop.dev" ) var ( diff --git a/internal/csi/node.go b/internal/csi/node.go index dab59c7..ab14203 100644 --- a/internal/csi/node.go +++ b/internal/csi/node.go @@ -75,7 +75,7 @@ func (n *NodeServer) NodePublishVolume(ctx context.Context, request *csi.NodePub // In this csi, we can get PVC annotations from volume context, // because we deliver it from controller to node already. // The following PVC annotations is required: - // - secrets.zncdata.dev/class: + // - secrets.kubedoop.dev/class: volumeSelector, err := volume.NewVolumeSelectorFromMap(request.GetVolumeContext()) if err != nil { return nil, status.Error(codes.InvalidArgument, err.Error()) @@ -131,7 +131,7 @@ func (n *NodeServer) NodePublishVolume(ctx context.Context, request *csi.NodePub // updatePod updates the pod annotation with the secret expiration time. // The volume ID is hashed using sha256, and the first 16 bytes are used as the volume tag. -// Then, the expiration time is written to the pod annotation with the key "secrets.zncdata.dev/restarter-expires-at:". +// Then, the expiration time is written to the pod annotation with the key "secrets.kubedoop.dev/restarter-expires-at:". // // Considering the length 63 limitation of Kubernetes annotations, we hash the volume ID to maintain the readability of the annotation // and its association with the volume. However, truncating the hash to the first 16 bytes may introduce collision risks. @@ -146,7 +146,7 @@ func (n *NodeServer) updatePod(ctx context.Context, pod *corev1.Pod, volumeID st } volumeTagHash := sha256.New() - volumeTagHash.Write([]byte("secrets.zncdata.dev/volume:")) + volumeTagHash.Write([]byte("secrets.kubedoop.dev/volume:")) volumeTagHash.Write([]byte(volumeID)) volumeTag := volumeTagHash.Sum(nil) // get 16 bytes of volume tag, but it maybe cause collision vulnerability diff --git a/pkg/kerberos/config.go b/pkg/kerberos/config.go index 856b4fd..76f2c74 100644 --- a/pkg/kerberos/config.go +++ b/pkg/kerberos/config.go @@ -54,7 +54,7 @@ func (c *Krb5Config) GetRealm() string { // ref: https://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_files/krb5_conf.html#sample-krb5-conf-file func (c *Krb5Config) Content() string { - content := `# krb5.conf generated by secrets.zncdata.dev + content := `# krb5.conf generated by secrets.kubedoop.dev # It will be overwritten by the secret-operator [libdefaults] diff --git a/pkg/volume/volume.go b/pkg/volume/volume.go index d021af9..f8b8de6 100644 --- a/pkg/volume/volume.go +++ b/pkg/volume/volume.go @@ -46,7 +46,7 @@ const ( // even if there is a time limit for elegant shutdown, there will still be a case of pod late restart // resulting in certificate expiration. // To avoid this, the pod expiration time is checked before this buffer time. - AnnotationSecretsCertRestartBuffer string = "secrets.zncdata.dev/" + "autoTlsCertRestartBuffer" + AnnotationSecretsCertRestartBuffer string = "secrets.kubedoop.dev/" + "autoTlsCertRestartBuffer" ) type SecretVolumeSelector struct { @@ -59,16 +59,16 @@ type SecretVolumeSelector struct { CSIProvisionerIdentity string `json:"storage.kubernetes.io/csiProvisionerIdentity"` Provisioner string `json:"volume.kubernetes.io/storage-provisioner"` - Class string `json:"secrets.zncdata.dev/class"` - Scope SecretScope `json:"secrets.zncdata.dev/scope"` - Format SecretFormat `json:"secrets.zncdata.dev/format"` + Class string `json:"secrets.kubedoop.dev/class"` + Scope SecretScope `json:"secrets.kubedoop.dev/scope"` + Format SecretFormat `json:"secrets.kubedoop.dev/format"` - TlsPKCS12Password string `json:"secrets.zncdata.dev/tlsPKCS12Password"` - AutoTlsCertLifetime time.Duration `json:"secrets.zncdata.dev/autoTlsCertLifetime"` - AutoTlsCertJitterFactor float64 `json:"secrets.zncdata.dev/autoTlsCertJitterFactor"` - AutoTlsCertRestartBuffer time.Duration `json:"secrets.zncdata.dev/autoTlsCertRestartBuffer"` + TlsPKCS12Password string `json:"secrets.kubedoop.dev/tlsPKCS12Password"` + AutoTlsCertLifetime time.Duration `json:"secrets.kubedoop.dev/autoTlsCertLifetime"` + AutoTlsCertJitterFactor float64 `json:"secrets.kubedoop.dev/autoTlsCertJitterFactor"` + AutoTlsCertRestartBuffer time.Duration `json:"secrets.kubedoop.dev/autoTlsCertRestartBuffer"` - KerberosServiceNames []string `json:"secrets.zncdata.dev/kerberosServiceNames"` + KerberosServiceNames []string `json:"secrets.kubedoop.dev/kerberosServiceNames"` } type ListScope string diff --git a/test/e2e/krb5/chainsaw-test.yaml b/test/e2e/krb5/chainsaw-test.yaml index f6d9aa2..75cd8c4 100644 --- a/test/e2e/krb5/chainsaw-test.yaml +++ b/test/e2e/krb5/chainsaw-test.yaml @@ -5,9 +5,9 @@ metadata: spec: bindings: - name: relam - value: ZNCDATA.DEV + value: KUBEDOOP.DEV # should be uppercase, must be the same as the realm in krb5.conf - name: kadminPassword - value: zncdatadev + value: kubedoopdev - name: kadminKeytabSecret value: kadmin-keytab steps: @@ -68,7 +68,7 @@ spec: (keytab != ""): true - apply: resource: - apiVersion: secrets.zncdata.dev/v1alpha1 + apiVersion: secrets.kubedoop.dev/v1alpha1 kind: SecretClass metadata: name: kerberos diff --git a/test/e2e/krb5/node-scope.yaml b/test/e2e/krb5/node-scope.yaml index e65fca2..c62a6f6 100644 --- a/test/e2e/krb5/node-scope.yaml +++ b/test/e2e/krb5/node-scope.yaml @@ -14,7 +14,7 @@ spec: - | set -ex dnf install krb5-workstation nginx -y - + echo "Loop is running... (Press Ctrl+C or send SIGTERM to exit)" while ! test -f /opt/secret/keytab; do sleep 1 @@ -22,13 +22,13 @@ spec: done KERBEROS_REALM=$(grep -oP 'default_realm = \K.*' /opt/secret//krb5.conf) - + klist -kt /opt/secret/keytab kinit -kt /opt/secret/keytab foo/$NODE_NAME@$KERBEROS_REALM klist -e - + echo start nginx server nginx -g "daemon off;" env: @@ -61,14 +61,14 @@ spec: volumeClaimTemplate: metadata: annotations: - secrets.zncdata.dev/class: kerberos - secrets.zncdata.dev/kerberosServiceNames: foo - secrets.zncdata.dev/scope: node + secrets.kubedoop.dev/class: kerberos + secrets.kubedoop.dev/kerberosServiceNames: foo + secrets.kubedoop.dev/scope: node spec: accessModes: - ReadWriteOnce resources: requests: storage: "1" - storageClassName: secrets.zncdata.dev + storageClassName: secrets.kubedoop.dev volumeMode: Filesystem diff --git a/test/e2e/krb5/pod-scope.yaml b/test/e2e/krb5/pod-scope.yaml index 46f3fc2..17a0748 100644 --- a/test/e2e/krb5/pod-scope.yaml +++ b/test/e2e/krb5/pod-scope.yaml @@ -27,7 +27,7 @@ spec: - | set -ex dnf install krb5-workstation nginx -y - + echo "Loop is running... (Press Ctrl+C or send SIGTERM to exit)" while ! test -f /opt/secret/keytab; do sleep 1 @@ -37,12 +37,12 @@ spec: KERBEROS_REALM=$(grep -oP 'default_realm = \K.*' /opt/secret//krb5.conf) klist -kt /opt/secret/keytab - + kinit -kt /opt/secret/keytab foo/krb5-pod-scope-service.$NAMESPACE.svc.cluster.local@$KERBEROS_REALM kinit -kt /opt/secret/keytab foo/krb5-pod-scope.krb5-pod-scope-service.$NAMESPACE.svc.cluster.local@$KERBEROS_REALM klist -e - + echo start nginx server nginx -g "daemon off;" env: @@ -80,14 +80,14 @@ spec: volumeClaimTemplate: metadata: annotations: - secrets.zncdata.dev/class: kerberos - secrets.zncdata.dev/kerberosServiceNames: foo - secrets.zncdata.dev/scope: pod + secrets.kubedoop.dev/class: kerberos + secrets.kubedoop.dev/kerberosServiceNames: foo + secrets.kubedoop.dev/scope: pod spec: accessModes: - ReadWriteOnce resources: requests: storage: "1" - storageClassName: secrets.zncdata.dev + storageClassName: secrets.kubedoop.dev volumeMode: Filesystem diff --git a/test/e2e/krb5/service-scope.yaml b/test/e2e/krb5/service-scope.yaml index ec06eec..7ea9e7e 100644 --- a/test/e2e/krb5/service-scope.yaml +++ b/test/e2e/krb5/service-scope.yaml @@ -27,7 +27,7 @@ spec: - | set -ex dnf install krb5-workstation nginx -y - + echo "Loop is running... (Press Ctrl+C or send SIGTERM to exit)" while ! test -f /opt/secret/keytab; do sleep 1 @@ -41,7 +41,7 @@ spec: kinit -kt /opt/secret/keytab foo/krb5-svc-scope-service.$NAMESPACE.svc.cluster.local@$KERBEROS_REALM klist -e - + echo start nginx server nginx -g "daemon off;" env: @@ -77,14 +77,14 @@ spec: volumeClaimTemplate: metadata: annotations: - secrets.zncdata.dev/class: kerberos - secrets.zncdata.dev/kerberosServiceNames: foo - secrets.zncdata.dev/scope: service=krb5-svc-scope-service + secrets.kubedoop.dev/class: kerberos + secrets.kubedoop.dev/kerberosServiceNames: foo + secrets.kubedoop.dev/scope: service=krb5-svc-scope-service spec: accessModes: - ReadWriteOnce resources: requests: storage: "1" - storageClassName: secrets.zncdata.dev + storageClassName: secrets.kubedoop.dev volumeMode: Filesystem diff --git a/test/e2e/search-in-default-ns/00-secretclass.yml b/test/e2e/search-in-default-ns/00-secretclass.yml index 6bc15ab..89e7962 100644 --- a/test/e2e/search-in-default-ns/00-secretclass.yml +++ b/test/e2e/search-in-default-ns/00-secretclass.yml @@ -1,4 +1,4 @@ -apiVersion: secrets.zncdata.dev/v1alpha1 +apiVersion: secrets.kubedoop.dev/v1alpha1 kind: SecretClass metadata: name: search-default-ns diff --git a/test/e2e/search-in-default-ns/01-pod-for-ns.yaml b/test/e2e/search-in-default-ns/01-pod-for-ns.yaml index ee3c65a..e153850 100644 --- a/test/e2e/search-in-default-ns/01-pod-for-ns.yaml +++ b/test/e2e/search-in-default-ns/01-pod-for-ns.yaml @@ -39,10 +39,10 @@ spec: volumeClaimTemplate: metadata: annotations: - secrets.zncdata.dev/class: search-default-ns + secrets.kubedoop.dev/class: search-default-ns spec: accessModes: ["ReadWriteOnce"] - storageClassName: secrets.zncdata.dev + storageClassName: secrets.kubedoop.dev resources: requests: storage: 1Mi diff --git a/test/e2e/search-in-default-ns/01-secret.yaml b/test/e2e/search-in-default-ns/01-secret.yaml index 69c8792..65298b5 100644 --- a/test/e2e/search-in-default-ns/01-secret.yaml +++ b/test/e2e/search-in-default-ns/01-secret.yaml @@ -5,7 +5,7 @@ metadata: name: nginx-secret namespace: default labels: - secrets.zncdata.dev/class: search-default-ns + secrets.kubedoop.dev/class: search-default-ns type: Opaque stringData: mode: search-default-ns diff --git a/test/e2e/search-in-default-ns/10-secretclass.yaml b/test/e2e/search-in-default-ns/10-secretclass.yaml index 687514d..bac37a0 100644 --- a/test/e2e/search-in-default-ns/10-secretclass.yaml +++ b/test/e2e/search-in-default-ns/10-secretclass.yaml @@ -1,4 +1,4 @@ -apiVersion: secrets.zncdata.dev/v1alpha1 +apiVersion: secrets.kubedoop.dev/v1alpha1 kind: SecretClass metadata: name: search-with-pod diff --git a/test/e2e/search-in-default-ns/11-pod-for-pod.yaml b/test/e2e/search-in-default-ns/11-pod-for-pod.yaml index d9b2412..90ed113 100644 --- a/test/e2e/search-in-default-ns/11-pod-for-pod.yaml +++ b/test/e2e/search-in-default-ns/11-pod-for-pod.yaml @@ -39,10 +39,10 @@ spec: volumeClaimTemplate: metadata: annotations: - secrets.zncdata.dev/class: search-with-pod + secrets.kubedoop.dev/class: search-with-pod spec: accessModes: ["ReadWriteOnce"] - storageClassName: secrets.zncdata.dev + storageClassName: secrets.kubedoop.dev resources: requests: storage: 1Mi diff --git a/test/e2e/search-in-default-ns/11-secret.yaml b/test/e2e/search-in-default-ns/11-secret.yaml index 52d2e5c..7a317b4 100644 --- a/test/e2e/search-in-default-ns/11-secret.yaml +++ b/test/e2e/search-in-default-ns/11-secret.yaml @@ -4,7 +4,7 @@ kind: Secret metadata: name: nginx-secret labels: - secrets.zncdata.dev/class: search-with-pod + secrets.kubedoop.dev/class: search-with-pod type: Opaque stringData: mode: search-with-pod diff --git a/test/e2e/search-in-default-ns/21-pod-with-scope.yaml b/test/e2e/search-in-default-ns/21-pod-with-scope.yaml index d315de2..3d2c7ed 100644 --- a/test/e2e/search-in-default-ns/21-pod-with-scope.yaml +++ b/test/e2e/search-in-default-ns/21-pod-with-scope.yaml @@ -39,11 +39,11 @@ spec: volumeClaimTemplate: metadata: annotations: - secrets.zncdata.dev/scope: pod - secrets.zncdata.dev/class: search-with-pod + secrets.kubedoop.dev/scope: pod + secrets.kubedoop.dev/class: search-with-pod spec: accessModes: ["ReadWriteOnce"] - storageClassName: secrets.zncdata.dev + storageClassName: secrets.kubedoop.dev resources: requests: storage: 1Mi diff --git a/test/e2e/search-in-default-ns/21-secret.yaml b/test/e2e/search-in-default-ns/21-secret.yaml index 7967536..364d8ff 100644 --- a/test/e2e/search-in-default-ns/21-secret.yaml +++ b/test/e2e/search-in-default-ns/21-secret.yaml @@ -4,8 +4,8 @@ kind: Secret metadata: name: nginx-secret-pod-scope labels: - secrets.zncdata.dev/pod: search-with-pod-scope - secrets.zncdata.dev/class: search-with-pod + secrets.kubedoop.dev/pod: search-with-pod-scope + secrets.kubedoop.dev/class: search-with-pod type: Opaque stringData: mode: nginx-secret-pod-scope diff --git a/test/e2e/tls/autotls.yaml b/test/e2e/tls/autotls.yaml index 277348c..339dbed 100644 --- a/test/e2e/tls/autotls.yaml +++ b/test/e2e/tls/autotls.yaml @@ -30,7 +30,7 @@ spec: containers: - name: auto-tls image: registry.access.redhat.com/ubi9/openjdk-21:1.20 - command: + command: - /bin/sh - -c - | @@ -63,7 +63,7 @@ spec: echo "Server certificate in keystore is expired within $EXPIRESLIFE seconds." >&2 exit 1 fi - + # Save the server certificate summary to a file keytool -list -keystore $TRUSTSTORE_FILE -storepass $P12PASSWORD >> /opt/summary/$POD_NAME.txt cat /opt/summary/$POD_NAME.txt @@ -118,13 +118,13 @@ spec: volumeClaimTemplate: metadata: annotations: - secrets.zncdata.dev/class: tls - secrets.zncdata.dev/format: tls-p12 - secrets.zncdata.dev/scope: pod,node - secrets.zncdata.dev/tlsPKCS12Password: changeit + secrets.kubedoop.dev/class: tls + secrets.kubedoop.dev/format: tls-p12 + secrets.kubedoop.dev/scope: pod,node + secrets.kubedoop.dev/tlsPKCS12Password: changeit spec: accessModes: ["ReadWriteOnce"] - storageClassName: secrets.zncdata.dev + storageClassName: secrets.kubedoop.dev resources: requests: storage: 1Mi diff --git a/test/e2e/tls/secretcsi-assert.yaml b/test/e2e/tls/secretcsi-assert.yaml index 51b3e83..04f4d66 100644 --- a/test/e2e/tls/secretcsi-assert.yaml +++ b/test/e2e/tls/secretcsi-assert.yaml @@ -6,7 +6,7 @@ metadata: status: (numberReady >= `1`): true --- -apiVersion: secrets.zncdata.dev/v1alpha1 +apiVersion: secrets.kubedoop.dev/v1alpha1 kind: SecretClass metadata: name: tls