From b22fe45e2a270f152b2a6b7f45a6a6337d34cf90 Mon Sep 17 00:00:00 2001 From: Riko Kudo Date: Fri, 18 Mar 2022 13:37:44 +0900 Subject: [PATCH] prep for release v0.3.3 (#68) Signed-off-by: Ruriko Kudo --- COMPONENT_VERSION | 2 +- CatalogSource.yaml | 2 +- docs/example/go.sum | 4 ++-- integrity-shield-operator/bundle.Dockerfile | 4 ++-- ...egrity-shield-operator.clusterserviceversion.yaml | 12 +++++------- .../bundle/metadata/annotations.yaml | 2 +- .../config/manager/kustomization.yaml | 2 +- .../config/samples/apis_v1_integrityshield.yaml | 6 +++--- .../deploy/integrity-shield-operator-latest.yaml | 5 ++++- integrity-shield-operator/license.txt | 2 +- ishield-build.conf | 10 +++++----- 11 files changed, 26 insertions(+), 25 deletions(-) diff --git a/COMPONENT_VERSION b/COMPONENT_VERSION index d15723fb..1c09c74e 100644 --- a/COMPONENT_VERSION +++ b/COMPONENT_VERSION @@ -1 +1 @@ -0.3.2 +0.3.3 diff --git a/CatalogSource.yaml b/CatalogSource.yaml index b898a7ea..1ad79132 100644 --- a/CatalogSource.yaml +++ b/CatalogSource.yaml @@ -5,7 +5,7 @@ metadata: namespace: openshift-marketplace # olm spec: displayName: Integrity Shield++ Operator - image: quay.io/stolostron/integrity-shield-operator-index:0.3.2 + image: quay.io/stolostron/integrity-shield-operator-index:0.3.3 publisher: IBM sourceType: grpc updateStrategy: diff --git a/docs/example/go.sum b/docs/example/go.sum index c5aebd81..b6d1ca3e 100644 --- a/docs/example/go.sum +++ b/docs/example/go.sum @@ -2061,8 +2061,8 @@ github.com/sigstore/cosign v1.5.2/go.mod h1:USeA+jISR3H86hfgsTn1UJYKC9mgEE7/o+dJ github.com/sigstore/fulcio v0.0.0-20210720153316-846105495d38/go.mod h1:FZL7iVdWduaZRpXrvjmuWyr7WyXy6KXsaEVhHdITlz4= github.com/sigstore/fulcio v0.1.2-0.20220114150912-86a2036f9bc7 h1:XE7A9lJ+wYhmUFBWYTaw3Ph943zHB4iBYd5R0SX0ZOA= github.com/sigstore/fulcio v0.1.2-0.20220114150912-86a2036f9bc7/go.mod h1:ANQivY/lfOp9hN92S813LEthkm/kit96hzeIF3SNoZA= -github.com/sigstore/k8s-manifest-sigstore v0.2.1-0.20220304050627-ed26e30c7343 h1:QJ7cl5IgVvb/68mxXTXJYHmAKg5+BBfeVpuifmarnSQ= -github.com/sigstore/k8s-manifest-sigstore v0.2.1-0.20220304050627-ed26e30c7343/go.mod h1:fWELceT4GvNZZrC12UutTIpuNa15++WW0rxxiStokTw= +github.com/sigstore/k8s-manifest-sigstore v0.2.1-0.20220316094109-adfc287a58c0 h1:mKlrF8MYhReT1wwwM6SW77/v1EbCfDiIiVE62Mj2jTU= +github.com/sigstore/k8s-manifest-sigstore v0.2.1-0.20220316094109-adfc287a58c0/go.mod h1:fWELceT4GvNZZrC12UutTIpuNa15++WW0rxxiStokTw= github.com/sigstore/rekor v0.2.1-0.20210714185543-38d532d5c0b1/go.mod h1:cL9B3+/gp3BG+/bhkSHBA3MQZMten5xM6BhJYd5b5zU= github.com/sigstore/rekor v0.4.1-0.20220114213500-23f583409af3 h1:mbqXrm8YZXN/cJMGeBkgPnswtfrOxDE1f7QZdJ+POQE= github.com/sigstore/rekor v0.4.1-0.20220114213500-23f583409af3/go.mod h1:u9clLqaVjqV9pExVL1XkM37dGyMCOX/LMocS9nsnWDY= diff --git a/integrity-shield-operator/bundle.Dockerfile b/integrity-shield-operator/bundle.Dockerfile index 8825c794..1e9ec515 100644 --- a/integrity-shield-operator/bundle.Dockerfile +++ b/integrity-shield-operator/bundle.Dockerfile @@ -1,5 +1,5 @@ # -# Copyright 2021 IBM Corporation +# Copyright 2022 IBM Corporation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,7 +20,7 @@ LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ LABEL operators.operatorframework.io.bundle.package.v1=integrity-shield-operator -LABEL operators.operatorframework.io.bundle.channels.v1=alpha-0.3.2 +LABEL operators.operatorframework.io.bundle.channels.v1=alpha-0.3.3 LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.15.0 LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3 diff --git a/integrity-shield-operator/bundle/manifests/integrity-shield-operator.clusterserviceversion.yaml b/integrity-shield-operator/bundle/manifests/integrity-shield-operator.clusterserviceversion.yaml index 24870141..d0eec17c 100644 --- a/integrity-shield-operator/bundle/manifests/integrity-shield-operator.clusterserviceversion.yaml +++ b/integrity-shield-operator/bundle/manifests/integrity-shield-operator.clusterserviceversion.yaml @@ -20,7 +20,7 @@ metadata: }, "observer": { "enabled": true, - "exportDetailResult": true, + "exportDetailResult": false, "image": "quay.io/stolostron/integrity-shield-observer", "imagePullPolicy": "IfNotPresent", "interval": "5", @@ -32,8 +32,6 @@ metadata: "memory": "256Mi" } }, - "resultDetailConfigKey": "config.yaml", - "resultDetailConfigName": "verify-resource-result", "selector": { "app": "integrity-shield-observer" } @@ -89,8 +87,8 @@ metadata: capabilities: Basic Install operators.operatorframework.io/builder: operator-sdk-v1.15.0 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 - containerImage: quay.io/stolostron/integrity-shield-operator:0.3.2 - name: integrity-shield-operator.v0.3.2 + containerImage: quay.io/stolostron/integrity-shield-operator:0.3.3 + name: integrity-shield-operator.v0.3.3 namespace: placeholder spec: apiservicedefinitions: {} @@ -273,7 +271,7 @@ spec: - --leader-elect command: - /ishield-op-app/manager - image: quay.io/stolostron/integrity-shield-operator:0.3.2 + image: quay.io/stolostron/integrity-shield-operator:0.3.3 imagePullPolicy: Always livenessProbe: httpGet: @@ -345,4 +343,4 @@ spec: maturity: alpha provider: name: Community - version: 0.3.2 + version: 0.3.3 diff --git a/integrity-shield-operator/bundle/metadata/annotations.yaml b/integrity-shield-operator/bundle/metadata/annotations.yaml index bf190409..0ff290d0 100644 --- a/integrity-shield-operator/bundle/metadata/annotations.yaml +++ b/integrity-shield-operator/bundle/metadata/annotations.yaml @@ -4,7 +4,7 @@ annotations: operators.operatorframework.io.bundle.manifests.v1: manifests/ operators.operatorframework.io.bundle.metadata.v1: metadata/ operators.operatorframework.io.bundle.package.v1: integrity-shield-operator - operators.operatorframework.io.bundle.channels.v1: alpha-0.3.2 + operators.operatorframework.io.bundle.channels.v1: alpha-0.3.3 operators.operatorframework.io.metrics.builder: operator-sdk-v1.15.0 operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 diff --git a/integrity-shield-operator/config/manager/kustomization.yaml b/integrity-shield-operator/config/manager/kustomization.yaml index 505fcc33..05421824 100644 --- a/integrity-shield-operator/config/manager/kustomization.yaml +++ b/integrity-shield-operator/config/manager/kustomization.yaml @@ -13,4 +13,4 @@ kind: Kustomization images: - name: controller newName: quay.io/stolostron/integrity-shield-operator - newTag: 0.3.2 + newTag: 0.3.3 diff --git a/integrity-shield-operator/config/samples/apis_v1_integrityshield.yaml b/integrity-shield-operator/config/samples/apis_v1_integrityshield.yaml index 44adc55e..ceedab14 100644 --- a/integrity-shield-operator/config/samples/apis_v1_integrityshield.yaml +++ b/integrity-shield-operator/config/samples/apis_v1_integrityshield.yaml @@ -465,7 +465,7 @@ spec: memory: 256Mi logLevel: info interval: "5" - exportDetailResult: true - resultDetailConfigName: verify-resource-result - resultDetailConfigKey: "config.yaml" + exportDetailResult: false + # resultDetailConfigName: verify-resource-result + # resultDetailConfigKey: "config.yaml" diff --git a/integrity-shield-operator/deploy/integrity-shield-operator-latest.yaml b/integrity-shield-operator/deploy/integrity-shield-operator-latest.yaml index c0e2c31a..1506b702 100644 --- a/integrity-shield-operator/deploy/integrity-shield-operator-latest.yaml +++ b/integrity-shield-operator/deploy/integrity-shield-operator-latest.yaml @@ -2401,13 +2401,15 @@ spec: ports: - containerPort: 8443 name: https + securityContext: + runAsNonRoot: true - args: - --health-probe-bind-address=:8081 - --metrics-bind-address=127.0.0.1:8080 - --leader-elect command: - /ishield-op-app/manager - image: quay.io/stolostron/integrity-shield-operator:0.3.2 + image: quay.io/stolostron/integrity-shield-operator:0.3.3 imagePullPolicy: Always livenessProbe: httpGet: @@ -2431,5 +2433,6 @@ spec: memory: 200Mi securityContext: allowPrivilegeEscalation: false + runAsNonRoot: true serviceAccountName: integrity-shield-operator-controller-manager terminationGracePeriodSeconds: 10 diff --git a/integrity-shield-operator/license.txt b/integrity-shield-operator/license.txt index 5ba7a021..93f432e4 100644 --- a/integrity-shield-operator/license.txt +++ b/integrity-shield-operator/license.txt @@ -1,5 +1,5 @@ # -# Copyright 2021 IBM Corporation +# Copyright 2022 IBM Corporation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/ishield-build.conf b/ishield-build.conf index a1a9ff69..5d195ccb 100755 --- a/ishield-build.conf +++ b/ishield-build.conf @@ -3,11 +3,11 @@ LOCAL_REGISTRY=localhost:5000 BUNDLE_REGISTRY=quay.io/stolostron LOCAL_BUNDLE_REGISTRY=localhost:5000 -ISHIELD_VERSION=0.3.2 -VERSION=0.3.2 -PREV_VERSION=0.3.1 -CHANNELS=alpha-0.3.2 -ISHIELD_DEFAULT_CHANNEL=alpha-0.3.2 +ISHIELD_VERSION=0.3.3 +VERSION=0.3.3 +PREV_VERSION=0.3.2 +CHANNELS=alpha-0.3.3 +ISHIELD_DEFAULT_CHANNEL=alpha-0.3.3 ISHIELD_IMAGE=integrity-shield-api ISHIELD_ADMISSION_CONTROLLER=integrity-shield-admission-controller