Merge branch 'develop' into cspl_2165_fix_sa_bugs

Author: gaurav-splunk

.github/workflows/merge-develop-to-master-workflow.yml renamed to .github/workflows/merge-develop-to-main-workflow.yml

@@ -30,6 +30,7 @@ ENV OPERATOR=/manager \
 
 RUN yum -y install shadow-utils
 RUN useradd -ms /bin/bash nonroot -u 1001
+RUN yum update -y krb5-libs && yum clean all
 RUN yum -y update-minimal --security --sec-severity=Important --sec-severity=Critical
 RUN yum -y update-minimal --security --sec-severity=Moderate
 RUN yum -y update-minimal --security --sec-severity=Low
@@ -43,7 +44,7 @@ LABEL name="splunk" \
       description="The Splunk Operator for Kubernetes (SOK) makes it easy for Splunk Administrators to deploy and operate Enterprise deployments in a Kubernetes infrastructure. Packaged as a container, it uses the operator pattern to manage Splunk-specific custom resources, following best practices to manage all the underlying Kubernetes objects for you."
 
 WORKDIR /
-RUN mkdir /licenses 
+RUN mkdir /licenses
 RUN mkdir -p /tools/k8_probes
 
 COPY --from=builder /workspace/manager .

Dockerfile

@@ -216,6 +216,7 @@ bundle: manifests kustomize
 	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
 	$(KUSTOMIZE) build config/manifests | operator-sdk generate bundle $(BUNDLE_GEN_FLAGS)
 	operator-sdk bundle validate ./bundle
+	operator-sdk bundle validate bundle --select-optional suite=operatorframework
 	cp bundle/manifests/enterprise.splunk.com* helm-chart/splunk-operator/crds
 
 .PHONY: bundle-build
@@ -319,6 +320,7 @@ run_clair_scan:
 generate-artifacts-namespace: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
 	mkdir -p release-${VERSION}
 	cp config/default/kustomization-namespace.yaml config/default/kustomization.yaml
+	cp config/rbac/kustomization-namespace.yaml config/rbac/kustomization.yaml
 	$(SED) "s/namespace: splunk-operator/namespace: ${NAMESPACE}/g"  config/default/kustomization.yaml
 	$(SED) "s|SPLUNK_ENTERPRISE_IMAGE|${SPLUNK_ENTERPRISE_IMAGE}|g"  config/default/kustomization.yaml
 	$(SED) "s/ClusterRole/Role/g"  config/rbac/role.yaml
@@ -333,6 +335,7 @@ generate-artifacts-namespace: manifests kustomize ## Deploy controller to the K8
 generate-artifacts-cluster: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
 	mkdir -p release-${VERSION}
 	cp config/default/kustomization-cluster.yaml config/default/kustomization.yaml
+	cp config/rbac/kustomization-cluster.yaml config/rbac/kustomization.yaml
 	$(SED) "s/namespace: splunk-operator/namespace: ${NAMESPACE}/g"  config/default/kustomization.yaml
 	$(SED) "s|SPLUNK_ENTERPRISE_IMAGE|${SPLUNK_ENTERPRISE_IMAGE}|g"  config/default/kustomization.yaml
 	$(SED) "s/WATCH_NAMESPACE_VALUE/\"${WATCH_NAMESPACE}\"/g"  config/default/kustomization.yaml

Makefile

@@ -800,14 +800,14 @@ spec:
                     fieldRef:
                       fieldPath: metadata.annotations['olm.targetNamespaces']
                 - name: RELATED_IMAGE_SPLUNK_ENTERPRISE
-                  value: splunk/splunk:9.0.2
+                  value: docker.io/splunk/splunk:9.0.2
                 - name: OPERATOR_NAME
                   value: splunk-operator
                 - name: POD_NAME
                   valueFrom:
                     fieldRef:
                       fieldPath: metadata.name
-                image: splunk/splunk-operator:2.1.0
+                image: docker.io/splunk/splunk-operator:2.1.1
                 imagePullPolicy: Always
                 livenessProbe:
                   httpGet:
@@ -912,7 +912,6 @@ spec:
     name: Splunk Inc.
     url: www.splunk.com
   relatedImages:
-  - image: splunk/splunk:9.0.2
+  - image: docker.io/splunk/splunk:9.0.2
     name: splunk-enterprise
-  replaces: splunk-operator.v2.0.0
-  version: 2.1.0
+  version: 2.1.1

bundle/manifests/splunk-operator.clusterserviceversion.yaml

@@ -4,11 +4,13 @@ annotations:
   operators.operatorframework.io.bundle.manifests.v1: manifests/
   operators.operatorframework.io.bundle.metadata.v1: metadata/
   operators.operatorframework.io.bundle.package.v1: splunk-operator
-  operators.operatorframework.io.bundle.channels.default.v1: stable
+  operators.operatorframework.io.bundle.channels.v1: candidate,stable
+  operators.operatorframework.io.bundle.channel.default.v1: stable
   operators.operatorframework.io.metrics.builder: operator-sdk-v1.25.0
   operators.operatorframework.io.metrics.mediatype.v1: metrics+v1
   operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3
 
   # Annotations for testing.
   operators.operatorframework.io.test.mediatype.v1: scorecard+v1
   operators.operatorframework.io.test.config.v1: tests/scorecard/
+  com.redhat.openshift.versions: v4.9-v4.11

bundle/metadata/annotations.yaml

@@ -16,5 +16,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
 - name: controller
-  newName: splunk/splunk-operator
-  newTag: 2.1.0
+  newName: docker.io/splunk/splunk-operator
+  newTag: 2.1.1

config/manager/kustomization.yaml

@@ -0,0 +1,18 @@
+resources:
+# All RBAC will be applied under this service account in
+# the deployment namespace. You may comment out this resource
+# if your manager will use a service account that exists at
+# runtime. Be sure to update RoleBinding and ClusterRoleBinding
+# subjects if changing service account names.
+- service_account.yaml
+- role.yaml
+- role_binding.yaml
+- leader_election_role.yaml
+- leader_election_role_binding.yaml
+# Comment the following 4 lines if you want to disable
+# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
+# which protects your /metrics endpoint.
+- auth_proxy_service.yaml
+- auth_proxy_role.yaml
+- auth_proxy_role_binding.yaml
+- auth_proxy_client_clusterrole.yaml

config/rbac/kustomization-cluster.yaml

@@ -0,0 +1,18 @@
+resources:
+# All RBAC will be applied under this service account in
+# the deployment namespace. You may comment out this resource
+# if your manager will use a service account that exists at
+# runtime. Be sure to update RoleBinding and ClusterRoleBinding
+# subjects if changing service account names.
+- service_account.yaml
+- role.yaml
+- role_binding.yaml
+- leader_election_role.yaml
+- leader_election_role_binding.yaml
+# Comment the following 4 lines if you want to disable
+# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
+# which protects your /metrics endpoint.
+#- auth_proxy_service.yaml
+#- auth_proxy_role.yaml
+#- auth_proxy_role_binding.yaml
+#- auth_proxy_client_clusterrole.yaml

config/rbac/kustomization-namespace.yaml

@@ -541,7 +541,7 @@ spec:
       serviceAccountName: splunk-operator
       containers:
       - name: splunk-operator
-        image: "docker.io/splunk/splunk-operator:2.1.0"
+        image: "docker.io/splunk/splunk-operator:2.1.1"
         volumeMounts:
         - mountPath: /opt/splunk/appframework/
           name: app-staging

docs/AppFramework.md

@@ -1,5 +1,15 @@
 # Splunk Operator for Kubernetes Change Log
 
+## 2.1.1 (2022-12-06)
+
+* CSPL-2177: Fixed CVE-2022-42898 vulnerability
+
+* CSPL-2171: Fixed namespace specific installation issue in Helm chart and in manifest files
+
+* Fixed Operator Bundle issues
+
+* Fixed some of the documentation issues
+
 ## 2.1.0 (2022-11-22)
 
 * This is the 2.1.0 release. The Splunk Operator for Kubernetes is a supported platform for deploying Splunk Enterprise with the prerequisites and constraints laid out [here](https://github.com/splunk/splunk-operator/blob/master/docs/README.md#prerequisites-for-the-splunk-operator)