Merge branch 'master' into master

Author: MuneebAijaz

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,27 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: "[BUG]"
+labels: kind/bug
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Environment**
+ - Operator Version:
+ - Kubernetes/OpenShift Version:
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea/enhancement for this project
+title: "[ENHANCE]"
+labels: kind/enhancement
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/workflows/pull_request.yaml

@@ -7,6 +7,7 @@ on:
 
 env:
   DOCKER_FILE_PATH: Dockerfile
+  UBI_DOCKER_FILE_PATH: Dockerfile.ubi
   KUBERNETES_VERSION: "1.19.0"
   KIND_VERSION: "0.17.0"
   REGISTRY: ghcr.io
@@ -82,12 +83,14 @@ jobs:
     - name: Test
       run: make test
 
-    - name: Generate Tag
+    - name: Generate Tags
       id: generate_tag
       run: |
         sha=${{ github.event.pull_request.head.sha }}
         tag="SNAPSHOT-PR-${{ github.event.pull_request.number }}-${sha:0:8}"
+        ubi_tag="SNAPSHOT-PR-${{ github.event.pull_request.number }}-UBI-${sha:0:8}"
         echo "GIT_TAG=$(echo ${tag})" >> $GITHUB_OUTPUT
+        echo "GIT_UBI_TAG=$(echo ${ubi_tag})" >> $GITHUB_OUTPUT
 
     - name: Set up QEMU
       uses: docker/setup-qemu-action@v2
@@ -122,6 +125,25 @@ jobs:
           org.opencontainers.image.created=${{ steps.prep.outputs.created }}
           org.opencontainers.image.revision=${{ github.sha }}
 
+    - name: Build and Push Docker UBI Image to Docker registry
+      uses: docker/build-push-action@v4
+      with:
+        context: .
+        file: ${{ env.DOCKER_UBI_FILE_PATH  }}
+        pull: true
+        push: true
+        build-args: |
+          BUILD_PARAMETERS=${{ env.BUILD_PARAMETERS }}
+          BUILDER_IMAGE=${{ env.DOCKER_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.GIT_TAG }}
+        cache-to: type=inline
+        platforms: linux/amd64,linux/arm64
+        tags: |
+          ${{ env.DOCKER_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.GIT_UBI_TAG }}
+        labels: |
+          org.opencontainers.image.source=${{ github.event.repository.clone_url }}
+          org.opencontainers.image.created=${{ steps.prep.outputs.created }}
+          org.opencontainers.image.revision=${{ github.sha }}
+
     - name: Login to ghcr registry
       uses: docker/login-action@v2
       with:
@@ -150,13 +172,32 @@ jobs:
           org.opencontainers.image.created=${{ steps.prep.outputs.created }}
           org.opencontainers.image.revision=${{ github.sha }}
 
+    - name: Build and Push Docker UBI Image to ghcr registry
+      uses: docker/build-push-action@v4
+      with:
+        context: .
+        file: ${{ env.DOCKER_UBI_FILE_PATH  }}
+        pull: true
+        push: true
+        build-args: |
+          BUILD_PARAMETERS=${{ env.BUILD_PARAMETERS }}
+          BUILDER_IMAGE=ghcr.io/${{ env.GHCR_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.GIT_TAG }}
+        cache-to: type=inline
+        platforms: linux/amd64,linux/arm64
+        tags: |
+          ${{ env.GHCR_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.GIT_UBI_TAG }}
+        labels: |
+          org.opencontainers.image.source=${{ github.event.repository.clone_url }}
+          org.opencontainers.image.created=${{ steps.prep.outputs.created }}
+          org.opencontainers.image.revision=${{ github.sha }}
+
     - name: Comment on PR
       uses: mshick/add-pr-comment@v2
       if: always()
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with:
-        message-success: '@${{ github.actor }} Image is available for testing. `docker pull ${{ env.GHCR_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.GIT_TAG }}`'
+        message-success: '@${{ github.actor }} Images are available for testing. `docker pull ${{ env.GHCR_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.GIT_TAG }}`\n`docker pull ${{ env.GHCR_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.GIT_UBI_TAG }}`'
         message-failure: '@${{ github.actor }} Yikes! You better fix it before anyone else finds out! [Build](https://github.com/${{ github.repository }}/commit/${{ github.event.pull_request.head.sha }}/checks) has Failed!'
         allow-repeats: true
 

.github/workflows/push.yaml

@@ -7,6 +7,7 @@ on:
 
 env:
   DOCKER_FILE_PATH: Dockerfile
+  DOCKER_UBI_FILE_PATH: Dockerfile.ubi
   KUBERNETES_VERSION: "1.19.0"
   KIND_VERSION: "0.17.0"
   HELM_REGISTRY_URL: "https://stakater.github.io/stakater-charts"
@@ -111,11 +112,30 @@ jobs:
             org.opencontainers.image.created=${{ steps.prep.outputs.created }}
             org.opencontainers.image.revision=${{ github.sha }}
 
+      - name: Build and Push Docker UBI Image to Docker registry
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: ${{ env.DOCKER_UBI_FILE_PATH  }}
+          pull: true
+          push: true
+          build-args: |
+            BUILD_PARAMETERS=${{ env.BUILD_PARAMETERS }}
+            BUILDER_IMAGE=${{ env.DOCKER_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.new_tag }}
+          cache-to: type=inline
+          platforms: linux/amd64,linux/arm64
+          tags: |
+            ${{ env.DOCKER_IMAGE_REPOSITORY }}:ubi-${{ steps.generate_tag.outputs.new_tag }}
+          labels: |
+            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
+            org.opencontainers.image.created=${{ steps.prep.outputs.created }}
+            org.opencontainers.image.revision=${{ github.sha }}
+
       - name: Login to ghcr registry
         uses: docker/login-action@v2
         with:
           registry: ${{env.REGISTRY}}
-          username: ${{github.actor}}
+          username: stakater-user
           password: ${{secrets.GITHUB_TOKEN}}
 
       - name: Generate image repository path for ghcr registry
@@ -139,6 +159,25 @@ jobs:
             org.opencontainers.image.created=${{ steps.prep.outputs.created }}
             org.opencontainers.image.revision=${{ github.sha }}
 
+      - name: Build and Push Docker UBI Image to ghcr registry
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: ${{ env.DOCKER_FILE_PATH  }}
+          pull: true
+          push: true
+          build-args: |
+            BUILD_PARAMETERS=${{ env.BUILD_PARAMETERS }}
+            BUILDER_IMAGE=ghcr.io/${{ env.GHCR_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.new_tag }}
+          cache-to: type=inline
+          platforms: linux/amd64,linux/arm64
+          tags: |
+            ${{ env.GHCR_IMAGE_REPOSITORY }}:ubi-${{ steps.generate_tag.outputs.new_tag }}
+          labels: |
+            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
+            org.opencontainers.image.created=${{ steps.prep.outputs.created }}
+            org.opencontainers.image.revision=${{ github.sha }}
+
       ##############################
       ## Add steps to generate required artifacts for a release here(helm chart, operator manifest etc.)
       ##############################

Dockerfile.ubi

@@ -0,0 +1,19 @@
+ARG BUILDER_IMAGE
+ARG BASE_IMAGE
+
+FROM --platform=${BUILDPLATFORM} ${BUILDER_IMAGE} as SRC
+
+FROM ${BASE_IMAGE:-registry.access.redhat.com/ubi8/ubi-minimal:latest}
+
+WORKDIR /
+COPY --from=SRC /manager .
+
+# Update image
+RUN microdnf update
+
+USER 65532:65532
+
+# Port for metrics and probes
+EXPOSE 9090
+
+ENTRYPOINT ["/manager"]

deployments/kubernetes/chart/reloader/Chart.yaml

@@ -3,8 +3,8 @@
 apiVersion: v1
 name: reloader
 description: Reloader chart that runs on kubernetes
-version: 1.0.41
-appVersion: v1.0.41
+version: 1.0.46
+appVersion: v1.0.46
 keywords:
   - Reloader
   - kubernetes

deployments/kubernetes/chart/reloader/templates/clusterrole.yaml

@@ -86,6 +86,19 @@ rules:
       - get
       - update
       - patch
+  - apiGroups:
+      - "batch"
+    resources:
+      - cronjobs
+    verbs:
+      - list
+      - get
+  - apiGroups:
+      - "batch"
+    resources:
+      - jobs
+    verbs:
+      - create
 {{- if .Values.reloader.enableHA }}
   - apiGroups:
       - "coordination.k8s.io"

deployments/kubernetes/chart/reloader/templates/networkpolicy.yaml

@@ -20,11 +20,19 @@ spec:
 {{- end }}
   policyTypes:
   - Ingress
+  - Egress
   ingress:
     - ports:
         - port: http
       {{- with .Values.reloader.netpol.from}}
       from:
         {{- toYaml .| nindent 8 }}
       {{- end }}
+  egress:
+    - ports:
+        - port: 443
+      {{- with .Values.reloader.netpol.to}}
+      to:
+        {{- toYaml .| nindent 8 }}
+      {{- end }}
 {{- end }}

deployments/kubernetes/chart/reloader/templates/role.yaml

@@ -77,6 +77,19 @@ rules:
       - get
       - update
       - patch
+  - apiGroups:
+      - "batch"
+    resources:
+      - cronjobs
+    verbs:
+      - list
+      - get
+  - apiGroups:
+      - "batch"
+    resources:
+      - jobs
+    verbs:
+      - create
 {{- if .Values.reloader.enableHA }}
   - apiGroups:
       - "coordination.k8s.io"

deployments/kubernetes/chart/reloader/values.yaml

@@ -84,10 +84,10 @@ reloader:
     labels:
       provider: stakater
       group: com.stakater.platform
-      version: v1.0.41
+      version: v1.0.46
     image:
       name: ghcr.io/stakater/reloader
-      tag: v1.0.41
+      tag: v1.0.46
       pullPolicy: IfNotPresent
     # Support for extra environment variables.
     env:
@@ -276,5 +276,6 @@ reloader:
     # - podSelector:
     #     matchLabels:
     #       app.kubernetes.io/name: prometheus
+    to: []
 
   webhookUrl: ""