Update operator-sdk to 1.42.0, go to 1.26 and other dependencies (#835)

* Update operator-sdk to 1.42.0 and dependencies

* Update RCO and OLO modules

Author: halim-lee

Makefile

@@ -4,7 +4,7 @@
 # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
 # - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
 VERSION ?= 1.6.0
-OPERATOR_SDK_RELEASE_VERSION ?= v1.39.2
+OPERATOR_SDK_RELEASE_VERSION ?= v1.42.0
 LIBERTY_VERSION ?= 26.0.0.2
 
 # CHANNELS define the bundle channels used in the bundle.
@@ -155,18 +155,25 @@ kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
 $(KUSTOMIZE): $(LOCALBIN)
 	test -s $(LOCALBIN)/kustomize || GOBIN=$(LOCALBIN) GO111MODULE=on go install sigs.k8s.io/kustomize/kustomize/v5@v$(KUSTOMIZE_VERSION)
 
-CONTROLLER_TOOLS_VERSION ?= 0.16.5
+CONTROLLER_TOOLS_VERSION ?= 0.18.0
 .PHONY: controller-gen
 controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary.
 $(CONTROLLER_GEN): $(LOCALBIN)
 	test -s $(LOCALBIN)/controller-gen && $(LOCALBIN)/controller-gen --version | grep -q $(CONTROLLER_TOOLS_VERSION) || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-tools/cmd/controller-gen@v$(CONTROLLER_TOOLS_VERSION)
 
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
-ENVTEST_K8S_VERSION = 1.31.0
+ENVTEST_VERSION := $(shell go list -m -f "{{ .Version }}" sigs.k8s.io/controller-runtime | awk -F'[v.]' '{printf "release-%d.%d", $$2, $$3}')
+ENVTEST_K8S_VERSION := $(shell go list -m -f "{{ .Version }}" k8s.io/api | awk -F'[v.]' '{printf "1.%d", $$3}')
+
 .PHONY: envtest
 envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
 $(ENVTEST): $(LOCALBIN)
-	test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
+	test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@$(ENVTEST_VERSION)
+
+.PHONY: setup-envtest
+setup-envtest: envtest
+	@$(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path || { \
+    echo "Error setting up envtest"; exit 1; }
 
 .PHONY: setup
 setup: ## Ensure Operator SDK is installed.

bundle.Dockerfile

@@ -7,7 +7,7 @@ LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
 LABEL operators.operatorframework.io.bundle.package.v1=ibm-websphere-liberty
 LABEL operators.operatorframework.io.bundle.channels.v1=v1.6
 LABEL operators.operatorframework.io.bundle.channel.default.v1=v1.6
-LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.39.2
+LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.42.0
 LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
 LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v4
 

bundle/manifests/ibm-websphere-liberty.clusterserviceversion.yaml

@@ -11,7 +11,7 @@ metadata:
             "name": "websphereliberty-app-sample"
           },
           "spec": {
-            "applicationImage": "icr.io/appcafe/open-liberty/samples/getting-started@sha256:80a28b6a71ec02369cc13f621e4c3cca0d63b1977be76e15dabbfba48411107f",
+            "applicationImage": "icr.io/appcafe/open-liberty/samples/getting-started@sha256:c069799108639810d59a0747c044272585dea7e324ef0e9f1550048a637a8680",
             "expose": true,
             "license": {
               "accept": false,
@@ -67,12 +67,12 @@ metadata:
     capabilities: Auto Pilot
     categories: Application Runtime
     containerImage: icr.io/cpopen/websphere-liberty-operator:daily
-    createdAt: "2026-03-03T20:41:58Z"
+    createdAt: "2026-03-04T15:14:28Z"
     description: Deploy and manage containerized Liberty applications
     features.operators.openshift.io/disconnected: "true"
     olm.skipRange: '>=1.0.0 <1.6.0'
     operators.openshift.io/infrastructure-features: '["disconnected"]'
-    operators.operatorframework.io/builder: operator-sdk-v1.39.2
+    operators.operatorframework.io/builder: operator-sdk-v1.42.0
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v4
     repository: https://github.com/WASdev/websphere-liberty-operator
     support: IBM
@@ -1019,7 +1019,7 @@ spec:
                     fieldRef:
                       fieldPath: metadata.annotations['olm.targetNamespaces']
                 - name: RELATED_IMAGE_LIBERTY_SAMPLE_APP
-                  value: icr.io/appcafe/open-liberty/samples/getting-started@sha256:80a28b6a71ec02369cc13f621e4c3cca0d63b1977be76e15dabbfba48411107f
+                  value: icr.io/appcafe/open-liberty/samples/getting-started@sha256:c069799108639810d59a0747c044272585dea7e324ef0e9f1550048a637a8680
                 - name: RELATED_IMAGE_WEBSPHERE_LIBERTY_OPERATOR
                   value: icr.io/cpopen/websphere-liberty-operator:daily
                 image: icr.io/cpopen/websphere-liberty-operator:daily
@@ -1315,7 +1315,7 @@ spec:
   provider:
     name: IBM
   relatedImages:
-  - image: icr.io/appcafe/open-liberty/samples/getting-started@sha256:80a28b6a71ec02369cc13f621e4c3cca0d63b1977be76e15dabbfba48411107f
+  - image: icr.io/appcafe/open-liberty/samples/getting-started@sha256:c069799108639810d59a0747c044272585dea7e324ef0e9f1550048a637a8680
     name: liberty-sample-app
   - image: icr.io/cpopen/websphere-liberty-operator:daily
     name: websphere-liberty-operator

bundle/manifests/liberty.websphere.ibm.com_webspherelibertyapplications.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.5
+    controller-gen.kubebuilder.io/version: v0.18.0
   creationTimestamp: null
   labels:
     app.kubernetes.io/instance: websphere-liberty-operator

bundle/manifests/liberty.websphere.ibm.com_webspherelibertydumps.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.5
+    controller-gen.kubebuilder.io/version: v0.18.0
   creationTimestamp: null
   labels:
     app.kubernetes.io/instance: websphere-liberty-operator

bundle/manifests/liberty.websphere.ibm.com_webspherelibertyperformancedata.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.5
+    controller-gen.kubebuilder.io/version: v0.18.0
   creationTimestamp: null
   labels:
     app.kubernetes.io/instance: websphere-liberty-operator

bundle/manifests/liberty.websphere.ibm.com_webspherelibertytraces.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.5
+    controller-gen.kubebuilder.io/version: v0.18.0
   creationTimestamp: null
   labels:
     app.kubernetes.io/instance: websphere-liberty-operator

bundle/metadata/annotations.yaml

@@ -6,7 +6,7 @@ annotations:
   operators.operatorframework.io.bundle.package.v1: ibm-websphere-liberty
   operators.operatorframework.io.bundle.channels.v1: v1.6
   operators.operatorframework.io.bundle.channel.default.v1: v1.6
-  operators.operatorframework.io.metrics.builder: operator-sdk-v1.39.2
+  operators.operatorframework.io.metrics.builder: operator-sdk-v1.42.0
   operators.operatorframework.io.metrics.mediatype.v1: metrics+v1
   operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v4
 

cmd/main.go

@@ -79,17 +79,69 @@ func main() {
 	flag.BoolVar(&enableLeaderElection, "enable-leader-election", false,
 		"Enable leader election for controller manager. "+
 			"Enabling this will ensure there is only one active controller manager.")
-	flag.Parse()
 
-	utils.CreateConfigMap(controller.OperatorName)
+	// var metricsCertPath, metricsCertName, metricsCertKey string
+	// var webhookCertPath, webhookCertName, webhookCertKey string
+	// var secureMetrics bool
+	// var enableHTTP2 bool
+	// var tlsOpts []func(*tls.Config)
+	// flag.BoolVar(&secureMetrics, "metrics-secure", true,
+	// 	"If set, the metrics endpoint is served securely via HTTPS. Use --metrics-secure=false to use HTTP instead.")
+	// flag.StringVar(&webhookCertPath, "webhook-cert-path", "", "The directory that contains the webhook certificate.")
+	// flag.StringVar(&webhookCertName, "webhook-cert-name", "tls.crt", "The name of the webhook certificate file.")
+	// flag.StringVar(&webhookCertKey, "webhook-cert-key", "tls.key", "The name of the webhook key file.")
+	// flag.StringVar(&metricsCertPath, "metrics-cert-path", "",
+	// 	"The directory that contains the metrics server certificate.")
+	// flag.StringVar(&metricsCertName, "metrics-cert-name", "tls.crt", "The name of the metrics server certificate file.")
+	// flag.StringVar(&metricsCertKey, "metrics-cert-key", "tls.key", "The name of the metrics server key file.")
+	// flag.BoolVar(&enableHTTP2, "enable-http2", false,
+	// 	"If set, HTTP/2 will be enabled for the metrics and webhook servers")
 
 	opts := zap.Options{
 		Level:           common.LevelFunc,
 		StacktraceLevel: common.StackLevelFunc,
 		Development:     true,
 	}
+	// opts.BindFlags(flag.CommandLine)
+	flag.Parse()
+
+	utils.CreateConfigMap(controller.OperatorName)
 	ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
 
+	// disableHTTP2 := func(c *tls.Config) {
+	// 	setupLog.Info("disabling http/2")
+	// 	c.NextProtos = []string{"http/1.1"}
+	// }
+
+	// if !enableHTTP2 {
+	// 	tlsOpts = append(tlsOpts, disableHTTP2)
+	// }
+
+	// // Create watchers for metrics and webhooks certificates
+	// var metricsCertWatcher, webhookCertWatcher *certwatcher.CertWatcher
+
+	// // Initial webhook TLS options
+	// webhookTLSOpts := tlsOpts
+
+	// if len(webhookCertPath) > 0 {
+	// 	setupLog.Info("Initializing webhook certificate watcher using provided certificates",
+	// 		"webhook-cert-path", webhookCertPath, "webhook-cert-name", webhookCertName, "webhook-cert-key", webhookCertKey)
+
+	// 	var err error
+	// 	webhookCertWatcher, err = certwatcher.New(
+	// 		filepath.Join(webhookCertPath, webhookCertName),
+	// 		filepath.Join(webhookCertPath, webhookCertKey),
+	// 	)
+	// 	if err != nil {
+	// 		setupLog.Error(err, "Failed to initialize webhook certificate watcher")
+	// 		os.Exit(1)
+	// 	}
+
+	// 	webhookTLSOpts = append(webhookTLSOpts, func(config *tls.Config) {
+	// 		config.GetCertificate = webhookCertWatcher.GetCertificate
+	// 	})
+	// }
+
 	// see https://github.com/operator-framework/operator-sdk/issues/1813
 	leaseDuration := 30 * time.Second
 	renewDeadline := 20 * time.Second
@@ -102,8 +154,33 @@ func main() {
 
 	metricsServerOptions := metricsserver.Options{
 		BindAddress: metricsAddr,
+		// SecureServing: secureMetrics,
+		// TLSOpts:       tlsOpts,
 	}
 
+	// if secureMetrics {
+	// 	metricsServerOptions.FilterProvider = filters.WithAuthenticationAndAuthorization
+	// }
+
+	// if len(metricsCertPath) > 0 {
+	// 	setupLog.Info("Initializing metrics certificate watcher using provided certificates",
+	// 		"metrics-cert-path", metricsCertPath, "metrics-cert-name", metricsCertName, "metrics-cert-key", metricsCertKey)
+
+	// 	var err error
+	// 	metricsCertWatcher, err = certwatcher.New(
+	// 		filepath.Join(metricsCertPath, metricsCertName),
+	// 		filepath.Join(metricsCertPath, metricsCertKey),
+	// 	)
+	// 	if err != nil {
+	// 		setupLog.Error(err, "to initialize metrics certificate watcher", "error", err)
+	// 		os.Exit(1)
+	// 	}
+
+	// 	metricsServerOptions.TLSOpts = append(metricsServerOptions.TLSOpts, func(config *tls.Config) {
+	// 		config.GetCertificate = metricsCertWatcher.GetCertificate
+	// 	})
+	// }
+
 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
 		Scheme:  scheme,
 		Metrics: metricsServerOptions,
@@ -162,6 +239,21 @@ func main() {
 		os.Exit(1)
 	}
 	// +kubebuilder:scaffold:builder
+	// if metricsCertWatcher != nil {
+	// 	setupLog.Info("Adding metrics certificate watcher to manager")
+	// 	if err := mgr.Add(metricsCertWatcher); err != nil {
+	// 		setupLog.Error(err, "unable to add metrics certificate watcher to manager")
+	// 		os.Exit(1)
+	// 	}
+	// }
+
+	// if webhookCertWatcher != nil {
+	// 	setupLog.Info("Adding webhook certificate watcher to manager")
+	// 	if err := mgr.Add(webhookCertWatcher); err != nil {
+	// 		setupLog.Error(err, "unable to add webhook certificate watcher to manager")
+	// 		os.Exit(1)
+	// 	}
+	// }
 
 	if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {
 		setupLog.Error(err, "unable to set up health check")

config/certmanager/certificate-metrics.yaml

@@ -0,0 +1,16 @@
+# The following manifests contain a self-signed issuer CR and a metrics certificate CR.
+# More document can be found at https://docs.cert-manager.io
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: metrics-certs  # this name should match the one appeared in kustomizeconfig.yaml
+  namespace: system
+spec:
+  dnsNames:
+  # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize
+  # replacements in the config/default/kustomization.yaml file.
+  - SERVICE_NAME.SERVICE_NAMESPACE.svc
+  issuerRef:
+    kind: Issuer
+    name: selfsigned-issuer
+  secretName: metrics-server-cert