diff --git a/Makefile b/Makefile index b7772685c7..92eebaaca8 100644 --- a/Makefile +++ b/Makefile @@ -17,7 +17,8 @@ GO ?= go GOLANGCI_LINT_VERSION = v2.10.1 REPO_INFRA_VERSION = v0.2.5 KUSTOMIZE_VERSION = 5.5.0 -OPERATOR_SDK_VERSION ?= v1.37.0 +OPERATOR_SDK_VERSION ?= v1.42.2 +OPM_VERSION ?= v1.65.0 ZEITGEIST_VERSION = v0.5.4 MDTOC_VERSION = v1.4.0 CI_IMAGE ?= golang:$(shell sed -n 's;^go\s\(.*\);\1;p' go.mod) @@ -625,7 +626,7 @@ ifeq (,$(shell which opm 2>/dev/null)) set -e ;\ mkdir -p $(dir $(OPM)) ;\ OS=$(shell go env GOOS) && ARCH=$(shell go env GOARCH) && \ - curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/$(OPERATOR_SDK_VERSION)/$${OS}-$${ARCH}-opm ;\ + curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/$(OPM_VERSION)/$${OS}-$${ARCH}-opm ;\ chmod +x $(OPM) ;\ } else @@ -647,8 +648,8 @@ catalog-build: opm ## Build a catalog image. $(eval TMP_DIR := $(shell mktemp -d)) $(eval CATALOG_DOCKERFILE := $(TMP_DIR).Dockerfile) cp deploy/catalog-preamble.json $(TMP_DIR)/security-profiles-operator-catalog.json - $(OPM) $(OPM_EXTRA_ARGS) render $(BUNDLE_IMGS) >> $(TMP_DIR)/security-profiles-operator-catalog.json - $(OPM) generate dockerfile $(TMP_DIR) + XDG_RUNTIME_DIR=$(TMP_DIR) $(OPM) $(OPM_EXTRA_ARGS) render $(BUNDLE_IMGS) >> $(TMP_DIR)/security-profiles-operator-catalog.json + XDG_RUNTIME_DIR=$(TMP_DIR) $(OPM) generate dockerfile $(TMP_DIR) $(CONTAINER_RUNTIME) build -f $(CATALOG_DOCKERFILE) -t $(CATALOG_IMG) $(shell dirname $(TMP_DIR)) rm -rf $(TMP_DIR) $(CATALOG_DOCKERFILE) diff --git a/VERSION b/VERSION index 539f9fc668..571215736a 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.10.1-dev +0.10.1 diff --git a/bundle.Dockerfile b/bundle.Dockerfile index b3dfdf9503..e0665b0b4c 100644 --- a/bundle.Dockerfile +++ b/bundle.Dockerfile @@ -7,7 +7,7 @@ LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ LABEL operators.operatorframework.io.bundle.package.v1=security-profiles-operator LABEL operators.operatorframework.io.bundle.channels.v1=stable LABEL operators.operatorframework.io.bundle.channel.default.v1=stable -LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.39.2 +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.42.2 LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v4 diff --git a/bundle/manifests/security-profiles-operator-profile_v1_configmap.yaml b/bundle/manifests/security-profiles-operator-profile_v1_configmap.yaml index ff45953eaf..68f62065e0 100644 --- a/bundle/manifests/security-profiles-operator-profile_v1_configmap.yaml +++ b/bundle/manifests/security-profiles-operator-profile_v1_configmap.yaml @@ -262,7 +262,6 @@ data: "sigaltstack", "socket", "stat", - "statx", "statfs", "statx", "tgkill", diff --git a/bundle/manifests/security-profiles-operator.clusterserviceversion.yaml b/bundle/manifests/security-profiles-operator.clusterserviceversion.yaml index 1e44c8b7aa..3c318f660f 100644 --- a/bundle/manifests/security-profiles-operator.clusterserviceversion.yaml +++ b/bundle/manifests/security-profiles-operator.clusterserviceversion.yaml @@ -247,17 +247,17 @@ metadata: ] capabilities: Basic Install categories: Security - containerImage: registry.k8s.io/security-profiles-operator/security-profiles-operator:v0.10.0 - createdAt: "2026-02-09T07:45:11Z" - olm.skipRange: '>=0.4.1 <0.10.1-dev' + containerImage: registry.k8s.io/security-profiles-operator/security-profiles-operator:v0.10.1 + createdAt: "2026-04-01T07:47:04Z" + olm.skipRange: '>=0.4.1 <0.10.1' operatorframework.io/cluster-monitoring: "true" operatorframework.io/os.linux: supported operatorframework.io/suggested-namespace: security-profiles-operator operators.openshift.io/valid-subscription: '["OpenShift Kubernetes Engine", "OpenShift Container Platform", "OpenShift Platform Plus"]' - operators.operatorframework.io/builder: operator-sdk-v1.39.2 + operators.operatorframework.io/builder: operator-sdk-v1.42.2 operators.operatorframework.io/project_layout: go.kubebuilder.io/v4 - name: security-profiles-operator.v0.10.1-dev + name: security-profiles-operator.v0.10.1 namespace: placeholder spec: apiservicedefinitions: {} @@ -708,7 +708,7 @@ spec: fieldPath: spec.nodeName - name: KUBELET_DIR value: /var/lib/kubelet - image: gcr.io/k8s-staging-sp-operator/security-profiles-operator:latest + image: registry.k8s.io/security-profiles-operator/security-profiles-operator:v0.10.1 imagePullPolicy: Always name: security-profiles-operator resources: @@ -820,4 +820,4 @@ spec: - image: quay.io/security-profiles-operator/selinuxd-fedora:latest name: selinuxd-fedora replaces: security-profiles-operator.v0.9.1 - version: 0.10.1-dev + version: 0.10.1 diff --git a/bundle/manifests/security-profiles-operator.x-k8s.io_apparmorprofiles.yaml b/bundle/manifests/security-profiles-operator.x-k8s.io_apparmorprofiles.yaml index 71b8a92046..7c10e95701 100644 --- a/bundle/manifests/security-profiles-operator.x-k8s.io_apparmorprofiles.yaml +++ b/bundle/manifests/security-profiles-operator.x-k8s.io_apparmorprofiles.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.20.0 + controller-gen.kubebuilder.io/version: v0.20.1 creationTimestamp: null labels: app: security-profiles-operator diff --git a/bundle/manifests/security-profiles-operator.x-k8s.io_profilebindings.yaml b/bundle/manifests/security-profiles-operator.x-k8s.io_profilebindings.yaml index a99c5ac739..71c86c8cf6 100644 --- a/bundle/manifests/security-profiles-operator.x-k8s.io_profilebindings.yaml +++ b/bundle/manifests/security-profiles-operator.x-k8s.io_profilebindings.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.20.0 + controller-gen.kubebuilder.io/version: v0.20.1 creationTimestamp: null labels: app: security-profiles-operator diff --git a/bundle/manifests/security-profiles-operator.x-k8s.io_profilerecordings.yaml b/bundle/manifests/security-profiles-operator.x-k8s.io_profilerecordings.yaml index 0b966bf12d..d050503801 100644 --- a/bundle/manifests/security-profiles-operator.x-k8s.io_profilerecordings.yaml +++ b/bundle/manifests/security-profiles-operator.x-k8s.io_profilerecordings.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.20.0 + controller-gen.kubebuilder.io/version: v0.20.1 creationTimestamp: null labels: app: security-profiles-operator diff --git a/bundle/manifests/security-profiles-operator.x-k8s.io_rawselinuxprofiles.yaml b/bundle/manifests/security-profiles-operator.x-k8s.io_rawselinuxprofiles.yaml index ed38431cf1..5e7ea1d6b1 100644 --- a/bundle/manifests/security-profiles-operator.x-k8s.io_rawselinuxprofiles.yaml +++ b/bundle/manifests/security-profiles-operator.x-k8s.io_rawselinuxprofiles.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.20.0 + controller-gen.kubebuilder.io/version: v0.20.1 creationTimestamp: null labels: app: security-profiles-operator diff --git a/bundle/manifests/security-profiles-operator.x-k8s.io_seccompprofiles.yaml b/bundle/manifests/security-profiles-operator.x-k8s.io_seccompprofiles.yaml index cf6d9034fb..20b7728832 100644 --- a/bundle/manifests/security-profiles-operator.x-k8s.io_seccompprofiles.yaml +++ b/bundle/manifests/security-profiles-operator.x-k8s.io_seccompprofiles.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.20.0 + controller-gen.kubebuilder.io/version: v0.20.1 creationTimestamp: null labels: app: security-profiles-operator diff --git a/bundle/manifests/security-profiles-operator.x-k8s.io_securityprofilenodestatuses.yaml b/bundle/manifests/security-profiles-operator.x-k8s.io_securityprofilenodestatuses.yaml index 6587d905c7..6e27181135 100644 --- a/bundle/manifests/security-profiles-operator.x-k8s.io_securityprofilenodestatuses.yaml +++ b/bundle/manifests/security-profiles-operator.x-k8s.io_securityprofilenodestatuses.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.20.0 + controller-gen.kubebuilder.io/version: v0.20.1 creationTimestamp: null labels: app: security-profiles-operator diff --git a/bundle/manifests/security-profiles-operator.x-k8s.io_securityprofilesoperatordaemons.yaml b/bundle/manifests/security-profiles-operator.x-k8s.io_securityprofilesoperatordaemons.yaml index 7530bd411f..56172c5458 100644 --- a/bundle/manifests/security-profiles-operator.x-k8s.io_securityprofilesoperatordaemons.yaml +++ b/bundle/manifests/security-profiles-operator.x-k8s.io_securityprofilesoperatordaemons.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.20.0 + controller-gen.kubebuilder.io/version: v0.20.1 creationTimestamp: null labels: app: security-profiles-operator diff --git a/bundle/manifests/security-profiles-operator.x-k8s.io_selinuxprofiles.yaml b/bundle/manifests/security-profiles-operator.x-k8s.io_selinuxprofiles.yaml index d1784908fd..304d633b8c 100644 --- a/bundle/manifests/security-profiles-operator.x-k8s.io_selinuxprofiles.yaml +++ b/bundle/manifests/security-profiles-operator.x-k8s.io_selinuxprofiles.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.20.0 + controller-gen.kubebuilder.io/version: v0.20.1 creationTimestamp: null labels: app: security-profiles-operator diff --git a/bundle/metadata/annotations.yaml b/bundle/metadata/annotations.yaml index 74ead44219..d6f08217be 100644 --- a/bundle/metadata/annotations.yaml +++ b/bundle/metadata/annotations.yaml @@ -6,7 +6,7 @@ annotations: operators.operatorframework.io.bundle.package.v1: security-profiles-operator operators.operatorframework.io.bundle.channels.v1: stable operators.operatorframework.io.bundle.channel.default.v1: stable - operators.operatorframework.io.metrics.builder: operator-sdk-v1.39.2 + operators.operatorframework.io.metrics.builder: operator-sdk-v1.42.2 operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v4 diff --git a/dependencies.yaml b/dependencies.yaml index ae9f553511..ceb03bcb8c 100644 --- a/dependencies.yaml +++ b/dependencies.yaml @@ -18,11 +18,17 @@ dependencies: match: KUSTOMIZE_VERSION - name: operator-sdk - version: v1.37.0 + version: v1.42.2 refPaths: - path: Makefile match: OPERATOR_SDK_VERSION + - name: opm + version: v1.65.0 + refPaths: + - path: Makefile + match: OPM_VERSION + - name: olm version: v0.30.0 refPaths: @@ -162,7 +168,7 @@ dependencies: match: BOM_VERSION - name: spo-current - version: 0.10.1-dev + version: 0.10.1 refPaths: - path: VERSION match: ^.* diff --git a/deploy/base/clusterserviceversion.yaml b/deploy/base/clusterserviceversion.yaml index 7cd56523f9..47df7a634e 100644 --- a/deploy/base/clusterserviceversion.yaml +++ b/deploy/base/clusterserviceversion.yaml @@ -6,7 +6,7 @@ metadata: alm-examples: '[]' capabilities: Basic Install categories: Security - containerImage: registry.k8s.io/security-profiles-operator/security-profiles-operator:v0.10.0 + containerImage: registry.k8s.io/security-profiles-operator/security-profiles-operator:v0.10.1 olm.skipRange: '>=0.4.1 <0.8.5-dev' operatorframework.io/suggested-namespace: security-profiles-operator operators.openshift.io/valid-subscription: '["OpenShift Kubernetes Engine", "OpenShift Container Platform", "OpenShift Platform Plus"]' diff --git a/deploy/catalog-preamble.json b/deploy/catalog-preamble.json index 2ed9460716..2a8af07a89 100644 --- a/deploy/catalog-preamble.json +++ b/deploy/catalog-preamble.json @@ -13,8 +13,8 @@ "package": "security-profiles-operator", "entries": [ { - "name": "security-profiles-operator.v0.10.1-dev", - "skipRange": ">=0.4.1 <0.10.1-dev" + "name": "security-profiles-operator.v0.10.1", + "skipRange": ">=0.4.1 <0.10.1" } ] } diff --git a/deploy/helm/Chart.yaml b/deploy/helm/Chart.yaml index efc0c230c8..4d64dfedae 100644 --- a/deploy/helm/Chart.yaml +++ b/deploy/helm/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: security-profiles-operator description: "The Kubernetes Security Profiles Operator." type: application -version: "0.10.1-dev" -appVersion: "0.10.1-dev" +version: "0.10.1" +appVersion: "0.10.1" diff --git a/deploy/kustomize-deployment/kustomization.yaml b/deploy/kustomize-deployment/kustomization.yaml index 3a4c6537ae..30d8cb0fec 100644 --- a/deploy/kustomize-deployment/kustomization.yaml +++ b/deploy/kustomize-deployment/kustomization.yaml @@ -6,11 +6,11 @@ sortOptions: images: - name: security-profiles-operator - newName: gcr.io/k8s-staging-sp-operator/security-profiles-operator - newTag: latest + # newName: gcr.io/k8s-staging-sp-operator/security-profiles-operator + # newTag: latest # For images to be released: - # newName: registry.k8s.io/security-profiles-operator/security-profiles-operator - # newTag: v0.10.1 + newName: registry.k8s.io/security-profiles-operator/security-profiles-operator + newTag: v0.10.1 resources: diff --git a/deploy/namespace-operator.yaml b/deploy/namespace-operator.yaml index 675e74ad3d..b6e61edd45 100644 --- a/deploy/namespace-operator.yaml +++ b/deploy/namespace-operator.yaml @@ -3479,7 +3479,7 @@ spec: fieldPath: spec.nodeName - name: KUBELET_DIR value: /var/lib/kubelet - image: gcr.io/k8s-staging-sp-operator/security-profiles-operator:latest + image: registry.k8s.io/security-profiles-operator/security-profiles-operator:v0.10.1 imagePullPolicy: Always name: security-profiles-operator resources: diff --git a/deploy/openshift-dev.yaml b/deploy/openshift-dev.yaml index e248a25994..580cc10d5e 100644 --- a/deploy/openshift-dev.yaml +++ b/deploy/openshift-dev.yaml @@ -3475,7 +3475,7 @@ spec: fieldPath: spec.nodeName - name: KUBELET_DIR value: /var/lib/kubelet - image: image-registry.openshift-image-registry.svc:5000/openshift/security-profiles-operator:latest + image: registry.k8s.io/security-profiles-operator/security-profiles-operator:v0.10.1 imagePullPolicy: Always name: security-profiles-operator resources: diff --git a/deploy/openshift-downstream.yaml b/deploy/openshift-downstream.yaml index 2164e10f5e..c238ab4ffe 100644 --- a/deploy/openshift-downstream.yaml +++ b/deploy/openshift-downstream.yaml @@ -3495,7 +3495,7 @@ spec: fieldPath: spec.nodeName - name: KUBELET_DIR value: /var/lib/kubelet - image: gcr.io/k8s-staging-sp-operator/security-profiles-operator:latest + image: registry.k8s.io/security-profiles-operator/security-profiles-operator:v0.10.1 imagePullPolicy: Always name: security-profiles-operator resources: diff --git a/deploy/operator.yaml b/deploy/operator.yaml index 61739a9566..5202612fa2 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -3477,7 +3477,7 @@ spec: fieldPath: spec.nodeName - name: KUBELET_DIR value: /var/lib/kubelet - image: gcr.io/k8s-staging-sp-operator/security-profiles-operator:latest + image: registry.k8s.io/security-profiles-operator/security-profiles-operator:v0.10.1 imagePullPolicy: Always name: security-profiles-operator resources: diff --git a/deploy/webhook-operator.yaml b/deploy/webhook-operator.yaml index 8f5b0ccae5..98c6bdd571 100644 --- a/deploy/webhook-operator.yaml +++ b/deploy/webhook-operator.yaml @@ -3477,7 +3477,7 @@ spec: fieldPath: spec.nodeName - name: KUBELET_DIR value: /var/lib/kubelet - image: gcr.io/k8s-staging-sp-operator/security-profiles-operator:latest + image: registry.k8s.io/security-profiles-operator/security-profiles-operator:v0.10.1 imagePullPolicy: Always name: security-profiles-operator resources: diff --git a/examples/olm/install-resources.yaml b/examples/olm/install-resources.yaml index fd2c49734e..e7a1907d45 100644 --- a/examples/olm/install-resources.yaml +++ b/examples/olm/install-resources.yaml @@ -17,7 +17,7 @@ metadata: namespace: olm spec: sourceType: grpc - image: gcr.io/k8s-staging-sp-operator/security-profiles-operator-catalog:latest + image: registry.k8s.io/security-profiles-operator/security-profiles-operator-catalog:v0.10.1 --- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription diff --git a/hack/ci/e2e-olm.sh b/hack/ci/e2e-olm.sh index a2383355ec..f3fdf54cd2 100755 --- a/hack/ci/e2e-olm.sh +++ b/hack/ci/e2e-olm.sh @@ -43,7 +43,7 @@ function build_and_push_packages() { # Create a manifest with local image cp deploy/operator.yaml ${OPERATOR_MANIFEST} - sed -i "s#gcr.io/k8s-staging-sp-operator/security-profiles-operator.*\$#${IMG}#" ${OPERATOR_MANIFEST} + sed -i "s#registry.k8s.io/security-profiles-operator.*\$#${IMG}#" ${OPERATOR_MANIFEST} grep ${IMG} ${OPERATOR_MANIFEST} || exit 1 # this is a kludge, we need to make sure kustomize can be overwritten @@ -71,7 +71,7 @@ function deploy_deps() { kubectl_wait -ncert-manager --for condition=ready pod -l app.kubernetes.io/instance=cert-manager # All installation methods run off the same catalog - sed -i "s#gcr.io/k8s-staging-sp-operator/security-profiles-operator-catalog:latest#${CATALOG_IMG}#g" examples/olm/install-resources.yaml + sed -i "s#registry.k8s.io/security-profiles-operator/security-profiles-operator-catalog:v0.10.1#${CATALOG_IMG}#g" examples/olm/install-resources.yaml } diff --git a/hack/deploy-localhost.patch b/hack/deploy-localhost.patch index 5e6bbf305a..3e3242abb4 100644 --- a/hack/deploy-localhost.patch +++ b/hack/deploy-localhost.patch @@ -15,7 +15,7 @@ index d7bf1964..d2a9c614 100644 fieldPath: spec.nodeName - name: KUBELET_DIR value: /var/lib/kubelet -- image: gcr.io/k8s-staging-sp-operator/security-profiles-operator:latest +- image: registry.k8s.io/security-profiles-operator/security-profiles-operator:v0.10.1 - imagePullPolicy: Always + image: localhost/security-profiles-operator:latest + imagePullPolicy: IfNotPresent diff --git a/test/e2e_test.go b/test/e2e_test.go index a6d34114c3..5ff2b9fa67 100644 --- a/test/e2e_test.go +++ b/test/e2e_test.go @@ -330,8 +330,8 @@ func (e *e2e) deployOperator(manifest string) { // ones from the nodes e.logf("Setting imagePullPolicy to '%s' in manifest: %s", e.pullPolicy, manifest) e.updateManifest(manifest, "imagePullPolicy: Always", "imagePullPolicy: "+e.pullPolicy) - e.updateManifest(manifest, "image: .*gcr.io/k8s-staging-sp-operator/.*", "image: "+e.testImage) - e.updateManifest(manifest, "value: .*gcr.io/k8s-staging-sp-operator/.*", "value: "+e.testImage) + e.updateManifest(manifest, "image: .*registry.k8s.io/.*", "image: "+e.testImage) + e.updateManifest(manifest, "value: .*registry.k8s.io/.*", "value: "+e.testImage) if e.selinuxEnabled { e.updateManifest(manifest, "enableSelinux: false", "enableSelinux: true")