Merge branch 'main' into fix-pdb-helm-chart

.github/workflows/helm-publish.yaml

@@ -26,7 +26,7 @@ jobs:
         uses: actions/checkout@v4.1.1
 
       - name: Install Helm
-        uses: azure/setup-helm@v4.1.0
+        uses: azure/setup-helm@v4.2.0
         with:
           version: 'v3.14.3'
 

.github/workflows/make-test-e2e.yaml

@@ -15,11 +15,11 @@ jobs:
     strategy:
       matrix:
         k8s:
-          - version: 1.27.1
+          - version: 1.28.3
             attribute: penultimate
-          - version: 1.28.0
+          - version: 1.29.3
             attribute: previous
-          - version: 1.29.0
+          - version: 1.30.0
             attribute: latest
     runs-on: ubuntu-22.04
     steps:
@@ -30,7 +30,7 @@ jobs:
       - uses: docker/setup-buildx-action@v3.3.0
       - uses: tale/kubectl-action@v1.4.0
         with:
-          kubectl-version: v1.29.3
+          kubectl-version: v1.30.0
           # Empty kubeconfig file
           base64-kube-config: "YXBpVmVyc2lvbjogdjEKa2luZDogQ29uZmlnCnByZWZlcmVuY2VzOiB7fQo="
       - run: ENVTEST_K8S_VERSION=${{ matrix.k8s.version }} make test-e2e

.github/workflows/make-test.yaml

@@ -15,11 +15,11 @@ jobs:
     strategy:
       matrix:
         k8s:
-          - version: 1.27.1
+          - version: 1.28.3
             attribute: penultimate
-          - version: 1.28.0
+          - version: 1.29.3
             attribute: previous
-          - version: 1.29.0
+          - version: 1.30.0
             attribute: latest
     runs-on: ubuntu-22.04
     steps:

.pre-commit-config.yaml

@@ -24,6 +24,11 @@ repos:
       entry: sh -c "make lint-fix"
       language: system
       require_serial: true
+    - id: make-nilaway-lint
+      name: make-nilaway-lint
+      entry: sh -c "make nilaway-lint"
+      language: system
+      require_serial: true
     - id: make-helm-lint
       name: make-helm-lint
       entry: sh -c "make helm-lint"

Makefile

@@ -3,7 +3,7 @@
 IMG ?= ghcr.io/aenix-io/etcd-operator:latest
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 # renovate: datasource=github-tags depName=kubernetes/kubernetes
-ENVTEST_K8S_VERSION ?= v1.29.3
+ENVTEST_K8S_VERSION ?= v1.30.0
 ENVTEST_K8S_VERSION_TRIMMED_V = $(subst v,,$(ENVTEST_K8S_VERSION))
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
@@ -47,8 +47,9 @@ help: ## Display this help.
 ##@ Development
 
 .PHONY: manifests
-manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
+manifests: controller-gen yq ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
 	$(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
+	$(YQ) -i '.spec.versions[0].schema.openAPIV3Schema.properties.spec.properties.podTemplate.properties.spec.properties |= {}' config/crd/bases/etcd.aenix.io_etcdclusters.yaml
 
 .PHONY: generate
 generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
@@ -79,6 +80,10 @@ lint: golangci-lint ## Run golangci-lint linter & yamllint
 lint-fix: golangci-lint ## Run golangci-lint linter and perform fixes
 	$(GOLANGCI_LINT) run --fix
 
+.PHONY: nilaway-lint
+nilaway-lint: nilaway
+	$(NILAWAY_LINT) -include-pkgs=github.com/aenix-io/etcd-operator/api,github.com/aenix-io/etcd-operator/internal,github.com/aenix-io/etcd-operator/test ./...
+
 .PHONY: helm-lint
 helm-lint: helm ## Run helm lint over chart
 	$(HELM) lint charts/etcd-operator
@@ -146,7 +151,7 @@ KIND_CLUSTER_NAME ?= etcd-operator-kind
 NAMESPACE ?= etcd-operator-system
 
 # renovate: datasource=github-tags depName=prometheus-operator/prometheus-operator
-PROMETHEUS_OPERATOR_VERSION ?= v0.73.1
+PROMETHEUS_OPERATOR_VERSION ?= v0.73.2
 # renovate: datasource=github-tags depName=jetstack/cert-manager
 CERT_MANAGER_VERSION ?= v1.14.4
 
@@ -220,6 +225,7 @@ KUSTOMIZE ?= $(LOCALBIN)/kustomize
 CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
 ENVTEST ?= $(LOCALBIN)/setup-envtest
 GOLANGCI_LINT ?= $(LOCALBIN)/golangci-lint
+NILAWAY_LINT ?= $(LOCALBIN)/nilaway
 KIND ?= $(LOCALBIN)/kind
 HELM ?= $(LOCALBIN)/helm
 HELM_DOCS ?= $(LOCALBIN)/helm-docs
@@ -269,6 +275,10 @@ golangci-lint: $(LOCALBIN)
 	@test -x $(GOLANGCI_LINT) && $(GOLANGCI_LINT) version | grep -q $(GOLANGCI_LINT_VERSION) || \
 	GOBIN=$(LOCALBIN) go install github.com/golangci/golangci-lint/cmd/golangci-lint@$(GOLANGCI_LINT_VERSION)
 
+.PHONY: nilaway
+nilaway: $(LOCALBIN)
+	@test -x $(NILAWAY_LINT) || GOBIN=$(LOCALBIN) go install go.uber.org/nilaway/cmd/nilaway@latest
+
 kind: $(LOCALBIN)
 	@test -x $(KIND) && $(KIND) version | grep -q $(KIND_VERSION) || \
 	GOBIN=$(LOCALBIN) go install sigs.k8s.io/kind@$(KIND_VERSION)

api/v1alpha1/etcdcluster_types.go

@@ -22,7 +22,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/intstr"
 )
 
-const defaultEtcdImage = "quay.io/coreos/etcd:v3.5.12"
+const DefaultEtcdImage = "quay.io/coreos/etcd:v3.5.12"
 
 // EtcdClusterSpec defines the desired state of EtcdCluster
 type EtcdClusterSpec struct {
@@ -128,66 +128,16 @@ type EmbeddedObjectMetadata struct {
 	Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,12,rep,name=annotations"`
 }
 
+// PodTemplate allows overrides, such as sidecars, init containers, changes to the security context, etc to the pod template generated by the operator.
 type PodTemplate struct {
 	// EmbeddedObjectMetadata contains metadata relevant to an EmbeddedResource
 	// +optional
 	EmbeddedObjectMetadata `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
 
-	// Spec defines the desired state of spec for etcd members. If not specified, default values will be used.
+	// Spec follows the structure of a regular Pod spec. Overrides defined here will be strategically merged with the default pod spec, generated by the operator.
 	// +optional
-	Spec PodSpec `json:"spec,omitempty"`
-}
-
-// PodSpec defines the desired state of PodSpec for etcd members.
-// +k8s:openapi-gen=true
-type PodSpec struct {
-	// Containers allows the user to add containers to the pod and change "etcd" container if such options are not
-	// available in the EtcdCluster custom resource.
-	// +optional
-	Containers []corev1.Container `json:"containers" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,2,rep,name=containers"`
-
-	// ImagePullSecrets An optional list of references to secrets in the same namespace
-	// to use for pulling images from registries
-	// see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
-	// +optional
-	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
-	// ServiceAccountName is the name of the ServiceAccount to use to run the etcd pods.
-	// +optional
-	ServiceAccountName string `json:"serviceAccountName,omitempty"`
-	// ReadinessGates is an optional list of conditions that must be true for the pod to be considered ready for
-	// traffic. A pod is considered ready when all of its containers are ready.
-	// +optional
-	ReadinessGates []corev1.PodReadinessGate `json:"readinessGates,omitempty"`
-	// Affinity sets the scheduling constraints for the pod.
-	// +optional
-	Affinity *corev1.Affinity `json:"affinity,omitempty"`
-	// NodeSelector is a selector which must be true for the pod to fit on a node.
-	// +optional
-	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
-	// TopologySpreadConstraints describes how a group of pods ought to spread across topology domains.
-	// +optional
-	TopologySpreadConstraints []corev1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"`
-	// Tolerations is a list of tolerations.
-	// +optional
-	Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
-	// SecurityContext holds pod-level security attributes and common container settings.
-	// +optional
-	SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty"`
-	// PriorityClassName is the name of the PriorityClass for this pod.
-	// +optional
-	PriorityClassName string `json:"priorityClassName,omitempty"`
-	// TerminationGracePeriodSeconds is the time to wait before forceful pod shutdown.
-	// +optional
-	TerminationGracePeriodSeconds *int64 `json:"terminationGracePeriodSeconds,omitempty"`
-	// SchedulerName is the name of the scheduler to be used for scheduling the pod.
-	// +optional
-	SchedulerName string `json:"schedulerName,omitempty"`
-	// RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod.
-	// +optional
-	RuntimeClassName *string `json:"runtimeClassName,omitempty"`
-	// Volumes are volumes for being used by the pods. Cannot collide with "data" volume used by etcd.
-	// +optional
-	Volumes []corev1.Volume `json:"volumes,omitempty" patchStrategy:"merge,retainKeys" patchMergeKey:"name" protobuf:"bytes,1,rep,name=volumes"`
+	// +kubebuilder:pruning:PreserveUnknownFields
+	Spec corev1.PodSpec `json:"spec,omitempty"`
 }
 
 // StorageSpec defines the configured storage for a etcd members.

api/v1alpha1/etcdcluster_webhook.go

@@ -19,7 +19,6 @@ package v1alpha1
 import (
 	"fmt"
 	"math"
-	"slices"
 	"strings"
 
 	corev1 "k8s.io/api/core/v1"
@@ -64,20 +63,6 @@ func (r *EtcdCluster) Default() {
 			}
 		}
 	}
-	etcdContainerIdx := slices.IndexFunc(r.Spec.PodTemplate.Spec.Containers, func(c corev1.Container) bool {
-		return c.Name == "etcd"
-	})
-	if etcdContainerIdx == -1 {
-		r.Spec.PodTemplate.Spec.Containers = append(r.Spec.PodTemplate.Spec.Containers, corev1.Container{
-			Name:  "etcd",
-			Image: defaultEtcdImage,
-		})
-	} else {
-		c := &r.Spec.PodTemplate.Spec.Containers[etcdContainerIdx]
-		if c.Image == "" {
-			c.Image = defaultEtcdImage
-		}
-	}
 }
 
 // +kubebuilder:webhook:path=/validate-etcd-aenix-io-v1alpha1-etcdcluster,mutating=false,failurePolicy=fail,sideEffects=None,groups=etcd.aenix.io,resources=etcdclusters,verbs=create;update,versions=v1alpha1,name=vetcdcluster.kb.io,admissionReviewVersions=v1

api/v1alpha1/etcdcluster_webhook_test.go

@@ -33,7 +33,6 @@ var _ = Describe("EtcdCluster Webhook", func() {
 		It("Should fill in the default value if a required field is empty", func() {
 			etcdCluster := &EtcdCluster{}
 			etcdCluster.Default()
-			Expect(etcdCluster.Spec.PodTemplate.Spec.Containers[0].Image).To(Equal(defaultEtcdImage))
 			Expect(etcdCluster.Spec.Replicas).To(BeNil(), "User should have an opportunity to create cluster with 0 replicas")
 			Expect(etcdCluster.Spec.Storage.EmptyDir).To(BeNil())
 			storage := etcdCluster.Spec.Storage.VolumeClaimTemplate.Spec.Resources.Requests.Storage()

api/v1alpha1/webhook_suite_test.go

@@ -73,7 +73,7 @@ var _ = BeforeSuite(func() {
 		// Note that you must have the required binaries setup under the bin directory to perform
 		// the tests directly. When we run make test it will be setup and used automatically.
 		BinaryAssetsDirectory: filepath.Join("..", "..", "bin", "k8s",
-			fmt.Sprintf("1.29.0-%s-%s", runtime.GOOS, runtime.GOARCH)),
+			fmt.Sprintf("1.30.0-%s-%s", runtime.GOOS, runtime.GOARCH)),
 
 		WebhookInstallOptions: envtest.WebhookInstallOptions{
 			Paths: []string{filepath.Join("..", "..", "config", "webhook")},