Updating controller-runtime and dependencies (#740)

* Update to newer version of kubebuilder base, controller-runtime versions. Remove the use of operatorConfig (since it was removed from controller-runtime) and replace the controller-runtime parameters as cmd line options. Remove kube_rbac module for metrics authentication as it was deprecated also, instead replace it with the option of using secured metrics.

Move serverconfig related stuff out from the apis and move them to the serverconfig pkg. This is part of the cleanup of external dependencies from apis package.

* Update main.go with correct ordering for operator parameter parsing, move cert-manager annotation injections to webhook component, fix some Kustomize 5.x deprecations

* Fix clusterscope deployment with Kustomize 5.x

* Fix webhook certificate deployment, fix webhook setupManager and make cluster deployment the default for "make deploy"

* Move cassdc webhook to internal/webhooks/cassandra folder as per newer structure in kubebuilder and make it its own struct and not part of CassandraDatacenter object. This removes controller-runtime dependency from the apis.

* Update some versions, to UBI9 base and Vector 0.43.1

* Add replacements to the tests/kustomize/kustomization.yaml also or the replacements will not work correctly for Certificates

* Fix copyrights

* Test kustomize indentation

* Copyrights with generate manifests also

* Disable setup-go cache

* Make cluster_wide_install to use different namespace for the cass-operator installation

* Fix DSE version in the test definition

.github/actions/run-integ-test/action.yml

@@ -26,7 +26,7 @@ runs:
       uses: actions/setup-go@v5
       with:
         go-version-file: 'go.mod'
-        cache: true
+        cache: false
     # The runners already have the latest versions of tools, no need to reinstall them
     - name: Link tools
       shell: bash

.github/workflows/kindIntegTest.yml

@@ -88,7 +88,7 @@ jobs:
     strategy:
       matrix:
         version:
-          - "4.0.14"
+          - "4.0.15"
         integration_test:
           - cdc_successful # OSS only
           - config_fql
@@ -117,12 +117,12 @@ jobs:
     strategy:
       matrix:
         version:
-          - "6.8.51"
+          - "6.8.52"
         integration_test:
           - cdc_successful
         include:
-          - version: 6.8.51
-            serverImage: datastax/dse-mgmtapi-6_8:6.8.51-ubi8 # DSE 6.8.51
+          - version: 6.8.52
+            serverImage: datastax/dse-mgmtapi-6_8:6.8.52-ubi8 # DSE 6.8.52
             serverType: dse
             integration_test: "cdc_successful"
       fail-fast: true
@@ -155,7 +155,7 @@ jobs:
     strategy:
       matrix:
         version:
-          - "5.0.1"
+          - "5.0.2"
         integration_test:
           # Single worker tests:
           - additional_serviceoptions
@@ -233,19 +233,19 @@ jobs:
         version:
           - "4.0.14"
           - "4.1.7"
-          - "5.0.1"
-          - "6.8.51"
-          - "6.9.2"
+          - "5.0.2"
+          - "6.8.52"
+          - "6.9.4"
           - "1.0.0"
         integration_test:
           - test_all_the_things
           - smoke_test_read_only_fs
         include:
-          - version: 6.8.51
-            serverImage: datastax/dse-mgmtapi-6_8:6.8.51-ubi8 # DSE 6.8.51
+          - version: 6.8.52
+            serverImage: datastax/dse-mgmtapi-6_8:6.8.52-ubi8 # DSE 6.8.52
             serverType: dse
-          - version: 6.9.2
-            serverImage: datastax/dse-mgmtapi-6_8:6.9.2-ubi # DSE 6.9.2
+          - version: 6.9.4
+            serverImage: datastax/dse-mgmtapi-6_8:6.9.4-ubi # DSE 6.9.4
             serverType: dse
           - version: 1.0.0
             serverImage: datastax/hcd:1.0.0-ubi # HCD 1.0.0
@@ -283,7 +283,7 @@ jobs:
     strategy:
       matrix:
         version:
-          - "5.0.1"
+          - "5.0.2"
         integration_test:
           - pvc_expansion
       fail-fast: true
@@ -306,7 +306,7 @@ jobs:
         with:
           repository: topolvm/topolvm
           path: topolvm
-          ref: topolvm-chart-v15.2.0
+          ref: topolvm-chart-v15.5.0
       - name: Create LVM from TopoLVM's example setup
         run: |
           cd topolvm/example
@@ -318,7 +318,7 @@ jobs:
         uses: actions/setup-go@v5
         with:
           go-version-file: 'go.mod'
-          cache: true
+          cache: false
       - name: Install TopoLVM controller
         run: |
           make cert-manager

.github/workflows/operatorBuildAndDeploy.yml

@@ -3,7 +3,6 @@ on:
   push:
     branches:
       - master
-      - 1.10.x
   pull_request:
     branches: [ master ]
 jobs:
@@ -23,7 +22,7 @@ jobs:
         uses: actions/setup-go@v5
         with:
           go-version-file: 'go.mod'
-          cache: true
+          cache: false
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
       - name: golangci-lint
@@ -56,7 +55,7 @@ jobs:
         uses: actions/setup-go@v5
         with:
           go-version-file: 'go.mod'
-          cache: true
+          cache: false
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
       - name: Login to DockerHub

.github/workflows/release.yml

@@ -18,7 +18,7 @@ jobs:
         uses: actions/setup-go@v5
         with:
           go-version-file: 'go.mod'
-          cache: true
+          cache: false
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx

Dockerfile

@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.22 AS builder
+FROM golang:1.23 AS builder
 ARG TARGETOS
 ARG TARGETARCH
 
@@ -21,7 +21,7 @@ COPY internal/ internal/
 RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager cmd/main.go
 
 # Build the UBI image
-FROM redhat/ubi8-micro:latest
+FROM redhat/ubi9-micro:latest
 
 ARG VERSION
 

Makefile

@@ -67,7 +67,7 @@ IMG ?= $(IMAGE_TAG_BASE):v$(VERSION)
 # Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
 CRD_OPTIONS ?= "crd:generateEmbeddedObjectMeta=true"
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
-ENVTEST_K8S_VERSION = 1.30.x
+ENVTEST_K8S_VERSION = 1.31.x
 
 # Logger image
 LOG_IMG_BASE ?= $(ORG)/system-logger
@@ -130,12 +130,16 @@ vet: ## Run go vet against code.
 lint: golangci-lint ## Run golangci-lint against code.
 	$(GOLANGCI_LINT) run ./...
 
+.PHONY: lint-fix
+lint-fix: golangci-lint ## Run golangci-lint linter and perform fixes
+	$(GOLANGCI_LINT) run --fix
+
 .PHONY: test
 test: manifests generate fmt vet lint envtest ## Run tests.
 	# Old unit tests first - these use mocked client / fakeclient
 	go test ./pkg/... -coverprofile cover-pkg.out
 	# Then the envtest ones
-	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test -v ./apis/... ./internal/controllers/... -coverprofile cover.out
+	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test -v ./apis/... ./internal/... -coverprofile cover.out
 
 .PHONY: integ-test
 integ-test: kustomize cert-manager helm ## Run integration tests from directory M_INTEG_DIR or set M_INTEG_DIR=all to run all the integration tests.
@@ -184,6 +188,12 @@ docker-logger-push: ## Push system-logger-image
 docker-logger-kind: docker-logger-build ## Build system-logger image and load to kind cluster
 	kind load docker-image ${LOG_IMG}
 
+.PHONY: build-installer
+build-installer: manifests generate kustomize ## Generate a consolidated YAML with CRDs and deployment.
+	mkdir -p dist
+	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	$(KUSTOMIZE) build config/deployments/cluster > dist/install.yaml
+
 ##@ Deployment
 
 ifndef ignore-not-found
@@ -202,11 +212,11 @@ uninstall: manifests ## Uninstall CRDs from the K8s cluster specified in ~/.kube
 deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
 	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
 	LOG_IMG=${LOG_IMG} yq eval -i '.images.system-logger = env(LOG_IMG)' config/manager/image_config.yaml
-	kubectl apply --force-conflicts --server-side -k config/deployments/default
+	kubectl apply --force-conflicts --server-side -k config/deployments/cluster
 
 .PHONY: undeploy
 undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config.
-	kubectl delete --ignore-not-found=$(ignore-not-found) -k config/deployments/default
+	kubectl delete --ignore-not-found=$(ignore-not-found) -k config/deployments/cluster
 
 .PHONY: deploy-test
 deploy-test: kustomize
@@ -241,13 +251,13 @@ HELM ?= $(LOCALBIN)/helm
 OPM ?= $(LOCALBIN)/opm
 
 ## Tool Versions
-CERT_MANAGER_VERSION ?= v1.14.7
-KUSTOMIZE_VERSION ?= v5.4.2
-CONTROLLER_TOOLS_VERSION ?= v0.15.0
-OPERATOR_SDK_VERSION ?= 1.35.0
-HELM_VERSION ?= 3.14.2
-OPM_VERSION ?= 1.38.0
-GOLINT_VERSION ?= 1.60.3
+CERT_MANAGER_VERSION ?= v1.16.2
+KUSTOMIZE_VERSION ?= v5.5.0
+CONTROLLER_TOOLS_VERSION ?= v0.16.4
+OPERATOR_SDK_VERSION ?= 1.38.0
+HELM_VERSION ?= 3.17.0
+OPM_VERSION ?= 1.48.0
+GOLINT_VERSION ?= 1.62.2
 
 .PHONY: cert-manager
 cert-manager: ## Install cert-manager to the cluster

README.md

@@ -97,7 +97,6 @@ ignore the feature (components enabled in the default installation are marked wi
 | namespace | Create namespace before installation* |
 | webhook | Enable validation webhooks in cass-operator (requires cert-manager) * |
 | clusterscope | Install cass-operator in a cluster scope, monitoring all the namespaces |
-| auth-proxy | Protect Prometheus /metrics endpoint with api-server authentication |
 
 And following resource. Apply ``github.com/k8ssandra/cass-operator/config/`` before resource name if using remote installation:
 

apis/cassandra/v1beta1/cassandradatacenter_types.go

@@ -10,9 +10,6 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/Jeffail/gabs/v2"
-	"github.com/k8ssandra/cass-operator/pkg/serverconfig"
-	"github.com/pkg/errors"
 	"golang.org/x/mod/semver"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -721,80 +718,6 @@ func (dc *CassandraDatacenter) GetSuperuserSecretNamespacedName() types.Namespac
 	}
 }
 
-// GetConfigAsJSON gets a JSON-encoded string suitable for passing to configBuilder
-func (dc *CassandraDatacenter) GetConfigAsJSON(config []byte) (string, error) {
-
-	// We use the cluster seed-service name here for the seed list as it will
-	// resolve to the seed nodes. This obviates the need to update the
-	// cassandra.yaml whenever the seed nodes change.
-	seeds := []string{dc.GetSeedServiceName(), dc.GetAdditionalSeedsServiceName()}
-
-	graphEnabled := 0
-	solrEnabled := 0
-	sparkEnabled := 0
-
-	if dc.Spec.ServerType == "dse" && dc.Spec.DseWorkloads != nil {
-		if dc.Spec.DseWorkloads.AnalyticsEnabled {
-			sparkEnabled = 1
-		}
-		if dc.Spec.DseWorkloads.GraphEnabled {
-			graphEnabled = 1
-		}
-		if dc.Spec.DseWorkloads.SearchEnabled {
-			solrEnabled = 1
-		}
-	}
-
-	native := 0
-	nativeSSL := 0
-	internode := 0
-	internodeSSL := 0
-	if dc.IsNodePortEnabled() {
-		native = dc.Spec.Networking.NodePort.Native
-		nativeSSL = dc.Spec.Networking.NodePort.NativeSSL
-		internode = dc.Spec.Networking.NodePort.Internode
-		internodeSSL = dc.Spec.Networking.NodePort.InternodeSSL
-	}
-
-	modelValues := serverconfig.GetModelValues(
-		seeds,
-		dc.Spec.ClusterName,
-		dc.DatacenterName(),
-		graphEnabled,
-		solrEnabled,
-		sparkEnabled,
-		native,
-		nativeSSL,
-		internode,
-		internodeSSL)
-
-	var modelBytes []byte
-
-	modelBytes, err := json.Marshal(modelValues)
-	if err != nil {
-		return "", err
-	}
-
-	// Combine the model values with the user-specified values
-	modelParsed, err := gabs.ParseJSON(modelBytes)
-	if err != nil {
-		return "", errors.Wrap(err, "Model information for CassandraDatacenter resource was not properly configured")
-	}
-
-	if config != nil {
-		configParsed, err := gabs.ParseJSON(config)
-		if err != nil {
-			return "", errors.Wrap(err, "Error parsing Spec.Config for CassandraDatacenter resource")
-		}
-
-		if err := modelParsed.Merge(configParsed); err != nil {
-			return "", errors.Wrap(err, "Error merging Spec.Config for CassandraDatacenter resource")
-		}
-	}
-
-	return modelParsed.String(), nil
-}
-
 // GetNodePortNativePort
 // Gets the defined CQL port for NodePort.
 // 0 will be returned if NodePort is not configured.
@@ -951,37 +874,6 @@ func (dc *CassandraDatacenter) DeploymentSupportsFQL() bool {
 	return true
 }
 
-func (dc *CassandraDatacenter) LegacyInternodeEnabled() bool {
-	config, err := gabs.ParseJSON(dc.Spec.Config)
-	if err != nil {
-		return false
-	}
-
-	hasOldKeyStore := func(gobContainer map[string]*gabs.Container) bool {
-		if gobContainer == nil {
-			return false
-		}
-
-		if keystorePath, found := gobContainer["keystore"]; found {
-			if strings.TrimSpace(keystorePath.Data().(string)) == "/etc/encryption/node-keystore.jks" {
-				return true
-			}
-		}
-		return false
-	}
-
-	if config.Exists("cassandra-yaml", "client_encryption_options") || config.Exists("cassandra-yaml", "server_encryption_options") {
-		serverContainer := config.Path("cassandra-yaml.server_encryption_options").ChildrenMap()
-		clientContainer := config.Path("cassandra-yaml.client_encryption_options").ChildrenMap()
-
-		if hasOldKeyStore(clientContainer) || hasOldKeyStore(serverContainer) {
-			return true
-		}
-	}
-
-	return false
-}
-
 func SplitRacks(nodeCount, rackCount int) []int {
 	nodesPerRack, extraNodes := nodeCount/rackCount, nodeCount%rackCount