diff --git a/bundle/manifests/argoproj.io_argocds.yaml b/bundle/manifests/argoproj.io_argocds.yaml index 4980e27b7e9..7cb0d2b4e0a 100644 --- a/bundle/manifests/argoproj.io_argocds.yaml +++ b/bundle/manifests/argoproj.io_argocds.yaml @@ -1325,6 +1325,15 @@ spec: description: Sharding contains the options for the Application Controller sharding configuration. properties: + algorithm: + description: DistributionAlgorithm determines what algorithm + will be used for distribution of shards. Valid options are + legacy, round-robin, and consistent-hashing + enum: + - legacy + - round-robin + - consistent-hashing + type: string clustersPerShard: description: ClustersPerShard defines the maximum number of clusters managed by each argocd shard @@ -1905,7 +1914,6 @@ spec: NetworkPolicy resources for this Argo CD instance. properties: enabled: - default: true description: |- Enabled defines whether NetworkPolicy resources should be created for this Argo CD instance. When enabled, the operator will reconcile NetworkPolicies for Argo CD components. @@ -2133,12 +2141,7 @@ spec: image: description: Image is the Argo CD Notifications image (optional) type: string - logLevel: - description: LogLevel describes the log level that should be used - by the argocd-notifications. Defaults to ArgoCDDefaultLogLevel - if not set. Valid options are debug,info, error, and warn. - type: string - logformat: + logFormat: description: LogFormat refers to the log format used by the argocd-notifications. Defaults to ArgoCDDefaultLogFormat if not configured. Valid options are text or json. @@ -2146,6 +2149,14 @@ spec: - text - json type: string + logLevel: + description: LogLevel describes the log level that should be used + by the argocd-notifications. Defaults to ArgoCDDefaultLogLevel + if not set. Valid options are debug,info, error, and warn. + type: string + logformat: + description: 'Deprecated: use LogFormat instead.' + type: string replicas: description: Replicas defines the number of replicas to run for notifications-controller @@ -8755,6 +8766,145 @@ spec: description: Version is the tag to use with the ArgoCD container image for all ArgoCD components. type: string + webhookSecrets: + description: |- + WebhookSecrets references Kubernetes Secrets that supply webhook credentials per provider. + The operator syncs values into argocd-secret under the keys Argo CD expects. + properties: + azureDevOps: + description: 'AzureDevOps: Secret key references for the Azure + DevOps webhook username and password (or PAT).' + properties: + passwordSecretRef: + description: PasswordSecretRef points to the key holding the + password or PAT. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + usernameSecretRef: + description: UsernameSecretRef points to the key holding the + username. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + x-kubernetes-validations: + - message: usernameSecretRef and passwordSecretRef must be set + together + rule: (has(self.usernameSecretRef) && has(self.passwordSecretRef)) + || (!has(self.usernameSecretRef) && !has(self.passwordSecretRef)) + bitbucket: + description: 'Bitbucket: Secret key reference for the Bitbucket + Cloud webhook UUID.' + properties: + webhookUUIDSecretRef: + description: WebhookUUIDSecretRef points to the key holding + the Bitbucket Cloud webhook UUID. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + bitbucketServer: + description: 'BitbucketServer: Secret key reference for the Bitbucket + Server webhook secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + Bitbucket Server webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + github: + description: 'GitHub: Secret key reference for the GitHub webhook + shared secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + GitHub webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + gitlab: + description: 'GitLab: Secret key reference for the GitLab webhook + shared secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + GitLab webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + gogs: + description: 'Gogs: Secret key reference for the Gogs webhook + shared secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + Gogs webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + type: object type: object status: description: ArgoCDStatus defines the observed state of ArgoCD @@ -9129,12 +9279,7 @@ spec: type: string description: Custom labels to pods deployed by the operator type: object - logLevel: - description: LogLevel describes the log level that should be used - by the ApplicationSet controller. Defaults to ArgoCDDefaultLogLevel - if not set. Valid options are debug,info, error, and warn. - type: string - logformat: + logFormat: description: LogFormat refers to the log format used by the ApplicationSet component. Defaults to ArgoCDDefaultLogFormat if not configured. Valid options are text or json. @@ -9142,6 +9287,14 @@ spec: - text - json type: string + logLevel: + description: LogLevel describes the log level that should be used + by the ApplicationSet controller. Defaults to ArgoCDDefaultLogLevel + if not set. Valid options are debug,info, error, and warn. + type: string + logformat: + description: 'Deprecated: use LogFormat instead.' + type: string resources: description: Resources defines the Compute Resources required by the container for ApplicationSet. @@ -11595,6 +11748,66 @@ spec: server to be used by the PrincAgentipal component. type: string type: object + resources: + description: Resources defines the Compute Resources required + by the container for the Argo CD Agent agent component. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This field depends on the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object tls: description: TLS defines the TLS options for the Agent component. properties: @@ -11865,6 +12078,66 @@ spec: the TLS certificate and key for the resource proxy. type: string type: object + resources: + description: Resources defines the Compute Resources required + by the container for the Argo CD Agent principal component. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This field depends on the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object server: description: Server defines the server options for the Principal component. @@ -11920,6 +12193,32 @@ spec: description: SecretName is The name of the secret containing the TLS certificate and key. type: string + tlsConfig: + description: TLS configuration for the Principal component. + properties: + cipherSuites: + items: + type: string + type: array + maxVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + minVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + type: object + x-kubernetes-validations: + - message: minVersion must be less than or equal to maxVersion + rule: '!has(self.minVersion) || !has(self.maxVersion) + || self.minVersion <= self.maxVersion' type: object type: object type: object @@ -11945,11 +12244,20 @@ spec: required: - content type: object + clusterDomain: + description: |- + ClusterDomain is the cluster domain suffix used for constructing service FQDNs. Defaults to "cluster.local". + The full FQDN will be: ..svc. + This is useful for clusters that use a different DNS suffix (e.g., "CLUSTER_ID.cluster.local", "edge.local"). + type: string cmdParams: additionalProperties: type: string - description: CmdParams specifies command-line parameters for the Argo - CD components. + description: |- + CmdParams specifies command-line parameters for the Argo CD components. + The only keys currently supported for this parameter are: + - controller.resource.health.persist + - applicationsetcontroller.enable.tokenref.strict.mode — when ApplicationSet-in-any-namespace is active, the operator defaults this to "true" type: object configManagementPlugins: description: 'Deprecated: ConfigManagementPlugins field is no longer @@ -13780,6 +14088,15 @@ spec: description: Sharding contains the options for the Application Controller sharding configuration. properties: + algorithm: + description: DistributionAlgorithm determines what algorithm + will be used for distribution of shards. Valid options are + legacy, round-robin, and consistent-hashing + enum: + - legacy + - round-robin + - consistent-hashing + type: string clustersPerShard: description: ClustersPerShard defines the maximum number of clusters managed by each argocd shard @@ -17893,6 +18210,32 @@ spec: More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object + tlsConfig: + description: TLS configuration for the Image Updater + properties: + cipherSuites: + items: + type: string + type: array + maxVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + minVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + type: object + x-kubernetes-validations: + - message: minVersion must be less than or equal to maxVersion + rule: '!has(self.minVersion) || !has(self.maxVersion) || self.minVersion + <= self.maxVersion' required: - enabled type: object @@ -18031,7 +18374,6 @@ spec: NetworkPolicy resources for this Argo CD instance. properties: enabled: - default: true description: |- Enabled defines whether NetworkPolicy resources are created for this Argo CD instance. When enabled, the operator will reconcile NetworkPolicies for Argo CD components. @@ -18259,12 +18601,7 @@ spec: image: description: Image is the Argo CD Notifications image (optional) type: string - logLevel: - description: LogLevel describes the log level that should be used - by the argocd-notifications. Defaults to ArgoCDDefaultLogLevel - if not set. Valid options are debug,info, error, and warn. - type: string - logformat: + logFormat: description: LogFormat refers to the log format used by the argocd-notifications. Defaults to ArgoCDDefaultLogFormat if not configured. Valid options are text or json. @@ -18272,6 +18609,14 @@ spec: - text - json type: string + logLevel: + description: LogLevel describes the log level that should be used + by the argocd-notifications. Defaults to ArgoCDDefaultLogLevel + if not set. Valid options are debug,info, error, and warn. + type: string + logformat: + description: 'Deprecated: use LogFormat instead.' + type: string replicas: description: Replicas defines the number of replicas to run for notifications-controller @@ -18654,6 +18999,33 @@ spec: More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object + tlsConfig: + description: TlsConfig defines the TLS configuration for the Redis + server + properties: + cipherSuites: + items: + type: string + type: array + maxVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + minVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + type: object + x-kubernetes-validations: + - message: minVersion must be less than or equal to maxVersion + rule: '!has(self.minVersion) || !has(self.maxVersion) || self.minVersion + <= self.maxVersion' version: description: Version is the Redis container image tag. type: string @@ -22238,6 +22610,32 @@ spec: x-kubernetes-map-type: atomic type: array type: object + tlsConfig: + description: TLS configuration for the repo server + properties: + cipherSuites: + items: + type: string + type: array + maxVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + minVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + type: object + x-kubernetes-validations: + - message: minVersion must be less than or equal to maxVersion + rule: '!has(self.minVersion) || !has(self.maxVersion) || self.minVersion + <= self.maxVersion' verifytls: description: VerifyTLS defines whether repo server API should be accessed using strict TLS validation @@ -27918,6 +28316,32 @@ spec: - name type: object type: array + tlsConfig: + description: TLS configuration for the Argo CD Server component + properties: + cipherSuites: + items: + type: string + type: array + maxVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + minVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + type: object + x-kubernetes-validations: + - message: minVersion must be less than or equal to maxVersion + rule: '!has(self.minVersion) || !has(self.maxVersion) || self.minVersion + <= self.maxVersion' volumeMounts: description: VolumeMounts adds volumeMounts to the Argo CD Server container. @@ -32216,6 +32640,149 @@ spec: description: Version is the tag to use with the ArgoCD container image for all ArgoCD components. type: string + webTerminalEnabled: + description: WebTerminalEnabled allows you to get a shell inside a + running pod just like you would with kubectl exec + type: boolean + webhookSecrets: + description: |- + WebhookSecrets references Kubernetes Secrets that supply webhook credentials per provider. + The operator syncs values into argocd-secret under the keys Argo CD expects. + properties: + azureDevOps: + description: 'AzureDevOps: Secret key references for the Azure + DevOps webhook username and password (or PAT).' + properties: + passwordSecretRef: + description: PasswordSecretRef points to the key holding the + password or PAT. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + usernameSecretRef: + description: UsernameSecretRef points to the key holding the + username. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + x-kubernetes-validations: + - message: usernameSecretRef and passwordSecretRef must be set + together + rule: (has(self.usernameSecretRef) && has(self.passwordSecretRef)) + || (!has(self.usernameSecretRef) && !has(self.passwordSecretRef)) + bitbucket: + description: 'Bitbucket: Secret key reference for the Bitbucket + Cloud webhook UUID.' + properties: + webhookUUIDSecretRef: + description: WebhookUUIDSecretRef points to the key holding + the Bitbucket Cloud webhook UUID. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + bitbucketServer: + description: 'BitbucketServer: Secret key reference for the Bitbucket + Server webhook secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + Bitbucket Server webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + github: + description: 'GitHub: Secret key reference for the GitHub webhook + shared secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + GitHub webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + gitlab: + description: 'GitLab: Secret key reference for the GitLab webhook + shared secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + GitLab webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + gogs: + description: 'Gogs: Secret key reference for the Gogs webhook + shared secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + Gogs webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + type: object type: object x-kubernetes-validations: - message: spec.sso and spec.oidcConfig cannot both be set diff --git a/bundle/manifests/gitops-operator.clusterserviceversion.yaml b/bundle/manifests/gitops-operator.clusterserviceversion.yaml index efd7cf4f3a1..8b5720eb5a1 100644 --- a/bundle/manifests/gitops-operator.clusterserviceversion.yaml +++ b/bundle/manifests/gitops-operator.clusterserviceversion.yaml @@ -190,7 +190,7 @@ metadata: capabilities: Deep Insights console.openshift.io/plugins: '["gitops-plugin"]' containerImage: quay.io/redhat-developer/gitops-operator - createdAt: "2026-04-24T14:56:46Z" + createdAt: "2026-05-21T11:46:26Z" description: Enables teams to adopt GitOps principles for managing cluster configurations and application delivery across hybrid multi-cluster Kubernetes environments. features.operators.openshift.io/disconnected: "true" @@ -589,6 +589,7 @@ spec: - apiGroups: - config.openshift.io resources: + - apiservers - authentications - clusterversions - ingresses diff --git a/cmd/main.go b/cmd/main.go index 32bbb1b4427..136d9baef0b 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -17,6 +17,7 @@ limitations under the License. package main import ( + "context" "crypto/tls" "flag" "fmt" @@ -46,6 +47,7 @@ import ( oauthv1 "github.com/openshift/api/oauth/v1" routev1 "github.com/openshift/api/route/v1" templatev1 "github.com/openshift/api/template/v1" + tlspkg "github.com/openshift/controller-runtime-common/pkg/tls" operatorsv1 "github.com/operator-framework/api/pkg/operators/v1" operatorsv1alpha1 "github.com/operator-framework/api/pkg/operators/v1alpha1" monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" @@ -131,6 +133,8 @@ func main() { flag.Parse() ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts))) + ctx, cancel := context.WithCancel(ctrl.SetupSignalHandler()) + defer cancel() if err := util.InspectCluster(); err != nil { setupLog.Info("unable to inspect cluster") @@ -142,15 +146,40 @@ func main() { } c.NextProtos = []string{"http/1.1"} } + + restConfig := ctrl.GetConfigOrDie() + // Register config.openshift.io APIs before creating bootstrap client + utilruntime.Must(configv1.Install(scheme)) + bootstrapClient, err := crclient.New(restConfig, crclient.Options{ + Scheme: scheme, + }) + if err != nil { + setupLog.Error(err, "unable to create bootstrap client") + os.Exit(1) + } + var profile configv1.TLSProfileSpec + profile, err = tlspkg.FetchAPIServerTLSProfile(ctx, bootstrapClient) + if err != nil { + setupLog.Error(err, "unable to fetch cluster TLS profile") + os.Exit(1) + } + tlsOpts := []func(*tls.Config){disableHTTP2} + tlsConfigFn, unsupported := tlspkg.NewTLSConfigFromProfile(profile) + if len(unsupported) > 0 { + setupLog.Info("TLS profile contains unsupported Go cipher suites", "ciphers", unsupported) + } + + tlsOpts = append(tlsOpts, tlsConfigFn) + webhookServerOptions := webhook.Options{ - TLSOpts: []func(config *tls.Config){disableHTTP2}, + TLSOpts: tlsOpts, Port: 9443, } webhookServer := webhook.NewServer(webhookServerOptions) metricsServerOptions := metricsserver.Options{ BindAddress: metricsAddr, - TLSOpts: []func(*tls.Config){disableHTTP2}, + TLSOpts: tlsOpts, FilterProvider: filters.WithAuthenticationAndAuthorization, } @@ -180,15 +209,35 @@ func main() { } } - mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), options) + mgr, err := ctrl.NewManager(restConfig, options) if err != nil { setupLog.Error(err, "unable to start manager") os.Exit(1) } + watcher := &tlspkg.SecurityProfileWatcher{ + Client: mgr.GetClient(), + InitialTLSProfileSpec: profile, + OnProfileChange: func(_ context.Context, oldProfile, newProfile configv1.TLSProfileSpec) { + if reflect.DeepEqual(oldProfile, newProfile) { + return + } + setupLog.Info("cluster TLS profile changed, restarting operator", + "oldProfileMinVersion", oldProfile.MinTLSVersion, + "newProfileMinVersion", newProfile.MinTLSVersion) + + cancel() + }, + } + + if err := watcher.SetupWithManager(mgr); err != nil { + setupLog.Error(err, "unable to setup TLS security profile watcher") + os.Exit(1) + } + var client crclient.Client if strings.ToLower(os.Getenv("MEMORY_OPTIMIZATION_ENABLED")) != "false" { - liveClient, err := crclient.New(ctrl.GetConfigOrDie(), crclient.Options{Scheme: mgr.GetScheme()}) + liveClient, err := crclient.New(restConfig, crclient.Options{Scheme: mgr.GetScheme()}) if err != nil { setupLog.Error(err, "unable to create live client") os.Exit(1) @@ -266,6 +315,10 @@ func main() { K8sClient: k8sClient, LocalUsers: argocdprovisioner.NewLocalUsersInfo(), FipsConfigChecker: argoutil.NewLinuxFipsConfigChecker(), + CentralTlsConfigProfile: argocdprovisioner.TlsConfigProfile{ + MinVersion: profile.MinTLSVersion, + Ciphers: profile.Ciphers, + }, }).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "Argo CD") os.Exit(1) @@ -314,7 +367,7 @@ func main() { } setupLog.Info("starting manager") - if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { + if err := mgr.Start(ctx); err != nil { setupLog.Error(err, "problem running manager") os.Exit(1) } diff --git a/config/crd/bases/argoproj.io_argocds.yaml b/config/crd/bases/argoproj.io_argocds.yaml index 56185f64d61..311e945405f 100644 --- a/config/crd/bases/argoproj.io_argocds.yaml +++ b/config/crd/bases/argoproj.io_argocds.yaml @@ -1314,6 +1314,15 @@ spec: description: Sharding contains the options for the Application Controller sharding configuration. properties: + algorithm: + description: DistributionAlgorithm determines what algorithm + will be used for distribution of shards. Valid options are + legacy, round-robin, and consistent-hashing + enum: + - legacy + - round-robin + - consistent-hashing + type: string clustersPerShard: description: ClustersPerShard defines the maximum number of clusters managed by each argocd shard @@ -1894,7 +1903,6 @@ spec: NetworkPolicy resources for this Argo CD instance. properties: enabled: - default: true description: |- Enabled defines whether NetworkPolicy resources should be created for this Argo CD instance. When enabled, the operator will reconcile NetworkPolicies for Argo CD components. @@ -2122,12 +2130,7 @@ spec: image: description: Image is the Argo CD Notifications image (optional) type: string - logLevel: - description: LogLevel describes the log level that should be used - by the argocd-notifications. Defaults to ArgoCDDefaultLogLevel - if not set. Valid options are debug,info, error, and warn. - type: string - logformat: + logFormat: description: LogFormat refers to the log format used by the argocd-notifications. Defaults to ArgoCDDefaultLogFormat if not configured. Valid options are text or json. @@ -2135,6 +2138,14 @@ spec: - text - json type: string + logLevel: + description: LogLevel describes the log level that should be used + by the argocd-notifications. Defaults to ArgoCDDefaultLogLevel + if not set. Valid options are debug,info, error, and warn. + type: string + logformat: + description: 'Deprecated: use LogFormat instead.' + type: string replicas: description: Replicas defines the number of replicas to run for notifications-controller @@ -8744,6 +8755,145 @@ spec: description: Version is the tag to use with the ArgoCD container image for all ArgoCD components. type: string + webhookSecrets: + description: |- + WebhookSecrets references Kubernetes Secrets that supply webhook credentials per provider. + The operator syncs values into argocd-secret under the keys Argo CD expects. + properties: + azureDevOps: + description: 'AzureDevOps: Secret key references for the Azure + DevOps webhook username and password (or PAT).' + properties: + passwordSecretRef: + description: PasswordSecretRef points to the key holding the + password or PAT. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + usernameSecretRef: + description: UsernameSecretRef points to the key holding the + username. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + x-kubernetes-validations: + - message: usernameSecretRef and passwordSecretRef must be set + together + rule: (has(self.usernameSecretRef) && has(self.passwordSecretRef)) + || (!has(self.usernameSecretRef) && !has(self.passwordSecretRef)) + bitbucket: + description: 'Bitbucket: Secret key reference for the Bitbucket + Cloud webhook UUID.' + properties: + webhookUUIDSecretRef: + description: WebhookUUIDSecretRef points to the key holding + the Bitbucket Cloud webhook UUID. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + bitbucketServer: + description: 'BitbucketServer: Secret key reference for the Bitbucket + Server webhook secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + Bitbucket Server webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + github: + description: 'GitHub: Secret key reference for the GitHub webhook + shared secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + GitHub webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + gitlab: + description: 'GitLab: Secret key reference for the GitLab webhook + shared secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + GitLab webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + gogs: + description: 'Gogs: Secret key reference for the Gogs webhook + shared secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + Gogs webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + type: object type: object status: description: ArgoCDStatus defines the observed state of ArgoCD @@ -9118,12 +9268,7 @@ spec: type: string description: Custom labels to pods deployed by the operator type: object - logLevel: - description: LogLevel describes the log level that should be used - by the ApplicationSet controller. Defaults to ArgoCDDefaultLogLevel - if not set. Valid options are debug,info, error, and warn. - type: string - logformat: + logFormat: description: LogFormat refers to the log format used by the ApplicationSet component. Defaults to ArgoCDDefaultLogFormat if not configured. Valid options are text or json. @@ -9131,6 +9276,14 @@ spec: - text - json type: string + logLevel: + description: LogLevel describes the log level that should be used + by the ApplicationSet controller. Defaults to ArgoCDDefaultLogLevel + if not set. Valid options are debug,info, error, and warn. + type: string + logformat: + description: 'Deprecated: use LogFormat instead.' + type: string resources: description: Resources defines the Compute Resources required by the container for ApplicationSet. @@ -11584,6 +11737,66 @@ spec: server to be used by the PrincAgentipal component. type: string type: object + resources: + description: Resources defines the Compute Resources required + by the container for the Argo CD Agent agent component. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This field depends on the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object tls: description: TLS defines the TLS options for the Agent component. properties: @@ -11854,6 +12067,66 @@ spec: the TLS certificate and key for the resource proxy. type: string type: object + resources: + description: Resources defines the Compute Resources required + by the container for the Argo CD Agent principal component. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This field depends on the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object server: description: Server defines the server options for the Principal component. @@ -11909,6 +12182,32 @@ spec: description: SecretName is The name of the secret containing the TLS certificate and key. type: string + tlsConfig: + description: TLS configuration for the Principal component. + properties: + cipherSuites: + items: + type: string + type: array + maxVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + minVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + type: object + x-kubernetes-validations: + - message: minVersion must be less than or equal to maxVersion + rule: '!has(self.minVersion) || !has(self.maxVersion) + || self.minVersion <= self.maxVersion' type: object type: object type: object @@ -11934,11 +12233,20 @@ spec: required: - content type: object + clusterDomain: + description: |- + ClusterDomain is the cluster domain suffix used for constructing service FQDNs. Defaults to "cluster.local". + The full FQDN will be: ..svc. + This is useful for clusters that use a different DNS suffix (e.g., "CLUSTER_ID.cluster.local", "edge.local"). + type: string cmdParams: additionalProperties: type: string - description: CmdParams specifies command-line parameters for the Argo - CD components. + description: |- + CmdParams specifies command-line parameters for the Argo CD components. + The only keys currently supported for this parameter are: + - controller.resource.health.persist + - applicationsetcontroller.enable.tokenref.strict.mode — when ApplicationSet-in-any-namespace is active, the operator defaults this to "true" type: object configManagementPlugins: description: 'Deprecated: ConfigManagementPlugins field is no longer @@ -13769,6 +14077,15 @@ spec: description: Sharding contains the options for the Application Controller sharding configuration. properties: + algorithm: + description: DistributionAlgorithm determines what algorithm + will be used for distribution of shards. Valid options are + legacy, round-robin, and consistent-hashing + enum: + - legacy + - round-robin + - consistent-hashing + type: string clustersPerShard: description: ClustersPerShard defines the maximum number of clusters managed by each argocd shard @@ -17882,6 +18199,32 @@ spec: More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object + tlsConfig: + description: TLS configuration for the Image Updater + properties: + cipherSuites: + items: + type: string + type: array + maxVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + minVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + type: object + x-kubernetes-validations: + - message: minVersion must be less than or equal to maxVersion + rule: '!has(self.minVersion) || !has(self.maxVersion) || self.minVersion + <= self.maxVersion' required: - enabled type: object @@ -18020,7 +18363,6 @@ spec: NetworkPolicy resources for this Argo CD instance. properties: enabled: - default: true description: |- Enabled defines whether NetworkPolicy resources are created for this Argo CD instance. When enabled, the operator will reconcile NetworkPolicies for Argo CD components. @@ -18248,12 +18590,7 @@ spec: image: description: Image is the Argo CD Notifications image (optional) type: string - logLevel: - description: LogLevel describes the log level that should be used - by the argocd-notifications. Defaults to ArgoCDDefaultLogLevel - if not set. Valid options are debug,info, error, and warn. - type: string - logformat: + logFormat: description: LogFormat refers to the log format used by the argocd-notifications. Defaults to ArgoCDDefaultLogFormat if not configured. Valid options are text or json. @@ -18261,6 +18598,14 @@ spec: - text - json type: string + logLevel: + description: LogLevel describes the log level that should be used + by the argocd-notifications. Defaults to ArgoCDDefaultLogLevel + if not set. Valid options are debug,info, error, and warn. + type: string + logformat: + description: 'Deprecated: use LogFormat instead.' + type: string replicas: description: Replicas defines the number of replicas to run for notifications-controller @@ -18643,6 +18988,33 @@ spec: More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object + tlsConfig: + description: TlsConfig defines the TLS configuration for the Redis + server + properties: + cipherSuites: + items: + type: string + type: array + maxVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + minVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + type: object + x-kubernetes-validations: + - message: minVersion must be less than or equal to maxVersion + rule: '!has(self.minVersion) || !has(self.maxVersion) || self.minVersion + <= self.maxVersion' version: description: Version is the Redis container image tag. type: string @@ -22227,6 +22599,32 @@ spec: x-kubernetes-map-type: atomic type: array type: object + tlsConfig: + description: TLS configuration for the repo server + properties: + cipherSuites: + items: + type: string + type: array + maxVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + minVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + type: object + x-kubernetes-validations: + - message: minVersion must be less than or equal to maxVersion + rule: '!has(self.minVersion) || !has(self.maxVersion) || self.minVersion + <= self.maxVersion' verifytls: description: VerifyTLS defines whether repo server API should be accessed using strict TLS validation @@ -27907,6 +28305,32 @@ spec: - name type: object type: array + tlsConfig: + description: TLS configuration for the Argo CD Server component + properties: + cipherSuites: + items: + type: string + type: array + maxVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + minVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + type: object + x-kubernetes-validations: + - message: minVersion must be less than or equal to maxVersion + rule: '!has(self.minVersion) || !has(self.maxVersion) || self.minVersion + <= self.maxVersion' volumeMounts: description: VolumeMounts adds volumeMounts to the Argo CD Server container. @@ -32205,6 +32629,149 @@ spec: description: Version is the tag to use with the ArgoCD container image for all ArgoCD components. type: string + webTerminalEnabled: + description: WebTerminalEnabled allows you to get a shell inside a + running pod just like you would with kubectl exec + type: boolean + webhookSecrets: + description: |- + WebhookSecrets references Kubernetes Secrets that supply webhook credentials per provider. + The operator syncs values into argocd-secret under the keys Argo CD expects. + properties: + azureDevOps: + description: 'AzureDevOps: Secret key references for the Azure + DevOps webhook username and password (or PAT).' + properties: + passwordSecretRef: + description: PasswordSecretRef points to the key holding the + password or PAT. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + usernameSecretRef: + description: UsernameSecretRef points to the key holding the + username. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + x-kubernetes-validations: + - message: usernameSecretRef and passwordSecretRef must be set + together + rule: (has(self.usernameSecretRef) && has(self.passwordSecretRef)) + || (!has(self.usernameSecretRef) && !has(self.passwordSecretRef)) + bitbucket: + description: 'Bitbucket: Secret key reference for the Bitbucket + Cloud webhook UUID.' + properties: + webhookUUIDSecretRef: + description: WebhookUUIDSecretRef points to the key holding + the Bitbucket Cloud webhook UUID. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + bitbucketServer: + description: 'BitbucketServer: Secret key reference for the Bitbucket + Server webhook secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + Bitbucket Server webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + github: + description: 'GitHub: Secret key reference for the GitHub webhook + shared secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + GitHub webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + gitlab: + description: 'GitLab: Secret key reference for the GitLab webhook + shared secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + GitLab webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + gogs: + description: 'Gogs: Secret key reference for the Gogs webhook + shared secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + Gogs webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + type: object type: object x-kubernetes-validations: - message: spec.sso and spec.oidcConfig cannot both be set diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 40d7350a8b5..5f74f5f68ce 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -223,6 +223,7 @@ rules: - apiGroups: - config.openshift.io resources: + - apiservers - authentications - clusterversions - ingresses diff --git a/controllers/argocd_metrics_controller.go b/controllers/argocd_metrics_controller.go index 0b352c61cb8..5cbaeb34a93 100644 --- a/controllers/argocd_metrics_controller.go +++ b/controllers/argocd_metrics_controller.go @@ -397,8 +397,8 @@ func (r *ArgoCDMetricsReconciler) reconcileOperatorMetricsServiceMonitor(reqLogg return nil } - if existingServiceMonitor.Spec.Endpoints[0].TLSConfig.ServerName != desiredMetricsServerName { - existingServiceMonitor.Spec.Endpoints[0].TLSConfig.ServerName = desiredMetricsServerName + if existingServiceMonitor.Spec.Endpoints[0].TLSConfig.ServerName != &desiredMetricsServerName { + existingServiceMonitor.Spec.Endpoints[0].TLSConfig.ServerName = &desiredMetricsServerName return r.Client.Update(context.TODO(), existingServiceMonitor) } diff --git a/controllers/gitopsservice_controller.go b/controllers/gitopsservice_controller.go index bf8d602bb9c..18e18d16f2c 100644 --- a/controllers/gitopsservice_controller.go +++ b/controllers/gitopsservice_controller.go @@ -209,6 +209,7 @@ type ReconcileGitopsService struct { //+kubebuilder:rbac:groups="apiregistration.k8s.io",resources="apiservices",verbs=get;list //+kubebuilder:rbac:groups="argoproj.io",resources=namespacemanagements;namespacemanagements/status,verbs=create;get;list;watch;update;patch;delete;deletecollection //+kubebuilder:rbac:groups="config.openshift.io",resources=ingresses,verbs=get;list;watch +//+kubebuilder:rbac:groups=config.openshift.io,resources=apiservers,verbs=get;list;watch // Reconcile reads that state of the cluster for a GitopsService object and makes changes based on the state read // and what is in the GitopsService.Spec diff --git a/go.mod b/go.mod index 1e7e574311e..c0a6f9ec0e6 100644 --- a/go.mod +++ b/go.mod @@ -15,9 +15,10 @@ require ( github.com/hashicorp/go-version v1.7.0 github.com/onsi/ginkgo/v2 v2.28.1 github.com/onsi/gomega v1.39.1 - github.com/openshift/api v0.0.0-20240906151052-5d963dce87aa + github.com/openshift/api v0.0.0-20260317165824-54a3998d81eb + github.com/openshift/controller-runtime-common v0.0.0-20260428152732-64ee174f5e2e github.com/operator-framework/api v0.17.5 - github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.73.2 + github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.74.0 github.com/stretchr/testify v1.11.1 go.uber.org/zap v1.27.1 golang.org/x/mod v0.34.0 @@ -28,7 +29,7 @@ require ( k8s.io/apimachinery v0.35.2 k8s.io/client-go v0.35.2 k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 - sigs.k8s.io/controller-runtime v0.23.1 + sigs.k8s.io/controller-runtime v0.23.3 sigs.k8s.io/yaml v1.6.0 ) @@ -129,6 +130,7 @@ require ( github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.1 // indirect + github.com/openshift/library-go v0.0.0-20260213153706-03f1709971c5 // indirect github.com/patrickmn/go-cache v2.1.1-0.20191004192108-46f407853014+incompatible // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pjbgf/sha1cd v0.3.2 // indirect diff --git a/go.sum b/go.sum index e4563ee0e5a..920132f2abf 100644 --- a/go.sum +++ b/go.sum @@ -362,8 +362,12 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M= -github.com/openshift/api v0.0.0-20240906151052-5d963dce87aa h1:RMI6Xa+l8KriyoxsRO/swMDPyCwrxJNA9H67K0Jod/w= -github.com/openshift/api v0.0.0-20240906151052-5d963dce87aa/go.mod h1:yimSGmjsI+XF1mr+AKBs2//fSXIOhhetHGbMlBEfXbs= +github.com/openshift/api v0.0.0-20260317165824-54a3998d81eb h1:iwBR3mzmyE3EMFx7R3CQ9lOccTS0dNht8TW82aGITg0= +github.com/openshift/api v0.0.0-20260317165824-54a3998d81eb/go.mod h1:pyVjK0nZ4sRs4fuQVQ4rubsJdahI1PB94LnQ8sGdvxo= +github.com/openshift/controller-runtime-common v0.0.0-20260428152732-64ee174f5e2e h1:k89oIo2EjX0PRSdi1kesktCyWp50SC9WwKurvupvRGs= +github.com/openshift/controller-runtime-common v0.0.0-20260428152732-64ee174f5e2e/go.mod h1:XGabTMnNbz0M5Oa7IbscZp/jmcc7aHobvOCUWwkzKvM= +github.com/openshift/library-go v0.0.0-20260213153706-03f1709971c5 h1:9Pe6iVOMjt9CdA/vaKBNUSoEIjIe1po5Ha3ABRYXLJI= +github.com/openshift/library-go v0.0.0-20260213153706-03f1709971c5/go.mod h1:K3FoNLgNBFYbFuG+Kr8usAnQxj1w84XogyUp2M8rK8k= github.com/operator-framework/api v0.17.5 h1:9d0pc6m1Vp4QeS8i5dhl/B0nifhKQdtw+iFsNx0An0Q= github.com/operator-framework/api v0.17.5/go.mod h1:l/cuwtPxkVUY7fzYgdust2m9tlmb8I4pOvbsUufRb24= github.com/patrickmn/go-cache v2.1.1-0.20191004192108-46f407853014+incompatible h1:IWzUvJ72xMjmrjR9q3H1PF+jwdN0uNQiR2t1BLNalyo= @@ -379,8 +383,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.73.2 h1:GwlGJPK6vf1UIohpc72KJVkKYlzki1UgE3xC4bWbf20= -github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.73.2/go.mod h1:yJ3CawR/A5qEYFEeCOUVYLTwYxmacfHQhJS+b/2QiaM= +github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.74.0 h1:AHzMWDxNiAVscJL6+4wkvFRTpMnJqiaZFEKA/osaBXE= +github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.74.0/go.mod h1:wAR5JopumPtAZnu0Cjv2PSqV4p4QB09LMhc6fZZTXuA= github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o= github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -703,8 +707,8 @@ oras.land/oras-go/v2 v2.6.0 h1:X4ELRsiGkrbeox69+9tzTu492FMUu7zJQW6eJU+I2oc= oras.land/oras-go/v2 v2.6.0/go.mod h1:magiQDfG6H1O9APp+rOsvCPcW1GD2MM7vgnKY0Y+u1o= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.33.0 h1:qPrZsv1cwQiFeieFlRqT627fVZ+tyfou/+S5S0H5ua0= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.33.0/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= -sigs.k8s.io/controller-runtime v0.23.1 h1:TjJSM80Nf43Mg21+RCy3J70aj/W6KyvDtOlpKf+PupE= -sigs.k8s.io/controller-runtime v0.23.1/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= +sigs.k8s.io/controller-runtime v0.23.3 h1:VjB/vhoPoA9l1kEKZHBMnQF33tdCLQKJtydy4iqwZ80= +sigs.k8s.io/controller-runtime v0.23.3/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= sigs.k8s.io/gateway-api v1.5.0 h1:duoo14Ky/fJXpjpmyMISE2RTBGnfCg8zICfTYLTnBJA= sigs.k8s.io/gateway-api v1.5.0/go.mod h1:GvCETiaMAlLym5CovLxGjS0NysqFk3+Yuq3/rh6QL2o= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= diff --git a/test/openshift/e2e/ginkgo/parallel/1-104_validate_prometheus_alert_test.go b/test/openshift/e2e/ginkgo/parallel/1-104_validate_prometheus_alert_test.go index 85162b73db6..f2931d2b37a 100644 --- a/test/openshift/e2e/ginkgo/parallel/1-104_validate_prometheus_alert_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-104_validate_prometheus_alert_test.go @@ -35,7 +35,7 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { }, } Eventually(sm).Should(k8sFixture.ExistByName()) - + serverName := "openshift-gitops-operator-metrics-service.openshift-gitops-operator.svc" Expect(sm.Spec.Endpoints).To(Equal([]monitoringv1.Endpoint{{ BearerTokenSecret: &corev1.SecretKeySelector{ LocalObjectReference: corev1.LocalObjectReference{ @@ -57,7 +57,7 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { Key: "service-ca.crt", }, }, - ServerName: "openshift-gitops-operator-metrics-service.openshift-gitops-operator.svc", + ServerName: &serverName, }, }, }}))