V1.20

.gitignore

@@ -31,3 +31,4 @@ kuttl-test.json
 # ignore vendor
 vendor/
 .vscode/
+.DS_Store

Dockerfile

@@ -16,8 +16,9 @@ COPY controllers/ controllers/
 COPY common/ common/
 COPY version/ version/
 
-# Build
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o manager ./cmd/main.go
+# Build - Use TARGETARCH to build for the correct architecture
+ARG TARGETARCH
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} go build -a -o manager ./cmd/main.go
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details

Makefile

@@ -65,7 +65,8 @@ IMG ?= $(IMAGE):$(VERSION)
 # Set the Operator SDK version to use.
 # This is useful for CI or a project to utilize a specific version of the operator-sdk toolkit.
 OPERATOR_SDK_VERSION ?= v1.35.0
-
+# Set the path to Operator SDK - OPERATOR_SDK_VERSION will be ignored.
+OPERATOR_SDK ?= bin/operator-sdk
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
@@ -131,19 +132,6 @@ test-e2e: manifests generate fmt vet ## Run e2e tests.
 test-metrics:
 	go test -timeout 30m ./test/e2e -ginkgo.focus="Argo CD metrics controller" -coverprofile cover.out -ginkgo.v
 
-.PHONY: operator-sdk
-OPERATOR_SDK ?= $(LOCALBIN)/operator-sdk
-operator-sdk: ## Download operator-sdk locally if necessary.
-ifeq (,$(wildcard $(OPERATOR_SDK)))
-	@{ \
-	set -e ;\
-	mkdir -p $(dir $(OPERATOR_SDK)) ;\
-	OS=$(shell go env GOOS) && ARCH=$(shell go env GOARCH) && \
-	curl -sSLo $(OPERATOR_SDK) https://github.com/operator-framework/operator-sdk/releases/download/$(OPERATOR_SDK_VERSION)/operator-sdk_$${OS}_$${ARCH} ;\
-	chmod +x $(OPERATOR_SDK) ;\
-	}
-endif
-
 .PHONY: test-route
 test-route:
 	go test -timeout 30m ./test/e2e -ginkgo.focus="Argo CD ConsoleLink controller" -coverprofile cover.out -ginkgo.v
@@ -164,44 +152,25 @@ test: manifests generate fmt vet ## Run unit tests.
 
 
 .PHONY: e2e-tests-ginkgo
-e2e-tests-ginkgo: e2e-tests-sequential-ginkgo e2e-tests-parallel-ginkgo  ## Runs kuttl e2e sequential and parallel tests
+e2e-tests-ginkgo: e2e-tests-sequential-ginkgo e2e-tests-parallel-ginkgo  ## Runs Ginkgo e2e sequential and parallel tests
 
 .PHONY: e2e-tests-sequential-ginkgo
-e2e-tests-sequential-ginkgo: ginkgo ## Runs kuttl e2e sequential tests
+e2e-tests-sequential-ginkgo: ginkgo ## Runs Ginkgo e2e sequential tests
 	@echo "Running GitOps Operator sequential Ginkgo E2E tests..."
-	$(GINKGO_CLI) -v --trace --timeout 210m -r ./test/openshift/e2e/ginkgo/sequential
+	$(GINKGO_CLI) -v --trace --timeout 240m -r ./test/openshift/e2e/ginkgo/sequential
 
-.PHONY: e2e-tests-parallel-ginkgo ## Runs kuttl e2e parallel tests, (Defaults to 5 runs at a time)
+.PHONY: e2e-tests-parallel-ginkgo ## Runs Ginkgo e2e parallel tests, (Defaults to 5 runs at a time)
 e2e-tests-parallel-ginkgo: ginkgo
 	@echo "Running GitOps Operator parallel Ginkgo E2E tests..."
 	$(GINKGO_CLI) -p -v -procs=5 --trace --timeout 60m -r ./test/openshift/e2e/ginkgo/parallel
 
 .PHONY: e2e-tests-sequential
 e2e-tests-sequential:
-	CI=prow make e2e-tests-sequential-ginkgo ## Runs kuttl e2e sequentail tests
-#	@echo "Running GitOps Operator sequential E2E tests..."
-#	. ./scripts/run-kuttl-tests.sh  sequential
+	CI=prow make e2e-tests-sequential-ginkgo ## Runs Ginkgo e2e sequential tests
 
-.PHONY: e2e-tests-parallel ## Runs kuttl e2e parallel tests, (Defaults to 5 runs at a time)
+.PHONY: e2e-tests-parallel ## Runs Ginkgo e2e parallel tests, (Defaults to 5 runs at a time)
 e2e-tests-parallel:
 	CI=prow make e2e-tests-parallel-ginkgo
-	# @echo "Running GitOps Operator parallel E2E tests..."
-	# . ./scripts/run-kuttl-tests.sh  parallel
-
-.PHONY: e2e-non-olm-tests-sequential
-e2e-non-olm-tests-sequential: ## Runs kuttl non-olm e2e sequentail tests
-	@echo "Running Non-OLM GitOps Operator sequential E2E tests..."
-	. ./hack/scripts/run-non-olm-kuttl-test.sh -t sequential
-
-.PHONY: e2e-non-olm-tests-parallel ## Runs kuttl non-olm e2e parallel tests, (Defaults to 5 runs at a time)
-e2e-non-olm-tests-parallel:
-	@echo "Running Non-OLM GitOps Operator parallel E2E tests..."
-	. ./hack/scripts/run-non-olm-kuttl-test.sh -t parallel
-
-.PHONY: e2e-non-olm-tests-all ## Runs kuttl non-olm e2e parallel tests, (Defaults to 5 runs at a time)
-e2e-non-olm-tests-all:
-	@echo "Running Non-OLM GitOps Operator E2E tests..."
-	. ./hack/scripts/run-non-olm-kuttl-test.sh -t all
 
 ##@ Build
 
@@ -211,7 +180,7 @@ build: generate fmt vet ## Build manager binary.
 
 .PHONY: run
 run: manifests generate fmt vet ## Run a controller from your host.
-	CLUSTER_SCOPED_ARGO_ROLLOUTS_NAMESPACES=argo-rollouts,test-rom-ns-1,rom-ns-1,openshift-gitops  ARGOCD_CLUSTER_CONFIG_NAMESPACES="openshift-gitops, argocd-e2e-cluster-config, argocd-test-impersonation-1-046, argocd-agent-principal-1-051, argocd-agent-agent-1-052, appset-argocd, appset-old-ns, appset-new-ns, ns-hosting-principal, ns-hosting-managed-agent, ns-hosting-autonomous-agent"  REDIS_CONFIG_PATH="build/redis"   go run ./cmd/main.go
+	CLUSTER_SCOPED_ARGO_ROLLOUTS_NAMESPACES=argo-rollouts,test-rom-ns-1,rom-ns-1,openshift-gitops  ARGOCD_CLUSTER_CONFIG_NAMESPACES="openshift-gitops, argocd-e2e-cluster-config, argocd-test-impersonation-1-046, argocd-agent-principal-1-051, argocd-agent-agent-1-052, appset-argocd, appset-old-ns, appset-new-ns, ns-hosting-principal, ns-hosting-managed-agent, ns-hosting-autonomous-agent, appset-argocd-clusterrole"  REDIS_CONFIG_PATH="build/redis"   go run ./cmd/main.go
 
 .PHONY: docker-build
 docker-build: test ## Build container image with the manager.
@@ -223,27 +192,17 @@ docker-push: ## Push container image with the manager.
 
 ##@ Build Dependencies
 
-## Location to install dependencies to
-LOCALBIN ?= $(shell pwd)/bin
-$(LOCALBIN):
-	mkdir -p $(LOCALBIN)
+# Do not use OPERATOR_SDK variable not to overwrite the user provided path
+bin/operator-sdk:
+	mkdir -p bin
+	curl -sSLo bin/operator-sdk \
+		https://github.com/operator-framework/operator-sdk/releases/download/$(OPERATOR_SDK_VERSION)/operator-sdk_$(shell go env GOOS)_$(shell go env GOARCH)
+	chmod +x bin/operator-sdk
 
+# Install to bin/operator-sdk unless already there or explicit OPERATOR_SDK provided
 .PHONY: operator-sdk
-OPERATOR_SDK ?= $(LOCALBIN)/operator-sdk
-operator-sdk: ## Download operator-sdk locally if necessary.
-ifeq (,$(wildcard $(OPERATOR_SDK)))
-ifeq (,$(shell which operator-sdk 2>/dev/null))
-	@{ \
-	set -e ;\
-	mkdir -p $(dir $(OPERATOR_SDK)) ;\
-	OS=$(shell go env GOOS) && ARCH=$(shell go env GOARCH) && \
-	curl -sSLo $(OPERATOR_SDK) https://github.com/operator-framework/operator-sdk/releases/download/$(OPERATOR_SDK_VERSION)/operator-sdk_$${OS}_$${ARCH} ;\
-	chmod +x $(OPERATOR_SDK) ;\
-	}
-else
-OPERATOR_SDK = $(shell which operator-sdk)
-endif
-endif
+operator-sdk: $(OPERATOR_SDK)
+	@$(OPERATOR_SDK) version
 
 ifndef ignore-not-found
   ignore-not-found = false
@@ -271,6 +230,10 @@ deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in
 undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config.
 	$(KUSTOMIZE) build config/default | kubectl delete --ignore-not-found=true -f -
 
+.PHONY: olm-deploy
+olm-deploy: ## Build the operator bundle and deploy it to OpenShift through OLM
+	./hack/scripts/olm-deploy.sh
+
 CONTROLLER_GEN = $(shell pwd)/bin/controller-gen
 .PHONY: controller-gen
 controller-gen: ## Download controller-gen locally if necessary.
@@ -368,7 +331,7 @@ gosec: go_sec
 .PHONY: lint
 lint: golangci_lint
 	$(GOLANGCI_LINT) --version
-	GOMAXPROCS=2 $(GOLANGCI_LINT) run --fix --verbose --timeout 300s
+	$(GOLANGCI_LINT) run --fix --verbose --timeout 300s
 
 
 GO_SEC = $(shell pwd)/bin/gosec

build/redis/haproxy.cfg.tpl

@@ -24,7 +24,7 @@ backend check_if_redis_is_master_0
 {{- else}}
     tcp-check connect ssl
 {{- end}}
-    tcp-check send "AUTH replace-with-redis-auth"\r\n
+    tcp-check send "AUTH __REPLACE_DEFAULT_AUTH__"\r\n
     tcp-check expect string +OK
     tcp-check send PING\r\n
     tcp-check expect string +PONG
@@ -50,7 +50,7 @@ backend check_if_redis_is_master_1
 {{- else}}
     tcp-check connect ssl
 {{- end}}
-    tcp-check send "AUTH replace-with-redis-auth"\r\n
+    tcp-check send "AUTH __REPLACE_DEFAULT_AUTH__"\r\n
     tcp-check expect string +OK
     tcp-check send PING\r\n
     tcp-check expect string +PONG
@@ -76,7 +76,7 @@ backend check_if_redis_is_master_2
 {{- else}}
     tcp-check connect ssl
 {{- end}}
-    tcp-check send "AUTH replace-with-redis-auth"\r\n
+    tcp-check send "AUTH __REPLACE_DEFAULT_AUTH__"\r\n
     tcp-check expect string +OK
     tcp-check send PING\r\n
     tcp-check expect string +PONG
@@ -108,7 +108,7 @@ backend bk_redis_master
 {{- else}}
     tcp-check connect ssl
 {{- end}}
-    tcp-check send "AUTH replace-with-redis-auth"\r\n
+    tcp-check send "AUTH __REPLACE_DEFAULT_AUTH__"\r\n
     tcp-check expect string +OK
     tcp-check send PING\r\n
     tcp-check expect string +PONG

build/redis/haproxy_init.sh.tpl

@@ -33,6 +33,12 @@ if [ -z "$ANNOUNCE_IP2" ]; then
 fi
 sed -i "s/REPLACE_ANNOUNCE2/$ANNOUNCE_IP2/" "$HAPROXY_CONF"
 
-auth=$(cat /redis-initial-pass/admin.password)
-sed -i "s/replace-with-redis-auth/$auth/" "$HAPROXY_CONF"
+AUTH="$(cat /app/config/redis-auth/auth)"
+if [ -z "${AUTH}" ]; then
+    echo "Error: Redis password not mounted correctly"
+    exit 1
+fi
+echo "Setting redis auth values.."
+ESCAPED_AUTH=$(echo "${AUTH}" | sed -e 's/[\/&]/\\&/g');
+sed -i "s/__REPLACE_DEFAULT_AUTH__/${ESCAPED_AUTH}/" "$HAPROXY_CONF"
 

build/redis/init.sh.tpl

@@ -132,10 +132,15 @@ setup_defaults() {
 
 redis_ping() {
 set +e
+    AUTH="$(cat /app/config/redis-auth/auth)"
+    if [ -z "$AUTH" ]; then
+        echo "Error: Redis password not mounted correctly"
+        exit 1
+    fi
     if [ "$REDIS_PORT" -eq 0 ]; then
-        redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}"  --tls --cacert /app/config/redis/tls/tls.crt ping
+        env REDISCLI_AUTH="${AUTH}" redis-cli -h "${MASTER}" -p "${REDIS_TLS_PORT}" --tls --cacert /app/config/redis/tls/tls.crt ping
     else
-        redis-cli -h "${MASTER}"  -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" ping
+        env REDISCLI_AUTH="${AUTH}" redis-cli -h "${MASTER}" -p "${REDIS_PORT}" ping
     fi
 set -e
 }
@@ -170,7 +175,7 @@ find_master() {
         if [ "$SENTINEL_PORT" -eq 0 ]; then
             echo "  on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})"
             echo "  $(date).."
-            if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}"   --tls --cacert /app/config/redis/tls/tls.crt sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then
+            if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /app/config/redis/tls/tls.crt sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then
                 echo "  $(date) Failover returned with 'NOGOODSLAVE'"
                 echo "Setting defaults for this pod.."
                 setup_defaults
@@ -179,7 +184,7 @@ find_master() {
         else
             echo "  on sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})"
             echo "  $(date).."
-            if redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}"  sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then
+            if redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE'; then
                 echo "  $(date) Failover returned with 'NOGOODSLAVE'"
                 echo "Setting defaults for this pod.."
                 setup_defaults
@@ -252,16 +257,19 @@ else
     setup_defaults
 fi
 
-if [ "${AUTH:-}" ]; then
-    echo "Setting redis auth values.."
-    ESCAPED_AUTH=$(echo "${AUTH}" | sed -e 's/[\/&]/\\&/g');
-    sed -i "s/replace-default-auth/${ESCAPED_AUTH}/" "${REDIS_CONF}" "${SENTINEL_CONF}"
+AUTH="$(cat /app/config/redis-auth/auth)"
+if [ -z "${AUTH}" ]; then
+    echo "Error: Redis password not mounted correctly"
+    exit 1
 fi
+echo "Setting redis auth values.."
+ESCAPED_AUTH=$(echo "${AUTH}" | sed -e 's/[\/&]/\\&/g');
+sed -i "s/__REPLACE_DEFAULT_AUTH__/${ESCAPED_AUTH}/" "${REDIS_CONF}" "${SENTINEL_CONF}"
 
 if [ "${SENTINELAUTH:-}" ]; then
     echo "Setting sentinel auth values"
     ESCAPED_AUTH_SENTINEL=$(echo "$SENTINELAUTH" | sed -e 's/[\/&]/\\&/g');
-    sed -i "s/replace-default-sentinel-auth/${ESCAPED_AUTH_SENTINEL}/" "$SENTINEL_CONF"
+    sed -i "s/__REPLACE_DEFAULT_SENTINEL_AUTH__/${ESCAPED_AUTH_SENTINEL}/" "$SENTINEL_CONF"
 fi
 
 echo "$(date) Ready..."

build/redis/redis.conf.tpl

@@ -20,7 +20,4 @@ rdbcompression yes
 repl-diskless-sync yes
 save ""
 protected-mode no
-requirepass replace-default-auth
-masterauth replace-default-auth
-
-
+aclfile /app/config/redis-auth/users.acl

build/redis/redis_liveness.sh.tpl

@@ -1,6 +1,10 @@
+redis_pwd="$(cat /app/config/redis-auth/auth)"
+if [ -z "$redis_pwd" ]; then
+    echo "Error: Redis password not mounted correctly"
+    exit 1
+fi
 response=$(
-  redis-cli \
-    -a "${AUTH}" --no-auth-warning \
+  env REDISCLI_AUTH="${redis_pwd}" redis-cli \
     -h localhost \
     -p 6379 \
 {{- if eq .UseTLS "true"}}

build/redis/redis_readiness.sh.tpl

@@ -1,6 +1,10 @@
+redis_pwd="$(cat /app/config/redis-auth/auth)"
+if [ -z "$redis_pwd" ]; then
+    echo "Error: Redis password not mounted correctly"
+    exit 1
+fi
 response=$(
-  redis-cli \
-    -a "${AUTH}" --no-auth-warning \
+  env REDISCLI_AUTH="${redis_pwd}" redis-cli \
     -h localhost \
     -p 6379 \
 {{- if eq .UseTLS "true"}}
@@ -9,7 +13,7 @@ response=$(
 {{- end}}
     ping
 )
-if [ "$response" != "PONG" ] ; then
+if [ "$response" != "PONG" ]; then
   echo "$response"
   exit 1
 fi

build/redis/sentinel.conf.tpl

@@ -15,4 +15,4 @@ bind 0.0.0.0
     sentinel failover-timeout argocd 180000
     maxclients 10000
     sentinel parallel-syncs argocd 5
-    sentinel auth-pass argocd replace-default-auth
+    sentinel auth-pass argocd __REPLACE_DEFAULT_AUTH__