diff --git a/cmd/gendoc/main.go b/cmd/gendoc/main.go index d8dd3d62b..c6cb5b209 100644 --- a/cmd/gendoc/main.go +++ b/cmd/gendoc/main.go @@ -180,7 +180,7 @@ func walkDir(cleanRoot string, md map[string]*DocBlock) error { return nil } } - d, err := parser.ParseDir(fset, path, nil, parser.ParseComments) + d, err := parser.ParseDir(fset, path, nil, parser.ParseComments) //nolint:staticcheck // SA1019: deprecated but functional if err != nil { fmt.Println(err) return nil diff --git a/go.mod b/go.mod index 50f94764e..731455974 100644 --- a/go.mod +++ b/go.mod @@ -1,8 +1,6 @@ module github.com/openshift/insights-operator -go 1.24.6 - -toolchain go1.24.10 +go 1.25.0 require ( github.com/blang/semver/v4 v4.0.0 diff --git a/manifests/06-deployment.yaml b/manifests/06-deployment.yaml index b1858afd7..310ae3e98 100644 --- a/manifests/06-deployment.yaml +++ b/manifests/06-deployment.yaml @@ -33,75 +33,81 @@ spec: kubernetes.io/os: linux node-role.kubernetes.io/master: "" tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Exists - - effect: NoExecute - key: node.kubernetes.io/unreachable - operator: Exists - tolerationSeconds: 900 - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - tolerationSeconds: 900 + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 900 + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 900 volumes: - - emptyDir: {} - name: tmp - - name: snapshots - emptyDir: {} - #sizeLimit: 1Gi # bug https://bugzilla.redhat.com/show_bug.cgi?id=1713207 - - name: trusted-ca-bundle - configMap: - name: trusted-ca-bundle - optional: true - - name: service-ca-bundle - configMap: - name: service-ca-bundle - optional: true - - name: serving-cert - secret: - secretName: openshift-insights-serving-cert - optional: true - containers: - - name: insights-operator - securityContext: - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - image: quay.io/openshift/origin-insights-operator:latest - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /tmp + - emptyDir: {} name: tmp - name: snapshots - mountPath: /var/lib/insights-operator - - mountPath: /var/run/configmaps/trusted-ca-bundle - name: trusted-ca-bundle - readOnly: true - - mountPath: /var/run/configmaps/service-ca-bundle - name: service-ca-bundle - readOnly: true - - mountPath: /var/run/secrets/serving-cert - name: serving-cert - ports: - - containerPort: 8443 - name: metrics - resources: - requests: - cpu: 10m - memory: 54Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: RELEASE_VERSION - value: "0.0.1-snapshot" - args: - - start - - --config=/etc/insights-operator/server.yaml + emptyDir: {} + #sizeLimit: 1Gi # bug https://bugzilla.redhat.com/show_bug.cgi?id=1713207 + - name: trusted-ca-bundle + configMap: + name: trusted-ca-bundle + optional: true + - name: service-ca-bundle + configMap: + name: service-ca-bundle + optional: true + - name: serving-cert + secret: + secretName: openshift-insights-serving-cert + optional: true + containers: + - name: insights-operator + securityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + image: quay.io/openshift/origin-insights-operator:latest + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /tmp + name: tmp + - name: snapshots + mountPath: /var/lib/insights-operator + - mountPath: /var/run/configmaps/trusted-ca-bundle + name: trusted-ca-bundle + readOnly: true + - mountPath: /var/run/configmaps/service-ca-bundle + name: service-ca-bundle + readOnly: true + - mountPath: /var/run/secrets/serving-cert + name: serving-cert + ports: + - containerPort: 8443 + name: metrics + resources: + requests: + cpu: 10m + memory: 54Mi + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: RELEASE_VERSION + value: "0.0.1-snapshot" + - name: RELATED_IMAGE_INSIGHTS_RUNTIME_EXTRACTOR + value: quay.io/openshift/origin-insights-runtime-extractor:latest + - name: RELATED_IMAGE_INSIGHTS_RUNTIME_EXPORTER + value: quay.io/openshift/origin-insights-runtime-exporter:latest + - name: RELATED_IMAGE_KUBE_RBAC_PROXY + value: quay.io/openshift/origin-kube-rbac-proxy:latest + args: + - start + - --config=/etc/insights-operator/server.yaml diff --git a/manifests/10-insights-runtime-extractor.yaml b/manifests/10-insights-runtime-extractor.yaml deleted file mode 100644 index e6c07fdd7..000000000 --- a/manifests/10-insights-runtime-extractor.yaml +++ /dev/null @@ -1,130 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: insights-runtime-extractor - namespace: openshift-insights - annotations: - include.release.openshift.io/hypershift: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - capability.openshift.io/name: Insights - labels: - app.kubernetes.io/name: insights-runtime-extractor -spec: - selector: - matchLabels: - app.kubernetes.io/name: insights-runtime-extractor - updateStrategy: - rollingUpdate: - maxSurge: 0 - maxUnavailable: 33% - type: RollingUpdate - template: - metadata: - labels: - app.kubernetes.io/name: insights-runtime-extractor - annotations: - openshift.io/required-scc: insights-runtime-extractor-scc - target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' - kubectl.kubernetes.io/default-container: extractor - spec: - serviceAccountName: insights-runtime-extractor-sa - hostPID: true - # Deploy the insights-runtime-extractor only on Linux worker nodes - nodeSelector: - kubernetes.io/os: linux - priorityClassName: openshift-user-critical - containers: - - name: kube-rbac-proxy - image: quay.io/openshift/origin-kube-rbac-proxy:latest - args: - - '--secure-listen-address=:8443' - - '--upstream=http://127.0.0.1:8000' - - '--config-file=/etc/kube-rbac-proxy/config.yaml' - - '--tls-cert-file=/etc/tls/private/tls.crt' - - '--tls-private-key-file=/etc/tls/private/tls.key' - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /etc/tls/private - name: insights-runtime-extractor-tls - - mountPath: /etc/kube-rbac-proxy - name: kube-rbac-proxy-cm - securityContext: - privileged: false - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - runAsNonRoot: true - ports: - - name: https - containerPort: 8443 - protocol: TCP - resources: - requests: - cpu: 10m - memory: 100Mi - - name: exporter - image: quay.io/openshift/origin-insights-runtime-exporter:latest - imagePullPolicy: Always - volumeMounts: - - mountPath: /data - name: data-volume - securityContext: - privileged: false - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - resources: - requests: - cpu: 10m - memory: 200Mi - - name: extractor - image: quay.io/openshift/origin-insights-runtime-extractor:latest - imagePullPolicy: Always - env: - - name: CONTAINER_RUNTIME_ENDPOINT - value: unix:///crio.sock - livenessProbe: - exec: - command: - - crictl - - --timeout - - 10s - - info - periodSeconds: 30 - timeoutSeconds: 10 - resources: - requests: - cpu: 10m - memory: 200Mi - securityContext: - privileged: true - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - add: - - CAP_SYS_ADMIN - volumeMounts: - - mountPath: /crio.sock - name: crio-socket - - mountPath: /data - name: data-volume - volumes: - - name: crio-socket - hostPath: - path: /run/crio/crio.sock - type: Socket - - name: data-volume - emptyDir: {} - - name: kube-rbac-proxy-cm - configMap: - name: kube-rbac-proxy - - name: insights-runtime-extractor-tls - secret: - secretName: insights-runtime-extractor-tls \ No newline at end of file