From 1e82f919a9153adfe375438235083ea2af9e92a4 Mon Sep 17 00:00:00 2001 From: Ondrej Pokorny Date: Mon, 27 Apr 2026 14:23:06 +0200 Subject: [PATCH 1/4] feat: update go.mod golang version Update the golang version to 1.25 that is already used in the Insights Operator Dockerfile. Signed-off-by: Ondrej Pokorny --- go.mod | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 50f94764e..731455974 100644 --- a/go.mod +++ b/go.mod @@ -1,8 +1,6 @@ module github.com/openshift/insights-operator -go 1.24.6 - -toolchain go1.24.10 +go 1.25.0 require ( github.com/blang/semver/v4 v4.0.0 From 8549cf169dd7d7f59d9aa2d2575fb89097eb8f38 Mon Sep 17 00:00:00 2001 From: Ondrej Pokorny Date: Mon, 27 Apr 2026 14:23:41 +0200 Subject: [PATCH 2/4] fix: add linter exception for deprecated func This function is used to generate documentation and is deprecated since go 1.25, but still working. It is not a crutial function for the Insights Operator. Signed-off-by: Ondrej Pokorny --- cmd/gendoc/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/gendoc/main.go b/cmd/gendoc/main.go index d8dd3d62b..c6cb5b209 100644 --- a/cmd/gendoc/main.go +++ b/cmd/gendoc/main.go @@ -180,7 +180,7 @@ func walkDir(cleanRoot string, md map[string]*DocBlock) error { return nil } } - d, err := parser.ParseDir(fset, path, nil, parser.ParseComments) + d, err := parser.ParseDir(fset, path, nil, parser.ParseComments) //nolint:staticcheck // SA1019: deprecated but functional if err != nil { fmt.Println(err) return nil From 538f7462fe6ceda0028014d3c17f7511cb7f8ba3 Mon Sep 17 00:00:00 2001 From: Ondrej Pokorny Date: Tue, 28 Apr 2026 14:16:07 +0200 Subject: [PATCH 3/4] feat: remove runtime extractor manifests This commit removes runtime extractor manifests used by the CVO operator for deployment. Signed-off-by: Ondrej Pokorny --- manifests/10-insights-runtime-extractor.yaml | 130 ------------------- 1 file changed, 130 deletions(-) delete mode 100644 manifests/10-insights-runtime-extractor.yaml diff --git a/manifests/10-insights-runtime-extractor.yaml b/manifests/10-insights-runtime-extractor.yaml deleted file mode 100644 index e6c07fdd7..000000000 --- a/manifests/10-insights-runtime-extractor.yaml +++ /dev/null @@ -1,130 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: insights-runtime-extractor - namespace: openshift-insights - annotations: - include.release.openshift.io/hypershift: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - capability.openshift.io/name: Insights - labels: - app.kubernetes.io/name: insights-runtime-extractor -spec: - selector: - matchLabels: - app.kubernetes.io/name: insights-runtime-extractor - updateStrategy: - rollingUpdate: - maxSurge: 0 - maxUnavailable: 33% - type: RollingUpdate - template: - metadata: - labels: - app.kubernetes.io/name: insights-runtime-extractor - annotations: - openshift.io/required-scc: insights-runtime-extractor-scc - target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' - kubectl.kubernetes.io/default-container: extractor - spec: - serviceAccountName: insights-runtime-extractor-sa - hostPID: true - # Deploy the insights-runtime-extractor only on Linux worker nodes - nodeSelector: - kubernetes.io/os: linux - priorityClassName: openshift-user-critical - containers: - - name: kube-rbac-proxy - image: quay.io/openshift/origin-kube-rbac-proxy:latest - args: - - '--secure-listen-address=:8443' - - '--upstream=http://127.0.0.1:8000' - - '--config-file=/etc/kube-rbac-proxy/config.yaml' - - '--tls-cert-file=/etc/tls/private/tls.crt' - - '--tls-private-key-file=/etc/tls/private/tls.key' - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /etc/tls/private - name: insights-runtime-extractor-tls - - mountPath: /etc/kube-rbac-proxy - name: kube-rbac-proxy-cm - securityContext: - privileged: false - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - runAsNonRoot: true - ports: - - name: https - containerPort: 8443 - protocol: TCP - resources: - requests: - cpu: 10m - memory: 100Mi - - name: exporter - image: quay.io/openshift/origin-insights-runtime-exporter:latest - imagePullPolicy: Always - volumeMounts: - - mountPath: /data - name: data-volume - securityContext: - privileged: false - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - resources: - requests: - cpu: 10m - memory: 200Mi - - name: extractor - image: quay.io/openshift/origin-insights-runtime-extractor:latest - imagePullPolicy: Always - env: - - name: CONTAINER_RUNTIME_ENDPOINT - value: unix:///crio.sock - livenessProbe: - exec: - command: - - crictl - - --timeout - - 10s - - info - periodSeconds: 30 - timeoutSeconds: 10 - resources: - requests: - cpu: 10m - memory: 200Mi - securityContext: - privileged: true - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - add: - - CAP_SYS_ADMIN - volumeMounts: - - mountPath: /crio.sock - name: crio-socket - - mountPath: /data - name: data-volume - volumes: - - name: crio-socket - hostPath: - path: /run/crio/crio.sock - type: Socket - - name: data-volume - emptyDir: {} - - name: kube-rbac-proxy-cm - configMap: - name: kube-rbac-proxy - - name: insights-runtime-extractor-tls - secret: - secretName: insights-runtime-extractor-tls \ No newline at end of file From b31220e0da9c8696573cadc0008ab3f4562f7dd5 Mon Sep 17 00:00:00 2001 From: Ondrej Pokorny Date: Wed, 1 Apr 2026 14:35:06 +0200 Subject: [PATCH 4/4] feat(manifests): add ENVs for runtime-extractor Add required environment variables that should be populated by CVO operator with the images used to deploy runtime-extractor. Signed-off-by: Ondrej Pokorny --- manifests/06-deployment.yaml | 144 ++++++++++++++++++----------------- 1 file changed, 75 insertions(+), 69 deletions(-) diff --git a/manifests/06-deployment.yaml b/manifests/06-deployment.yaml index b1858afd7..310ae3e98 100644 --- a/manifests/06-deployment.yaml +++ b/manifests/06-deployment.yaml @@ -33,75 +33,81 @@ spec: kubernetes.io/os: linux node-role.kubernetes.io/master: "" tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Exists - - effect: NoExecute - key: node.kubernetes.io/unreachable - operator: Exists - tolerationSeconds: 900 - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - tolerationSeconds: 900 + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 900 + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 900 volumes: - - emptyDir: {} - name: tmp - - name: snapshots - emptyDir: {} - #sizeLimit: 1Gi # bug https://bugzilla.redhat.com/show_bug.cgi?id=1713207 - - name: trusted-ca-bundle - configMap: - name: trusted-ca-bundle - optional: true - - name: service-ca-bundle - configMap: - name: service-ca-bundle - optional: true - - name: serving-cert - secret: - secretName: openshift-insights-serving-cert - optional: true - containers: - - name: insights-operator - securityContext: - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - image: quay.io/openshift/origin-insights-operator:latest - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /tmp + - emptyDir: {} name: tmp - name: snapshots - mountPath: /var/lib/insights-operator - - mountPath: /var/run/configmaps/trusted-ca-bundle - name: trusted-ca-bundle - readOnly: true - - mountPath: /var/run/configmaps/service-ca-bundle - name: service-ca-bundle - readOnly: true - - mountPath: /var/run/secrets/serving-cert - name: serving-cert - ports: - - containerPort: 8443 - name: metrics - resources: - requests: - cpu: 10m - memory: 54Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: RELEASE_VERSION - value: "0.0.1-snapshot" - args: - - start - - --config=/etc/insights-operator/server.yaml + emptyDir: {} + #sizeLimit: 1Gi # bug https://bugzilla.redhat.com/show_bug.cgi?id=1713207 + - name: trusted-ca-bundle + configMap: + name: trusted-ca-bundle + optional: true + - name: service-ca-bundle + configMap: + name: service-ca-bundle + optional: true + - name: serving-cert + secret: + secretName: openshift-insights-serving-cert + optional: true + containers: + - name: insights-operator + securityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + image: quay.io/openshift/origin-insights-operator:latest + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /tmp + name: tmp + - name: snapshots + mountPath: /var/lib/insights-operator + - mountPath: /var/run/configmaps/trusted-ca-bundle + name: trusted-ca-bundle + readOnly: true + - mountPath: /var/run/configmaps/service-ca-bundle + name: service-ca-bundle + readOnly: true + - mountPath: /var/run/secrets/serving-cert + name: serving-cert + ports: + - containerPort: 8443 + name: metrics + resources: + requests: + cpu: 10m + memory: 54Mi + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: RELEASE_VERSION + value: "0.0.1-snapshot" + - name: RELATED_IMAGE_INSIGHTS_RUNTIME_EXTRACTOR + value: quay.io/openshift/origin-insights-runtime-extractor:latest + - name: RELATED_IMAGE_INSIGHTS_RUNTIME_EXPORTER + value: quay.io/openshift/origin-insights-runtime-exporter:latest + - name: RELATED_IMAGE_KUBE_RBAC_PROXY + value: quay.io/openshift/origin-kube-rbac-proxy:latest + args: + - start + - --config=/etc/insights-operator/server.yaml