diff --git a/.env b/.env index e69b6f579..dc876ba03 100644 --- a/.env +++ b/.env @@ -1,9 +1,9 @@ -OPERATOR_SDK_VERSION=v1.28.1 -REVIEWERS=smohan-splunk,sgontla,gaurav-splunk,vivekr-splunk,kumarajeet +OPERATOR_SDK_VERSION=v1.31.0 +REVIEWERS=vivekr-splunk,akondur GO_VERSION=1.21.5 AWSCLI_URL=https://awscli.amazonaws.com/awscli-exe-linux-x86_64-2.8.6.zip -KUBECTL_VERSION=v1.28.0 +KUBECTL_VERSION=v1.29.1 AZ_CLI_VERSION=2.30.0 EKSCTL_VERSION=v0.143.0 -EKS_CLUSTER_K8_VERSION=1.26 +EKS_CLUSTER_K8_VERSION=1.27 SPLUNK_ENTERPRISE_RELEASE_IMAGE=splunk/splunk:9.1.2 diff --git a/.github/workflows/helm-test-workflow.yml b/.github/workflows/helm-test-workflow.yml index 31214afcd..9271ca640 100644 --- a/.github/workflows/helm-test-workflow.yml +++ b/.github/workflows/helm-test-workflow.yml @@ -5,8 +5,6 @@ on: - develop - main - feature** - - testing - - helm-2-5-fix jobs: build-operator-image: runs-on: ubuntu-latest diff --git a/.github/workflows/int-test-workflow.yml b/.github/workflows/int-test-workflow.yml index 04432c084..3ee2f4761 100644 --- a/.github/workflows/int-test-workflow.yml +++ b/.github/workflows/int-test-workflow.yml @@ -5,7 +5,6 @@ on: - develop - main - feature** - - testing jobs: build-operator-image: runs-on: ubuntu-latest diff --git a/bundle/manifests/splunk-operator.clusterserviceversion.yaml b/bundle/manifests/splunk-operator.clusterserviceversion.yaml index 60e390188..31a34c49f 100644 --- a/bundle/manifests/splunk-operator.clusterserviceversion.yaml +++ b/bundle/manifests/splunk-operator.clusterserviceversion.yaml @@ -111,7 +111,7 @@ metadata: capabilities: Seamless Upgrades categories: Big Data, Logging & Tracing, Monitoring, Security, AI/Machine Learning containerImage: splunk/splunk-operator@sha256:c4e0d314622699496f675760aad314520d050a66627fdf33e1e21fa28ca85d50 - createdAt: "2023-10-06T22:35:48Z" + createdAt: "2024-01-22T21:05:16Z" description: The Splunk Operator for Kubernetes enables you to quickly and easily deploy Splunk Enterprise on your choice of private or public cloud provider. The Operator simplifies scaling and management of Splunk Enterprise by automating @@ -788,8 +788,15 @@ spec: memory: 64Mi securityContext: allowPrivilegeEscalation: false + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL readOnlyRootFilesystem: true runAsNonRoot: true + seccompProfile: + type: RuntimeDefault - args: - --leader-elect - --pprof @@ -801,14 +808,14 @@ spec: fieldRef: fieldPath: metadata.annotations['olm.targetNamespaces'] - name: RELATED_IMAGE_SPLUNK_ENTERPRISE - value: docker.io/splunk/splunk:9.1.1 + value: docker.io/splunk/splunk:9.1.3 - name: OPERATOR_NAME value: splunk-operator - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - image: docker.io/splunk/splunk-operator:2.4.0 + image: docker.io/splunk/splunk-operator:2.5.0 imagePullPolicy: Always livenessProbe: httpGet: @@ -832,8 +839,15 @@ spec: memory: 2000Mi securityContext: allowPrivilegeEscalation: false + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL readOnlyRootFilesystem: true runAsNonRoot: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /opt/splunk/appframework/ name: app-staging @@ -913,7 +927,7 @@ spec: name: Splunk Inc. url: www.splunk.com relatedImages: - - image: docker.io/splunk/splunk:9.1.1 + - image: docker.io/splunk/splunk:9.1.3 name: splunk-enterprise replaces: splunk-operator.v2.2.0 version: 2.2.1 diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index c9f04f6c6..5e0a5b0b4 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -124,7 +124,7 @@ patches: - name: WATCH_NAMESPACE value: WATCH_NAMESPACE_VALUE - name: RELATED_IMAGE_SPLUNK_ENTERPRISE - value: docker.io/splunk/splunk:9.1.1 + value: docker.io/splunk/splunk:9.1.3 - name: OPERATOR_NAME value: splunk-operator - name: POD_NAME diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 1feed3a3b..d367eb1a7 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -17,4 +17,4 @@ kind: Kustomization images: - name: controller newName: docker.io/splunk/splunk-operator - newTag: 2.4.0 + newTag: 2.5.0 diff --git a/docs/AppFramework.md b/docs/AppFramework.md index 4a9eaa828..f79da2bda 100644 --- a/docs/AppFramework.md +++ b/docs/AppFramework.md @@ -542,7 +542,7 @@ spec: serviceAccountName: splunk-operator containers: - name: splunk-operator - image: "docker.io/splunk/splunk-operator:2.4.0" + image: "docker.io/splunk/splunk-operator:2.5.0" volumeMounts: - mountPath: /opt/splunk/appframework/ name: app-staging diff --git a/docs/ChangeLog.md b/docs/ChangeLog.md index 8158453e6..3b3ce754c 100644 --- a/docs/ChangeLog.md +++ b/docs/ChangeLog.md @@ -1,5 +1,23 @@ # Splunk Operator for Kubernetes Change Log +## 2.5.0 (2024-01-31) + +CSPL-2155: Support for Level-2 Upgrade Strategy in Splunk Operator + +CSPL-2505: Pod Security standard set to restricted mode + +### Supported Splunk Version +>| Splunk Version| +>| --- | +>| 9.0.8 | +>| 9.1.3 | + +### Supported Kubernetes Version +>| Kubernetes Version| +>| --- | +>| 1.25+ | + + ## 2.4.0 (2023-10-13) * This is the 2.4.0 release. The Splunk Operator for Kubernetes is a supported platform for deploying Splunk Enterprise with the prerequisites and constraints laid out [here](https://github.com/splunk/splunk-operator/blob/main/docs/README.md#prerequisites-for-the-splunk-operator) diff --git a/docs/Install.md b/docs/Install.md index 072afbed0..8ac60b8bd 100644 --- a/docs/Install.md +++ b/docs/Install.md @@ -7,7 +7,7 @@ If you want to customize the installation of the Splunk Operator, download a copy of the installation YAML locally, and open it in your favorite editor. ``` -wget -O splunk-operator-cluster.yaml https://github.com/splunk/splunk-operator/releases/download/2.4.0/splunk-operator-cluster.yaml +wget -O splunk-operator-cluster.yaml https://github.com/splunk/splunk-operator/releases/download/2.5.0/splunk-operator-cluster.yaml ``` ## Default Installation @@ -17,7 +17,7 @@ Based on the file used Splunk Operator can be installed cluster-wide or namespac By installing `splunk-operator-cluster.yaml` Operator will watch all the namespaces of your cluster for splunk enterprise custom resources ``` -wget -O splunk-operator-cluster.yaml https://github.com/splunk/splunk-operator/releases/download/2.4.0/splunk-operator-cluster.yaml +wget -O splunk-operator-cluster.yaml https://github.com/splunk/splunk-operator/releases/download/2.5.0/splunk-operator-cluster.yaml kubectl apply -f splunk-operator-cluster.yaml ``` @@ -44,10 +44,10 @@ If Splunk Operator is installed clusterwide and user wants to manage multiple na ## Install operator to watch single namespace with restrictive permission -In order to install operator with restrictive permission to watch only single namespace use [splunk-operator-namespace.yaml](https://github.com/splunk/splunk-operator/releases/download/2.4.0/splunk-operator-namespace.yaml). This will create Role and Role-Binding to only watch single namespace. By default operator will be installed in `splunk-operator` namespace, user can edit the file to change the namespace +In order to install operator with restrictive permission to watch only single namespace use [splunk-operator-namespace.yaml](https://github.com/splunk/splunk-operator/releases/download/2.5.0/splunk-operator-namespace.yaml). This will create Role and Role-Binding to only watch single namespace. By default operator will be installed in `splunk-operator` namespace, user can edit the file to change the namespace ``` -wget -O splunk-operator-namespace.yaml https://github.com/splunk/splunk-operator/releases/download/2.4.0/splunk-operator-namespace.yaml +wget -O splunk-operator-namespace.yaml https://github.com/splunk/splunk-operator/releases/download/2.5.0/splunk-operator-namespace.yaml kubectl apply -f splunk-operator-namespace.yaml ``` diff --git a/docs/README.md b/docs/README.md index dc10853ae..e6feea745 100644 --- a/docs/README.md +++ b/docs/README.md @@ -113,12 +113,12 @@ For production environments, we are requiring the use of Splunk SmartStore. As a A Kubernetes cluster administrator can install and start the Splunk Operator for specific namespace by running: ``` -kubectl apply -f https://github.com/splunk/splunk-operator/releases/download/2.4.0/splunk-operator-namespace.yaml --server-side --force-conflicts +kubectl apply -f https://github.com/splunk/splunk-operator/releases/download/2.5.0/splunk-operator-namespace.yaml --server-side --force-conflicts ``` A Kubernetes cluster administrator can install and start the Splunk Operator for cluster-wide by running: ``` -kubectl apply -f https://github.com/splunk/splunk-operator/releases/download/2.4.0/splunk-operator-cluster.yaml --server-side --force-conflicts +kubectl apply -f https://github.com/splunk/splunk-operator/releases/download/2.5.0/splunk-operator-cluster.yaml --server-side --force-conflicts ``` The [Advanced Installation Instructions](Install.md) page offers guidance for advanced configurations, including the use of private image registries, installation at cluster scope, and installing the Splunk Operator as a user who is not a Kubernetes administrator. Users of Red Hat OpenShift should review the [Red Hat OpenShift](OpenShift.md) page. diff --git a/docs/SplunkOperatorUpgrade.md b/docs/SplunkOperatorUpgrade.md index 76e7ca4c1..5e923ceb9 100644 --- a/docs/SplunkOperatorUpgrade.md +++ b/docs/SplunkOperatorUpgrade.md @@ -25,7 +25,7 @@ A Splunk Operator for Kubernetes upgrade might include support for a later versi 1. Download the latest Splunk Operator installation yaml file. ​ ``` -wget -O splunk-operator-namespace.yaml https://github.com/splunk/splunk-operator/releases/download/2.4.0/splunk-operator-namespace.yaml +wget -O splunk-operator-namespace.yaml https://github.com/splunk/splunk-operator/releases/download/2.5.0/splunk-operator-namespace.yaml ``` ​ 2. (Optional) Review the file and update it with your specific customizations used during your install. diff --git a/docs/index.yaml b/docs/index.yaml index 833373bdb..da55e317a 100644 --- a/docs/index.yaml +++ b/docs/index.yaml @@ -3,14 +3,14 @@ entries: splunk-enterprise: - apiVersion: v2 appVersion: 2.5.0 - created: "2024-01-10T10:39:11.69467-08:00" + created: "2024-01-22T12:51:00.460454-08:00" dependencies: - condition: splunk-operator.enabled name: splunk-operator repository: file://splunk-operator/helm-chart/splunk-operator version: 2.5.0 description: A Helm chart for Splunk Enterprise managed by the Splunk Operator - digest: d94805c70ddcc080baf3b70dabe83c58cff00ad770e8373f590c115a7bcfc41d + digest: e9510495e61e31c9f0b6cc7f4e0c9a1bdf17a7772ab881df13abd9903c46f556 maintainers: - email: vivekr@splunk.com name: Vivek Reddy @@ -23,7 +23,7 @@ entries: version: 2.5.0 - apiVersion: v2 appVersion: 2.4.0 - created: "2024-01-10T10:39:11.65808-08:00" + created: "2024-01-22T12:51:00.419046-08:00" dependencies: - condition: splunk-operator.enabled name: splunk-operator @@ -45,7 +45,7 @@ entries: version: 2.4.0 - apiVersion: v2 appVersion: 2.3.0 - created: "2024-01-10T10:39:11.632534-08:00" + created: "2024-01-22T12:51:00.387561-08:00" dependencies: - condition: splunk-operator.enabled name: splunk-operator @@ -67,7 +67,7 @@ entries: version: 2.3.0 - apiVersion: v2 appVersion: 2.2.1 - created: "2024-01-10T10:39:11.617484-08:00" + created: "2024-01-22T12:51:00.373328-08:00" dependencies: - condition: splunk-operator.enabled name: splunk-operator @@ -82,7 +82,7 @@ entries: version: 2.2.1 - apiVersion: v2 appVersion: 2.2.0 - created: "2024-01-10T10:39:11.60409-08:00" + created: "2024-01-22T12:51:00.357163-08:00" dependencies: - condition: splunk-operator.enabled name: splunk-operator @@ -97,7 +97,7 @@ entries: version: 2.2.0 - apiVersion: v2 appVersion: 2.1.0 - created: "2024-01-10T10:39:11.579208-08:00" + created: "2024-01-22T12:51:00.330725-08:00" dependencies: - condition: splunk-operator.enabled name: splunk-operator @@ -113,9 +113,9 @@ entries: splunk-operator: - apiVersion: v2 appVersion: 2.5.0 - created: "2024-01-10T10:39:11.771432-08:00" + created: "2024-01-22T12:51:00.541778-08:00" description: A Helm chart for the Splunk Operator for Kubernetes - digest: a57a89d6b0fa0f8479001f097de0ac6a94721a7bfc6dc449e7f5bfb1c9de5d04 + digest: ed93f8fac421f92cfdbfd043ec27911a07ec7db2c05b4efc3137cef4f2bfca4a maintainers: - email: vivekr@splunk.com name: Vivek Reddy @@ -128,7 +128,7 @@ entries: version: 2.5.0 - apiVersion: v2 appVersion: 2.4.0 - created: "2024-01-10T10:39:11.7597-08:00" + created: "2024-01-22T12:51:00.527611-08:00" description: A Helm chart for the Splunk Operator for Kubernetes digest: 9d0377747e46df4bf4b9dbd447c9ff46c926bfe2c66fd07d6d27a61abb31cb42 maintainers: @@ -145,7 +145,7 @@ entries: version: 2.4.0 - apiVersion: v2 appVersion: 2.3.0 - created: "2024-01-10T10:39:11.748073-08:00" + created: "2024-01-22T12:51:00.513743-08:00" description: A Helm chart for the Splunk Operator for Kubernetes digest: 23e70ec4059bc92920d7d3adce3bff6b8aba0d5eb5d4c0efe225bf3b88d5b274 maintainers: @@ -162,7 +162,7 @@ entries: version: 2.3.0 - apiVersion: v2 appVersion: 2.2.1 - created: "2024-01-10T10:39:11.736045-08:00" + created: "2024-01-22T12:51:00.500321-08:00" description: A Helm chart for the Splunk Operator for Kubernetes digest: 8868b9ae2ebde0c667b13c97d71d904a31b5a9f2c803b199bc77324f1727e1fd name: splunk-operator @@ -172,7 +172,7 @@ entries: version: 2.2.1 - apiVersion: v2 appVersion: 2.2.0 - created: "2024-01-10T10:39:11.724252-08:00" + created: "2024-01-22T12:51:00.487851-08:00" description: A Helm chart for the Splunk Operator for Kubernetes digest: 49c72276bd7ff93465b0545d8b0814f684cade7d2cd191b6d73d4c3660bd1fb4 name: splunk-operator @@ -182,7 +182,7 @@ entries: version: 2.2.0 - apiVersion: v2 appVersion: 2.1.0 - created: "2024-01-10T10:39:11.710038-08:00" + created: "2024-01-22T12:51:00.473934-08:00" description: A Helm chart for the Splunk Operator for Kubernetes digest: 34e5463f8f5442655d05cb616b50391b738a0827b30d8440b4c7fce99a291d9a name: splunk-operator @@ -190,4 +190,4 @@ entries: urls: - https://splunk.github.io/splunk-operator/splunk-operator-1.0.0.tgz version: 1.0.0 -generated: "2024-01-10T10:39:11.564217-08:00" +generated: "2024-01-22T12:51:00.315345-08:00" diff --git a/docs/splunk-enterprise-2.5.0.tgz b/docs/splunk-enterprise-2.5.0.tgz index 7294fdba5..ea469f87e 100644 Binary files a/docs/splunk-enterprise-2.5.0.tgz and b/docs/splunk-enterprise-2.5.0.tgz differ diff --git a/docs/splunk-operator-2.5.0.tgz b/docs/splunk-operator-2.5.0.tgz index 9fbd61feb..0e427094d 100644 Binary files a/docs/splunk-operator-2.5.0.tgz and b/docs/splunk-operator-2.5.0.tgz differ diff --git a/helm-chart/splunk-enterprise/charts/splunk-operator-2.5.0.tgz b/helm-chart/splunk-enterprise/charts/splunk-operator-2.5.0.tgz index 9fbd61feb..0e427094d 100644 Binary files a/helm-chart/splunk-enterprise/charts/splunk-operator-2.5.0.tgz and b/helm-chart/splunk-enterprise/charts/splunk-operator-2.5.0.tgz differ diff --git a/helm-chart/splunk-operator/values.yaml b/helm-chart/splunk-operator/values.yaml index d197c5aba..120420278 100644 --- a/helm-chart/splunk-operator/values.yaml +++ b/helm-chart/splunk-operator/values.yaml @@ -3,7 +3,7 @@ splunk-operator: # Splunk image image: - repository: docker.io/splunk/splunk:9.1.2 + repository: docker.io/splunk/splunk:9.1.3 # The kube-rbac-proxy is a small HTTP proxy for a single upstream, that can perform RBAC # authorization against the Kubernetes API.