diff --git a/Makefile b/Makefile index 359648d7d..6d9bf1845 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ # To re-generate a bundle for another specific version without changing the standard setup, you can: # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) # - use environment variables to overwrite this value (e.g export VERSION=0.0.2) -VERSION ?= 2.5.0 +VERSION ?= 2.5.2 # SPLUNK_ENTERPRISE_IMAGE defines the splunk docker tag that is used as default image. SPLUNK_ENTERPRISE_IMAGE ?= "docker.io/splunk/splunk:edge" diff --git a/bundle/manifests/splunk-operator.clusterserviceversion.yaml b/bundle/manifests/splunk-operator.clusterserviceversion.yaml index 8ebe30c0f..270a6eb3f 100644 --- a/bundle/manifests/splunk-operator.clusterserviceversion.yaml +++ b/bundle/manifests/splunk-operator.clusterserviceversion.yaml @@ -111,7 +111,7 @@ metadata: capabilities: Seamless Upgrades categories: Big Data, Logging & Tracing, Monitoring, Security, AI/Machine Learning containerImage: splunk/splunk-operator@sha256:c4e0d314622699496f675760aad314520d050a66627fdf33e1e21fa28ca85d50 - createdAt: "2024-02-20T18:45:06Z" + createdAt: "2024-02-29T18:47:11Z" description: The Splunk Operator for Kubernetes enables you to quickly and easily deploy Splunk Enterprise on your choice of private or public cloud provider. The Operator simplifies scaling and management of Splunk Enterprise by automating @@ -120,7 +120,7 @@ metadata: operators.operatorframework.io/builder: operator-sdk-v1.31.0 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: https://github.com/splunk/splunk-operator - name: splunk-operator.v2.5.1 + name: splunk-operator.v2.5.2 namespace: placeholder spec: apiservicedefinitions: {} @@ -815,7 +815,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name - image: docker.io/splunk/splunk-operator:2.5.1 + image: docker.io/splunk/splunk-operator:2.5.2 imagePullPolicy: Always livenessProbe: httpGet: @@ -929,5 +929,5 @@ spec: relatedImages: - image: docker.io/splunk/splunk:9.1.3 name: splunk-enterprise - replaces: splunk-operator.v2.5.0 - version: 2.5.1 + replaces: splunk-operator.v2.5.1 + version: 2.5.2 diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 8e92ce43b..32a999a85 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -17,4 +17,5 @@ kind: Kustomization images: - name: controller newName: docker.io/splunk/splunk-operator - newTag: 2.5.1 + newTag: 2.5.2 + diff --git a/config/manifests/bases/splunk-operator.clusterserviceversion.yaml b/config/manifests/bases/splunk-operator.clusterserviceversion.yaml index c0d9b1fa9..be9dd6058 100644 --- a/config/manifests/bases/splunk-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/splunk-operator.clusterserviceversion.yaml @@ -12,7 +12,7 @@ metadata: administrative workflows using Kubernetes best practices. olm.properties: '[{"type": "olm.maxOpenShiftVersion", "value": "4.9"}]' repository: https://github.com/splunk/splunk-operator - name: splunk-operator.v2.5.1 + name: splunk-operator.v2.5.2 namespace: placeholder spec: apiservicedefinitions: {} @@ -274,5 +274,6 @@ spec: provider: name: Splunk Inc. url: www.splunk.com - replaces: splunk-operator.v2.5.0 - version: 2.5.1 + replaces: splunk-operator.v2.5.1 + version: 2.5.2 + diff --git a/docs/AppFramework.md b/docs/AppFramework.md index c842039c7..bd5e66025 100644 --- a/docs/AppFramework.md +++ b/docs/AppFramework.md @@ -542,7 +542,7 @@ spec: serviceAccountName: splunk-operator containers: - name: splunk-operator - image: "docker.io/splunk/splunk-operator:2.5.1" + image: "docker.io/splunk/splunk-operator:2.5.2" volumeMounts: - mountPath: /opt/splunk/appframework/ name: app-staging @@ -559,7 +559,7 @@ spec: - name: OPERATOR_NAME value: "splunk-operator" - name: RELATED_IMAGE_SPLUNK_ENTERPRISE - value: "docker.io/splunk/splunk:9.0.3-a2" + value: "docker.io/splunk/splunk:9.1.3" volumes: - name: app-staging diff --git a/docs/ChangeLog.md b/docs/ChangeLog.md index 0f55a5553..4cc61cb8f 100644 --- a/docs/ChangeLog.md +++ b/docs/ChangeLog.md @@ -1,5 +1,20 @@ # Splunk Operator for Kubernetes Change Log +## 2.5.2 (2024-02-28) + +CSPL-2535 security context for init container not set (#1290) + +### Supported Splunk Version +>| Splunk Version| +>| --- | +>| 9.0.8 | +>| 9.1.3 | + +### Supported Kubernetes Version +>| Kubernetes Version| +>| --- | +>| 1.25+ | + ## 2.5.1 (2024-02-20) CSPL-2532: fix for leader election lost issue (#1281) diff --git a/docs/Helm.md b/docs/Helm.md index 5f19fd46c..e6842fc77 100644 --- a/docs/Helm.md +++ b/docs/Helm.md @@ -35,7 +35,7 @@ There are a couple ways you can configure your operator deployment 1. Using a ```new_values.yaml``` file to override default values (Recommended) ``` -helm install -f new_values.yaml splunk/splunk-operator -n +helm install -f new_values.yaml --set installCRDs=true splunk/splunk-operator -n ``` 2. Using the Helm CLI directly to set new values @@ -46,7 +46,7 @@ helm install --set = splunk/splunk-operator -n splunk/splunk-operator -n +helm upgrade -f new_values.yaml --set installCRDs=true splunk/splunk-operator -n ``` Read more about configuring values [here](https://helm.sh/docs/intro/using_helm/). @@ -74,7 +74,7 @@ The ```helm list``` command can be used to retrieve all deployed releases. By default, the Splunk Operator has cluster-wide access. Let's upgrade the ```splunk-operator-test``` release by revoking cluster-wide access: ``` -helm upgrade --set splunkOperator.clusterWideAccess=false splunk-operator-test splunk/splunk-operator -n splunk-operator +helm upgrade --set splunkOperator.clusterWideAccess=false --set installCRDs=true splunk-operator-test splunk/splunk-operator -n splunk-operator ``` ``` NAME: splunk-operator-test @@ -100,7 +100,7 @@ helm dependency build splunk/splunk-enterprise ``` If the operator is already installed then you will need to disable the dependency: ``` -helm install --set splunk-operator.enabled=false splunk/splunk-enterprise -n +helm install --set splunk-operator.enabled=false --set installCRDs=true splunk/splunk-enterprise -n ``` Installing ```splunk/splunk-enterprise``` will deploy Splunk Enterprise custom resources according to your configuration, the following ```new_values.yaml``` file specifies override configurations to deploy a Cluster Manager, an Indexer Cluster and a Search Head Cluster. @@ -124,7 +124,7 @@ helm show values splunk/splunk-enterprise To install a Splunk Enterprise deployment according to our configurations above: ``` -helm install -f new_values.yaml splunk-enterprise-test splunk/splunk-enterprise -n splunk-operator +helm install --set installCRDs=true -f new_values.yaml splunk-enterprise-test splunk/splunk-enterprise -n splunk-operator ``` ``` NAME: splunk-enterprise-test @@ -166,6 +166,6 @@ The Splunk Enterprise chart has support for three Splunk Validated Architectures Install a Standalone deployment using the following command: ``` -helm install --set s1.enabled=true splunk/splunk-enterprise -n +helm install --set s1.enabled=true --set installCRDs=true splunk/splunk-enterprise -n ``` Visit the Splunk Operator github repository to learn more about the configurable values of [splunk/splunk-operator](https://github.com/splunk/splunk-operator/blob/develop/helm-chart/splunk-operator/values.yaml) and [splunk/splunk-enterprise](https://github.com/splunk/splunk-operator/blob/develop/helm-chart/splunk-enterprise/values.yaml). diff --git a/docs/Install.md b/docs/Install.md index 0cc41f81e..1ef6b2644 100644 --- a/docs/Install.md +++ b/docs/Install.md @@ -7,7 +7,7 @@ If you want to customize the installation of the Splunk Operator, download a copy of the installation YAML locally, and open it in your favorite editor. ``` -wget -O splunk-operator-cluster.yaml https://github.com/splunk/splunk-operator/releases/download/2.5.1/splunk-operator-cluster.yaml +wget -O splunk-operator-cluster.yaml https://github.com/splunk/splunk-operator/releases/download/2.5.2/splunk-operator-cluster.yaml ``` ## Default Installation @@ -17,7 +17,7 @@ Based on the file used Splunk Operator can be installed cluster-wide or namespac By installing `splunk-operator-cluster.yaml` Operator will watch all the namespaces of your cluster for splunk enterprise custom resources ``` -wget -O splunk-operator-cluster.yaml https://github.com/splunk/splunk-operator/releases/download/2.5.1/splunk-operator-cluster.yaml +wget -O splunk-operator-cluster.yaml https://github.com/splunk/splunk-operator/releases/download/2.5.2/splunk-operator-cluster.yaml kubectl apply -f splunk-operator-cluster.yaml ``` @@ -31,7 +31,7 @@ If Splunk Operator is installed clusterwide and user wants to manage multiple na - name: WATCH_NAMESPACE value: "namespace1,namespace2" - name: RELATED_IMAGE_SPLUNK_ENTERPRISE - value: splunk/splunk:9.0.3-a2 + value: splunk/splunk:9.1.3 - name: OPERATOR_NAME value: splunk-operator - name: POD_NAME @@ -44,10 +44,10 @@ If Splunk Operator is installed clusterwide and user wants to manage multiple na ## Install operator to watch single namespace with restrictive permission -In order to install operator with restrictive permission to watch only single namespace use [splunk-operator-namespace.yaml](https://github.com/splunk/splunk-operator/releases/download/2.5.1/splunk-operator-namespace.yaml). This will create Role and Role-Binding to only watch single namespace. By default operator will be installed in `splunk-operator` namespace, user can edit the file to change the namespace +In order to install operator with restrictive permission to watch only single namespace use [splunk-operator-namespace.yaml](https://github.com/splunk/splunk-operator/releases/download/2.5.2/splunk-operator-namespace.yaml). This will create Role and Role-Binding to only watch single namespace. By default operator will be installed in `splunk-operator` namespace, user can edit the file to change the namespace ``` -wget -O splunk-operator-namespace.yaml https://github.com/splunk/splunk-operator/releases/download/2.5.1/splunk-operator-namespace.yaml +wget -O splunk-operator-namespace.yaml https://github.com/splunk/splunk-operator/releases/download/2.5.2/splunk-operator-namespace.yaml kubectl apply -f splunk-operator-namespace.yaml ``` @@ -68,7 +68,7 @@ If you are using a private registry for the Docker images, edit `deployment` `sp - name: WATCH_NAMESPACE value: "namespace1,namespace2" - name: RELATED_IMAGE_SPLUNK_ENTERPRISE - value: splunk/splunk:9.0.3-a2 + value: splunk/splunk:9.1.3 - name: OPERATOR_NAME value: splunk-operator - name: POD_NAME diff --git a/docs/MultisiteExamples.md b/docs/MultisiteExamples.md index 15139b57c..bff1fcb1e 100644 --- a/docs/MultisiteExamples.md +++ b/docs/MultisiteExamples.md @@ -45,7 +45,7 @@ Limitation: all the IndexerCluster resources must be located in the same namespa #### Deploy the cluster-manager -Note: +Note: * The image version is defined in these resources as this allows to control the upgrade cycle * For all available default parameters refer to [splunk-ansible default.yml.spec.md](https://github.com/splunk/splunk-ansible/blob/develop/docs/advanced/default.yml.spec.md) @@ -148,7 +148,7 @@ metadata: - enterprise.splunk.com/delete-pvc spec: replicas: 3 - image: "splunk/splunk:9.0.3-a2" + image: "splunk/splunk:9.1.3" clusterManagerRef: name: example defaults: |- @@ -157,4 +157,3 @@ spec: site: site0 EOF ``` - diff --git a/docs/README.md b/docs/README.md index 33daf6dfb..1e9958eb5 100644 --- a/docs/README.md +++ b/docs/README.md @@ -113,12 +113,12 @@ For production environments, we are requiring the use of Splunk SmartStore. As a A Kubernetes cluster administrator can install and start the Splunk Operator for specific namespace by running: ``` -kubectl apply -f https://github.com/splunk/splunk-operator/releases/download/2.5.1/splunk-operator-namespace.yaml --server-side --force-conflicts +kubectl apply -f https://github.com/splunk/splunk-operator/releases/download/2.5.2/splunk-operator-namespace.yaml --server-side --force-conflicts ``` A Kubernetes cluster administrator can install and start the Splunk Operator for cluster-wide by running: ``` -kubectl apply -f https://github.com/splunk/splunk-operator/releases/download/2.5.1/splunk-operator-cluster.yaml --server-side --force-conflicts +kubectl apply -f https://github.com/splunk/splunk-operator/releases/download/2.5.2/splunk-operator-cluster.yaml --server-side --force-conflicts ``` The [Advanced Installation Instructions](Install.md) page offers guidance for advanced configurations, including the use of private image registries, installation at cluster scope, and installing the Splunk Operator as a user who is not a Kubernetes administrator. Users of Red Hat OpenShift should review the [Red Hat OpenShift](OpenShift.md) page. diff --git a/docs/SplunkOperatorUpgrade.md b/docs/SplunkOperatorUpgrade.md index 46e3a0094..c25ddb52c 100644 --- a/docs/SplunkOperatorUpgrade.md +++ b/docs/SplunkOperatorUpgrade.md @@ -1,6 +1,5 @@ # How to upgrade Splunk Operator and Splunk Enterprise Deployments -To upgrade the Splunk Operator for Kubernetes, you will overwrite the prior Operator release with the latest version. Once the lastest version of `splunk-operator-namespace.yaml` ([see below](#upgrading-splunk-operator-and-splunk-operator-deployment)) is applied the CRD's are updated and Operator deployment is updated with newer version of Splunk Operator image. Any new spec defined by the operator will be applied to the pods managed by Splunk Operator for Kubernetes. To upgrade the Splunk Operator for Kubernetes, you will overwrite the prior Operator release with the latest version. Once the lastest version of `splunk-operator-namespace.yaml` ([see below](#upgrading-splunk-operator-and-splunk-operator-deployment)) is applied the CRD's are updated and Operator deployment is updated with newer version of Splunk Operator image. Any new spec defined by the operator will be applied to the pods managed by Splunk Operator for Kubernetes. ​ A Splunk Operator for Kubernetes upgrade might include support for a later version of the Splunk Enterprise Docker image. In that scenario, after the Splunk Operator completes its upgrade, the pods managed by Splunk Operator for Kubernetes will be restarted using the latest Splunk Enterprise Docker image. @@ -12,7 +11,6 @@ A Splunk Operator for Kubernetes upgrade might include support for a later versi * Before you upgrade, review the Splunk Operator [change log](https://github.com/splunk/splunk-operator/releases) page for information on changes made in the latest release. The Splunk Enterprise Docker image compatibility is noted in each release version. ​ * If the Splunk Enterprise Docker image changes, review the Splunk Enterprise [Upgrade Readme](https://docs.splunk.com/Documentation/Splunk/latest/Installation/AboutupgradingREADTHISFIRST) page before upgrading. -* If the Splunk Enterprise Docker image changes, review the Splunk Enterprise [Upgrade Readme](https://docs.splunk.com/Documentation/Splunk/latest/Installation/AboutupgradingREADTHISFIRST) page before upgrading. ​ * For general information about Splunk Enterprise compatibility and the upgrade process, see [How to upgrade Splunk Enterprise](https://docs.splunk.com/Documentation/Splunk/latest/Installation/HowtoupgradeSplunk). ​ @@ -27,7 +25,8 @@ A Splunk Operator for Kubernetes upgrade might include support for a later versi 1. Download the latest Splunk Operator installation yaml file. ​ ``` -wget -O splunk-operator-namespace.yaml https://github.com/splunk/splunk-operator/releases/download/2.5.1/splunk-operator-namespace.yaml +wget -O splunk-operator-namespace.yaml https://github.com/splunk/splunk-operator/releases/download/2.5.2/splunk-operator-namespace.yaml + ``` ​ 2. (Optional) Review the file and update it with your specific customizations used during your install. @@ -106,7 +105,7 @@ Edit `deployment` `splunk-operator-controller-manager-` in `splunk-operat - name: WATCH_NAMESPACE value: "splunk-operator" - name: RELATED_IMAGE_SPLUNK_ENTERPRISE - value: splunk/splunk:9.0.3-a2 + value: splunk/splunk:9.1.3 - name: OPERATOR_NAME value: splunk-operator - name: POD_NAME @@ -141,7 +140,7 @@ To verify that a new Splunk Enterprise Docker image was applied to a pod, you ca ​ ```bash kubectl get pods splunk--monitoring-console-0 -o yaml | grep -i image -image: splunk/splunk:9.0.3-a2 +image: splunk/splunk:9.1.3 imagePullPolicy: IfNotPresent ``` ## Splunk Enterprise Cluster upgrade example diff --git a/docs/index.yaml b/docs/index.yaml index 6ab024c75..cbb2886ab 100644 --- a/docs/index.yaml +++ b/docs/index.yaml @@ -1,9 +1,29 @@ apiVersion: v1 entries: splunk-enterprise: + - apiVersion: v2 + appVersion: 2.5.2 + created: "2024-03-04T09:18:42.035714-08:00" + dependencies: + - condition: splunk-operator.enabled + name: splunk-operator + repository: file://splunk-operator/helm-chart/splunk-operator + version: 2.5.2 + description: A Helm chart for Splunk Enterprise managed by the Splunk Operator + digest: cab28a71e69ba47f4af5fdccd57cac908ae122af1e195dfbd15479b23509d4de + maintainers: + - email: vivekr@splunk.com + name: Vivek Reddy + - email: akondur@splunk.com + name: Arjun Kondur + name: splunk-enterprise + type: application + urls: + - https://splunk.github.io/splunk-operator/splunk-enterprise-2.5.2.tgz + version: 2.5.2 - apiVersion: v2 appVersion: 2.5.1 - created: "2024-02-20T10:52:46.032948-08:00" + created: "2024-03-04T09:18:41.965645-08:00" dependencies: - condition: splunk-operator.enabled name: splunk-operator @@ -23,7 +43,7 @@ entries: version: 2.5.1 - apiVersion: v2 appVersion: 2.5.0 - created: "2024-02-20T10:52:45.982924-08:00" + created: "2024-03-04T09:18:41.90141-08:00" dependencies: - condition: splunk-operator.enabled name: splunk-operator @@ -43,7 +63,7 @@ entries: version: 2.5.0 - apiVersion: v2 appVersion: 2.4.0 - created: "2024-02-20T10:52:45.941086-08:00" + created: "2024-03-04T09:18:41.85593-08:00" dependencies: - condition: splunk-operator.enabled name: splunk-operator @@ -65,7 +85,7 @@ entries: version: 2.4.0 - apiVersion: v2 appVersion: 2.3.0 - created: "2024-02-20T10:52:45.912109-08:00" + created: "2024-03-04T09:18:41.826004-08:00" dependencies: - condition: splunk-operator.enabled name: splunk-operator @@ -87,7 +107,7 @@ entries: version: 2.3.0 - apiVersion: v2 appVersion: 2.2.1 - created: "2024-02-20T10:52:45.896417-08:00" + created: "2024-03-04T09:18:41.811044-08:00" dependencies: - condition: splunk-operator.enabled name: splunk-operator @@ -102,7 +122,7 @@ entries: version: 2.2.1 - apiVersion: v2 appVersion: 2.2.0 - created: "2024-02-20T10:52:45.881394-08:00" + created: "2024-03-04T09:18:41.795166-08:00" dependencies: - condition: splunk-operator.enabled name: splunk-operator @@ -117,7 +137,7 @@ entries: version: 2.2.0 - apiVersion: v2 appVersion: 2.1.0 - created: "2024-02-20T10:52:45.8558-08:00" + created: "2024-03-04T09:18:41.769077-08:00" dependencies: - condition: splunk-operator.enabled name: splunk-operator @@ -131,9 +151,24 @@ entries: - https://splunk.github.io/splunk-operator/splunk-enterprise-1.0.0.tgz version: 1.0.0 splunk-operator: + - apiVersion: v2 + appVersion: 2.5.2 + created: "2024-03-04T09:18:42.148904-08:00" + description: A Helm chart for the Splunk Operator for Kubernetes + digest: 5b5ba3544203b99dcc15c8e55bf7f01eabae197ab40e3cbcccf1304a85b6fbc9 + maintainers: + - email: vivekr@splunk.com + name: Vivek Reddy + - email: akondur@splunk.com + name: Arjun Kondur + name: splunk-operator + type: application + urls: + - https://splunk.github.io/splunk-operator/splunk-operator-2.5.2.tgz + version: 2.5.2 - apiVersion: v2 appVersion: 2.5.1 - created: "2024-02-20T10:52:46.127737-08:00" + created: "2024-03-04T09:18:42.135688-08:00" description: A Helm chart for the Splunk Operator for Kubernetes digest: 5c90889e175bbfc79cbb7f83bf213de43a46c4d688574d04ff82aa16dcd8681a maintainers: @@ -148,7 +183,7 @@ entries: version: 2.5.1 - apiVersion: v2 appVersion: 2.5.0 - created: "2024-02-20T10:52:46.116065-08:00" + created: "2024-03-04T09:18:42.120406-08:00" description: A Helm chart for the Splunk Operator for Kubernetes digest: ed93f8fac421f92cfdbfd043ec27911a07ec7db2c05b4efc3137cef4f2bfca4a maintainers: @@ -163,7 +198,7 @@ entries: version: 2.5.0 - apiVersion: v2 appVersion: 2.4.0 - created: "2024-02-20T10:52:46.101936-08:00" + created: "2024-03-04T09:18:42.105819-08:00" description: A Helm chart for the Splunk Operator for Kubernetes digest: 9d0377747e46df4bf4b9dbd447c9ff46c926bfe2c66fd07d6d27a61abb31cb42 maintainers: @@ -180,7 +215,7 @@ entries: version: 2.4.0 - apiVersion: v2 appVersion: 2.3.0 - created: "2024-02-20T10:52:46.088599-08:00" + created: "2024-03-04T09:18:42.091571-08:00" description: A Helm chart for the Splunk Operator for Kubernetes digest: 23e70ec4059bc92920d7d3adce3bff6b8aba0d5eb5d4c0efe225bf3b88d5b274 maintainers: @@ -197,7 +232,7 @@ entries: version: 2.3.0 - apiVersion: v2 appVersion: 2.2.1 - created: "2024-02-20T10:52:46.070858-08:00" + created: "2024-03-04T09:18:42.076178-08:00" description: A Helm chart for the Splunk Operator for Kubernetes digest: 8868b9ae2ebde0c667b13c97d71d904a31b5a9f2c803b199bc77324f1727e1fd name: splunk-operator @@ -207,7 +242,7 @@ entries: version: 2.2.1 - apiVersion: v2 appVersion: 2.2.0 - created: "2024-02-20T10:52:46.056944-08:00" + created: "2024-03-04T09:18:42.062432-08:00" description: A Helm chart for the Splunk Operator for Kubernetes digest: 49c72276bd7ff93465b0545d8b0814f684cade7d2cd191b6d73d4c3660bd1fb4 name: splunk-operator @@ -217,7 +252,7 @@ entries: version: 2.2.0 - apiVersion: v2 appVersion: 2.1.0 - created: "2024-02-20T10:52:46.044805-08:00" + created: "2024-03-04T09:18:42.049543-08:00" description: A Helm chart for the Splunk Operator for Kubernetes digest: 34e5463f8f5442655d05cb616b50391b738a0827b30d8440b4c7fce99a291d9a name: splunk-operator @@ -225,4 +260,4 @@ entries: urls: - https://splunk.github.io/splunk-operator/splunk-operator-1.0.0.tgz version: 1.0.0 -generated: "2024-02-20T10:52:45.840335-08:00" +generated: "2024-03-04T09:18:41.752678-08:00" diff --git a/docs/splunk-enterprise-2.5.2.tgz b/docs/splunk-enterprise-2.5.2.tgz new file mode 100644 index 000000000..5f7bcd0e8 Binary files /dev/null and b/docs/splunk-enterprise-2.5.2.tgz differ diff --git a/docs/splunk-operator-2.5.2.tgz b/docs/splunk-operator-2.5.2.tgz new file mode 100644 index 000000000..c9e57c529 Binary files /dev/null and b/docs/splunk-operator-2.5.2.tgz differ diff --git a/go.mod b/go.mod index 1bc357ff5..e02d38e61 100644 --- a/go.mod +++ b/go.mod @@ -7,8 +7,8 @@ require ( github.com/go-logr/logr v1.3.0 github.com/google/go-cmp v0.6.0 github.com/minio/minio-go/v7 v7.0.16 - github.com/onsi/ginkgo/v2 v2.14.0 - github.com/onsi/gomega v1.30.0 + github.com/onsi/ginkgo/v2 v2.15.0 + github.com/onsi/gomega v1.31.1 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.14.0 github.com/stretchr/testify v1.8.1 diff --git a/go.sum b/go.sum index 63f4f77ea..2255021a1 100644 --- a/go.sum +++ b/go.sum @@ -253,12 +253,10 @@ github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRW github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= -github.com/onsi/ginkgo/v2 v2.13.2 h1:Bi2gGVkfn6gQcjNjZJVO8Gf0FHzMPf2phUei9tejVMs= -github.com/onsi/ginkgo/v2 v2.13.2/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM= -github.com/onsi/ginkgo/v2 v2.14.0 h1:vSmGj2Z5YPb9JwCWT6z6ihcUvDhuXLc3sJiqd3jMKAY= -github.com/onsi/ginkgo/v2 v2.14.0/go.mod h1:JkUdW7JkN0V6rFvsHcJ478egV3XH9NxpD27Hal/PhZw= -github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= -github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY= +github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM= +github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo= +github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -373,8 +371,6 @@ golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY= -golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -435,8 +431,6 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= -golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -450,8 +444,6 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -504,8 +496,6 @@ golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc= -golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA= golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/helm-chart/splunk-enterprise/Chart.yaml b/helm-chart/splunk-enterprise/Chart.yaml index 8884eea37..0ffb3fa35 100644 --- a/helm-chart/splunk-enterprise/Chart.yaml +++ b/helm-chart/splunk-enterprise/Chart.yaml @@ -15,13 +15,13 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 2.5.1 +version: 2.5.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "2.5.1" +appVersion: "2.5.2" maintainers: - name: Vivek Reddy email: vivekr@splunk.com @@ -29,6 +29,6 @@ maintainers: email: akondur@splunk.com dependencies: - name: splunk-operator - version: "2.5.1" + version: "2.5.2" repository: "file://splunk-operator/helm-chart/splunk-operator" condition: splunk-operator.enabled diff --git a/helm-chart/splunk-enterprise/charts/splunk-operator-2.5.2.tgz b/helm-chart/splunk-enterprise/charts/splunk-operator-2.5.2.tgz new file mode 100644 index 000000000..c9e57c529 Binary files /dev/null and b/helm-chart/splunk-enterprise/charts/splunk-operator-2.5.2.tgz differ diff --git a/helm-chart/splunk-operator/Chart.yaml b/helm-chart/splunk-operator/Chart.yaml index 0433e7090..e232543e5 100644 --- a/helm-chart/splunk-operator/Chart.yaml +++ b/helm-chart/splunk-operator/Chart.yaml @@ -19,10 +19,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: "2.5.1" +version: "2.5.2" # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "2.5.1" \ No newline at end of file +appVersion: "2.5.2" diff --git a/helm-chart/splunk-operator/values.yaml b/helm-chart/splunk-operator/values.yaml index 06f2e02b2..8b3b1906f 100644 --- a/helm-chart/splunk-operator/values.yaml +++ b/helm-chart/splunk-operator/values.yaml @@ -32,7 +32,7 @@ splunkOperator: # Splunk operator image and pull policy # reference: https://github.com/splunk/splunk-operator image: - repository: docker.io/splunk/splunk-operator:2.5.1 + repository: docker.io/splunk/splunk-operator:2.5.2 pullPolicy: IfNotPresent # Set image pull secrets to pull image from a private registry diff --git a/pkg/splunk/enterprise/util.go b/pkg/splunk/enterprise/util.go index 7d3bd2b59..5fc96222b 100644 --- a/pkg/splunk/enterprise/util.go +++ b/pkg/splunk/enterprise/util.go @@ -679,6 +679,10 @@ func setupInitContainer(podTemplateSpec *corev1.PodTemplateSpec, Image string, i } else { volMntName = fmt.Sprintf(splcommon.PvcNamePrefix, splcommon.EtcVolumeStorage) } + // update security context + runAsUser := int64(41812) + runAsNonRoot := true + privileged := false containerSpec := corev1.Container{ Image: Image, ImagePullPolicy: corev1.PullPolicy(imagePullPolicy), @@ -699,6 +703,23 @@ func setupInitContainer(podTemplateSpec *corev1.PodTemplateSpec, Image string, i corev1.ResourceMemory: resource.MustParse("512Mi"), }, }, + SecurityContext: &corev1.SecurityContext{ + RunAsUser: &runAsUser, + RunAsNonRoot: &runAsNonRoot, + AllowPrivilegeEscalation: &[]bool{false}[0], + Capabilities: &corev1.Capabilities{ + Drop: []corev1.Capability{ + "ALL", + }, + Add: []corev1.Capability{ + "NET_BIND_SERVICE", + }, + }, + Privileged: &privileged, + SeccompProfile: &corev1.SeccompProfile{ + Type: corev1.SeccompProfileTypeRuntimeDefault, + }, + }, } podTemplateSpec.Spec.InitContainers = append(podTemplateSpec.Spec.InitContainers, containerSpec) } diff --git a/test/appframework_aws/c3/manager_appframework_test.go b/test/appframework_aws/c3/manager_appframework_test.go index 38dc33dae..c43e030ee 100644 --- a/test/appframework_aws/c3/manager_appframework_test.go +++ b/test/appframework_aws/c3/manager_appframework_test.go @@ -328,8 +328,8 @@ var _ = Describe("c3appfw test", func() { } // Upload V1 apps to S3 for Monitoring Console - oldImage := "splunk/splunk:9.0.3-a2" - newImage := "splunk/splunk:9.0.5" + oldImage := "splunk/splunk:9.0.5" + newImage := "splunk/splunk:9.1.3" lm, err := deployment.DeployLicenseManager(ctx, deployment.GetName()) cm, err := deployment.DeployClusterManager(ctx, deployment.GetName(), lm.GetName(), "", "") diff --git a/test/deploy-eks-cluster.sh b/test/deploy-eks-cluster.sh index a4e7d47f0..c5c405a22 100755 --- a/test/deploy-eks-cluster.sh +++ b/test/deploy-eks-cluster.sh @@ -92,6 +92,7 @@ function createCluster() { aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy --role-name ${rolename} kubectl annotate serviceaccount -n $namespace $service_account eks.amazonaws.com/role-arn=arn:aws:iam::$account_id:role/${rolename} eksctl create addon --name aws-ebs-csi-driver --cluster ${TEST_CLUSTER_NAME} --service-account-role-arn arn:aws:iam::$account_id:role/${rolename} --force + eksctl utils update-cluster-logging --cluster ${TEST_CLUSTER_NAME} else echo "Retrieving kubeconfig for ${TEST_CLUSTER_NAME}" # Cluster exists but kubeconfig may not diff --git a/test/run-tests.sh b/test/run-tests.sh index 6eabde8bc..a5069cf83 100755 --- a/test/run-tests.sh +++ b/test/run-tests.sh @@ -76,6 +76,7 @@ fi if [ $? -ne 0 ]; then echo "Unable to install the operator. Exiting..." + kubectl describe pod -n splunk-operator exit 1 fi @@ -86,6 +87,16 @@ if [ "${CLUSTER_WIDE}" == "true" ]; then sleep 2 kubectl wait --for=condition=ready pod -l control-plane=controller-manager --timeout=600s -n splunk-operator if [ $? -ne 0 ]; then + echo "kubectl get pods -n kube-system ---" + kubectl get pods -n kube-system + echo "kubectl get deployement ebs-csi-controller -n kube-system ---" + kubectl get deployement ebs-csi-controller -n kube-system + echo "kubectl describe pvc -n splunk-operator ---" + kubectl describe pvc -n splunk-operator + echo "kubectl describe pv ---" + kubectl describe pv + echo "kubectl describe pod -n splunk-operator ---" + kubectl describe pod -n splunk-operator echo "Operator installation not ready..." exit 1 fi