Merge pull request #1807 from mythi/PR-2024-019

tkatila · web-flow · commit d407f35db2e8 · 2024-08-15T11:00:34.000+03:00
misc version updates
diff --git a/.github/workflows/lib-build.yaml b/.github/workflows/lib-build.yaml
@@ -9,7 +9,7 @@ permissions:
 jobs:
   image:
     name: Build image
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     strategy:
       matrix:
         image:
diff --git a/.github/workflows/lib-codeql.yaml b/.github/workflows/lib-codeql.yaml
@@ -10,7 +10,7 @@ permissions:
 jobs:
   analyze:
     name: Analysis
-    runs-on: 'ubuntu-22.04'
+    runs-on: ubuntu-24.04
     timeout-minutes: 360
 
     permissions:
diff --git a/.github/workflows/lib-publish.yaml b/.github/workflows/lib-publish.yaml
@@ -15,7 +15,7 @@ permissions:
 jobs:
   image:
     name: Build image
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     strategy:
       fail-fast: false
       matrix:
diff --git a/.github/workflows/lib-scorecard.yaml b/.github/workflows/lib-scorecard.yaml
@@ -9,7 +9,7 @@ permissions:
 jobs:
   analysis:
     name: Analysis
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
 
     permissions:
       security-events: write
diff --git a/.github/workflows/lib-trivy.yaml b/.github/workflows/lib-trivy.yaml
@@ -27,7 +27,7 @@ jobs:
   trivy-scan-deployments:
     name: Scan deployments
     if: ${{ inputs.deployments }}
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
     - name: Checkout
       uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
@@ -45,7 +45,7 @@ jobs:
   trivy-scan-dockerfiles:
     name: Scan Dockerfiles
     if: ${{ inputs.dockerfiles }}
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
     - name: Checkout
       uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
@@ -58,7 +58,7 @@ jobs:
         severity: CRITICAL,HIGH
 
   trivy-scan-licenses:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     name: Scan licenses
     steps:
     - name: Checkout
@@ -75,7 +75,7 @@ jobs:
   trivy-scan-vulns:
     permissions:
       security-events: write
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     name: Scan vulnerabilities
     steps:
     - name: Checkout
diff --git a/.github/workflows/lib-validate.yaml b/.github/workflows/lib-validate.yaml
@@ -8,7 +8,7 @@ permissions:
 jobs:
   docs:
     name: Check docs are buildable
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
     - name: Install dependencies
       run: |
@@ -32,7 +32,7 @@ jobs:
     permissions:
       pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
     name: lint
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
       - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
@@ -46,7 +46,7 @@ jobs:
           args: -v --timeout 5m
   build:
     name: Build and check device plugins
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
       - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
@@ -63,7 +63,7 @@ jobs:
       #  run: bash <(curl -s https://codecov.io/bash)
   envtest:
     name: Test APIs using envtest
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     strategy:
       matrix:
         version:
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -10,7 +10,7 @@ permissions:
 jobs:
   tag_fix:
     name: Prepare image tag
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     outputs:
       fixed_tag: ${{ steps.fix.outputs.tag }}
     env:
diff --git a/INSTALL.md b/INSTALL.md
@@ -34,7 +34,7 @@ helm install --wait \
   cert-manager jetstack/cert-manager \
   --namespace cert-manager \
   --create-namespace \
-  --version v1.14.2 \
+  --version v1.15.2 \
   --set installCRDs=true
 ```
 
@@ -44,7 +44,7 @@ NOTE: cert-manager install takes a while to complete.
 
 ```bash
 helm install nfd nfd/node-feature-discovery \
-  --namespace node-feature-discovery --create-namespace --version 0.15.1
+  --namespace node-feature-discovery --create-namespace --version 0.16.4
 ```
 
 ### Installing operator
diff --git a/Makefile b/Makefile
@@ -8,10 +8,10 @@ BUILDTAGS ?= ""
 BUILDER ?= "docker"
 EXTRA_BUILD_ARGS ?= ""
 
-CERT_MANAGER_VERSION ?= v1.14.2
-CONTROLLER_GEN_VERSION ?= v0.14.0
+CERT_MANAGER_VERSION ?= v1.15.2
+CONTROLLER_GEN_VERSION ?= v0.16.1
 GOLANGCI_LINT_VERSION ?= v1.57.2
-KIND_VERSION ?= v0.21.0
+KIND_VERSION ?= v0.23.0
 GOLICENSES_VERSION ?= v1.6.0
 # Default bundle image tag
 BUNDLE_IMG ?= intel-device-plugins-controller-bundle:$(TAG)
@@ -75,7 +75,7 @@ test-with-kind: fixture intel-sgx-admissionwebhook intel-fpga-admissionwebhook i
 	kind load docker-image $(REG)intel-sgx-admissionwebhook:$(TAG)
 	kind load docker-image $(REG)intel-fpga-admissionwebhook:$(TAG)
 	kind load docker-image $(REG)intel-deviceplugin-operator:$(TAG)
-	kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/${CERT_MANAGER_VERSION}/cert-manager.yaml
+	kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/${CERT_MANAGER_VERSION}/cert-manager.yaml
 	# Test SGX Admission Webhook, FPGA Admission Webhook and Device Plugin Operator Manager's Webhook
 	$(GO) test -v ./test/e2e -args -kubeconfig ~/.kube/config -ginkgo.focus "SGX Admission"
 	$(GO) test -v ./test/e2e -args -kubeconfig ~/.kube/config -ginkgo.focus "FPGA Admission"
diff --git a/README.md b/README.md
@@ -2,7 +2,7 @@
 [![Build Status](https://github.com/intel/intel-device-plugins-for-kubernetes/actions/workflows/devel.yaml/badge.svg)](https://github.com/intel/intel-device-plugins-for-kubernetes/actions?query=workflow%3ADevel)
 [![Go Report Card](https://goreportcard.com/badge/github.com/intel/intel-device-plugins-for-kubernetes)](https://goreportcard.com/report/github.com/intel/intel-device-plugins-for-kubernetes)
 [![GoDoc](https://godoc.org/github.com/intel/intel-device-plugins-for-kubernetes/pkg/deviceplugin?status.svg)](https://godoc.org/github.com/intel/intel-device-plugins-for-kubernetes/pkg/deviceplugin)
-[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/intel/intel-device-plugins-for-kubernetes/badge)](https://api.securityscorecards.dev/projects/intel/intel-device-plugins-for-kubernetes)
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/intel/intel-device-plugins-for-kubernetes/badge)](https://api.securityscorecards.dev/projects/github.com/intel/intel-device-plugins-for-kubernetes)
 
 This repository contains a framework for developing plugins for the Kubernetes
 [device plugins framework](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/),
diff --git a/build/docker/build-image.sh b/build/docker/build-image.sh
@@ -33,7 +33,7 @@ BUILD_ARGS="${BUILD_ARGS} --build-arg FINAL_BASE=gcr.io/distroless/static"
 if [ -z "${BUILDER}" -o "${BUILDER}" = 'docker' -o "${BUILDER}" = 'podman' ] ; then
     ${BUILDER} build --pull -t ${IMG}:${TAG} ${BUILD_ARGS} -f ${DOCKERFILE} .
 elif [ "${BUILDER}" = 'buildah' ] ; then
-    BUILDAH_RUNTIME=runc buildah bud --pull-always -t ${IMG}:${TAG} ${BUILD_ARGS} -f ${DOCKERFILE} .
+    buildah bud --pull-always -t ${IMG}:${TAG} ${BUILD_ARGS} -f ${DOCKERFILE} .
 else
     (>&2 echo "Unknown builder ${BUILDER}")
     exit 1
diff --git a/demo/build-image.sh b/demo/build-image.sh
@@ -20,7 +20,7 @@ TAG=${TAG:-devel}
 if [ -z "$BUILDER" -o "$BUILDER" = 'docker' -o "$BUILDER" = 'podman' ] ; then
     ${BUILDER} build --pull -t ${IMG}:${TAG} "$CWD/$DIR/"
 elif [ "$BUILDER" = 'buildah' ] ; then
-    BUILDAH_RUNTIME=runc buildah bud --pull-always -t ${IMG}:${TAG} "$CWD/$DIR/"
+    buildah bud --pull-always -t ${IMG}:${TAG} "$CWD/$DIR/"
 else
     (>&2 echo "Unknown builder $BUILDER")
     exit 1
diff --git a/deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_acceleratorfunctions.yaml b/deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_acceleratorfunctions.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.1
   name: acceleratorfunctions.fpga.intel.com
 spec:
   group: fpga.intel.com
diff --git a/deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_fpgaregions.yaml b/deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_fpgaregions.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.1
   name: fpgaregions.fpga.intel.com
 spec:
   group: fpga.intel.com
diff --git a/deployments/nfd/base/kustomization.yaml b/deployments/nfd/base/kustomization.yaml
@@ -1,7 +1,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- "https://github.com/kubernetes-sigs/node-feature-discovery/deployment/overlays/default?ref=v0.15.4"
+- "https://github.com/kubernetes-sigs/node-feature-discovery/deployment/overlays/default?ref=v0.16.4"
 configMapGenerator:
 - name: nfd-worker-conf
   behavior: replace
diff --git a/deployments/operator/crd/bases/deviceplugin.intel.com_dlbdeviceplugins.yaml b/deployments/operator/crd/bases/deviceplugin.intel.com_dlbdeviceplugins.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.1
   name: dlbdeviceplugins.deviceplugin.intel.com
 spec:
   group: deviceplugin.intel.com
@@ -133,7 +133,6 @@ spec:
                       the event) or if no container name is specified "spec.containers[2]" (container with
                       index 2 in this pod). This syntax is chosen only to have some well-defined way of
                       referencing a part of an object.
-                      TODO: this design is not final and this field is subject to change in the future.
                     type: string
                   kind:
                     description: |-
diff --git a/deployments/operator/crd/bases/deviceplugin.intel.com_dsadeviceplugins.yaml b/deployments/operator/crd/bases/deviceplugin.intel.com_dsadeviceplugins.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.1
   name: dsadeviceplugins.deviceplugin.intel.com
 spec:
   group: deviceplugin.intel.com
@@ -143,7 +143,6 @@ spec:
                       the event) or if no container name is specified "spec.containers[2]" (container with
                       index 2 in this pod). This syntax is chosen only to have some well-defined way of
                       referencing a part of an object.
-                      TODO: this design is not final and this field is subject to change in the future.
                     type: string
                   kind:
                     description: |-
diff --git a/deployments/operator/crd/bases/deviceplugin.intel.com_fpgadeviceplugins.yaml b/deployments/operator/crd/bases/deviceplugin.intel.com_fpgadeviceplugins.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.1
   name: fpgadeviceplugins.deviceplugin.intel.com
 spec:
   group: deviceplugin.intel.com
@@ -140,7 +140,6 @@ spec:
                       the event) or if no container name is specified "spec.containers[2]" (container with
                       index 2 in this pod). This syntax is chosen only to have some well-defined way of
                       referencing a part of an object.
-                      TODO: this design is not final and this field is subject to change in the future.
                     type: string
                   kind:
                     description: |-
diff --git a/deployments/operator/crd/bases/deviceplugin.intel.com_gpudeviceplugins.yaml b/deployments/operator/crd/bases/deviceplugin.intel.com_gpudeviceplugins.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.1
   name: gpudeviceplugins.deviceplugin.intel.com
 spec:
   group: deviceplugin.intel.com
@@ -139,9 +139,7 @@ spec:
                 type: array
             type: object
           status:
-            description: |-
-              GpuDevicePluginStatus defines the observed state of GpuDevicePlugin.
-              TODO(rojkov): consider code deduplication with QatDevicePluginStatus.
+            description: GpuDevicePluginStatus defines the observed state of GpuDevicePlugin.
             properties:
               controlledDaemonSet:
                 description: ControlledDaemoSet references the DaemonSet controlled
@@ -159,7 +157,6 @@ spec:
                       the event) or if no container name is specified "spec.containers[2]" (container with
                       index 2 in this pod). This syntax is chosen only to have some well-defined way of
                       referencing a part of an object.
-                      TODO: this design is not final and this field is subject to change in the future.
                     type: string
                   kind:
                     description: |-
diff --git a/deployments/operator/crd/bases/deviceplugin.intel.com_iaadeviceplugins.yaml b/deployments/operator/crd/bases/deviceplugin.intel.com_iaadeviceplugins.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.1
   name: iaadeviceplugins.deviceplugin.intel.com
 spec:
   group: deviceplugin.intel.com
@@ -142,7 +142,6 @@ spec:
                       the event) or if no container name is specified "spec.containers[2]" (container with
                       index 2 in this pod). This syntax is chosen only to have some well-defined way of
                       referencing a part of an object.
-                      TODO: this design is not final and this field is subject to change in the future.
                     type: string
                   kind:
                     description: |-
diff --git a/deployments/operator/crd/bases/deviceplugin.intel.com_qatdeviceplugins.yaml b/deployments/operator/crd/bases/deviceplugin.intel.com_qatdeviceplugins.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.1
   name: qatdeviceplugins.deviceplugin.intel.com
 spec:
   group: deviceplugin.intel.com
@@ -155,9 +155,7 @@ spec:
                 type: array
             type: object
           status:
-            description: |-
-              QatDevicePluginStatus defines the observed state of QatDevicePlugin.
-              TODO(rojkov): consider code deduplication with GpuDevicePluginStatus.
+            description: QatDevicePluginStatus defines the observed state of QatDevicePlugin.
             properties:
               controlledDaemonSet:
                 description: ControlledDaemoSet references the DaemonSet controlled
@@ -175,7 +173,6 @@ spec:
                       the event) or if no container name is specified "spec.containers[2]" (container with
                       index 2 in this pod). This syntax is chosen only to have some well-defined way of
                       referencing a part of an object.
-                      TODO: this design is not final and this field is subject to change in the future.
                     type: string
                   kind:
                     description: |-
diff --git a/deployments/operator/crd/bases/deviceplugin.intel.com_sgxdeviceplugins.yaml b/deployments/operator/crd/bases/deviceplugin.intel.com_sgxdeviceplugins.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.1
   name: sgxdeviceplugins.deviceplugin.intel.com
 spec:
   group: deviceplugin.intel.com
@@ -144,7 +144,6 @@ spec:
                       the event) or if no container name is specified "spec.containers[2]" (container with
                       index 2 in this pod). This syntax is chosen only to have some well-defined way of
                       referencing a part of an object.
-                      TODO: this design is not final and this field is subject to change in the future.
                     type: string
                   kind:
                     description: |-
diff --git a/deployments/operator/crd/bases/fpga.intel.com_acceleratorfunctions.yaml b/deployments/operator/crd/bases/fpga.intel.com_acceleratorfunctions.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.1
   name: acceleratorfunctions.fpga.intel.com
 spec:
   group: fpga.intel.com
diff --git a/deployments/operator/crd/bases/fpga.intel.com_fpgaregions.yaml b/deployments/operator/crd/bases/fpga.intel.com_fpgaregions.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.1
   name: fpgaregions.fpga.intel.com
 spec:
   group: fpga.intel.com
diff --git a/deployments/operator/rbac/role.yaml b/deployments/operator/rbac/role.yaml
