Merge branch 'main' into split-container-specs

.github/workflows/lint.yaml

@@ -35,4 +35,4 @@ jobs:
         with:
           check-latest: true
       - name: Display Go version
-        run: go test ./...
+        run: go test ./...

Makefile

@@ -108,7 +108,7 @@ build: manifests generate ## Build manager binary.
 
 .PHONY: run
 run: manifests generate zap-pretty ## Run a controller from your host.
-	go run ./cmd/manager.go --namespace ${NAMESPACE} --disable-checks --debug 2>&1 | $(ZAP_PRETTY) --all
+	go run ./cmd/manager.go --namespace ${NAMESPACE} --disable-checks --debug --log-structured 2>&1 | $(ZAP_PRETTY) --all
 
 # If you wish to build the manager image targeting other platforms you can use the --platform flag.
 # (i.e. docker build --platform linux/arm64). However, you must enable docker buildKit for it.
@@ -176,10 +176,10 @@ undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/confi
 .PHONY: helm
 helm: path version manifests kustomize yq ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
 	echo Create version $(version)
+	rm -r $(path) 2> /dev/null || true
 	cp -r helm $(path)
 	$(KUSTOMIZE) build config/crd > $(path)/crds/crd.yaml
-	$(KUSTOMIZE) build config/rbac > $(path)/templates/rbac.yaml
-	sed -i '/namespace: default/d' $(path)/templates/rbac.yaml
+	$(KUSTOMIZE) build config/helm > $(path)/templates/operator.yaml
 	$(YQ) e -i '.appVersion = "$(version)"' $(path)/Chart.yaml
 	$(YQ) e -i '.version = "$(version)"' $(path)/Chart.yaml
 

api/v1/env.go

@@ -306,6 +306,10 @@ func (s *Store) GetEnv() []corev1.EnvVar {
 			Name:  "APP_URL",
 			Value: fmt.Sprintf("https://%s", s.Spec.Network.Host),
 		},
+		{
+			Name:  "DATABASE_PERSISTENT_CONNECTION",
+			Value: "1",
+		},
 	}
 
 	c = append(c, s.getSessionCache()...)

cmd/manager.go

@@ -20,7 +20,6 @@ import (
 	"flag"
 	"fmt"
 	"os"
-	"time"
 
 	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
 	// to ensure that exec-entrypoint and run can make use of them.
@@ -33,10 +32,9 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/cache"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
-	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 
-	"github.com/go-logr/logr"
-	"go.uber.org/zap/zapcore"
+	"github.com/go-logr/zapr"
+	"go.uber.org/zap"
 
 	shopv1 "github.com/shopware/shopware-operator/api/v1"
 	"github.com/shopware/shopware-operator/internal/controller"
@@ -59,42 +57,41 @@ func main() {
 	var metricsAddr string
 	var enableLeaderElection bool
 	var debug bool
+	var logStructured bool
 	var disableChecks bool
 	var probeAddr string
 	var namespace string
 	flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.")
 	flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
 	flag.StringVar(&namespace, "namespace", "default", "The namespace in which the operator is running in")
 	flag.BoolVar(&debug, "debug", false, "Set's the logger to debug with more logging output")
+	flag.BoolVar(&logStructured, "log-structured", false, "Set's the logger to output with human logs")
 	flag.BoolVar(&disableChecks, "disable-checks", false,
 		"Disable the s3 connection check and the database connection check")
 	flag.BoolVar(&enableLeaderElection, "leader-elect", false,
 		"Enable leader election for controller manager. "+
 			"Enabling this will ensure there is only one active controller manager.")
-	opts := zap.Options{
-		Development: true,
-	}
-	opts.BindFlags(flag.CommandLine)
+
 	flag.Parse()
 
-	var logger logr.Logger
-	if debug {
-		logger = zap.New()
-		logger.Info("Use development logger")
+	var cfg zap.Config
+
+	if logStructured {
+		cfg = zap.NewProductionConfig()
 	} else {
-		logger = zap.New(zap.UseFlagOptions(&opts), func(o *zap.Options) {
-			o.EncoderConfigOptions = append(o.EncoderConfigOptions,
-				func(c *zapcore.EncoderConfig) {
-					c.EncodeTime = zapcore.TimeEncoderOfLayout(time.DateTime)
-				}, func(c *zapcore.EncoderConfig) {
-					c.EncodeLevel = func(level zapcore.Level, enc zapcore.PrimitiveArrayEncoder) {
-						enc.AppendString("[" + level.CapitalString() + "]")
-					}
-				})
-		},
-		)
+		cfg = zap.NewDevelopmentConfig()
 	}
 
+	if debug {
+		cfg.Level = zap.NewAtomicLevelAt(zap.DebugLevel)
+	}
+
+	zlogger, err := cfg.Build()
+	if err != nil {
+		setupLog.Error(err, "setup zap logger")
+		return
+	}
+	logger := zapr.NewLogger(zlogger)
 	ctrl.SetLogger(logger)
 
 	// Overwrite namespace when env is set, which is always set running in a cluster
@@ -154,6 +151,12 @@ func main() {
 	}
 	//+kubebuilder:scaffold:builder
 
+	defer func() {
+		if err := recover(); err != nil {
+			zlogger.Fatal("Panic occurred", zap.Any("error", err))
+		}
+	}()
+
 	if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {
 		setupLog.Error(err, "unable to set up health check")
 		os.Exit(1)

config/crd/kustomization.yaml

@@ -5,7 +5,7 @@ resources:
 - bases/shop.shopware.com_stores.yaml
 #+kubebuilder:scaffold:crdkustomizeresource
 
-patches:
+#patches:
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
 # patches here are for enabling the conversion webhook for each CRD
 #- path: patches/webhook_in_stores.yaml

config/helm/kustomization.yaml

@@ -0,0 +1,5 @@
+namespace: "{{ .Release.Namespace }}"
+namePrefix: '{{ .Release.Name }}-'
+
+resources:
+- ../rbac

config/manager/kustomization.yaml

@@ -1,4 +1,3 @@
-namePrefix: shopware-operator-
 resources:
 - manager.yaml
 apiVersion: kustomize.config.k8s.io/v1beta1

config/manager/manager.yaml

@@ -1,31 +1,27 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: controller-manager
+  name: shopware-operator
   labels:
-    control-plane: controller-manager
+    control-plane: shopware-operator
     app.kubernetes.io/name: deployment
-    app.kubernetes.io/instance: controller-manager
+    app.kubernetes.io/instance: shopware-operator
     app.kubernetes.io/component: manager
     app.kubernetes.io/created-by: shopware-operator
     app.kubernetes.io/part-of: shopware-operator
     app.kubernetes.io/managed-by: kustomize
 spec:
   selector:
     matchLabels:
-      control-plane: controller-manager
+      control-plane: shopware-operator
   replicas: 1
   template:
     metadata:
       annotations:
         kubectl.kubernetes.io/default-container: manager
       labels:
-        control-plane: controller-manager
+        control-plane: shopware-operator
     spec:
-      # TODO(user): Uncomment the following code to configure the nodeAffinity expression
-      # according to the platforms which are supported by your solution.
-      # It is considered best practice to support multiple architectures. You can
-      # build your manager image using the makefile target docker-buildx.
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
@@ -42,11 +38,6 @@ spec:
                     - linux
       securityContext:
         runAsNonRoot: true
-        # TODO(user): For common cases that do not require escalating privileges
-        # it is recommended to ensure that all your Pods/Containers are restrictive.
-        # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
-        # Please uncomment the following code if your project does NOT have to work on old Kubernetes
-        # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
         seccompProfile:
           type: RuntimeDefault
       containers:
@@ -87,5 +78,5 @@ spec:
           requests:
             cpu: 10m
             memory: 64Mi
-      serviceAccountName: controller-manager
+      serviceAccountName: shopware-operator
       terminationGracePeriodSeconds: 10

config/manager/manager_auth_proxy_patch.yaml

@@ -3,7 +3,7 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: controller-manager
+  name: shopware-operator
 spec:
   template:
     spec:

config/manager/manager_config_patch.yaml

@@ -1,7 +1,7 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: controller-manager
+  name: shopware-operator
 spec:
   template:
     spec:

config/rbac/kustomization.yaml

@@ -16,3 +16,10 @@ resources:
 # - auth_proxy_role.yaml
 # - auth_proxy_role_binding.yaml
 # - auth_proxy_client_clusterrole.yaml
+patches:
+  - target:
+      group: rbac.authorization.k8s.io
+      version: v1
+      kind: Role
+      name: manager-role
+    path: name_patch.yaml

config/rbac/leader_election_role.yaml

@@ -9,7 +9,7 @@ metadata:
     app.kubernetes.io/created-by: shopware-operator
     app.kubernetes.io/part-of: shopware-operator
     app.kubernetes.io/managed-by: kustomize
-  name: leader-election-role
+  name: le-shopware-operator
 rules:
 - apiGroups:
   - ""

config/rbac/leader_election_role_binding.yaml

@@ -8,11 +8,11 @@ metadata:
     app.kubernetes.io/created-by: shopware-operator
     app.kubernetes.io/part-of: shopware-operator
     app.kubernetes.io/managed-by: kustomize
-  name: leader-election-rolebinding
+  name: le-shopware-operator
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: leader-election-role
+  name: le-shopware-operator
 subjects:
 - kind: ServiceAccount
-  name: controller-manager
+  name: shopware-operator

config/rbac/name_patch.yaml

@@ -0,0 +1,3 @@
+- op: add
+  path: /metadata/name
+  value: 'shopware-operator'

config/rbac/role.yaml

@@ -69,7 +69,6 @@ rules:
   - stores
   verbs:
   - create
-  - delete
   - get
   - list
   - patch

config/rbac/role_binding.yaml

@@ -8,11 +8,11 @@ metadata:
     app.kubernetes.io/created-by: shopware-operator
     app.kubernetes.io/part-of: shopware-operator
     app.kubernetes.io/managed-by: kustomize
-  name: manager-rolebinding
+  name: shopware-operator
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: manager-role
+  name: shopware-operator
 subjects:
 - kind: ServiceAccount
-  name: controller-manager
+  name: shopware-operator

config/rbac/service_account.yaml

@@ -8,4 +8,4 @@ metadata:
     app.kubernetes.io/created-by: shopware-operator
     app.kubernetes.io/part-of: shopware-operator
     app.kubernetes.io/managed-by: kustomize
-  name: controller-manager
+  name: shopware-operator

helm/templates/deployment.yaml

@@ -1,44 +1,44 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: shopware-operator
+  name: '{{ .Release.Name }}-shopware-operator'
   namespace: {{ .Release.Namespace }}
   labels:
     app.kubernetes.io/component: manager
     app.kubernetes.io/created-by: shopware-operator
-    app.kubernetes.io/instance: controller-manager
-    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/instance: shopware-operator
+    app.kubernetes.io/managed-by: shopware-operator
     app.kubernetes.io/name: deployment
     app.kubernetes.io/part-of: shopware-operator
-    control-plane: controller-manager
+    control-plane: shopware-operator
 {{- with .Values.labels }}
     {{- toYaml . | nindent 4 }}
 {{- end }}
 spec:
   replicas: {{ .Values.replicaCount }}
   selector:
     matchLabels:
-      control-plane: controller-manager
+      control-plane: shopware-operator
   strategy:
     rollingUpdate:
       maxUnavailable: 1
     type: RollingUpdate
   template:
     metadata:
       annotations:
-        kubectl.kubernetes.io/default-container: manager
+        kubectl.kubernetes.io/default-container: operator
         {{- with .Values.podAnnotations }}
             {{- toYaml . | nindent 8 }}
         {{- end }}
       labels:
-        control-plane: controller-manager
+        control-plane: shopware-operator
     spec:
-      {{ if hasKey .Values "affinity" }}
+      {{- if hasKey .Values "affinity" }}
       affinity:
         {{- with .Values.affinity }}
           {{- toYaml . | nindent 8 }}
         {{- end }}
-      {{ else }}
+      {{- else }}
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
@@ -53,14 +53,20 @@ spec:
                 operator: In
                 values:
                 - linux
-      {{ end }}
+      {{- end }}
       tolerations:
         {{- with .Values.tolerations }}
           {{- toYaml . | nindent 10 }}
         {{- end }}
       containers:
       - args:
         - --leader-elect
+        {{- if .Values.logStructured }}
+        - --log-structured
+        {{- end }}
+        {{- if .Values.debug }}
+        - --debug
+        {{- end }}
         command:
         - /manager
         env:
@@ -76,7 +82,7 @@ spec:
             port: 8081
           initialDelaySeconds: 15
           periodSeconds: 20
-        name: manager
+        name: operator
         readinessProbe:
           httpGet:
             path: /readyz
@@ -96,5 +102,5 @@ spec:
         runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
-      serviceAccountName: controller-manager
+      serviceAccountName: '{{ .Release.Name }}-shopware-operator'
       terminationGracePeriodSeconds: 10

helm/values.yaml

@@ -49,4 +49,4 @@ labels: {}
 podAnnotations: {}
 
 logStructured: false
-logLevel: "INFO"
+debug: false