shopware · TrayserCassa · Jan 8, 2025 · Jan 6, 2025 · Jan 8, 2025 · Jan 8, 2025
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
@@ -7,6 +7,7 @@ on:
 
 permissions:
   contents: read
+  pull-requests: read
   checks: write
 
 jobs:
@@ -21,5 +22,5 @@ jobs:
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v6
         with:
-          version: v1.59
-          args: --timeout=5m
+          version: v1.60
+          args: --timeout=8m --verbose
diff --git a/Makefile b/Makefile
@@ -164,10 +164,10 @@ undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/confi
 .PHONY: helm
 helm: path version manifests kustomize yq ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
 	echo Create version $(version)
+	rm -r $(path) 2> /dev/null || true
 	cp -r helm $(path)
 	$(KUSTOMIZE) build config/crd > $(path)/crds/crd.yaml
-	$(KUSTOMIZE) build config/rbac > $(path)/templates/rbac.yaml
-	sed -i '/namespace: default/d' $(path)/templates/rbac.yaml
+	$(KUSTOMIZE) build config/helm > $(path)/templates/operator.yaml
 	$(YQ) e -i '.appVersion = "$(version)"' $(path)/Chart.yaml
 	$(YQ) e -i '.version = "$(version)"' $(path)/Chart.yaml
 

diff --git a/api/v1/env.go b/api/v1/env.go
@@ -306,6 +306,10 @@ func (s *Store) GetEnv() []corev1.EnvVar {
 			Name:  "APP_URL",
 			Value: fmt.Sprintf("https://%s", s.Spec.Network.Host),
 		},
+		{
+			Name:  "DATABASE_PERSISTENT_CONNECTION",
+			Value: "1",
+		},
 	}
 
 	c = append(c, s.getSessionCache()...)

diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml
@@ -5,7 +5,7 @@ resources:
 - bases/shop.shopware.com_stores.yaml
 #+kubebuilder:scaffold:crdkustomizeresource
 
-patches:
+#patches:
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
 # patches here are for enabling the conversion webhook for each CRD
 #- path: patches/webhook_in_stores.yaml

diff --git a/config/helm/kustomization.yaml b/config/helm/kustomization.yaml
@@ -0,0 +1,5 @@
+namespace: "{{ .Release.Namespace }}"
+namePrefix: '{{ .Release.Name }}-'
+
+resources:
+- ../rbac
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
@@ -1,4 +1,3 @@
-namePrefix: shopware-operator-
 resources:
 - manager.yaml
 apiVersion: kustomize.config.k8s.io/v1beta1

diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -1,31 +1,27 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: controller-manager
+  name: shopware-operator
   labels:
-    control-plane: controller-manager
+    control-plane: shopware-operator
     app.kubernetes.io/name: deployment
-    app.kubernetes.io/instance: controller-manager
+    app.kubernetes.io/instance: shopware-operator
     app.kubernetes.io/component: manager
     app.kubernetes.io/created-by: shopware-operator
     app.kubernetes.io/part-of: shopware-operator
     app.kubernetes.io/managed-by: kustomize
 spec:
   selector:
     matchLabels:
-      control-plane: controller-manager
+      control-plane: shopware-operator
   replicas: 1
   template:
     metadata:
       annotations:
         kubectl.kubernetes.io/default-container: manager
       labels:
-        control-plane: controller-manager
+        control-plane: shopware-operator
     spec:
-      # TODO(user): Uncomment the following code to configure the nodeAffinity expression
-      # according to the platforms which are supported by your solution.
-      # It is considered best practice to support multiple architectures. You can
-      # build your manager image using the makefile target docker-buildx.
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
@@ -42,11 +38,6 @@ spec:
                     - linux
       securityContext:
         runAsNonRoot: true
-        # TODO(user): For common cases that do not require escalating privileges
-        # it is recommended to ensure that all your Pods/Containers are restrictive.
-        # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
-        # Please uncomment the following code if your project does NOT have to work on old Kubernetes
-        # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
         seccompProfile:
           type: RuntimeDefault
       containers:
@@ -87,5 +78,5 @@ spec:
           requests:
             cpu: 10m
             memory: 64Mi
-      serviceAccountName: controller-manager
+      serviceAccountName: shopware-operator
       terminationGracePeriodSeconds: 10
diff --git a/config/manager/manager_auth_proxy_patch.yaml b/config/manager/manager_auth_proxy_patch.yaml
@@ -3,7 +3,7 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: controller-manager
+  name: shopware-operator
 spec:
   template:
     spec:

diff --git a/config/manager/manager_config_patch.yaml b/config/manager/manager_config_patch.yaml
@@ -1,7 +1,7 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: controller-manager
+  name: shopware-operator
 spec:
   template:
     spec:

diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
@@ -16,3 +16,10 @@ resources:
 # - auth_proxy_role.yaml
 # - auth_proxy_role_binding.yaml
 # - auth_proxy_client_clusterrole.yaml
+patches:
+  - target:
+      group: rbac.authorization.k8s.io
+      version: v1
+      kind: Role
+      name: manager-role
+    path: name_patch.yaml
diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml
@@ -9,7 +9,7 @@ metadata:
     app.kubernetes.io/created-by: shopware-operator
     app.kubernetes.io/part-of: shopware-operator
     app.kubernetes.io/managed-by: kustomize
-  name: leader-election-role
+  name: le-shopware-operator
 rules:
 - apiGroups:
   - ""

diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml
@@ -8,11 +8,11 @@ metadata:
     app.kubernetes.io/created-by: shopware-operator
     app.kubernetes.io/part-of: shopware-operator
     app.kubernetes.io/managed-by: kustomize
-  name: leader-election-rolebinding
+  name: le-shopware-operator
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: leader-election-role
+  name: le-shopware-operator
 subjects:
 - kind: ServiceAccount
-  name: controller-manager
+  name: shopware-operator
diff --git a/config/rbac/name_patch.yaml b/config/rbac/name_patch.yaml
@@ -0,0 +1,3 @@
+- op: add
+  path: /metadata/name
+  value: 'shopware-operator'
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -5,6 +5,14 @@ metadata:
   name: manager-role
   namespace: default
 rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - ""
   resources:
@@ -61,7 +69,6 @@ rules:
   - stores
   verbs:
   - create
-  - delete
   - get
   - list
   - patch

diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml
@@ -8,11 +8,11 @@ metadata:
     app.kubernetes.io/created-by: shopware-operator
     app.kubernetes.io/part-of: shopware-operator
     app.kubernetes.io/managed-by: kustomize
-  name: manager-rolebinding
+  name: shopware-operator
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: manager-role
+  name: shopware-operator
 subjects:
 - kind: ServiceAccount
-  name: controller-manager
+  name: shopware-operator
diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml
@@ -8,4 +8,4 @@ metadata:
     app.kubernetes.io/created-by: shopware-operator
     app.kubernetes.io/part-of: shopware-operator
     app.kubernetes.io/managed-by: kustomize
-  name: controller-manager
+  name: shopware-operator
diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml
@@ -1,44 +1,44 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: shopware-operator
+  name: '{{ .Release.Name }}-shopware-operator'
   namespace: {{ .Release.Namespace }}
   labels:
     app.kubernetes.io/component: manager
     app.kubernetes.io/created-by: shopware-operator
-    app.kubernetes.io/instance: controller-manager
-    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/instance: shopware-operator
+    app.kubernetes.io/managed-by: shopware-operator
     app.kubernetes.io/name: deployment
     app.kubernetes.io/part-of: shopware-operator
-    control-plane: controller-manager
+    control-plane: shopware-operator
 {{- with .Values.labels }}
     {{- toYaml . | nindent 4 }}
 {{- end }}
 spec:
   replicas: {{ .Values.replicaCount }}
   selector:
     matchLabels:
-      control-plane: controller-manager
+      control-plane: shopware-operator
   strategy:
     rollingUpdate:
       maxUnavailable: 1
     type: RollingUpdate
   template:
     metadata:
       annotations:
-        kubectl.kubernetes.io/default-container: manager
+        kubectl.kubernetes.io/default-container: operator
         {{- with .Values.podAnnotations }}
             {{- toYaml . | nindent 8 }}
         {{- end }}
       labels:
-        control-plane: controller-manager
+        control-plane: shopware-operator
     spec:
-      {{ if hasKey .Values "affinity" }}
+      {{- if hasKey .Values "affinity" }}
       affinity:
         {{- with .Values.affinity }}
           {{- toYaml . | nindent 8 }}
         {{- end }}
-      {{ else }}
+      {{- else }}
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
@@ -53,7 +53,7 @@ spec:
                 operator: In
                 values:
                 - linux
-      {{ end }}
+      {{- end }}
       tolerations:
         {{- with .Values.tolerations }}
           {{- toYaml . | nindent 10 }}
@@ -76,7 +76,7 @@ spec:
             port: 8081
           initialDelaySeconds: 15
           periodSeconds: 20
-        name: manager
+        name: operator
         readinessProbe:
           httpGet:
             path: /readyz
@@ -96,5 +96,5 @@ spec:
         runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
-      serviceAccountName: controller-manager
+      serviceAccountName: '{{ .Release.Name }}-shopware-operator'
       terminationGracePeriodSeconds: 10
diff --git a/internal/controller/store_controller.go b/internal/controller/store_controller.go
@@ -84,7 +84,7 @@ func (r *StoreReconciler) findStoreForReconcile(
 	return requests
 }
 
-//+kubebuilder:rbac:groups=shop.shopware.com,namespace=default,resources=stores,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=shop.shopware.com,namespace=default,resources=stores,verbs=get;list;watch;create;update;patch
 //+kubebuilder:rbac:groups=shop.shopware.com,namespace=default,resources=stores/status,verbs=get;update;patch
 //+kubebuilder:rbac:groups=shop.shopware.com,namespace=default,resources=stores/finalizers,verbs=update
 //+kubebuilder:rbac:groups="",namespace=default,resources=secrets,verbs=get;list;watch;create;patch