diff --git a/Makefile b/Makefile index 44c6fd21..778e305b 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ OS = $(shell uname -s | tr '[:upper:]' '[:lower:]') VERSION = $(shell grep "^version:" PROJECT | head -1 | sed 's/^version: *//' | tr -d '"' | tr -d ' ') PREFIX = github.com/datasance/iofog-operator/v3/internal/util LDFLAGS += -X $(PREFIX).routerTag=3.7.0 -LDFLAGS += -X $(PREFIX).controllerTag=3.7.2 +LDFLAGS += -X $(PREFIX).controllerTag=3.7.3 LDFLAGS += -X $(PREFIX).natsTag=2.12.4 LDFLAGS += -X $(PREFIX).repo=ghcr.io/datasance @@ -15,7 +15,7 @@ endif # Image URL to use all building/pushing image targets REGISTRY ?= ghcr.io/datasance -VERSION_TAG ?= 3.7.1 +VERSION_TAG ?= 3.7.2 IMG ?= $(REGISTRY)/operator:$(VERSION_TAG) BUNDLE_IMG ?= $(REGISTRY)/operator-bundle:$(VERSION_TAG) # Produce CRDs that work back to Kubernetes 1.11 (no version conversion) diff --git a/bundle/manifests/iofog-operator.clusterserviceversion.yaml b/bundle/manifests/iofog-operator.clusterserviceversion.yaml index 1435512c..9268e70b 100644 --- a/bundle/manifests/iofog-operator.clusterserviceversion.yaml +++ b/bundle/manifests/iofog-operator.clusterserviceversion.yaml @@ -117,10 +117,10 @@ metadata: } ] capabilities: Basic Install - createdAt: "2026-03-24T22:17:35Z" + createdAt: "2026-04-16T11:41:45Z" operators.operatorframework.io/builder: operator-sdk-v1.37.0 operators.operatorframework.io/project_layout: go.kubebuilder.io/v4 - name: iofog-operator.v3.7.1 + name: iofog-operator.v3.7.2 namespace: placeholder spec: apiservicedefinitions: {} @@ -173,7 +173,7 @@ spec: fieldPath: metadata.name - name: OPERATOR_NAME value: iofog-operator - image: ghcr.io/datasance/operator:3.7.1 + image: ghcr.io/datasance/operator:3.7.2 imagePullPolicy: Always name: iofog-operator resources: {} @@ -200,4 +200,4 @@ spec: minKubeVersion: 1.18.0 provider: name: Datasance - version: 3.7.1 + version: 3.7.2 diff --git a/config/cr/kustomization.yaml b/config/cr/kustomization.yaml new file mode 100644 index 00000000..1354e876 --- /dev/null +++ b/config/cr/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - controlplane.yaml \ No newline at end of file diff --git a/config/operator/kustomization.yaml b/config/operator/kustomization.yaml index 21484779..8de5e58d 100644 --- a/config/operator/kustomization.yaml +++ b/config/operator/kustomization.yaml @@ -5,4 +5,4 @@ kind: Kustomization images: - name: ghcr.io/datasance/operator newName: ghcr.io/datasance/operator - newTag: 3.7.1 + newTag: 3.7.2 diff --git a/controllers/controlplanes/microservices.go b/controllers/controlplanes/microservices.go index 7e1a87e7..0d67b562 100644 --- a/controllers/controlplanes/microservices.go +++ b/controllers/controlplanes/microservices.go @@ -1089,6 +1089,11 @@ func newNatsMicroservice(cfg natsMicroserviceConfig) *microservice { {Name: "jetstream-key", VolumeSource: corev1.VolumeSource{Secret: &corev1.SecretVolumeSource{SecretName: cfg.jetStreamKeySecret}}}, {Name: "sys-user-creds", VolumeSource: corev1.VolumeSource{Secret: &corev1.SecretVolumeSource{SecretName: nats.HubSystemUserCredsSecret, Items: []corev1.KeyToPath{{Key: nats.HubSystemUserCredsDataKey, Path: "admin-hub.creds"}}}}}, }, + securityContext: &corev1.PodSecurityContext{ + RunAsUser: ptr.To[int64](10000), // UID + RunAsGroup: ptr.To[int64](10000), // GID + FSGroup: ptr.To[int64](10000), // FSGroup + }, containers: []container{ { name: "nats", diff --git a/controllers/controlplanes/reconcile.go b/controllers/controlplanes/reconcile.go index d7ee17a0..67d10ec7 100644 --- a/controllers/controlplanes/reconcile.go +++ b/controllers/controlplanes/reconcile.go @@ -65,6 +65,9 @@ func (r *ControlPlaneReconciler) reconcileDBCredentialsSecret(ctx context.Contex if secret.Name == controllerDBCredentialsSecretName { secret.Labels = mergeLabels(stdLabels, secret.Labels) + if setErr := controllerutil.SetControllerReference(&r.cp, secret, r.Scheme); setErr != nil { + return false, setErr + } found := &corev1.Secret{} err := r.Client.Get(ctx, types.NamespacedName{Name: secret.Name, Namespace: secret.Namespace}, found)