Upgrade to Kubernetes 1.35 compatibility

.github/workflows/multiple-versions.yaml

@@ -9,14 +9,12 @@ jobs:
     strategy:
       matrix:
         versions:
+          - kind_image: "kindest/node:v1.35.0"
+            istio: "1.24.0"
           - kind_image: "kindest/node:v1.29.0"
             istio: "1.20.0"
           - kind_image: "kindest/node:v1.25.3"
             istio: "1.16.2"
-          - kind_image: "kindest/node:v1.23.13"
-            istio: "1.14.6"
-          - kind_image: "kindest/node:v1.21.10"
-            istio: "1.12.2"
     uses: ./.github/workflows/kuttl_workflow.yaml
     with:
       istio_ver: ${{ matrix.versions.istio }}

.golangci.yaml

@@ -1,18 +1,19 @@
 # Our default golangci-lint configuration
 # If these linters fail, then it should fail the build.
+version: "2"
 run:
   timeout: 5m
 linters:
-  disable-all: true
-  # these are the default list of enabled
+  default: none
   enable:
     - errcheck
-    - gosimple
     - govet
     - ineffassign
     - staticcheck
-    - typecheck
-    - unused
-  presets:
-    - bugs
     - unused
+  settings:
+    staticcheck:
+      checks:
+        - "all"
+        - "-QF*"  # Exclude quickfix suggestions
+        - "-ST*"  # Exclude all style checks (ST1000, ST1006, ST1019, ST1020, ST1021)

.tool-versions

@@ -1,8 +1,8 @@
-golang 1.21.6
+golang 1.25.6
 act 0.2.26
 kuttl 0.15.0
 operator-sdk 1.33.0
-kind 0.18.0
-istioctl 1.17.2
-golangci-lint 1.54.1
+kind 0.24.0
+istioctl 1.24.0
+golangci-lint 2.8.0
 yq 4.40.5

Dockerfile

@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.21 as builder
+FROM golang:1.25 AS builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests

Makefile

@@ -49,7 +49,7 @@ endif
 # Image URL to use all building/pushing image targets
 IMG ?= controller:latest
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
-ENVTEST_K8S_VERSION = 1.26
+ENVTEST_K8S_VERSION = 1.35
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
@@ -65,7 +65,7 @@ SHELL = /usr/bin/env bash -o pipefail
 .SHELLFLAGS = -ec
 
 # crd-ref-docs version
-CRD_REF_VERSION := v0.0.9
+CRD_REF_VERSION := v0.2.0
 
 .PHONY: all
 all: build
@@ -194,8 +194,8 @@ CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
 ENVTEST ?= $(LOCALBIN)/setup-envtest
 
 ## Tool Versions
-KUSTOMIZE_VERSION ?= v3.8.7
-CONTROLLER_TOOLS_VERSION ?= v0.9.2
+KUSTOMIZE_VERSION ?= v5.4.0
+CONTROLLER_TOOLS_VERSION ?= v0.20.0
 
 KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
 .PHONY: kustomize
@@ -215,8 +215,7 @@ $(CONTROLLER_GEN): $(LOCALBIN)
 .PHONY: envtest
 envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
 $(ENVTEST): $(LOCALBIN)
-	# https://github.com/kubernetes-sigs/kubebuilder/issues/2480
-	test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/[email protected]
+	test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
 
 .PHONY: bundle
 bundle: manifests kustomize ## Generate bundle manifests and metadata, then validate generated files.

README.md

@@ -85,7 +85,7 @@ cluster. You can play a little with the _memory_ and the _cpus_ but since we're
 resources on it, it's better to give it more resources than the default:
 
 ```shell
-minikube start --kubernetes-version v1.26.3 --memory 8g --cpus 4
+minikube start --kubernetes-version v1.35.0 --memory 8g --cpus 4
 ```
 
 For the rest of the commands, make sure your _kubectl_ is operating on the minikube context:

config/rbac/role.yaml

@@ -2,36 +2,28 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  creationTimestamp: null
   name: manager-role
 rules:
-- apiGroups:
-  - apps
-  resources:
-  - deployments
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
 - apiGroups:
   - ""
   resources:
   - pods
+  - services
   verbs:
   - get
   - list
   - watch
 - apiGroups:
-  - ""
+  - apps
   resources:
-  - services
+  - deployments
   verbs:
+  - create
+  - delete
   - get
   - list
+  - patch
+  - update
   - watch
 - apiGroups:
   - networking.istio.io

config/webhook/manifests.yaml

@@ -2,7 +2,6 @@
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
-  creationTimestamp: null
   name: validating-webhook-configuration
 webhooks:
 - admissionReviewVersions:

crd-docs/crd.md

@@ -26,7 +26,7 @@ _Appears in:_
 | --- | --- |
 | `name` _string_ | The name of the resource |
 | `namespace` _string_ | The namespace where the resource is created |
-| `status` _LifeCycleStatus_ | The life cycle status of the resource |
+| `status` _[LifeCycleStatus](#lifecyclestatus)_ | The life cycle status of the resource |
 | `hash` _integer_ | Hash of the current consumer - for internal use |
 | `errors` _[StatusError](#statuserror) array_ | List of errors related to the consumer |
 
@@ -35,16 +35,20 @@ _Appears in:_
 
 
 
-Defines the details of the container on which changes need to be made and the relevant overrides
+Defines the details of the container on which changes need to be made
+and the relevant overrides
 
 _Appears in:_
 - [Subset](#subset)
 
 | Field | Description |
 | --- | --- |
-| `containerName` _string_ | Container name to override in multiple containers' environment. If not specified, we will use the first container. |
-| `image` _string_ | Docker image name overridden to the desired subset The Docker image found in the original deployment is used if this is not provided. |
-| `command` _string array_ | Entrypoint array overridden to the desired subset The docker image's ENTRYPOINT is used if this is not provided. |
+| `containerName` _string_ | Container name to override in multiple containers' environment. If not
+ specified, we will use the first container. |
+| `image` _string_ | Docker image name overridden to the desired subset
+The Docker image found in the original deployment is used if this is not provided. |
+| `command` _string array_ | Entrypoint array overridden to the desired subset
+The docker image's ENTRYPOINT is used if this is not provided. |
 | `env` _[EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#envvar-v1-core) array_ | Additional environment variable to the given deployment |
 
 
@@ -76,9 +80,13 @@ _Appears in:_
 
 | Field | Description |
 | --- | --- |
-| `istioMatches` _[IstioMatch](#istiomatch) array_ | A list of matchers (partly corresponds to IstioMatch). Each match will have a rule of its own (merged with existing rules) ordered by their order here. |
+| `istioMatches` _[IstioMatch](#istiomatch) array_ | A list of matchers (partly corresponds to IstioMatch). Each match will have a rule of its
+own (merged with existing rules) ordered by their order here. |
 | `subsets` _[Subset](#subset) array_ | Who should participate in the given dynamic environment |
-| `consumers` _[Subset](#subset) array_ | Consumers are like subsets but for deployments that do not open a service but connect to external resources for their work (e.g., offline workers). They are equivalent to subsets in the sense that they launch overriding deployments with custom image and/or settings. However, since they are only consumers, no virtual service or destination route will be pointing to them. |
+| `consumers` _[Subset](#subset) array_ | Consumers are like subsets but for deployments that do not open a service but connect to external resources for
+their work (e.g., offline workers). They are equivalent to subsets in the sense that they launch overriding
+deployments with custom image and/or settings. However, since they are only consumers, no virtual service or
+destination route will be pointing to them. |
 
 
 #### DynamicEnvStatus
@@ -94,24 +102,52 @@ _Appears in:_
 | --- | --- |
 | `subsetsStatus` _object (keys:string, values:[SubsetStatus](#subsetstatus))_ | A detailed status of each subset |
 | `consumersStatus` _object (keys:string, values:[ConsumerStatus](#consumerstatus))_ | A detailed status of each consumer |
-| `state` _GlobalReadyStatus_ |  |
+| `state` _[GlobalReadyStatus](#globalreadystatus)_ |  |
 | `totalCount` _integer_ | desired subsets and consumers count |
 | `totalReady` _integer_ | number of available subsets and consumers |
 
 
+#### GlobalReadyStatus
+
+_Underlying type:_ `string`
+
+
+
+_Appears in:_
+- [DynamicEnvStatus](#dynamicenvstatus)
+
+
+
 #### IstioMatch
 
 
 
-specifies a set of criterion to be met in order for the rule to be applied to the HTTP request This field is immutable after creation.
+specifies a set of criterion to be met in order for the rule to be applied to the HTTP request
+This field is immutable after creation.
 
 _Appears in:_
 - [DynamicEnvSpec](#dynamicenvspec)
 
 | Field | Description |
 | --- | --- |
-| `headers` _object (keys:string, values:[StringMatch](#stringmatch))_ | Header values are case-sensitive and formatted as follows:<br/> - `exact: "value"` for exact string match<br/> - `prefix: "value"` for prefix-based match<br/> - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). |
-| `sourceLabels` _object (keys:string, values:string)_ | One or more labels that constrain the applicability of a rule to source (client) workloads with the given labels. |
+| `headers` _object (keys:string, values:[StringMatch](#stringmatch))_ | Header values are case-sensitive and formatted as follows:<br/>
+- `exact: "value"` for exact string match<br/>
+- `prefix: "value"` for prefix-based match<br/>
+- `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). |
+| `sourceLabels` _object (keys:string, values:string)_ | One or more labels that constrain the applicability of a rule to source (client) workloads
+with the given labels. |
+
+
+#### LifeCycleStatus
+
+_Underlying type:_ `string`
+
+
+
+_Appears in:_
+- [ConsumerStatus](#consumerstatus)
+- [ResourceStatus](#resourcestatus)
+
 
 
 #### ResourceStatus
@@ -128,27 +164,34 @@ _Appears in:_
 | --- | --- |
 | `name` _string_ | The name of the resource |
 | `namespace` _string_ | The namespace where the resource is created |
-| `status` _LifeCycleStatus_ | The life cycle status of the resource |
+| `status` _[LifeCycleStatus](#lifecyclestatus)_ | The life cycle status of the resource |
 
 
 #### StatusError
 
 
 
-StatusError shows an error we want to display in the status with the last time it happened. This *does not* have to be the only time it happened. The idea is that a list of errors should only 
- contain a single occurrence of an error (just the last).
+StatusError shows an error we want to display in the status with the last time it happened. This
+*does not* have to be the only time it happened. The idea is that a list of errors should only
+
+	contain a single occurrence of an error (just the last).
 
 _Appears in:_
 - [ConsumerStatus](#consumerstatus)
 - [SubsetErrors](#subseterrors)
 
+| Field | Description |
+| --- | --- |
+| `error` _string_ | The error message |
+| `lastOccurrence` _[Time](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#time-v1-meta)_ | THe last occurrence of the error |
 
 
 #### StringMatch
 
 
 
-Describes how to match a given string in HTTP headers. Match is case-sensitive. one and only one of the fields needs to be defined (oneof)
+Describes how to match a given string in HTTP headers. Match is case-sensitive.
+one and only one of the fields needs to be defined (oneof)
 
 _Appears in:_
 - [IstioMatch](#istiomatch)
@@ -173,11 +216,13 @@ _Appears in:_
 | --- | --- |
 | `name` _string_ | Deployment name (without namespace) |
 | `namespace` _string_ | Namespace where the deployment is deployed |
-| `podLabels` _object (keys:string, values:string)_ | Labels to add to the pods of the deployment launched by this subset. Could be used in conjunction with 'SourceLabels' in the `IstioMatches`. |
+| `podLabels` _object (keys:string, values:string)_ | Labels to add to the pods of the deployment launched by this subset. Could be used in
+conjunction with 'SourceLabels' in the `IstioMatches`. |
 | `replicas` _integer_ | Number of deployment replicas. Default is 1. Note: 0 is *invalid*. |
 | `containers` _[ContainerOverrides](#containeroverrides) array_ | A list of container overrides (at least one of Containers or InitContainers must not be empty) |
 | `initContainers` _[ContainerOverrides](#containeroverrides) array_ | A list of init container overrides (at least one of Containers or InitContainers must not be empty) |
-| `defaultVersion` _string_ | Default version for this subset (if different then the global default version). This is the version that will get the default route. |
+| `defaultVersion` _string_ | Default version for this subset (if different then the global default version). This is the
+version that will get the default route. |
 
 
 #### SubsetErrors
@@ -199,6 +244,8 @@ _Appears in:_
 
 
 
+
+
 #### SubsetStatus