Compare commits

..

No commits in common. "main" and "v0.8.4" have entirely different histories.
main ... v0.8.4

132 changed files with 602 additions and 1263 deletions

View File

@ -9,7 +9,7 @@
# Node >=16 # Node >=16
# renovate: datasource=github-releases depName=bitnami-labs/readme-generator-for-helm # renovate: datasource=github-releases depName=bitnami-labs/readme-generator-for-helm
GENERATOR_VERSION="2.7.0" GENERATOR_VERSION="2.6.1"
echo "Checking if readme generator is installed already..." echo "Checking if readme generator is installed already..."
if [[ $(npm list -g | grep -c "readme-generator-for-helm@${GENERATOR_VERSION}") -eq 0 ]]; then if [[ $(npm list -g | grep -c "readme-generator-for-helm@${GENERATOR_VERSION}") -eq 0 ]]; then

View File

@ -8,7 +8,6 @@
echo 'Running strip-kustomize-helm.sh script' echo 'Running strip-kustomize-helm.sh script'
CHARTS_DIR='./chart/open-feature-operator/templates' CHARTS_DIR='./chart/open-feature-operator/templates'
# Careful! Ordering of these expressions matter! # Careful! Ordering of these expressions matter!
sed_expressions=( sed_expressions=(
"s/___newline___/\\n/g" "s/___newline___/\\n/g"
@ -18,16 +17,9 @@ sed_expressions=(
"/___delete_me___/d" "/___delete_me___/d"
"s/___//g" "s/___//g"
) )
find $CHARTS_DIR -name "*.yaml" | while read file; do find $CHARTS_DIR -name "*.yaml" | while read file; do
for expr in "${sed_expressions[@]}"; do for expr in "${sed_expressions[@]}"; do
if [[ "$OSTYPE" == "darwin"* ]]; then sed -i "$expr" "$file"
# macOS (BSD) version
sed -i '' "$expr" "$file"
else
# Linux (GNU) version
sed -i "$expr" "$file"
fi
done done
done done

View File

@ -1,12 +0,0 @@
name: DCO
on:
merge_group:
# Workaround because the DCO app doesn't run on a merge_group trigger
# https://github.com/dcoapp/app/pull/200
jobs:
DCO:
runs-on: ubuntu-latest
if: ${{ github.actor != 'renovate[bot]' }}
steps:
- run: echo "dummy DCO workflow (it won't run any check actually) to trigger by merge_group in order to enable merge queue"

View File

@ -13,7 +13,7 @@ defaults:
jobs: jobs:
e2e-test: e2e-test:
runs-on: ubuntu-24.04 runs-on: ubuntu-22.04
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
@ -36,7 +36,7 @@ jobs:
docker load --input ${{ github.workspace }}/open-feature-operator-local.tar docker load --input ${{ github.workspace }}/open-feature-operator-local.tar
- name: Create k8s Kind Cluster - name: Create k8s Kind Cluster
uses: helm/kind-action@v1.12.0 uses: helm/kind-action@v1.10.0
with: with:
config: ./test/e2e/kind-cluster.yml config: ./test/e2e/kind-cluster.yml
cluster_name: open-feature-operator-test cluster_name: open-feature-operator-test
@ -64,7 +64,7 @@ jobs:
- name: Upload cluster logs - name: Upload cluster logs
if: failure() if: failure()
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@v3
with: with:
name: e2e-tests name: e2e-tests
path: .github/scripts/logs path: .github/scripts/logs

View File

@ -22,7 +22,7 @@ env:
jobs: jobs:
golangci-lint: golangci-lint:
name: golangci-lint name: golangci-lint
runs-on: ubuntu-24.04 runs-on: ubuntu-22.04
strategy: strategy:
fail-fast: false fail-fast: false
steps: steps:

View File

@ -4,14 +4,11 @@ on:
push: push:
branches: branches:
- main - main
paths-ignore:
- '**.md'
pull_request: pull_request:
types: paths-ignore:
- opened - '**.md'
- synchronize
- reopened
branches:
- main
merge_group:
permissions: permissions:
contents: read contents: read
@ -19,7 +16,7 @@ permissions:
jobs: jobs:
unit-test: unit-test:
name: Unit Tests name: Unit Tests
runs-on: ubuntu-24.04 runs-on: ubuntu-22.04
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
@ -56,7 +53,7 @@ jobs:
docker-local: docker-local:
permissions: permissions:
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-24.04 runs-on: ubuntu-22.04
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
@ -69,7 +66,7 @@ jobs:
id: buildx id: buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
- name: Build - name: Build
uses: docker/build-push-action@v6 uses: docker/build-push-action@v4
with: with:
builder: ${{ steps.buildx.outputs.name }} builder: ${{ steps.buildx.outputs.name }}
context: . context: .
@ -78,7 +75,7 @@ jobs:
cache-from: type=gha,scope=${{ github.ref_name }}-ofo cache-from: type=gha,scope=${{ github.ref_name }}-ofo
cache-to: type=gha,scope=${{ github.ref_name }}-ofo cache-to: type=gha,scope=${{ github.ref_name }}-ofo
- name: Run Trivy vulnerability scanner - name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.29.0 uses: aquasecurity/trivy-action@0.28.0
with: with:
input: ${{ github.workspace }}/open-feature-operator-local.tar input: ${{ github.workspace }}/open-feature-operator-local.tar
format: "sarif" format: "sarif"

View File

@ -18,7 +18,7 @@ jobs:
pull-requests: write pull-requests: write
statuses: write # for amannn/action-semantic-pull-request to mark status of analyzed PR statuses: write # for amannn/action-semantic-pull-request to mark status of analyzed PR
name: Validate PR title name: Validate PR title
runs-on: ubuntu-24.04 runs-on: ubuntu-22.04
steps: steps:
- uses: amannn/action-semantic-pull-request@v5 - uses: amannn/action-semantic-pull-request@v5
id: lint_pr_title id: lint_pr_title

View File

@ -24,7 +24,7 @@ jobs:
permissions: permissions:
contents: write # for google-github-actions/release-please-action to create release commit contents: write # for google-github-actions/release-please-action to create release commit
pull-requests: write # for google-github-actions/release-please-action to create release PR pull-requests: write # for google-github-actions/release-please-action to create release PR
runs-on: ubuntu-24.04 runs-on: ubuntu-22.04
# Release-please creates a PR that tracks all changes # Release-please creates a PR that tracks all changes
steps: steps:
@ -32,9 +32,8 @@ jobs:
id: release id: release
with: with:
command: manifest command: manifest
token: ${{secrets.RELEASE_PLEASE_ACTION_TOKEN}} token: ${{secrets.GITHUB_TOKEN}}
default-branch: main default-branch: main
signoff: "OpenFeature Bot <109696520+openfeaturebot@users.noreply.github.com>"
outputs: outputs:
release_created: ${{ steps.release.outputs.release_created }} release_created: ${{ steps.release.outputs.release_created }}
@ -44,7 +43,7 @@ jobs:
needs: release-please needs: release-please
permissions: permissions:
packages: write # to push the container image packages: write # to push the container image
runs-on: ubuntu-24.04 runs-on: ubuntu-22.04
if: ${{ needs.release-please.outputs.release_created }} if: ${{ needs.release-please.outputs.release_created }}
steps: steps:
- name: Checkout - name: Checkout
@ -53,7 +52,7 @@ jobs:
ref: ${{ needs.release-please.outputs.release_tag_name }} ref: ${{ needs.release-please.outputs.release_tag_name }}
- name: Log in to the Container registry - name: Log in to the Container registry
uses: docker/login-action@327cd5a69de6c009b9ce71bce8395f28e651bf99 uses: docker/login-action@06895751d15a223ec091bea144ad5c7f50d228d0
with: with:
registry: ${{ env.REGISTRY }} registry: ${{ env.REGISTRY }}
username: ${{ github.actor }} username: ${{ github.actor }}
@ -75,7 +74,7 @@ jobs:
uses: docker/setup-buildx-action@master uses: docker/setup-buildx-action@master
- name: Build - name: Build
uses: docker/build-push-action@v6 uses: docker/build-push-action@v4
with: with:
builder: ${{ steps.buildx.outputs.name }} builder: ${{ steps.buildx.outputs.name }}
context: . context: .
@ -110,7 +109,7 @@ jobs:
needs: release-please needs: release-please
permissions: permissions:
contents: write # for softprops/action-gh-release to create GitHub release contents: write # for softprops/action-gh-release to create GitHub release
runs-on: ubuntu-24.04 runs-on: ubuntu-22.04
if: ${{ needs.release-please.outputs.release_created }} if: ${{ needs.release-please.outputs.release_created }}
steps: steps:
- name: Checkout - name: Checkout
@ -146,7 +145,7 @@ jobs:
needs: release-please needs: release-please
permissions: permissions:
contents: write contents: write
runs-on: ubuntu-24.04 runs-on: ubuntu-22.04
if: ${{ needs.release-please.outputs.release_created }} if: ${{ needs.release-please.outputs.release_created }}
steps: steps:
- name: Checkout - name: Checkout

View File

@ -9,7 +9,7 @@ defaults:
jobs: jobs:
check-helm-docs: check-helm-docs:
name: Check crd documentation values name: Check crd documentation values
runs-on: ubuntu-24.04 runs-on: ubuntu-22.04
steps: steps:
- name: Check out code - name: Check out code
uses: actions/checkout@v4 uses: actions/checkout@v4

View File

@ -11,13 +11,13 @@ defaults:
jobs: jobs:
check-helm-docs: check-helm-docs:
name: Check helm documentation values name: Check helm documentation values
runs-on: ubuntu-24.04 runs-on: ubuntu-22.04
steps: steps:
- name: Check out code - name: Check out code
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Set up Node - name: Set up Node
uses: actions/setup-node@v4.4.0 uses: actions/setup-node@v4.0.3
with: with:
node-version: 16 node-version: 16

2
.gitignore vendored
View File

@ -34,5 +34,3 @@ testbin/*
go.work go.work
go.work.sum go.work.sum
dist

View File

@ -1,4 +1,4 @@
{ {
".": "0.8.6", ".": "0.8.4",
"apis": "0.2.45" "apis": "0.2.45"
} }

View File

@ -1,51 +1,5 @@
# Changelog # Changelog
## [0.8.6](https://github.com/open-feature/open-feature-operator/compare/v0.8.5...v0.8.6) (2025-06-03)
### ✨ New Features
* **flagd:** add support for GCS ([#765](https://github.com/open-feature/open-feature-operator/issues/765)) ([349c176](https://github.com/open-feature/open-feature-operator/commit/349c176ee5eb9f2738f1354c8987760620363aa6))
### 🐛 Bug Fixes
* **deps:** update kubernetes packages to v0.32.3 ([#756](https://github.com/open-feature/open-feature-operator/issues/756)) ([a4b4216](https://github.com/open-feature/open-feature-operator/commit/a4b4216d2009a5703214cfb9efacea60d9e1f8d0))
* **deps:** update open-feature/flagd ([#755](https://github.com/open-feature/open-feature-operator/issues/755)) ([20f6f40](https://github.com/open-feature/open-feature-operator/commit/20f6f4095669e4b0b0f895da683a2fe9e580ee5e))
* namespace for ca injection for mutatingwebhook solving [#759](https://github.com/open-feature/open-feature-operator/issues/759) ([#763](https://github.com/open-feature/open-feature-operator/issues/763)) ([d39973b](https://github.com/open-feature/open-feature-operator/commit/d39973b0ea9801829d146ad7649a2b25985fb7af))
### 🧹 Chore
* **deps:** update dependency ubuntu to v24 ([#748](https://github.com/open-feature/open-feature-operator/issues/748)) ([3014013](https://github.com/open-feature/open-feature-operator/commit/301401391ec352a4e23ba96a479aad0a42ddb07f))
* **deps:** update helm/kind-action action to v1.12.0 ([#744](https://github.com/open-feature/open-feature-operator/issues/744)) ([3fc56cd](https://github.com/open-feature/open-feature-operator/commit/3fc56cd89d3f220f8131184fbe4e9245f554c680))
### 📚 Documentation
* Replace the old events calendar by the OpenFeature community Page link ([#751](https://github.com/open-feature/open-feature-operator/issues/751)) ([c4c0c59](https://github.com/open-feature/open-feature-operator/commit/c4c0c59f7f522c8c2f4d3f7fed57dd1cda4e92bb))
## [0.8.5](https://github.com/open-feature/open-feature-operator/compare/v0.8.4...v0.8.5) (2025-01-31)
### 🐛 Bug Fixes
* **deps:** update open-feature/flagd ([#736](https://github.com/open-feature/open-feature-operator/issues/736)) ([9eb1ca8](https://github.com/open-feature/open-feature-operator/commit/9eb1ca8bebe6cfc5d33a905e610ea8a908381740))
### 🧹 Chore
* **deps:** update actions/setup-node action to v4.2.0 ([#737](https://github.com/open-feature/open-feature-operator/issues/737)) ([15d55c5](https://github.com/open-feature/open-feature-operator/commit/15d55c587d6edee562bd86564fa60bb559eed132))
* **deps:** update aquasecurity/trivy-action action to v0.29.0 ([#738](https://github.com/open-feature/open-feature-operator/issues/738)) ([8ac429b](https://github.com/open-feature/open-feature-operator/commit/8ac429beeced6d06883fa66de0e9a50819986f69))
* **deps:** update busybox docker tag to v1.37.0 ([#739](https://github.com/open-feature/open-feature-operator/issues/739)) ([740205f](https://github.com/open-feature/open-feature-operator/commit/740205fc2a6a89dcf2572d9f604f7ba69afc6573))
* **deps:** update curlimages/curl docker tag to v8.11.1 ([#703](https://github.com/open-feature/open-feature-operator/issues/703)) ([383c116](https://github.com/open-feature/open-feature-operator/commit/383c1168d4640d2fe57782982829f68d349b1828))
* **deps:** update dependency bitnami-labs/readme-generator-for-helm to v2.7.0 ([#741](https://github.com/open-feature/open-feature-operator/issues/741)) ([963d155](https://github.com/open-feature/open-feature-operator/commit/963d155d0a847718a9bde15b6e90e56b09812ebb))
* **deps:** update docker/build-push-action action to v6 ([#694](https://github.com/open-feature/open-feature-operator/issues/694)) ([3d2ddfe](https://github.com/open-feature/open-feature-operator/commit/3d2ddfe8d6b2b9b31ba6100f008d079b5e42d19c))
* **deps:** update docker/login-action digest to 327cd5a ([#728](https://github.com/open-feature/open-feature-operator/issues/728)) ([0038e45](https://github.com/open-feature/open-feature-operator/commit/0038e45a72f088976378d647d2ccf721182e0318))
* **deps:** update golang docker tag to v1.23.5 ([#481](https://github.com/open-feature/open-feature-operator/issues/481)) ([06f43a9](https://github.com/open-feature/open-feature-operator/commit/06f43a9241fda9700ef6d6361a65dc50fac7ecb3))
* remove rbac-proxy values and doc ([#742](https://github.com/open-feature/open-feature-operator/issues/742)) ([def1434](https://github.com/open-feature/open-feature-operator/commit/def14340603c2c9976e3a6142ab494764933f682))
* replace deprecated gcr.io/kubebuilder/kube-rbac-proxy ([#733](https://github.com/open-feature/open-feature-operator/issues/733)) ([5358d1e](https://github.com/open-feature/open-feature-operator/commit/5358d1eacfd44cf01016c4bc6f68c496e757354f))
## [0.8.4](https://github.com/open-feature/open-feature-operator/compare/v0.8.3...v0.8.4) (2025-01-13) ## [0.8.4](https://github.com/open-feature/open-feature-operator/compare/v0.8.3...v0.8.4) (2025-01-13)

View File

@ -1,5 +1,5 @@
# Build the manager binary # Build the manager binary
FROM --platform=$BUILDPLATFORM golang:1.23.5-alpine3.20 AS builder FROM --platform=$BUILDPLATFORM golang:1.23.3-alpine3.20 AS builder
WORKDIR /workspace WORKDIR /workspace
# Copy the Go Modules manifests # Copy the Go Modules manifests
@ -7,23 +7,21 @@ COPY go.mod go.mod
COPY go.sum go.sum COPY go.sum go.sum
# Copy the go source # Copy the go source
COPY cmd/ cmd/ COPY main.go main.go
COPY api/ api/ COPY apis/ apis/
COPY internal/ internal/ COPY webhooks/ webhooks/
COPY controllers/ controllers/
COPY common/ common/
# cache deps before building and copying source so that we don't need to re-download as much # cache deps before building and copying source so that we don't need to re-download as much
# and so that source changes don't invalidate our downloaded layer # and so that source changes don't invalidate our downloaded layer
RUN go work init . ./api && go mod download RUN go work init . ./apis && go mod download
ARG TARGETOS ARG TARGETOS
ARG TARGETARCH ARG TARGETARCH
# Build # Build
# the GOARCH has not a default value to allow the binary be built according to the host where the command RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -a -o manager main.go
# was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO
# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager cmd/main.go
# Use distroless as minimal base image to package the manager binary # Use distroless as minimal base image to package the manager binary
# Refer to https://github.com/GoogleContainerTools/distroless for more details # Refer to https://github.com/GoogleContainerTools/distroless for more details

View File

@ -6,7 +6,7 @@ ARCH?=amd64
IMG?=$(RELEASE_REGISTRY)/$(RELEASE_IMAGE) IMG?=$(RELEASE_REGISTRY)/$(RELEASE_IMAGE)
# customize overlay to be used in the build, DEFAULT or HELM # customize overlay to be used in the build, DEFAULT or HELM
KUSTOMIZE_OVERLAY ?= DEFAULT KUSTOMIZE_OVERLAY ?= DEFAULT
CHART_VERSION=v0.8.6# x-release-please-version CHART_VERSION=v0.8.4# x-release-please-version
# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
ENVTEST_K8S_VERSION = 1.26.1 ENVTEST_K8S_VERSION = 1.26.1
WAIT_TIMEOUT_SECONDS?=60 WAIT_TIMEOUT_SECONDS?=60
@ -65,8 +65,8 @@ vet: ## Run go vet against code.
go vet ./... go vet ./...
.PHONY: unit-test .PHONY: unit-test
unit-test: manifests generate envtest fmt vet ## Run tests. unit-test: manifests fmt vet generate envtest ## Run tests.
cd api && go test ./... -v -coverprofile ../cover-apis.out cover-main.out cover-pkg.out cd apis && go test ./... -v -coverprofile ../cover-apis.out cover-main.out cover-pkg.out
go test ./... -v -coverprofile cover-operator.out go test ./... -v -coverprofile cover-operator.out
sed -i '/mode: set/d' "cover-operator.out" sed -i '/mode: set/d' "cover-operator.out"
sed -i '/mode: set/d' "cover-apis.out" sed -i '/mode: set/d' "cover-apis.out"
@ -112,12 +112,12 @@ generate-crdocs: kustomize crdocs
##@ Build ##@ Build
.PHONY: build .PHONY: build
build: manifests generate fmt vet ## Build manager binary. build: generate fmt vet ## Build manager binary.
go build -o bin/manager cmd/main.go go build -o bin/manager main.go
.PHONY: run .PHONY: run
run: manifests generate fmt vet ## Run a controller from your host. run: manifests generate fmt vet ## Run a controller from your host.
go run ./cmd/main.go go run ./main.go
.PHONY: docker-build .PHONY: docker-build
docker-build: clean ## Build docker image with the manager. docker-build: clean ## Build docker image with the manager.

View File

@ -4,10 +4,8 @@
# More info: https://book.kubebuilder.io/reference/project-config.html # More info: https://book.kubebuilder.io/reference/project-config.html
domain: openfeature.dev domain: openfeature.dev
layout: layout:
- go.kubebuilder.io/v4 - go.kubebuilder.io/v3
multigroup: true multigroup: true
plugins:
helm.kubebuilder.io/v1-alpha: {}
projectName: open-feature-operator projectName: open-feature-operator
repo: github.com/open-feature/open-feature-operator repo: github.com/open-feature/open-feature-operator
resources: resources:

View File

@ -33,8 +33,7 @@ See [CHANGELOG.md](https://github.com/open-feature/open-feature-operator/blob/ma
See [CONTRIBUTING.md](CONTRIBUTING.md) for details on how to contribute to the OpenFeature project. See [CONTRIBUTING.md](CONTRIBUTING.md) for details on how to contribute to the OpenFeature project.
Our community meetings are held regularly and open to everyone, as well as other community channels. Our community meetings are held regularly and open to everyone. Check the [OpenFeature community calendar](https://calendar.google.com/calendar/u/0?cid=MHVhN2kxaGl2NWRoMThiMjd0b2FoNjM2NDRAZ3JvdXAuY2FsZW5kYXIuZ29vZ2xlLmNvbQ) for specific dates and for the Zoom meeting links.
Check the [OpenFeature community page]https://openfeature.dev/community/) for the links and participation guidelines.
Thanks so much to our contributors. Thanks so much to our contributors.

View File

@ -11,7 +11,6 @@ type SyncProviderType string
const ( const (
SyncProviderKubernetes SyncProviderType = "kubernetes" SyncProviderKubernetes SyncProviderType = "kubernetes"
SyncProviderFilepath SyncProviderType = "file" SyncProviderFilepath SyncProviderType = "file"
SyncProviderGcs SyncProviderType = "gcs"
SyncProviderHttp SyncProviderType = "http" SyncProviderHttp SyncProviderType = "http"
SyncProviderGrpc SyncProviderType = "grpc" SyncProviderGrpc SyncProviderType = "grpc"
SyncProviderFlagdProxy SyncProviderType = "flagd-proxy" SyncProviderFlagdProxy SyncProviderType = "flagd-proxy"
@ -58,10 +57,6 @@ func (s SyncProviderType) IsHttp() bool {
return s == SyncProviderHttp return s == SyncProviderHttp
} }
func (s SyncProviderType) IsGcs() bool {
return s == SyncProviderGcs
}
func (s SyncProviderType) IsFilepath() bool { func (s SyncProviderType) IsFilepath() bool {
return s == SyncProviderFilepath return s == SyncProviderFilepath
} }

View File

@ -12,19 +12,16 @@ func Test_FeatureFlagSource_SyncProvider(t *testing.T) {
f := SyncProviderFilepath f := SyncProviderFilepath
h := SyncProviderHttp h := SyncProviderHttp
g := SyncProviderGrpc g := SyncProviderGrpc
gcs := SyncProviderGcs
require.True(t, k.IsKubernetes()) require.True(t, k.IsKubernetes())
require.True(t, f.IsFilepath()) require.True(t, f.IsFilepath())
require.True(t, h.IsHttp()) require.True(t, h.IsHttp())
require.True(t, g.IsGrpc()) require.True(t, g.IsGrpc())
require.True(t, gcs.IsGcs())
require.False(t, f.IsKubernetes()) require.False(t, f.IsKubernetes())
require.False(t, h.IsFilepath()) require.False(t, h.IsFilepath())
require.False(t, k.IsGrpc()) require.False(t, k.IsGrpc())
require.False(t, g.IsHttp()) require.False(t, g.IsHttp())
require.False(t, g.IsGcs())
} }
func Test_FLagSourceConfiguration_EnvVarKey(t *testing.T) { func Test_FLagSourceConfiguration_EnvVarKey(t *testing.T) {

View File

@ -14,17 +14,16 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/ */
package webhook package v1beta1
import ( import (
"context"
_ "embed"
"encoding/json" "encoding/json"
"fmt" "fmt"
"sync" "sync"
_ "embed"
schema "github.com/open-feature/flagd-schemas/json" schema "github.com/open-feature/flagd-schemas/json"
"github.com/open-feature/open-feature-operator/apis/core/v1beta1"
"github.com/xeipuuv/gojsonschema" "github.com/xeipuuv/gojsonschema"
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
ctrl "sigs.k8s.io/controller-runtime" ctrl "sigs.k8s.io/controller-runtime"
@ -33,36 +32,26 @@ import (
"sigs.k8s.io/controller-runtime/pkg/webhook/admission" "sigs.k8s.io/controller-runtime/pkg/webhook/admission"
) )
type FeatureFlagCustomValidator struct {
}
// log is for logging in this package. // log is for logging in this package.
var featureFlagLog = logf.Log.WithName("featureflag-resource validator") var featureFlagLog = logf.Log.WithName("featureflag-resource")
var compiledSchema *gojsonschema.Schema var compiledSchema *gojsonschema.Schema
var schemaInitOnce sync.Once var schemaInitOnce sync.Once
func (v *FeatureFlagCustomValidator) SetupWebhookWithManager(mgr ctrl.Manager) error { func (ff *FeatureFlag) SetupWebhookWithManager(mgr ctrl.Manager) error {
return ctrl.NewWebhookManagedBy(mgr). return ctrl.NewWebhookManagedBy(mgr).
For(&v1beta1.FeatureFlag{}). For(ff).
WithValidator(&FeatureFlagCustomValidator{}).
Complete() Complete()
} }
// +kubebuilder:webhook:path=/validate-core-openfeature-dev-v1beta1-featureflag,mutating=false,failurePolicy=fail,sideEffects=None,groups=core.openfeature.dev,resources=featureflags,verbs=create;update,versions=v1beta1,name=vfeatureflag.kb.io,admissionReviewVersions=v1 //+kubebuilder:webhook:path=/validate-core-openfeature-dev-v1beta1-featureflag,mutating=false,failurePolicy=fail,sideEffects=None,groups=core.openfeature.dev,resources=featureflags,verbs=create;update,versions=v1beta1,name=vfeatureflag.kb.io,admissionReviewVersions=v1
var _ webhook.CustomValidator = &FeatureFlagCustomValidator{} var _ webhook.Validator = &FeatureFlag{}
// ValidateCreate implements webhook.Validator so a webhook will be registered for the type // ValidateCreate implements webhook.Validator so a webhook will be registered for the type
func (v *FeatureFlagCustomValidator) ValidateCreate(ctx context.Context, obj runtime.Object) (warnings admission.Warnings, err error) { func (ff *FeatureFlag) ValidateCreate() (admission.Warnings, error) {
featureFlag, ok := obj.(*v1beta1.FeatureFlag) featureFlagLog.Info("validate create", "name", ff.Name)
if !ok { if err := validateFeatureFlagFlags(ff.Spec.FlagSpec.Flags); err != nil {
return nil, fmt.Errorf("expected a FeatureFlag object but got %T", obj)
}
featureFlagLog.Info("validate create", "name", featureFlag.Name)
if err := validateFeatureFlagFlags(featureFlag.Spec.FlagSpec.Flags); err != nil {
return []string{}, err return []string{}, err
} }
@ -70,16 +59,10 @@ func (v *FeatureFlagCustomValidator) ValidateCreate(ctx context.Context, obj run
} }
// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
func (v *FeatureFlagCustomValidator) ValidateUpdate(ctx context.Context, oldObj runtime.Object, newObj runtime.Object) (warnings admission.Warnings, err error) { func (ff *FeatureFlag) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
featureFlag, ok := oldObj.(*v1beta1.FeatureFlag) featureFlagLog.Info("validate update", "name", ff.Name)
if !ok { if err := validateFeatureFlagFlags(ff.Spec.FlagSpec.Flags); err != nil {
return nil, fmt.Errorf("expected a FeatureFlag object but got %T", oldObj)
}
featureFlagLog.Info("validate update", "name", featureFlag.Name)
if err := validateFeatureFlagFlags(featureFlag.Spec.FlagSpec.Flags); err != nil {
return []string{}, err return []string{}, err
} }
@ -87,19 +70,13 @@ func (v *FeatureFlagCustomValidator) ValidateUpdate(ctx context.Context, oldObj
} }
// ValidateDelete implements webhook.Validator so a webhook will be registered for the type // ValidateDelete implements webhook.Validator so a webhook will be registered for the type
func (v *FeatureFlagCustomValidator) ValidateDelete(ctx context.Context, obj runtime.Object) (warnings admission.Warnings, err error) { func (ff *FeatureFlag) ValidateDelete() (admission.Warnings, error) {
featureFlag, ok := obj.(*v1beta1.FeatureFlag) featureFlagLog.Info("validate delete", "name", ff.Name)
if !ok {
return nil, fmt.Errorf("expected a FeatureFlag object but got %T", obj)
}
featureFlagLog.Info("validate delete", "name", featureFlag.Name)
return []string{}, nil return []string{}, nil
} }
func validateFeatureFlagFlags(flags v1beta1.Flags) error { func validateFeatureFlagFlags(flags Flags) error {
b, err := json.Marshal(flags) b, err := json.Marshal(flags)
if err != nil { if err != nil {
return err return err
@ -120,10 +97,9 @@ func validateFeatureFlagFlags(flags v1beta1.Flags) error {
if !result.Valid() { if !result.Valid() {
err = fmt.Errorf("") err = fmt.Errorf("")
for _, desc := range result.Errors() { for _, desc := range result.Errors() {
err = fmt.Errorf("%s", err.Error()+desc.Description()+"\n") err = fmt.Errorf(err.Error() + desc.Description() + "\n")
} }
} }
return err return err
} }

View File

@ -1,23 +1,22 @@
package webhook package v1beta1
import ( import (
"encoding/json" "encoding/json"
"testing" "testing"
"github.com/open-feature/open-feature-operator/apis/core/v1beta1"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )
func Test_validateFeatureFlagTargeting(t *testing.T) { func Test_validateFeatureFlagTargeting(t *testing.T) {
tests := []struct { tests := []struct {
name string name string
in v1beta1.Flags in Flags
wantErr bool wantErr bool
}{ }{
{ {
name: "happy path", name: "happy path",
in: v1beta1.Flags{ in: Flags{
FlagsMap: map[string]v1beta1.Flag{ FlagsMap: map[string]Flag{
"fractional": { "fractional": {
State: "ENABLED", State: "ENABLED",
Variants: json.RawMessage(`{ Variants: json.RawMessage(`{
@ -43,8 +42,8 @@ func Test_validateFeatureFlagTargeting(t *testing.T) {
}, },
{ {
name: "happy path no targeting", name: "happy path no targeting",
in: v1beta1.Flags{ in: Flags{
FlagsMap: map[string]v1beta1.Flag{ FlagsMap: map[string]Flag{
"fractional": { "fractional": {
State: "ENABLED", State: "ENABLED",
Variants: json.RawMessage(`{ Variants: json.RawMessage(`{
@ -62,8 +61,8 @@ func Test_validateFeatureFlagTargeting(t *testing.T) {
}, },
{ {
name: "fractional invalid bucketing", name: "fractional invalid bucketing",
in: v1beta1.Flags{ in: Flags{
FlagsMap: map[string]v1beta1.Flag{ FlagsMap: map[string]Flag{
"fractional-invalid-bucketing": { "fractional-invalid-bucketing": {
State: "ENABLED", State: "ENABLED",
Variants: json.RawMessage(`{ Variants: json.RawMessage(`{
@ -90,8 +89,8 @@ func Test_validateFeatureFlagTargeting(t *testing.T) {
}, },
{ {
name: "empty variants", name: "empty variants",
in: v1beta1.Flags{ in: Flags{
FlagsMap: map[string]v1beta1.Flag{ FlagsMap: map[string]Flag{
"fractional-invalid-bucketing": { "fractional-invalid-bucketing": {
State: "ENABLED", State: "ENABLED",
Variants: json.RawMessage{}, Variants: json.RawMessage{},
@ -103,8 +102,8 @@ func Test_validateFeatureFlagTargeting(t *testing.T) {
}, },
{ {
name: "fractional invalid weighting", name: "fractional invalid weighting",
in: v1beta1.Flags{ in: Flags{
FlagsMap: map[string]v1beta1.Flag{ FlagsMap: map[string]Flag{
"fractional-invalid-weighting": { "fractional-invalid-weighting": {
State: "ENABLED", State: "ENABLED",
Variants: json.RawMessage(`{ Variants: json.RawMessage(`{
@ -130,8 +129,8 @@ func Test_validateFeatureFlagTargeting(t *testing.T) {
}, },
{ {
name: "invalid-ends-with-param", name: "invalid-ends-with-param",
in: v1beta1.Flags{ in: Flags{
FlagsMap: map[string]v1beta1.Flag{ FlagsMap: map[string]Flag{
"invalid-ends-with-param": { "invalid-ends-with-param": {
State: "ENABLED", State: "ENABLED",
Variants: json.RawMessage(`{ Variants: json.RawMessage(`{

View File

@ -24,7 +24,7 @@ import (
"encoding/json" "encoding/json"
"k8s.io/api/core/v1" "k8s.io/api/core/v1"
networkingv1 "k8s.io/api/networking/v1" networkingv1 "k8s.io/api/networking/v1"
runtime "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
apisv1 "sigs.k8s.io/gateway-api/apis/v1" apisv1 "sigs.k8s.io/gateway-api/apis/v1"
) )

View File

@ -5,12 +5,12 @@ go 1.23.0
toolchain go1.23.3 toolchain go1.23.3
require ( require (
github.com/open-feature/flagd-schemas v0.2.9-0.20250529171004-2852d7772e6b github.com/open-feature/flagd-schemas v0.2.9-0.20240708163558-2aa89b314322
github.com/stretchr/testify v1.10.0 github.com/stretchr/testify v1.9.0
github.com/xeipuuv/gojsonschema v1.2.0 github.com/xeipuuv/gojsonschema v1.2.0
k8s.io/api v0.32.3 k8s.io/api v0.31.4
k8s.io/apimachinery v0.32.3 k8s.io/apimachinery v0.31.4
sigs.k8s.io/controller-runtime v0.20.1 sigs.k8s.io/controller-runtime v0.19.3
sigs.k8s.io/gateway-api v1.2.1 sigs.k8s.io/gateway-api v1.2.1
) )
@ -18,58 +18,54 @@ require (
github.com/beorn7/perks v1.0.1 // indirect github.com/beorn7/perks v1.0.1 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/emicklei/go-restful/v3 v3.12.1 // indirect github.com/emicklei/go-restful/v3 v3.12.0 // indirect
github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect
github.com/fsnotify/fsnotify v1.8.0 // indirect
github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect
github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/logr v1.4.2 // indirect
github.com/go-openapi/jsonpointer v0.21.0 // indirect github.com/go-openapi/jsonpointer v0.21.0 // indirect
github.com/go-openapi/jsonreference v0.21.0 // indirect github.com/go-openapi/jsonreference v0.21.0 // indirect
github.com/go-openapi/swag v0.23.0 // indirect github.com/go-openapi/swag v0.23.0 // indirect
github.com/gogo/protobuf v1.3.2 // indirect github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.4 // indirect github.com/golang/protobuf v1.5.4 // indirect
github.com/google/btree v1.1.3 // indirect github.com/google/gnostic-models v0.6.8 // indirect
github.com/google/gnostic-models v0.6.9 // indirect
github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-cmp v0.6.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect github.com/google/gofuzz v1.2.0 // indirect
github.com/google/pprof v0.0.0-20250125003558-7fdb3d7e6fa0 // indirect
github.com/google/uuid v1.6.0 // indirect github.com/google/uuid v1.6.0 // indirect
github.com/imdario/mergo v0.3.16 // indirect
github.com/josharian/intern v1.0.0 // indirect github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect github.com/json-iterator/go v1.1.12 // indirect
github.com/klauspost/compress v1.17.11 // indirect github.com/mailru/easyjson v0.7.7 // indirect
github.com/mailru/easyjson v0.9.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/pkg/errors v0.9.1 // indirect github.com/pkg/errors v0.9.1 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/prometheus/client_golang v1.20.5 // indirect github.com/prometheus/client_golang v1.19.1 // indirect
github.com/prometheus/client_model v0.6.1 // indirect github.com/prometheus/client_model v0.6.1 // indirect
github.com/prometheus/common v0.62.0 // indirect github.com/prometheus/common v0.55.0 // indirect
github.com/prometheus/procfs v0.15.1 // indirect github.com/prometheus/procfs v0.15.1 // indirect
github.com/spf13/pflag v1.0.5 // indirect github.com/spf13/pflag v1.0.5 // indirect
github.com/x448/float16 v0.8.4 // indirect github.com/x448/float16 v0.8.4 // indirect
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
golang.org/x/net v0.34.0 // indirect golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f // indirect
golang.org/x/oauth2 v0.25.0 // indirect golang.org/x/net v0.30.0 // indirect
golang.org/x/sync v0.10.0 // indirect golang.org/x/oauth2 v0.21.0 // indirect
golang.org/x/sys v0.29.0 // indirect golang.org/x/sys v0.26.0 // indirect
golang.org/x/term v0.28.0 // indirect golang.org/x/term v0.25.0 // indirect
golang.org/x/text v0.21.0 // indirect golang.org/x/text v0.19.0 // indirect
golang.org/x/time v0.9.0 // indirect golang.org/x/time v0.7.0 // indirect
golang.org/x/tools v0.29.0 // indirect
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
google.golang.org/protobuf v1.36.4 // indirect google.golang.org/protobuf v1.35.1 // indirect
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/apiextensions-apiserver v0.32.1 // indirect k8s.io/apiextensions-apiserver v0.31.1 // indirect
k8s.io/client-go v0.32.1 // indirect k8s.io/client-go v0.31.1 // indirect
k8s.io/klog/v2 v2.130.1 // indirect k8s.io/klog/v2 v2.130.1 // indirect
k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect
k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect
sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect
sigs.k8s.io/yaml v1.4.0 // indirect sigs.k8s.io/yaml v1.4.0 // indirect
) )

View File

@ -6,14 +6,12 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU= github.com/emicklei/go-restful/v3 v3.12.0 h1:y2DdzBAURM29NFF94q6RaY4vjIH1rtwDapwQtU84iWk=
github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emicklei/go-restful/v3 v3.12.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI= github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI=
github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg=
github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M=
github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
@ -30,38 +28,36 @@ github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1v
github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw=
github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw=
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/pprof v0.0.0-20250125003558-7fdb3d7e6fa0 h1:my2ucqBZmv+cWHIhZNSIYKzgN8EBGyHdC7zD5sASRAg= github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 h1:FKHo8hFI3A+7w0aUQuYXQ+6EN5stWmeY/AZqtM8xk9k=
github.com/google/pprof v0.0.0-20250125003558-7fdb3d7e6fa0/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@ -69,25 +65,23 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G
github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM= github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To=
github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4= github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0=
github.com/open-feature/flagd-schemas v0.2.9-0.20240708163558-2aa89b314322 h1:5zbNHqcZAc9jlhSrC0onuVL2RPpvYcDaNvW2wOZBfUY= github.com/open-feature/flagd-schemas v0.2.9-0.20240708163558-2aa89b314322 h1:5zbNHqcZAc9jlhSrC0onuVL2RPpvYcDaNvW2wOZBfUY=
github.com/open-feature/flagd-schemas v0.2.9-0.20240708163558-2aa89b314322/go.mod h1:WKtwo1eW9/K6D+4HfgTXWBqCDzpvMhDa5eRxW7R5B2U= github.com/open-feature/flagd-schemas v0.2.9-0.20240708163558-2aa89b314322/go.mod h1:WKtwo1eW9/K6D+4HfgTXWBqCDzpvMhDa5eRxW7R5B2U=
github.com/open-feature/flagd-schemas v0.2.9-0.20250127221449-bb763438abc5/go.mod h1:WKtwo1eW9/K6D+4HfgTXWBqCDzpvMhDa5eRxW7R5B2U=
github.com/open-feature/flagd-schemas v0.2.9-0.20250529171004-2852d7772e6b/go.mod h1:WKtwo1eW9/K6D+4HfgTXWBqCDzpvMhDa5eRxW7R5B2U=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y= github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=
github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho=
github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io= github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc=
github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I= github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8=
github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
@ -96,8 +90,8 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c=
@ -112,53 +106,53 @@ go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f h1:99ci1mjWVBWwJiEKYY6jWa4d2nTQVIEhZIptnrVb1XY=
golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f/go.mod h1:/lliqkxwWAhPjf5oSOIJup2XcqJaw8RGS6k3TGEc7GI=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0= golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
golang.org/x/oauth2 v0.25.0 h1:CY4y7XT9v0cRI9oupztF8AgiIu99L/ksR/Xp/6jrZ70= golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
golang.org/x/oauth2 v0.25.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg= golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24=
golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek= golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY= golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ=
golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.29.0 h1:Xx0h3TtM9rzQpQuR4dKLrdglAmCEN5Oi+P74JdhdzXE= golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24=
golang.org/x/tools v0.29.0/go.mod h1:KMQVMRsVxU6nHCFXrBPhDB8XncLNLM0lIy/F14RP588= golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
google.golang.org/protobuf v1.36.4 h1:6A3ZDJHn/eNqc1i+IdefRzy/9PokBTPvcqMySR7NNIM= google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
google.golang.org/protobuf v1.36.4/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
@ -168,30 +162,26 @@ gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
k8s.io/api v0.32.1 h1:f562zw9cy+GvXzXf0CKlVQ7yHJVYzLfL6JAS4kOAaOc= k8s.io/api v0.31.4 h1:I2QNzitPVsPeLQvexMEsj945QumYraqv9m74isPDKhM=
k8s.io/api v0.32.1/go.mod h1:/Yi/BqkuueW1BgpoePYBRdDYfjPF5sgTr5+YqDZra5k= k8s.io/api v0.31.4/go.mod h1:d+7vgXLvmcdT1BCo79VEgJxHHryww3V5np2OYTr6jdw=
k8s.io/api v0.32.3 h1:Hw7KqxRusq+6QSplE3NYG4MBxZw1BZnq4aP4cJVINls= k8s.io/apiextensions-apiserver v0.31.1 h1:L+hwULvXx+nvTYX/MKM3kKMZyei+UiSXQWciX/N6E40=
k8s.io/api v0.32.3/go.mod h1:2wEDTXADtm/HA7CCMD8D8bK4yuBUptzaRhYcYEEYA3k= k8s.io/apiextensions-apiserver v0.31.1/go.mod h1:tWMPR3sgW+jsl2xm9v7lAyRF1rYEK71i9G5dRtkknoQ=
k8s.io/apiextensions-apiserver v0.32.1 h1:hjkALhRUeCariC8DiVmb5jj0VjIc1N0DREP32+6UXZw= k8s.io/apimachinery v0.31.4 h1:8xjE2C4CzhYVm9DGf60yohpNUh5AEBnPxCryPBECmlM=
k8s.io/apiextensions-apiserver v0.32.1/go.mod h1:sxWIGuGiYov7Io1fAS2X06NjMIk5CbRHc2StSmbaQto= k8s.io/apimachinery v0.31.4/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
k8s.io/apimachinery v0.32.1 h1:683ENpaCBjma4CYqsmZyhEzrGz6cjn1MY/X2jB2hkZs= k8s.io/client-go v0.31.1 h1:f0ugtWSbWpxHR7sjVpQwuvw9a3ZKLXX0u0itkFXufb0=
k8s.io/apimachinery v0.32.1/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= k8s.io/client-go v0.31.1/go.mod h1:sKI8871MJN2OyeqRlmA4W4KM9KBdBUpDLu/43eGemCg=
k8s.io/apimachinery v0.32.3 h1:JmDuDarhDmA/Li7j3aPrwhpNBA94Nvk5zLeOge9HH1U=
k8s.io/apimachinery v0.32.3/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
k8s.io/client-go v0.32.1 h1:otM0AxdhdBIaQh7l1Q0jQpmo7WOFIk5FFa4bg6YMdUU=
k8s.io/client-go v0.32.1/go.mod h1:aTTKZY7MdxUaJ/KiUs8D+GssR9zJZi77ZqtzcGXIiDg=
k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 h1:hcha5B1kVACrLujCKLbr8XWMxCxzQx42DY8QKYJrDLg= k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y=
k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7/go.mod h1:GewRfANuJ70iYzvn+i4lezLDAFzvjxZYK1gn1lWcfas= k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4=
k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0= k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro=
k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
sigs.k8s.io/controller-runtime v0.20.1 h1:JbGMAG/X94NeM3xvjenVUaBjy6Ui4Ogd/J5ZtjZnHaE= sigs.k8s.io/controller-runtime v0.19.3 h1:XO2GvC9OPftRst6xWCpTgBZO04S2cbp0Qqkj8bX1sPw=
sigs.k8s.io/controller-runtime v0.20.1/go.mod h1:BrP3w158MwvB3ZbNpaAcIKkHQ7YGpYnzpoSTZ8E14WU= sigs.k8s.io/controller-runtime v0.19.3/go.mod h1:j4j87DqtsThvwTv5/Tc5NFRyyF/RF0ip4+62tbTSIUM=
sigs.k8s.io/gateway-api v1.2.1 h1:fZZ/+RyRb+Y5tGkwxFKuYuSRQHu9dZtbjenblleOLHM= sigs.k8s.io/gateway-api v1.2.1 h1:fZZ/+RyRb+Y5tGkwxFKuYuSRQHu9dZtbjenblleOLHM=
sigs.k8s.io/gateway-api v1.2.1/go.mod h1:EpNfEXNjiYfUJypf0eZ0P5iXA9ekSGWaS1WgPaM42X0= sigs.k8s.io/gateway-api v1.2.1/go.mod h1:EpNfEXNjiYfUJypf0eZ0P5iXA9ekSGWaS1WgPaM42X0=
sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8=
sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo=
sigs.k8s.io/structured-merge-diff/v4 v4.5.0 h1:nbCitCK2hfnhyiKo6uf2HxUPTCodY6Qaf85SbDIaMBk= sigs.k8s.io/structured-merge-diff/v4 v4.5.0 h1:nbCitCK2hfnhyiKo6uf2HxUPTCodY6Qaf85SbDIaMBk=
sigs.k8s.io/structured-merge-diff/v4 v4.5.0/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= sigs.k8s.io/structured-merge-diff/v4 v4.5.0/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4=
sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=

View File

@ -13,12 +13,12 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes # This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version. # to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/) # Versions are expected to follow Semantic Versioning (https://semver.org/)
version: "v0.8.6" # x-release-please-version version: "v0.8.4" # x-release-please-version
# This is the version number of the application being deployed. This version number should be # This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to # incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using. # follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes. # It is recommended to use it with quotes.
appVersion: "v0.8.6" # x-release-please-version appVersion: "v0.8.4" # x-release-please-version
home: https://openfeature.dev home: https://openfeature.dev
icon: https://open-feature.github.io/open-feature-operator/chart/open-feature-operator/openfeature-logo.png icon: https://open-feature.github.io/open-feature-operator/chart/open-feature-operator/openfeature-logo.png

View File

@ -99,14 +99,14 @@ The command removes all the Kubernetes components associated with the chart and
### namespace ### namespace
| Name | Description | Value | | Name | Description | Value |
| ----------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | | ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ |
| `namespace.create` | Whether to create the namespace as part of this chart. | `true` | | `namespace.create` | Whether to create the namespace as part of this chart. | `true` |
| `namespace.labels` | Labels for the namespace if created as part of the chart. | `{}` | | `namespace.labels` | Labels for the namespace if created as part of the chart. | `{}` |
| `namespace.annotations` | Annotations for the namespace if created as part of the chart. | `{}` | | `namespace.annotations` | Annotations for the namespace if created as part of the chart. | `{}` |
| `imagePullSecrets` | Array of ImagePullSecret objects containing credentials for images pulled by the operator (flagdProxyConfiguration.image, flagdConfiguration.image, controllerManager.manager.image). Example: imagePullSecrets: [{"name": "my-secret"}] | `[]` | | `imagePullSecrets` | Array of ImagePullSecret objects containing credentials for images pulled by the operator (flagdProxyConfiguration.image, flagdConfiguration.image, controllerManager.manager.image, controllerManager.kubeRbacProxy.image). Example: imagePullSecrets: [{"name": "my-secret"}] | `[]` |
| `labels` | Labels to apply to all of the pods in the operator. | `{}` | | `labels` | Labels to apply to all of the pods in the operator. | `{}` |
| `annotations` | Annotations to apply to all of the pods in the operator. | `{}` | | `annotations` | Annotations to apply to all of the pods in the operator. | `{}` |
### Mutating Webhook configuration ### Mutating Webhook configuration
@ -123,7 +123,7 @@ The command removes all the Kubernetes components associated with the chart and
| `sidecarConfiguration.managementPort` | Sets the value of the `XXX_MANAGEMENT_PORT` environment variable for the injected sidecar. | `8014` | | `sidecarConfiguration.managementPort` | Sets the value of the `XXX_MANAGEMENT_PORT` environment variable for the injected sidecar. | `8014` |
| `sidecarConfiguration.socketPath` | Sets the value of the `XXX_SOCKET_PATH` environment variable for the injected sidecar. | `""` | | `sidecarConfiguration.socketPath` | Sets the value of the `XXX_SOCKET_PATH` environment variable for the injected sidecar. | `""` |
| `sidecarConfiguration.image.repository` | Sets the image for the injected sidecar. | `ghcr.io/open-feature/flagd` | | `sidecarConfiguration.image.repository` | Sets the image for the injected sidecar. | `ghcr.io/open-feature/flagd` |
| `sidecarConfiguration.image.tag` | Sets the version tag for the injected sidecar. | `v0.12.4` | | `sidecarConfiguration.image.tag` | Sets the version tag for the injected sidecar. | `v0.11.1` |
| `sidecarConfiguration.providerArgs` | Used to append arguments to the sidecar startup command. This value is a comma separated string of key values separated by '=', e.g. `key=value,key2=value2` results in the appending of `--sync-provider-args key=value --sync-provider-args key2=value2`. | `""` | | `sidecarConfiguration.providerArgs` | Used to append arguments to the sidecar startup command. This value is a comma separated string of key values separated by '=', e.g. `key=value,key2=value2` results in the appending of `--sync-provider-args key=value --sync-provider-args key2=value2`. | `""` |
| `sidecarConfiguration.envVarPrefix` | Sets the prefix for all environment variables set in the injected sidecar. | `FLAGD` | | `sidecarConfiguration.envVarPrefix` | Sets the prefix for all environment variables set in the injected sidecar. | `FLAGD` |
| `sidecarConfiguration.defaultSyncProvider` | Sets the value of the `XXX_SYNC_PROVIDER` environment variable for the injected sidecar container. There are 4 valid sync providers: `kubernetes`, `grpc`, `file` and `http`. | `kubernetes` | | `sidecarConfiguration.defaultSyncProvider` | Sets the value of the `XXX_SYNC_PROVIDER` environment variable for the injected sidecar container. There are 4 valid sync providers: `kubernetes`, `grpc`, `file` and `http`. | `kubernetes` |
@ -159,7 +159,7 @@ The command removes all the Kubernetes components associated with the chart and
| `flagdProxyConfiguration.port` | Sets the port to expose the sync API on. | `8015` | | `flagdProxyConfiguration.port` | Sets the port to expose the sync API on. | `8015` |
| `flagdProxyConfiguration.managementPort` | Sets the port to expose the management API on. | `8016` | | `flagdProxyConfiguration.managementPort` | Sets the port to expose the management API on. | `8016` |
| `flagdProxyConfiguration.image.repository` | Sets the image for the flagd-proxy deployment. | `ghcr.io/open-feature/flagd-proxy` | | `flagdProxyConfiguration.image.repository` | Sets the image for the flagd-proxy deployment. | `ghcr.io/open-feature/flagd-proxy` |
| `flagdProxyConfiguration.image.tag` | Sets the tag for the flagd-proxy deployment. | `v0.7.4` | | `flagdProxyConfiguration.image.tag` | Sets the tag for the flagd-proxy deployment. | `v0.6.4` |
| `flagdProxyConfiguration.debugLogging` | Controls the addition of the `--debug` flag to the container startup arguments. | `false` | | `flagdProxyConfiguration.debugLogging` | Controls the addition of the `--debug` flag to the container startup arguments. | `false` |
### Flagd configuration ### Flagd configuration
@ -171,15 +171,21 @@ The command removes all the Kubernetes components associated with the chart and
| `flagdConfiguration.syncPort` | Sets the port to expose the sync API on. | `8015` | | `flagdConfiguration.syncPort` | Sets the port to expose the sync API on. | `8015` |
| `flagdConfiguration.managementPort` | Sets the port to expose the management API on. | `8014` | | `flagdConfiguration.managementPort` | Sets the port to expose the management API on. | `8014` |
| `flagdConfiguration.image.repository` | Sets the image for the flagd deployment. | `ghcr.io/open-feature/flagd` | | `flagdConfiguration.image.repository` | Sets the image for the flagd deployment. | `ghcr.io/open-feature/flagd` |
| `flagdConfiguration.image.tag` | Sets the tag for the flagd deployment. | `v0.12.4` | | `flagdConfiguration.image.tag` | Sets the tag for the flagd deployment. | `v0.11.1` |
| `flagdConfiguration.debugLogging` | Controls the addition of the `--debug` flag to the container startup arguments. | `false` | | `flagdConfiguration.debugLogging` | Controls the addition of the `--debug` flag to the container startup arguments. | `false` |
### Operator resource configuration ### Operator resource configuration
| Name | Description | Value | | Name | Description | Value |
| ------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | -------------------------------------------- | | ------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | -------------------------------------------- |
| `controllerManager.kubeRbacProxy.image.repository` | Sets the image for the kube-rbac-proxy. | `gcr.io/kubebuilder/kube-rbac-proxy` |
| `controllerManager.kubeRbacProxy.image.tag` | Sets the version tag for the kube-rbac-proxy. | `v0.14.1` |
| `controllerManager.kubeRbacProxy.resources.limits.cpu` | Sets cpu resource limits for kube-rbac-proxy. | `500m` |
| `controllerManager.kubeRbacProxy.resources.limits.memory` | Sets memory resource limits for kube-rbac-proxy. | `128Mi` |
| `controllerManager.kubeRbacProxy.resources.requests.cpu` | Sets cpu resource requests for kube-rbac-proxy. | `5m` |
| `controllerManager.kubeRbacProxy.resources.requests.memory` | Sets memory resource requests for kube-rbac-proxy. | `64Mi` |
| `controllerManager.manager.image.repository` | Sets the image for the operator. | `ghcr.io/open-feature/open-feature-operator` | | `controllerManager.manager.image.repository` | Sets the image for the operator. | `ghcr.io/open-feature/open-feature-operator` |
| `controllerManager.manager.image.tag` | Sets the version tag for the operator. | `v0.8.6` | | `controllerManager.manager.image.tag` | Sets the version tag for the operator. | `v0.8.1` |
| `controllerManager.manager.resources.limits.cpu` | Sets cpu resource limits for operator. | `500m` | | `controllerManager.manager.resources.limits.cpu` | Sets cpu resource limits for operator. | `500m` |
| `controllerManager.manager.resources.limits.memory` | Sets memory resource limits for operator. | `128Mi` | | `controllerManager.manager.resources.limits.memory` | Sets memory resource limits for operator. | `128Mi` |
| `controllerManager.manager.resources.requests.cpu` | Sets cpu resource requests for operator. | `10m` | | `controllerManager.manager.resources.requests.cpu` | Sets cpu resource requests for operator. | `10m` |

View File

@ -11,7 +11,7 @@ namespace:
## @param namespace.annotations Annotations for the namespace if created as part of the chart. ## @param namespace.annotations Annotations for the namespace if created as part of the chart.
annotations: {} annotations: {}
## @param imagePullSecrets Array of ImagePullSecret objects containing credentials for images pulled by the operator (flagdProxyConfiguration.image, flagdConfiguration.image, controllerManager.manager.image). Example: imagePullSecrets: [{"name": "my-secret"}] ## @param imagePullSecrets Array of ImagePullSecret objects containing credentials for images pulled by the operator (flagdProxyConfiguration.image, flagdConfiguration.image, controllerManager.manager.image, controllerManager.kubeRbacProxy.image). Example: imagePullSecrets: [{"name": "my-secret"}]
imagePullSecrets: [] imagePullSecrets: []
## @param labels Labels to apply to all of the pods in the operator. ## @param labels Labels to apply to all of the pods in the operator.
labels: {} labels: {}
@ -37,7 +37,7 @@ sidecarConfiguration:
## @param sidecarConfiguration.image.repository Sets the image for the injected sidecar. ## @param sidecarConfiguration.image.repository Sets the image for the injected sidecar.
repository: "ghcr.io/open-feature/flagd" repository: "ghcr.io/open-feature/flagd"
## @param sidecarConfiguration.image.tag Sets the version tag for the injected sidecar. ## @param sidecarConfiguration.image.tag Sets the version tag for the injected sidecar.
tag: v0.12.4 tag: v0.11.1
## @param sidecarConfiguration.providerArgs Used to append arguments to the sidecar startup command. This value is a comma separated string of key values separated by '=', e.g. `key=value,key2=value2` results in the appending of `--sync-provider-args key=value --sync-provider-args key2=value2`. ## @param sidecarConfiguration.providerArgs Used to append arguments to the sidecar startup command. This value is a comma separated string of key values separated by '=', e.g. `key=value,key2=value2` results in the appending of `--sync-provider-args key=value --sync-provider-args key2=value2`.
providerArgs: "" providerArgs: ""
## @param sidecarConfiguration.envVarPrefix Sets the prefix for all environment variables set in the injected sidecar. ## @param sidecarConfiguration.envVarPrefix Sets the prefix for all environment variables set in the injected sidecar.
@ -100,7 +100,7 @@ flagdProxyConfiguration:
## @param flagdProxyConfiguration.image.repository Sets the image for the flagd-proxy deployment. ## @param flagdProxyConfiguration.image.repository Sets the image for the flagd-proxy deployment.
repository: "ghcr.io/open-feature/flagd-proxy" repository: "ghcr.io/open-feature/flagd-proxy"
## @param flagdProxyConfiguration.image.tag Sets the tag for the flagd-proxy deployment. ## @param flagdProxyConfiguration.image.tag Sets the tag for the flagd-proxy deployment.
tag: v0.7.4 tag: v0.6.4
## @param flagdProxyConfiguration.debugLogging Controls the addition of the `--debug` flag to the container startup arguments. ## @param flagdProxyConfiguration.debugLogging Controls the addition of the `--debug` flag to the container startup arguments.
debugLogging: false debugLogging: false
@ -118,18 +118,35 @@ flagdConfiguration:
## @param flagdConfiguration.image.repository Sets the image for the flagd deployment. ## @param flagdConfiguration.image.repository Sets the image for the flagd deployment.
repository: "ghcr.io/open-feature/flagd" repository: "ghcr.io/open-feature/flagd"
## @param flagdConfiguration.image.tag Sets the tag for the flagd deployment. ## @param flagdConfiguration.image.tag Sets the tag for the flagd deployment.
tag: v0.12.4 tag: v0.11.1
## @param flagdConfiguration.debugLogging Controls the addition of the `--debug` flag to the container startup arguments. ## @param flagdConfiguration.debugLogging Controls the addition of the `--debug` flag to the container startup arguments.
debugLogging: false debugLogging: false
## @section Operator resource configuration ## @section Operator resource configuration
controllerManager: controllerManager:
kubeRbacProxy:
image:
## @param controllerManager.kubeRbacProxy.image.repository Sets the image for the kube-rbac-proxy.
repository: gcr.io/kubebuilder/kube-rbac-proxy
## @param controllerManager.kubeRbacProxy.image.tag Sets the version tag for the kube-rbac-proxy.
tag: "v0.14.1"
resources:
limits:
## @param controllerManager.kubeRbacProxy.resources.limits.cpu Sets cpu resource limits for kube-rbac-proxy.
cpu: 500m
## @param controllerManager.kubeRbacProxy.resources.limits.memory Sets memory resource limits for kube-rbac-proxy.
memory: 128Mi
requests:
## @param controllerManager.kubeRbacProxy.resources.requests.cpu Sets cpu resource requests for kube-rbac-proxy.
cpu: 5m
## @param controllerManager.kubeRbacProxy.resources.requests.memory Sets memory resource requests for kube-rbac-proxy.
memory: 64Mi
manager: manager:
image: image:
## @param controllerManager.manager.image.repository Sets the image for the operator. ## @param controllerManager.manager.image.repository Sets the image for the operator.
repository: ghcr.io/open-feature/open-feature-operator repository: ghcr.io/open-feature/open-feature-operator
## @param controllerManager.manager.image.tag Sets the version tag for the operator. ## @param controllerManager.manager.image.tag Sets the version tag for the operator.
tag: v0.8.6 # x-release-please-version tag: v0.8.4 # x-release-please-version
resources: resources:
limits: limits:
## @param controllerManager.manager.resources.limits.cpu Sets cpu resource limits for operator. ## @param controllerManager.manager.resources.limits.cpu Sets cpu resource limits for operator.

View File

@ -9,10 +9,10 @@ import (
"github.com/go-logr/logr" "github.com/go-logr/logr"
api "github.com/open-feature/open-feature-operator/apis/core/v1beta1" api "github.com/open-feature/open-feature-operator/apis/core/v1beta1"
apicommon "github.com/open-feature/open-feature-operator/apis/core/v1beta1/common" apicommon "github.com/open-feature/open-feature-operator/apis/core/v1beta1/common"
"github.com/open-feature/open-feature-operator/internal/common" "github.com/open-feature/open-feature-operator/common"
"github.com/open-feature/open-feature-operator/internal/common/flagdproxy" "github.com/open-feature/open-feature-operator/common/flagdproxy"
"github.com/open-feature/open-feature-operator/internal/common/types" "github.com/open-feature/open-feature-operator/common/types"
"github.com/open-feature/open-feature-operator/internal/common/utils" "github.com/open-feature/open-feature-operator/common/utils"
appsV1 "k8s.io/api/apps/v1" appsV1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1" rbacv1 "k8s.io/api/rbac/v1"
@ -230,8 +230,6 @@ func (fi *FlagdContainerInjector) newSourceConfig(ctx context.Context, source ap
sourceCfg, err = fi.toFilepathProviderConfig(ctx, objectMeta, podSpec, sidecar, source) sourceCfg, err = fi.toFilepathProviderConfig(ctx, objectMeta, podSpec, sidecar, source)
case source.Provider.IsHttp(): case source.Provider.IsHttp():
sourceCfg = fi.toHttpProviderConfig(source) sourceCfg = fi.toHttpProviderConfig(source)
case source.Provider.IsGcs():
sourceCfg = fi.toGcsConfig(source)
case source.Provider.IsGrpc(): case source.Provider.IsGrpc():
sourceCfg = fi.toGrpcProviderConfig(source) sourceCfg = fi.toGrpcProviderConfig(source)
case source.Provider.IsFlagdProxy(): case source.Provider.IsFlagdProxy():
@ -308,14 +306,6 @@ func (fi *FlagdContainerInjector) toHttpProviderConfig(source api.Source) types.
} }
} }
func (fi *FlagdContainerInjector) toGcsConfig(source api.Source) types.SourceConfig {
return types.SourceConfig{
URI: source.Source,
Provider: string(apicommon.SyncProviderGcs),
Interval: source.Interval,
}
}
func (fi *FlagdContainerInjector) toGrpcProviderConfig(source api.Source) types.SourceConfig { func (fi *FlagdContainerInjector) toGrpcProviderConfig(source api.Source) types.SourceConfig {
return types.SourceConfig{ return types.SourceConfig{
URI: source.Source, URI: source.Source,

View File

@ -9,9 +9,9 @@ import (
"github.com/go-logr/logr/testr" "github.com/go-logr/logr/testr"
api "github.com/open-feature/open-feature-operator/apis/core/v1beta1" api "github.com/open-feature/open-feature-operator/apis/core/v1beta1"
apicommon "github.com/open-feature/open-feature-operator/apis/core/v1beta1/common" apicommon "github.com/open-feature/open-feature-operator/apis/core/v1beta1/common"
"github.com/open-feature/open-feature-operator/internal/common" "github.com/open-feature/open-feature-operator/common"
"github.com/open-feature/open-feature-operator/internal/common/flagdproxy" "github.com/open-feature/open-feature-operator/common/flagdproxy"
"github.com/open-feature/open-feature-operator/internal/common/utils" "github.com/open-feature/open-feature-operator/common/utils"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
appsV1 "k8s.io/api/apps/v1" appsV1 "k8s.io/api/apps/v1"
v1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1"

View File

@ -6,8 +6,8 @@ import (
"reflect" "reflect"
"github.com/go-logr/logr" "github.com/go-logr/logr"
"github.com/open-feature/open-feature-operator/internal/common" "github.com/open-feature/open-feature-operator/common"
"github.com/open-feature/open-feature-operator/internal/common/types" "github.com/open-feature/open-feature-operator/common/types"
"golang.org/x/exp/maps" "golang.org/x/exp/maps"
appsV1 "k8s.io/api/apps/v1" appsV1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"

View File

@ -6,8 +6,8 @@ import (
"testing" "testing"
"github.com/go-logr/logr/testr" "github.com/go-logr/logr/testr"
"github.com/open-feature/open-feature-operator/internal/common" "github.com/open-feature/open-feature-operator/common"
"github.com/open-feature/open-feature-operator/internal/common/types" "github.com/open-feature/open-feature-operator/common/types"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
appsv1 "k8s.io/api/apps/v1" appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"

View File

@ -6,14 +6,14 @@ type EnvConfig struct {
FlagsValidationEnabled bool `envconfig:"FLAGS_VALIDATION_ENABLED" default:"true"` FlagsValidationEnabled bool `envconfig:"FLAGS_VALIDATION_ENABLED" default:"true"`
FlagdProxyReplicaCount int `envconfig:"FLAGD_PROXY_REPLICA_COUNT" default:"1"` FlagdProxyReplicaCount int `envconfig:"FLAGD_PROXY_REPLICA_COUNT" default:"1"`
// renovate: datasource=github-tags depName=open-feature/flagd/flagd-proxy // renovate: datasource=github-tags depName=open-feature/flagd/flagd-proxy
FlagdProxyTag string `envconfig:"FLAGD_PROXY_TAG" default:"v0.7.4"` FlagdProxyTag string `envconfig:"FLAGD_PROXY_TAG" default:"v0.6.4"`
FlagdProxyPort int `envconfig:"FLAGD_PROXY_PORT" default:"8015"` FlagdProxyPort int `envconfig:"FLAGD_PROXY_PORT" default:"8015"`
FlagdProxyManagementPort int `envconfig:"FLAGD_PROXY_MANAGEMENT_PORT" default:"8016"` FlagdProxyManagementPort int `envconfig:"FLAGD_PROXY_MANAGEMENT_PORT" default:"8016"`
FlagdProxyDebugLogging bool `envconfig:"FLAGD_PROXY_DEBUG_LOGGING" default:"false"` FlagdProxyDebugLogging bool `envconfig:"FLAGD_PROXY_DEBUG_LOGGING" default:"false"`
FlagdImage string `envconfig:"FLAGD_IMAGE" default:"ghcr.io/open-feature/flagd"` FlagdImage string `envconfig:"FLAGD_IMAGE" default:"ghcr.io/open-feature/flagd"`
// renovate: datasource=github-tags depName=open-feature/flagd/flagd // renovate: datasource=github-tags depName=open-feature/flagd/flagd
FlagdTag string `envconfig:"FLAGD_TAG" default:"v0.12.4"` FlagdTag string `envconfig:"FLAGD_TAG" default:"v0.11.1"`
FlagdPort int `envconfig:"FLAGD_PORT" default:"8013"` FlagdPort int `envconfig:"FLAGD_PORT" default:"8013"`
FlagdOFREPPort int `envconfig:"FLAGD_OFREP_PORT" default:"8016"` FlagdOFREPPort int `envconfig:"FLAGD_OFREP_PORT" default:"8016"`
FlagdSyncPort int `envconfig:"FLAGD_SYNC_PORT" default:"8015"` FlagdSyncPort int `envconfig:"FLAGD_SYNC_PORT" default:"8015"`
@ -25,7 +25,7 @@ type EnvConfig struct {
SidecarPort int `envconfig:"SIDECAR_PORT" default:"8013"` SidecarPort int `envconfig:"SIDECAR_PORT" default:"8013"`
SidecarImage string `envconfig:"SIDECAR_IMAGE" default:"ghcr.io/open-feature/flagd"` SidecarImage string `envconfig:"SIDECAR_IMAGE" default:"ghcr.io/open-feature/flagd"`
// renovate: datasource=github-tags depName=open-feature/flagd/flagd // renovate: datasource=github-tags depName=open-feature/flagd/flagd
SidecarTag string `envconfig:"SIDECAR_TAG" default:"v0.12.4"` SidecarTag string `envconfig:"SIDECAR_TAG" default:"v0.11.1"`
SidecarSocketPath string `envconfig:"SIDECAR_SOCKET_PATH" default:""` SidecarSocketPath string `envconfig:"SIDECAR_SOCKET_PATH" default:""`
SidecarEvaluator string `envconfig:"SIDECAR_EVALUATOR" default:"json"` SidecarEvaluator string `envconfig:"SIDECAR_EVALUATOR" default:"json"`
SidecarProviderArgs string `envconfig:"SIDECAR_PROVIDER_ARGS" default:""` SidecarProviderArgs string `envconfig:"SIDECAR_PROVIDER_ARGS" default:""`

View File

@ -5,9 +5,6 @@ apiVersion: cert-manager.io/v1
kind: Issuer kind: Issuer
metadata: metadata:
name: selfsigned-issuer name: selfsigned-issuer
labels:
app.kubernetes.io/name: open-feature-operator
app.kubernetes.io/managed-by: kustomize
spec: spec:
selfSigned: {} selfSigned: {}
--- ---
@ -15,35 +12,12 @@ apiVersion: cert-manager.io/v1
kind: Certificate kind: Certificate
metadata: metadata:
name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml
labels:
app.kubernetes.io/name: open-feature-operator
app.kubernetes.io/managed-by: kustomize
spec: spec:
# SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize
dnsNames: dnsNames:
- SERVICE_NAME.SERVICE_NAMESPACE.svc - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc
- SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local
issuerRef: issuerRef:
kind: Issuer kind: Issuer
name: selfsigned-issuer name: selfsigned-issuer
secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize
---
# The following manifests contain a self-signed issuer CR and a metrics certificate CR.
# More document can be found at https://docs.cert-manager.io
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: metrics-certs # this name should match the one appeared in kustomizeconfig.yaml
labels:
app.kubernetes.io/name: open-feature-operator
app.kubernetes.io/managed-by: kustomize
spec:
dnsNames:
# SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize
# replacements in the config/default/kustomization.yaml file.
- SERVICE_NAME.SERVICE_NAMESPACE.svc
- SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local
issuerRef:
kind: Issuer
name: selfsigned-issuer
secretName: metrics-server-cert

View File

@ -6,3 +6,11 @@ nameReference:
- kind: Certificate - kind: Certificate
group: cert-manager.io group: cert-manager.io
path: spec/issuerRef/name path: spec/issuerRef/name
varReference:
- kind: Certificate
group: cert-manager.io
path: spec/commonName
- kind: Certificate
group: cert-manager.io
path: spec/dnsNames

View File

@ -8,7 +8,7 @@ resources:
- bases/core.openfeature.dev_inprocessconfigurations.yaml - bases/core.openfeature.dev_inprocessconfigurations.yaml
#+kubebuilder:scaffold:crdkustomizeresource #+kubebuilder:scaffold:crdkustomizeresource
patches: patchesStrategicMerge:
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
# patches here are for enabling the conversion webhook for each CRD # patches here are for enabling the conversion webhook for each CRD
#- patches/webhook_in_featureflags.yaml #- patches/webhook_in_featureflags.yaml
@ -17,6 +17,14 @@ patches:
#- patches/webhook_in_inprocessconfigurations.yaml #- patches/webhook_in_inprocessconfigurations.yaml
#+kubebuilder:scaffold:crdkustomizewebhookpatch #+kubebuilder:scaffold:crdkustomizewebhookpatch
# [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
# patches here are for enabling the CA injection for each CRD
#- patches/cainjection_in_featureflags.yaml
#- patches/cainjection_in_featureflagsources.yaml
#- patches/cainjection_in_flagds.yaml
#- patches/cainjection_in_inprocessconfigurations.yaml
#+kubebuilder:scaffold:crdkustomizecainjectionpatch
# the following config is for teaching kustomize how to do kustomization for CRDs. # the following config is for teaching kustomize how to do kustomization for CRDs.
configurations: configurations:
- kustomizeconfig.yaml - kustomizeconfig.yaml

View File

@ -1,19 +1,19 @@
# This file is for teaching kustomize how to substitute name and namespace reference in CRD # This file is for teaching kustomize how to substitute name and namespace reference in CRD
nameReference: nameReference:
- kind: Service - kind: Service
version: v1 version: v1
fieldSpecs: fieldSpecs:
- kind: CustomResourceDefinition
version: v1
group: apiextensions.k8s.io
path: spec/conversion/webhook/clientConfig/service/name
namespace:
- kind: CustomResourceDefinition - kind: CustomResourceDefinition
version: v1 version: v1
group: apiextensions.k8s.io group: apiextensions.k8s.io
path: spec/conversion/webhook/clientConfig/service/namespace path: spec/conversion/webhook/clientConfig/service/name
create: false
namespace:
- kind: CustomResourceDefinition
version: v1
group: apiextensions.k8s.io
path: spec/conversion/webhook/clientConfig/service/namespace
create: false
varReference: varReference:
- path: metadata/annotations - path: metadata/annotations

View File

@ -0,0 +1,7 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: featureflags.core.openfeature.dev

View File

@ -0,0 +1,7 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: featureflagsources.core.openfeature.dev

View File

@ -0,0 +1,7 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: flagds.core.openfeature.dev

View File

@ -0,0 +1,7 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: inprocessconfigurations.core.openfeature.dev

View File

@ -1,30 +0,0 @@
# This patch adds the args, volumes, and ports to allow the manager to use the metrics-server certs.
# Add the volumeMount for the metrics-server certs
- op: add
path: /spec/template/spec/containers/0/volumeMounts/-
value:
mountPath: /tmp/k8s-metrics-server/metrics-certs
name: metrics-certs
readOnly: true
# Add the --metrics-cert-path argument for the metrics server
- op: add
path: /spec/template/spec/containers/0/args/-
value: --metrics-cert-path=/tmp/k8s-metrics-server/metrics-certs
# Add the metrics-server certs volume configuration
- op: add
path: /spec/template/spec/volumes/-
value:
name: metrics-certs
secret:
secretName: metrics-server-cert
optional: false
items:
- key: ca.crt
path: ca.crt
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key

View File

@ -12,206 +12,63 @@ namePrefix: open-feature-operator-
#commonLabels: #commonLabels:
# someName: someValue # someName: someValue
resources: bases:
- ../crd - ../crd
- ../rbac - ../rbac
- ../manager - ../manager
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
# crd/kustomization.yaml # crd/kustomization.yaml
- ../webhook - ../webhook
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
- ../certmanager - ../certmanager
# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
#- ../prometheus #- ../prometheus
# [NETWORK POLICY] Protect the /metrics endpoint and Webhook Server with NetworkPolicy. patchesStrategicMerge:
# Only Pod(s) running a namespace labeled with 'metrics: enabled' will be able to gather the metrics. # Protect the /metrics endpoint by putting it behind auth.
# Only CR(s) which requires webhooks and are applied on namespaces labeled with 'webhooks: enabled' will # If you want your controller-manager to expose the /metrics
# be able to communicate with the Webhook Server. # endpoint w/o any authn/z, please comment the following line.
#- ../network-policy - manager_auth_proxy_patch.yaml
patches:
# Mount the controller config file for loading manager configurations # Mount the controller config file for loading manager configurations
# through a ComponentConfig type # through a ComponentConfig type
#- manager_config_patch.yaml #- manager_config_patch.yaml
# [METRICS] The following patch will enable the metrics endpoint using HTTPS and the port :8443.
# More info: https://book.kubebuilder.io/reference/metrics
- path: manager_metrics_patch.yaml
target:
kind: Deployment
# Uncomment the patches line if you enable Metrics and CertManager
# [METRICS-WITH-CERTS] To enable metrics protected with certManager, uncomment the following line.
# This patch will protect the metrics with certManager self-signed certs.
- path: cert_metrics_manager_patch.yaml
target:
kind: Deployment
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
# crd/kustomization.yaml # crd/kustomization.yaml
- path: manager_webhook_patch.yaml - manager_webhook_patch.yaml
target:
kind: Deployment
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
# 'CERTMANAGER' needs to be enabled to use ca injection
- webhookcainjection_patch.yaml
# the following config is for teaching kustomize how to do var substitution
vars:
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
# Uncomment the following replacements to add the cert-manager CA injection annotations - name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
replacements: objref:
- source: # Uncomment the following block to enable certificates for metrics kind: Certificate
kind: Service group: cert-manager.io
version: v1 version: v1
name: controller-manager-metrics-service name: serving-cert # this name should match the one in certificate.yaml
fieldPath: metadata.name fieldref:
targets: fieldpath: metadata.namespace
- select: - name: CERTIFICATE_NAME
kind: Certificate objref:
group: cert-manager.io kind: Certificate
version: v1 group: cert-manager.io
name: metrics-certs version: v1
fieldPaths: name: serving-cert # this name should match the one in certificate.yaml
- spec.dnsNames.0 - name: SERVICE_NAMESPACE # namespace of the service
- spec.dnsNames.1 objref:
options: kind: Service
delimiter: '.' version: v1
index: 0 name: webhook-service
create: true fieldref:
fieldpath: metadata.namespace
- source: - name: SERVICE_NAME
kind: Service objref:
version: v1 kind: Service
name: controller-manager-metrics-service version: v1
fieldPath: metadata.namespace name: webhook-service
targets:
- select:
kind: Certificate
group: cert-manager.io
version: v1
name: metrics-certs
fieldPaths:
- spec.dnsNames.0
- spec.dnsNames.1
options:
delimiter: '.'
index: 1
create: true
- source: # Uncomment the following block if you have any webhook
kind: Service
version: v1
name: webhook-service
fieldPath: .metadata.name # Name of the service
targets:
- select:
kind: Certificate
group: cert-manager.io
version: v1
name: serving-cert
fieldPaths:
- .spec.dnsNames.0
- .spec.dnsNames.1
options:
delimiter: '.'
index: 0
create: true
- source:
kind: Service
version: v1
name: webhook-service
fieldPath: .metadata.namespace # Namespace of the service
targets:
- select:
kind: Certificate
group: cert-manager.io
version: v1
name: serving-cert
fieldPaths:
- .spec.dnsNames.0
- .spec.dnsNames.1
options:
delimiter: '.'
index: 1
create: true
- source: # Uncomment the following block if you have a ValidatingWebhook (--programmatic-validation)
kind: Certificate
group: cert-manager.io
version: v1
name: serving-cert # This name should match the one in certificate.yaml
fieldPath: .metadata.namespace # Namespace of the certificate CR
targets:
- select:
kind: ValidatingWebhookConfiguration
fieldPaths:
- .metadata.annotations.[cert-manager.io/inject-ca-from]
options:
delimiter: '/'
index: 0
create: true
- source:
kind: Certificate
group: cert-manager.io
version: v1
name: serving-cert
fieldPath: .metadata.name
targets:
- select:
kind: ValidatingWebhookConfiguration
fieldPaths:
- .metadata.annotations.[cert-manager.io/inject-ca-from]
options:
delimiter: '/'
index: 1
create: true
- source: # Uncomment the following block if you have a DefaultingWebhook (--defaulting )
kind: Certificate
group: cert-manager.io
version: v1
name: serving-cert
fieldPath: .metadata.namespace # Namespace of the certificate CR
targets:
- select:
kind: MutatingWebhookConfiguration
fieldPaths:
- .metadata.annotations.[cert-manager.io/inject-ca-from]
options:
delimiter: '/'
index: 0
create: true
- source:
kind: Certificate
group: cert-manager.io
version: v1
name: serving-cert
fieldPath: .metadata.name
targets:
- select:
kind: MutatingWebhookConfiguration
fieldPaths:
- .metadata.annotations.[cert-manager.io/inject-ca-from]
options:
delimiter: '/'
index: 1
create: true
# - source: # Uncomment the following block if you have a ConversionWebhook (--conversion)
# kind: Certificate
# group: cert-manager.io
# version: v1
# name: serving-cert
# fieldPath: .metadata.namespace # Namespace of the certificate CR
# targets: # Do not remove or uncomment the following scaffold marker; required to generate code for target CRD.
# +kubebuilder:scaffold:crdkustomizecainjectionns
# - source:
# kind: Certificate
# group: cert-manager.io
# version: v1
# name: serving-cert
# fieldPath: .metadata.name
# targets: # Do not remove or uncomment the following scaffold marker; required to generate code for target CRD.
# +kubebuilder:scaffold:crdkustomizecainjectionname

View File

@ -0,0 +1,42 @@
# This patch inject a sidecar container which is a HTTP proxy for the
# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: kube-rbac-proxy
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.0
args:
- "--secure-listen-address=0.0.0.0:8443"
- "--upstream=http://127.0.0.1:8080/"
- "--logtostderr=true"
- "--v=0"
ports:
- containerPort: 8443
protocol: TCP
name: https
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 5m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
- name: manager
args:
- "--health-probe-bind-address=:8081"
- "--metrics-bind-address=127.0.0.1:8080"
- "--leader-elect"
- "--sidecar-cpu-limit=0.5" # cores
- "--sidecar-ram-limit=64M"
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true

View File

@ -1,4 +0,0 @@
# This patch adds the args to allow exposing the metrics endpoint using HTTPS
- op: add
path: /spec/template/spec/containers/0/args/0
value: --metrics-bind-address=:8443

View File

@ -1,31 +1,23 @@
# This patch ensures the webhook certificates are properly mounted in the manager container. apiVersion: apps/v1
# It configures the necessary arguments, volumes, volume mounts, and container ports. kind: Deployment
metadata:
# Add the --webhook-cert-path argument for configuring the webhook certificate path name: controller-manager
- op: add namespace: system
path: /spec/template/spec/containers/0/args/- spec:
value: --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs template:
spec:
# Add the volumeMount for the webhook certificates containers:
- op: add - name: manager
path: /spec/template/spec/containers/0/volumeMounts/- ports:
value: - containerPort: 9443
mountPath: /tmp/k8s-webhook-server/serving-certs name: webhook-server
name: webhook-certs protocol: TCP
readOnly: true volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
# Add the port configuration for the webhook server name: cert
- op: add readOnly: true
path: /spec/template/spec/containers/0/ports/- volumes:
value: - name: cert
containerPort: 9443 secret:
name: webhook-server defaultMode: 420
protocol: TCP secretName: webhook-server-cert
# Add the volume configuration for the webhook certificates
- op: add
path: /spec/template/spec/volumes/-
value:
name: webhook-certs
secret:
secretName: webhook-server-cert

View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Service
metadata:
labels:
control-plane: controller-manager
app.kubernetes.io/name: open-feature-operator
app.kubernetes.io/managed-by: kustomize
name: controller-manager-metrics-service
namespace: system
spec:
ports:
- name: https
port: 8443
protocol: TCP
targetPort: 8443
selector:
control-plane: controller-manager
app.kubernetes.io/name: open-feature-operator

View File

@ -0,0 +1,16 @@
# This patch add annotation to admission webhook config and
# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize.
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: mutating-webhook-configuration
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: validating-webhook-configuration
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)

View File

@ -1,17 +1,13 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources: resources:
- manager.yaml - manager.yaml
generatorOptions: generatorOptions:
disableNameSuffixHash: true disableNameSuffixHash: true
configMapGenerator: configMapGenerator:
- files: - files:
- controller_manager_config.yaml - controller_manager_config.yaml
name: manager-config name: manager-config
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images: images:
- name: controller - name: controller
newName: open-feature-operator-local newName: open-feature-operator-local

View File

@ -3,7 +3,6 @@ kind: Namespace
metadata: metadata:
labels: labels:
control-plane: controller-manager control-plane: controller-manager
app.kubernetes.io/name: open-feature-operator
name: system name: system
--- ---
apiVersion: apps/v1 apiVersion: apps/v1
@ -13,13 +12,10 @@ metadata:
namespace: system namespace: system
labels: labels:
control-plane: controller-manager control-plane: controller-manager
app.kubernetes.io/name: open-feature-operator
app.kubernetes.io/managed-by: kustomize
spec: spec:
selector: selector:
matchLabels: matchLabels:
control-plane: controller-manager control-plane: controller-manager
app.kubernetes.io/name: open-feature-operator
replicas: 1 replicas: 1
template: template:
metadata: metadata:
@ -27,8 +23,6 @@ spec:
kubectl.kubernetes.io/default-container: manager kubectl.kubernetes.io/default-container: manager
labels: labels:
control-plane: controller-manager control-plane: controller-manager
app.kubernetes.io/name: open-feature-operator
app.kubernetes.io/managed-by: kustomize
spec: spec:
securityContext: securityContext:
runAsNonRoot: true runAsNonRoot: true
@ -49,7 +43,6 @@ spec:
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
image: controller:main image: controller:main
name: manager name: manager
ports: []
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
runAsNonRoot: true runAsNonRoot: true
@ -74,7 +67,5 @@ spec:
requests: requests:
cpu: 10m cpu: 10m
memory: 64Mi memory: 64Mi
volumeMounts: []
volumes: []
serviceAccountName: controller-manager serviceAccountName: controller-manager
terminationGracePeriodSeconds: 10 terminationGracePeriodSeconds: 10

View File

@ -1,27 +0,0 @@
# This NetworkPolicy allows ingress traffic
# with Pods running on namespaces labeled with 'metrics: enabled'. Only Pods on those
# namespaces are able to gather data from the metrics endpoint.
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/name: open-feature-operator
app.kubernetes.io/managed-by: kustomize
name: allow-metrics-traffic
namespace: system
spec:
podSelector:
matchLabels:
control-plane: controller-manager
app.kubernetes.io/name: open-feature-operator
policyTypes:
- Ingress
ingress:
# This allows ingress traffic from any namespace with the label metrics: enabled
- from:
- namespaceSelector:
matchLabels:
metrics: enabled # Only from namespaces with this label
ports:
- port: 8443
protocol: TCP

View File

@ -1,27 +0,0 @@
# This NetworkPolicy allows ingress traffic to your webhook server running
# as part of the controller-manager from specific namespaces and pods. CR(s) which uses webhooks
# will only work when applied in namespaces labeled with 'webhook: enabled'
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/name: open-feature-operator
app.kubernetes.io/managed-by: kustomize
name: allow-webhook-traffic
namespace: system
spec:
podSelector:
matchLabels:
control-plane: controller-manager
app.kubernetes.io/name: open-feature-operator
policyTypes:
- Ingress
ingress:
# This allows ingress traffic from any namespace with the label webhook: enabled
- from:
- namespaceSelector:
matchLabels:
webhook: enabled # Only from namespaces with this label
ports:
- port: 443
protocol: TCP

View File

@ -1,2 +0,0 @@
resources:
- allow-metrics-traffic.yaml

View File

@ -1,21 +0,0 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml
spec:
dnsNames:
- SERVICE_NAME.{{ include "chart.namespace" . }}.svc
- SERVICE_NAME.{{ include "chart.namespace" . }}.svc.cluster.local
---
# The following manifests contain a self-signed issuer CR and a metrics certificate CR.
# More document can be found at https://docs.cert-manager.io
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: metrics-certs # this name should match the one appeared in kustomizeconfig.yaml
spec:
dnsNames:
# SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize
# replacements in the config/default/kustomization.yaml file.
- SERVICE_NAME.{{ include "chart.namespace" . }}.svc
- SERVICE_NAME.{{ include "chart.namespace" . }}.svc.cluster.local

View File

@ -1,5 +1,5 @@
# import the default deployment as the base # import the default deployment as the base
resources: bases:
- ../../default - ../../default
# replace the default namespace with {{ include "chart.namespace" . }} # replace the default namespace with {{ include "chart.namespace" . }}
@ -11,55 +11,15 @@ namespace: |-
# merge the exclude-ns.yaml with the existing namespace definition, this contains the `$patch: delete` directive allowing # merge the exclude-ns.yaml with the existing namespace definition, this contains the `$patch: delete` directive allowing
# for the helm chart to define the namespace conditionally (only deploys when no namespace is provided and the default # for the helm chart to define the namespace conditionally (only deploys when no namespace is provided and the default
# (open-feature-operator-system) is used # (open-feature-operator-system) is used
patches: patchesStrategicMerge:
- path: exclude-ns.yaml - exclude-ns.yaml
- path: manager.yaml - manager.yaml
- path: exclude-webhook-server-container-port.yaml - exclude-webhook-server-container-port.yaml
- path: exclude-validatingwebhook.yaml - exclude-validatingwebhook.yaml
- path: mutatingwebhook.yaml - mutatingwebhook.yaml
- path: certificate-patch.yaml
configMapGenerator: configMapGenerator:
- name: manager-config - name: manager-config
behavior: merge behavior: merge
files: files:
- controller_manager_config.yaml - controller_manager_config.yaml
replacements:
- source: # Uncomment the following block to enable certificates for metrics
kind: Service
version: v1
name: controller-manager-metrics-service
fieldPath: metadata.name
targets:
- select:
kind: Certificate
group: cert-manager.io
version: v1
name: metrics-certs
fieldPaths:
- spec.dnsNames.0
- spec.dnsNames.1
options:
delimiter: '.'
index: 0
create: true
- source: # Uncomment the following block if you have any webhook
kind: Service
version: v1
name: webhook-service
fieldPath: .metadata.name # Name of the service
targets:
- select:
kind: Certificate
group: cert-manager.io
version: v1
name: serving-cert
fieldPaths:
- spec.dnsNames.0
- spec.dnsNames.1
options:
delimiter: '.'
index: 0
create: true

View File

@ -115,3 +115,12 @@ spec:
- --metrics-bind-address=:{{ .Values.managerConfig.controllerManagerConfigYaml.metrics.bindPort }} - --metrics-bind-address=:{{ .Values.managerConfig.controllerManagerConfigYaml.metrics.bindPort }}
- --labels={{ $labelKeys := keys .Values.labels -}}{{- $labelPairs := list -}}{{- range $key := $labelKeys -}}{{- $labelPairs = append $labelPairs (printf "%s:%s" $key (index $.Values.labels $key)) -}}{{- end -}}{{- join "," $labelPairs }} - --labels={{ $labelKeys := keys .Values.labels -}}{{- $labelPairs := list -}}{{- range $key := $labelKeys -}}{{- $labelPairs = append $labelPairs (printf "%s:%s" $key (index $.Values.labels $key)) -}}{{- end -}}{{- join "," $labelPairs }}
- --annotations={{ $annotationKeys := keys .Values.annotations -}}{{- $annotationPairs := list -}}{{- range $key := $annotationKeys -}}{{- $annotationPairs = append $annotationPairs (printf "%s:%s" $key (index $.Values.annotations $key)) -}}{{- end -}}{{- join "," $annotationPairs }} - --annotations={{ $annotationKeys := keys .Values.annotations -}}{{- $annotationPairs := list -}}{{- range $key := $annotationKeys -}}{{- $annotationPairs = append $annotationPairs (printf "%s:%s" $key (index $.Values.annotations $key)) -}}{{- end -}}{{- join "," $annotationPairs }}
- name: kube-rbac-proxy
image: "{{ .Values.controllerManager.kubeRbacProxy.image.repository }}:{{ .Values.controllerManager.kubeRbacProxy.image.tag }}"
resources:
limits:
cpu: "{{ .Values.controllerManager.kubeRbacProxy.resources.limits.cpu }}"
memory: "{{ .Values.controllerManager.kubeRbacProxy.resources.limits.memory }}"
requests:
cpu: "{{ .Values.controllerManager.kubeRbacProxy.resources.requests.cpu }}"
memory: "{{ .Values.controllerManager.kubeRbacProxy.resources.requests.memory }}"

View File

@ -2,8 +2,6 @@ apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration kind: MutatingWebhookConfiguration
metadata: metadata:
name: mutating-webhook-configuration name: mutating-webhook-configuration
annotations:
cert-manager.io/inject-ca-from: "___'{{ include \"chart.namespace\" . }}/open-feature-operator-serving-cert'___"
webhooks: webhooks:
- name: mutate.openfeature.dev - name: mutate.openfeature.dev
failurePolicy: "___{{ .Values.mutatingWebhook.failurePolicy }}___" failurePolicy: "___{{ .Values.mutatingWebhook.failurePolicy }}___"

View File

@ -1,11 +1,2 @@
resources: resources:
- monitor.yaml - monitor.yaml
# [PROMETHEUS-WITH-CERTS] The following patch configures the ServiceMonitor in ../prometheus
# to securely reference certificates created and managed by cert-manager.
# Additionally, ensure that you uncomment the [METRICS WITH CERTMANAGER] patch under config/default/kustomization.yaml
# to mount the "metrics-server-cert" secret in the Manager Deployment.
patches:
- path: monitor_tls_patch.yaml
target:
kind: ServiceMonitor

View File

@ -1,27 +1,20 @@
# Prometheus Monitor Service (Metrics) # Prometheus Monitor Service (Metrics)
apiVersion: monitoring.coreos.com/v1 apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor kind: ServiceMonitor
metadata: metadata:
labels: labels:
control-plane: controller-manager control-plane: controller-manager
app.kubernetes.io/name: open-feature-operator
app.kubernetes.io/managed-by: kustomize
name: controller-manager-metrics-monitor name: controller-manager-metrics-monitor
namespace: system namespace: system
spec: spec:
endpoints: endpoints:
- path: /metrics - path: /metrics
port: https # Ensure this is the name of the port that exposes HTTPS metrics port: https
scheme: https scheme: https
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
tlsConfig: tlsConfig:
# TODO(user): The option insecureSkipVerify: true is not recommended for production since it disables
# certificate verification, exposing the system to potential man-in-the-middle attacks.
# For production environments, it is recommended to use cert-manager for automatic TLS certificate management.
# To apply this configuration, enable cert-manager and use the patch located at config/prometheus/servicemonitor_tls_patch.yaml,
# which securely references the certificate from the 'metrics-server-cert' secret.
insecureSkipVerify: true insecureSkipVerify: true
selector: selector:
matchLabels: matchLabels:
control-plane: controller-manager control-plane: controller-manager
app.kubernetes.io/name: open-feature-operator

View File

@ -1,22 +0,0 @@
# Patch for Prometheus ServiceMonitor to enable secure TLS configuration
# using certificates managed by cert-manager
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: controller-manager-metrics-monitor
namespace: system
spec:
endpoints:
- tlsConfig:
insecureSkipVerify: false
ca:
secret:
name: metrics-server-cert
key: ca.crt
cert:
secret:
name: metrics-server-cert
key: tls.crt
keySecret:
name: metrics-server-cert
key: tls.key

View File

@ -8,7 +8,6 @@ apiVersion: core.openfeature.dev/v1beta1
kind: FeatureFlag kind: FeatureFlag
metadata: metadata:
name: featureflag-sample name: featureflag-sample
namespace: open-feature-demo
spec: spec:
flagSpec: flagSpec:
flags: flags:
@ -26,7 +25,7 @@ metadata:
namespace: open-feature-demo namespace: open-feature-demo
spec: spec:
sources: sources:
- source: open-feature-demo/featureflag-sample - source: open-feature-demo/end-to-end
provider: kubernetes provider: kubernetes
--- ---
# Deployment of a demo-app using our custom resource # Deployment of a demo-app using our custom resource
@ -79,4 +78,4 @@ kind: ServiceAccount
metadata: metadata:
name: open-feature-demo-sa name: open-feature-demo-sa
namespace: open-feature-demo namespace: open-feature-demo
automountServiceAccountToken: true automountServiceAccountToken: true

View File

@ -4,3 +4,6 @@ resources:
configurations: configurations:
- kustomizeconfig.yaml - kustomizeconfig.yaml
commonAnnotations:
cert-manager.io/inject-ca-from: open-feature-operator-system/webhook-cert

View File

@ -20,3 +20,6 @@ namespace:
group: admissionregistration.k8s.io group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/namespace path: webhooks/clientConfig/service/namespace
create: true create: true
varReference:
- path: metadata/annotations

View File

@ -1,11 +1,9 @@
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: webhook-service name: webhook-service
namespace: system namespace: system
labels:
app.kubernetes.io/name: openfeature-operator
app.kubernetes.io/managed-by: kustomize
spec: spec:
ports: ports:
- port: 443 - port: 443
@ -13,4 +11,3 @@ spec:
targetPort: 9443 targetPort: 9443
selector: selector:
control-plane: controller-manager control-plane: controller-manager
app.kubernetes.io/name: open-feature-operator

View File

@ -24,9 +24,9 @@ import (
"github.com/go-logr/logr" "github.com/go-logr/logr"
api "github.com/open-feature/open-feature-operator/apis/core/v1beta1" api "github.com/open-feature/open-feature-operator/apis/core/v1beta1"
"github.com/open-feature/open-feature-operator/internal/common" "github.com/open-feature/open-feature-operator/common"
"github.com/open-feature/open-feature-operator/internal/common/flagdproxy" "github.com/open-feature/open-feature-operator/common/flagdproxy"
"github.com/open-feature/open-feature-operator/internal/common/utils" "github.com/open-feature/open-feature-operator/common/utils"
appsV1 "k8s.io/api/apps/v1" appsV1 "k8s.io/api/apps/v1"
"k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
@ -50,7 +50,7 @@ type FeatureFlagSourceReconciler struct {
} }
// renovate: datasource=github-tags depName=open-feature/flagd/flagd-proxy // renovate: datasource=github-tags depName=open-feature/flagd/flagd-proxy
const flagdProxyTag = "v0.7.4" const flagdProxyTag = "v0.6.4"
//+kubebuilder:rbac:groups=core.openfeature.dev,resources=featureflagsources,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=core.openfeature.dev,resources=featureflagsources,verbs=get;list;watch;create;update;patch;delete
//+kubebuilder:rbac:groups=core.openfeature.dev,resources=featureflagsources/status,verbs=get;update;patch //+kubebuilder:rbac:groups=core.openfeature.dev,resources=featureflagsources/status,verbs=get;update;patch

View File

@ -8,10 +8,10 @@ import (
api "github.com/open-feature/open-feature-operator/apis/core/v1beta1" api "github.com/open-feature/open-feature-operator/apis/core/v1beta1"
apicommon "github.com/open-feature/open-feature-operator/apis/core/v1beta1/common" apicommon "github.com/open-feature/open-feature-operator/apis/core/v1beta1/common"
"github.com/open-feature/open-feature-operator/internal/common" "github.com/open-feature/open-feature-operator/common"
"github.com/open-feature/open-feature-operator/internal/common/flagdproxy" "github.com/open-feature/open-feature-operator/common/flagdproxy"
commontypes "github.com/open-feature/open-feature-operator/internal/common/types" commontypes "github.com/open-feature/open-feature-operator/common/types"
"github.com/open-feature/open-feature-operator/internal/common/utils" "github.com/open-feature/open-feature-operator/common/utils"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
appsv1 "k8s.io/api/apps/v1" appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"

View File

@ -1,9 +1,9 @@
package flagd package flagd
import ( import (
"github.com/open-feature/open-feature-operator/internal/common" "github.com/open-feature/open-feature-operator/common"
"github.com/open-feature/open-feature-operator/internal/common/types" "github.com/open-feature/open-feature-operator/common/types"
resources "github.com/open-feature/open-feature-operator/internal/controller/core/flagd/common" resources "github.com/open-feature/open-feature-operator/controllers/core/flagd/common"
) )
func NewFlagdConfiguration(env types.EnvConfig, imagePullSecrets []string, labels map[string]string, annotations map[string]string) resources.FlagdConfiguration { func NewFlagdConfiguration(env types.EnvConfig, imagePullSecrets []string, labels map[string]string, annotations map[string]string) resources.FlagdConfiguration {

View File

@ -22,8 +22,8 @@ import (
"github.com/go-logr/logr" "github.com/go-logr/logr"
api "github.com/open-feature/open-feature-operator/apis/core/v1beta1" api "github.com/open-feature/open-feature-operator/apis/core/v1beta1"
resources2 "github.com/open-feature/open-feature-operator/internal/controller/core/flagd/common" resources2 "github.com/open-feature/open-feature-operator/controllers/core/flagd/common"
"github.com/open-feature/open-feature-operator/internal/controller/core/flagd/resources" "github.com/open-feature/open-feature-operator/controllers/core/flagd/resources"
appsv1 "k8s.io/api/apps/v1" appsv1 "k8s.io/api/apps/v1"
v1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1"
networkingv1 "k8s.io/api/networking/v1" networkingv1 "k8s.io/api/networking/v1"

View File

@ -10,9 +10,9 @@ import (
"github.com/golang/mock/gomock" "github.com/golang/mock/gomock"
api "github.com/open-feature/open-feature-operator/apis/core/v1beta1" api "github.com/open-feature/open-feature-operator/apis/core/v1beta1"
resources "github.com/open-feature/open-feature-operator/internal/controller/core/flagd/common" resources "github.com/open-feature/open-feature-operator/controllers/core/flagd/common"
commonmock "github.com/open-feature/open-feature-operator/internal/controller/core/flagd/mock" commonmock "github.com/open-feature/open-feature-operator/controllers/core/flagd/mock"
resourcemock "github.com/open-feature/open-feature-operator/internal/controller/core/flagd/resources/mock" resourcemock "github.com/open-feature/open-feature-operator/controllers/core/flagd/resources/mock"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
appsv1 "k8s.io/api/apps/v1" appsv1 "k8s.io/api/apps/v1"
v1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1"

View File

@ -6,11 +6,11 @@ package commonmock
import ( import (
context "context" context "context"
"github.com/open-feature/open-feature-operator/internal/controller/core/flagd/resources"
reflect "reflect" reflect "reflect"
gomock "github.com/golang/mock/gomock" gomock "github.com/golang/mock/gomock"
v1beta1 "github.com/open-feature/open-feature-operator/apis/core/v1beta1" v1beta1 "github.com/open-feature/open-feature-operator/apis/core/v1beta1"
resources "github.com/open-feature/open-feature-operator/controllers/core/flagd/resources"
client "sigs.k8s.io/controller-runtime/pkg/client" client "sigs.k8s.io/controller-runtime/pkg/client"
) )

View File

@ -6,8 +6,8 @@ import (
"github.com/go-logr/logr" "github.com/go-logr/logr"
api "github.com/open-feature/open-feature-operator/apis/core/v1beta1" api "github.com/open-feature/open-feature-operator/apis/core/v1beta1"
"github.com/open-feature/open-feature-operator/internal/common" "github.com/open-feature/open-feature-operator/common"
"github.com/open-feature/open-feature-operator/internal/controller/core/flagd/resources" "github.com/open-feature/open-feature-operator/controllers/core/flagd/resources"
"k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
"sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client"

View File

@ -7,8 +7,8 @@ import (
"github.com/golang/mock/gomock" "github.com/golang/mock/gomock"
api "github.com/open-feature/open-feature-operator/apis/core/v1beta1" api "github.com/open-feature/open-feature-operator/apis/core/v1beta1"
"github.com/open-feature/open-feature-operator/internal/common" "github.com/open-feature/open-feature-operator/common"
resourcemock "github.com/open-feature/open-feature-operator/internal/controller/core/flagd/resources/mock" resourcemock "github.com/open-feature/open-feature-operator/controllers/core/flagd/resources/mock"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

View File

@ -8,9 +8,9 @@ import (
"github.com/go-logr/logr" "github.com/go-logr/logr"
api "github.com/open-feature/open-feature-operator/apis/core/v1beta1" api "github.com/open-feature/open-feature-operator/apis/core/v1beta1"
"github.com/open-feature/open-feature-operator/internal/common" "github.com/open-feature/open-feature-operator/common"
"github.com/open-feature/open-feature-operator/internal/common/flagdinjector" "github.com/open-feature/open-feature-operator/common/flagdinjector"
"github.com/open-feature/open-feature-operator/internal/controller/core/flagd/common" resources "github.com/open-feature/open-feature-operator/controllers/core/flagd/common"
"golang.org/x/exp/maps" "golang.org/x/exp/maps"
appsv1 "k8s.io/api/apps/v1" appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"

Some files were not shown because too many files have changed in this diff Show More