chore: Update to stackable-operator 0.95.0

Cargo.toml

@@ -11,7 +11,7 @@ edition = "2021"
 repository = "https://github.com/stackabletech/secret-operator"
 
 [workspace.dependencies]
-stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", features = ["time", "telemetry"], tag = "stackable-operator-0.94.0" }
+stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", features = ["time", "telemetry"], tag = "stackable-operator-0.95.0" }
 krb5 = { git = "https://github.com/stackabletech/krb5-rs.git", tag = "v0.1.0" }
 
 anyhow = "1.0"
@@ -28,8 +28,8 @@ libc = "0.2"
 native-tls = "0.2"
 openssl = "0.10"
 pin-project = "1.1"
-prost = "0.13"
-prost-types = "0.13"
+prost = "0.14"
+prost-types = "0.14"
 rand = "0.9"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
@@ -42,9 +42,10 @@ tempfile = "3.12"
 time = { version = "0.3", features = ["parsing"] }
 tokio = { version = "1.40", features = ["full"] }
 tokio-stream = { version = "0.1", features = ["net"] }
-tonic = "0.13"
-tonic-build = "0.13"
-tonic-reflection = "0.13"
+tonic = "0.14"
+tonic-prost = "0.14"
+tonic-prost-build = "0.14"
+tonic-reflection = "0.14"
 tracing = "0.1"
 tracing-subscriber = "0.3"
 walkdir = "2.5.0"

deploy/helm/secret-operator/templates/daemonset.yaml

@@ -34,11 +34,36 @@ spec:
           resources:
             {{ .Values.node.driver.resources | toYaml | nindent 12 }}
           env:
+            # The following env vars are passed as clap (think CLI) arguments to the operator.
+            # They are picked up by clap using the structs defied in the operator.
+            # (which is turn pulls in https://github.com/stackabletech/operator-rs/blob/main/crates/stackable-operator/src/cli.rs)
+            # You can read there about the expected values and purposes.
+
             - name: CSI_ENDPOINT
               value: /csi/csi.sock
             - name: PRIVILEGED
               value: {{ .Values.securityContext.privileged | quote }}
 
+            # Sometimes products need to know the operator image, e.g. the opa-bundle-builder OPA
+            # sidecar uses the operator image.
+            - name: OPERATOR_IMAGE
+              # Tilt can use annotations as image paths, but not env variables
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.annotations['internal.stackable.tech/image']
+
+            # Namespace the operator Pod is running in, e.g. used to construct the conversion
+            # webhook endpoint.
+            - name: OPERATOR_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+
+            # The name of the Kubernetes Service that point to the operator Pod, e.g. used to
+            # construct the conversion webhook endpoint.
+            - name: OPERATOR_SERVICE_NAME
+              value: {{ include "operator.fullname" . }}
+
             # Operators need to know the node name they are running on, to e.g. discover the
             # Kubernetes domain name from the kubelet API.
             - name: KUBERNETES_NODE_NAME

rust/olm-deployer/src/main.rs

@@ -31,7 +31,7 @@ use stackable_operator::{
         discovery::{ApiResource, Discovery, Scope},
     },
     telemetry::{Tracing, tracing::TelemetryOptions},
-    utils::cluster_info::KubernetesClusterInfoOpts,
+    utils::cluster_info::KubernetesClusterInfoOptions,
 };
 
 pub const APP_NAME: &str = "stkbl-secret-olm-deployer";
@@ -70,10 +70,10 @@ struct OlmDeployerRun {
     dir: std::path::PathBuf,
 
     #[command(flatten)]
-    pub telemetry_arguments: TelemetryOptions,
+    pub telemetry: TelemetryOptions,
 
     #[command(flatten)]
-    pub cluster_info_opts: KubernetesClusterInfoOpts,
+    pub cluster_info: KubernetesClusterInfoOptions,
 }
 
 #[tokio::main]
@@ -84,16 +84,15 @@ async fn main() -> Result<()> {
         csv,
         namespace,
         dir,
-        telemetry_arguments,
-        cluster_info_opts,
+        telemetry,
+        cluster_info,
     }) = opts.cmd
     {
         // NOTE (@NickLarsenNZ): Before stackable-telemetry was used:
         // - The console log level was set by `STKBL_SECRET_OLM_DEPLOYER_LOG`, and is now `CONSOLE_LOG` (when using Tracing::pre_configured).
         // - The file log level was set by `STKBL_SECRET_OLM_DEPLOYER_LOG`, and is now set via `FILE_LOG` (when using Tracing::pre_configured).
         // - The file log directory was set by `STKBL_SECRET_OLM_DEPLOYER_LOG_DIRECTORY`, and is now set by `ROLLING_LOGS_DIR` (or via `--rolling-logs <DIRECTORY>`).
-        let _tracing_guard =
-            Tracing::pre_configured(built_info::PKG_NAME, telemetry_arguments).init()?;
+        let _tracing_guard = Tracing::pre_configured(built_info::PKG_NAME, telemetry).init()?;
 
         tracing::info!(
             built_info.pkg_version = built_info::PKG_VERSION,
@@ -105,8 +104,7 @@ async fn main() -> Result<()> {
             description = built_info::PKG_DESCRIPTION
         );
 
-        let client =
-            client::initialize_operator(Some(APP_NAME.to_string()), &cluster_info_opts).await?;
+        let client = client::initialize_operator(Some(APP_NAME.to_string()), &cluster_info).await?;
 
         let deployment = get_deployment(&csv, &namespace, &client).await?;
         let cluster_role = get_cluster_role(&csv, &client).await?;

rust/operator-binary/Cargo.toml

@@ -35,8 +35,9 @@ tempfile.workspace = true
 time.workspace = true
 tokio-stream.workspace = true
 tokio.workspace = true
-tonic-reflection.workspace = true
 tonic.workspace = true
+tonic-prost.workspace = true
+tonic-reflection.workspace = true
 tracing.workspace = true
 uuid.workspace = true
 yasna.workspace = true
@@ -48,6 +49,6 @@ serde_yaml.workspace = true
 
 [build-dependencies]
 built.workspace = true
-tonic-build.workspace = true
+tonic-prost-build.workspace = true
 
 [features]

rust/operator-binary/build.rs

@@ -4,7 +4,7 @@ use std::path::PathBuf;
 
 fn main() {
     let out_dir = PathBuf::from(std::env::var("OUT_DIR").expect("OUT_DIR is required"));
-    tonic_build::configure()
+    tonic_prost_build::configure()
         .file_descriptor_set_path(out_dir.join("file_descriptor_set.bin"))
         .compile_protos(&["vendor/csi/csi.proto"], &["vendor/csi"])
         .unwrap();

rust/operator-binary/src/backend/cert_manager.rs

@@ -9,7 +9,7 @@ use snafu::{OptionExt, ResultExt, Snafu};
 use stackable_operator::{
     k8s_openapi::{ByteString, api::core::v1::Secret},
     kube::{api::ObjectMeta, runtime::reflector::ObjectRef},
-    time::Duration,
+    shared::time::Duration,
 };
 
 use super::{

rust/operator-binary/src/backend/mod.rs

@@ -23,7 +23,7 @@ use stackable_operator::{
     crd::listener,
     k8s_openapi::chrono::{DateTime, FixedOffset},
     kube::api::DynamicObject,
-    time::Duration,
+    shared::time::Duration,
 };
 pub use tls::TlsGenerate;
 

rust/operator-binary/src/backend/tls/ca.rs

@@ -30,7 +30,7 @@ use stackable_operator::{
         },
         runtime::reflector::ObjectRef,
     },
-    time::Duration,
+    shared::time::Duration,
 };
 use stackable_secret_operator_crd_utils::{ConfigMapReference, SecretReference};
 use time::OffsetDateTime;

rust/operator-binary/src/backend/tls/mod.rs

@@ -23,7 +23,7 @@ use rand::Rng;
 use snafu::{OptionExt, ResultExt, Snafu};
 use stackable_operator::{
     k8s_openapi::chrono::{self, FixedOffset, TimeZone},
-    time::Duration,
+    shared::time::Duration,
 };
 use time::OffsetDateTime;
 

rust/operator-binary/src/crd.rs

@@ -7,7 +7,7 @@ use stackable_operator::{
     k8s_openapi::api::core::v1::{ConfigMap, Secret},
     kube::{CustomResource, api::PartialObjectMeta},
     schemars::{self, JsonSchema, schema::Schema},
-    time::Duration,
+    shared::time::Duration,
 };
 use stackable_secret_operator_crd_utils::{ConfigMapReference, SecretReference};
 

rust/operator-binary/src/main.rs

@@ -75,16 +75,16 @@ async fn main() -> anyhow::Result<()> {
                 ProductOperatorRun {
                     product_config: _,
                     watch_namespace,
-                    telemetry_arguments,
-                    cluster_info_opts,
+                    operator_environment: _,
+                    telemetry,
+                    cluster_info,
                 },
         }) => {
             // NOTE (@NickLarsenNZ): Before stackable-telemetry was used:
             // - The console log level was set by `SECRET_PROVISIONER_LOG`, and is now `CONSOLE_LOG` (when using Tracing::pre_configured).
             // - The file log level was set by `SECRET_PROVISIONER_LOG`, and is now set via `FILE_LOG` (when using Tracing::pre_configured).
             // - The file log directory was set by `SECRET_PROVISIONER_LOG_DIRECTORY`, and is now set by `ROLLING_LOGS_DIR` (or via `--rolling-logs <DIRECTORY>`).
-            let _tracing_guard =
-                Tracing::pre_configured(built_info::PKG_NAME, telemetry_arguments).init()?;
+            let _tracing_guard = Tracing::pre_configured(built_info::PKG_NAME, telemetry).init()?;
 
             tracing::info!(
                 built_info.pkg_version = built_info::PKG_VERSION,
@@ -98,7 +98,7 @@ async fn main() -> anyhow::Result<()> {
 
             let client = stackable_operator::client::initialize_operator(
                 Some(OPERATOR_NAME.to_string()),
-                &cluster_info_opts,
+                &cluster_info,
             )
             .await?;
             if csi_endpoint
@@ -122,7 +122,7 @@ async fn main() -> anyhow::Result<()> {
                     }))
                     .add_service(NodeServer::new(SecretProvisionerNode {
                         client: client.clone(),
-                        node_name: cluster_info_opts.kubernetes_node_name.to_owned(),
+                        node_name: cluster_info.kubernetes_node_name.to_owned(),
                         privileged,
                     }))
                     .serve_with_incoming_shutdown(