- Upgrade golang 1.25.5

- Upgrade required rependencies
- Upgdate generated files
- Increment cm resources

Signed-off-by: Marcos Yacob <marcosyacob@gmail.com>

.go-version

@@ -1 +1 @@
-1.24.5
+1.25.5

Makefile

@@ -80,7 +80,7 @@ endif
 go_version := $(shell cat .go-version)
 build_dir := $(DIR)/.build/$(os1)-$(arch1)
 
-golangci_lint_version = v2.3.1
+golangci_lint_version = v2.6.1
 golangci_lint_dir = $(build_dir)/golangci_lint/$(golangci_lint_version)
 golangci_lint_bin = $(golangci_lint_dir)/golangci-lint
 golangci_lint_cache = $(golangci_lint_dir)/cache
@@ -100,11 +100,11 @@ $(golangci_lint_bin):
 
 .PHONY: manifests
 manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
-	$(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
+	"$(CONTROLLER_GEN)" rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
 
 .PHONY: generate
 generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
-	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
+	"$(CONTROLLER_GEN)" object:headerFile="hack/boilerplate.go.txt" paths="./..."
 
 .PHONY: fmt
 fmt: ## Run go fmt against code.
@@ -218,7 +218,7 @@ ENVTEST ?= $(LOCALBIN)/setup-envtest
 
 ## Tool Versions
 KUSTOMIZE_VERSION ?= v5.1.1
-CONTROLLER_TOOLS_VERSION ?= v0.14.0
+CONTROLLER_TOOLS_VERSION ?= v0.19.0
 
 .PHONY: kustomize
 kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. If wrong version is installed, it will be removed before downloading.

api/v1alpha1/clusterspiffeid_types.go

@@ -31,11 +31,11 @@ type ClusterSPIFFEIDSpec struct {
 
 	// TTL indicates an upper-bound time-to-live for X509 SVIDs minted for this
 	// ClusterSPIFFEID. If unset, a default will be chosen.
-	TTL metav1.Duration `json:"ttl"`
+	TTL metav1.Duration `json:"ttl,omitempty"`
 
 	// JWTTTL indicates an upper-bound time-to-live for JWT SVIDs minted for this
 	// ClusterSPIFFEID.
-	JWTTTL metav1.Duration `json:"jwtTtl"`
+	JWTTTL metav1.Duration `json:"jwtTtl,omitempty"`
 
 	// DNSNameTemplate represents templates for extra DNS names that are
 	// applicable to SVIDs minted for this ClusterSPIFFEID.

api/v1alpha1/clusterstaticentry_types.go

@@ -29,8 +29,8 @@ type ClusterStaticEntrySpec struct {
 	ParentID      string          `json:"parentID"`
 	Selectors     []string        `json:"selectors"`
 	FederatesWith []string        `json:"federatesWith,omitempty"`
-	X509SVIDTTL   metav1.Duration `json:"x509SVIDTTL"`
-	JWTSVIDTTL    metav1.Duration `json:"jwtSVIDTTL"`
+	X509SVIDTTL   metav1.Duration `json:"x509SVIDTTL,omitempty"`
+	JWTSVIDTTL    metav1.Duration `json:"jwtSVIDTTL,omitempty"`
 	DNSNames      []string        `json:"dnsNames,omitempty"`
 	Hint          string          `json:"hint,omitempty"`
 	Admin         bool            `json:"admin,omitempty"`

api/v1alpha1/controllermanagerconfig_types.go

@@ -86,6 +86,7 @@ type ControllerManagerConfigurationSpec struct {
 
 	// CacheNamespace if specified restricts the manager's cache to watch objects in
 	// the desired namespace. Defaults to all namespaces.
+	//
 	// Deprecated: use cacheNamespaces instead
 	//
 	// Note: If a namespace is specified, controllers can still Watch for a

config/crd/bases/spire.spiffe.io_clusterfederatedtrustdomains.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.19.0
   name: clusterfederatedtrustdomains.spire.spiffe.io
 spec:
   group: spire.spiffe.io
@@ -92,6 +92,10 @@ spec:
             description: ClusterFederatedTrustDomainStatus defines the observed state
               of ClusterFederatedTrustDomain
             type: object
+        required:
+        - metadata
+        - spec
+        - status
         type: object
     served: true
     storage: true

config/crd/bases/spire.spiffe.io_clusterspiffeids.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.19.0
   name: clusterspiffeids.spire.spiffe.io
 spec:
   group: spire.spiffe.io
@@ -52,11 +52,6 @@ spec:
               className:
                 description: Set which Controller Class will act on this object
                 type: string
-              fallback:
-                description: |-
-                  Apply this ID only if there are no other matching non fallback
-                  ClusterSPIFFEIDs
-                type: boolean
               dnsNameTemplates:
                 description: |-
                   DNSNameTemplate represents templates for extra DNS names that are
@@ -70,6 +65,10 @@ spec:
                 description: Downstream indicates that the entry describes a downstream
                   SPIRE server.
                 type: boolean
+              fallback:
+                description: Apply this ID only if there are no other matching non
+                  fallback ClusterSPIFFEIDs.
+                type: boolean
               federatesWith:
                 description: |-
                   FederatesWith is a list of trust domain names that workloads that
@@ -78,8 +77,7 @@ spec:
                   type: string
                 type: array
               hint:
-                description: |-
-                  Set the entry hint
+                description: Set the entry hint
                 type: string
               jwtTtl:
                 description: |-
@@ -117,11 +115,13 @@ spec:
                           items:
                             type: string
                           type: array
+                          x-kubernetes-list-type: atomic
                       required:
                       - key
                       - operator
                       type: object
                     type: array
+                    x-kubernetes-list-type: atomic
                   matchLabels:
                     additionalProperties:
                       type: string
@@ -163,11 +163,13 @@ spec:
                           items:
                             type: string
                           type: array
+                          x-kubernetes-list-type: atomic
                       required:
                       - key
                       - operator
                       type: object
                     type: array
+                    x-kubernetes-list-type: atomic
                   matchLabels:
                     additionalProperties:
                       type: string
@@ -246,6 +248,9 @@ spec:
                     type: integer
                 type: object
             type: object
+        required:
+        - metadata
+        - spec
         type: object
     served: true
     storage: true

config/crd/bases/spire.spiffe.io_clusterstaticentries.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.19.0
   name: clusterstaticentries.spire.spiffe.io
 spec:
   group: spire.spiffe.io
@@ -93,6 +93,10 @@ spec:
             - rendered
             - set
             type: object
+        required:
+        - metadata
+        - spec
+        - status
         type: object
     served: true
     storage: true

config/rbac/role.yaml

@@ -8,29 +8,8 @@ rules:
   - ""
   resources:
   - endpoints
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ""
-  resources:
   - namespaces
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ""
-  resources:
   - nodes
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ""
-  resources:
   - pods
   verbs:
   - get
@@ -49,57 +28,7 @@ rules:
   - spire.spiffe.io
   resources:
   - clusterfederatedtrustdomains
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - spire.spiffe.io
-  resources:
-  - clusterfederatedtrustdomains/finalizers
-  verbs:
-  - update
-- apiGroups:
-  - spire.spiffe.io
-  resources:
-  - clusterfederatedtrustdomains/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - spire.spiffe.io
-  resources:
   - clusterspiffeids
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - spire.spiffe.io
-  resources:
-  - clusterspiffeids/finalizers
-  verbs:
-  - update
-- apiGroups:
-  - spire.spiffe.io
-  resources:
-  - clusterspiffeids/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - spire.spiffe.io
-  resources:
   - clusterstaticentries
   verbs:
   - create
@@ -112,12 +41,16 @@ rules:
 - apiGroups:
   - spire.spiffe.io
   resources:
+  - clusterfederatedtrustdomains/finalizers
+  - clusterspiffeids/finalizers
   - clusterstaticentries/finalizers
   verbs:
   - update
 - apiGroups:
   - spire.spiffe.io
   resources:
+  - clusterfederatedtrustdomains/status
+  - clusterspiffeids/status
   - clusterstaticentries/status
   verbs:
   - get

demo/config/cluster1/crd/spire.spiffe.io_clusterfederatedtrustdomains.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.19.0
   name: clusterfederatedtrustdomains.spire.spiffe.io
 spec:
   group: spire.spiffe.io
@@ -28,14 +28,19 @@ spec:
           API
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
@@ -47,8 +52,9 @@ spec:
                 description: BundleEndpointProfile is the profile for the bundle endpoint.
                 properties:
                   endpointSPIFFEID:
-                    description: EndpointSPIFFEID is the SPIFFE ID of the bundle endpoint.
-                      It is required for the "https_spiffe" profile.
+                    description: |-
+                      EndpointSPIFFEID is the SPIFFE ID of the bundle endpoint. It is
+                      required for the "https_spiffe" profile.
                     type: string
                   type:
                     description: Type is the type of the bundle endpoint profile.
@@ -60,8 +66,9 @@ spec:
                 - type
                 type: object
               bundleEndpointURL:
-                description: BundleEndpointURL is the URL of the bundle endpoint.
-                  It must be an HTTPS URL and cannot contain userinfo (i.e. username/password).
+                description: |-
+                  BundleEndpointURL is the URL of the bundle endpoint. It must be an
+                  HTTPS URL and cannot contain userinfo (i.e. username/password).
                 type: string
               className:
                 description: Set which Controller Class will act on this object
@@ -72,9 +79,9 @@ spec:
                 pattern: '[a-z0-9._-]{1,255}'
                 type: string
               trustDomainBundle:
-                description: TrustDomainBundle is the contents of the bundle for the
-                  referenced trust domain. This field is optional when the resource
-                  is created.
+                description: |-
+                  TrustDomainBundle is the contents of the bundle for the referenced trust
+                  domain. This field is optional when the resource is created.
                 type: string
             required:
             - bundleEndpointProfile
@@ -85,6 +92,10 @@ spec:
             description: ClusterFederatedTrustDomainStatus defines the observed state
               of ClusterFederatedTrustDomain
             type: object
+        required:
+        - metadata
+        - spec
+        - status
         type: object
     served: true
     storage: true