Meta Issue for k8s 1.29 bump

[Neo2308]

Meta Issue for k8s 1.29 bump

In order to bump Operator SDK to support Kubernetes 1.29 there are a few dependencies we rely on making the bump first. This issue is meant to help track all dependencies and the status of their bumps.

Order of dependency bumps

Step 1: upgrade controller-runtime, controller-tools, helm, and operator-framework/operator-manifest-tools(can be done in parallel)

• [x] sigs.k8s.io/controller-runtime (https://github.com/kubernetes-sigs/controller-runtime/issues/2640)
• [x] sigs.k8s.io/controller-tools (https://github.com/kubernetes-sigs/controller-tools/pull/872)
• [x] operator-framework/operator-manifest-tools(https://github.com/operator-framework/operator-manifest-tools/pull/51)

Step 2: upgrade operator-framework/api and sigs.k8s.io/kubebuilder-declarative-pattern (can be done immediately after controller-runtime)

• [x] operator-framework/api (https://github.com/operator-framework/api/pull/319)
• [x] sigs.k8s.io/kubebuilder-declarative-pattern

Step 3.1: upgrade operator-framework/operator-registry and operator-framework/operator-lib (can be done immediately after operator-framework/api)

• [x] operator-framework/operator-registry
• [x] operator-framework/operator-lib (https://github.com/operator-framework/operator-lib/pull/167)

Step 3.2: upgrade kubebuilder (blocked until kubebuilder-declarative-pattern is bumped)

• [x] sigs.k8s.io/kubebuilder/v3 (https://github.com/kubernetes-sigs/kubebuilder/pull/3749)

Step 4: upgrade operator-framework plugins

• [x] operator-framework/ansible-operator-plugins (https://github.com/operator-framework/ansible-operator-plugins/pull/67)
• [x] operator-framework/helm-operator-plugins (https://github.com/operator-framework/helm-operator-plugins/pull/303)
• [x] operator-framework/java-operator-plugins (https://github.com/operator-framework/java-operator-plugins/pull/144)

Step 5: upgrade operator-framework/operator-sdk dependencies

• [x] Bump Ginkgo/v2 and Kubebuilder 1.29 (https://github.com/operator-framework/operator-sdk/pull/6736)
• [x] Bump SDK to use k8s 1.29 (https://github.com/operator-framework/operator-sdk/pull/6736)

[varshaprasad96]

Keeping this open for the community. Please feel free to pick up any other issues. Any contribution would be appreciated :)

[acornett21]

We need to add the ansible plugin to the list as well.

[Neo2308]

@varshaprasad96 can you confirm that we no longer need to track the update in sigs.k8s.io/kubebuilder-declarative-pattern for these meta issues since https://github.com/kubernetes-sigs/kubebuilder/pull/3395 is done?

(Removed the Bump envtest to 1.29 based on comments in https://github.com/operator-framework/operator-sdk/issues/6554)

[liram-vardi]

Can also helm be upgraded as part of this issue? In order to solve the following security violability: https://github.com/advisories/GHSA-r53h-jv2g-vpx6

Thanks!

[danepowell]

The CVE for the above vulnerability is CVE-2024-26147 (I was having trouble searching for this issue based on the CVE)

[acornett21]

@Neo2308 I'll try to cut a release of the ansilbe-plugin on monday, since the rest of this week is a holiday.