Bump MIGRATION_OPERATOR to v0.2.0-rc.0 (#4116)

Signed-off-by: HCO Bump Bot <noreply@github.com>
Co-authored-by: nunnatsa <60659093+nunnatsa@users.noreply.github.com>

Author: hco-bot

deploy/cluster_role.yaml

@@ -4052,6 +4052,7 @@ rules:
   - list
   - update
   - watch
+  - delete
 - apiGroups:
   - ""
   resources:

deploy/crds/migration-operator00.crd.yaml

@@ -1037,6 +1037,156 @@ spec:
               priorityClass:
                 description: PriorityClass of the control plane
                 type: string
+              tlsSecurityProfile:
+                description: TLSSecurityProfile is used by operators to apply cluster-wide
+                  TLS security settings to operands.
+                properties:
+                  custom:
+                    description: |-
+                      custom is a user-defined TLS security profile. Be extremely careful using a custom
+                      profile as invalid configurations can be catastrophic. An example custom profile
+                      looks like this:
+
+                        ciphers:
+                          - ECDHE-ECDSA-CHACHA20-POLY1305
+                          - ECDHE-RSA-CHACHA20-POLY1305
+                          - ECDHE-RSA-AES128-GCM-SHA256
+                          - ECDHE-ECDSA-AES128-GCM-SHA256
+                        minTLSVersion: VersionTLS11
+                    nullable: true
+                    properties:
+                      ciphers:
+                        description: |-
+                          ciphers is used to specify the cipher algorithms that are negotiated
+                          during the TLS handshake.  Operators may remove entries their operands
+                          do not support.  For example, to use DES-CBC3-SHA  (yaml):
+
+                            ciphers:
+                              - DES-CBC3-SHA
+                        items:
+                          type: string
+                        type: array
+                      minTLSVersion:
+                        description: |-
+                          minTLSVersion is used to specify the minimal version of the TLS protocol
+                          that is negotiated during the TLS handshake. For example, to use TLS
+                          versions 1.1, 1.2 and 1.3 (yaml):
+
+                            minTLSVersion: VersionTLS11
+
+                          NOTE: currently the highest minTLSVersion allowed is VersionTLS12
+                        enum:
+                        - VersionTLS10
+                        - VersionTLS11
+                        - VersionTLS12
+                        - VersionTLS13
+                        type: string
+                    required:
+                    - ciphers
+                    - minTLSVersion
+                    type: object
+                  intermediate:
+                    description: |-
+                      intermediate is a TLS security profile based on:
+
+                      https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29
+
+                      and looks like this (yaml):
+
+                        ciphers:
+                          - TLS_AES_128_GCM_SHA256
+                          - TLS_AES_256_GCM_SHA384
+                          - TLS_CHACHA20_POLY1305_SHA256
+                          - ECDHE-ECDSA-AES128-GCM-SHA256
+                          - ECDHE-RSA-AES128-GCM-SHA256
+                          - ECDHE-ECDSA-AES256-GCM-SHA384
+                          - ECDHE-RSA-AES256-GCM-SHA384
+                          - ECDHE-ECDSA-CHACHA20-POLY1305
+                          - ECDHE-RSA-CHACHA20-POLY1305
+                          - DHE-RSA-AES128-GCM-SHA256
+                          - DHE-RSA-AES256-GCM-SHA384
+                        minTLSVersion: VersionTLS12
+                    nullable: true
+                    type: object
+                  modern:
+                    description: |-
+                      modern is a TLS security profile based on:
+
+                      https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
+
+                      and looks like this (yaml):
+
+                        ciphers:
+                          - TLS_AES_128_GCM_SHA256
+                          - TLS_AES_256_GCM_SHA384
+                          - TLS_CHACHA20_POLY1305_SHA256
+                        minTLSVersion: VersionTLS13
+
+                      NOTE: Currently unsupported.
+                    nullable: true
+                    type: object
+                  old:
+                    description: |-
+                      old is a TLS security profile based on:
+
+                      https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility
+
+                      and looks like this (yaml):
+
+                        ciphers:
+                          - TLS_AES_128_GCM_SHA256
+                          - TLS_AES_256_GCM_SHA384
+                          - TLS_CHACHA20_POLY1305_SHA256
+                          - ECDHE-ECDSA-AES128-GCM-SHA256
+                          - ECDHE-RSA-AES128-GCM-SHA256
+                          - ECDHE-ECDSA-AES256-GCM-SHA384
+                          - ECDHE-RSA-AES256-GCM-SHA384
+                          - ECDHE-ECDSA-CHACHA20-POLY1305
+                          - ECDHE-RSA-CHACHA20-POLY1305
+                          - DHE-RSA-AES128-GCM-SHA256
+                          - DHE-RSA-AES256-GCM-SHA384
+                          - DHE-RSA-CHACHA20-POLY1305
+                          - ECDHE-ECDSA-AES128-SHA256
+                          - ECDHE-RSA-AES128-SHA256
+                          - ECDHE-ECDSA-AES128-SHA
+                          - ECDHE-RSA-AES128-SHA
+                          - ECDHE-ECDSA-AES256-SHA384
+                          - ECDHE-RSA-AES256-SHA384
+                          - ECDHE-ECDSA-AES256-SHA
+                          - ECDHE-RSA-AES256-SHA
+                          - DHE-RSA-AES128-SHA256
+                          - DHE-RSA-AES256-SHA256
+                          - AES128-GCM-SHA256
+                          - AES256-GCM-SHA384
+                          - AES128-SHA256
+                          - AES256-SHA256
+                          - AES128-SHA
+                          - AES256-SHA
+                          - DES-CBC3-SHA
+                        minTLSVersion: VersionTLS10
+                    nullable: true
+                    type: object
+                  type:
+                    description: |-
+                      type is one of Old, Intermediate, Modern or Custom. Custom provides
+                      the ability to specify individual TLS security profile parameters.
+                      Old, Intermediate and Modern are TLS security profiles based on:
+
+                      https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
+
+                      The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers
+                      are found to be insecure.  Depending on precisely which ciphers are available to a process, the list may be
+                      reduced.
+
+                      Note that the Modern profile is currently not supported because it is not
+                      yet well adopted by common software libraries.
+                    enum:
+                    - Old
+                    - Intermediate
+                    - Modern
+                    - Custom
+                    type: string
+                type: object
             type: object
           status:
             description: MigControllerStatus defines the observed state of MigController.

deploy/images.csv

@@ -39,6 +39,6 @@ AAQ_OPERATOR_IMAGE,quay.io/kubevirt/aaq-operator,AAQ_VERSION,1bcf463f0650f6a1424
 AAQ_SERVER_IMAGE,quay.io/kubevirt/aaq-server,AAQ_VERSION,07b744866359459fef7ff97af7a5bc7c152812ac3ad8ac9e773f3a5190d0e59a
 AAQ_CONTROLLER_IMAGE,quay.io/kubevirt/aaq-controller,AAQ_VERSION,49e094affa5cf6ff96bc148f0d1328d25b5777b20e4a3680fcaeb9ec7200f53e
 WASP_AGENT_IMAGE,quay.io/openshift-virtualization/wasp-agent,WASP_AGENT_VERSION,eabfa6a425213f520f7a9e5b81b43e8b6430779d42c5c8b1bfd48a4f1730447a
-MIGRATION_OPERATOR_IMAGE,quay.io/kubevirt/kubevirt-migration-operator,MIGRATION_OPERATOR_VERSION,712918a76c1f44a1afb50dbb78a253d8c649d77c4d484fed435e892bc893543f
+MIGRATION_OPERATOR_IMAGE,quay.io/kubevirt/kubevirt-migration-operator,MIGRATION_OPERATOR_VERSION,a70320d828a837f801f4fed03786f36529bf2865b609ce6985c2e18374811fe7
 MIGRATION_CONTROLLER_IMAGE,quay.io/kubevirt/kubevirt-migration-controller,MIGRATION_CONTROLLER_VERSION,c91da241e6d89220dccbda750f84e89ef2db2cd1603b706930b711b95ebc59c6
 AUTOPILOT_IMAGE,quay.io/openshift-virtualization/virt-platform-autopilot,AUTOPILOT_VERSION,73fc7615ecde2cd1335011b7bcfb49856d8c686dccb161d82c245a4ac7d799cf

deploy/images.env

@@ -38,7 +38,7 @@ AAQ_OPERATOR_IMAGE="${AAQ_OPERATOR_IMAGE:-quay.io/kubevirt/aaq-operator@sha256:1
 AAQ_SERVER_IMAGE="${AAQ_SERVER_IMAGE:-quay.io/kubevirt/aaq-server@sha256:07b744866359459fef7ff97af7a5bc7c152812ac3ad8ac9e773f3a5190d0e59a}"
 AAQ_CONTROLLER_IMAGE="${AAQ_CONTROLLER_IMAGE:-quay.io/kubevirt/aaq-controller@sha256:49e094affa5cf6ff96bc148f0d1328d25b5777b20e4a3680fcaeb9ec7200f53e}"
 WASP_AGENT_IMAGE="${WASP_AGENT_IMAGE:-quay.io/openshift-virtualization/wasp-agent@sha256:eabfa6a425213f520f7a9e5b81b43e8b6430779d42c5c8b1bfd48a4f1730447a}"
-MIGRATION_OPERATOR_IMAGE="${MIGRATION_OPERATOR_IMAGE:-quay.io/kubevirt/kubevirt-migration-operator@sha256:712918a76c1f44a1afb50dbb78a253d8c649d77c4d484fed435e892bc893543f}"
+MIGRATION_OPERATOR_IMAGE="${MIGRATION_OPERATOR_IMAGE:-quay.io/kubevirt/kubevirt-migration-operator@sha256:a70320d828a837f801f4fed03786f36529bf2865b609ce6985c2e18374811fe7}"
 MIGRATION_CONTROLLER_IMAGE="${MIGRATION_CONTROLLER_IMAGE:-quay.io/kubevirt/kubevirt-migration-controller@sha256:c91da241e6d89220dccbda750f84e89ef2db2cd1603b706930b711b95ebc59c6}"
 AUTOPILOT_IMAGE="${AUTOPILOT_IMAGE:-quay.io/openshift-virtualization/virt-platform-autopilot@sha256:73fc7615ecde2cd1335011b7bcfb49856d8c686dccb161d82c245a4ac7d799cf}"
 DIGEST_LIST="${KUBEVIRT_OPERATOR_IMAGE}"

deploy/index-image/community-kubevirt-hyperconverged/1.18.0/manifests/kubevirt-hyperconverged-operator.v1.18.0.clusterserviceversion.yaml

@@ -3374,6 +3374,7 @@ spec:
           - list
           - update
           - watch
+          - delete
         - apiGroups:
           - ""
           resources:
@@ -3846,7 +3847,7 @@ spec:
                 - name: AAQ_VERSION
                   value: v1.8.0-alpha.0
                 - name: MIGRATION_OPERATOR_VERSION
-                  value: v0.1.0
+                  value: v0.2.0-rc.0
                 - name: AUTOPILOT_VERSION
                   value: v0.0.8
                 - name: KV_CONSOLE_PLUGIN_IMAGE
@@ -4780,7 +4781,7 @@ spec:
                 - name: DEPLOY_CLUSTER_RESOURCES
                   value: "true"
                 - name: OPERATOR_VERSION
-                  value: v0.1.0
+                  value: v0.2.0-rc.0
                 - name: CONTROLLER_IMAGE
                   value: quay.io/kubevirt/kubevirt-migration-controller@sha256:c91da241e6d89220dccbda750f84e89ef2db2cd1603b706930b711b95ebc59c6
                 - name: VERBOSITY
@@ -4789,8 +4790,8 @@ spec:
                   value: IfNotPresent
                 - name: MONITORING_NAMESPACE
                 - name: OPERATOR_IMAGE
-                  value: quay.io/kubevirt/kubevirt-migration-operator@sha256:712918a76c1f44a1afb50dbb78a253d8c649d77c4d484fed435e892bc893543f
-                image: quay.io/kubevirt/kubevirt-migration-operator@sha256:712918a76c1f44a1afb50dbb78a253d8c649d77c4d484fed435e892bc893543f
+                  value: quay.io/kubevirt/kubevirt-migration-operator@sha256:a70320d828a837f801f4fed03786f36529bf2865b609ce6985c2e18374811fe7
+                image: quay.io/kubevirt/kubevirt-migration-operator@sha256:a70320d828a837f801f4fed03786f36529bf2865b609ce6985c2e18374811fe7
                 imagePullPolicy: IfNotPresent
                 livenessProbe:
                   httpGet:
@@ -5769,7 +5770,7 @@ spec:
     name: kubevirt-apiserver-proxy
   - image: quay.io/kubevirt/kubevirt-migration-controller@sha256:c91da241e6d89220dccbda750f84e89ef2db2cd1603b706930b711b95ebc59c6
     name: kubevirt-migration-controller
-  - image: quay.io/kubevirt/kubevirt-migration-operator@sha256:712918a76c1f44a1afb50dbb78a253d8c649d77c4d484fed435e892bc893543f
+  - image: quay.io/kubevirt/kubevirt-migration-operator@sha256:a70320d828a837f801f4fed03786f36529bf2865b609ce6985c2e18374811fe7
     name: kubevirt-migration-operator
   - image: quay.io/kubevirt-ui/kubevirt-plugin@sha256:a9273d9e69662320fc6677f51ee1b05f4c62528b8a83895f8f56849de3b8b9f2
     name: kubevirt-plugin

deploy/index-image/community-kubevirt-hyperconverged/1.18.0/manifests/migration-operator00.crd.yaml

@@ -1037,6 +1037,156 @@ spec:
               priorityClass:
                 description: PriorityClass of the control plane
                 type: string
+              tlsSecurityProfile:
+                description: TLSSecurityProfile is used by operators to apply cluster-wide
+                  TLS security settings to operands.
+                properties:
+                  custom:
+                    description: |-
+                      custom is a user-defined TLS security profile. Be extremely careful using a custom
+                      profile as invalid configurations can be catastrophic. An example custom profile
+                      looks like this:
+
+                        ciphers:
+                          - ECDHE-ECDSA-CHACHA20-POLY1305
+                          - ECDHE-RSA-CHACHA20-POLY1305
+                          - ECDHE-RSA-AES128-GCM-SHA256
+                          - ECDHE-ECDSA-AES128-GCM-SHA256
+                        minTLSVersion: VersionTLS11
+                    nullable: true
+                    properties:
+                      ciphers:
+                        description: |-
+                          ciphers is used to specify the cipher algorithms that are negotiated
+                          during the TLS handshake.  Operators may remove entries their operands
+                          do not support.  For example, to use DES-CBC3-SHA  (yaml):
+
+                            ciphers:
+                              - DES-CBC3-SHA
+                        items:
+                          type: string
+                        type: array
+                      minTLSVersion:
+                        description: |-
+                          minTLSVersion is used to specify the minimal version of the TLS protocol
+                          that is negotiated during the TLS handshake. For example, to use TLS
+                          versions 1.1, 1.2 and 1.3 (yaml):
+
+                            minTLSVersion: VersionTLS11
+
+                          NOTE: currently the highest minTLSVersion allowed is VersionTLS12
+                        enum:
+                        - VersionTLS10
+                        - VersionTLS11
+                        - VersionTLS12
+                        - VersionTLS13
+                        type: string
+                    required:
+                    - ciphers
+                    - minTLSVersion
+                    type: object
+                  intermediate:
+                    description: |-
+                      intermediate is a TLS security profile based on:
+
+                      https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29
+
+                      and looks like this (yaml):
+
+                        ciphers:
+                          - TLS_AES_128_GCM_SHA256
+                          - TLS_AES_256_GCM_SHA384
+                          - TLS_CHACHA20_POLY1305_SHA256
+                          - ECDHE-ECDSA-AES128-GCM-SHA256
+                          - ECDHE-RSA-AES128-GCM-SHA256
+                          - ECDHE-ECDSA-AES256-GCM-SHA384
+                          - ECDHE-RSA-AES256-GCM-SHA384
+                          - ECDHE-ECDSA-CHACHA20-POLY1305
+                          - ECDHE-RSA-CHACHA20-POLY1305
+                          - DHE-RSA-AES128-GCM-SHA256
+                          - DHE-RSA-AES256-GCM-SHA384
+                        minTLSVersion: VersionTLS12
+                    nullable: true
+                    type: object
+                  modern:
+                    description: |-
+                      modern is a TLS security profile based on:
+
+                      https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
+
+                      and looks like this (yaml):
+
+                        ciphers:
+                          - TLS_AES_128_GCM_SHA256
+                          - TLS_AES_256_GCM_SHA384
+                          - TLS_CHACHA20_POLY1305_SHA256
+                        minTLSVersion: VersionTLS13
+
+                      NOTE: Currently unsupported.
+                    nullable: true
+                    type: object
+                  old:
+                    description: |-
+                      old is a TLS security profile based on:
+
+                      https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility
+
+                      and looks like this (yaml):
+
+                        ciphers:
+                          - TLS_AES_128_GCM_SHA256
+                          - TLS_AES_256_GCM_SHA384
+                          - TLS_CHACHA20_POLY1305_SHA256
+                          - ECDHE-ECDSA-AES128-GCM-SHA256
+                          - ECDHE-RSA-AES128-GCM-SHA256
+                          - ECDHE-ECDSA-AES256-GCM-SHA384
+                          - ECDHE-RSA-AES256-GCM-SHA384
+                          - ECDHE-ECDSA-CHACHA20-POLY1305
+                          - ECDHE-RSA-CHACHA20-POLY1305
+                          - DHE-RSA-AES128-GCM-SHA256
+                          - DHE-RSA-AES256-GCM-SHA384
+                          - DHE-RSA-CHACHA20-POLY1305
+                          - ECDHE-ECDSA-AES128-SHA256
+                          - ECDHE-RSA-AES128-SHA256
+                          - ECDHE-ECDSA-AES128-SHA
+                          - ECDHE-RSA-AES128-SHA
+                          - ECDHE-ECDSA-AES256-SHA384
+                          - ECDHE-RSA-AES256-SHA384
+                          - ECDHE-ECDSA-AES256-SHA
+                          - ECDHE-RSA-AES256-SHA
+                          - DHE-RSA-AES128-SHA256
+                          - DHE-RSA-AES256-SHA256
+                          - AES128-GCM-SHA256
+                          - AES256-GCM-SHA384
+                          - AES128-SHA256
+                          - AES256-SHA256
+                          - AES128-SHA
+                          - AES256-SHA
+                          - DES-CBC3-SHA
+                        minTLSVersion: VersionTLS10
+                    nullable: true
+                    type: object
+                  type:
+                    description: |-
+                      type is one of Old, Intermediate, Modern or Custom. Custom provides
+                      the ability to specify individual TLS security profile parameters.
+                      Old, Intermediate and Modern are TLS security profiles based on:
+
+                      https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
+
+                      The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers
+                      are found to be insecure.  Depending on precisely which ciphers are available to a process, the list may be
+                      reduced.
+
+                      Note that the Modern profile is currently not supported because it is not
+                      yet well adopted by common software libraries.
+                    enum:
+                    - Old
+                    - Intermediate
+                    - Modern
+                    - Custom
+                    type: string
+                type: object
             type: object
           status:
             description: MigControllerStatus defines the observed state of MigController.