File hypershift.changes of Package hypershift
-------------------------------------------------------------------
Fri Oct 17 05:55:41 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.1.69:
* chore(containerfile): bump Konflux build images
* feat(gomaxprocs-webhook): introduce admission webhook to
auto-set GOMAXPROCS
* feat(contrib): add repo metrics tool for tracking AI-assisted
commits
* chore(config): migrate config renovate.json
* feat(renovate): implement multi-branch strategy with
security-focused release management
* fix(OCPBUGS-61829): resolve initContainer permission issue
after node reboot
* fix(e2e): validate HCP status.configuration in e2e
* ci(konflux): update Tekton tasks to latest trusted versions
* chore(ai): add ability for jira-solve to save a plan spec first
* feat(tools): Add Claude command for automated Konflux task
updates
* feat(autoscaler): Add podMonitor to expose cluster autoscaler
metrics
* feat(install): add command line argument for ImagePullPolicy
configuration
* feat(cmd): collect ServiceMonitor and PodMonitor resources in
dump
* feat(infra): implement resource group preservation for Azure
destroy
* fix(aws): use clean image for placeholder nodes
* docs(jira-solve): require godoc comments and unit tests for new
functions
* feat(cli): add --preserve-resource-group flag to azure cluster
destroy
* feat(cli): add PreserveResourceGroup option to destroy options
* feat(cpo): add UID security context to CSO deployment
* chore(ai): configure all agents to inherit model configuration
* feat(azure): relax service publishing validation for
self-managed clusters
* feat(azure): add workload identity support across create and
infra flows
* build(azure): vendor Azure MSI SDK (armmsi) and update go.mod
* feat(azure): create and federate managed identities when
workload identity flag is not supplied
* refactor(infra/azure): restructure infrastructure creation
using manager pattern
* refactor(azure): restructure create cluster command for
enhanced maintainability
* feat(azure): Add comprehensive workload identities setup for
self-managed Azure
* fix(hcco): add retry mechanism for HCP retrieval to handle
transient connectivity issues
* docs(azure): add self-managed Azure HyperShift overview guide
* fix(OCPBUGS-62172): Refine list of OpenStack CSIs with
readOnlyRootFileSystem=false
* docs(readme): correct spelling mistake
* test: update external-oidc e2e tests to dynamically determine
tests to run
* fix(e2e): Make PSA test conditional on
OpenShiftPodSecurityAdmission feature gate
* docs(commands): improve jira-solve command with logical commit
organization
* chore(build): update development and e2e builder images to 4.21
* chore(build): update ose-hypershift-container image to be
consistent with ART for 4.21
* fix(konflux): Extract and apply git tags to images in tag
pipeline
* fix(konflux): Reset HO tag pipeline to match push
* feat(gcp-hcp): adding GCPPlatform feature gate
* ci: update Konflux Tekton tasks to latest trusted versions
* fix(test-e2e): Correct parse flag value with 2+ = chars
* fix(OCPBUGS-62328): Add missing svc-kubeconfig mount to CAPO
Deployment
* feat(hcco): add HCP configuration status
* fix(autonode): allow karpenter token secret to be cleaned up
* fix(kubevirt): Ensure consistent ordering in driver-config
ConfigMap
* fix(konflux): Bump the snyk-check-oci-ta task
* fix(konflux): update base images from RHEL9 ELS to UBI9 minimal
9.4
* chore: Add openstack-reviewers, openstack-approvers
* fix(e2e): extend ValidateHostedClusterConditions timeout
* chore(ai): ensure jira-solve run make pre-commit
* chore(ai): let jira-solve show the executed command in the PR
desc
* fix(OCPBUGS-62172): Add OpenStack CSIs to list of pods allowed
readOnlyRootFileSystem=false
* chore: add AI directory paths to OWNERS file
* fix(e2e): add stabilization wait in GlobalPullSecret test to
reduce flakiness
* chore(ai): add claude slash command jira solve
* fix(capi-provider): wait for infrastructure resource before
startup
* docs(azure): add self-managed cluster setup documentation
* fix(OCPBUGS-62128): hcco: sync watched resource types to
availability-prober
* fix(OCPBUGS-62099): make TestAutoscalingBalancing more robust
* ci(dev-cluster): Fix dev token secret annotation
* refactor(operators): consolidate secret creation into shared
helper
* fix(hcco): delete registry management state VAP/VAPB on cluster
deletion for Azure
* test(unit): unblock `make unit` by fixing failing tests and
build issues
* feat(azure): enable token-minter for self-managed workload
identity
* test(e2e): fix flaky EnsureOAPIMountsTrustBundle with retry
logic
* feat(api): Add Network workload identity to
AzureWorkloadIdentities
* feat(azure): Add control plane operator credentials for
self-managed Azure
* docs: move contributing content to CONTRIBUTING.md; add landing
page to index.md
* feat(cli,azure): add workload identities support and new flag
for self-managed Azure
* test(kas): update KAS deployment fixtures to drop postStart
/readyz loop
* fix(kas): remove postStart /readyz loop from KAS container
* fix(kas-bootstrap): increase wait timeouts to avoid KAS startup
races
* docs(contribute): clarify PR workflow with draft mode and
/auto-cc
* docs(pr-template): refresh PR template with contributing link
and reviewer notes
* fix(OCPBUGS-61828): refactor FeatureGate status check
* fix(OCPBUGS-61329): skip TmpDirMount check for kubevirt HCP
pods
* fix(OCPBUGS-61894): Enable VolumeAttributesClass runtime config
* test(e2e,kubevirt): ignore KubeVirtNodesLiveMigratable on HC
* test(e2e,kubevirt): skip break-glass-credentials on kubevirt
* refactor(azure): Extract Azure credentials setup into dedicated
package
* docs(ci): add documentation for checking CI status
* ci: Update the konflux pipeline for MCE 2.11
* test: Add missing check to TestReconcileIgnitionServer()
* fix(ignition-server): Don't delete user-managed cert secrets
* docs(contribute): split OCP branching tasks from HO/CPO release
process; update nav
* ci: use common MCE konflux pipeline
* docs(contribute): remove HO/CPO branching process from release
docs
* fix(security): harden konnectivity-agent DaemonSet security
context
* test: verify AWSLoadBalancerTargetNodesAnnotation is set
correctly in scheduler
* test(e2e): add autoscaler deployment verification to
autoscaling test
* fix(disable-psa): disable PSA check for 4.20
* fix(kas): Set correct container port in postStart handler
* fix(capi-provider): use single replica deployment for aws and
azure
* fix(OCPBUGS-61719): propagate
AWSLoadBalancerTargetNodesAnnotation to HCP
* fix(oauth): oauth-openshift deployment should be HA
* fix(proxy): ensure URLs have scheme before proxy resolution
* Revert "OCPBUGS-61334: fix(kas): Set correct container port in
postStart handler"
* fix(kas): Heed the word of the rabbit
* chore(AI): add claude agents for different SMEs
* fix(test): support external oidc settings on non-aws platform
* test: Rephrase CustomKASPort tests into IBMCloud tests
* fix(kas): Set correct container port in postStart handler
* fix(control-plane): remove resource limits from
kube-controller-manager
* fix(OCPBUGS-61462): temporarily use v4.20 catalogs
* fix(contrib/cleanroles): add permissions to role policy
* fix(test): isolate KMS configuration to
TestCreateClusterCustomConfig only
* docs(ai): add MCP setup guide with sample config and tips
* docs(rules): clarify Jira target version field and forbid
setting fixVersions
* feat: enable global pull secret for AWS
* test(e2e): skip kubevirt pods in EnsureReadOnlyRootFilesystem
* chore(autonode): fix spelling of ProvisionerKarpenter constant
* test(autonode): allow ValidateMetrics to query karpenter pods
* chore(autonode): refactor karpenter is enabled check
* fix(ignition-server): resolve MIRRORED_RELEASE_IMAGE flapping
* refactor(claude): improve e2e-analyze command configuration and
validation
* feat(claude): add e2e-analyze command for CI failure analysis
* fix(OCPBUGS-56249): add golangci-lint dependency to lint-fix
Makefile phony rule
-------------------------------------------------------------------
Thu Sep 18 10:29:44 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.1.68:
* docs(cursor-rules): add ARO HCP e2e debugging rule and node
join checklist
* docs(azure): add ARO HCP e2e artifacts navigation guide and
mkdocs nav
* docs: alphabetize Reference nav and place api.md after
Architecture
* test(e2e): add control plane component rollout validation to
upgrade test
* chore(tests): validate conditions after executing tests
* fix(OCPBUGS-61282): rename CCM deployments to align with 4.19
* fix: cleanup old PKI operator deployment during upgrades
* fix(api): enhance API NodePool's API docs
* feat(contrib/cleanroles): add utility for cleaning roles
* chore(ci): Restructure the OWNERS usage
* fix(autonode): allow karpenter-operator to support rhobs
monitoring
* docs(create-jira-items): document OCPBUGS issue creation and
default versions
* feat(supportedversion): add OCP 4.21 support; update e2e
constants and tests
* fix(cpo/ingress): do not set aws-load-balancer-subnets on
private router Service
* feat(sharedingress): support Azure Public IP tagging for router
service
* chore(deps): update konflux references
* fix(autonode): disable karpenter metric validation in e2e
* test: dump guest cluster karpenter resources if they exist
* test: improve karpenter e2e test conditions and logs
* fix(autonode): enable controllers to watch karpenter userData
secret
-------------------------------------------------------------------
Tue Sep 02 06:02:18 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.1.67:
* fix(infra/azure): make role assignment creation idempotent and
robust
* test(e2e): add AWS placement options validation tests
* chore: Run make update
* feat(aws): support EC2 CapacityReservationPreference in
NodePool
* feat: CNTRLPLANE-385: programmatically enable
readonlyRootFilesystem (#6411)
* feat(sharedingress): add infrastructure node scheduling
preferences
* docs(rules): expand Jira item creation guidelines and epic
details
* fix(contrib): Make setup_aks_mi.sh executable
* fix(OCPBUGS-60891): set default goaway-chance to 0.001
* CNTRLPLANE-1303: Configure validateSliceNetworkCIDRs in HC
Controller to include OVN IPv4 subnet fields (#6687)
* fix(OCPBUGS-60649): add availibility-prober to all
capi-providers
* chore(azure-overrides): update CPO image digest for
4.19.7-4.19.10
* fix(OCPBUGS-60152): test/e2e: enable EnsureAppLabel check for
4.19
* build(deps): bump CAPA to latest and align CAPI/K8s deps
* chore(deps): update konflux references
* fix(cpo): add missing image to env replacement
* fix(registry): delete ValidatingAdmissionPolicy and binding
during HCP deletion for ARO cleanup
* fix(hypershift): add credentials to openshift-manila-csi-driver
namespace
* test(e2e): Workaround for external oidc tests to bypass the
teardown loop message check
* fix(cpo): add validator image to CSO manifest
* chore(cpo): bump CPO to version with Azure KMS TokenCredential
caching and dynamic securityContext UID for 4.19
* docs(cursor): add Jira creation rule for CNTRLPLANE/OCPBUGS
with components and story template
* fix(doc): remove note about mandatory annotation in BM
deployment
* OCPBUGS-60651: fix mce 2.10 Konflux EC violation
* perf(control-plane-operator/hostedcontrolplane): cache Azure
KMS TokenCredential for ARO HCP
* refactor(control-plane-operator/hostedcontrolplane): clarify
Azure credentials cache naming and logs
* fix(CNTRLPLANE-935): add e2e test for metrics on Azure
* fix: Add recovery monitoring stack fixes
* fix(konflux): bump HO pipeline tasks
* fix(azure): CPO override for 4.19.6-9
* fix(konflux): Fix ProjectDevelopmentStreamTemplates
* test(e2e): add CNO operator configuration validation E2E when
configuring IPv4OVNKubernetesConfig
* test: add unit and APIUX tests
* feat(cpo): accommodate for new API extension
* feat(api): expose IPv4OVNKubernetesConfig in HC API
* feat(validations): add wildcard support to DNS SAN conflict
detection
* fix(OCPBUGS-56914): Do not admit OAuth route by private router
unless it has external DNS
* feat(konflux): streamline HO hotfix creation
* feat(rules): Add cursor rule for PR and Code review
* feat(docs): Add new videos section in the documentation
* docs(agents): add AGENTS.md and centralize assistant guidance
* feat(konflux): Introduce ProjectDevelopmentStreams
* fix(e2e): wrap EnsureKubeAPIDNSNameCustomCert and
EnsureGlobalPullSecret in their own test
* test(e2e): Add e2e test for external OIDC
ExternalOIDCWithUIDAndExtraClaimMappings feature set in
HostedCluster
* fix: routes are not used in case of IBM Cloud
* docs(disaster-recovery): add HostedCluster config requirements
for DR
-------------------------------------------------------------------
Wed Aug 20 11:11:19 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.1.66:
* chore: Create a new acl for each allowed haproxy cidr
* fix typo - make verify failed
* Update ingress-and-dns.md - update Metallb install link
* fix(hostedcluster): remove additionalTrustBundle from HCP if
removed from HC
* chore: Relax the kas healtcheck for aro when AllowedCIDRBlocks
* fix: Fix incorrect usage of util.UpdateObject
* feat: monitor operands rollout status for cno, storage and
snapshotcontroller
* chore: Update unit fixtures
* feat(cpov2): Add ability to monitor operands rollout status
* chore(deps): update registry.access.redhat.com/ubi9/go-toolset
docker tag to v1.24.4-1754467841
* fix(OCPBUGS-57626): order ICSPs for determinism of
OPENSHIFT_IMG_OVERRIDES
* ci(gitlint): increase body line length limit to 140 characters
* docs(cursor): enhance git commit format documentation
* chore: Improve security context uid allocation to reuse
released uids
* fix: Fix Default SG day2 tags feature being triggered without
changes
* feat(hypershift-operator): support control plane overrides by
platform
* chore: Add cursor rule statements for unit tests
* docs: Document workloadContext
* chore(deps): update github.com/golang/groupcache digest to
2c02b82
* test(e2e): Add e2e test for external OIDC support in
HostedCluster
* feat(konflux): Use hermetic builds for CPO
* feat(e2e): Use ROSAManagedPolicies by default
* feat: Add Shared Ingress Config Generator
* fix(OCPBUGS-59194): Allow HCCO to set registry managementState
to Removed
* fix(OCPBUGS-60064): add missing app label to some components
* feat(azure): Add deletion scripts and cleanup documentation for
managed Azure clusters
* build(gitlint): add gitlint to verify target
* Add support for generating a SC UID per namespace if SCC are
not available
* feat(shared-ingress): Use AllowedCIDRs for all endpoints
* Increase the maximum allowed CIDR blocks from 50 to 500
* refactor(azure): extract AKS managed identity setup into
separate script
* Add selinux-warning-controller
* chore(deps): update registry.access.redhat.com/ubi9/go-toolset
docker tag to v1.24.4-1753853351
* fix(ibmcloud): Use networking.advertiseAddress for CNO
apiserver override
* fix(ci): Update gitlint commit range for PR validation
* docs: add CLAUDE.md with comprehensive development guidance
* Set explicit FSGroup and RunAsUser for etcd when there's no SCC
* Add version check flag for CLI and Hypershift Operator Add unit
test for version checking
* OCPBUGS-57450: Router publish strategy related changes for IBM
Cloud platform (#6199)
* chore(deps): update registry.access.redhat.com/ubi10/ubi docker
tag to v10.0-1753787353
* fix(cmd): match infraID exactly on OIDC provider delete
* feat(CNTRLPLANE-1191): add sa-token-issuer-private-key-path
flag to create cluster aws
* fix(test/e2e): add KCM leader elect failure msg to
isLeaderElectionFailure
* Fixed MCE 2.10 konflux EC violation
* MGMT-20948: Enable Multus Disabling for NetworkType=Other
* OCPBUGS-59835: MCE 2.10 konflux
* feat(e2e-util): add PutRolePolicy function for managing IAM
role policies
* fix(hcp-controller): Set last-applied-security-group-tags
annotation on creation
* feat(cli): add support for using ROSA managed policies
* feat(shared-ingress): Add reloader sidecar to avoid restarts on
config changes.
* refactor(azure): Remove AzureManagedControlPlaneTemplate assets
* feat(azure): Disable ASO Secret Controller in CAPI provider
* test(azure): add ARM64 multi-architecture support for Azure
clusters
* Delete unused AdditionalTrustBundle from CP namespace
* feat(hcco): add support for hosted OIDC client secrets
* fix(control-plane): prevent kube-controller-manager restarts
during node cleanup operations
* fix(e2e): resolve NodePool test flakes from rate limiting and
false crash detection
* feat(e2e): Add EnsureGlobalPullSecret to be executed in 4.19
test suite
* CNTRLPLANE-1020: Global PullSecret daemonSet implementation
(#6256)
* fix(shared-ingress): fix hermetic build on-push
* feat(shared-ingress): Fix on-pr hermetic config
* Fix a typo in the documentation
* feat(contrib): add kubelet config daemonset
* feat(cmd/dump): add CronJobs to dump
* Fix OCPBUGS-54720: HCP payload doesn't respect multiple
* fix(konflux): Add missing backslash for dot escaping
* NO-JIRA: Add new doc from HCP OADP Plugin
* fix: increase the pod limit per node in AKS cluster
* test: remove CPOv2 annotation from upgrade test
* test: replace context.Background/TODO with t.Context in tests
* CNTRLPLANE-1034: sharedingress: Add support for kube-apiserver
whitelist CIDRs (#6366)
* CNTRLPLANE-989: Initial Changes to Support Self-managed Azure
(#6283)
* chore(cursor): Add cursor rules for code formatting and git
commit standards
* docs(contribute): add conventional commit guidance and
reorganize PR requirements
* build: add gitlint support for conventional commit enforcement
* test/e2e: skip kubevirt pods when checking labels, tolerations,
and term msg policy
* MGMT-20826: Add CLI validation to ensure Console is disabled
when Ingress is disabled
* Dummy cvhange to shared-ingress Containerfile to trigger a
build
* CNTRLPLANE-735: Document steps to configure Microsoft backup
extension in AKS
* chore(deps): update konflux references
* feat: add Ansible Playbooks for an OIDC Auth Server
* Change short declartion operator to assignment operator when
assigning a value to supportedVersions
* fix(test): resolve Azure DNS race condition in
EnsureCustomAdminKubeconfigReachesTheKAS
* MGMT-20826: Enable disabling of Ingress capability
* CNTRLPLANE-952: New API to support specifying
cluster-autoscaler flags
* test(shared-ingress): add hermetic parameter to pipeline spec
* feat(shared-ingress): Add socat tool to container image
* fix(test): increase API polling intervals to prevent persistent
rate limiting in NTO tests
* docs(azure): update documentation for automatic authentication
* feat(azure): add automatic authentication to setup_all.sh
* feat(azure): add standalone login script for Azure
authentication
* feat(azure): add --first-time flag to setup_all.sh script
* docs: reorder manual steps/consolidate one-time setup warnings
* docs: rename to create azure cluster on AKS page
* docs: transform Azure setup guide to automation-first workflow
* OCPBUGS-58299: Fix JSON patch annotation removal in KubeVirt
NodePool controller
* NO-JIRA: unique clusterrole per hosted cluster for kubevirt CSI
* Remove CertificateName from Azure API
* Remove Azure constants associated with MIV2
* Remove Client Cert Auth in AzureClusterIdentity
* Update SecretProviderClass CR to only use MIv3
* MGMT-20793: Enable Disabling NodeTuning Capability
* CNTRLPLANE-1113: Add renovate configuration
* Update RHTAP Dockerfiles to use 4.20 build image
* Bump go.mods to Golang 1.24.0
* Update Dockerfiles to use the new 4.20 build image
* Updating ose-hypershift-container image to be consistent with
ART for 4.20 Reconciling with
https://github.com/openshift/ocp-build-data/tree/dfb5c7d531490cfdc61a3b88bc533702b9624997/images/hypershift.yml
* fix(konflux): only run shared-ingress pipeline when needed
* feat(shared-ingress): migrate to konflux-built image for shared
ingress
* Skip azure 4.19 cp upgrade for now to let the 4.20 suite be
covered.
* Always compress and encode payload in token secret for inplace
upgrades
* Use the image pull spec as the cache key for images and image
metadata
* test/e2e: add TerminationMessagePolicyFallbackToLogsOnError
check to 4.19
-------------------------------------------------------------------
Tue Jul 15 06:13:07 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.1.65:
* Revert "OCPBUGS-56701: Update the LookupDefaultOCPVersion
function to use the multi-arch release API"
-------------------------------------------------------------------
Tue Jul 15 06:08:05 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.1.64:
* Fix shadow var for supportedVersions
* Remove release stream check from create cluster
* Update lookup version to use multi-arch release API
* Add testing image references
* Override CPO image to apply KAS certificate hotfix
* konflux: manually update task bundles
* Exit miv3 script early if cp file exists
* Fix up contrib scripts for aro like env
* Add e2e for security group day2 tags
* Support day2 tags changes for AWS default SecurityGroup
* MGMT-20771: Enable disabling of Console capability
* move EnsureKubeAPIDNSNameCustomCert to TestCreateCluster
* add custom kube-apiserver DNS name to shared ingress
* Add karpenter to skip api-server deps
* Disable createClusterNone for azure and scope down
verifyResourceGroupLocationsMatch check
* fix(hcco): don't fail if OIDC Client has no secret
* test(hcco): add unit tests for ReconcileAuthOIDC
* Revert "Merge pull request #6227 from
sjenning/hcco-empty-client-secret"
* Add nodepool rollout test for azure
* webhook: Replace "delete" by "remove" for jpatch
* Enable MutatingAdmissionPolicy runtime config
* chore(golangci-lint): bump dependency
* fix(hack/tools): Change go module name
* fix(konflux): go-toolset runs as default(1001)
* Run validate conditions after HO upgrade test.
* Update github.com/openshift/cluster-api-provider-agent/api
digest to 899af65
* Ensure that capi-provider deployment does not have outdated
labels
* Add kas linter expection
* Drop version history length
* NO-JIRA: Update ROSA envs
* ACM-21713 adding .git in .dockerignore to fix version info
* OCPBUGS-57957: Increase MaxItems for Mirrors and
ImageContentSources
* OCPBUGS-56430: Fix restarting prometheus Sts after HCP
restoration
* Update fixtures
* Update GetSupportedOCPVersions to take a ConfigMap
* OCPBUGS-58031: AKS: HCP operator should set Shared
ClusterServiceLoadBalancerHealthProbeMode
* Update manifest.go to use latest oc committed
* add Azure metric: hosted_cluster_azure_info.
* add Azure managed (ARO) metric:
hosted_cluster_managed_azure_info.
* HOSTEDCP-2253: doc/aws-autoNode: deployment guide
* Add instructions/script to delete DNS Zone Recordsets
* Add README.md for Azure CI directory
* Initial Azure CI folder cleanup
* Add context to retrieveSupportedOCPVersion
* Update docs for command to get commit sha for CLI
* Add a unit test for RetrieveSupportedOCPVersion
* Update ibmPowerVSImageName
* CNTRLPLANE-995: Support in-place update of AWS tags (#6285)
* Add a unit test for GetSupportedOCPVersions
* Initial creation of retrieveSupportedOCPVersion
* Consilidate OCP version functionality to support
* Clean up hypershift version command file
* Move version cli function to the top of the file
* Allow enabling capabilities, and remove baremetal capability
from default enabled set for hosted clusters
* CNO: add FRR-k8s image
-------------------------------------------------------------------
Thu Jun 19 06:35:51 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.1.63:
* OCPBUGS-57115: Update PSA from v1beta1 to v1
* Revert "Add proxy trustedCA to ignition config"
* Update codespell to latest version
* Fix spelling mistakes found from codespell
* Add verify-codespell to verify
* fix kubevirt csi rbac error on aws
* MGMT-20801: Enable disabling of Insights capability
* Add Karpenter Operator info metric
* Add misspell to golangci-lint
* Sort existing enabled linters
* kas: improve feature-gate configuration generation logic
* kas: add unit tests for configuration generation
* update KAS bootstrapping to get RBR from CAO
* Remove CapacityReservation validation that requires aws access
* OCPBUGS-56725: Lb hostname certs cel (#6194)
* hcco: handle post-install creation of OIDC client secrets
* NO-JIRA: automountServiceAccountToken back to true for kubevirt
CSI (#6244)
* Update Konflux references
* Don't use /version for haproxy health checks
* run unit tests with UPDATE=true
* add persistentvolumeclaims patch rbac
* Add resizer sidecar
* add volume expansion to storageclass by default
* Add cluster wide rbac for CSI resize functionality
* only set image registry managed identity when capability is
enabled
* make image registry managed identity optional
* Add pod monitors to karpenter components
-------------------------------------------------------------------
Sat Jun 07 04:49:32 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.1.62:
* Support deserializing monitoring manifests when RHOBS enabled
* Fix ignition server route getting constantly recreated
-------------------------------------------------------------------
Fri Jun 06 05:04:52 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.1.61:
* Support RHOBS when loading cpov2 monitoring manifests by
replacing the API group.
* Fix OCPBUGS-54720: HCP payload doesn't respect multiple mirrors
* cpo/oidc: remove validation functions that use default CEL
compiler
* Reuse hosted cluster release and metadata providers
* add ValidatingAdmissionPolicy to prevent the users from setting
management State to Removed in image registry operator config
on ARO HCP
* prevent disabling OCM controllers on Azure when imageregistry
operator managementstate is set to removed
-------------------------------------------------------------------
Thu Jun 05 05:02:04 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.1.60:
* fix(tekton): drop multiarch builds on PR
* Create test fixtures for all resources in
TestControlPlaneComponents
* OCPBUGS-56430: Add DR operations after HC restoration
* Allow setting target node selector for control plane router
* test/e2e: fix version gate checks on minor upgrade
* Support proxy authentication when user/pass is included in URL
* NO-JIRA: Fix documentation field name for KubeAPIServerDNSName
* Delete legacy unused DeploymentConfig code
* Auto generate default kas podadmission config based on feature
gates
* Move EnsurePSANotPrivileged to AtLeast(t, Version420)
* MGMT-20682: Enable disabling of openshift-samples capability
* NO-JIRA: Follow up PR from #6192
* Refactor karpenter deployment to CPOv2
* ocm: Make config compatible with library-go
* feat(shared-ingress): Bump ubi10 out of beta
* Refactor karpenter-operator to CPOv2
* OCPBUGS-56492: Fix CatalogSource images check when unauthorized
* Add unit test for reconciling components with a
WithManifestAdapter for SA
* chore(deps): update konflux references
* Fix serviceaccounts with custom adapter not getting pull-secret
* Add NetworkPolicy to shared-ingress
* feat(shared-ingress): add arm64 builds
* Red Hat Konflux update hypershift-shared-ingress-main
Signed-off-by: red-hat-konflux
<konflux@no-reply.konflux-ci.dev>
* feat(shared-ingress): Add el10 Containerfile
* Do not validate OCP API Server SANS if PKI reconciliation is
disabled
* Remove ControlPlaneV2 API featuregate
* Move ControlPlaneComponent CRD installation to the CLI
* Increase imageContentSources slice length validation
* chore(deps): update konflux references
* Refactor CAPI provider/manager into v2
* Refactor ControlPlaneOperator into a v2 component
* OCPBUGS-55226: switch termination message policy to
TerminationMessageFallbackToLogsOnError for debugability
(#6122)
* Remove DeploymentConfig usage from e2e
* Remove DeploymentConfig usage in shared-ingress
* Remove DeploymentConfig usage in konnectivity agent
* ocm config: Update leaderElection.name
* fix(containerfile): Switch back to rh catalog
* fix(konflux): Add missing task params
* test/setup: use case-sensitive prometheusK8s in monitoring
config
* Fix TestHostedClusterWatchesEverythingItCreates not working
locally
* Keep checking for rollouts during upgrade HO test for five
minutes
* Increase the content width in the upstream docs
* Remove unused oauth code
* Remove unused router code
* OCPBUGS-56011: Configure
ClusterServiceLoadBalancerHealthProbeMode as Shared
* chore(deps): update konflux references
* cpov2: fix structured authentication configuration
serialization
* Fix Job status returning empty reason and message
* Fix lint imports
* Skip svc, route and configmap resources watch check
* make update
* Remove NodePool CapacityReservation API featuregate
* Change "NodeCount" to "Replicas" in CLI and docs
* Drop ignserver and machineapprover reconciliation from HC
* Add requirements for --name and --pull-secret in Validate()
Remove Name from defaultOptions as it is no longer needed
* Remove DeploymentConfig usage from cpov2
* CNTRLPLANE-810: Introduce kas api linter (#6101)
* Fix minor issues with Azure HC creation doc
-------------------------------------------------------------------
Wed May 14 10:45:19 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.1.59:
* CNTRLPLANE-269: Delete unused legacy CPO code (#6125)
* Update unit test
* Delete AWS Endpoints only if platform is AWS
* Limit watch resources in NP by platforms installed
* Limit watch resources in HC by platforms installed
* Update KASv2 structured authentication configuration
* Pass platforms installed as env var to HO
* CNTRLPLANE-269: Turn on CPOv2 by default (#5792)
* Enable pprof in etcd env vars
* Add postStart hook to kube-apiserver container
-------------------------------------------------------------------
Tue May 06 11:10:15 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.1.58:
* CNTRLPLANE-740: Add DR for HCP using OADP and Hypershift plugin
* validations: add unit tests for authentication validations
* update structured auth validation to use minimum supported kube
version for CEL compilation validation
* supportedversion: add ocp-to-kube version mapping utilities
* improve validation logic for OIDC authentication mode
* byooidc: add support for specifying uid and extra claim
mappings
* fix(konflux): Use the golang builder 1.23.6
* ho: changes to ref'ed resources triggers HC reconciliation
* removed tekton files, will be created by MCE onboarding
* changed konflux application name
* Fix issues found by staticcheck linter
* konflux pull
* openshift-golang-builder version update
* OCPBUGS-54483: Add support for registry root entry only in the
IDMS/ICSP
* Enable staticcheck in golangci-lint
* Add control plane pull secret reference to
control-plane-operator SA
* fix(konflux): Only build main branch components
* Add proxy trustedCA to ignition config
* Add e2e flags to test Azure KMS
* Update step 6 to account for secret updates This commit updates
the AKS Cluster docs tab on the Hypershift Netlify website to
also add the secrets to the key vault as well as the certs as
this is needed for creating an Azure HC on AKS (needed to work
for the update from MIv2 to MIv3). This commit also adds a KV
setup script in the contrib directory.
* Add docs how to use KMS to encrypt etcd in Azure
* Add script to setup KV for etcd encryption azure
* Order Azure how-to pages
* Removed create SP in create Azure HC with options
* Reconcile Azure KMS Authorization secret
* CNTRLPLANE-268: add gomock/mockgen avoiding mocking true
handmade concrete types (#5790)
* Fix Karpenter deployment restarting
* HYPBLD-642: konflux build hcp cli
* Pass featuregates for ocm and oapi in cpov2
* Skip AWS cleanup check for 4.14 and earlier
* Pass featuregates to ocm and oapi
* Fix hostedcluster_controller unit test for featuregate job
* Use feature flags from release payload for control plane
workloads
* Increase kas bootstrap poll time
* Remove kas from EnsureNoCrashingPods exceptions
* test: fix e2e autonode drift test > > Fixes the test by
grabbing the correct part of the string from
node.Status.NodeInfo.OSImage > that now points to the rhcos
version.
* Remove unneeded managed Azure environment variable
* Enable MIv3 for Ingress for Managed azure
* Fix spelling mistakes
* Add cpo-container-sync job to verify in Makefile
* fix(tekton): stop building main branch components
* Red Hat Konflux update hypershift-release-mce-29 Signed-off-by:
red-hat-konflux <konflux@no-reply.konflux-ci.dev>
* Use a CPO image label to determine whether to run expired cert
remediation
* Add README.md to docs folder
* version check csi-snapshot-webhook for
EnsureSATokenNotMountedUnlessNecessary
* OCPBUGS-23177: Add annotation to configure KAS goaway-chance
* switch admissionregistration API to v1
* Update test fixtures
* Migrate liveness and readiness probes from /healthz to /livez
and /readyz endpoints
* Run adjust-cel.sh against karpenter CRDs
* Sync CRDs from downstream OpenShift
* Use downstream karpenter-aws-provider, make deps
* Use payload karpenter if present, otherwise don't
* OCPBUGS-54763: openstack/cli: only set port security when
specified
* UPDATE=true go test ./control-plane-operator/...
* Bump o/api version to 4.19 tag
* Improve API docs for configuration.Image
* Drop isIP CEL check
* Set Azure KMS Configuration to v2
* make update
* Add CapacityReservation support in NodePool API
* Update DNS names for ovn-kubernetes cp metrics
* Use 135 for terminationGracePeriodSeconds for v2 KAS
* CNTRLPLANE-217: Add E2E to KubeAPIServerDNSName API to cover
KAS custom certificate
* Don't check if olm images exist if guest cluster
* Bump CAPZ to v1.19.2
* Revert "Revert "CNTRLPLANE-112: Enable MIv3 for CNO/CNCC on
managed Azure""
* feat(autonode): allow karpenter-provider-aws to be overriden by
hcp annotation
* OCPBUGS-54763: openstack: set port security only if explicitly
specified
* CNTRLPLANE-334: add feature set aware feature gates to HO and
CPO (#5976)
* Add proxy variables for the MCD Pod
* Update test fixtures
* Bump socks5 proxy, konnectivity proxy, http proxy, token minter
memory requests
* bump HO supported version to 4.20
* KAS: Bump audit-webhook-initial-backoff and
TerminationGracePeriodSeconds when audit webhook is enabled
* fix(tekton): CPO fixes from release-4.18
* fix(tekton): run CPO pipelines on cpo tekton change
* remove csi-snapshot-webhook
* OCPBUGS-41853: Add documentation for API Server custom
certificate in HCP
* Add polling for kas-bootstrap kas network requests
* e2e: add autonode karpenter drift hcp upgrade e2e test
* OCPBUGS-53261: Add validation to avoid conflicts between
KubeAPIServer and NamedCertificates SANs
* Add missing servicemonitors and prometheusrules permissions for
non-OVN
* Add OWNERS to kas-bootstrap
* chore(deps): update konflux references
* Enable ppc64le builds
* test/e2e: run EnsureImageRegistryCapabilityDisabled on 4.18
* CNTRLPLANE-233: Add --kas-dns-name CLI flag to consume
KubeAPIServerDNSName API
* update test fixtures
* make verify
* Set KAS GOMEMLIMIT node label to what OSDFM expects
* fix(tekton): fix hypershift-operator-main pull and push
* Red Hat Konflux update hypershift-operator-main Signed-off-by:
red-hat-konflux <konflux@no-reply.konflux-ci.dev>
* Add limit CRD install functionality
* Change KASGoMemLimit to a string pointer type
* regenerate APIs
* tools: bump openshift/api/tools and openshift/controller-tools
to latest commits
* api: bump openshift/api to latest commit
* root: bump openshift/api to latest commit
* Add check for expected conditions before running NodePool tests
* test/e2e: output pod name on
EnsureHCPPodsAffinitiesAndTolerations failure
* Sync labels between CPO and RHTAP CPO dockerfile
* Add secretJanitor to scoped support (#4979)
* annotate AWSEndpointServices with HostedClusterAnnotation
* Fix formatting in token_test.go
* set default expriationDate tag in AWS if not set
* Add docs on limit-crd-install
* Add test cases for TestSetExpirationTimestampOnToken and
TestTokenCleanupOutdated
* Refactor ignition into cpov2
* OCPBUGS-50562: Sync RBAC for "Ensure volume stays attached
through reboots"
* Run kas-bootstrap binary for cpov2
* Run go.mod vendor cmds to remove Azure autorest
* Remove Azure KMS use of autorest dependency
* Don't set IgnitionServerTokenExpirationTimestampAnnotation if
already set
* NO-JIRA: Disabling flaking EnsureKubeAPIDNSName E2E test
* Drop bootstrap apply bash in favour of kas-bootstrap binary
* Add kas-bootstrap logic to apply resources
* CNTRLPLANE-216: Add KubeAPIExteralName api (#5458)
* Remove ppc64le from HO tekton files
* Bump CAPZ to v1.19.1
* update go mod dependency for konflux
* Replace az cli call to get objectID with MS Graph
* Update Azure CLI to create role assignments
* Move Azure component constants to constants config
* Move Azure role definition IDs to constants config
* Remove deprecation heading from ClientID
* Enable MIv3 for azure file csi driver
* Fix spelling mistakes caught by codespell
* cmd/cluster/azure: add capability test
* cmd/cluster/core: add test coverage to prototypeResources and
Validate
* fix(api): Adjust CRD validation rules to account for ignition
server disable
* Add version check for CAPI flag
* Revert "OCPBUGS-50915: Disable capi machineset preflights"
* fix(deps): bump golang-jwt v4 and v5
* add disable cluster capabilities flag to cluster create cmd
* CNTRLPLANE-350: add NodePool minor version compatibility check
* Add RBAC for CNCC SA for events for managed Azure
* Add CNCC scope over VNET RG for managed Azure
* GA HostedCluster capabilities
* Let KAS Deployment to run the new kas-bootstrap binary
* Create kas-bootstrap binary with initial support to append
feature gate status
* Add doc on SecretProviderClass for managed Azure
* Move shared ingress doc to Managed Azure section
* Remove synced annotations from HCP when they are removed from
HC
* Use UserAssignedIdentityCredentials for CAPZ
* Remove TODO comment for AzureProviderConfig
* Bump CAPZ dependency for ARO HCP MIv3
* openstack: Add TODOs to remove unused secrets, config maps
* openstack: Sync CA cert to new key
* Update golang Docker tag to v1.24
* Create token Secret for dev cluster explicitly
-------------------------------------------------------------------
Wed Mar 26 19:55:59 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.57:
* Refactor konnectivity-agent into cpov2
* Disable capi machineset preflights
* Check for availability of individual catalog images
* Add konnectivity-proxy sidecar to openshift-oauth-apiserver
* Improve error output msg for Azure CLI role cmds
* fixed container engine checks
* feat(builds): Add area labels and OWNERS
* Set shutdown watch termination grace period on kas
* feat(build): tagged releases
* Fixed etcd sts no-op updates
* Fixed cpov2 reconciliation making no-op calls to api-server
* Add Azure scheduler doc to mkdocs
* fix(ci): Add missing area for support
* Authenticate to Azure only once in CPO
* Revert "CNTRLPLANE-112: Enable MIv3 for CNO/CNCC on managed
Azure"
* Revert OpenStackImageRetentionPolicy
* NO-JIRA: openstack: unique image name per Hosted Cluster
* Fix KMS Azure credentials mount path
* CPO v2: rollout workloads on any changes to mounted
configmaps/secrets
* chore(deps): update konflux references
* OCPBUGS-53050: Handle multiple mirror entries for source
* OSASINFRA-3492: feat(openstack): leverage ORC to manage the
release image
* Enable MIv3 for CNO/CNCC on managed Azure
* feat(docs): rootless containerized builds
* e2e: detect leader election failure in restarted pods
* Fix kube-controller-manager and
openshift-route-controller-manager services\' ipFamilies wrt
PreferDualStack policy
* Bump golangci-lint to v1.63.4
* Fix golangci linter issues
* Enable gosimple, govet, & errcheck in golangci-lint
* Fix Azure KMS SecretProviderClass volume name
* filter watch events for HO AWSEndpointService reconciler
* Bump msi-dataplane dependency
* introduce image registry capability behind feature gate
* Update Konflux references
* remove csi-snapshot-validation-webhook image
-------------------------------------------------------------------
Wed Mar 12 15:04:18 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.56:
* Disable GitHub Actions
* Add flag to set etcd storage size
* Add omitempty to ClientID and CertificateName
* OCPBUGS-48519: CPO overrides
* OCPBUGS-51364: fix oc patch command on doc
* stop using dev mode for loggers
* NO-JIRA: Bump the golang-dependencies group across 1 directory
with 4 updates
* NO-JIRA: Bump the misc-dependencies group with 6 updates
* Rename KMSUserAssignedCredsFile flag
* Update controlplane-component docs
* Refactor cpov2 to use token-minter injection
* CPOv2: Add functionality to inject token-minter container
propgramtically
* CNV-57648: document how to configure descheduler
* Add upstream karpenter-core e2e tests to hypershift
* Add HCP annotation for karpenter-core e2e testing purposes
* test/e2e: skip WaitForImageRollout in executeNodePoolTest on
newer releases
* Revert "e2e: don't call `WaitForImageRollout` in
`executeNodePoolTest`"
* Remove WI step for cluster-image-registry-operator
* e2e: don't call `WaitForImageRollout` in `executeNodePoolTest`
* Run `make update`
* api/hypershift: Add ClusterVersionOperatorConfiguration feature
gate
* api/hypershift: Add ClusterVersionOperator API
* fix(deps): update github.com/golang/groupcache digest to
2c02b82
* fix(deps): update github.com/openshift/client-go digest to
f7ec47e
* fix(deps): update
github.com/openshift/cloud-credential-operator digest to
216fd1a
* fix(deps): update
github.com/openshift/cluster-api-provider-agent/api digest to
e87c2e0
* fix(deps): update
github.com/openshift/cluster-node-tuning-operator digest to
f166846
* speed up image builds
* Update test fixtures
* Make managed-trust-bundle optional
* Remove issues-exit flag for golangci-lint
* Remove unused CAPZ CRDs from HyperShift install
* refactor aws identity health check into new controller
* Update CPO tekton files
* Enable MIv3 for CP/CCM in managed Azure HCP
* OSASINFRA-3733: (follow-up) deploy ORC on release payload >=
4.19
* Disable cache for setup Go env in GH Action
* Add CPO container sync check to GH Actions
* OCPBUGS-52227,OCPBUGS-52226: CVE Fix for potential denial of
service in upstream libs
* Update tekton files per migration steps
* Add full aws permission list and point to it from getting
started to facilitate the experience of new users to hypershift
* chore(deps): update konflux references
* OCPBUGS-51364: Remove scaledown APIs from Backup/Restore
procedure
* chore(deps): update dependency mkdocs-material to v9.6.6
* Fix spelling mistake
* Enable initial GitHub Action jobs
* Auto approve Karpenter serving CSRs
* NO-JIRA: Bump github.com/go-jose/go-jose/v3 from 3.0.3 to 3.0.4
* chore(owners): Update IBM reviewers
* doc/openstack: update go version
* OCPBUGS-49825: refactor CPOV2 to use imageRegistryOverrides
when retriving catalogImages
* OCPBUGS-49825: use registryOverrides when automaitcally
retrieving catalog images for hosted control plane
* Refactor image-registry-operator into cpov2
* Fix tests
* OSASINFRA-3733: deploy ORC on release payload >= 4.19
* Enable image registry to use managed identity v3
* Remove filewatcher package
* Enable MIv3 for Azure KMS
* Enable MIv3 for azure disk csi driver
* Update vendor and generated files
* Introduce OpenshiftEC2NodeClass type - Add
OpenshiftEC2NodeClass controller
* Refactor olm into cpov2
* Add support for cronJobs workloads in cpov2
* test/e2e: fix WaitForImageRollout to actually wait on upgrade
case
* NO-JIRA: Bump github.com/go-jose/go-jose/v4 from 4.0.1 to 4.0.5
* Run make update
* Revert 'Relax networking cel validation for IBMCloud'
* Refactor pki-operator into cpov2
* fix HCCO v2 not mounting
openshift-config-managed-trusted-ca-bundle
* Add precommit helpful tips docs page
* Update contribute-docs page
* ho: watch AWSEndpointServices
* Refactor snapshotcontroller into cpov2
* CNTRLPLANE-35: skip
EnsureValidatingAdmissionPoliciesExists/EnsureValidatingAdmissionPoliciesCheckDeniedRequests
based on HC CPO version
* test/e2e: use test name for base of HC name
* Add ORC as separate container in CAPO deployment
* Unit test
* OCPBUGS-50907 Propagate Reason for Available condition from HCP
to HC
* Modify audit container for openshift-apiserver, kube-apiserver,
oauth-apiserver so that SIGTERM is correctly handled. The
variable for specifying PID was incorrectly specified in the
script so it was changed to the correct value as required by
kubernetes specific behavior in container definitions that
reduces $$ to a single $. The cleanup function was also
modified to use pkill and exit to be consistent with the
changes for the apply-bootstrap container cleanup for handling
SIGTERM.
* Modify the apply-bootstrap container of kube-apiserver to sleep
in the background during the wait loop, trap SIGTERM and
execute an explicit cleanup function before exiting. Doing this
ensures the pods are terminated within the specified
termination grace period.
-------------------------------------------------------------------
Thu Feb 20 18:19:14 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.55:
* Skip hashing config.image.imageStreamImportMode
* Refactor ingress-operator into cpov2
* Update unit tests from k8s v1.32.2 bump
* Bump CAPZ to v1.18.0
* Update etcd and pki from k8s bump
* Bump HyperShift to k8s v1.32.2
* Bump HyperShift to k8s v1.32.2
* Add an e2e test for HC with a Configuration.Image
* NO-JIRA: Return marshaled dataplane identities even if
assignServicePrincipalRoles is false
* Fix inconsistency between hc and hcp cel for
ControllerAvailabilityPolicy
* Run make update
* NO-JIRA: update hypershift azure roles to use ids
* Fix unit tests after API change
* Update vendor resources
* Add omitempty to CredentialsSecretName
* Changed variable names to match precious steps and changed step
10 variables to be more generalised
* NO-JIRA: add secretproviderclass to dump
* Update oauth e2e to test kubeadmin login
* Fix kubeadmin login failure
* Run make update
* vendoring: bump CAPO to v0.12.1
* Move dns operator to use self service sa kubeconfig
* Add TestReconcileWorkload unit test
* Add self service sa kubeconfig for cpov2
* Fix codespell errors
* Add user assigned creds env var for o/s operators
* Restart HCP on stale serving certs
* Fix minor spelling mistake for codespell
* Add support for CredentialsSecret for Secrets CSI
* Remove tech preview gates in Azure CLI
* Run `make update; make api`
* Remove ManagedIdentity from Tech Preview
* Fix codespell errors
* bump CAPI 1.9, CAPA 2.7: vendor
* bump CAPI 1.9, CAPA 2.7
* Ensure 'pull-secret' is set properly on v2 serviceAccounts
* Refactor machine approver into cpov2
* Use UserAssignedIdentityCredential for CPO MI
* Add msi-dataplane to go.mod
* add region to AWS creds passed to operators
* Update RHTAP Dockerfiles to Golang v1.23
* Bump Golang to 1.23
* HOSTEDCP-2171: add clustersizingconfig to cluster dump
* Refactor dns operator into cpov2
* Implement HCP karpenter deletion
* HOSTEDCP-2171: add e2e test for aro scheduler
* Relax cel rule for karpenter role to be required in an
ec2NodeClass
* Remove haproxy generation error for normal flow
* NO-JIRA: Bump the golang-dependencies group with 2 updates
* specify region in AWS AssumeRole credentials
* Apply additional labels to CollectProfilesCronJob
* NO-JIRA: add optional step for creating release image using
cluster bot and multiple prs
* e2e: combine OpenStack advanced tests within one Nodepool
* fix(ci): Separate binary builds
* regenerate files
* ARO-14442: add DisabledCapabilities to HostedClusterSpec
* hypershift-operator: add capabilities feature gate
* hypershift-operator: gofumpt hostedcluster controller
* Honor proxy vars in the util insecure http client
* e2e: ensure custom tolerations on all HCP pods
* add watch permission to SecretProviderClass in ARO
* Run `UPDATE=true go test ./...`
* Run `make verify`
* Add CredentialsSecretName to the Azure API
* Deprecate ClientID & CertificateName in Azure API
* Add shared-ingress docs
* Remove the generated site from codespell verification
* Update cpov2 docs
* Move secretproviderclass.go to support folder
* Add Labels validation test to TestOnCreateAPIUX
* Watch NodePools in HostedCluster controller
* Remove HCPPodsLabels featuregate
* Enable EnsureCustomLabels e2e test
* OCPBUGS-49791: Use /livez for kubernetes scheduler liveness
probe
* Revert "HOSTEDCP-2120: Enable EnsureCustomLabels e2e test"
* CLI: enable secure proxy creation
* Add HostedCluster additional trustbundles to
konnectivity-https-proxy
* cli: azure: allow assigning custom HCP roles
* Update karpenter controllers to use the vendored CRDs
* OCPBUGS-49748: If hostDevices.deviceName has multiple types,
the generated hostDevices.name has duplicates
* NO-JIRA: e2e: don't skip mirrorconfigs on OSP
* OCPBUGS-49724: remove passed in image matching desired image
check from WaitForImageRollout
* Add RBAC to get SecretProviderClass
* Add objectEncoding to SecretProviderClass params
* Update CLI to initailze ObjectEncoding
* Run `make verify`
* Add ObjectEncoding to the Azure API
* Add TestCreateClusterCustomConfigV2
* Enable EnsureCustomLabels e2e test
* Vendor karpenter CRDs
* adjust histograms 'le' related selectors
* Remove cloud connection, Set Transit Gateway as default
* NO-JIRA: Bump the misc-dependencies group with 6 updates
* NO-JIRA: Bump github.com/Azure/go-autorest/autorest
* cpov2: switch to resource.k8s.io/v1beta1 after kube 1.32 rebase
* docs/content/how-to/disaster-recovery/etcd-recovery: Explicitly
delegate to admin
* Fix util.DeleteIfNeeded failing on NoKindMatchError
* Reconcile user-data secret programmatically instead of creating
a mock nodePool
* fix karpenter-operator reconcilation adding same containers if
they already exist
* refactor apiserver-haproxy into its own package
* Delete component and its resources when predicate changes to
false
* Update CLI & HO for TenantID for Azure
* Run `make api`
* Remove Credentials from the Azure API
* Update CPO for TenantID for Azure
* Update CLI & HO for TenantID for Azure
* Refactor cluster-node-tuning-operator
* NO-JIRA: add assignServicePrincipal check before assignign
roles to WI
* Run `make api`
* Fix overwriting of PKI operator HCP conditions
* Expose TenantID directly in the Azure API
* Add instructions for ccoctl and fix minor issues
* Add ValidatingAdmissionPolicy for karpenter EC2NodeClass CRD
* Add a metric for cluster size override annotation
* NO-JIRA: Konnectivity: add agent readiness This PR adds
readiness probe to Konnectivity agent on hosted user plane. It
is helpful to indicate pod readiness when the connection to
Konnectivity server drops. In this case pod goes to '0/1
Running' status.
-------------------------------------------------------------------
Fri Jan 31 05:41:00 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.54:
* switch to resource.k8s.io/v1beta1 after kube 1.32 rebase
* Update Azure contrib README.md step 1 hyperlink
* Update export USER_ACCOUNT_ID cmd to remove quotes
* Remove MachineIdentityID from CLI & NP controller
* Fix IsProgressing condition in HostedClusters
* HOSTEDCP-2169: Add Azure Scheduler
* Run `make update`
* Remove MachineIdentityID from Azure HyperShift API
* OCPBUGS-49370: openstack: update CAPI provider deployment spec
* Update Create Azure Cluster on AKS Upstream Docs
* Update Konflux references
* Update managed Azure contrib documents
* Refactor cluster-network-operator
* Assign appropriate roles for CP IDs for ARO HCP
* NO-JIRA: Bump google.golang.org/grpc in the misc-dependencies
group
* NO-JIRA: Bump
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob
* Adds contributor role over VNET for Cloud Provider
* OCPBUGS-48688: propogate MANAGED_SERVICE env variable to HCCO
v2
* OCPBUGS-48708: correct aro azureFile config and permissions
* Only run karpenter e2e when TECH_PREVIEW_NO_UPGRADE=true
* Add the most basic e2e for autoNode via Karpenter
* Remove client secret references for managed Azure
* Revert "Merge pull request #5404 from enxebre/e2e-karpenter"
* update fake release provider version
* OCPBUGS-48626: openstack: add DNS option to CLI
* NO-JIRA: add command for retrieving user account id for AKS dev
env setup
* OCPBUGS-48708: correct aro azureFile config
* Replace Resource with VolumeResource for KubeVirt
* [kubevirt] Skip KubeVirtAdvancedMultinetTest for v4.14 and
below
* NO-JIRA: Bump the misc-dependencies group with 8 updates
* Destroy DHCP server first, to not rely on PowerVs Cloud
Instance recursive delete
* Add the most basic e2e for autoNode via Karpenter
* Add HyperShift Operator upgrade test
* Add e2e HyperShift Operator installation
* Export cmd install functionality
* Refactor e2e code to use the new util/options.go
* Factor out e2e Options type to e2e/util package
* Assign data plane role assignments for WI in AKS
* Refactor kubevirt csi driver
* Update Konflux references
* Update SA RBAC for image registry & azure csi
* Set GC Azure cloud creds secret for CSI & IR
* NO-JIRA: Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity
* Revert "openstack/ingress: carry a workaround for unstructed
API"
* Allow ARM64 arch deployment on None platform type
* Compare contents of user-ca-bundle-config.yaml to the correct
configmap
* Add GOWORK=off to clients in Makefile
* NO-JIRA: add information about checking HO and e2e are from
main on latest release branch
* Update contrib/managed-azure/setup_dev_environment.md
* Fix errors found by ineffassign linter
* Remove unused var and funcs found by unused linter
* Enable unused & ineffassign in golangci-lint
* move microsoft repo to ci dir in e2e dockerfile
* doc/openstack: improve index layout
* Fix dev docs for managed azure
* Drop openstack create rejection validation
* Revert "Revert "CNTRLPLANE-26: Disable building HO for s390x
platform on PR""
* Revert "CNTRLPLANE-26: Disable building HO for s390x platform
on PR"
* preserve defaulting for PlatformStatus
* update test fixtures
* Update CPO, HO and support for new dependencies
* [vendoring] bump k8s, openshift/api and dependencies
* NO-JIRA: Bump github.com/go-git/go-git/v5 in /hack/tools
* NO-JIRA: Bump golang.org/x/net from 0.31.0 to 0.33.0 in
/hack/tools
* Update Create Azure HC document
* Enable Workload Identity e2e flags
* Update contrib docs for workload identity
* Add flags in Azure cluster create CLI for WI
* Add data plane MIs to the Azure HostedCluster API
* docs/nit: fix missing spaces in md breaking rendered html
* cmd: dump: include ValidatingAdmissionPolicies in guest cluster
dump
* use rm -f in all CVO cmds for idempotency
* OSASINFRA-3670: doc/openstack: etcd on LVM
* Enforce EnsurePSANotPrivileged for 4.19 and later
* Refactor cluster-storage-operator
* e2e: don't check the KV's LiveMigratable condition for <4.17
* Add `make lint-fix` to pre-commit hook
* Perform buildah 0.3 migration steps
* Update Konflux references
* Revert "OCPBUGS-45265: Use /livez/ping endpoint rather than
/version"
* AUTH-482: set required-scc for openshift workloads
* test/e2e: improve VAP test assertions
* NO-JIRA: Bump github.com/Azure/azure-sdk-for-go/sdk/azcore
* NO-JIRA: Bump the golang-dependencies group with 3 updates
* OCPBUGS-45265: Use /livez/ping endpoint rather than /version
* Add additional Azure e2e flags for OIDC
* Sort e2e flags by platform
* OSASINFRA-3681: improve the doc on OpenStack
* Set ownership annotations for konnectivity-agent secret
* Set ownership annotations for TLS artifacts
* Reoncile karpenter aws creds before running the operator
* Bump golang.org/x/crypto and golang.org/x/net
* OCPBUGS-48152: Fix mirror reference image name when ID is set
* test/e2e: move pre-removal metrics validation out teardown path
-------------------------------------------------------------------
Mon Jan 13 12:14:21 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.53:
* Sort imports in HyperShift project
* Disable standard golangci linters
* Add tools go files to codespell ignore
* Fix delegating_client.go issue
* Enable GCI to sort imports
* Update hack/tools/go.mod to include golangci-lint
* Add golangci-lint to verify in Makefile
* CNTRLPLANE-68: add flags for setting azure marketplace images
in e2e
* Add karpenter_machine_approver controller
* Adjust the multi-arch check logic to skip the check when the
payload is inaccessible.
* enable oauth v2 reconciliation
* Move oauth kubeadminsecret hash annotation logic from HCCO to
CPO
* Fix karpenter-operator hard-coded region
* chore(deps): update dependency mkdocs-material to v9.5.49
* chore(deps): update konflux references
* NO-JIRA: Revert E2E test upgrade
* Refactor cloud-credential-operator
* Disable building HO for s390x platform on PR
* Get HCP before Valid Release Image status patch
* Fix spelling mistakes found in codespell
* fix(ho): Add all supported config schemas for NodePool NTO
reconcile
* kubevirt: Don't break on hostname NodePort.Address
* Include karpenter-operator binary within HO image
* Add a flag to run with --auto-node
* Add AutoNode Karpenter feature gated API support
* Let the HO manage the Karpenter Operator Deployment
* Add the filepath to the CSO CSI certificate info
* OCPBUGS-43083: Fix IsIPv4 function identifying also addresses
instead of CIDRs
* Remove double reconciliation of CSO CSI Secrets
* OCPBUGS-44655: Fix multiarch validations using MetadataProvider
* Add karpenter operator
* Update KCM node monitor grace period
* Use system trust bundle in CPO IDP https client
* Only use public IPs for 4.16 and above
* Update Konflux references
* CNTRLPLANE-10: Konflux build CPO only when needed
* Red Hat Konflux update control-plane-operator-main
Signed-off-by: red-hat-konflux
<konflux@no-reply.konflux-ci.dev>
* Consistently look up and dial cloud API hostnames
* Add a comment about hypershift file being a copy of
cluster-csi-operator file
* Give delete permissions to snapshot-operator role
* Run make update
* OCPBUGS-46342: Allow ARM64 arch deployment on Agent platform
* NO-JIRA: set diskStorageAccountType in aks e2e
* Fix expected AWS HC conditions during e2e tests
* Update all Dockerfiles to use Go1.23/OCP4.19 image
* Updating ose-hypershift-container image to be consistent with
ART for 4.19 Reconciling with
https://github.com/openshift/ocp-build-data/tree/a39508c86497b4e5e463d7b2c78e51e577be9e7d/images/hypershift.yml
* Allow multiple yaml def in a file for pre-commit
* Fix spelling mistakes from PR #5265
* Add public-only flag to hypershift create cluster aws
* Create e2e clusters with public IP instances only
* OCPBUGS-45322: add unit test for updatingConfigCondition and
updatingVersionCondition func
* contrib: update route53 zone cleaning utility
* OCPBUGS-45322: consolidating upgradingConfig/Version nodepool
status update from CAPI controller to Conditions controller
* Fix trailing whitespace issues in docs
* Ignore `MIs`
* Add `make verify` and `make test` to pre-push hook
* Add/cleanup hook names
* Add default stages/install hook type to pre-commit
* OSASINFRA-3685: openstack: tag CAPI resources with InfraID
* Remove inspect-task from Konflux files
* Update Konflux references
* Run make update
* Relax networking cel validation for IBMCloud
* OCPBUGS-42320: Prevent IgnitionServer from flooding the API
server with patch requests
* Ignore api.md from trailing whitespace hook
* Fix spelling mistakes for codespell and whitespace
* Improve UT runtime by count and parallel flags
* Add support for public only AWS clusters
* Remove Azure key vault fields from e2e
* HOSTEDCP-2204: adding contributor role to nodepoolManagement SP
* Remove Azure key vault flags from HyperShift CLI
* Remove SP creation/deletion in the HyperShift CLI
* Use system trust bundle in CPO IDP https client
* HOSTEDCP-2193: documenting --managed-identities-file flag
* NO-JIRA: updating ocp release task notes
* NO-JIRA: e2e: cleanup for OpenStack Manila
* NO-JIRA: openstack/e2e: allow to change AZ name
* HOSTEDCP-2181: bump base images in dockerfiles to 4.19
* HOSTEDCP-2201: give CPO SP contributor role over NSG and VNET
RGs
* TestControlPlaneComponents: test `TechPreviewNoUpgrade`
featureSet
* tests: populate TechPreviewNoUpgrade fixtures
* Remove non-matching feature-gated CVO manifests from payload
* test/e2e: detect rapidly updating deployments
* HOSTEDCP-2201: add DNS RG to contributor role assignments and
add new creating role assignments
* hcp/openstack/doc: add a requirement for LB
* Pass only the certificate name for CNO deployment
* cpov2: revert oauth reconciliation
* Update RBAC for HyperShift Operator
* Reconcile SecretProvider for CP on ARO HCP
* Authenticate CAPZ with cert authentication
* Update go.mod to include cert changes for CAPZ
* Reconcile SecretProvider for CPO on ARO HCP
* Authenticate Azure KMS with cert authentication
* e2e/utils: improve logs for
EnsureSATokenNotMountedUnlessNecessary
* OCPBUGS-45182: Disable openstack-manila-csi-controllerplugin
crash detection in e2e
* OCPBUGS-45189: e2e/openstack: adjustments for missing manila
apps & pods
* HOSTEDCP-2197: Fix TLS config documentation for disconnected
* Update contributing doc to add info on pre-commit.
* Fix spelling mistakes in codebase
* Add codespell to Makefile
* Update dependency mkdocs-material to v9.5.46
* Update Konflux references
* HOSTEDCP-2193: allow reuse of SP for e2e
* Fix konnectivty-container DUAL mode not adding both containers
* Reconcile Secret Data for Azure Disk and File CSI
* Reconcile proxy CA bundle into hosted cluster
* Reconcile SecretProvider for the CSO on ARO HCP
* Reconcile SecretProvider for CNCC on ARO HCP
* Renamed builder.WatchResource
* move default options functions to a new file
* Introduce WorkloadContext
* set default component's replicas
* Run make update
* Use isIp to validate nodePort.address
* Fix error message when kas is route and hostname is not set
* Run make update
* Add validation and tests for hc.spec.dns input
* OCPBUGS-42338: Update KCM node monitor grace period
-------------------------------------------------------------------
Mon Dec 02 09:56:39 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.52:
* Create AWS clients on every reconcile instead of at
initialization
* OCPBUGS-44910: openstack: don't reconcile image registry config
during bootstrap
* Use fleet manager configmaps to determine placeholder pod node
antiaffinity
* HOSTEDCP-2181: update latest supported version for 4.19
branching
* Reconcile Azure Creds to fixed secret in HCP NS
* OCPBUGS-44929: e2e: fix manila CSI operator
* Update dependency mkdocs-mermaid2-plugin to v1.2.1
* Update dependency mkdocs to v1.6.1
* Update Konflux references
* OCPBUGS-44326: Separate CPO containerfiles
* Add DNS RG to Ingress SP's contributor role scope
* Reconcile SecretProvider for Ingress on ARO HCP
* Refactor hcp-router
* OSASINFRA-3639: Enable cluster-storage-operator for OpenStack
Manila
* openstack/ingress: carry a workaround for unstructed API
* CPO/Ingress: support LoadBalancer FIP
* Refactor cluster-policy-controller
* Run make update
* Add ability to set Labels on HCP Pods
* Disable ASOAPI feature gate for CAPz
* Reconcile Azure Creds to fixed secret in HCP NS
* Reconcile SecretProvider for Image Reg on ARO HCP
* chore(deps): update konflux references
* OSASINFRA-3636: Generate assets for OpenStack Cinder CSI
* openstack: Rename attribute
* openstack: Trivial formatting changes for CCM config file
* openstack: Stop creating openstack-cloud-config secret
* HACKING: Add quickstart matrix
* docs: Add note on pod security
* Run make update
* Sync main and api go module vendoring to fix go workspaces
* Disable .services tests
* Run make update
* Relax CEL for .services
* NO-JIRA: bump nodepoolConfigUpdate start timeout to 1min to
reduce flakes
* chore(deps): update konflux references
* Add Services field to failing unit tests
* OCPBUGS-44689: skip np image validation when
skipReleaseImageValidation annotation is present on HC
* NO-JIRA: remove out of date releas notes
* Refactor cluster-version-operator
* OCPBUGS-44568: update diskStorageAccountType consts
* Run make update
* Add on admission validations, docs and tests for HostedCluster
API
* chore(deps): update konflux references
* NO-JIRA: Bump golang.org/x/net in the golang-dependencies group
* NO-JIRA: Bump
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob
* Add instructions on how to setup workload identity
* Add CLI flag to support shared vpc private zones in cluster
account
* Use ingress role in private link controller for DNS operations
* Renamed the directory from aks to managed-azure
* NO-JIRA: e2e: skip OSP multinet before 4.18
* NO-JIRA: add --skip-service-principal-deletion flag
* chore(deps): update konflux references
* docs: minor fix for OpenStack
* doc: Fix kubevirt --attach-default-network opt
* Add openshift to the groups of system:hosted-cluster-config
* cmd,cpo,ho: make changes to support OpenStack additional ports
* API changes for OpenStack Additional Ports
* Refactor oauth-server
* Fix konnectivity container inject logic
* NO-JIRA: docs/openstack: clarify CLI
* OCPBUGS-44336: add missing comment in v2 openstack ccm
* OCPBUGS-44375: openstack: make external network ID really
optional
* NO-JIRA: improve OpenStack documentation
* Update Konflux references
* HOSTEDCP-2167: add flags for passing in ManageIdentities on
Azure HC during azure create cluster
* Fix Spec retrieval from infra for PowerVS platform
* RBAC rules for ORC images
* dump: collect ORC images
* OCPBUGS-44413: add missing assets for OpenStack
* OCPBUGS-41365: use controlplaneCLI image in CNO init containers
* NO-JIRA: Bump the golang-dependencies group with 3 updates
* Refactor openshift-oauth-apiserver
* Refactor kube-scheduler
* vap: protect against tampering
* skip if version is less than 4.18
* logs: improve logging
* e2e:nodepool: test mirror configs
* nodepool: refactor mirroredConfig label
* HCCO: copy KubeletConfig to hosted-cluster
* nodepool: mirror KubeletConfig to HCP NS
* Move globalConfigString into config file
* Change globalConfigString to drop empty imageStreamImportMode
-------------------------------------------------------------------
Tue Nov 12 08:34:25 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.51:
* NO-JIRA: Bump
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys
* HOSTEDCP-2070: render keyvaultName and KeyVaultTenantID during
azure infra creation
* HOSTEDCP-2070: add az cli to e2e dockerfile
* Update Konflux references
* Add audit-logs container to kas deployment manifest
* Run make update
* Add docs, validations and on creation UX tests for NodePool API
* Refactor openshift-apiserver
* Update Konflux references
* Configure OAuth https proxy to dial cloud endpoints directly
* Update Azure CLI to default to Persistence
* Remove default wording on Persistence in Azure API
* Add API promotion criteria
* OCM-12313: expose NodeStartupTimeout in MHC as annotation in
HC/NP
* OCPBUGS-44221: remove hard dependency on kubeconfig for
hypershift CLI
* NO-JIRA: remove namespace wide node check on nodepool specific
tests
* HOSTEDCP-2000: Add E2E test validating the node runtime
* OCPBUGS-42422: Fix order rendering HCP objects
* Update Konflux references
* NO-JIRA: Bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1
* Add rpms-signature-scan task
* Cleanup openshift-route-controller-manager
* Refactor openshift-controller-manager
* HOSTEDCP-2070: add e2e flags for controlling AKS keyvault name
and tenant ID
* Remove KAS azure-cloud-config volume
* Refactor cloud-controller-manager
* OCPBUGS-36387: resource group not found should not prevent
azure infra deletion from proceeding
* OCPBUGS-43985: failure to retrieve techPreview CM in azure cli
should be a warning
* OCPBUGS-44001: handle errors returned by
createServicePrincipalWithCertificate command
* OCPBUGS-43943: add retry timeout to nodepoolUpgradeTest
* go.mod: add orc living in CAPO
* openstack: v0.11.0 code adjustments
* Run `make update`
* vendoring: bump CAPO to v0.11.0
* openstack: Add tests for extractCloud
* openstack: Add TODO to deprecate --openstack-credentials-file
option
* openstack: Support reading cacert from clouds.yaml
* openstack: Only upload the cloud we want
* HOSTEDCP-2046: Parametrize Control Plane Dockerfile
* refactor kube-controller-manager
* Update Azure CLI to authenticate with SP w/certs
* Prevent kubevirt from removing valid machine config condition
* refactor ETCD
* Move left over conditions funcs into their own file
* Fix consumption of new fields
* Run make update
* Add azure API changes
* allow templating for registry overrides and azure KV client id
* introduce helm chart generator cmd
* chore(deps): update konflux references
* Add API label
* NO-JIRA: Bump
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys
* OCPBUGS-43756: add WaitForNodePoolConfigUpdateComplete function
* refactor kube-apiserver
* Run make update
* Delete manual CRD overrides for alpha
* Delete v1alpha1 API, references and conversion
* OCPBUGS-43756: update eventuallyDaemonSetRollsOut to only watch
ready pods
* Document how to disable kubevirt csi
* Move NTO reconcile logic into their own file
* make ControlPlaneComponent.status.version optional
* remove redundant unit tests
* cmd: add support to configure machine networts via CLI
* OCPBUGS-41365: dont use registryOverrides on kube rbac proxy
image because its used in dataplane
-------------------------------------------------------------------
Fri Oct 25 18:49:15 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.50:
* Make api module dependencies consistent with main module
dependencies
* Update upstream Azure and AKS docs
* Update AKS contrib docs
* doc/openstack: install operator with
`--tech-preview-no-upgrade`
* Add crd override for NodePool scale subresource
* nodepool/openstack: AZ support for the Machine
* HOSTEDCP-1472: update npPrevTest to use RFC 1123 nodepool name
* dump: make ControlPlaneComponent's GKV optional
* Add generic create function for SecretProvider
* chore(deps): update konflux references
* cpo: produce valid oauth config even if idp config is invalid
* Fix deleteConfigByLabel to only delete within
controlPlaneNamespace
* HOSTEDCP-2002: fix typo in doc commands
* chore(deps): update capz to v1.17.0
* Drop type from the signature
* Move NodePool conditions logic into their own file
* Let conditions getting the token secret to not shortcircuit
when is not found
* Refactor NodePool conditions into a centralized loop
* Put MI API behind HyperShift FeatureGate
* Add Managed Identity Support in Azure HC API
* use get listDigest function signature in resource and olm
reconciles
* HOSTEDCP-1883: add init containers to catalog images
* HOSTEDCP-1883: Remove hardcoded catalog images in CPO so we
dont have to manually bump them each release
* Split API into platform files
* chore(deps): update konflux references
* HOSTEDCP-2002: Add documentation around crun migration for HCP
* NO-JIRA: Bump the azure-github-dependencies group with 2
updates
* KubeVirt CSI Security and Isolation Documentation
* Pass Azure key vault MI's client ID to the CPO
* Add flag for Azure key vault user for ARO HCP
* enforce volumes defaultMode to be consistent
* Run make update
* Add docs for feature gates
* Add test for preveniting OpenStack if NO TechPreviewNoUpgrade
* Introduce feature gate support for install and the HO
* Add README.md for ControlPlaneComponent
* Introduce openshift markers support and generate CRDs
* Pass feature flags to clusterpolicy controller
* chore(deps): update konflux references
* Revendor tools to bring o/api codegen and
openshift/controller-gen
* Add code changes to bring o/api codegen and
openshift/controller-gen
* refactor HCCO component
* add ValidIDPConfiguration condition to report IDP config issues
* HOSTEDCP-1472: add CP with n-2 NP test
* Introduce ControlPlaneComponent CRD
* chore(deps): update konflux references
* e2e: use TechPreviewNoUpgrade feature set in TestCreateCluster
* Add support for static control plane operator overrides
* e2e: rename file to avoid IDE errors
* openstack/e2e: re-work nodepool tests
* NO-JIRA: Bump the golang-dependencies group with 3 updates
* move resource.k8s.io to v1alpha3 for kube 1.31
* Add Secrets Store CSI RBAC policies to HO and CPO
* Add function to determine if ARO HCP deployment
* cli: add feature-set flag to create cluster
* Allow setting the VPC CIDR when creating AWS infrastructure
* Add secrets-store-csi-driver to go.mod
* Enforce EnsurePSANotPrivileged for 4.18 and later
* Remove vendoring related to removing MI creation
* Remove infra create MI for Azure NP
* statically link CLI binaries
* HOSTEDCP-2009: change from NumberOfProbes to ProbeThreshold
* Do not send traffic to local audit-webhook through konnectivity
* Create separate secrets for Azure disk and file
* Use guest DNS resolution in Konnectivity HTTPS proxy by default
* Document HCP KubeVirt GPU device usage
* NO-JIRA switch to using ptr instead of pointer
* Fixes kubevirt image cacher
* Add network policies for konnectivity server and ignition
server proxy
-------------------------------------------------------------------
Fri Oct 11 08:25:35 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.49:
* chore(deps): update konflux references to cf9edf8
* OCPBUGS-42737: add nil check to etcdRecoveryActiveCondition
when coll… (#4846)
* OCPBUGS-39369: Add new VAP for Infrastructure object
* OCPBUGS-39369: Add TokenMinter container and RBAC for the CNO
* Update mermaid version for mkdocs
* NO-JIRA: disable ensurePSANotPrivileged test on <4.17
* openstack: Support clouds.yaml discovery, different cloud names
* trivial: Inline clouds.yaml validation
* e2e: skip ValidKubeVirtInfraNetworkMTU condition check on 4.14
and earlier
* refactor cluster-autoscaler and route-controller-manager
components
* introduce ControlPlaneComponent abstraction
* Vendor required AWS client files
* CLI: Add support for shared VPC infrastructure
* Add support for SharedVPC
* Add documentation for KubeVirt hosted cluster backup and
restore
* OCPBUGS-42100: Run 2 replicas of active/passive HA components
* Fix recover-etcd cmd marking a missing flag required
* feat(ignition): Add option to disable ignition server
reconciliation
-------------------------------------------------------------------
Wed Oct 02 05:38:54 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.48:
* chore(deps): update konflux references
* Rearrange validations
* Move platform specific logic into their own files
* NO-JIRA: Bump the azure-github-dependencies group with 2
updates
* OCPBUGS-42306: e2e for change additionaTrustBundle creating a
new token
* HOSTEDCP-1788: use getResourceGroupName when attempting to
delete resourceGroups in azure/destroy/infra
* e2e: openstack: fix nil deref in route53 teardown
* Retry reconciliation with invalid configuration
* add dockerfile for e2e
* NO-JIRA: clarify use of render and render-sensitive cli flags
* Refactor capi logic out from NodePool controller
* HOSTEDCP-1871: Add multi-arch validation for Azure platform
(#4538)
* HOSTEDCP-1732: add PDB to sharedIngress router pod for HA
* Update Konflux references to 5ac9b24
* e2e: add service and cluster CIDRs as flag to the e2e framework
* Add Dockerfile.dev to build all-in-one container image for
development purposes
* Update Konflux references
* OCPBUGS-42306: hash additionalTrustBundle as part of ignition
config if present
* Fix docker check 'AS' as uppercase in container and docker
files
* Update Konflux references
* cmd/dump: add OpenStack CAPI resources
* remove unused make targets
* remove renovate.json
* remove fast.Dockerfile
* remove .ko.yaml
* remove CPO/CPPKIO from the hypershift-operator image build
* hypershift-operator/controllers/hostedcluster: Do not propagate
Unknown ClusterVersionRetrievedUpdates
* Create separate worker and vpc endpoint security groups
* test/e2e: add version gating for 4.14
* NO-JIRA: Remove hack for CI in 4.11 release
* wrap nodePool tenancy API field in Placment struct
* HOSTEDCP-1788: Create seperate RGs for NSG and VNet
* vendor/github.com/openshift/hypershift/api/hypershift/v1beta1:
Update to pick up ClusterVersionRetrievedUpdates
* docs/content/reference/api: Update to pick up
ClusterVersionRetrievedUpdates
* *: Propagate RetrievedUpdates from ClusterVersion up to
HostedCluster
* OCPBUGS-32592: Add Annotation to skip deleting hcp namespace
* Add API status field to track AWSEndpointService security group
* Allow the control plane operator to finish deleting VPC
endpoint for PrivateLink clusters
* OCPBUGS-41992: Sanitize ignition payload
* Refactor nodepool token management
* NO-JIRA: Add dccache entry into gitignore
* chore(deps): update konflux references
* e2e: add version gating for 4.15
* OCPBUGS-41935: Sanitize the IgnitionPayload (XSS)
* HOSTEDCP-1965: Ignore vendor and resources.go from snyk code
test
* Refactor config generation for NodePool
* Add log for ignition provider using mirrored release image
* NO-JIRA: Bump the azure-github-dependencies group with 4
updates
* Fix failed to reconcile oauth client secrets error message
* Conditionally manage the IngressOperatorKubeconfig secret in
the hosted control plane
* Conditionally manage the DNSOperatorKubeconfig secret in the
hosted control plane
* e2e: add version gating for 4.16
* Add EncryptionAtHost to create azure cluster CLI
* e2e: add version gating for 4.17
* OCPBUGS-38425: Return the right tagReference on Catalogs
ImageStream
* Set EncryptionAtHost in NodePool controller
* Add EnableEncryptionAtHost to the CLI
* Add EncryptionAtHost to Azure NodePool API
* add install render option to write manifests to file
* Add external kas address to no proxy skip list
* HOSTEDCP-1942: Add functional tests for ETCD Recovery
* HOSTEDCP-1940: Add alert for Etcd recovery
* Add
TestProviderWithOpenShiftImageRegistryOverridesDecorator_Lookup
unit test
* Let payload generation pick the release for the NodePool
* NO-JIRA: Bump the golang-dependencies group with 4 updates
* docs: add diagram to konnectivity reference
* Use KubeClientCABundle for HostedClusterConfigOperator
cluster-signer-ca
* Updating ose-hypershift-container image to be consistent with
ART for 4.18 Reconciling with
https://github.com/openshift/ocp-build-data/tree/827ab4ccce9cbbcf82c9dbaf6398b61d6cff8d7a/images/hypershift.yml
* CPO oauth idp converter: resolve names before dialing
-------------------------------------------------------------------
Sat Sep 14 14:55:02 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.47:
* Use http dialer when dialing through proxy
* HyperShift operator: Allow setting Kube APIServer maximum
requests in flight
* Add oauth domain for kas cert
* OSASINFRA-3584: openstack: remove support for floating IP
* Fix uses of MustParse* on non-constant input
* NO-JIRA: Bump github.com/opencontainers/runc from 1.1.12 to
1.1.14
* chore(deps): update konflux references
* Fix multi-arch validation by prioritizing ReleaseImage check
* Add unit test to validate mco binaries are extracted as
expected
* handle version skewed NodePools that do not have rhel9 binaries
* Automatically recover etcd
* OCPBUGS-24400: Add annotation to delete an ETCD failing member
* Trigger SharedIngress reconcilation immediately on start
* Remove sbom-json-check from tekton files
* chore(deps): update konflux references
* chore: organize install command for readability
* NO-JIRA: Bump gotest.tools/gotestsum
* tolerations docs
* Expose AWS Tenancy through NodePool API
* OpenStack: don't create a dedicated service for Ingress
* Use machineTemplateSpec for Azure in NP controller
* openstack: handle DNS for ingress in e2e
* Revert "e2e/util: override CLUSTER_NAME for platform OpenStack"
* Set Image as mutable in Azure NodePools
* Add --labels hcp cli arg for adding labels to HostedCluster
-------------------------------------------------------------------
Sat Sep 14 14:46:27 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.46:
* regroup KAS certs into public and private certs
* use hostedCluster.Status.Version as latestSupportVersion for
NodePools
* e2e: skip VAP checks if platform is None
* copy image-registry AdditionalTrustedCA configmap into HC
openshift-config
* Fix CAPA ROSA feature gate being set on releases where its not
available
* Join default port to .Configuration.Proxy.HTTPSProxy if missing
* Fixed NodePool version validation
* fix: fix a typo in the architecture doc
* allow changes to infrastructures global config for Openstack
-------------------------------------------------------------------
Sat Sep 14 14:24:25 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.45:
* Remove go workspace
* OCPBUGS-38925: copy oapi ca-trust recursively when building
trust anchor
-------------------------------------------------------------------
Sat Sep 14 14:15:50 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.44:
* NO-JIRA: add 4.14 and 4.15 HO base images to docker cve scan
scripts
* Update Konflux references
* Use infraID from infra-json if provided
* external-dns: add proxy env vars if cluster proxy is configured
* OCPBUGS-38183: add noroot-v2 SCC to cluster-storage SA
* [kubevirt] Fix KubeVirtNodesLiveMigratable condition for
NodePools with 0 replicas
* OCPBUGS-39183: Update CSO deployment file
* HOSTEDCP-1483: update cloud-credential-operator in go.mod
* OCPBUGS-34816: Block data plane HC configuration requests
* Pause CAPI cluster when HostedCluster is paused
* remove unused ROSA/EKS CRDs from hypershift install
* chore(deps): update golang docker tag to v1.23
* Add networking-console-plugin image to CNO as env var
* cpo: separate KAS cert into internal and external
* OCPBUGS-36680: ensure additionalTrustBundle propogates to
workers
* OCPBUGS-38409: Update CPO and HO base images to 4.18
* openstack: Don't allow unsupported --external-dns-domain
* Fix bug where nodes were not triggering dedicated serving
reconciliation
* disregard sharedingress in Route labeling decision
* OSASINFRA-3553: relax PodAffinityTerm for zone spreading in HA
* HTTPS proxy: do not proxy communication to cloud providers
* OCPBUGS-38467: allow for shared-ingress router pod creation
without pullsecret
* NO-JIRA: add docker script to find package versions in HO & CPO
* nodepoolcontroller: \`List()\` PerformanceProfile status per
NodePool
* fix(KONFLUX-3663): upload SAST results to quay.io Configure the
SAST task to upload SARIF results to quay.io for long-term
storage
* OCPBUGS-34816: Configure user for HCCO
-------------------------------------------------------------------
Fri Aug 16 18:26:07 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.43:
* Fix CEL rules in the CRD
* fix(builds): main should not build mce-2.7 HO
* chore: Remove hard-coded konnectivity image URI
* HOSTEDCP-1764: retrieve registryOverrides when ImageStream is
not ava… (#4453)
* Bump 'LatestSupportedVersion' to 4.18.0 after branch-out
* Support configuring Azure diagnostics via CLI flags
* chore(deps): update konflux references
* label routes only when HCP router used
* chore(deps): update quay.io/openshift/origin-base docker tag to
v4.16
* chore(deps): update golang docker tag to v1.22
* Remove saas_template.yaml
* OCPBUGS-38183: make use of
azure-disk-driver-control-plane-image
* KubeVirt: add label to DataVolume
* docs/openstack: fix typo
* hcp/kas: disable encryption config auto reload
* test/e2e: test KMS v2 on AWS
* hcp/kas: support kms v2 for AWS
* Update version support docs
* openstack: add missing AutomountServiceAccountToken to CCM
* openstack: add missing resources fields to CAPO
* e2e/util: override CLUSTER_NAME for platform OpenStack
* e2e/openstack: support cluster destroy
* Update upgrades doc
* Support Arm NodePools from a Marketplace Image
* Allow setting Kube APIServer maximum requests in flight
* openstack: ingress API & octavia ingress provider
* Support Marketplace Image for Azure NodePools (#4191)
* test: e2e: handle 409 conflict in
EnsureHostedClusterImmutability
* Remove BASE_IMAGES_DIGEST
* Update Konflux references
* Remove BASE_IMAGES_DIGEST
* Update Konflux references
* cso: add environment variable for tools image
* OpenStack: Use external network ID in favor of Name
* Add first azure services validation
* Revert "OCPBUGS-24400: Recover the ETCD member on HostedCluster
deployment"
* Revert "Only recreate etcd if hasn't ever been ready"
* Remove non relevant OVNSbDb service type declarations
* add VPC Endpoint Service proxy support
* set proxy envvars on aws anda azure CCMs
* Make hostedcluster.spec.services immutable
* Use a multi-arch haproxy image for shared ingress
* Create konnectivity dialer for CPO oidc checks
* Use HTTP proxy for ingress controller
* NO-JIRA: Flaky cert validation test
* docs/openstack: adds content for Ingress with MetalLB
* Set default release stream for HCP CLI
* Add release-stream flag to default core flags
* Default multi-arch flag to true for HCP CLI
* Add Kubevirt live-migratable condition for HC and NP
* OCPBUGS-37703: fix release stream flag/rhcos image for create
cluster azure
* fix(builds): mce-2.7 enablement for main
* OSASINFRA-3546: openstack: document how to create a cluster
* Update IBM go sdk
* e2e: test that `PerfromanceProfile` status is being reported
* nodepoolcontroller: unit tests for SetPerformanceProfileStatus
* nodepoolcontroller: align code to left
* nodepoolcontroller: report performance profile status in
`NodePool`
* nodepoolcontroller: performance profile conditions
* HOSTEDCP-1776: Set KCM node monitor grace period
* Add HTTP konnectivity proxy to OAuth server
* OCPBUGS-36689: Omit the unused
0000_50_olm_06-psm-operator.service.yaml and
0000_50_olm_06-psm-operator.servicemonitor.yaml manifests as
they're breaking Prometheus discovery
* Ensure VolumeSnapshots are deleted during cloud resource
cleanup
-------------------------------------------------------------------
Mon Jul 29 17:58:25 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.42:
* chore(deps): update konflux references
-------------------------------------------------------------------
Mon Jul 29 17:52:54 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.41:
* Update AWS multi-arch docs to include migration
* DedicatedRequestServing scheduler: make taken labels list
consistent
-------------------------------------------------------------------
Mon Jul 29 10:41:28 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.40:
* Set right endpointSlice port
* HOSTEDCP-1791: dont render any secrets in manifest file
* Only recreate etcd if hasn't ever been ready
* Fixing credentials for OpenStack
* Refactor multi-arch validation algorithm
* openstack: small fixes for CLI
* Get MachineIdentityID from NodePool CR
* Move MachineIdentityID to Azure NP API
* OCPBUGS-34820: Keep in sync the HC and HCP ICS field
* HOSTEDCP-1791: update azure cluster unit test
* HOSTEDCP-1791: add renderSensetive flag
* OSASINFRA-3312: OpenStack Node pools
* OSASINFRA-3538: openstack: cluster CLI
* Update tekton files for migration from 0.1 to 0.2
* chore(deps): update konflux references
* Add ipam to cluster-api assets
* HOSTEDCP-1836: Fix Snyk vulnerability with python deps
* OCPBUGS-30282: Multiple MachineConfigs in one CM (#3695)
* extract rhel9 MCO binaries for rhel8 based MCO images
* Update rhcos image copy process in Azure infra CLI
* Run `make update`
* openstack: add CAPO deployment and OpenStackCluster object
* fix(api): Nodepool CEL validation fix
* Update go.mod to include azblob
* NO-JIRA: Fix OADP backup objects
* Document konnectivity in HyperShift
* Separate ibmcloud kms encryption configuration types
* Add ability to set tolerations on HC and HCP
* Add hc.Spec.Tolerations deployment test
* HOSTEDCP-1796: Customize the self-generated cert rotation
* OCPBUGS-34816: Fix the resource from is checking the MHC
platform
* Add snyk helper scripts to contrib
* OCPBUGS-35899: Doubled machineHealthCheck timeout on Agent and
None
* Update Konflux references
* OCPBUGS-24400: Recover the ETCD member on HostedCluster
deployment
* Add cluster-api-provider-openstack assets
* Vendor openstack dependency
* OCPBUGS-35905: E2E test to verify openshift-apiserver TLS
certificates
* Run `make update`
* Run `make clients`
* Start to add OpenStack support
* HOSTEDCP-1795: Customize the self-generated cert validity
(reduced version)
* Fix name resolution for HTTPS konnectivity proxy
* NO-JIRA: add ignition payload inspect docs
* OCPBUGS-33934: Add newline after TLS certs referenced by
image.config
* use proxy-protocol-v2 for shared ingress
* Update catalog annotation based on an OCP version
* Default azure to run as managed-service=aro
* vendor: import k8s.io/utils/set
* hypershift:nodepoolcontroller: mirror containerruntime to HCP
NS
* fix(build): update to the fixed clamav image
* hypershift:performanceprofile: associate profile name with user
input
* util: make `shortenName` public
* Add HTTP(s) konnectivity proxy and use it with OpenShift
APIServer
* Add net policy to allow ingress from sharedingress namespace
* OCPBUGS-34820: Delete IDMS in dataplane once HCP ICS field is
removed
* Remove Steve Kuznetsov from approvers/owners
* Set Azure VM ident if user assigned identity set
* Dump capz azure resources
* Update Konflux references
* OCPBUGS-36629: Update Mkdocs, dependencies and dockerfile
* HOSTEDCP-1716: When running the HO locally it should no
required a running pod
* Dump shareingress manifest
* KubeVirtJsonPatchTest: fix vmi slice assignment
* OCPBUGS-36481: Fix Hypershift dump for non-OpenShift Management
Clusters (#4307)
* Let cmd unit tests run without a running Kubernetes cluster
* Update AKS contrib docs
* e2e tests: skip checking ValidKubeVirtInfraNetworkMTU if no
workers
* Enhance aks docs
* Revert "HOSTEDCP-1778: Enable MultiArch flag by default"
* HOSTEDCP-1778: Enable MultiArch flag by default
* [Kubevirt] Add support for passing GPU devices to NodePools
* NO-JIRA: skip validate metrics on azure e2e
* Add release notes to commit and print proper output when
release errors
* remove weak ciphers from security profile
* chore(deps): update squidfunk/mkdocs-material docker tag to
v8.5.11
* chore(deps): update konflux references
* NO-JIRA: fixup azure aks docs
* NO-JIRA: skip multiarch test before HC creation
* Move infra-volumesnapshot-class-mapping to core binding
* vendor update
* test/e2e: remove api budget checks
* hcco: reconcile apiserver config into hosted cluster
* Use a reconciled proxy config when generating nodepool userdata
* test/e2e: use the eventually construct
* test/e2e: remove redundant or unnecessary logging
* test/e2e: eventually: update functionality
* hypershift-operator: don't remove conditions, set false
* test/e2e: send commandline output to files
* cmd: always pass loggers, honor them
* Makefile: add a target to compile tests
* Update HC on AKS doc for new flags for infra
* kubevirt-csi-driver: Pass infra kubeconfig in case of external
infra
* cmd/cluster/kubevirt: add a test from dvossel
* Allow PublicAndPrivate or Private clusters to be created with
LB KAS. Update guest cluster components to use the correct port
to communicate with KAS..
* Update Konflux references
* test/e2e: tar.gz hosted cluster content
* enable audit log for oauth-openshift
* Add new metrics to check CA bundle validity and expiry.
* Update ci image of capk to 4.17
-------------------------------------------------------------------
Wed Jun 26 05:12:41 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.39:
* Keep old user data for aws < 4.16
* HOSTEDCP-1221: add heterogenous NP e2e
* test/e2e: actually wait for guest cluster client
* OWNERS: add stevekuznetsov
* check mgmt cluster for route capability before DeleteIfNeeded
for ovn sbdb route
* test/e2e: use the eventually abstraction in chaos test
* test/e2e: round durations for brevity
* test/e2e: add post-summary, verbosity toggle to eventually
* HOSTEDCP-1684: remove CLI requirement for RG flag when NSG ID
is supplied
* CNV-30445: KubeVirt: Enable multiqueue by default
* Fix the getting started page by adding export to BUCKET_NAME
-------------------------------------------------------------------
Fri Jun 21 20:06:13 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.38:
* chore(deps): update konflux references
* chore(deps): update konflux references to ff44cf3
* HOSTEDCP-1729: Support for on-demand global routing when
creating transit gateway
* cmd/cluster/dump: ignore oc adm inspect error
* test/e2e: quiet ssh logging
* test/e2e: reduce logging on guest cluster infra cleanup
* test/e2e: add a harness for asynchronous assertions
* test: e2e: bump CPO mutate budget
* Add more units for shared ingress
* Fix port naming for sharedingress svc LB
* Use 443 for shared ingress lb
* chore(deps): update konflux references to 2be7c9c
* Bump golang.org/x/net in /contrib/aws-tag-lb-service-webhook
* cluster/core: fix nodepool naming
* NO-JIRA: remove CI_TESTS_RUNS from e2e script as we now
directly pass in test.run flag
* Disable PersistentVolumeLabel admission plugin
* fix storage table support with data tables mkdocs
* test/e2e: default to amd64 for none, kubevirt
* cmd: sort services for deterministic output
* cmd: use seeds for randomness
* cmd/cluster/azure/create: add a test case
* cmd/nodepool/kubevirt: fixup test
* cmd: add tests for create commands
* cmd/cluster/azure: use the subnet id
* cmd: use validated and completed opts pattern
* Remove KMS V1 provider support for IBM Cloud
* NO-JIRA: Fixing tests to avoid race conditions
* Added markdown for storage table
* Fix storage support table markdown
* Transition kubevirt vms from affinity to topo spread
constraints
* fixed azure CLI not passing the correct platfrom spec infra
* don't set HostedCluster.Spec.ClusterID for azure create
* fixed infra-id not being defaulted first
* Enable shared ingress for Azure
* cmd/kubevirt: hide developer options on create
* cmd/aws: hide developer options on create
* cmd: DRY out create cluster flag binding
* cmd/cluster: refactor to remove example fixtures
* OCPBUGS-33428: Complete KAS migration to none endpoint
reconciler type
* Revert "kubevirt, e2e: Skip advanced multinet for CI"
* hack: remove old arguments and scripts
* feat(olm): Set packageserver replicas to 2 for IBMCloudPlatform
* test/e2e: misc context fixes:
* HOSTEDCP-1514: explicit set bootdiagnostics to disabled by
default azure NP
* HOSTEDCP-1514: support Azure diagnostics on NodePools
* Allow specifying the volume detach timeout for machines via
NodePools
* cmd/infra/aws/destroy: allow using component credentials
* cmd/infra/aws: generate a delegating AWS client
* cmd/infra/aws/iam: refactor static data
* Add wait for rbac access to cluster image registry operator
* Add the missing OPERATOR_IMAGE_VERSION required by the new
addition of featuregate in the Image-registry operator
-------------------------------------------------------------------
Wed Jun 12 13:36:13 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.37:
* kubevirt, e2e: Skip advanced multinet for CI
* OCPBUGS-33951: Documentation for disconnected MGMT Cluster
* chore(deps): update konflux references
* Add hypershift-cluster-version-operator image to release
provider
* hack: make the e2e script generic
* test/e2e: always bound assertions in time
* test/e2e: remove dead code
* OCPBUGS-33953: Document how ICSP/IDMS work in HCP
* hack/test: remove timeouts
* Initialize infra id for e2e-azure tests
* OCPBUGS-33952: Documented HCP service exposure
* add missing Tag permissions to cli role
* test/e2e: move node label check to ensure block
* Don't try to refer to the openshift-sdn image
* OCPBUGS-33952: Documented HCP service exposure
* Bump controller-tools to 0.15.0 in /hack/tools
* Bump github.com/opencontainers/runc from to 1.1.12
* Bump pod security to v0.30.1
* Remove duplicate logging statements when errors are also
returned
* Generate default worker security group rules based on
machineCIDR
* e2e/util: improve logging during node readiness poll
* test/e2e/util: use wait.PollUntilContextTimeout
* Add ability to create merge requests
* Add ability to create a branch & push to gitlab
* Only disable MachinePool for manager container in Azure
* drop konnectivity-agent image reference
* HOSTEDCP-1689: add PodMonitor for external-dns
* feedback from pr comments
* pr feedback for syntax + validate annotation is integer
* rebase + merge conflicts
* test/e2e: don't validate metrics after failure
* test/e2e: explicitly constrain pod streams
* test/e2e: constrain actions to context, timeout
* Ensure VNET, NSG, & Managed RG locations match
* Add tool to automate HO tag & commit updates in SD
* drop kuryr CNI image refreneces
* Fixed ValidReleaseInfo condition
* nodepool_controller: add a reconciler for cleanup
* Update unit tests
* Allow access to root-ca configmap
* HOSTEDCP-1687: include platform None as supported for amd64 and
arm64 as it is used for dev purposes
* HOSTEDCP-1687: correction for the the platform reference from
nono to agent.
* test/e2e: resolve dump dir once
* test/e2e: checkpoint the output of cluster creation
* cmd: add an option to render into a file, use it in e2e
* NO-JIRA: unit test allow multi-arch baremetal arm64 node on
none platform
* NO-JIRA: unit test allow multi-arch baremetal amd64 platform
* Fixes issue with cloud provider kubevirt not updating correctly
* NO-JIRA: Allow addition of arm64 node to a baremetal platform
-------------------------------------------------------------------
Mon Jun 03 15:17:10 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.36:
* Add link to agent heterogeneous nodepools doc
* OCPBUGS-34734: Fix disconnected metadata inspection for
nodepool
* Allow overriding hosted cluster size label
* Fix fleet manager pair label check
* *: use openshift/api instead of thirdparty for machineconfig
* chore(deps): update rhtap references
* chore(deps): update rhtap references
* bump k8s.io/code-generator to 0.31
* turn GOWORK off for ./hack/tools
* use go workspaces
* cmd: report server version, supported OCP
* add AWS STS URL to OIDC provider audiences
* Prevent hypershift install render --template and --outputs from
being used together
-------------------------------------------------------------------
Thu May 30 14:35:33 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.35:
* Use configmaps to track hosted cluster pair labels
* update unit test
* remove liveness and readiness probes that use the metrics
endpoint from ingress and registry operators
* Use operator namespace for
openshift-config-managed-trusted-ca-bundle
* Set controller concurrency to 1 and optimistic lock patching
for DedicatedServingComponentScheduler*
-------------------------------------------------------------------
Thu May 30 09:31:59 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.34:
* Rename machine-config operator CRD references (#4058)
* update Dockerfiles to use goang v1.22
* fixed some var names to better reflect their purpose
* fix RegistryMirrorProvider modifying the cached image directly
* apply changes required with controller-runtime bump
* bump k8s to 0.30.1 and cluster-api to v1.7.2
* bump openshift/api
* MULTIARCH-4668: Add how to doc for heterogeneous node pools on
Agent platform
* OCPBUGS-31446: Add TrustedBundles to OAS container
* Fixed audit-logs sigterm failing to kill
* Reconcile KAS endpoints and endpoint slice
-------------------------------------------------------------------
Thu May 23 19:45:16 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.33:
* Align kv min version to the default min version (now that
default is >= 4.14)
* test: relax mgmt KAS egress check
* Allow specifying machine health check timeout in cluster sizing
config
* HOSTEDCP-1681: Skip konflux when not necessary
* Do not scale down legacy nodes
* Sync the autoscaler periodically
* remove weak cipher
-------------------------------------------------------------------
Wed May 22 17:39:16 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.32:
* HOSTEDCP-1561: Move HCP Product CLI to STS (#4027)
* Reinstate wrongly removed fields from cert rotation objects
* chore(deps): update rhtap references
* Make active & backup Azure KMS containers use different
--metrics-addr
* Modify token secret MCS hash in place
* NO-JIRA: Bump library-go dependency
* kubevirt, e2e: Add test for advanced multinet
* make update
* external-dns: setting higher priorityClass to external-dns pods
due to default priority class, more likely this pod could be
evicted by the scheduler to fit higher priorityClass pods if
there is no available space on a suitable node.
* Fix userReleaseProvider not using icsp/idms from mgmt cluster
* Remove service-ca annot from azure csi & file svcs
* fix router on 4.14 y-stream upgrade
* Support Priority based expander for cluster-autoscaler
* `make verify` artifacts changes
* nto: add configmaps/finalizers under operator `Role`
-------------------------------------------------------------------
Tue May 21 18:38:49 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.31:
* hostedclustersizing: don't enforce concurrency on new clusters
* hostedclustersizing: don't enforce delays on brand-new clusters
* e2e: proceed with teardown even if dump fails
* chore(deps): update rhtap references
* Improve resliency of size tagging when hostedcluster KAS down
* remove dns-operator leader-elect flags
* Do not ignore single placeholder pods for a specific hosted
cluster
* Do not ignore SubnetID & NsgID flags in Azure HC
* test updates round 2
* add resource preservation tests
* Preserve container resource requests and limits
* Cluster sizing controller: do not error on not found HC
* restrict image registry overrides to control plane components
* Bump IBM, AWS, ectd, & gomega dependencies
* Update Azure SDK dependencies in go.mod
* Bump CAPI dependencies
* create cli aws sts role
* use kms images from payload
-------------------------------------------------------------------
Tue May 21 18:17:27 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.30:
* fix nil dereference in clustersizingconfig validation
* fixed azure using incorrect kms socket
-------------------------------------------------------------------
Tue May 14 20:05:35 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.29:
* Set NSG RG based on its ID for Azure CCM config
* Autoscaler for non request serving nodes
* Update azureutil to get NSG name & RG from NSG ID
* Update SecurityGroupID API description
* Change SubnetName to SubnetID in AzureNodePool API
* Add additional details to AzureNodePool API
* Set arch to ppc64le within PowerVS platform func
* Add noproxy checks to run haproxy on dataplane and skip system
proxy
* Disable DNS resolution in konnectivity-socks5-proxy for CNO
* Add an option to globally disable the DNS resolution in
konnectivity-socks5-proxy
* Remove CLI inspection of release image
* MULTIARCH-4637: Support ppc64le arch for Agent and PowerVS
platform
* Get VNET name and RG info from the VNET ID
* Use SecurityGroupID in CLI and CPO
* Support BYO network security group
* Get subnet name from its ID for Azure cloud config
* Set time out for external snapshotter on kubevirt csi driver
* Update HyperShift CLI to accept only subnet ID
* Add additional details to AzurePlatform API
* Remove VnetName from AzurePlatform API
* Change SecurityGroupName to SecurityGroupID in API
* Add SubnetID to Azure Hosted Cluster API
* Update Konflux Dockerfile
* Bump k8s to v0.29.3
-------------------------------------------------------------------
Tue May 14 19:55:38 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.28:
* chore(deps): update rhtap references
* Autoscaler: scale down unused machinesets
* DRY out scoping predicate funcs
* Add operator scoping support to nodepool controller
* Updating ose-hypershift-container image to be consistent with
ART for 4.16 Reconciling with
https://github.com/openshift/ocp-build-data/tree/e5d353841cb99db680ca2f66af891f97569293d4/images/hypershift.yml
-------------------------------------------------------------------
Tue May 14 19:43:58 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.27:
* Update RHTAP references
* Only apply RBAC if version <= 4.14
* Revert "Remove unused func causing verify issues"
* Revert "Remove reconciliation for CPO ingress role setup"
* Minor doc updates to creating Azure HC on AKS
* sizing: add logging for what we're doing
-------------------------------------------------------------------
Tue Apr 30 10:59:35 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.26:
* Fix nil pointer deref when effects not specified in CSC
* Add new parameters to pull and push files
* chore(deps): update rhtap references
* OCPBUGS-29110: Reconcile over ICSP/IDMS
* chore(deps): update rhtap references
* HOSTEDCP-1484: Disaster recovery documentation with OADP
* fix setting replicas on autoscaler
* Allow specifying resource requests per cluster size
* Ignore subnet annotations for control plane load balancers
* Add definitions & CEL for AzurePlatformSpec
* Autoscaling test: Lower the memory request of load pods
* support azure kms key rotation
* Fix issue OCPBUGS-32492 Set ImportMode for catalog
* disable OCM pull secret controller when imageregistry config
managementstate is Removed
* remove obsolete konnectivity image code
* Ensure placeholder deployments are deleted
* Fix invalid node selector in autosizing placeholder
* Request serving scheduler: omit deleting nodes
* Add arch & multi-arch flags to HCP CLI
* OCPBUGS-31398: Recycler-pod image now points to the OCP Payload
reference
* Kubevirt on Azure: Change KAS LB Port to 7443
* add nodepools metric for telemetry
* OCPBUGS-32255: Remove kube-scheduler readiness probe
* Detect machine and cluster-network cidr collision
-------------------------------------------------------------------
Wed Apr 24 18:58:36 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.25:
* Update RHTAP references
* Controller to assist autoscaling for placeholder nodes
* Add mapping documentation for KubeVirt CSI driver snaphotting
* chore(deps): update rhtap references
* OCPBUGS-32487: Fix OLM intilization args
* Remove any previous secrets if made by service-ca
* Added external snapshot side car to kubevirt-csi-controller.
Added rbac for driver to be able to create/delete snapshots.
Added cli arguments to allow one to associated storage classes
with volume snapshot classes. This association is used to
determine if a volume snapshot class works with a storage
class.
* OCPNODE-2096: Add ClusterImagePolicy to the list of valid
config manifests
* Revert "Revert "HOSTEDCP-1465: Create HCPs with externalDNS on
AKS Clusters""
-------------------------------------------------------------------
Fri Apr 19 05:43:56 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.24:
* chore(deps): update rhtap references
* move reconcileCLISecrets after infraID is defaulted
* generate infraID by default for all platforms
* chore(vendor): Run make update
* Update api/hypershift/v1beta1/hostedcluster_types.go
* feat(api): Add ingress-controller-load-balancer-scope
annotation
* Disable kubevirt-csi crash detection in e2e
* HOSTEDCP-1462: set HostPath.Type on volumesource in
CloudNodeManagerDaemonSe to to match default value
* fixed teardown failing the outer test instead of subtest
* Revert "HOSTEDCP-1465: Create HCPs with externalDNS on AKS
Clusters"
* Replace periods with commas in subnet label value
* Docs:Avoid cidr Collisions b/w Infra &Guest cluster
* chore(deps): update rhtap references
* placeholders: ignore auto-sizer placeholders
* use the api package constant for the size label
* chore(deps): update rhtap references
* OCPBUGS-29466: Fix ICSP and IDMS inclusion as
registriesOverrides
* Add doc for creating HC on AKS
* Add AKS setup docs to contrib
* Remove unused func causing verify issues
* Skip ImageStream deletion when its API is absent
* Reconcile auth reader for auth users in ARO HCP
* Set CAConfigMap on CNO deployment
* Reconcile serving cert secrets for services
* chore(deps): update rhtap references
* OCPBUGS-29494: Fix disconnected metadata inspection
* [e2e test framework] Add a flag to add an annotation to
HostedCluster
* Document additional known issues for the disconnected scenario
* Remove reconciliation for CPO ingress role setup
* chore(deps): update rhtap references
* disable autoscaler when no nodepool require it
* update private cluster IAM policy
* NO-JIRA: remove ovnkube-control-plane from expected component
token mount list
* Disable audit-log container when audit profile is None
* `make update` artifacts
* docs: fixing wrong key name
* include hostnetwork SCC CPO role for 4.13 and earlier, never
for IBMCloud
* OSD-19085: Replaced hypershift_cluster_cores metric with
hypershift_cluster_vcpus metric as the billing is per vCpu and
not per core
* NO-JIRA: Fix ValidAzureKMSConfig status to report unknown
instead of false
* kv, docs: Document using custom network as default
* Support annotation scoping for hostedcluster resources
* Revert "Remove '--attach-default-network' from productized cli"
* bump capk ci image
* update desired image even when HCP doesn't exist yet
* Added regression tests ensuring certain deployment fields do
not get set.
* nto: add events resources under operator `Role`
* OCPBUGS-29391: Add new permission required in CAPA
* kubevirt: Generate kccm lb endpointslices
* api/v1beta1/hostedcluster_types: Add spec.updateService
* re-organize the code for better readability
* differentiate behaviour based on IBMCloudProviderType
* use dnsPolicy: Default for konnectivity-agent in data plane for
all provider
* Set RUN_AS_USER if mgmt cluster doesn't have SCC
* Fix docs commands related to Azure ephemeral OS disks
* disable http2 for ignition server and proxy
* Update RHTAP references
* Set control plane to HA by default
* Add overview docmentation for HCP KubeVirt Storage
* Add --auto-repair flag to hcp create nodepool
-------------------------------------------------------------------
Thu Apr 11 13:22:47 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.1.23:
* OCPBUGS-31465: remove max function usage from deicated request serving nodes
* Reduce audit-log file size for hypershift apiservers
* copy issuerCertificateAuthority configmap into HC openshift-config
* Request serving node scheduler that uses HC size label
* HOSTEDCP-1462: Add subnet name to Azure platform options for e2e
* HOSTEDCP-1462: Enable TestNodePool and CreateCluster tests on Azure
-------------------------------------------------------------------
Thu Apr 11 13:22:23 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- new package hypershift: OpenShift Hypershift CLI
