File operator-sdk.changes of Package operator-sdk
-------------------------------------------------------------------
Tue Jun 03 05:00:35 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 1.40.0:
* Additions
- (go/v4) For Go-based operators, a devcontainer is now
available to allow users to develop and test the operator in
a local environment and leverage on solutions such as VS Code
Remote Containers and GitHub Codespaces to have a consistent
development environment. (#6928)
- (go/v4) For Go-based operators, new GitHub Actions are
available to ensure better quality of their code. (#6928)
- (go/v4) For Go-based operators, controllers now use
.Named("<Kind>") in SetupWithManager to prevent naming
conflicts in multi-group projects. (More info). (#6928)
- (go/v4) For Go-based operators, a new Makefile target named
lint-config has been added to verify that your .golangci.yaml
configuration file is valid. This helps catch issues early
when customizing lint rules.
- (More info). (#6928)
- For ALL-based operators, scaffolded resources now include the
app.kubernetes.io/name label to support Kubernetes best
practices for app identification. (More info). (#6928)
- For ALL-based operators, new role manifests are now
scaffolded under the config/rbac/ directory to assist cluster
administrators. For each API defined in the project, three
role files are generated: <kind>_admin_role.yaml,
<kind>_editor_role.yaml, and <kind>_viewer_role.yaml.
These roles are not applied by default. Instead, they are
provided as helpers, allowing cluster administrators to
customize and apply appropriate permissions as needed.
The primary motivation for scaffolding these roles is to
simplify integration with Kubernetes' aggregated roles
mechanism. By including annotations such as
rbac.authorization.k8s.io/aggregate-to-admin: "true",
rbac.authorization.k8s.io/aggregate-to-edit: "true", and
rbac.authorization.k8s.io/aggregate-to-view: "true", these
role definitions can automatically contribute permissions to
the default admin, edit, and view roles in a cluster when
applied.
For more information on Kubernetes RBAC and aggregated roles,
see:
https://kubernetes.io/docs/reference/access-authn-authz/rbac/.
(#6928)
- For ALL-based operators, new role manifests are now
scaffolded under the config/rbac/ directory to assist cluster
administrators. For each API defined in the project, three
role files are generated: <kind>_admin_role.yaml,
<kind>_editor_role.yaml, and <kind>_viewer_role.yaml.
These roles are not applied by default. Instead, they are
provided as helpers, allowing cluster administrators to
customize and apply appropriate permissions as needed.
The primary motivation for scaffolding these roles is to
simplify integration with Kubernetes' aggregated roles
mechanism. By including annotations such as
rbac.authorization.k8s.io/aggregate-to-admin: "true",
rbac.authorization.k8s.io/aggregate-to-edit: "true", and
rbac.authorization.k8s.io/aggregate-to-view: "true", these
role definitions can automatically contribute permissions to
the default admin, edit, and view roles in a cluster when
applied.
For more information on Kubernetes RBAC and aggregated roles,
see:
https://kubernetes.io/docs/reference/access-authn-authz/rbac/.
(#6928)
* Changes
- The bundle build target now respects the CONTAINER_TOOL
variable, allowing users to use alternative container tools
like podman instead of docker. (#6932)
- For All-based Operators, upgrade OPM to version from v1.23.0
to v1.55.0, which includes several bug fixes and
improvements. For further information, see:
https://github.com/operator-framework/operator-registry/releases.
(#6953)
- (go/v4) For Go-based Operators, the main.go file has been
enhanced to support real TLS certificates for both webhooks
and the metrics server, with automated certificate rotation
via cert-manager. This change improves security and aligns
with production-grade best practices.
Previously, setups relied on kube-rbac-proxy (deprecated in
Operator SDK and Kubebuilder, see:
kubebuilder/discussions/3907), which generated TLS
certificates dynamically — a method no longer recommended for
secure environments. The updated approach adopts static
certificates managed by cert-manager.
Additionally, integrations with Prometheus now support
scraping metrics using the cert-manager generated
certificates. A related fix was introduced to ensure that CA
injection patches are only applied to CRDs with a conversion
webhook, avoiding unnecessary annotations.
To support these improvements, changes to
config/default/kustomization.yaml are required. These
include: configuring webhook and metrics server certificates,
enabling Prometheus scraping with TLS, and correcting CA
injection behavior.
These updates also introduce flexible opt-in mechanisms,
allowing users to selectively enable or disable: - TLS for
the metrics server via cert-manager - TLS for webhooks via
cert-manager - TLS configuration for Prometheus scraping
Together, these changes are part of a broader effort to
elevate the default security posture and configurability of
Go-based operators. (#6928)
- (go/v4) For Go-based operators, a fix has been implemented to
ensure that the Prometheus configuration can properly scrape
metrics from the operator's metrics server when TLS is
enabled. (#6928)
- (go/v4) For Go-based operators, a fix has been implemented to
ensure that CA injection patches are applied only to CRDs
that define a conversion webhook.
Previously, the CA injection patch logic was overly broad —
applying injection annotations to all CRDs whenever a webhook
was scaffolded with the --conversion flag. This behavior was
introduced in Kubebuilder release v3.5.0 when replacements
were introduced in place of legacy vars and the
kustomize/v2-alpha plugin was adopted.
The incorrect behavior likely went unnoticed due to
incomplete support for conversion webhooks in earlier
versions. This release addresses that gap, enabling proper
scaffolding and CA injection behavior specifically for CRDs
with conversion webhooks.
To support this improvement, a new marker has been
introduced: +kubebuilder:scaffold:crdkustomizecainjectionns.
This marker ensures that the correct replacements are
generated in config/default/kustomization.yaml for CA
injection. Additionally, the
kubebuilder:scaffold:crdkustomizewebhookpatch marker was
created to ensure that the webhook patch is only applied to
CRDs that have a conversion webhook in the
config/crd/kustomization.yaml file.
For more information on this and other scaffolding markers,
refer to the official Kubebuilder documentation:
https://book.kubebuilder.io/reference/markers/scaffold.
(#6928)
- (go/v4) For Go-based operators, ENVTEST version management is
now automated by deriving values from go.mod, and controller
tests now locate binaries dynamically. (More info)
These updates improve the developer experience by: - Reducing
manual configuration for ENVTEST. - Ensuring IDEs or test
runners can locate the binaries reliably. - Making controller
test scaffolding more robust and portable. (#6928)
- (go/v4) For Go-based operators, updated GolangCI-Lint
configuration to replace the deprecated exportloopref linter
with the copyloopvar linter. (#6928)
- (go/v4) For Go-based operators, upgraded project scaffolding
to Go 1.23, Kubernetes v0.32.1, and controller-runtime
v0.20.4.
- The default project scaffolding for Go-based operators has
been updated to use:
- Go 1.23
- Kubernetes modules v0.32.1
- controller-runtime v0.20.4
- Ginkgo v2.22.0 and Gomega v1.36.1. (#6928)
- Breaking change: (go/v4) For Go-based operators, upgraded
controller-runtime from v0.19.4 to v0.20.0 and added support
for Kubernetes 1.32. Removed deprecated webhook.Validator and
webhook.Defaulter interfaces from the runtime. Webhooks
should no longer reside under the api/ directory—this has
been the default behavior since Kubebuilder rlease
[v4.3.0)(https://github.com/kubernetes-sigs/kubebuilder/releases/tag/v4.3.0).
A --legacy=true flag was added to support scaffolding
webhooks in the old layout when needed. (More info ·
Migration guide). (#6928)
* Changelog
- Release v1.40.0 (#6956)
- moving 1.23 website from netlify to gh
- updating ansible-operator-plugin to v1.38.1 (#6955)
- Upgrade OPM to version from to (#6953)
- updating dependencies to latest allowable version(s) (#6951)
- Upgrade k8s version used by SDK from 1.30.0 to 1.32.2 (#6941)
- Upgrade kubebuilder scaffold from v4.2.0 to v4.5.2 (#6928)
- The comment has a spelling error. (#6948)
- feat: generalize container tool usage (#6932)
- Bump ubi9/ubi-minimal from 9.5 to 9.6 in /images/operator-sdk
(#6945)
- Bump ubi9/ubi-minimal from 9.5 to 9.6 in
/images/helm-operator (#6943)
- Bump ubi9/ubi-minimal from 9.5 to 9.6 in
/images/scorecard-test (#6944)
- Bump ubi9/ubi-minimal from 9.5 to 9.6 in
/images/custom-scorecard-tests (#6946)
- Bump golang.org/x/net from 0.37.0 to 0.38.0 (#6926)
- Upgrade golangci from 1.63.4 to 1.64.8 (#6940)
- (ci)- Update workflows ubuntu-22.04 to ubuntu-24.04 (#6938)
- fix: update kubectl fetch URL to official dl.k8s.io endpoint
(#6939)
- (fix) fis GOBIN to allow run make install in Mac Os (#6936)
- fixing CI post 1.39.2 release (#6937)
- OWNER-ALIAS: Update to ensure current state (#6935)
-------------------------------------------------------------------
Fri Mar 21 06:26:22 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 1.39.2:
* fix: primary-resouce is created in wrong place. by
@holyspectral in #6872
* docs: Replace memcached-operator in v1.39.0 update instructions
by @blu3r4y in #6898
* Fix Allow IfNotPresent policy when operator-sdk run bundle
#6795 by @kaovilai in #6851
* Bump github.com/containerd/containerd from 1.7.23 to 1.7.27 by
@dependabot in #6916
* updating dependencies to address CVE's by @acornett21 in #6917
* Bump github.com/distribution/distribution/v3 from 3.0.0-rc.1 to
3.0.0-rc.3 by @dependabot in #6918
* adding logic to GHA's to remove unused diskspace by @acornett21
in #6920
* Release v1.39.2 by @acornett21 in #6919
-------------------------------------------------------------------
Wed Jan 15 07:07:08 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 1.39.1:
* Release v1.39.1 (#6896)
* fix constant reconcilation issue in helm controller (#6895)
* fix constant reconcilation issue in helm controller (#6892)
* re-generate scaffolding post release (#6893)
-------------------------------------------------------------------
Sat Jan 11 12:13:44 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 1.39.0:
* Release v1.39.0 (#6890)
* move v1.22 from netlify to gh like in toml file (#6889)
* updating dependencies to k8s 1.31 (#6878)
* fix prometheus documentation link (#6888)
* fix small typo in filename (#6886)
* fixing CVE-2025-21614 in github.com/go-git/go-git/v5 (#6885)
* fixing CVE-2024-45338 in golang.org/x/net (#6884)
* updating project to use go 1.23 and UBI 9.5 (#6883)
* updating copywrite for 2025
* Bump golang.org/x/crypto from 0.27.0 to 0.31.0 (#6876)
* fix test data scaffolding...again (#6877)
* Update README.md - To add importance notice about legacy image
(#6871)
-------------------------------------------------------------------
Wed Nov 20 07:56:22 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 1.38.0:
* Release v1.38.0 (#6866)
* move v1.21 from netlify to gh like in toml file (#6865)
* removing kube-rbac-proxy from website docs (#6864)
* adding changelog and migrations for k8s 1.30 and kubebuilderv4
work (#6862)
* updating ansible plugin to 1.36.1 (#6861)
* rebasing from main (#6837)
* updating to k8s 1.30 dependencies and kubebuilder v4 (#6848)
* Update actions to latest (#6852)
* move away from latest tag for olm installs (#6849)
* fixing doc links so ci passes (#6850)
* Bump docker/build-push-action from 3 to 6 (#6774)
* fix: consider version when getting CRDs for validating
descriptors (#6784)
* fix: make `run bundle` use proper YAML library to split
documents (#6829)
* fix test data scaffolding (#6845)
* Update code snippets (#6796) (#6839)
* docs: Update go tutorial (#6832)
-------------------------------------------------------------------
Sat Sep 21 13:46:24 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 1.37.0:
* Release v1.37.0 (#6834)
* removing helm hybrid operator plugin (#6833)
* updating both webhook links to reference main docs url (#6828)
* Remove java-operator-plugins (#6824)
* updating docker dependencies to address GHSA-v23v-6jw2-98fq
(#6823)
* Bump github.com/opencontainers/runc from 1.1.12 to 1.1.14
(#6827)
* Bump java-operator-plugins to v0.11.1 (#6817)
-------------------------------------------------------------------
Fri Aug 09 17:56:07 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 1.36.1:
* Release v1.36.1 (#6807)
* fixing syslist.go link in website (#6808)
* Bump controller-runtime version to 0.17.4 (#6803)
* fixing test make files post release (#6804)
* Fix formatting (#6797)
-------------------------------------------------------------------
Tue Jul 30 06:39:32 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 1.36.0:
* Release v1.36.0 (#6793)
* Bump k8s to 1.29 versions (#6736)
-------------------------------------------------------------------
Wed Jun 19 04:46:45 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 1.35.0:
* Release v1.35.0 (#6775)
* updating ansible plugin version to latest (#6773)
* (helm/v1): fix role.yaml init scaffolding (#6769)
* Fix documentation link issues: (#6766)
* Update ubi-minimal to version 8.10 in all Dockerfiles to fix
critical security vulnerabilities (#6764)
* Update quickstart.md (#6732)
* Bump ansible operator plugin to v1.34.2 (#6749)
* Change DefaultIndexImage to UBI (#6726)
* update Designing Lean Operators docs to use new Kubebuilder
cache config options (#6743)
* update cncf-maintainers (#6741)
* Bump actions/setup-go from 4 to 5 (#6638)
* docs: correct spelling of Operator scope (#6728)
* Add OchiengEd to sdk-approvers (#6735)
* Change docs to reflect updated controller runtime options for
caching select namespaces (#6719)
* bumping docker and oras (since docker types changed location)
(#6720)
* chore: fix some comments (#6717)
* feat: support helm dryrun=server (#6691)
* add acornett21 to sdk-approves list (#6711)
* Release v1.34.0 (#6688)
-------------------------------------------------------------------
Sat May 18 07:49:28 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 1.34.2:
* Release v1.34.2 (#6751)
* No changes for this release!
-------------------------------------------------------------------
Fri Mar 15 21:59:22 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 1.34.1:
* (helm/v1) Fix an issue that multi-arch images cannot be built
from the project Makefile. (#6661
<https://github.com/operator-framework/operator-sdk/pull/6661>)
-------------------------------------------------------------------
Fri Mar 15 21:52:37 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 1.34.0:
* Bump ansible operator plugin version to 1.34.1 (#6685)
* docs: add note about chainsaw (#6675)
* rapid reset remediation (#6664)
* Bump go-git (#6663)
* fix: fix an issue that multi-arch images cannot be built from
the project makefile (#6661)
* refactor: change './bin' to 'LOCALBIN' (#6655)
* fix: migrate apis directory to api per standard (#6646)
-------------------------------------------------------------------
Tue Jan 30 16:54:14 UTC 2024 - andrea.manzini@suse.com
- Update to version 1.33.0:
* Bump supported Kubernetes version to 1.27
* Breaking change: (go/v4-alpha): go/v4 is now stable and is the
default version used when scaffolding a Go based operator.
* Breaking change: (kustomize/v2-alpha): kustomize/v2 is now
stable and is the default version used in the plugin chain when
using go/v4, ansible/v1, helm/v1, and hybrid/v1-alpha plugins.
* Updated the supported OLM versions to 0.24.0, 0.25.0, and
0.26.0.
* (helm/v1): Deprecate the --config flag due to the
controller-runtime ComponentConfig package being deprecated
with the planned removal of support for loading manager options
from a file.
* operator-sdk olm install: fix a bug where the retry logic would
not retry until the the command's timeout was reached,
resulting in early exiting of the command before the specified
timeout was reached.
-------------------------------------------------------------------
Sat Oct 07 05:26:13 UTC 2023 - kastl@b1-systems.de
- Update to version 1.32.0:
* Release v1.32.0 (#6593)
* Updated API to inherit updated multi-arch validator that scans
for node affinity. (#6592)
* Add missing "controller-tools" update instructions to the
v1.25.0 migration guide (#6525) (#6526)
* helm-operator: reduce cache memory footprint (#6377)
* (refactor): switch the ansible plugin to use
github.com/operator-framework/ansible-operator-plugins, remove
ansible code (#6583)
* Bump docker/setup-buildx-action from 2 to 3 (#6568)
* Allow users to add annotation to set configure rollback (#6546)
-------------------------------------------------------------------
Thu Sep 14 06:13:02 UTC 2023 - Johannes Kastl <kastl@b1-systems.de>
- new package operator-sdk: SDK for building Kubernetes
applications. Provides high level APIs, useful abstractions, and
project scaffolding.
