v1.7.1

v1.7.1

Additions

• Added operator-sdk pkgman-to-bundle command to support migration of packagemanifests to bundle format. Refer https://github.com/operator-framework/enhancements/blob/master/enhancements/sdk-migrate-bundle.md for more details. (#4718)
• For Ansible-based operators, added log messages for each event that is received. This will make debugging excessive reconciliations much more straightforward. (#4779)
• Added new optional flag --optional-values to the command operator-sdk bundle validate. This option allows to inform a list of key and values to the validators. (e.g. operator-sdk bundle validate ./bundle --optional-values=k8s-version=1.22 --select-optional suite=operatorframework). (#4693)

Changes

• (go/v3, ansible/v1, helm/v1) Bumped controller-runtime to v0.8.3 (kubernetes 1.20). (#4863)

Deprecations

• Deprecated operator-sdk generate packagemanifests and operator-sdk run packagemanifests commands, packagemanifests support in general in favour of operator bundles. (#4838)

Bug Fixes

• For Ansible- and Helm-based operators, added the --config flag, which was mistakenly not added to either ansible-/helm-operator binary when file support was originally added. (#4776)
• Format ansible-operator and helm-operator run command logs correctly. (#4844)
• (go/v3, ansible/v1, helm/v1) Moved leases.coordination.k8s.io to its own proxy-role rule. (#4835)
• (go/v3) Set the Makefile's SHELL variable to the system's bash binary with shell opts. (#4835)
• The generate kustomize manifests command no longer adds non-served CRD versions to a CSV's .spec.customresourcedefinitions.owned. (#4842)
• For Anible-based operators, fixed a bug that prevented owner reference annotations from being added to cluster-scoped and multi-namespace resources, which had to be applied manually to correctly reconcile them. (#4850)

v1.6.2

v1.6.2

Note
This is a security release, wherein base images have been patched. It is recommended that you bump your project’s base image from a previous v1.6 patch tag to v1.6.2.

Bug Fixes

• For Ansible- and Helm-based operators, add the --config flag, which was mistakenly not added to either ansible-/helm-operator binary when file support was originally added. (#4780)

v1.5.2

v1.5.2

No changes for this release!

Note
This is a security release, wherein base images have been patched. It is recommended that you bump your project’s base image from a previous v1.5 patch tag to v1.5.2.

v1.6.1

v1.6.1

Additions

• For Golang-based operators, added the declarative.go/v1 plugin which customizes initialized projects with patterns from kubernetes-sigs/kubebuilder-declarative-pattern. (e.g operator-sdk create api --plugins=go/v3,declarative). (#4731)
• Added kustomize.common/v1 plugin which scaffolds the a commonly used project base that leverages kustomize. (#4730)
• (ansible/v1, helm/v1) Added the option to configure ansible-operator and helm-operator with a component config. (#4701)
• (ansible/v1, helm/v1) Add rules for leader election. (#4701)
• Added alpha config-gen, a kustomize plugin to specialize configuration for kubebuilder-style projects. This feature is alpha and subject to breaking changes. (#4670)
• (helm/v1, ansible/v1) Added Makefile help target. (#4660)
• (ansible/v1, helm/v1) Added securityContext's to the manager's Deployment to disallow running as root user. (#4655)
• Added --ca-secret-name to run bundle and run bundle-upgrade to configure the registry Pod with an in-cluster certificate Secret to use TLS with a private registry. (#4703)
• For Helm based-operators, added annotation helm.sdk.operatorframework.io/uninstall-wait: "true" to allow all resources to be deleted before removing the custom resource's finalizer. (#4487)
• (go/v2, go/v3, ansible/v1, helm/v1) Added the opm and catalog-build Makefile targets to download opm and build operator catalogs either from scratch or an existing catalog. (#4406)
• Added new optional flags --delete-all, --delete-crds and --delete-operator-groups to the cleanup command. (#4619)
• Added --service-account to run bundle and run bundle-upgrade to bind registry objects to a non-default service account. (#4694)
• Added --pull-secret-name to run bundle and run bundle-upgrade to configure the registry Pod with an in-cluster docker config Secret to pull bundle images from private registries. (#4694)
• (ansible/v1, helm/v1) Create and bind controller-manager to a non-default service account (kubebuilder#2070). (#4653)

Changes

• For Ansible-based Operators: Update Python dependencies.
  • openshift (0.11.2 -> 0.12.0)
  • kubernetes (11.0.0 -> 12.0.1)
  • ansible-runner (1.4.6 -> 1.4.7)
  • ansible (2.9.15 -> 2.9.19). (#4734)
• (ansible/v1) Update scaffolded requirements.yml to pull in newer versions of the Ansible collections.
  • community.kubernetes (1.1.1 -> 1.2.1)
  • operator_sdk.util (0.1.0 -> 0.2.0). (#4734)
• (helm/v1) Explicitly set --health-probe-bind-address in the manager's auth proxy patch. (#4654)
• (ansible/v1) Explicitly set --health-probe-bind-address in the manager's auth proxy patch. (#4654)
• (go/v2, go/v3, ansible/v1, helm/v1) Changed BUNDLE_IMG and added IMAGE_TAG_BASE Makefile variables to allow one line bundle and catalog image builds. (#4406)
• For Ansible-based operators, collections as main dependencies for the operator installed with ansible-galaxy are pinned to specific versions to prevent hard to track bugs. (#4529)
• Update community Kubernetes Ansible collection to version 1.1.1. (#4594)
• Bumped urllib3 in ansible-operator-base and ansible-operator images to 1.26.4 for a security fix. (#4723)
• For Ansible-based operators, Python package installation in the Docker image is delegated to a pipenv managed Pipfile and Pipfile.lock, pinning both the main installed packages and their subdependencies. This prevents installing conflicting (sub)dependencies. (#4543)
• For Ansible-based operators, Python package installation in the Docker image is delegated to a pipenv managed Pipfile and Pipfile.lock, pinning both the main installed packages and their subdependencies. This prevents installing conflicting (sub)dependencies. (#4543)

Deprecations

• (ansible/v1, helm/v1) The flags --enable-leader-election and --metrics-addr were deprecated in favor of --leader-elect and --metrics-bind-address, respectively, to follow upstream conventions. (#4654)

Bug Fixes

• (go/v3) Create webhook manifests in config/ on running create webhook, not init. (#4701)
• (manifests/v2) Added a config/manifests kustomize patch to remove the cert-manager volume and volumeMount from manifests destined for generate <bundle|packagemanifests>. (#4623)
• For Helm-based operators, fixed handling of kind: List whereby the operator fails when trying to set watch on the object. Watches are created for objects in the list instead. (#4682)
• (go/v2, go/v3, ansible/v1, helm/v1) Fixed the Prometheus ServiceMonitor metrics endpoint, which was not configured to be scraped correctly. (#4680)
• In Ansible-based operators, mark the input variables from custom resources as unsafe by default. (#4566)

v1.5.1

v1.5.1

Changes

• Bumped urllib3 in ansible-operator-base and ansible-operator images to 1.26.4 for a security fix. (#4724)

v1.5.0

v1.5.0

This release contains a few big changes, one of which is the stabilization of project version 3-alpha to 3. In a sense this is a breaking change because 3-alpha no longer exists, however because the config version was alpha it technically is not. Regardless, the alpha config-3alpha-to-3 command was added to assist in upgrading. See the relevant migration guide section for more information.

Additions

• Added support for markers for files with the yml extension. More info: kubernetes-sigs/kubebuilder#1907. (#4402)
• (go/v3) Added the --force option to the create webhook command. More info: kubernetes-sigs/kubebuilder#1903. (#4402)
• (go/v3) Added ErrorIfCRDPathMissing config by default to controller's suite_tests.go. More info: kubernetes-sigs/kubebuilder#1910. (#4402)
• For Ansible-based operators, allow passing a --graceful-shutdown-timeout to configure the duration the manager should wait before stopping. (#4571)
• (go/v3) Create and bind to a non-default service account (kubernetes-sigs/kubebuilder#2070). (#4626)

Changes

• Breaking change: PROJECT config version 3-alpha has been upgraded to version 3. (#4613)
• (go/v3) Upgraded the sigs.k8s.io/kubebuilder-declarative-pattern dependency used by create api --pattern=addon. More info: kubernetes-sigs/kubebuilder#1946. (#4402)
• (go/v2, go/v3) Added Makefile help. (#4402)
• (go/v3) Changed the manager pod template's security context runAsUser: 65532 to runAsNonRoot: true. More info: kubernetes-sigs/kubebuilder#1978. (#4402)
• Improved generate bundle and generate packagemanifests handling and help text for use outside of a project. (#4514)
• (go/v3) Pinned controller-runtime to v0.7.2. (#4626)
• For Ansible-based operators, change the level of the proxy skipping cache logs to debug level. (#4511)

Bug Fixes

• For Go-based operators, fixed create api --force such that it actually overwrites all files. More info: kubernetes-sigs/kubebuilder#1903. (#4402)
• Upgraded the gcr.io/kubebuilder/kube-rbac-proxy image version from 0.5.0 to 0.8.0 to support rootless run mode. More info kubernetes-sigs/kubebuilder#1955. (#4402)
• (go/v3) Correctly named health/readiness endpoints as healthz and readyz, respectively. More info kubernetes-sigs/kubebuilder#1910. (#4402)
• (go/v3) Tolerate . directories when checking if dir is empty in init. More info: kubernetes-sigs/kubebuilder#1944. (#4402)
• Properly consider all Go files when generating a CSV's spec.customresourcedefinitions.owned. (#4507)
• Fixed samples kustomization.yaml generation on operator-sdk init --plugins=helm --helm-chart=<chart>, caused by out-of-order operations in plugin code. (#4584)
• Skip CSV definitions parsing in generate kustomize manifests if the APIs dir does not exist, as projects may use only required APIs. (#4624)
• Bump cryptography dependency in ansible-operator to 3.3.2. This will fix a potential security bug related to update() calls. Ref: https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst#332---2021-02-07. (#4539)
• Fixed ambiguous --input-dir and --deploy-dir flag semantics for generate bundle. (#4514)
• (ansible/v1, helm/v1) Upgraded the gcr.io/kubebuilder/kube-rbac-proxy image version from 0.5.0 to 0.8.0 to support rootless run mode. (#4498)
• For Ansible/Helm-based operators, fix swapped readinessProbe/livenessProbe in manager. (#4546)

scorecard-kuttl/v2.0.0

The quay.io/operator-framework/scorecard-test-kuttl image will now be released separately from other Operator SDK images due to its dependency on kuttl. These releases start at v2.0.0 and contain images tagged like:

quay.io/operator-framework/scorecard-test-kuttl:v2.0.0
quay.io/operator-framework/scorecard-test-kuttl:v2.0

Images tagged with master will still be pushed on a per-commit basis.

See #4557 and #4633 for discussion.

v1.4.2

v1.4.2

Bug Fixes

• Properly consider all Go files when generating a CSV's spec.customresourcedefinitions.owned. (#4509)
• Bump cryptography dependency in ansible-operator to 3.3.2. This will fix a potential security bug related to update() calls. Ref: https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst#332---2021-02-07. (#4531)

v1.3.2

v1.3.2

Bug Fixes

• Properly consider all Go files when generating a CSV's spec.customresourcedefinitions.owned. (#4508)

v1.4.0

v1.4.0

Additions

• For Helm-based operators, added Liveness and Readiness probe by default using healthz.Ping. (#4326)
• For Ansible-based operators, added Liveness and Readiness probe by default using healthz.Ping. (#4326)
• For Ansible/Helm-based operators, added new flag --health-probe-bind-address to set the health probe address. (#4326)
• (ansible/v1, helm/v1) Added plugin objects for the manifests and scorecard phase 2 plugins. (#4419)
• For Ansible-based and Helm-based operators, as well as for the Operator SDK and the (custom) scorecard tests, the Docker base images are pinned to improve the reproducibility of builds using Docker. (#4417)

Changes

• Changed the suggested finalizer format to <qualified-group>/<finalizer-name>. (#4472)
• Upgraded the kudobuilder/kuttl base image version in the scorecard-test-kuttl image to v0.8.0. (#4391)
• (go/v2) Changed go PROJECT plugin object to manifests and scorecard objects (.sdk.operatorframework.io suffix). (#4419)
• (ansible/v1, helm/v1) Post-fixed positional directory argument . in docker-build make target to align with podman. (#4466)
• For Ansible-based operators, the Python version has been updated to a newer version, from 3.6 to 3.8 to take advantage of performance improvements, language additions, security updates and generally better availability for local development. (#4413)

Deprecations

• For Ansible-based operators, the /ping endpoint is deprecated. Use /healthz instead. (#4326)

Bug Fixes

• Project version now determines how package name is retrieved for a project. (#4431)
• run bundle-upgrade now handles error gracefully when a previous operator version doesn't exist. (#4451)
• run bundle and run bundle-upgrade now validate the value passed to the hidden flag --mode before running a bundle. (#4462)
• For Go-based projects, generate <bundle|packagemanifests> subcommands now consider package and type names when parsing Go API types files to generate a CSV's owned.customresourcedefinitions, such that types in different packages and files will not overwrite each other. (#4445)
• Bumped operator-framework/api to prevent operator-sdk bundle validate from exiting non-0 when validation emits only warnings. (#4458)
• Fixed panic when "operator-sdk bundle validate" fails. (#4386)
• Update containerd dependency to correctly handle running the Operator SDK CLI on Apple Silicon. (#4359)
• Fixed invalid object names generated for long package names passed to run packagemanifests & run bundle. (#4471)
• Corrected the download URL for helm-operator and ansible-operator in their respective project types. (#4407)
• Fixed the order of helm-operator, ansible-operator, and kustomize binary checks in the Makefile. (#4407)
• Fixed a bug that caused the Helm operator to remove the finalizer without doing a helm uninstall. (#3431)
• For Helm-based operators, do not add owner references to resources that contain the Helm annotation: 'helm.sh/resource-policy: keep'. (#4389)