Releases: Azure/azure-service-operator
1.0.59040
v2.0.0
Release notes
This is ASO's first GA release!
Breaking changes
Upgrades from releases prior to v2.0.0-beta.5 are disallowed
We changed how we manage CRDs in this release (see #2769), and as a result if using Helm you must upgrade from v2.0.0-beta.5 to v2.0.0.
You cannot upgrade from v2.0.0-beta.4 or earlier directly to v2.0.0. This is enforced with a Helm upgrade hook.
This restriction is just for upgrades to the v2.0.0 version, although we always recommend upgrading one version at a time.
Alpha CRD versions have been removed
You cannot successfully upgrade to v2.0.0 until you have followed our migration guide.
Fresh installations of v2.0.0 are unaffected.
ResourceGroup Status.ProvisioningState field is now Status.Properties.ProvisioningState
We believe that this is unlikely to break users as tooling always uses the Conditions
field rather than ProvisioningState
to track resource provisioning
progress, but calling it out nonetheless for completeness.
Upcoming Breaking changes
Beta CRD versions (any version with v1beta
prefix) will be deprecated no sooner than v2.3.0. We recommend you start using
v1api
prefixed versions now. You can easily swap from a v1beta
version to a v1api
version by just replacing v1beta
with v1api
in your CRD YAML.
Tools
- New
asoctl
tool can be used to import existing resources from Azure and remove deprecated CRD versions. See asoctl for more details.
New resources
- Support new AKS ManagedCluster version
20230201
(#2727) - Support Azure SQL and 20+ associated resources (#2698)
- Support PrivateLinkService (#2733)
- Support PrivateEndpoint (#2733)
- Support PrivateDNSZone Records (#2733)
- Support Synapse Workspace and BigDataPool (#2860)
Features
- Use v1 version for webhook conversionReviewVersions (#2760)
- Code generate ResourceGroup (#2748)
- Make the default credential optional (#2758)
- The operator pod now manages ASO CRDs, rather than Helm (#2769)
- Add support for Azure client certificate auth (#2786)
- Increase initialDelaySeconds for readiness and liveness probe (#2844)
- Support UserAssignedIdentities on all relevant resources (#2850)
Bug fixes
- NamespacesTopicsSubscription no longer gets stuck when attempting to use the
forwardTo
field if the Queue being forwarded to is being created (#2777)
Documentation
- Improve insights samples (#2827)
Full Changelog: v2.0.0-beta.5...v2.0.0
New Contributors
- @emilychu9318 made their first contribution in #2781
v2.0.0-beta.5
Release notes
This is a small maintenance release containing mostly security updates and bug fixes.
Features
- Bump go version to 1.20.1 (#2735)
- Bump github.com/Azure/aad-pod-identity from 1.6.3 to 1.8.13 (#2667)
- Bump golang.org/x/net from 0.4.0 to 0.7.0 (#2730)
- Bump kube-rbac-proxy to version 0.13.1 (#2745)
- Add keep annotation to CRDs in Helm (#2754)
- Export controllers.CreateScheme to make creating clients easier (#2714)
Bug fixes
- Use correct API version for DELETE requests (#2709)
- Postpone update of PostgreSQL Flexible Server if it's already updating (#2688)
- Postpone update of containerservice ManagedCluster and AgentPool if they're already updating (#2686)
Documentation
- Document ASO controller settings (#2658)
- FAQ updates (#2676, #2696)
- Fix multitenancy creds options list in docs (#2737)
Full Changelog: v2.0.0-beta.4...v2.0.0-beta.5
v2.0.0-beta.4
Breaking changes
In the beta.4
release of Azure Service Operator (ASO) we are pivoting to using Azure Swagger API Specifications as the sole source of truth for our code generator. This change brings with it a significant improvement in fidelity, and some breaking changes which you can find on the breaking changes documentation.
Release Notes
New resources
- Version
2022-01-20preview
ofDbforpostgresql/FlexibleServer
(#2642)
Features
- Updated versions of a few dependencies for CVE reasons (#2566)
- Increase
AZURE_SYNC_PERIOD
default from 15m to 1h (#2578) - Add ability to support namespaced credential - single-operator multitenancy (#2559)
- Add ability to support per-resource credential - single-operator multitenancy (#2576)
- Add support to import tenantID, applicationID and objectID for Keyvault AccessPolicies from Configmap reference (#2595)
- Add workload identity support for single-operator multitenancy (#2612)
- Use Swagger as sole input for CRD generation (#2323)
- Workload Identity improvements: Eliminate the requirement for Workload Identity deployment (#2651)
Bug Fixes
- Configure rate limiter to accommodate ARM throttling (#2601)
- Fix helm annotations indentation (#2617)
- Fix an issue where ASO metrics were not exposed properly (#2648)
Full Changelog: v2.0.0-beta.3...v2.0.0-beta.4
v2.0.0-beta.3
Release notes
New resources
- Add
managedidentity.FederatedIdentityCredential
(#2470) - Add
appconfiguration.ConfigurationStore
(#2472) - Add
documentdb.SqlRoleAssignment
(#2487) - Add
web.Site
andweb.ServerFarm
(#2465) - Add
servicebus.Subscription
(#2524)
Features
- Support installing ASO into a custom namespace in Helm chart (#2458)
- Support installing ASO in multi-tenant mode via the Helm chart (#2460)
- Logging improvements: remove duplicate log messages and add useful logs on delete path (#2469, #2536)
- Allow users to export ServiceBusEndpoint for ServiceBusNamespace (#2490)
- Add support for Workload Identity (#2464)
- Allow users to export certain interesting properties to a ConfigMap via the
operatorSpec.ConfigMaps
property (#2530) - Update dependencies (client-go, apimachinery, controller-runtime) (#2543)
- Enable ConfigMap input for RoleAssignment PrincipalId (#2550)
- Move samples to more easily discoverable location (#2554)
Bug fixes
- Fix an issue during resource deletion where the Ready condition could fail to contain details about delete errors (#2462)
- Fix an issue where
ResourceGroup
could be created with an invalidAzureName
(#2488) - Fix an issue where ASO would fail to create resources in subscriptions where the RP of that resource was not yet registered (#2516)
- Fix an issue when deleting a resource that could cause the resource to not actually be deleted in Azure (#2560)
Upcoming deprecations
The v1alpha1
resources will be deprecated in a future release.
Please migrate away from these resources by updating the apiVersion
to the corresponding v1beta...
API. See supported resources for details about the specific apiVersion
to use for each type of resource.
New Contributors
- @mehighlow made their first contribution in #2532
New community channel
Come join us on the Kubernetes Slack in the #azure-service-operator
channel!
Full Changelog: v2.0.0-beta.2...v2.0.0-beta.3
v2.0.0-beta.2
New resources
- Version
2022-03-01
of Compute resources (#2409) networking.PrivateDnsZone
(#2430)subscription.Alias
(#2446)machinelearning.Workspaces
,machinelearing.WorkspacesCompute
, andmachinelearning.WorkspacesConnection
(#2319)
Features
- Samples are now tested in CI to make sure they work out of the box. Note that you may still need to change names if the sample names are taken.
- Support for national clouds (#2441)
- Updated versions of a few dependencies for CVE reasons (#2384)
- Expose metrics container port for scraping (#2380)
Bug fixes
- Fix bug where a resource would continue to display a Ready condition with Severity
Warning
due to a required Secret not existing after the secret was already created. (#2422) - Resources no longer have reconcile triggered if a secret named the same as their secret is updated in a different namespace (#2403)
- Fixed bug where resources could report successful resource creation when in reality resource creation failed. Operator would then continuously hit error attempting to get resource because it didn't exist. (#2381).
Upcoming deprecations
The v1alpha1
resources will be deprecated in a future release.
Please migrate away from these resources by updating the apiVersion
to the corresponding v1beta...
API. See supported resources for details about the specific apiVersion
to use for each type of resource.
Full Changelog: v2.0.0-beta.1...v2.0.0-beta.2
1.0.45297: Fix ADO job cluster query (#2421)
Changes:
- Fix CVEs in ASOv1 (#2374)
v2.0.0-beta.1
Breaking changes
- Removed the
password
field ofosProfile
in virtualmachinescalesets.compute.azure.comstatus
. This field was never returned by the underlying API and so was always empty. - Renamed
eTag
toetag
in thestatus
of workspaces.operationalinsights.azure.com. This field was always empty previously. See the upstream change for more context.
If you have not taken an explicit dependency on one of the status
fields mentioned above you should be able to directly upgrade from v2.0.0-beta.0
to v2.0.0-beta.1
.
Helm chart breaking changes
- CRDs are now managed as resources by Helm. This was necessary for Helm to apply CRD updates. See #2338 for more details.
Warning: If you deployed
v2.0.0-beta.0
with Helm, you must manually adopt the CRDs into the Helm release before upgrading tov2.0.0-beta.1
orhelm upgrade
will fail. You can use the script below to do this.
First set set HELM_RELEASE=<your helm release name>
and HELM_RELEASE_NAMESPACE=azureserviceoperator-system
#!/bin/bash
set -euo pipefail
echo "Annotating ASO CRDs with release-name=${HELM_RELEASE}, release-namespace=${HELM_RELEASE_NAMESPACE}"
for CRD in $(kubectl get crds -o='custom-columns=Name:.metadata.name' | grep azure.com)
do
kubectl label crd ${CRD} app.kubernetes.io/managed-by=Helm --overwrite
kubectl annotate crd ${CRD} meta.helm.sh/release-name=${HELM_RELEASE} --overwrite
kubectl annotate crd ${CRD} meta.helm.sh/release-namespace=${HELM_RELEASE_NAMESPACE} --overwrite
done
Release notes
New resources
containerinstance.ContainerGroup
by @majguo (#2330)cdn.Profile
andcdn.ProfilesEndpoint
(#2286)dbformariadb.Server
,dbformariadb.Database
anddbformariadb.Configuration
(#2306)keyvault.Vault
(#2310)networking.RouteTable
andnetworking.RouteTablesRoute
(#2302)dbformysql.User
(#2328)
Features
- A number of documentation improvements, including changing the format of the documentation website to look nicer while also being easier to navigate.
- Added liveness probe to operator pod (#2254)
- Add validation for
AzureName
andOwner
immutability (#2260) - Added infrastructure to support reconciling resources that aren't ARM resources. The first example of this is the new
dbformysql.User
support (#2328) - Expose
fullyQualifiedDomainName
as a secret forpostgres
andmysql
(#2297) - Make manager container the default for
kubectl logs
(#2303) - Update version of gopkg.in/yaml.v3 to address CVE-2022-28948 (#2320)
- Update azcore, azidentity and azure-sdk to v1.0.0 (#2331)
- Add support for AKS ManagedCluster credentials (#2355)
Bug fixes
- Add missing secret permissions to ASO service account (#2346)
- Fix bug where controller could crash if attempting to emit metric for HTTP response that timed out (#2347)
- Add leases access to leader role (#2365)
- Clearer error if
AzureName
is not set (#2366)
Upcoming deprecations
The v1alpha1
resources will be deprecated no sooner than v2.0.0-beta.2
.
Please migrate away from these resources by updating the apiVersion
to the corresponding v1beta...
API. See supported resources for details about the specific apiVersion
to use for each type of resource.
New Contributors
Full Changelog: v2.0.0-beta.0...v2.0.0-beta.1
v2.0.0-beta.0
Release notes
- Added
v1beta
versions of all resources. - Added support for Azure generated secrets. Azure generated secrets are supported for the following resources:
storage.StorageAccount
cache.Redis
documentdb.DatabaseAccount
- Added support for the following new resources:
storage.StorageAccountsManagementPolicy
- Documentation improvements:
- Added CRD reference documentation. See for example the
authorization.azure.com
reference docs. - Document ASO's usage of
Condition
's (#2130). - Improved readability of supported resources page (#2221)
- Added CRD reference documentation. See for example the
- Added Helm chart.
- Enabled tracking of various Azure specific metrics in addition to built-in controller-runtime metrics (#2180).
- Updated version of
controller-runtime
,controller-gen
, andenvtest
(#2217). - Bug fixes:
- Fixed a bug where the
Ready
Condition of a resource was not set in some error cases (#2098). - Fixed a bug where some errors were incorrectly classified as a warning when they were actually fatal (#2108).
- Fixed a bug where resources with required fields weren't correctly being rejected when those fields were not included (#2126).
- Fixed a bug where some
Status
types hadkubebuilder
validations (#2148). - Fixed a bug where a VNET update could unexpectedly delete subnets in that VNET (#2169).
- Fixed a bug where invalid code could be generated for resources with multiple versions and complex relationships between those versions (#2186, #2201)
- Fixed a bug where the
Upcoming deprecations
The v1alpha1
resources will be deprecated no sooner than v2.0.0-beta.2
.
Please migrate away from these resources by updating the apiVersion
to the corresponding v1beta...
API. See supported resources for details about the specific apiVersion
to use for each type of resource.
1.0.39435
Changes:
This list of changes was auto generated.