v1.28.0

v1.28.0

Changes

• (ansible): Revert the cryptography package unpinning and repin to v3.3.2. (#6348)
• • Upgrade Kubernetes dependencies from 1.25 to 1.26. - Upgrade sigs.k8s.io/controller-tools from v0.10.0 to v0.11.3. More info: https://github.com/kubernetes-sigs/controller-tools/releases - Upgrade sigs.k8s.io/controller-runtime dependency from v0.13.0 to v0.14.5. More info: https://github.com/kubernetes-sigs/controller-runtime/releases - Upgrade k8s.io/client-go dependency from v0.25.3 to v0.26.2. - Upgrade controller-gen dependency from v0.10.0 to v0.11.1. - Upgrade kube-rbac-proxy from v0.13.0 to v0.13.1 - Modify gov4alpha plugin to use go/v4-alpha from Kubebuilder. (#6352)

Bug Fixes

• For ansible operators: fix a JSON parsing bug by updating the kubernetes.core collection to v2.4.0. (#6334)
• (scorecard): update default storage and untar images to images that run as non-root users by default. This ensures full compliance with restricted PSA guidelines when using --pod-security=restricted. (#6335)

v1.26.1

v1.26.1

Changes

• operator-sdk run bundle(-upgrade): Change default of the --security-context-config flag to be legacy instead of restricted. (#6226)
• operator-sdk run bundle: When creating the CatalogSource, we now set the grpcPodConfig.SecurityContextConfig to the value of the --security-context-config flag. (#6226)

Bug Fixes

• operator-sdk bundle validate: Fix a bug in the Kubernetes 1.25 validation logic that would warn that a Kubernetes resource was deprecated without checking the group that contains the resource. (i.e if apps/deployments was deprecated and you used other/deployments you would recieve a warning)". The validation logic will now verify the group and resource before issuing a warning. (#6231)
• operator-sdk run bundle(-upgrade): Fix a bug where SQLite bundle images were failing to be run properly due to a change in the default channel that is used by run bundle(-upgrade) when creating a subscription. (#6226)
• operator-sdk run bundle(-upgrade): Update the logic used to set a Registry Pod's PSA configuration to fix a bug where a Pod's containers still had a restrictive SecurityContext even when setting --security-context-config=legacy. (#6226)

v1.27.0

v1.27.0

Changes

• operator-sdk run bundle(-upgrade): Change default of the --security-context-config flag to be legacy instead of restricted. (#6210)
• operator-sdk run bundle: When creating the CatalogSource, we now set the grpcPodConfig.SecurityContextConfig to the value of the --security-context-config flag. (#6210)
• The scorecard-test-kuttl image always prints the kuttl logs in case there is an error processing the kuttl report. (#6225)

Bug Fixes

• operator-sdk bundle validate: Fix a bug in the Kubernetes 1.25 validation logic that would warn that a Kubernetes resource was deprecated without checking the group that contains the resource. (i.e if apps/deployments was deprecated and you used other/deployments you would recieve a warning)". The validation logic will now verify the group and resource before issuing a warning. (#6227)
• operator-sdk run bundle(-upgrade): Fix a bug where SQLite bundle images were failing to be run properly due to a change in the default channel that is used by run bundle(-upgrade) when creating a subscription. (#6210)
• operator-sdk run bundle(-upgrade): Update the logic used to set a Registry Pod's PSA configuration to fix a bug where a Pod's containers still had a restrictive SecurityContext even when setting --security-context-config=legacy. (#6210)
• For operator-sdk bundle validate: Fix a bug that would make the command exit with a 0 exit code even if there were validation failures. (#6274)
• (scorecard): Fixes a bug where an error would be thrown if a Custom Resource did not have a .spec field, which is a perfectly valid scenario. Instead of throwing an error scorecard will now issue a suggestion. (#6245)

v1.25.4

v1.25.4

Changes

• operator-sdk run bundle(-upgrade): Change default of the --security-context-config flag to be legacy instead of restricted. (#6261)
• operator-sdk run bundle: When creating the CatalogSource, we now set the grpcPodConfig.SecurityContextConfig to the value of the --security-context-config flag. (#6261)

Bug Fixes

• operator-sdk bundle validate: Fix a bug in the Kubernetes 1.25 validation logic that would warn that a Kubernetes resource was deprecated without checking the group that contains the resource. (i.e if apps/deployments was deprecated and you used other/deployments you would recieve a warning)". The validation logic will now verify the group and resource before issuing a warning. (#6263)
• For operator-sdk run bundle(-upgrade): fix a bug in the logic that would attempt to create a ConfigMap that contained the entire contents of an FBC. Now if the FBC contents are to large to fit into a single ConfigMap, the FBC contents will be partitioned and split amongst multiple ConfigMap resources. (#6262)
• operator-sdk run bundle(-upgrade): Fix a bug where SQLite bundle images were failing to be run properly due to a change in the default channel that is used by run bundle(-upgrade) when creating a subscription. (#6261)
• operator-sdk run bundle(-upgrade): Update the logic used to set a Registry Pod's PSA configuration to fix a bug where a Pod's containers still had a restrictive SecurityContext even when setting --security-context-config=legacy. (#6261)
• (scorecard): Fixes a bug where an error would be thrown if a Custom Resource did not have a .spec field, which is a perfectly valid scenario. Instead of throwing an error scorecard will now issue a suggestion. (#6266)

v1.26.0

v1.26.0

Additions

• For operator-sdk bundle validate: When checking for Kubernetes APIs deprecated in Kubernetes v1.25.0 the ClusterServiceVersion's CustomResourceDefinitions, ClusterPermissions, and Permissions are now validated to ensure no references to deprecated APIs are being made. (#6119)

Changes

• (images): Bumps all Operator SDK maintained images to now use ubi(-minimal) tag 8.7. (#6175)

Bug Fixes

• ansible: fixed "make run" so it finds local roles. (#6110)
• For operator-sdk run bundle(-upgrade): fix a bug in the logic that would attempt to create a ConfigMap that contained the entire contents of an FBC. Now if the FBC contents are to large to fit into a single ConfigMap, the FBC contents will be partitioned and split amongst multiple ConfigMap resources. (#6182)

v1.25.3

v1.25.3

Bug Fixes

• For the ansible operator container images, update them to properly pull in the base image that uses UBI 8.7. (#6206)

v1.25.2

v1.25.2

Changes

• (images): Bumps all Operator SDK maintained images to now use ubi(-minimal) tag 8.7. (#6177)

v1.25.1

v1.25.1

Additions

• For operator-sdk bundle validate: When checking for Kubernetes APIs deprecated in Kubernetes v1.25.0 the ClusterServiceVersion's CustomResourceDefinitions, ClusterPermissions, and Permissions are now validated to ensure no references to deprecated APIs are being made. (#6123)

v1.25.0

v1.25.0

Changes

• (ansible/v1): Modified ansible scaffolding in order to incorporate changes with Kubebuilder on --component-config flag changes. Previously, the changes with --component-config flag were not considered by default.
  The following are the modifications: 1. If the --component-config flag is passed then look for - /manager in manager.yaml in order to add leader election id. If the component config flag is not passed then check for --leader-elect flag. 2. In manager_proxy_patch.yaml file, look for memory: 64Mi if the component flag is passed flag is passed. If not then look for --leader-elect. 3. Repeat the same logic for replacing the port number from the file. 4. At the end, update the manager.yaml file to avoid lint errors. (#6047)
• (go/v3, hybrid.helm/v1-alpha, and quarkus/v1-alpha): Upgrade Kubernetes dependencies from 1.24 to 1.25. (#6044)
• This PR bumped Kubebuilder to 3.7.1, with this version comes the addition of the --component-config flag.
  This flag is passed through operator-sdk init command. If this flag is passed through the command line as an argument then only the controller_manager_config.yaml file will be scaffolded in the manifest. If it is not passed then it will not scaffold out this file. The command for passing the flag is: operator-sdk init --domain example.com --repo github.com/example/memcached-operator --component-config. (#6047)
• (ansible/v1): updates the base ansible base operator event api, api server, and proxy to now have a 5 second timeout when reading the request headers. This is to prevent the possibility of a Slowloris attack. (#6088)
• Modified go version to 1.19 and Kubebuilder to 3.7.1. The config-gen is completely removed from Kubebuilder. As part of this bump, the website content of SDK was updated where the doc is referring to config-gen. (#6047)
• Updated ginkgo to ginkgo/v2 in all of the files. (#6047)
• Updated: - ginko to ginko/v2 - io/ioutil packages to either io or os since its not longer supported in go1.19. (#6047)
• (helm/v1): Modified helm scaffolding in order to incorporate changes with Kubebuilder on --component-config flag changes. Previously, the changes with --component-config flag were not considered by default.
  The following are the modifications: 1. If the --component-config flag is passed then look for - /manager in manager.yaml in order to add leader election id. If the component config flag is not passed then check for --leader-elect flag. 2. In manager_proxy_patch.yaml file, look for memory: 64Mi if the component flag is passed flag is passed. If not then look for --leader-elect. 3. Repeat the same logic for replacing the port number from the file. 4. At the end, update the manager.yaml file to avoid lint errors. (#6047)
• (ansible/v1, helm/v1): Added support to build multi-arch images from the project Makefile. A docker-buildx target will build the images for the platforms specified by the PLATFORMS variable. (#6093)

Bug Fixes

• (docs) Update the go version in the developer guide. The documentation wasn't updated when the go version was bumped to v1.18. (#6101)
• For operator-sdk run bundle and bundle-upgrade subcommands: Added --security-context-config flag to enable seccompprofile. It defaults to restricted to support k8s 1.25. You can disable it with --security-context-config=legacy. (#6062)

v1.24.1

v1.24.1

Bug Fixes

• For operator-sdk run bundle and bundle-upgrade subcommands: Added --security-context-config flag to enable seccompprofile. It defaults to restricted to support k8s 1.25. You can disable it with --security-context-config=legacy. (#6080)