operator-sdk

v1.13.0

Additions

• Added new optional validator alpha-deprecated-apis for the command bundle validate to help you verify if your bundle uses Kubernetes deprecated APIs. (#5216)
• Added support for configuring Scorecard Service Accounts using config files alongside the CLI. (#5245)

Changes

• (quarkus/v1alpha) Bumped java-operator-plugins to v0.1.0. This is the first release of the java-operator-plugins repo. There are no other changes besides pointing to a specific tag. (#5206)
• For ansible-based operators, we have bumped ansible-runner dependency to >= 2.0.2. (#5205)
• Updated default base image used in run bundle and run bundle-upgrade to the multi-arch quay.io/operator-framework/opm:latest image to support non-amd64 clusters. (#5171)
• Replaced busybox with UBI8.4 for Scorecard Un-Tar image. (#5191)

v1.12.0

Additions

• If an optional UniqueID is provided by a user in the scorecard config and the user generates XML output the UID will be appended to the test result output. (#5092)

Bug Fixes

• Preserve the order of webhookdefinitions while generating bundles, by sorting webhookDescriptions in CSV generator. (#5177)

v1.11.0

Additions

• (go/v3, ansible/v1, helm/v1) Added containerPort protocol field required for server-side apply in manifests. (#4863)
• For helm based operators, added a predicate that filters resources based on selectors specified in watches.yaml. Only the resources that contain the labels specified by selectors will be reconciled. (#4997)
• For helm-based operators, support go text/template expansion of override values. (#5105)

Changes

• (go/v3) Fixed a bug in make test caused by incorrect envtest asset setup. (#4863)
• (go/v3, ansible/v1, helm/v1) Increased resource limits for controller manager. (#4863)
• Updated operator-framework dependency to 0.10.5. This specific update includes a fix for bundle validation when checking for invalid service accounts. (#5119)
• For helm-based operators, reverted #5042 and #4937 which modified helm release equality comparison. (#5097)

Bug Fixes

• (ansible/v1) Previously, when scaffolding an Ansible-based operator with both Roles and Playbooks, the roles imported by the playbook could not be found when running locally (make run). This change prepends the ANSIBLE_ROLES_PATH environment variable with the path to the local roles directory. (#5118)
• For Ansible-based operators, if a request is sent without a body in the metadata it will now be extracted from the request URL and properly set owner references/dependent watches. (#5064)
• In generate bundle, exclude ServiceAccounts already in a CSV from generated bundle. (#5120)

v1.10.1

Additions

• (go/v3, ansible/v1, helm/v1) Added containerPort protocol field required for server-side apply in manifests. (#4863)

Changes

• (go/v3, ansible/v1, helm/v1) Increased default resource limits for controller manager. (#4863)
• For helm-based operators, reverted #5042 and #4937 which modified helm release equality comparison.
  (#5106)

Bug Fixes

• In generate bundle, exclude ServiceAccounts already in a CSV from generated bundle. (#5124)
• (go/v3) Fixed a bug in make test caused by incorrect envtest asset setup. (#4863)

v1.8.2

Changes

• For helm-based operators, reverted the following PRs which modified helm release equality comparison. - https://github.com/operator-framework/operator-sdk/pull/5042 - https://github.com/operator-framework/operator-sdk/pull/4937. (#5108)

Bug Fixes

• In generate bundle, exclude ServiceAccounts already in a CSV from generated bundle. (#5126)
• In the pkgman-to-bundle command, changed the default channel name used for CSV's not specified in package.yaml to defaultChannel instead of "candidate". (#5071)

v1.9.2

Changes

• For helm-based operators, reverted the following PRs which modified helm release equality comparison. - https://github.com/operator-framework/operator-sdk/pull/5042 - https://github.com/operator-framework/operator-sdk/pull/4937. (#5107)

Bug Fixes

• In generate bundle, exclude ServiceAccounts already in a CSV from generated bundle. (#5127)

v1.10.0

Additions

• Provide XML formatting option for scorecard users. Additionally transforms scorecard result types to xunit testsuite/testcase layout. (#5048)

Changes

• Breaking change: (ansible/v1) Bumped Kustomize version in ansible project scaffolding to 3.8.7. (#5057)

Bug Fixes

• Fixed the operator-sdk generate bundle command to specify the right path of bundle metadata in bundle.Dockerfile. (#5030)
• For Helm-based operators, fixed release equality comparison such that number values are compared and not their types to avoid unnecessary reconciliations. (#5042)
• Bump java-operator-plugins. Adds namespaced plugin attribute and fixes resource version generation. (#5020)
• In the pkgman-to-bundle command, changed the default channel name used for CSV's not specified in package.yaml to defaultChannel instead of "candidate". (#5062)

v1.9.1

Bug Fixes

• Fixed the operator-sdk generate bundle command to specify the right path of bundle metadata in bundle.Dockerfile. (#5035)
• For Helm-based operators, fixed release equality comparison such that number values are compared and not their types to avoid unnecessary reconciliations. (#5046)
• In the pkgman-to-bundle command, changed the default channel name used for CSV's not specified in package.yaml to defaultChannel instead of "candidate". (#5067)

v1.8.1

Bug Fixes

• For Helm-based operators, empty patch requests generated from the 3-way merge are filtered to avoid unnecessary requests to the kube apiserver. (#4971)
• Fixed the operator-sdk generate bundle command to specify the right path of bundle metadata in bundle.Dcokerfile. (#5037)
• For Helm-based operators, fixed release equality comparison such that number values are compared and not their types to avoid unnecessary reconciliations. (#5045)

v1.9.0

Changes

• Breaking change: For Ansible operators, if an API endpoint has path component in it then the ansible-operator binary will terminate early with an error, due to a bug in the proxy that would cause the operator to target the wrong cluster. (#4987)

Bug Fixes

• For helm-based operators, empty patch requests generated from the 3-way merge are filtered to avoid unnecessary requests to the kube apiserver. (#4957)

v1.8.0

Additions

• Added new bundle validator to check the bundle against the Community Operator criteria. For futher information run operator-sdk bundle validate --list-optional and operator-sdk bundle validate --help. This validator is in alpha and subject to breaking changes. (#4939)
• Added --extra-service-accounts flag to generate bundle to consider roles bound to service accounts not specified in the operator's Deployment. (#4826)
• Added the quarkus/v1-alpha Java plugin, which supports init and create api commands. This plugin is alpha and subject to breaking changes. (#4871)
• Add new optional flag --skip-tls to the commands operator-sdk run bundle and operator-sdk run bundle-upgrade. This option allows to install the operator from a bundle image stored at an insecure docker registry. (e.g. operator-sdk run bundle localhost:5000/my-operator-bundle:latest --skip-tls). (#4816)

Changes

• generate bundle adds ClusterRoles bound by RoleBindings to a CSV's .spec.permissions, since these become namespace-scoped at runtime. They will also be added to .spec.clusterPermissions if bound by a ClusterRoleBinding. (#4826)
• Images built from the operator-sdk repository for the latest two minor version's latest patch version will now be rebuilt whenever a constituent base image has a new patch version published. For example, running docker pull quay.io/operator-framework/ansible-operator:v1.7.2 after a rebuild will result in a fully compatible, patched image. (#4917)
• (go/v3) Upgraded Go version to 1.16. (#4927)

Bug Fixes

• Bumped operator-framework/api to v0.8.1, which properly defaults a CRD conversion's service port to 443. (#4903)
• Detect and report ansible-runner binary failures early and prevent symliking to artifacts. (#4944)
• For Helm-based operators, fixed a bug where deployed and candidate release comparison was always false when an RNG was used to derive some manifest value, resulting in the chart release constantly upgrading. (#4937)
• Bumped operator-lib to v0.4.1 for several bugfixes in ansible-operator and helm-operator binaries. (#4888)
• Pinned pip3 to 21.1 in the ansible-operator image to fix https://github.com/pypa/pip/pull/9827. (#4877)
• Pinned base images of ansible-operator to ubi:8.3-297.1618432833, and helm-operator and scorecard to ubi-minimal:8.3-298.1618432845. (#4873)

v1.6.4

Bug Fixes

• For Ansible-based operators, fixed a bug that prevented owner reference annotations from being added to cluster-scoped and multi-namespace resources, which had to be applied manually to correctly reconcile them. (#4858)
• Format ansible-operator and helm-operator run command logs correctly. (#4845)
• Pinned pip3 to 21.1 in the ansible-operator image to fix https://github.com/pypa/pip/pull/9827. (#4879)
• Pinned base images of ansible-operator to ubi:8.3-297.1618432833, and helm-operator and scorecard to ubi-minimal:8.3-298.1618432845. (#4876)

v1.7.2

Bug Fixes

• Bumped operator-lib to v0.4.1 for several bugfixes in ansible-operator and helm-operator binaries. (#4889)
• Pinned pip3 to 21.1 in the ansible-operator image to fix https://github.com/pypa/pip/pull/9827. (#4878)
• Pinned base images of ansible-operator to ubi:8.3-297.1618432833, and helm-operator and scorecard to ubi-minimal:8.3-298.1618432845. (#4875)

v1.7.1

Additions

• Added operator-sdk pkgman-to-bundle command to support migration of packagemanifests to bundle format. Refer https://github.com/operator-framework/enhancements/blob/master/enhancements/sdk-migrate-bundle.md for more details. (#4718)
• For Ansible-based operators, added log messages for each event that is received. This will make debugging excessive reconciliations much more straightforward. (#4779)
• Added new optional flag --optional-values to the command operator-sdk bundle validate. This option allows to inform a list of key and values to the validators. (e.g. operator-sdk bundle validate ./bundle --optional-values=k8s-version=1.22 --select-optional suite=operatorframework). (#4693)

Changes

• (go/v3, ansible/v1, helm/v1) Bumped controller-runtime to v0.8.3 (kubernetes 1.20). (#4863)

Deprecations

• Deprecated operator-sdk generate packagemanifests and operator-sdk run packagemanifests commands, packagemanifests support in general in favour of operator bundles. (#4838)

Bug Fixes

• For Ansible- and Helm-based operators, added the --config flag, which was mistakenly not added to either ansible-/helm-operator binary when file support was originally added. (#4776)
• Format ansible-operator and helm-operator run command logs correctly. (#4844)
• (go/v3, ansible/v1, helm/v1) Moved leases.coordination.k8s.io to its own proxy-role rule. (#4835)
• (go/v3) Set the Makefile's SHELL variable to the system's bash binary with shell opts. (#4835)
• The generate kustomize manifests command no longer adds non-served CRD versions to a CSV's .spec.customresourcedefinitions.owned. (#4842)
• For Anible-based operators, fixed a bug that prevented owner reference annotations from being added to cluster-scoped and multi-namespace resources, which had to be applied manually to correctly reconcile them. (#4850)

v1.6.2

Note
This is a security release, wherein base images have been patched. It is recommended that you bump your project’s base image from a previous v1.6 patch tag to v1.6.2.

Bug Fixes

• For Ansible- and Helm-based operators, add the --config flag, which was mistakenly not added to either ansible-/helm-operator binary when file support was originally added. (#4780)

v1.5.2

No changes for this release!

Note
This is a security release, wherein base images have been patched. It is recommended that you bump your project’s base image from a previous v1.5 patch tag to v1.5.2.

v1.6.1

Additions

• For Golang-based operators, added the declarative.go/v1 plugin which customizes initialized projects with patterns from kubernetes-sigs/kubebuilder-declarative-pattern. (e.g operator-sdk create api --plugins=go/v3,declarative). (#4731)
• Added kustomize.common/v1 plugin which scaffolds the a commonly used project base that leverages kustomize. (#4730)
• (ansible/v1, helm/v1) Added the option to configure ansible-operator and helm-operator with a component config. (#4701)
• (ansible/v1, helm/v1) Add rules for leader election. (#4701)
• Added alpha config-gen, a kustomize plugin to specialize configuration for kubebuilder-style projects. This feature is alpha and subject to breaking changes. (#4670)
• (helm/v1, ansible/v1) Added Makefile help target. (#4660)
• (ansible/v1, helm/v1) Added securityContext's to the manager's Deployment to disallow running as root user. (#4655)
• Added --ca-secret-name to run bundle and run bundle-upgrade to configure the registry Pod with an in-cluster certificate Secret to use TLS with a private registry. (#4703)
• For Helm based-operators, added annotation helm.sdk.operatorframework.io/uninstall-wait: "true" to allow all resources to be deleted before removing the custom resource's finalizer. (#4487)
• (go/v2, go/v3, ansible/v1, helm/v1) Added the opm and catalog-build Makefile targets to download opm and build operator catalogs either from scratch or an existing catalog. (#4406)
• Added new optional flags --delete-all, --delete-crds and --delete-operator-groups to the cleanup command. (#4619)
• Added --service-account to run bundle and run bundle-upgrade to bind registry objects to a non-default service account. (#4694)
• Added --pull-secret-name to run bundle and run bundle-upgrade to configure the registry Pod with an in-cluster docker config Secret to pull bundle images from private registries. (#4694)
• (ansible/v1, helm/v1) Create and bind controller-manager to a non-default service account (kubebuilder#2070). (#4653)

Changes

• For Ansible-based Operators: Update Python dependencies.
  • openshift (0.11.2 -> 0.12.0)
  • kubernetes (11.0.0 -> 12.0.1)
  • ansible-runner (1.4.6 -> 1.4.7)
  • ansible (2.9.15 -> 2.9.19). (#4734)
• (ansible/v1) Update scaffolded requirements.yml to pull in newer versions of the Ansible collections.
  • community.kubernetes (1.1.1 -> 1.2.1)
  • operator_sdk.util (0.1.0 -> 0.2.0). (#4734)
• (helm/v1) Explicitly set --health-probe-bind-address in the manager's auth proxy patch. (#4654)
• (ansible/v1) Explicitly set --health-probe-bind-address in the manager's auth proxy patch. (#4654)
• (go/v2, go/v3, ansible/v1, helm/v1) Changed BUNDLE_IMG and added IMAGE_TAG_BASE Makefile variables to allow one line bundle and catalog image builds. (#4406)
• For Ansible-based operators, collections as main dependencies for the operator installed with ansible-galaxy are pinned to specific versions to prevent hard to track bugs. (#4529)
• Update community Kubernetes Ansible collection to version 1.1.1. (#4594)
• Bumped urllib3 in ansible-operator-base and ansible-operator images to 1.26.4 for a security fix. (#4723)
• For Ansible-based operators, Python package installation in the Docker image is delegated to a pipenv managed Pipfile and Pipfile.lock, pinning both the main installed packages and their subdependencies. This prevents installing conflicting (sub)dependencies. (#4543)
• For Ansible-based operators, Python package installation in the Docker image is delegated to a pipenv managed Pipfile and Pipfile.lock, pinning both the main installed packages and their subdependencies. This prevents installing conflicting (sub)dependencies. (#4543)

Deprecations

• (ansible/v1, helm/v1) The flags --enable-leader-election and --metrics-addr were deprecated in favor of --leader-elect and --metrics-bind-address, respectively, to follow upstream conventions. (#4654)

Bug Fixes

• (go/v3) Create webhook manifests in config/ on running create webhook, not init. (#4701)
• (manifests/v2) Added a config/manifests kustomize patch to remove the cert-manager volume and volumeMount from manifests destined for generate <bundle|packagemanifests>. (#4623)
• For Helm-based operators, fixed handling of kind: List whereby the operator fails when trying to set watch on the object. Watches are created for objects in the list instead. (#4682)
• (go/v2, go/v3, ansible/v1, helm/v1) Fixed the Prometheus ServiceMonitor metrics endpoint, which was not configured to be scraped correctly. (#4680)
• In Ansible-based operators, mark the input variables from custom resources as unsafe by default. (#4566)

v1.5.1

Changes

• Bumped urllib3 in ansible-operator-base and ansible-operator images to 1.26.4 for a security fix. (#4724)

The quay.io/operator-framework/scorecard-test-kuttl image will now be released separately from other Operator SDK images due to its dependency on kuttl. These releases start at v2.0.0 and contain images tagged like:

quay.io/operator-framework/scorecard-test-kuttl:v2.0.0
quay.io/operator-framework/scorecard-test-kuttl:v2.0

Images tagged with master will still be pushed on a per-commit basis.

See #4557 and #4633 for discussion.

v1.5.0

This release contains a few big changes, one of which is the stabilization of project version 3-alpha to 3. In a sense this is a breaking change because 3-alpha no longer exists, however because the config version was alpha it technically is not. Regardless, the alpha config-3alpha-to-3 command was added to assist in upgrading. See the relevant migration guide section for more information.

Additions

• Added support for markers for files with the yml extension. More info: kubernetes-sigs/kubebuilder#1907. (#4402)
• (go/v3) Added the --force option to the create webhook command. More info: kubernetes-sigs/kubebuilder#1903. (#4402)
• (go/v3) Added ErrorIfCRDPathMissing config by default to controller's suite_tests.go. More info: kubernetes-sigs/kubebuilder#1910. (#4402)
• For Ansible-based operators, allow passing a --graceful-shutdown-timeout to configure the duration the manager should wait before stopping. (#4571)
• (go/v3) Create and bind to a non-default service account (kubernetes-sigs/kubebuilder#2070). (#4626)

Changes

• Breaking change: PROJECT config version 3-alpha has been upgraded to version 3. (#4613)
• (go/v3) Upgraded the sigs.k8s.io/kubebuilder-declarative-pattern dependency used by create api --pattern=addon. More info: kubernetes-sigs/kubebuilder#1946. (#4402)
• (go/v2, go/v3) Added Makefile help. (#4402)
• (go/v3) Changed the manager pod template's security context runAsUser: 65532 to runAsNonRoot: true. More info: kubernetes-sigs/kubebuilder#1978. (#4402)
• Improved generate bundle and generate packagemanifests handling and help text for use outside of a project. (#4514)
• (go/v3) Pinned controller-runtime to v0.7.2. (#4626)
• For Ansible-based operators, change the level of the proxy skipping cache logs to debug level. (#4511)

Bug Fixes

• For Go-based operators, fixed create api --force such that it actually overwrites all files. More info: kubernetes-sigs/kubebuilder#1903. (#4402)
• Upgraded the gcr.io/kubebuilder/kube-rbac-proxy image version from 0.5.0 to 0.8.0 to support rootless run mode. More info kubernetes-sigs/kubebuilder#1955. (#4402)
• (go/v3) Correctly named health/readiness endpoints as healthz and readyz, respectively. More info kubernetes-sigs/kubebuilder#1910. (#4402)
• (go/v3) Tolerate . directories when checking if dir is empty in init. More info: kubernetes-sigs/kubebuilder#1944. (#4402)
• Properly consider all Go files when generating a CSV's spec.customresourcedefinitions.owned. (#4507)
• Fixed samples kustomization.yaml generation on operator-sdk init --plugins=helm --helm-chart=<chart>, caused by out-of-order operations in plugin code. (#4584)
• Skip CSV definitions parsing in generate kustomize manifests if the APIs dir does not exist, as projects may use only required APIs. (#4624)
• Bump cryptography dependency in ansible-operator to 3.3.2. This will fix a potential security bug related to update() calls. Ref: https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst#332---2021-02-07. (#4539)
• Fixed ambiguous --input-dir and --deploy-dir flag semantics for generate bundle. (#4514)
• (ansible/v1, helm/v1) Upgraded the gcr.io/kubebuilder/kube-rbac-proxy image version from 0.5.0 to 0.8.0 to support rootless run mode. (#4498)
• For Ansible/Helm-based operators, fix swapped readinessProbe/livenessProbe in manager. (#4546)