operator-sdk

v1.37.0

Removals

• Breaking change: Remove the Quarkus plugin (java-operator-plugins integration). (#6824)
• Breaking change: (hybrid.helm/v1-alpha) Remove hybrid-helm v1-alpha support, due to low adoption, in favor of maintenance simplicity. (#6833)

v1.36.1

No changes for this release!

v1.36.0

Changes

• • Upgrade Kubernetes dependencies from 1.28 to 1.29. (#6736)

v1.35.0

Changes

• For Ansible-based operators, upgrade the version of the Ansible Operator Plugin used in operator-sdk to v1.34.2. (#6749)

Bug Fixes

• (helm/v1) Fix broken helm-operator role scaffolding which causes reconciler to hang due to lack of permissions. (#6769)

v1.34.2

No changes for this release!

v1.34.1

Bug Fixes

• (helm/v1) Fix an issue that multi-arch images cannot be built from the project Makefile. (#6661)

v1.34.0

Changes

• Bump supported Kubernetes version to 1.28. (https://github.com/operator-framework/operator-sdk/issues/6554)
• Bump go to 1.21 (https://github.com/operator-framework/operator-sdk/pull/6685)
• Updated the supported OLM versions to 0.25.0, 0.26.0, and 0.27.0 (https://github.com/operator-framework/operator-sdk/pull/6688)

Bug Fixes

• make install: fix a bug where the command would silently fail if GOBIN wasn't set. (https://github.com/operator-framework/operator-sdk/pull/6629)

v1.33.0

Changes

• Bump supported Kubernetes version to 1.27. (#6613)
• Breaking change: (go/v4-alpha): go/v4 is now stable and is the default version used when scaffolding a Go based operator. (#6613)
• Breaking change: (kustomize/v2-alpha): kustomize/v2 is now stable and is the default version used in the plugin chain when using go/v4, ansible/v1, helm/v1, and hybrid/v1-alpha plugins. (#6613)
• Updated the supported OLM versions to 0.24.0, 0.25.0, and 0.26.0. (#6613)

Deprecations

• (helm/v1): Deprecate the --config flag due to the controller-runtime ComponentConfig package being deprecated with the planned removal of support for loading manager options from a file. (#6613)

Bug Fixes

• operator-sdk olm install: fix a bug where the retry logic would not retry until the the command's timeout was reached, resulting in early exiting of the command before the specified timeout was reached. (#6613)

v1.32.0

Additions

• For Helm-based operators, whenever the operator encounters an error during reconcilliation, it would attempt to rollback the changes with the --force option. This behavior could have undesired side effects in some scenario.
  This change allows the users to change this behavior by adding the annotation, helm.sdk.operatorframework.io/rollback-force: false
  to the custom resource. (#6546)

Bug Fixes

• (helm): Use informer cache label selectors to reduce memory consumption. (#6377)
• (helm): Fix bug with detection of owner reference support when setting up dynamic watches. (#6377)

v1.31.0

Changes

• (ansible): Update the quay.io/operator-framework/ansible-operator base image to now use Ansible 2.15.0. Removes pre-installed Python modules that are not required to build and run the testdata/ansible/memcached-operator sample. Updates Python to 3.9 to work with Ansible 2.15.0. (#6483)
• (ansible/v1): Updates the ansible/v1 plugin scaffolding to: - Remove the community.kubernetes collection - Update the operator_sdk.util collection from v0.4.0 --> v0.5.0 - Update the molecule.yaml files to work with molecule v5.1.0. (#6483)
• (helm): Use informer to list helm secrets to improve performance. (#6354)
• Updated Reference from "to_be_owned.namespace" to "to_be_owned.metadata.namespace " in the ansible reference documentation. (#6409)

Removals

• (ansible): Remove the quay.io/operator-framework/ansible-operator-2.11-preview image. This image will no longer be built after Operator-SDK v1.30.0. (#6483)

Bug Fixes

• Fix a bug where olm install command is failed for "no-match" error.
  The output in this case is something like:
  $ operator-sdk olm install --verbose ... FATA[0001] Failed to install OLM version "latest": failed to create CRDs and resources: no matches for kind "OLMConfig" in version "operators.coreos.com/v1". Now, in this case, operator-sdk tries to create the resource again, until it succeeds (or until the timeout exceeded). (#6490)
• Fix a bug where run bundle command does not copy all FBC manifests into the new catalog image if custom index-image is passed. (#6512)
• markUnsafe now correctly marks as unsafe the all variables passed in spec. (#6376)

v1.30.0

Additions

• Add a Parameter to the Makefile to allow modifying the 'operator-sdk' binary before running any commands. If necessary, a specific version of the SDK can be downloaded for cases when the project has yet to upgrade to a later or latest version. (#6443)
• Currently, the operator SDK for the Ansible operator lacks options to customize the leader election resource lock behavior. This limits the flexibility of the operator and prevents users from adjusting lease duration and renew deadline according to their specific needs.
  Changes: Implemented enhancements to the operator SDK to include additional flags for configuring leader election resource lock options. These changes provide users with the ability to specify the type of resource object used for locking during leader election and customize the lease duration and renew deadline.
  Introduced --leader-elect-lease-duration flag to allow users to define the duration that non-leader candidates will wait to force acquire leadership. The default duration is set to 15 seconds.
  Introduced --leader-elect-renew-deadline flag, enabling users to set the renew deadline, which determines the duration that the acting control plane will retry refreshing leadership before giving up. The default duration is set to 10 seconds.
  Introduced --leader-elect-resource-lock flag to allow users to define the type of resource object that is used for locking during leader election. Supported options are 'leases', 'endpointsleases', and 'configmapsleases'. The default option is 'leases'.
  These changes provide more flexibility and control over leader election behavior, allowing operators to adapt to various deployment scenarios and specific requirements. (#6426)

Changes

• Currently, when setting overrideValues in your watches.yaml, every entry is logged with its key and its value. When working with confidential information such as credentials, logging those information would not be optimal nor desirable. Therefore, there should be a way to silence/suppress these values.
  This feature introduces the --suppress-override-values boolean-flag for the helm-operator. When set to true, the value of the overrideValues entry is sanitized with this value "****".
  This is a simple example of overrideValues of the watches.yaml ```yaml overrideValues:
  x: y

The default-value of `--suppress-override-values` is `false` so therefore we would get this warning logged: `Chart value x overridden to y by operator's watches.yaml`
When setting `--suppress-override-values` `true` the warning will be logged in the following manner: `Chart value x overridden to **** by operator's watches.yaml`. ([#6469](https://github.com/operator-framework/operator-sdk/pull/6469))
- (images): Bumps all Operator SDK maintained images to now use ubi(-minimal) tag 8.8. ([#6466](https://github.com/operator-framework/operator-sdk/pull/6466))

### Bug Fixes

- In `run bundle-upgrade`, hash the cache directory name to avoid error of too long file name. ([#6477](https://github.com/operator-framework/operator-sdk/pull/6477))

v1.29.0

Changes

• (scorecard): Update kuttl to v0.15.0 in the scorecard-test-kuttl image. (#6401)
• (ansible/v1): Bump the golang base image version in the ansible-operator Dockerfiles from 1.18 to 1.19. (#6398)
• (operator-sdk run bundle): Compress the bundle content, to avoid the configMap exceed max length error. The error will look like this:
  ... ConfigMap ... is invalid: []: Too long: must have at most 1048576 bytes.
  Fixes issue #6323. (#6408)

Bug Fixes

• (docs): Update the go version in the developer guide. The documentation wasn't updated when the go version was bumped to v1.19. (#6101)

v1.28.1

No changes for this release!

v1.28.0

Changes

• (ansible): Revert the cryptography package unpinning and repin to v3.3.2. (#6348)
• • Upgrade Kubernetes dependencies from 1.25 to 1.26. - Upgrade sigs.k8s.io/controller-tools from v0.10.0 to v0.11.3. More info: https://github.com/kubernetes-sigs/controller-tools/releases - Upgrade sigs.k8s.io/controller-runtime dependency from v0.13.0 to v0.14.5. More info: https://github.com/kubernetes-sigs/controller-runtime/releases - Upgrade k8s.io/client-go dependency from v0.25.3 to v0.26.2. - Upgrade controller-gen dependency from v0.10.0 to v0.11.1. - Upgrade kube-rbac-proxy from v0.13.0 to v0.13.1 - Modify gov4alpha plugin to use go/v4-alpha from Kubebuilder. (#6352)

Bug Fixes

• For ansible operators: fix a JSON parsing bug by updating the kubernetes.core collection to v2.4.0. (#6334)
• (scorecard): update default storage and untar images to images that run as non-root users by default. This ensures full compliance with restricted PSA guidelines when using --pod-security=restricted. (#6335)

v1.26.1

Changes

• operator-sdk run bundle(-upgrade): Change default of the --security-context-config flag to be legacy instead of restricted. (#6226)
• operator-sdk run bundle: When creating the CatalogSource, we now set the grpcPodConfig.SecurityContextConfig to the value of the --security-context-config flag. (#6226)

Bug Fixes

• operator-sdk bundle validate: Fix a bug in the Kubernetes 1.25 validation logic that would warn that a Kubernetes resource was deprecated without checking the group that contains the resource. (i.e if apps/deployments was deprecated and you used other/deployments you would recieve a warning)". The validation logic will now verify the group and resource before issuing a warning. (#6231)
• operator-sdk run bundle(-upgrade): Fix a bug where SQLite bundle images were failing to be run properly due to a change in the default channel that is used by run bundle(-upgrade) when creating a subscription. (#6226)
• operator-sdk run bundle(-upgrade): Update the logic used to set a Registry Pod's PSA configuration to fix a bug where a Pod's containers still had a restrictive SecurityContext even when setting --security-context-config=legacy. (#6226)

v1.27.0

Changes

• operator-sdk run bundle(-upgrade): Change default of the --security-context-config flag to be legacy instead of restricted. (#6210)
• operator-sdk run bundle: When creating the CatalogSource, we now set the grpcPodConfig.SecurityContextConfig to the value of the --security-context-config flag. (#6210)
• The scorecard-test-kuttl image always prints the kuttl logs in case there is an error processing the kuttl report. (#6225)

Bug Fixes

• operator-sdk bundle validate: Fix a bug in the Kubernetes 1.25 validation logic that would warn that a Kubernetes resource was deprecated without checking the group that contains the resource. (i.e if apps/deployments was deprecated and you used other/deployments you would recieve a warning)". The validation logic will now verify the group and resource before issuing a warning. (#6227)
• operator-sdk run bundle(-upgrade): Fix a bug where SQLite bundle images were failing to be run properly due to a change in the default channel that is used by run bundle(-upgrade) when creating a subscription. (#6210)
• operator-sdk run bundle(-upgrade): Update the logic used to set a Registry Pod's PSA configuration to fix a bug where a Pod's containers still had a restrictive SecurityContext even when setting --security-context-config=legacy. (#6210)
• For operator-sdk bundle validate: Fix a bug that would make the command exit with a 0 exit code even if there were validation failures. (#6274)
• (scorecard): Fixes a bug where an error would be thrown if a Custom Resource did not have a .spec field, which is a perfectly valid scenario. Instead of throwing an error scorecard will now issue a suggestion. (#6245)

v1.25.4

Changes

• operator-sdk run bundle(-upgrade): Change default of the --security-context-config flag to be legacy instead of restricted. (#6261)
• operator-sdk run bundle: When creating the CatalogSource, we now set the grpcPodConfig.SecurityContextConfig to the value of the --security-context-config flag. (#6261)

Bug Fixes

• operator-sdk bundle validate: Fix a bug in the Kubernetes 1.25 validation logic that would warn that a Kubernetes resource was deprecated without checking the group that contains the resource. (i.e if apps/deployments was deprecated and you used other/deployments you would recieve a warning)". The validation logic will now verify the group and resource before issuing a warning. (#6263)
• For operator-sdk run bundle(-upgrade): fix a bug in the logic that would attempt to create a ConfigMap that contained the entire contents of an FBC. Now if the FBC contents are to large to fit into a single ConfigMap, the FBC contents will be partitioned and split amongst multiple ConfigMap resources. (#6262)
• operator-sdk run bundle(-upgrade): Fix a bug where SQLite bundle images were failing to be run properly due to a change in the default channel that is used by run bundle(-upgrade) when creating a subscription. (#6261)
• operator-sdk run bundle(-upgrade): Update the logic used to set a Registry Pod's PSA configuration to fix a bug where a Pod's containers still had a restrictive SecurityContext even when setting --security-context-config=legacy. (#6261)
• (scorecard): Fixes a bug where an error would be thrown if a Custom Resource did not have a .spec field, which is a perfectly valid scenario. Instead of throwing an error scorecard will now issue a suggestion. (#6266)

v1.26.0

Additions

• For operator-sdk bundle validate: When checking for Kubernetes APIs deprecated in Kubernetes v1.25.0 the ClusterServiceVersion's CustomResourceDefinitions, ClusterPermissions, and Permissions are now validated to ensure no references to deprecated APIs are being made. (#6119)

Changes

• (images): Bumps all Operator SDK maintained images to now use ubi(-minimal) tag 8.7. (#6175)

Bug Fixes

• ansible: fixed "make run" so it finds local roles. (#6110)
• For operator-sdk run bundle(-upgrade): fix a bug in the logic that would attempt to create a ConfigMap that contained the entire contents of an FBC. Now if the FBC contents are to large to fit into a single ConfigMap, the FBC contents will be partitioned and split amongst multiple ConfigMap resources. (#6182)

v1.25.3

Bug Fixes

• For the ansible operator container images, update them to properly pull in the base image that uses UBI 8.7. (#6206)

v1.25.2

Changes

• (images): Bumps all Operator SDK maintained images to now use ubi(-minimal) tag 8.7. (#6177)