From d5cc16b9818671fc3e23f94037d257cb2f6d6675 Mon Sep 17 00:00:00 2001 From: Adam Cornett Date: Fri, 10 Jan 2025 13:25:57 -0700 Subject: [PATCH] Release v1.39.0 (#6890) Signed-off-by: Adam D. Cornett --- Makefile | 2 +- .../01-document-k8s-1-31-changes.yaml | 164 ------------------ changelog/generated/v1.39.0.md | 5 + .../bundle/tests/scorecard/config.yaml | 12 +- .../scorecard/patches/basic.config.yaml | 2 +- .../config/scorecard/patches/olm.config.yaml | 10 +- .../bundle/tests/scorecard/config.yaml | 12 +- .../scorecard/patches/basic.config.yaml | 2 +- .../config/scorecard/patches/olm.config.yaml | 10 +- testdata/helm/memcached-operator/Dockerfile | 2 +- testdata/helm/memcached-operator/Makefile | 2 +- .../bundle/tests/scorecard/config.yaml | 12 +- .../scorecard/patches/basic.config.yaml | 2 +- .../config/scorecard/patches/olm.config.yaml | 10 +- website/config.toml | 14 +- .../content/en/docs/installation/_index.md | 2 +- .../en/docs/upgrading-sdk-version/v1.39.0.md | 138 +++++++++++++++ 17 files changed, 193 insertions(+), 208 deletions(-) delete mode 100644 changelog/fragments/01-document-k8s-1-31-changes.yaml create mode 100644 changelog/generated/v1.39.0.md create mode 100644 website/content/en/docs/upgrading-sdk-version/v1.39.0.md diff --git a/Makefile b/Makefile index e8660b432d4..53f7df601f7 100644 --- a/Makefile +++ b/Makefile @@ -4,7 +4,7 @@ SHELL = /bin/bash # This value must be updated to the release tag of the most recent release, a change that must # occur in the release commit. IMAGE_VERSION will be removed once each subproject that uses this # version is moved to a separate repo and release process. -export IMAGE_VERSION = v1.38.0 +export IMAGE_VERSION = v1.39.0 # Build-time variables to inject into binaries export SIMPLE_VERSION = $(shell (test "$(shell git describe --tags)" = "$(shell git describe --tags --abbrev=0)" && echo $(shell git describe --tags)) || echo $(shell git describe --tags --abbrev=0)+git) export GIT_VERSION = $(shell git describe --dirty --tags --always) diff --git a/changelog/fragments/01-document-k8s-1-31-changes.yaml b/changelog/fragments/01-document-k8s-1-31-changes.yaml deleted file mode 100644 index 1415f08e9f5..00000000000 --- a/changelog/fragments/01-document-k8s-1-31-changes.yaml +++ /dev/null @@ -1,164 +0,0 @@ -# entries is a list of entries to include in -# release notes and/or the migration guide -entries: - - description: > - For Go-based, Helm-based and Ansible-based operators this release moves to Kubernetes 1.31 API's and Kubebuilder - v4 Scaffolding, specifically utilizing the v4.2.0 version. The update to Kubebuiler results in some scaffolding - changes which more information can be found below: - - Add support to protect project with [network policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) ([#3853](https://github.com/kubernetes-sigs/kubebuilder/pull/3853)) - - # kind is one of: - # - addition - # - change - # - deprecation - # - removal - # - bugfix - kind: "change" - - # Is this a breaking change? - breaking: false - - # NOTE: ONLY USE `pull_request_override` WHEN ADDING THIS - # FILE FOR A PREVIOUSLY MERGED PULL_REQUEST! - # - # The generator auto-detects the PR number from the commit - # message in which this file was originally added. - # - # What is the pull request number (without the "#")? - # pull_request_override: 0 - - - # Migration can be defined to automatically add a section to - # the migration guide. This is required for breaking changes. - migration: - header: Upgrade K8s versions to use 1.31 and Kubebuilder network-policy scaffolding - body: | - This release contains a decent amount of migrations, but not nearly as many as the [previous versions migrations](https://sdk.operatorframework.io/docs/upgrading-sdk-version/v1.38.0/) - so this release should be easier to follow. - - 1) [helm/v1, ansible/v1] Update the kustomize version in your Makefile - ```diff - - curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v5.3.2/kustomize_v5.3.0_$(OS)_$(ARCH).tar.gz | \ - + curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v5.4.3/kustomize_v5.4.2_$(OS)_$(ARCH).tar.gz | \ - ``` - - 2) [go/v4] Update your `go.mod` file to upgrade the dependencies and run `go mod tidy` to download them - ```go - github.com/onsi/ginkgo/v2 v2.17.1 - github.com/onsi/gomega v1.32.0 - k8s.io/api v0.30.1 - k8s.io/apimachinery v0.30.1 - k8s.io/client-go v0.30.1 - sigs.k8s.io/controller-runtime v0.18.4 - github.com/onsi/ginkgo/v2 v2.19.0 - github.com/onsi/gomega v1.33.1 - k8s.io/api v0.31.0 - k8s.io/apimachinery v0.31.0 - k8s.io/client-go v0.31.0 - sigs.k8s.io/controller-runtime v0.19.0 - ``` - - 3) [go/v4] Update your `Makefile` with the below changes: - ```diff - - ENVTEST_K8S_VERSION = 1.30.0 - + ENVTEST_K8S_VERSION = 1.31.0 - ``` - - ```diff - - KUSTOMIZE_VERSION ?= v5.4.2 - - CONTROLLER_TOOLS_VERSION ?= v0.15.0 - - ENVTEST_VERSION ?= release-0.18 - + KUSTOMIZE_VERSION ?= v5.4.3 - + CONTROLLER_TOOLS_VERSION ?= v0.16.1 - + ENVTEST_VERSION ?= release-0.19 - ``` - - 4) [go/v4] Update your `main.go` file with the below changes: - ```diff - - // - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.18.4/pkg/metrics/server - + // - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.19.0/pkg/metrics/server - - - // https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.18.4/pkg/metrics/filters#WithAuthenticationAndAuthorization - + // https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.19.0/pkg/metrics/filters#WithAuthenticationAndAuthorization - ``` - - 5) [go/v4, helm/v1, ansible/v1] Update your `/config/default/kustomization.yaml` file with the below changes: - ```diff - +# [NETWORK POLICY] Protect the /metrics endpoint and Webhook Server with NetworkPolicy. - +# Only Pod(s) running a namespace labeled with 'metrics: enabled' will be able to gather the metrics. - +# Only CR(s) which requires webhooks and are applied on namespaces labeled with 'webhooks: enabled' will - +# be able to communicate with the Webhook Server. - +#- ../network-policy - ``` - - 6) [go/v4, helm/v1, ansible/v1] Add `/config/network-policy/allow-metrics-traffic.yaml` - ```diff - + # This NetworkPolicy allows ingress traffic - + # with Pods running on namespaces labeled with 'metrics: enabled'. Only Pods on those - + # namespaces are able to gathering data from the metrics endpoint. - + apiVersion: networking.k8s.io/v1 - + kind: NetworkPolicy - + metadata: - + labels: - + app.kubernetes.io/name: memcached-operator - + app.kubernetes.io/managed-by: kustomize - + name: allow-metrics-traffic - + namespace: system - + spec: - + podSelector: - + matchLabels: - + control-plane: controller-manager - + policyTypes: - + - Ingress - + ingress: - + # This allows ingress traffic from any namespace with the label metrics: enabled - + - from: - + - namespaceSelector: - + matchLabels: - + metrics: enabled # Only from namespaces with this label - + ports: - + - port: 8443 - + protocol: TCP - ``` - - 7) [helm/v1, ansible/v1] Add `/config/network-policy/kustomization.yaml` - ```diff - + resources: - + - allow-metrics-traffic.yaml - - 8) [go/v4] Add `/config/network-policy/allow-webhook-traffic.yaml` - ```diff - + # This NetworkPolicy allows ingress traffic to your webhook server running - + # as part of the controller-manager from specific namespaces and pods. CR(s) which uses webhooks - + # will only work when applied in namespaces labeled with 'webhook: enabled' - + apiVersion: networking.k8s.io/v1 - + kind: NetworkPolicy - + metadata: - + labels: - + app.kubernetes.io/name: memcached-operator - + app.kubernetes.io/managed-by: kustomize - + name: allow-webhook-traffic - + namespace: system - + spec: - + podSelector: - + matchLabels: - + control-plane: controller-manager - + policyTypes: - + - Ingress - + ingress: - + # This allows ingress traffic from any namespace with the label webhook: enabled - + - from: - + - namespaceSelector: - + matchLabels: - + webhook: enabled # Only from namespaces with this label - + ports: - + - port: 443 - + protocol: TCP - ``` - - 9) [go/v4] Add `/config/network-policy/kustomization.yaml` - ```diff - + resources: - + - allow-webhook-traffic.yaml - + - allow-metrics-traffic.yaml - ``` diff --git a/changelog/generated/v1.39.0.md b/changelog/generated/v1.39.0.md new file mode 100644 index 00000000000..31775a9ac3c --- /dev/null +++ b/changelog/generated/v1.39.0.md @@ -0,0 +1,5 @@ +## v1.39.0 + +### Changes + +- For Go-based, Helm-based and Ansible-based operators this release moves to Kubernetes 1.31 API's and Kubebuilder v4 Scaffolding, specifically utilizing the v4.2.0 version. The update to Kubebuiler results in some scaffolding changes which more information can be found below: - Add support to protect project with [network policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) ([#3853](https://github.com/kubernetes-sigs/kubebuilder/pull/3853)). ([#6878](https://github.com/operator-framework/operator-sdk/pull/6878)) diff --git a/testdata/go/v4/memcached-operator/bundle/tests/scorecard/config.yaml b/testdata/go/v4/memcached-operator/bundle/tests/scorecard/config.yaml index ea6b807940d..61d8b7e19ac 100644 --- a/testdata/go/v4/memcached-operator/bundle/tests/scorecard/config.yaml +++ b/testdata/go/v4/memcached-operator/bundle/tests/scorecard/config.yaml @@ -8,7 +8,7 @@ stages: - entrypoint: - scorecard-test - basic-check-spec - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: basic test: basic-check-spec-test @@ -18,7 +18,7 @@ stages: - entrypoint: - scorecard-test - olm-bundle-validation - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-bundle-validation-test @@ -28,7 +28,7 @@ stages: - entrypoint: - scorecard-test - olm-crds-have-validation - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-crds-have-validation-test @@ -38,7 +38,7 @@ stages: - entrypoint: - scorecard-test - olm-crds-have-resources - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-crds-have-resources-test @@ -48,7 +48,7 @@ stages: - entrypoint: - scorecard-test - olm-spec-descriptors - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-spec-descriptors-test @@ -58,7 +58,7 @@ stages: - entrypoint: - scorecard-test - olm-status-descriptors - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-status-descriptors-test diff --git a/testdata/go/v4/memcached-operator/config/scorecard/patches/basic.config.yaml b/testdata/go/v4/memcached-operator/config/scorecard/patches/basic.config.yaml index 84683cf8d7b..b89ce3bf90c 100644 --- a/testdata/go/v4/memcached-operator/config/scorecard/patches/basic.config.yaml +++ b/testdata/go/v4/memcached-operator/config/scorecard/patches/basic.config.yaml @@ -4,7 +4,7 @@ entrypoint: - scorecard-test - basic-check-spec - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: basic test: basic-check-spec-test diff --git a/testdata/go/v4/memcached-operator/config/scorecard/patches/olm.config.yaml b/testdata/go/v4/memcached-operator/config/scorecard/patches/olm.config.yaml index 43f40a8b3f1..7eff5c9099f 100644 --- a/testdata/go/v4/memcached-operator/config/scorecard/patches/olm.config.yaml +++ b/testdata/go/v4/memcached-operator/config/scorecard/patches/olm.config.yaml @@ -4,7 +4,7 @@ entrypoint: - scorecard-test - olm-bundle-validation - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-bundle-validation-test @@ -14,7 +14,7 @@ entrypoint: - scorecard-test - olm-crds-have-validation - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-crds-have-validation-test @@ -24,7 +24,7 @@ entrypoint: - scorecard-test - olm-crds-have-resources - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-crds-have-resources-test @@ -34,7 +34,7 @@ entrypoint: - scorecard-test - olm-spec-descriptors - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-spec-descriptors-test @@ -44,7 +44,7 @@ entrypoint: - scorecard-test - olm-status-descriptors - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-status-descriptors-test diff --git a/testdata/go/v4/monitoring/memcached-operator/bundle/tests/scorecard/config.yaml b/testdata/go/v4/monitoring/memcached-operator/bundle/tests/scorecard/config.yaml index ea6b807940d..61d8b7e19ac 100644 --- a/testdata/go/v4/monitoring/memcached-operator/bundle/tests/scorecard/config.yaml +++ b/testdata/go/v4/monitoring/memcached-operator/bundle/tests/scorecard/config.yaml @@ -8,7 +8,7 @@ stages: - entrypoint: - scorecard-test - basic-check-spec - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: basic test: basic-check-spec-test @@ -18,7 +18,7 @@ stages: - entrypoint: - scorecard-test - olm-bundle-validation - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-bundle-validation-test @@ -28,7 +28,7 @@ stages: - entrypoint: - scorecard-test - olm-crds-have-validation - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-crds-have-validation-test @@ -38,7 +38,7 @@ stages: - entrypoint: - scorecard-test - olm-crds-have-resources - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-crds-have-resources-test @@ -48,7 +48,7 @@ stages: - entrypoint: - scorecard-test - olm-spec-descriptors - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-spec-descriptors-test @@ -58,7 +58,7 @@ stages: - entrypoint: - scorecard-test - olm-status-descriptors - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-status-descriptors-test diff --git a/testdata/go/v4/monitoring/memcached-operator/config/scorecard/patches/basic.config.yaml b/testdata/go/v4/monitoring/memcached-operator/config/scorecard/patches/basic.config.yaml index 84683cf8d7b..b89ce3bf90c 100644 --- a/testdata/go/v4/monitoring/memcached-operator/config/scorecard/patches/basic.config.yaml +++ b/testdata/go/v4/monitoring/memcached-operator/config/scorecard/patches/basic.config.yaml @@ -4,7 +4,7 @@ entrypoint: - scorecard-test - basic-check-spec - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: basic test: basic-check-spec-test diff --git a/testdata/go/v4/monitoring/memcached-operator/config/scorecard/patches/olm.config.yaml b/testdata/go/v4/monitoring/memcached-operator/config/scorecard/patches/olm.config.yaml index 43f40a8b3f1..7eff5c9099f 100644 --- a/testdata/go/v4/monitoring/memcached-operator/config/scorecard/patches/olm.config.yaml +++ b/testdata/go/v4/monitoring/memcached-operator/config/scorecard/patches/olm.config.yaml @@ -4,7 +4,7 @@ entrypoint: - scorecard-test - olm-bundle-validation - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-bundle-validation-test @@ -14,7 +14,7 @@ entrypoint: - scorecard-test - olm-crds-have-validation - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-crds-have-validation-test @@ -24,7 +24,7 @@ entrypoint: - scorecard-test - olm-crds-have-resources - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-crds-have-resources-test @@ -34,7 +34,7 @@ entrypoint: - scorecard-test - olm-spec-descriptors - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-spec-descriptors-test @@ -44,7 +44,7 @@ entrypoint: - scorecard-test - olm-status-descriptors - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-status-descriptors-test diff --git a/testdata/helm/memcached-operator/Dockerfile b/testdata/helm/memcached-operator/Dockerfile index ec384f7b47c..65278d396b0 100644 --- a/testdata/helm/memcached-operator/Dockerfile +++ b/testdata/helm/memcached-operator/Dockerfile @@ -1,5 +1,5 @@ # Build the manager binary -FROM quay.io/operator-framework/helm-operator:v1.38.0 +FROM quay.io/operator-framework/helm-operator:v1.39.0 ENV HOME=/opt/helm COPY watches.yaml ${HOME}/watches.yaml diff --git a/testdata/helm/memcached-operator/Makefile b/testdata/helm/memcached-operator/Makefile index c68d5708058..b37bc566a1d 100644 --- a/testdata/helm/memcached-operator/Makefile +++ b/testdata/helm/memcached-operator/Makefile @@ -147,7 +147,7 @@ ifeq (,$(shell which helm-operator 2>/dev/null)) @{ \ set -e ;\ mkdir -p $(dir $(HELM_OPERATOR)) ;\ - curl -sSLo $(HELM_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.38.0/helm-operator_$(OS)_$(ARCH) ;\ + curl -sSLo $(HELM_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.39.0/helm-operator_$(OS)_$(ARCH) ;\ chmod +x $(HELM_OPERATOR) ;\ } else diff --git a/testdata/helm/memcached-operator/bundle/tests/scorecard/config.yaml b/testdata/helm/memcached-operator/bundle/tests/scorecard/config.yaml index ea6b807940d..61d8b7e19ac 100644 --- a/testdata/helm/memcached-operator/bundle/tests/scorecard/config.yaml +++ b/testdata/helm/memcached-operator/bundle/tests/scorecard/config.yaml @@ -8,7 +8,7 @@ stages: - entrypoint: - scorecard-test - basic-check-spec - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: basic test: basic-check-spec-test @@ -18,7 +18,7 @@ stages: - entrypoint: - scorecard-test - olm-bundle-validation - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-bundle-validation-test @@ -28,7 +28,7 @@ stages: - entrypoint: - scorecard-test - olm-crds-have-validation - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-crds-have-validation-test @@ -38,7 +38,7 @@ stages: - entrypoint: - scorecard-test - olm-crds-have-resources - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-crds-have-resources-test @@ -48,7 +48,7 @@ stages: - entrypoint: - scorecard-test - olm-spec-descriptors - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-spec-descriptors-test @@ -58,7 +58,7 @@ stages: - entrypoint: - scorecard-test - olm-status-descriptors - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-status-descriptors-test diff --git a/testdata/helm/memcached-operator/config/scorecard/patches/basic.config.yaml b/testdata/helm/memcached-operator/config/scorecard/patches/basic.config.yaml index 84683cf8d7b..b89ce3bf90c 100644 --- a/testdata/helm/memcached-operator/config/scorecard/patches/basic.config.yaml +++ b/testdata/helm/memcached-operator/config/scorecard/patches/basic.config.yaml @@ -4,7 +4,7 @@ entrypoint: - scorecard-test - basic-check-spec - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: basic test: basic-check-spec-test diff --git a/testdata/helm/memcached-operator/config/scorecard/patches/olm.config.yaml b/testdata/helm/memcached-operator/config/scorecard/patches/olm.config.yaml index 43f40a8b3f1..7eff5c9099f 100644 --- a/testdata/helm/memcached-operator/config/scorecard/patches/olm.config.yaml +++ b/testdata/helm/memcached-operator/config/scorecard/patches/olm.config.yaml @@ -4,7 +4,7 @@ entrypoint: - scorecard-test - olm-bundle-validation - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-bundle-validation-test @@ -14,7 +14,7 @@ entrypoint: - scorecard-test - olm-crds-have-validation - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-crds-have-validation-test @@ -24,7 +24,7 @@ entrypoint: - scorecard-test - olm-crds-have-resources - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-crds-have-resources-test @@ -34,7 +34,7 @@ entrypoint: - scorecard-test - olm-spec-descriptors - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-spec-descriptors-test @@ -44,7 +44,7 @@ entrypoint: - scorecard-test - olm-status-descriptors - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.0 labels: suite: olm test: olm-status-descriptors-test diff --git a/website/config.toml b/website/config.toml index a7c7d1f71ef..24a81f24496 100644 --- a/website/config.toml +++ b/website/config.toml @@ -93,20 +93,26 @@ url_latest_version = "https://sdk.operatorframework.io" version = "master" url = "https://master.sdk.operatorframework.io" ##LATEST_RELEASE_KUBE_VERSION## - kube_version = "1.30.0" + kube_version = "1.31.0" ##LATEST_RELEASE_CLIENT_GO_VERSION## - client_go_version = "v0.30.5" + client_go_version = "v0.31.4" [[params.versions]] version = "Latest Release" url = "https://sdk.operatorframework.io" ##LATEST_RELEASE_KUBE_VERSION## - kube_version = "1.30.0" + kube_version = "1.31.0" ##LATEST_RELEASE_CLIENT_GO_VERSION## - client_go_version = "v0.30.5" + client_go_version = "v0.31.4" ##RELEASE_ADDME## +[[params.versions]] + version = "v1.39" + url = "https://v1-39-x.sdk.operatorframework.io" + kube_version = "1.31.0" + client_go_version = "v0.31.4" + [[params.versions]] version = "v1.38" url = "https://v1-38-x.sdk.operatorframework.io" diff --git a/website/content/en/docs/installation/_index.md b/website/content/en/docs/installation/_index.md index b9af6f7f4ef..06442bb0561 100644 --- a/website/content/en/docs/installation/_index.md +++ b/website/content/en/docs/installation/_index.md @@ -36,7 +36,7 @@ export OS=$(uname | awk '{print tolower($0)}') Download the binary for your platform: ```sh -export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/v1.38.0 +export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/v1.39.0 curl -LO ${OPERATOR_SDK_DL_URL}/operator-sdk_${OS}_${ARCH} ``` diff --git a/website/content/en/docs/upgrading-sdk-version/v1.39.0.md b/website/content/en/docs/upgrading-sdk-version/v1.39.0.md new file mode 100644 index 00000000000..1b0f80a4bb9 --- /dev/null +++ b/website/content/en/docs/upgrading-sdk-version/v1.39.0.md @@ -0,0 +1,138 @@ +--- +title: v1.39.0 +weight: 998961000 +--- + +## Upgrade K8s versions to use 1.31 and Kubebuilder network-policy scaffolding + +This release contains a decent amount of migrations, but not nearly as many as the [previous versions migrations](https://sdk.operatorframework.io/docs/upgrading-sdk-version/v1.38.0/) +so this release should be easier to follow. + +1) [helm/v1, ansible/v1] Update the kustomize version in your Makefile + ```diff + - curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v5.3.2/kustomize_v5.3.0_$(OS)_$(ARCH).tar.gz | \ + + curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v5.4.3/kustomize_v5.4.2_$(OS)_$(ARCH).tar.gz | \ + ``` + +2) [go/v4] Update your `go.mod` file to upgrade the dependencies and run `go mod tidy` to download them + ```go + github.com/onsi/ginkgo/v2 v2.17.1 + github.com/onsi/gomega v1.32.0 + k8s.io/api v0.30.1 + k8s.io/apimachinery v0.30.1 + k8s.io/client-go v0.30.1 + sigs.k8s.io/controller-runtime v0.18.4 + github.com/onsi/ginkgo/v2 v2.19.0 + github.com/onsi/gomega v1.33.1 + k8s.io/api v0.31.0 + k8s.io/apimachinery v0.31.0 + k8s.io/client-go v0.31.0 + sigs.k8s.io/controller-runtime v0.19.0 + ``` + +3) [go/v4] Update your `Makefile` with the below changes: + ```diff + - ENVTEST_K8S_VERSION = 1.30.0 + + ENVTEST_K8S_VERSION = 1.31.0 + ``` + + ```diff + - KUSTOMIZE_VERSION ?= v5.4.2 + - CONTROLLER_TOOLS_VERSION ?= v0.15.0 + - ENVTEST_VERSION ?= release-0.18 + + KUSTOMIZE_VERSION ?= v5.4.3 + + CONTROLLER_TOOLS_VERSION ?= v0.16.1 + + ENVTEST_VERSION ?= release-0.19 + ``` + +4) [go/v4] Update your `main.go` file with the below changes: + ```diff + - // - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.18.4/pkg/metrics/server + + // - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.19.0/pkg/metrics/server + + - // https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.18.4/pkg/metrics/filters#WithAuthenticationAndAuthorization + + // https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.19.0/pkg/metrics/filters#WithAuthenticationAndAuthorization + ``` + +5) [go/v4, helm/v1, ansible/v1] Update your `/config/default/kustomization.yaml` file with the below changes: + ```diff + +# [NETWORK POLICY] Protect the /metrics endpoint and Webhook Server with NetworkPolicy. + +# Only Pod(s) running a namespace labeled with 'metrics: enabled' will be able to gather the metrics. + +# Only CR(s) which requires webhooks and are applied on namespaces labeled with 'webhooks: enabled' will + +# be able to communicate with the Webhook Server. + +#- ../network-policy + ``` + +6) [go/v4, helm/v1, ansible/v1] Add `/config/network-policy/allow-metrics-traffic.yaml` + ```diff + + # This NetworkPolicy allows ingress traffic + + # with Pods running on namespaces labeled with 'metrics: enabled'. Only Pods on those + + # namespaces are able to gathering data from the metrics endpoint. + + apiVersion: networking.k8s.io/v1 + + kind: NetworkPolicy + + metadata: + + labels: + + app.kubernetes.io/name: memcached-operator + + app.kubernetes.io/managed-by: kustomize + + name: allow-metrics-traffic + + namespace: system + + spec: + + podSelector: + + matchLabels: + + control-plane: controller-manager + + policyTypes: + + - Ingress + + ingress: + + # This allows ingress traffic from any namespace with the label metrics: enabled + + - from: + + - namespaceSelector: + + matchLabels: + + metrics: enabled # Only from namespaces with this label + + ports: + + - port: 8443 + + protocol: TCP + ``` + +7) [helm/v1, ansible/v1] Add `/config/network-policy/kustomization.yaml` + ```diff + + resources: + + - allow-metrics-traffic.yaml + +8) [go/v4] Add `/config/network-policy/allow-webhook-traffic.yaml` + ```diff + + # This NetworkPolicy allows ingress traffic to your webhook server running + + # as part of the controller-manager from specific namespaces and pods. CR(s) which uses webhooks + + # will only work when applied in namespaces labeled with 'webhook: enabled' + + apiVersion: networking.k8s.io/v1 + + kind: NetworkPolicy + + metadata: + + labels: + + app.kubernetes.io/name: memcached-operator + + app.kubernetes.io/managed-by: kustomize + + name: allow-webhook-traffic + + namespace: system + + spec: + + podSelector: + + matchLabels: + + control-plane: controller-manager + + policyTypes: + + - Ingress + + ingress: + + # This allows ingress traffic from any namespace with the label webhook: enabled + + - from: + + - namespaceSelector: + + matchLabels: + + webhook: enabled # Only from namespaces with this label + + ports: + + - port: 443 + + protocol: TCP + ``` + +9) [go/v4] Add `/config/network-policy/kustomization.yaml` + ```diff + + resources: + + - allow-webhook-traffic.yaml + + - allow-metrics-traffic.yaml + ``` + +_See [#6878](https://github.com/operator-framework/operator-sdk/pull/6878) for more details._