v1.30.0

v1.30.0

Additions

• Add a Parameter to the Makefile to allow modifying the 'operator-sdk' binary before running any commands. If necessary, a specific version of the SDK can be downloaded for cases when the project has yet to upgrade to a later or latest version. (#6443)
• Currently, the operator SDK for the Ansible operator lacks options to customize the leader election resource lock behavior. This limits the flexibility of the operator and prevents users from adjusting lease duration and renew deadline according to their specific needs.
  Changes: Implemented enhancements to the operator SDK to include additional flags for configuring leader election resource lock options. These changes provide users with the ability to specify the type of resource object used for locking during leader election and customize the lease duration and renew deadline.
  Introduced --leader-elect-lease-duration flag to allow users to define the duration that non-leader candidates will wait to force acquire leadership. The default duration is set to 15 seconds.
  Introduced --leader-elect-renew-deadline flag, enabling users to set the renew deadline, which determines the duration that the acting control plane will retry refreshing leadership before giving up. The default duration is set to 10 seconds.
  Introduced --leader-elect-resource-lock flag to allow users to define the type of resource object that is used for locking during leader election. Supported options are 'leases', 'endpointsleases', and 'configmapsleases'. The default option is 'leases'.
  These changes provide more flexibility and control over leader election behavior, allowing operators to adapt to various deployment scenarios and specific requirements. (#6426)

Changes

• Currently, when setting overrideValues in your watches.yaml, every entry is logged with its key and its value. When working with confidential information such as credentials, logging those information would not be optimal nor desirable. Therefore, there should be a way to silence/suppress these values.
  This feature introduces the --suppress-override-values boolean-flag for the helm-operator. When set to true, the value of the overrideValues entry is sanitized with this value "****".
  This is a simple example of overrideValues of the watches.yaml ```yaml overrideValues:
  x: y

The default-value of `--suppress-override-values` is `false` so therefore we would get this warning logged: `Chart value x overridden to y by operator's watches.yaml`
When setting `--suppress-override-values` `true` the warning will be logged in the following manner: `Chart value x overridden to **** by operator's watches.yaml`. ([#6469](https://github.com/operator-framework/operator-sdk/pull/6469))
- (images): Bumps all Operator SDK maintained images to now use ubi(-minimal) tag 8.8. ([#6466](https://github.com/operator-framework/operator-sdk/pull/6466))

### Bug Fixes

- In `run bundle-upgrade`, hash the cache directory name to avoid error of too long file name. ([#6477](https://github.com/operator-framework/operator-sdk/pull/6477))

v1.29.0

v1.29.0

Changes

• (scorecard): Update kuttl to v0.15.0 in the scorecard-test-kuttl image. (#6401)
• (ansible/v1): Bump the golang base image version in the ansible-operator Dockerfiles from 1.18 to 1.19. (#6398)
• (operator-sdk run bundle): Compress the bundle content, to avoid the configMap exceed max length error. The error will look like this:
  ... ConfigMap ... is invalid: []: Too long: must have at most 1048576 bytes.
  Fixes issue #6323. (#6408)

Bug Fixes

• (docs): Update the go version in the developer guide. The documentation wasn't updated when the go version was bumped to v1.19. (#6101)

v1.28.1

v1.28.1

No changes for this release!

v1.28.0

v1.28.0

Changes

• (ansible): Revert the cryptography package unpinning and repin to v3.3.2. (#6348)
• • Upgrade Kubernetes dependencies from 1.25 to 1.26. - Upgrade sigs.k8s.io/controller-tools from v0.10.0 to v0.11.3. More info: https://github.com/kubernetes-sigs/controller-tools/releases - Upgrade sigs.k8s.io/controller-runtime dependency from v0.13.0 to v0.14.5. More info: https://github.com/kubernetes-sigs/controller-runtime/releases - Upgrade k8s.io/client-go dependency from v0.25.3 to v0.26.2. - Upgrade controller-gen dependency from v0.10.0 to v0.11.1. - Upgrade kube-rbac-proxy from v0.13.0 to v0.13.1 - Modify gov4alpha plugin to use go/v4-alpha from Kubebuilder. (#6352)

Bug Fixes

• For ansible operators: fix a JSON parsing bug by updating the kubernetes.core collection to v2.4.0. (#6334)
• (scorecard): update default storage and untar images to images that run as non-root users by default. This ensures full compliance with restricted PSA guidelines when using --pod-security=restricted. (#6335)

v1.26.1

v1.26.1

Changes

• operator-sdk run bundle(-upgrade): Change default of the --security-context-config flag to be legacy instead of restricted. (#6226)
• operator-sdk run bundle: When creating the CatalogSource, we now set the grpcPodConfig.SecurityContextConfig to the value of the --security-context-config flag. (#6226)

Bug Fixes

• operator-sdk bundle validate: Fix a bug in the Kubernetes 1.25 validation logic that would warn that a Kubernetes resource was deprecated without checking the group that contains the resource. (i.e if apps/deployments was deprecated and you used other/deployments you would recieve a warning)". The validation logic will now verify the group and resource before issuing a warning. (#6231)
• operator-sdk run bundle(-upgrade): Fix a bug where SQLite bundle images were failing to be run properly due to a change in the default channel that is used by run bundle(-upgrade) when creating a subscription. (#6226)
• operator-sdk run bundle(-upgrade): Update the logic used to set a Registry Pod's PSA configuration to fix a bug where a Pod's containers still had a restrictive SecurityContext even when setting --security-context-config=legacy. (#6226)

v1.27.0

v1.27.0

Changes

• operator-sdk run bundle(-upgrade): Change default of the --security-context-config flag to be legacy instead of restricted. (#6210)
• operator-sdk run bundle: When creating the CatalogSource, we now set the grpcPodConfig.SecurityContextConfig to the value of the --security-context-config flag. (#6210)
• The scorecard-test-kuttl image always prints the kuttl logs in case there is an error processing the kuttl report. (#6225)

Bug Fixes

• operator-sdk bundle validate: Fix a bug in the Kubernetes 1.25 validation logic that would warn that a Kubernetes resource was deprecated without checking the group that contains the resource. (i.e if apps/deployments was deprecated and you used other/deployments you would recieve a warning)". The validation logic will now verify the group and resource before issuing a warning. (#6227)
• operator-sdk run bundle(-upgrade): Fix a bug where SQLite bundle images were failing to be run properly due to a change in the default channel that is used by run bundle(-upgrade) when creating a subscription. (#6210)
• operator-sdk run bundle(-upgrade): Update the logic used to set a Registry Pod's PSA configuration to fix a bug where a Pod's containers still had a restrictive SecurityContext even when setting --security-context-config=legacy. (#6210)
• For operator-sdk bundle validate: Fix a bug that would make the command exit with a 0 exit code even if there were validation failures. (#6274)
• (scorecard): Fixes a bug where an error would be thrown if a Custom Resource did not have a .spec field, which is a perfectly valid scenario. Instead of throwing an error scorecard will now issue a suggestion. (#6245)

v1.25.4

v1.25.4

Changes

• operator-sdk run bundle(-upgrade): Change default of the --security-context-config flag to be legacy instead of restricted. (#6261)
• operator-sdk run bundle: When creating the CatalogSource, we now set the grpcPodConfig.SecurityContextConfig to the value of the --security-context-config flag. (#6261)

Bug Fixes

• operator-sdk bundle validate: Fix a bug in the Kubernetes 1.25 validation logic that would warn that a Kubernetes resource was deprecated without checking the group that contains the resource. (i.e if apps/deployments was deprecated and you used other/deployments you would recieve a warning)". The validation logic will now verify the group and resource before issuing a warning. (#6263)
• For operator-sdk run bundle(-upgrade): fix a bug in the logic that would attempt to create a ConfigMap that contained the entire contents of an FBC. Now if the FBC contents are to large to fit into a single ConfigMap, the FBC contents will be partitioned and split amongst multiple ConfigMap resources. (#6262)
• operator-sdk run bundle(-upgrade): Fix a bug where SQLite bundle images were failing to be run properly due to a change in the default channel that is used by run bundle(-upgrade) when creating a subscription. (#6261)
• operator-sdk run bundle(-upgrade): Update the logic used to set a Registry Pod's PSA configuration to fix a bug where a Pod's containers still had a restrictive SecurityContext even when setting --security-context-config=legacy. (#6261)
• (scorecard): Fixes a bug where an error would be thrown if a Custom Resource did not have a .spec field, which is a perfectly valid scenario. Instead of throwing an error scorecard will now issue a suggestion. (#6266)

v1.26.0

v1.26.0

Additions

• For operator-sdk bundle validate: When checking for Kubernetes APIs deprecated in Kubernetes v1.25.0 the ClusterServiceVersion's CustomResourceDefinitions, ClusterPermissions, and Permissions are now validated to ensure no references to deprecated APIs are being made. (#6119)

Changes

• (images): Bumps all Operator SDK maintained images to now use ubi(-minimal) tag 8.7. (#6175)

Bug Fixes

• ansible: fixed "make run" so it finds local roles. (#6110)
• For operator-sdk run bundle(-upgrade): fix a bug in the logic that would attempt to create a ConfigMap that contained the entire contents of an FBC. Now if the FBC contents are to large to fit into a single ConfigMap, the FBC contents will be partitioned and split amongst multiple ConfigMap resources. (#6182)

v1.25.3

v1.25.3

Bug Fixes

• For the ansible operator container images, update them to properly pull in the base image that uses UBI 8.7. (#6206)

v1.25.2

v1.25.2

Changes

• (images): Bumps all Operator SDK maintained images to now use ubi(-minimal) tag 8.7. (#6177)