All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Upgrade the underlying k8s dependencies from 1.20 to 1.21 to support operator installation on k8s 1.25+.
- Install init container certs with 600 permissions
- Ensure operator can connect to DBs in all namespaces
AutomountServiceAccountToken
field for cluster spec to allow mounting the default service account token.
- Delete the CancelLoop function, fixing a cluster status update bug
- Correctly detect failed version checker Pods
- retry cluster status updates, reducing test flakes
- Grant operator deletecollection permissions to fix fullcluster restart flow
- Grant operator list and update permissions on pvcs to fix pvc resize flow
- Bump TerminationGracePeriodSeconds from 1m to 5m
- Prefer user added --join flags over default when explicitly passed
- Custom logging configuration can be used through the configmap when
spec.logConfigMap
is provided.
- Fix nil-pointer errors when
spec.Image
is not provided. - Update gogo/protobuf to address CVE-2021-3121
- #863 - Add flag for
leader-election-id
to enable leader election support
- Image digests now calculated when generating templates, rather than when creating bundles
- Use bazelisk for CI workflows
- Bundle generation for updated OpenShift marketplace requirements
- Related images added to manager env for supporting cockroachDBVersion in the spec
- Fixed operator crash loop when cockroachDBVersion is used.
- Fix add custom annotations to the pod created by the job
- Fix issue when sidecar container is injected to job pod
- Add support for pod TopologySpreadConstraint and associated feature gate
- Now validates if
pvc.Volumemode
set correctly toFilesystem
- Mark nodes as decommissioned after draining the node
- Support for UI and SQL Ingress
- Fixed resource requirements for vcheck container
- Ability to run the operator as a cluster scoped operator or a namespace scoped one
- Deprecated legacy OpenShift packaging format in favor of new bundle format
- Removed unused beta channel
- Dynamically create instance specific service account, role, and role binding
- OpenShift deployment now allows the operator to run for all namespaces
- Boilerplate test after updating to Go 1.17
- Permissions for sts/scale subresource
- Versioned Dockerfiles for OpenShift
- Support for nodeSelectors
- Cleanup of initialization and structure of Actor and Director
- Error on startup in OpenShift related to webhook configuration
- Finalizer permissions to address
cannot set blockOwnerDeletion if an ownerReference refers to a resource you can’t set finalizers on
issue
- Webhook CA certificate is stored in
cockroach-operator-webhook-ca
(autogenerated if missing) - Webhook server certificates are now ephemeral and created at manager pod startup
- References to certificates/v1beta1 preventing the operator from working on K8s 1.22
- Added CHANGELOG.md to track changes across releases
- More information to operator logs (e.g. reconcilerID)
- Support for taints and tolerations
- Support for custom annotations
- Mutating and validating webhooks and associated TLS configuration
- Several enhancements for local development (e.g.
make dev/up
)
- Refactor templates to leverage kustomize bases/overlays in //config
- Updated validation markers for the CRD (required, minimum, etc.)
- Introduced Director to consolidate the handles logic from the actors
- Standardized on cockroachdb/errors for wrapping errors
- Made enormous-sized tests run for less long
- Propagate affinity and tolerations for version checker job
- Ensure the controller watches owned job objects
- CertificateGenerated conditional correctly set during deploys
- No longer requeueing permanent errors
- PVCs no longer missing
AdditionalLabels
- Some flakiness in e2e tests
- Version checker jobs no longer pile up when pods take >2m to come up
- More information to operator logs (e.g. reconcilerID)
- Refactor templates to leverage kustomize bases/overlays in //config
- Propagate affinity and tolerations for version checker job
- Ensure the controller watches owned job objects
- CertificateGenerated conditional correctly set during deploys
- Support for taints and tolerations
- Support for custom annotations
- Mutating and validating webhooks and associated TLS configuration
- Several enhancements for local development (e.g.
make dev/up
)
- Updated validation markers for the CRD (required, minimum, etc.)
- Introduced Director to consolidate the handles logic from the actors
- Standardized on cockroachdb/errors for wrapping errors
- No longer requeueing permanent errors
- PVCs no longer missing
AdditionalLabels
- Some flakiness in e2e tests
- Version checker jobs no longer pile up when pods take >2m to come up
AdditionalLabels
which are added to all managed resources- Examples for new features (addition labels, affinity rules, etc)
- e2e tests for EKS, OpenShift, and downgrading
- Skip the initContainer when running an insecure cluster
- Can now pass additional parameters to OpenShift
- Updating of crdbversions.yaml now automated via GitHub actions
- Dead code from multiple packages
- Dependency on ginko and gomega