v1.5.0

For Go-based operators, migrate your project to use the project version stable.

The PROJECT version config file represents the project configuration. It reach the maturate stability and it will store the data used to do the scaffolds. The motivation for this behaviour is to allow tools and helpers in the future such as to make easier the process to update the projects to use upper versions. More info: TBD. //TODO: add link for docs (see the PR kubernetes-sigs/kubebuilder#1916)

See #4402 for more details.

PROJECT config version 3-alpha must be upgraded to 3.

PROJECT config version 3-alpha has been stabilized as version 3 (the version key in your PROJECT file), and contains a set of config fields sufficient to fully describe a project. While this change is not technically breaking because the spec at that version was alpha, it was used by default in operator-sdk commands so should be marked as breaking and have a convenient migration path. The alpha config-3alpha-to-3 command will convert most of your PROJECT file from version 3-alpha to 3, and leave comments with directions where automatic conversion is not possible:

  1. $ cat PROJECT
  2. version: 3-alpha
  3. resources:
  4. - crdVersion: v1
  5. ...
  7. $ operator-sdk alpha config-3alpha-to-3
  8. Your PROJECT config file has been converted from version 3-alpha to 3. Please make sure all config data is correct.
  9. $ cat PROJECT
  10. version: "3" 
  11. esources:
  12. - api:
  13.   crdVersion: v1
  14. ...

See #4613 for more details.

(go/v3) Upgrade controller-runtime to v0.7.2.

In your go.mod file, upgrade sigs.k8s.io/controller-runtime to v0.7.2.

See #4626 for more details.

(go/v3) Add a system:controller-manager ServiceAccount to your project.

A non-default ServiceAccount controller-manager is scaffolded on operator-sdk init, to improve security for operators installed in shared namespaces. To add this ServiceAccount to your project, do the following:

  1. # Create the ServiceAccount.
  2. cat <<EOF > config/rbac/service_account.yaml
  3. apiVersion: v1
  4. kind: ServiceAccount
  5. metadata:
  6.   name: controller-manager
  7.   namespace: system
  8. EOF
  10. # Add it to the list of RBAC resources.
  11. echo "- service_account.yaml" >> config/rbac/kustomization.yaml
  13. # Update all RoleBinding and ClusterRoleBinding subjects that reference the operator's ServiceAccount.
  14. find config/rbac -name *_binding.yaml -exec sed -i -E 's/  name: default/  name: controller-manager/g' {} \;
  16. # Add the ServiceAccount name to the manager Deployment's spec.template.spec.serviceAccountName.
  17. sed -i -E 's/([ ]+)(terminationGracePeriodSeconds:)/\1serviceAccountName: controller-manager\n\1\2/g' config/manager/manager.yaml

The changes should look like:

  1. # config/manager/manager.yaml
  2.            requests:
  3.              cpu: 100m
  4.              memory: 20Mi
  5. +      serviceAccountName: controller-manager
  6.        terminationGracePeriodSeconds: 10
  8. # config/rbac/auth_proxy_role_binding.yaml
  9.    name: proxy-role
  10.  subjects:
  11.  - kind: ServiceAccount
  12. -  name: default 
  13. +  name: controller-manager
  14.    namespace: system
  16. # config/rbac/kustomization.yaml
  17.  resources:
  18. +- service_account.yaml
  19.  - role.yaml
  20.  - role_binding.yaml
  21.  - leader_election_role.yaml
  23. # config/rbac/leader_election_role_binding.yaml
  24.    name: leader-election-role
  25.  subjects:
  26.  - kind: ServiceAccount
  27. -  name: default 
  28. +  name: controller-manager
  29.    namespace: system
  31. # config/rbac/role_binding.yaml
  32.    name: manager-role
  33.  subjects:
  34.  - kind: ServiceAccount
  35. -  name: default 
  36. +  name: controller-manager
  37.    namespace: system
  39. # config/rbac/service_account.yaml
  40. +apiVersion: v1
  41. +kind: ServiceAccount
  42. +metadata:
  43. +  name: controller-manager
  44. +  namespace: system

See #4626 for more details.

(ansible/v1, helm/v1) Swap the paths of liveness/readiness probes in config/manager/manager.yaml.

The liveness and readiness probe endpoints were incorrectly named, although this mismatch will not affect their behavior. To fix, swap the readinessProbe and livenessProbe HTTP paths in config/manager/manager.yaml:

  1.   livenessProbe:
  2.     httpGet:
  3.       path: /healthz
  4.       port: 6789
  5.     initialDelaySeconds: 15
  6.     periodSeconds: 20
  7.   readinessProbe:
  8.     httpGet:
  9.       path: /readyz
  10.       port: 6789
  11.     initialDelaySeconds: 5
  12.     periodSeconds: 10

See #4546 for more details.

Last modified March 12, 2021: Release v1.5.0 (#4646) (98f30d59)