diff --git a/CHANGELOG.md b/CHANGELOG.md index 7b0c0b86..0f5ff8d3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file. ## [Unreleased] +## [25.7.0] - 2025-07-23 + +## [25.7.0-rc1] - 2025-07-18 + ### Added - Adds new telemetry CLI arguments and environment variables ([#715], [#744]). @@ -47,6 +51,8 @@ All notable changes to this project will be documented in this file. - The default Kubernetes cluster domain name is now fetched from the kubelet API unless explicitly configured. - This requires operators to have the RBAC permission to get nodes/proxy in the apiGroup "". The helm-chart takes care of this. - The CLI argument `--kubernetes-node-name` or env variable `KUBERNETES_NODE_NAME` needs to be set. The helm-chart takes care of this. +- The operator helm-chart now grants RBAC `patch` permissions on `events.k8s.io/events`, + so events can be aggregated (e.g. "error happened 10 times over the last 5 minutes") ([#745]). ### Fixed @@ -74,6 +80,7 @@ All notable changes to this project will be documented in this file. [#737]: https://github.com/stackabletech/opa-operator/pull/737 [#743]: https://github.com/stackabletech/opa-operator/pull/743 [#744]: https://github.com/stackabletech/opa-operator/pull/744 +[#745]: https://github.com/stackabletech/opa-operator/pull/745 ## [25.3.0] - 2025-03-21 diff --git a/Cargo.lock b/Cargo.lock index 3e4d82df..a0903be7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2958,7 +2958,7 @@ checksum = "a8f112729512f8e442d81f95a8a7ddf2b7c6b8a1a6f509a95864142b30cab2d3" [[package]] name = "stackable-opa-bundle-builder" -version = "0.0.0-dev" +version = "25.7.0" dependencies = [ "axum", "built", @@ -2976,7 +2976,7 @@ dependencies = [ [[package]] name = "stackable-opa-operator" -version = "0.0.0-dev" +version = "25.7.0" dependencies = [ "anyhow", "built", @@ -2999,11 +2999,11 @@ dependencies = [ [[package]] name = "stackable-opa-regorule-library" -version = "0.0.0-dev" +version = "25.7.0" [[package]] name = "stackable-opa-user-info-fetcher" -version = "0.0.0-dev" +version = "25.7.0" dependencies = [ "axum", "base64", diff --git a/Cargo.nix b/Cargo.nix index d3e808d2..32e48da3 100644 --- a/Cargo.nix +++ b/Cargo.nix @@ -9676,7 +9676,7 @@ rec { }; "stackable-opa-bundle-builder" = rec { crateName = "stackable-opa-bundle-builder"; - version = "0.0.0-dev"; + version = "25.7.0"; edition = "2021"; crateBin = [ { @@ -9748,7 +9748,7 @@ rec { }; "stackable-opa-operator" = rec { crateName = "stackable-opa-operator"; - version = "0.0.0-dev"; + version = "25.7.0"; edition = "2021"; crateBin = [ { @@ -9843,7 +9843,7 @@ rec { }; "stackable-opa-regorule-library" = rec { crateName = "stackable-opa-regorule-library"; - version = "0.0.0-dev"; + version = "25.7.0"; edition = "2021"; src = lib.cleanSourceWith { filter = sourceFilter; src = ./rust/regorule-library; }; libName = "stackable_opa_regorule_library"; @@ -9854,7 +9854,7 @@ rec { }; "stackable-opa-user-info-fetcher" = rec { crateName = "stackable-opa-user-info-fetcher"; - version = "0.0.0-dev"; + version = "25.7.0"; edition = "2021"; crateBin = [ { diff --git a/Cargo.toml b/Cargo.toml index f9afa667..cd42b1d6 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -3,7 +3,7 @@ members = ["rust/*"] resolver = "2" [workspace.package] -version = "0.0.0-dev" +version = "25.7.0" authors = ["Stackable GmbH "] license = "OSL-3.0" edition = "2021" diff --git a/deploy/helm/opa-operator/Chart.yaml b/deploy/helm/opa-operator/Chart.yaml index 8fad873b..a43c804f 100644 --- a/deploy/helm/opa-operator/Chart.yaml +++ b/deploy/helm/opa-operator/Chart.yaml @@ -1,8 +1,8 @@ --- apiVersion: v2 name: opa-operator -version: "0.0.0-dev" -appVersion: "0.0.0-dev" +version: "25.7.0" +appVersion: "25.7.0" description: The Stackable Operator for OpenPolicyAgent home: https://github.com/stackabletech/opa-operator maintainers: diff --git a/deploy/helm/opa-operator/crds/crds.yaml b/deploy/helm/opa-operator/crds/crds.yaml index e03f1f0b..e5a77c29 100644 --- a/deploy/helm/opa-operator/crds/crds.yaml +++ b/deploy/helm/opa-operator/crds/crds.yaml @@ -121,7 +121,7 @@ spec: - secretClass properties: secretClass: - description: Name of the [SecretClass](https://docs.stackable.tech/home/nightly/secret-operator/secretclass) which will provide the CA certificate. Note that a SecretClass does not need to have a key but can also work with just a CA certificate, so if you got provided with a CA cert but don't have access to the key you can still use this method. + description: Name of the [SecretClass](https://docs.stackable.tech/home/25.7/secret-operator/secretclass) which will provide the CA certificate. Note that a SecretClass does not need to have a key but can also work with just a CA certificate, so if you got provided with a CA cert but don't have access to the key you can still use this method. type: string webPki: description: Use TLS and the CA certificates trusted by the common web browsers to verify the server. This can be useful when you e.g. use public AWS S3 or other public available services. @@ -189,7 +189,7 @@ spec: - secretClass properties: secretClass: - description: Name of the [SecretClass](https://docs.stackable.tech/home/nightly/secret-operator/secretclass) which will provide the CA certificate. Note that a SecretClass does not need to have a key but can also work with just a CA certificate, so if you got provided with a CA cert but don't have access to the key you can still use this method. + description: Name of the [SecretClass](https://docs.stackable.tech/home/25.7/secret-operator/secretclass) which will provide the CA certificate. Note that a SecretClass does not need to have a key but can also work with just a CA certificate, so if you got provided with a CA cert but don't have access to the key you can still use this method. type: string webPki: description: Use TLS and the CA certificates trusted by the common web browsers to verify the server. This can be useful when you e.g. use public AWS S3 or other public available services. @@ -284,7 +284,7 @@ spec: - secretClass properties: secretClass: - description: Name of the [SecretClass](https://docs.stackable.tech/home/nightly/secret-operator/secretclass) which will provide the CA certificate. Note that a SecretClass does not need to have a key but can also work with just a CA certificate, so if you got provided with a CA cert but don't have access to the key you can still use this method. + description: Name of the [SecretClass](https://docs.stackable.tech/home/25.7/secret-operator/secretclass) which will provide the CA certificate. Note that a SecretClass does not need to have a key but can also work with just a CA certificate, so if you got provided with a CA cert but don't have access to the key you can still use this method. type: string webPki: description: Use TLS and the CA certificates trusted by the common web browsers to verify the server. This can be useful when you e.g. use public AWS S3 or other public available services. @@ -403,7 +403,7 @@ spec: nodeSelector: null podAffinity: null podAntiAffinity: null - description: These configuration settings control [Pod placement](https://docs.stackable.tech/home/nightly/concepts/operations/pod_placement). + description: These configuration settings control [Pod placement](https://docs.stackable.tech/home/25.7/concepts/operations/pod_placement). properties: nodeAffinity: description: Same as the `spec.affinity.nodeAffinity` field on the Pod, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) @@ -435,7 +435,7 @@ spec: default: containers: {} enableVectorAgent: null - description: Logging configuration, learn more in the [logging concept documentation](https://docs.stackable.tech/home/nightly/concepts/logging). + description: Logging configuration, learn more in the [logging concept documentation](https://docs.stackable.tech/home/25.7/concepts/logging). properties: containers: additionalProperties: @@ -560,17 +560,17 @@ spec: type: string type: object default: {} - description: The `configOverrides` can be used to configure properties in product config files that are not exposed in the CRD. Read the [config overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#config-overrides) and consult the operator specific usage guide documentation for details on the available config files and settings for the specific product. + description: The `configOverrides` can be used to configure properties in product config files that are not exposed in the CRD. Read the [config overrides documentation](https://docs.stackable.tech/home/25.7/concepts/overrides#config-overrides) and consult the operator specific usage guide documentation for details on the available config files and settings for the specific product. type: object envOverrides: additionalProperties: type: string default: {} - description: '`envOverrides` configure environment variables to be set in the Pods. It is a map from strings to strings - environment variables and the value to set. Read the [environment variable overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#env-overrides) for more information and consult the operator specific usage guide to find out about the product specific environment variables that are available.' + description: '`envOverrides` configure environment variables to be set in the Pods. It is a map from strings to strings - environment variables and the value to set. Read the [environment variable overrides documentation](https://docs.stackable.tech/home/25.7/concepts/overrides#env-overrides) for more information and consult the operator specific usage guide to find out about the product specific environment variables that are available.' type: object podOverrides: default: {} - description: In the `podOverrides` property you can define a [PodTemplateSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#podtemplatespec-v1-core) to override any property that can be set on a Kubernetes Pod. Read the [Pod overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#pod-overrides) for more information. + description: In the `podOverrides` property you can define a [PodTemplateSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#podtemplatespec-v1-core) to override any property that can be set on a Kubernetes Pod. Read the [Pod overrides documentation](https://docs.stackable.tech/home/25.7/concepts/overrides#pod-overrides) for more information. type: object x-kubernetes-preserve-unknown-fields: true roleConfig: @@ -594,7 +594,7 @@ spec: nodeSelector: null podAffinity: null podAntiAffinity: null - description: These configuration settings control [Pod placement](https://docs.stackable.tech/home/nightly/concepts/operations/pod_placement). + description: These configuration settings control [Pod placement](https://docs.stackable.tech/home/25.7/concepts/operations/pod_placement). properties: nodeAffinity: description: Same as the `spec.affinity.nodeAffinity` field on the Pod, see the [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) @@ -626,7 +626,7 @@ spec: default: containers: {} enableVectorAgent: null - description: Logging configuration, learn more in the [logging concept documentation](https://docs.stackable.tech/home/nightly/concepts/logging). + description: Logging configuration, learn more in the [logging concept documentation](https://docs.stackable.tech/home/25.7/concepts/logging). properties: containers: additionalProperties: @@ -751,17 +751,17 @@ spec: type: string type: object default: {} - description: The `configOverrides` can be used to configure properties in product config files that are not exposed in the CRD. Read the [config overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#config-overrides) and consult the operator specific usage guide documentation for details on the available config files and settings for the specific product. + description: The `configOverrides` can be used to configure properties in product config files that are not exposed in the CRD. Read the [config overrides documentation](https://docs.stackable.tech/home/25.7/concepts/overrides#config-overrides) and consult the operator specific usage guide documentation for details on the available config files and settings for the specific product. type: object envOverrides: additionalProperties: type: string default: {} - description: '`envOverrides` configure environment variables to be set in the Pods. It is a map from strings to strings - environment variables and the value to set. Read the [environment variable overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#env-overrides) for more information and consult the operator specific usage guide to find out about the product specific environment variables that are available.' + description: '`envOverrides` configure environment variables to be set in the Pods. It is a map from strings to strings - environment variables and the value to set. Read the [environment variable overrides documentation](https://docs.stackable.tech/home/25.7/concepts/overrides#env-overrides) for more information and consult the operator specific usage guide to find out about the product specific environment variables that are available.' type: object podOverrides: default: {} - description: In the `podOverrides` property you can define a [PodTemplateSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#podtemplatespec-v1-core) to override any property that can be set on a Kubernetes Pod. Read the [Pod overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#pod-overrides) for more information. + description: In the `podOverrides` property you can define a [PodTemplateSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#podtemplatespec-v1-core) to override any property that can be set on a Kubernetes Pod. Read the [Pod overrides documentation](https://docs.stackable.tech/home/25.7/concepts/overrides#pod-overrides) for more information. type: object x-kubernetes-preserve-unknown-fields: true replicas: diff --git a/deploy/helm/opa-operator/templates/roles.yaml b/deploy/helm/opa-operator/templates/roles.yaml index 60b05c9d..59f97ab5 100644 --- a/deploy/helm/opa-operator/templates/roles.yaml +++ b/deploy/helm/opa-operator/templates/roles.yaml @@ -82,7 +82,6 @@ rules: - events.k8s.io resources: - events - - patch verbs: - create - patch @@ -134,6 +133,7 @@ rules: - events verbs: - create + - patch {{ if .Capabilities.APIVersions.Has "security.openshift.io/v1" }} - apiGroups: - security.openshift.io diff --git a/docs/antora.yml b/docs/antora.yml index d522680b..35013e93 100644 --- a/docs/antora.yml +++ b/docs/antora.yml @@ -1,3 +1,4 @@ --- name: home -version: "nightly" +version: "25.7" +prerelease: false diff --git a/docs/modules/opa/examples/getting_started/getting_started.sh b/docs/modules/opa/examples/getting_started/getting_started.sh index 92f32afa..e0d6a663 100755 --- a/docs/modules/opa/examples/getting_started/getting_started.sh +++ b/docs/modules/opa/examples/getting_started/getting_started.sh @@ -21,13 +21,13 @@ case "$1" in "helm") echo "Installing operators with Helm" # tag::helm-install-operators[] -helm install --wait opa-operator oci://oci.stackable.tech/sdp-charts/opa-operator --version 0.0.0-dev +helm install --wait opa-operator oci://oci.stackable.tech/sdp-charts/opa-operator --version 25.7.0 # end::helm-install-operators[] ;; "stackablectl") echo "installing operators with stackablectl" # tag::stackablectl-install-operators[] -stackablectl operator install opa=0.0.0-dev +stackablectl operator install opa=25.7.0 # end::stackablectl-install-operators[] ;; *) diff --git a/docs/modules/opa/examples/getting_started/install_output.txt b/docs/modules/opa/examples/getting_started/install_output.txt index 0b596733..3cd6c034 100644 --- a/docs/modules/opa/examples/getting_started/install_output.txt +++ b/docs/modules/opa/examples/getting_started/install_output.txt @@ -1 +1 @@ -Installed opa=0.0.0-dev operator +Installed opa=25.7.0 operator diff --git a/docs/templating_vars.yaml b/docs/templating_vars.yaml index ac90cc04..17cded28 100644 --- a/docs/templating_vars.yaml +++ b/docs/templating_vars.yaml @@ -3,4 +3,4 @@ helm: repo_name: sdp-charts repo_url: oci.stackable.tech versions: - opa: 0.0.0-dev + opa: 25.7.0 diff --git a/tests/release.yaml b/tests/release.yaml index 6df27b86..bbb700d0 100644 --- a/tests/release.yaml +++ b/tests/release.yaml @@ -7,10 +7,10 @@ releases: description: Integration test products: commons: - operatorVersion: 0.0.0-dev + operatorVersion: 25.7.0 secret: - operatorVersion: 0.0.0-dev + operatorVersion: 25.7.0 listener: - operatorVersion: 0.0.0-dev + operatorVersion: 25.7.0 opa: - operatorVersion: 0.0.0-dev + operatorVersion: 25.7.0