feat: add logic to handle updates to operator config #1186
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [cgr.dev/du-uds-defenseunicorns/k8s-sidecar-fips](https://images.chainguard.dev/directory/image/k8s-sidecar-fips/overview) ([source](https://redirect.github.com/chainguard-images/images-private/tree/HEAD/images/k8s-sidecar-fips)) | minor | `1.28.4` -> `1.29.0` | | [ghcr.io/kiwigrid/k8s-sidecar](https://redirect.github.com/kiwigrid/k8s-sidecar) | minor | `1.28.4` -> `1.29.0` | | [registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar](https://redirect.github.com/kiwigrid/k8s-sidecar) ([source](https://repo1.dso.mil/dsop/kiwigrid/k8s-sidecar)) | minor | `1.28.4` -> `1.29.0` | --- ### Release Notes <details> <summary>kiwigrid/k8s-sidecar (ghcr.io/kiwigrid/k8s-sidecar)</summary> ### [`v1.29.0`](https://redirect.github.com/kiwigrid/k8s-sidecar/releases/tag/1.29.0) [Compare Source](https://redirect.github.com/kiwigrid/k8s-sidecar/compare/1.28.4...1.29.0) ##### 🚀 Features - feat: add ability to fetch only specific resources by name - PR: [#​383](https://redirect.github.com/kiwigrid/k8s-sidecar/issues/383) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-core). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS45Mi4wIiwidXBkYXRlZEluVmVyIjoiMzkuOTIuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Noah <40781376+noahpb@users.noreply.github.com>
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [kube-prometheus-stack](https://redirect.github.com/prometheus-operator/kube-prometheus) ([source](https://redirect.github.com/prometheus-community/helm-charts)) | major | `67.9.0` -> `68.0.0` | | [registry.k8s.io/ingress-nginx/kube-webhook-certgen](https://redirect.github.com/kubernetes/ingress-nginx) | patch | `v1.5.0` -> `v1.5.1` | | [registry1.dso.mil/ironbank/opensource/ingress-nginx/kube-webhook-certgen](https://redirect.github.com/kubernetes/ingress-nginx/) ([source](https://repo1.dso.mil/dsop/opensource/kubernetes/ingress-nginx/kube-webhook-certgen)) | patch | `v1.5.0` -> `v1.5.1` | | [registry1.dso.mil/ironbank/opensource/prometheus/prometheus](https://prometheus.io/) ([source](https://repo1.dso.mil/dsop/opensource/prometheus/prometheus)) | minor | `v3.0.1` -> `v3.1.0` | --- ### Release Notes <details> <summary>prometheus-community/helm-charts (kube-prometheus-stack)</summary> ### [`v68.0.0`](https://redirect.github.com/prometheus-community/helm-charts/releases/tag/kube-prometheus-stack-68.0.0) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-67.11.0...kube-prometheus-stack-68.0.0) kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. #### What's Changed - \[kube-prometheus-stack] Improve various metric relabelings by [@​SuperQ](https://redirect.github.com/SuperQ) in [https://github.com/prometheus-community/helm-charts/pull/5130](https://redirect.github.com/prometheus-community/helm-charts/pull/5130) **Full Changelog**: prometheus-community/helm-charts@kube-prometheus-stack-67.11.0...kube-prometheus-stack-68.0.0 ### [`v67.11.0`](https://redirect.github.com/prometheus-community/helm-charts/releases/tag/kube-prometheus-stack-67.11.0) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-67.10.0...kube-prometheus-stack-67.11.0) kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. #### What's Changed - \[kube-prometheus-stack] Add kubelet scrape flag by [@​SuperQ](https://redirect.github.com/SuperQ) in [https://github.com/prometheus-community/helm-charts/pull/5136](https://redirect.github.com/prometheus-community/helm-charts/pull/5136) **Full Changelog**: prometheus-community/helm-charts@kube-prometheus-stack-67.10.0...kube-prometheus-stack-67.11.0 ### [`v67.10.0`](https://redirect.github.com/prometheus-community/helm-charts/releases/tag/kube-prometheus-stack-67.10.0) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-67.9.0...kube-prometheus-stack-67.10.0) kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. #### What's Changed - \[prometheus-kube-stack] Fix relabeling and metricRelabeling for additional serviceMonitor by [@​mehr74](https://redirect.github.com/mehr74) in [https://github.com/prometheus-community/helm-charts/pull/5133](https://redirect.github.com/prometheus-community/helm-charts/pull/5133) #### New Contributors - [@​mehr74](https://redirect.github.com/mehr74) made their first contribution in [https://github.com/prometheus-community/helm-charts/pull/5133](https://redirect.github.com/prometheus-community/helm-charts/pull/5133) **Full Changelog**: prometheus-community/helm-charts@prometheus-snmp-exporter-6.0.0...kube-prometheus-stack-67.10.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-core). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS45Mi4wIiwidXBkYXRlZEluVmVyIjoiMzkuOTIuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Noah <40781376+noahpb@users.noreply.github.com>
## Description Implement istio native sidecars until we can move over completely to ambient. ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed --------- Co-authored-by: Micah Nagel <micah.nagel@defenseunicorns.com>
## Description Adds a new dev task that will spin up the docs site locally for previewing documentation changes. Initially I tested this with `docker` for portability but it did not end up really being more portable (Astro doesn't have a dev docker image) and caused some issues with hot-reloading. The current task will clone the docs repo into a local path, symlink the core content, and then run the dev setup task to run the Astro server. I also fixed a few warnings about invalid code block types. Notes: - This task will run and hang until it is ended (i.e. with something like `ctrl-c`). This allows users to spin up the dev docs site for long running testing of docs previews. - Docs are hot-reloaded based on the local content in the `docs/` directory. This is handled via Astro's dev mode and symlinks to ensure that changes can be done to the actual source. - Docs for CLI/identity-config are NOT cloned in. This can lead to some 404s from the overview page, but otherwise does not cause any issues. This was done to keep the setup simple and focused on core (similar tasks could be added to CLI/identity-config repos). ## Related Issue Fixes #712 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Steps to Validate Run: ``` uds run dev-docs ``` And validate that the dev docs site starts up and can be browsed successfully (will be at `http://localhost:4321/`). ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed Co-authored-by: Chance <139784371+UnicornChance@users.noreply.github.com>
noahpb
reviewed
Jan 22, 2025
|
@noahpb identified an issue where empty strings weren't being handled properly for the redis uri and ca cert, made some modifications and added tests to make sure those scenarios are properly handled. Should be g2g again for review. |
sgettys
approved these changes
Jan 23, 2025
noahpb
approved these changes
Jan 23, 2025
noahpb
pushed a commit
that referenced
this pull request
Jan 28, 2025
🤖 I have created a release *beep* *boop* --- ## [0.35.0](v0.34.1...v0.35.0) (2025-01-27) ### Features * add logic to handle updates to operator config ([#1186](#1186)) ([004e8b4](004e8b4)) * optional istio cni ztunnel component ([#1175](#1175)) ([e003924](e003924)) ### Bug Fixes * add healthz port to neuvector services ([#1223](#1223)) ([ec55729](ec55729)) * checkpoint ci issue ([#1234](#1234)) ([548ff6a](548ff6a)) * denied user permissions policy messaging ([#1227](#1227)) ([1ccf4f7](1ccf4f7)) * istio package no longer assumes pepr deployments exist ([#1232](#1232)) ([ab11592](ab11592)) ### Miscellaneous * **deps:** update authservice to v1.0.4 ([#1211](#1211)) ([da4d043](da4d043)) * **deps:** update pepr ([#1197](#1197)) ([652c925](652c925)) ### Documentation * add documentation on metrics/dashboards for apps ([#1221](#1221)) ([d9062da](d9062da)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
mjnagel
pushed a commit
that referenced
this pull request
Feb 4, 2025
🤖 I have created a release *beep* *boop* --- ## [0.35.0](v0.34.1...v0.35.0) (2025-02-03) ### Features * add logic to handle updates to operator config ([#1186](#1186)) ([004e8b4](004e8b4)) * optional istio cni ztunnel component ([#1175](#1175)) ([e003924](e003924)) ### Bug Fixes * add healthz port to neuvector services ([#1223](#1223)) ([ec55729](ec55729)) * add patch for adding nv enforcer readiness probe ([#1239](#1239)) ([098ef3d](098ef3d)) * address AKS ci flakiness ([#1238](#1238)) ([262ba3e](262ba3e)) * checkpoint ci issue ([#1234](#1234)) ([548ff6a](548ff6a)) * denied user permissions policy messaging ([#1227](#1227)) ([1ccf4f7](1ccf4f7)) * istio package no longer assumes pepr deployments exist ([#1232](#1232)) ([ab11592](ab11592)) ### Miscellaneous * **ci:** disable rds parameter group creation ([#1230](#1230)) ([b4cb499](b4cb499)) * **deps:** update authservice to v1.0.4 ([#1211](#1211)) ([da4d043](da4d043)) * **deps:** update grafana ([#1213](#1213)) ([54ddd23](54ddd23)) * **deps:** update pepr ([#1197](#1197)) ([652c925](652c925)) * **deps:** update prometheus-stack ([#1189](#1189)) ([e02c14c](e02c14c)) * **deps:** update support-deps ([#1204](#1204)) ([d477f6a](d477f6a)) * **deps:** update support-deps ([#1243](#1243)) ([d4179ae](d4179ae)) * **deps:** update support-deps to v1.50.1 ([#1241](#1241)) ([6c14208](6c14208)) * **docs:** cleanup diagrams ([#1246](#1246)) ([f6bffb9](f6bffb9)) * **main:** release 0.35.0 ([#1219](#1219)) ([c31c608](c31c608)) * switch registry1 ztunnel to proper source ([#1249](#1249)) ([defa586](defa586)) * switch unicorn ztunnel to fips image ([#1240](#1240)) ([dd63ac6](dd63ac6)) ### Documentation * add documentation on metrics/dashboards for apps ([#1221](#1221)) ([d9062da](d9062da)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR adds logic to handle updates to the operator config, specifically managed via the operator secret. In particular this adds:
Related Issue
Fixes #1130
Type of change
Steps to Validate
Checklist before merging