Prepare release 2.10.1 #183
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
joelsmith
force-pushed
the
kedamain
branch
2 times, most recently
from
2c73936 to
05f9525
Compare
|
It appears that there are some changes in the operand repo's manifests which need to be taken into account here:
|
you are right, this is a new change introduced in 2.10 upstream |
|
thx for the ping. I see what it is. its because "2.10" is alphabetically not following "2.9". I made the script to compare the 2 last dirs but I think Im gonna have to parse the number and then take 2 last ones. Ill make a fix |
@gauron99 could we leverage any existing library/tool to compare sem versions? |
jrvaldes
reviewed
Apr 25, 2023
| @@ -0,0 +1,50 @@ | |||
| --- | |||
There was a problem hiding this comment.
Consider moving this commit to a separate PR, as the changes are unrelated to the release prep.
joelsmith
force-pushed
the
kedamain
branch
2 times, most recently
from
d868570 to
e0d6306
Compare
zroubalik
reviewed
May 3, 2023
There was a problem hiding this comment.
Looking good! The only minor thing is a Readme, could you please update the example KedaController object with the new admission webhook config?
https://github.com/kedacore/keda-olm-operator/blob/main/README.md#kedacontroller-spec
|
Diff 5c5
< controller-gen.kubebuilder.io/version: v0.9.0
---
> controller-gen.kubebuilder.io/version: v0.10.0
9c9
< app.kubernetes.io/version: 2.8.2
---
> app.kubernetes.io/version: 2.9.3
22a23,25
> - jsonPath: .spec.minReplicaCount
> name: Min
> type: integer
129a133,254
> podFailurePolicy:
> description: "Specifies the policy of handling failed pods. In
> particular, it allows to specify the set of actions and conditions
> which need to be satisfied to take the associated action. If
> empty, the default behaviour applies - the counter of failed
> pods, represented by the jobs's .status.failed field, is incremented
> and it is checked against the backoffLimit. This field cannot
> be used in combination with restartPolicy=OnFailure. \n This
> field is alpha-level. To use this field, you must enable the
> `JobPodFailurePolicy` feature gate (disabled by default)."
> properties:
> rules:
> description: A list of pod failure policy rules. The rules
> are evaluated in order. Once a rule matches a Pod failure,
> the remaining of the rules are ignored. When no rule matches
> the Pod failure, the default handling applies - the counter
> of pod failures is incremented and it is checked against
> the backoffLimit. At most 20 elements are allowed.
> items:
> description: PodFailurePolicyRule describes how a pod failure
> is handled when the requirements are met. One of OnExitCodes
> and onPodConditions, but not both, can be used in each
> rule.
> properties:
> action:
> description: 'Specifies the action taken on a pod failure
> when the requirements are satisfied. Possible values
> are: - FailJob: indicates that the pod''s job is marked
> as Failed and all running pods are terminated. - Ignore:
> indicates that the counter towards the .backoffLimit
> is not incremented and a replacement pod is created.
> - Count: indicates that the pod is handled in the
> default way - the counter towards the .backoffLimit
> is incremented. Additional values are considered to
> be added in the future. Clients should react to an
> unknown action by skipping the rule.'
> type: string
> onExitCodes:
> description: Represents the requirement on the container
> exit codes.
> properties:
> containerName:
> description: Restricts the check for exit codes
> to the container with the specified name. When
> null, the rule applies to all containers. When
> specified, it should match one the container or
> initContainer names in the pod template.
> type: string
> operator:
> description: 'Represents the relationship between
> the container exit code(s) and the specified values.
> Containers completed with success (exit code 0)
> are excluded from the requirement check. Possible
> values are: - In: the requirement is satisfied
> if at least one container exit code (might be
> multiple if there are multiple containers not
> restricted by the ''containerName'' field) is
> in the set of specified values. - NotIn: the requirement
> is satisfied if at least one container exit code
> (might be multiple if there are multiple containers
> not restricted by the ''containerName'' field)
> is not in the set of specified values. Additional
> values are considered to be added in the future.
> Clients should react to an unknown operator by
> assuming the requirement is not satisfied.'
> type: string
> values:
> description: Specifies the set of values. Each returned
> container exit code (might be multiple in case
> of multiple containers) is checked against this
> set of values with respect to the operator. The
> list of values must be ordered and must not contain
> duplicates. Value '0' cannot be used for the In
> operator. At least one element is required. At
> most 255 elements are allowed.
> items:
> format: int32
> type: integer
> type: array
> x-kubernetes-list-type: set
> required:
> - operator
> - values
> type: object
> onPodConditions:
> description: Represents the requirement on the pod conditions.
> The requirement is represented as a list of pod condition
> patterns. The requirement is satisfied if at least
> one pattern matches an actual pod condition. At most
> 20 elements are allowed.
> items:
> description: PodFailurePolicyOnPodConditionsPattern
> describes a pattern for matching an actual pod condition
> type.
> properties:
> status:
> description: Specifies the required Pod condition
> status. To match a pod condition it is required
> that the specified status equals the pod condition
> status. Defaults to True.
> type: string
> type:
> description: Specifies the required Pod condition
> type. To match a pod condition it is required
> that specified type equals the pod condition
> type.
> type: string
> required:
> - status
> - type
> type: object
> type: array
> x-kubernetes-list-type: atomic
> required:
> - action
> - onPodConditions
> type: object
> type: array
> x-kubernetes-list-type: atomic
> required:
> - rules
> type: object
175a301
> x-kubernetes-map-type: atomic
319a446
> x-kubernetes-map-type: atomic
432a560
> x-kubernetes-map-type: atomic
436a565
> x-kubernetes-map-type: atomic
526a656
> x-kubernetes-map-type: atomic
593a724
> x-kubernetes-map-type: atomic
708a840
> x-kubernetes-map-type: atomic
769a902
> x-kubernetes-map-type: atomic
885a1019
> x-kubernetes-map-type: atomic
952a1087
> x-kubernetes-map-type: atomic
1067a1203
> x-kubernetes-map-type: atomic
1128a1265
> x-kubernetes-map-type: atomic
1247a1385
> x-kubernetes-map-type: atomic
1266a1405
> x-kubernetes-map-type: atomic
1294a1434
> x-kubernetes-map-type: atomic
1316a1457
> x-kubernetes-map-type: atomic
1349a1491
> x-kubernetes-map-type: atomic
1368a1511
> x-kubernetes-map-type: atomic
1777,1783c1920,1926
< Exposing a port here gives the system additional
< information about the network connections a container
< uses, but is primarily informational. Not specifying
< a port here DOES NOT prevent that port from being
< exposed. Any port which is listening on the default
< "0.0.0.0" address inside a container will be accessible
< from the network. Cannot be updated.
---
> Not specifying a port here DOES NOT prevent that
> port from being exposed. Any port which is listening
> on the default "0.0.0.0" address inside a container
> will be accessible from the network. Modifying
> this array with strategic merge patch may corrupt
> the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
> Cannot be updated.
2572,2574c2715
< the pod's ephemeralcontainers subresource. This field
< is beta-level and available on clusters that haven't
< disabled the EphemeralContainers feature gate.
---
> the pod's ephemeralcontainers subresource.
2585,2587c2726
< Pod. Ephemeral containers may not be removed or restarted.
< \n This is a beta feature available on clusters that
< haven't disabled the EphemeralContainers feature gate."
---
> Pod. Ephemeral containers may not be removed or restarted."
2667a2807
> x-kubernetes-map-type: atomic
2686a2827
> x-kubernetes-map-type: atomic
2714a2856
> x-kubernetes-map-type: atomic
2736a2879
> x-kubernetes-map-type: atomic
2769a2913
> x-kubernetes-map-type: atomic
2788a2933
> x-kubernetes-map-type: atomic
3959a4105,4118
> hostUsers:
> description: 'Use the host''s user namespace. Optional:
> Default to true. If set to true or not present, the
> pod will be run in the host user namespace, useful for
> when the pod needs a feature only available to the host
> user namespace, such as loading a kernel module with
> CAP_SYS_MODULE. When set to false, a new userns is created
> for the pod. Setting false is useful for mitigating
> container breakout vulnerabilities even allowing users
> to run their containers as root without actually having
> root privileges on the host. This field is alpha-level
> and is only honored by servers that enable the UserNamespacesSupport
> feature.'
> type: boolean
3981a4141
> x-kubernetes-map-type: atomic
4081a4242
> x-kubernetes-map-type: atomic
4100a4262
> x-kubernetes-map-type: atomic
4128a4291
> x-kubernetes-map-type: atomic
4150a4314
> x-kubernetes-map-type: atomic
4183a4348
> x-kubernetes-map-type: atomic
4202a4368
> x-kubernetes-map-type: atomic
4611,4617c4777,4783
< Exposing a port here gives the system additional
< information about the network connections a container
< uses, but is primarily informational. Not specifying
< a port here DOES NOT prevent that port from being
< exposed. Any port which is listening on the default
< "0.0.0.0" address inside a container will be accessible
< from the network. Cannot be updated.
---
> Not specifying a port here DOES NOT prevent that
> port from being exposed. Any port which is listening
> on the default "0.0.0.0" address inside a container
> will be accessible from the network. Modifying
> this array with strategic merge patch may corrupt
> the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
> Cannot be updated.
5368,5373c5534,5539
< must be unset: - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions
< - spec.securityContext.seccompProfile - spec.securityContext.fsGroup
< - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls
< - spec.shareProcessNamespace - spec.securityContext.runAsUser
< - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups
< - spec.containers[*].securityContext.seLinuxOptions
---
> must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers
> - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile
> - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy
> - spec.securityContext.sysctls - spec.shareProcessNamespace
> - spec.securityContext.runAsUser - spec.securityContext.runAsGroup
> - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions
5379,5380c5545
< - spec.containers[*].securityContext.runAsGroup This
< is a beta field and requires the IdentifyPodOS feature"
---
> - spec.containers[*].securityContext.runAsGroup"
5815a5981,5996
> x-kubernetes-map-type: atomic
> matchLabelKeys:
> description: MatchLabelKeys is a set of pod label
> keys to select the pods over which spreading will
> be calculated. The keys are used to lookup values
> from the incoming pod labels, those key-value
> labels are ANDed with labelSelector to select
> the group of existing pods over which spreading
> will be calculated for the incoming pod. Keys
> that don't exist in the incoming pod labels will
> be ignored. A null or empty list means only match
> against labelSelector.
> items:
> type: string
> type: array
> x-kubernetes-list-type: atomic
5864,5868c6045,6073
< zones, it will violate MaxSkew. \n This is an
< alpha field and requires enabling MinDomainsInPodTopologySpread
< feature gate."
< format: int32
< type: integer
---
> zones, it will violate MaxSkew. \n This is a beta
> field and requires the MinDomainsInPodTopologySpread
> feature gate to be enabled (enabled by default)."
> format: int32
> type: integer
> nodeAffinityPolicy:
> description: "NodeAffinityPolicy indicates how we
> will treat Pod's nodeAffinity/nodeSelector when
> calculating pod topology spread skew. Options
> are: - Honor: only nodes matching nodeAffinity/nodeSelector
> are included in the calculations. - Ignore: nodeAffinity/nodeSelector
> are ignored. All nodes are included in the calculations.
> \n If this value is nil, the behavior is equivalent
> to the Honor policy. This is a alpha-level feature
> enabled by the NodeInclusionPolicyInPodTopologySpread
> feature flag."
> type: string
> nodeTaintsPolicy:
> description: "NodeTaintsPolicy indicates how we
> will treat node taints when calculating pod topology
> spread skew. Options are: - Honor: nodes without
> taints, along with tainted nodes for which the
> incoming pod has a toleration, are included. -
> Ignore: node taints are ignored. All nodes are
> included. \n If this value is nil, the behavior
> is equivalent to the Ignore policy. This is a
> alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread
> feature flag."
> type: string
5877,5882c6082,6087
< as a domain whose nodes match the node selector.
< e.g. If TopologyKey is "kubernetes.io/hostname",
< each Node is a domain of that topology. And, if
< TopologyKey is "topology.kubernetes.io/zone",
< each zone is a domain of that topology. It's a
< required field.
---
> as a domain whose nodes meet the requirements
> of nodeAffinityPolicy and nodeTaintsPolicy. e.g.
> If TopologyKey is "kubernetes.io/hostname", each
> Node is a domain of that topology. And, if TopologyKey
> is "topology.kubernetes.io/zone", each zone is
> a domain of that topology. It's a required field.
6060a6266
> x-kubernetes-map-type: atomic
6097a6304
> x-kubernetes-map-type: atomic
6179a6387
> x-kubernetes-map-type: atomic
6213a6422
> x-kubernetes-map-type: atomic
6273a6483
> x-kubernetes-map-type: atomic
6323a6534
> x-kubernetes-map-type: atomic
6460a6672
> x-kubernetes-map-type: atomic
6514a6727
> x-kubernetes-map-type: atomic
6613a6827
> x-kubernetes-map-type: atomic
6715a6930
> x-kubernetes-map-type: atomic
6912a7128
> x-kubernetes-map-type: atomic
7102a7319
> x-kubernetes-map-type: atomic
7134a7352
> x-kubernetes-map-type: atomic
7192a7411
> x-kubernetes-map-type: atomic
7268a7488
> x-kubernetes-map-type: atomic
7398a7619
> x-kubernetes-map-type: atomic
7443a7665
> x-kubernetes-map-type: atomic
7572a7795
> x-kubernetes-map-type: atomic
7704a7928,7929
> useCachedMetrics:
> type: boolean
|
Also, allow OLM operator to create, patch, update {service,pod}monitors
Signed-off-by: Joel Smith <joelsmith@redhat.com>
Signed-off-by: Joel Smith <joelsmith@redhat.com>
|
Diff 5c5
< controller-gen.kubebuilder.io/version: v0.9.0
---
> controller-gen.kubebuilder.io/version: v0.10.0
9c9
< app.kubernetes.io/version: 2.8.2
---
> app.kubernetes.io/version: 2.9.3
123a124
> x-kubernetes-list-type: atomic
127c128
< MaxPolicySelect is used.
---
> Max is used.
179a181
> x-kubernetes-list-type: atomic
183c185
< MaxPolicySelect is used.
---
> Max is used.
278a281,282
> useCachedMetrics:
> type: boolean
|
|
Diff output of |
|
Diff 5c5
< controller-gen.kubebuilder.io/version: v0.9.0
---
> controller-gen.kubebuilder.io/version: v0.10.0
9c9
< app.kubernetes.io/version: 2.8.2
---
> app.kubernetes.io/version: 2.9.3
101a102,113
> type: object
> podIdentity:
> description: AuthPodIdentity allows users to select the platform
> native identity mechanism
> properties:
> identityId:
> type: string
> provider:
> description: PodIdentityProvider contains the list of providers
> type: string
> required:
> - provider
|
|
Diff 114,115c114,115
< containerImage: ghcr.io/kedacore/keda-olm-operator:2.8.2
< createdAt: "2023-01-25T00:00:00.000Z"
---
> containerImage: ghcr.io/kedacore/keda-olm-operator:2.9.3
> createdAt: "2023-01-31T00:00:00.000Z"
122c122
< name: keda.v2.8.2
---
> name: keda.v2.9.3
485a486
> - podmonitors
488a490
> - list
533c535
< image: ghcr.io/kedacore/keda-olm-operator:2.8.2
---
> image: ghcr.io/kedacore/keda-olm-operator:2.9.3
540a543,546
> ports:
> - containerPort: 8080
> name: http
> protocol: TCP
589c595
< minKubeVersion: 1.17.0
---
> minKubeVersion: 1.23.0
592c598
< replaces: keda.v2.8.1
---
> replaces: keda.v2.8.2
594c600
< version: 2.8.2
---
> version: 2.9.3
|
|
Diff 10c10
< operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v2
---
> operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3
|
Signed-off-by: Joel Smith <joelsmith@redhat.com>
Signed-off-by: Joel Smith <joelsmith@redhat.com>
Signed-off-by: Joel Smith <joelsmith@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds support for features added in the operands in 2.10.x and makes all necessary changes to be ready for the 2.10.1 release, specifically:
Because the release process overwrites the
keda.yamlfile, we need resources which are introduced in this repo to live in a separate file so that they won't be overwritten and lost each time the the release happens.As this is the first 2.10.x release, we noticed that the manifest diff was looking at the wrong change set.
The metrics server now makes a GRPC connection to the main KEDA controller, so it needs access to the certificates used for that connection
2.10.X adds a new controller and a deployment to run it. The operator now supports deploying it
All release process items to do the 2.10.1 release
Checklist