diff --git a/.chloggen/feat_ta-prom-cr-fields.yaml b/.chloggen/feat_ta-prom-cr-fields.yaml deleted file mode 100644 index d41803c536..0000000000 --- a/.chloggen/feat_ta-prom-cr-fields.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' -change_type: enhancement - -# The name of the component, or a single word describing the area of concern, (e.g. collector, target allocator, auto-instrumentation, opamp, github action) -component: target allocator - -# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). -note: Expose missing Prometheus CR fields in the Operator API - -# One or more tracking issues related to the change -issues: [1934] - -# (Optional) One or more lines of additional information to render under the primary note. -# These lines will be padded with 2 spaces and then inserted directly into the document. -# Use pipe (|) for multiline entries. -subtext: | - Added `podMonitorNamespaceSelector`, `serviceMonitorNamespaceSelector`, `scrapeConfigNamespaceSelector`, - `probeNamespaceSelector`, `evaluationInterval`, and `scrapeProtocols` to the `prometheusCR` - configuration within the `TargetAllocator` and `OpenTelemetryCollector` - APIs to achieve feature parity with the underlying Target Allocator. diff --git a/.chloggen/fix-finalizer-removal.yaml b/.chloggen/fix-finalizer-removal.yaml deleted file mode 100644 index 3372a3e2f8..0000000000 --- a/.chloggen/fix-finalizer-removal.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' -change_type: bug_fix - -# The name of the component, or a single word describing the area of concern, (e.g. collector, target allocator, auto-instrumentation, opamp, github action) -component: collector - -# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). -note: Remove legacy finalizer from OpenTelemetryCollector CR when RBAC not available. - -# One or more tracking issues related to the change -issues: [4769] - -# (Optional) One or more lines of additional information to render under the primary note. -# These lines will be padded with 2 spaces and then inserted directly into the document. -# Use pipe (|) for multiline entries. -subtext: | - Finalizer usage was restricted to cluster scoped resources only. Legacy finalizer added by OpenTelemetry Operator - <= v0.141.0 still blocks namespace deletion if the operator is removed first. The change removes finalizer with - cluster-level RBAC availability. diff --git a/.chloggen/hostusers-podspec.yaml b/.chloggen/hostusers-podspec.yaml deleted file mode 100644 index 179f1e9844..0000000000 --- a/.chloggen/hostusers-podspec.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' -change_type: enhancement - -# The name of the component, or a single word describing the area of concern, (e.g. collector, target allocator, auto-instrumentation, opamp, github action) -component: collector - -# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). -note: Add the hostUsers field to OpenTelemetryCommonFields to enable toggling support for isolating pod processes under a separate user namespace - -# One or more tracking issues related to the change -issues: [4366] - -# (Optional) One or more lines of additional information to render under the primary note. -# These lines will be padded with 2 spaces and then inserted directly into the document. -# Use pipe (|) for multiline entries. -subtext: \ No newline at end of file diff --git a/.chloggen/init-container.yaml b/.chloggen/init-container.yaml deleted file mode 100644 index a942989643..0000000000 --- a/.chloggen/init-container.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' -change_type: enhancement - -# The name of the component, or a single word describing the area of concern, (e.g. collector, target allocator, auto-instrumentation, opamp, github action) -component: auto-instrumentation - -# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). -note: "Add support for initContainers to instrumentation injector" - -# One or more tracking issues related to the change -issues: [3308] - -# (Optional) One or more lines of additional information to render under the primary note. -# These lines will be padded with 2 spaces and then inserted directly into the document. -# Use pipe (|) for multiline entries. -subtext: | - Add support for instrumenting init containers. - Init container support is available for Java, Python, Node.js, .NET and SDK-only, and works using the same annotation as for regular containers. diff --git a/.chloggen/tls-profile.yaml b/.chloggen/tls-profile.yaml deleted file mode 100644 index d160cd4a4e..0000000000 --- a/.chloggen/tls-profile.yaml +++ /dev/null @@ -1,28 +0,0 @@ -# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' -change_type: enhancement - -# The name of the component, or a single word describing the area of concern, (e.g. collector, target allocator, auto-instrumentation, opamp, github action) -component: operator, collector - -# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). -note: Allow operator to get TLS settings from OpenShift `APIServer` CR and configure operands TLS settings. - -# One or more tracking issues related to the change -issues: [4669] - -# (Optional) One or more lines of additional information to render under the primary note. -# These lines will be padded with 2 spaces and then inserted directly into the document. -# Use pipe (|) for multiline entries. -subtext: | - Added operator flag `--tls-cluster-profile` which obtains the TLS min version and cipher suites from the OpenShift `APIServer` `cluster` custom resource (CR). - It overrides the `--tls-min-version` and `--tls-cipher-suites` flags if set. - The flags is disabled by default on Kubernetes and enabled on OpenShift. - - Added operator flag `--tls-configure-operands` which configures operands TLS settings (min version, cipher suites) - based on the supplied operator TLS flags (`--tls-cipher-suites` and `--tls-min-version`) or from the OpenShift `APIServer` CR - if `--tls-cluster-profile` is enabled. - The flag is disabled by default on Kubernetes and enabled on OpenShift. - - The `--tls-min-version` defaults to `TLSv1.2` which matches the collector's default. - The `--tls-cipher-suites` is empty by default which matches the collector's default. - Therefore enabling `--tls-configure-operands` with the default TLS flags should not change the collector's behavior. diff --git a/.chloggen/webhook-readiness-check.yaml b/.chloggen/webhook-readiness-check.yaml deleted file mode 100644 index 9c3d8ca639..0000000000 --- a/.chloggen/webhook-readiness-check.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' -change_type: enhancement - -# The name of the component, or a single word describing the area of concern, (e.g. collector, target allocator, auto-instrumentation, opamp, github action) -component: operator - -# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). -note: Add webhook server readiness check to the operator's /readyz endpoint so the pod is not marked ready before the webhook server is listening. - -# One or more tracking issues related to the change -issues: [3772] - -# (Optional) One or more lines of additional information to render under the primary note. -# These lines will be padded with 2 spaces and then inserted directly into the document. -# Use pipe (|) for multiline entries. -subtext: | - Previously the readiness probe used only healthz.Ping, causing a race where CRs - created right after deployment could hit "connection refused" from the webhook. - Now the readyz endpoint includes a check using controller-runtime's - StartedChecker which verifies the webhook TLS listener is actually accepting connections. diff --git a/CHANGELOG.md b/CHANGELOG.md index fd202f6559..08b0459bdc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,62 @@ +## 0.146.0 + +### 💡 Enhancements 💡 + +- `target allocator`: Expose missing Prometheus CR fields in the Operator API (#1934) + Added `podMonitorNamespaceSelector`, `serviceMonitorNamespaceSelector`, `scrapeConfigNamespaceSelector`, + `probeNamespaceSelector`, `evaluationInterval`, and `scrapeProtocols` to the `prometheusCR` + configuration within the `TargetAllocator` and `OpenTelemetryCollector` + APIs to achieve feature parity with the underlying Target Allocator. + +- `collector`: Add the hostUsers field to OpenTelemetryCommonFields to enable toggling support for isolating pod processes under a separate user namespace (#4366) +- `auto-instrumentation`: Add support for initContainers to instrumentation injector (#3308) + Add support for instrumenting init containers. + Init container support is available for Java, Python, Node.js, .NET and SDK-only, and works using the same annotation as for regular containers. + +- `operator, collector`: Allow operator to get TLS settings from OpenShift `APIServer` CR and configure operands TLS settings. (#4669) + Added operator flag `--tls-cluster-profile` which obtains the TLS min version and cipher suites from the OpenShift `APIServer` `cluster` custom resource (CR). + It overrides the `--tls-min-version` and `--tls-cipher-suites` flags if set. + The flags is disabled by default on Kubernetes and enabled on OpenShift. + + Added operator flag `--tls-configure-operands` which configures operands TLS settings (min version, cipher suites) + based on the supplied operator TLS flags (`--tls-cipher-suites` and `--tls-min-version`) or from the OpenShift `APIServer` CR + if `--tls-cluster-profile` is enabled. + The flag is disabled by default on Kubernetes and enabled on OpenShift. + + The `--tls-min-version` defaults to `TLSv1.2` which matches the collector's default. + The `--tls-cipher-suites` is empty by default which matches the collector's default. + Therefore enabling `--tls-configure-operands` with the default TLS flags should not change the collector's behavior. + +- `operator`: Add webhook server readiness check to the operator's /readyz endpoint so the pod is not marked ready before the webhook server is listening. (#3772) + Previously the readiness probe used only healthz.Ping, causing a race where CRs + created right after deployment could hit "connection refused" from the webhook. + Now the readyz endpoint includes a check using controller-runtime's + StartedChecker which verifies the webhook TLS listener is actually accepting connections. + + +### 🧰 Bug fixes 🧰 + +- `collector`: Remove legacy finalizer from OpenTelemetryCollector CR when RBAC not available. (#4769) + Finalizer usage was restricted to cluster scoped resources only. Legacy finalizer added by OpenTelemetry Operator + <= v0.141.0 still blocks namespace deletion if the operator is removed first. The change removes finalizer with + cluster-level RBAC availability. + + +### Components + +* [OpenTelemetry Collector - v0.145.0](https://github.com/open-telemetry/opentelemetry-collector/releases/tag/v0.145.0) +* [OpenTelemetry Contrib - v0.145.0](https://github.com/open-telemetry/opentelemetry-collector-contrib/releases/tag/v0.145.0) +* [Java auto-instrumentation - v1.33.6](https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/tag/v1.33.6) +* [.NET auto-instrumentation - v1.2.0](https://github.com/open-telemetry/opentelemetry-dotnet-instrumentation/releases/tag/v1.2.0) +* [Node.JS - v0.71.0](https://github.com/open-telemetry/opentelemetry-js/releases/tag/experimental%2Fv0.71.0) +* [Python - v0.60b1](https://github.com/open-telemetry/opentelemetry-python-contrib/releases/tag/v0.60b1) +* [Go - v0.23.0](https://github.com/open-telemetry/opentelemetry-go-instrumentation/releases/tag/v0.23.0) +* [ApacheHTTPD - 1.0.4](https://github.com/open-telemetry/opentelemetry-cpp-contrib/releases/tag/webserver%2Fv1.0.4) +* [Nginx - 1.0.4](https://github.com/open-telemetry/opentelemetry-cpp-contrib/releases/tag/webserver%2Fv1.0.4) + ## 0.145.0 ### 🛑 Breaking changes 🛑 diff --git a/RELEASE.md b/RELEASE.md index 44a3ed6e79..4922fba707 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -48,7 +48,6 @@ The operator should be released within a week after the [OpenTelemetry collector | Version | Release manager | |----------|-----------------| -| v0.146.0 | @jaronoff97 | | v0.147.0 | @yuriolisa | | v0.148.0 | @TylerHelmuth | | v0.149.0 | @frzifus | @@ -56,3 +55,4 @@ The operator should be released within a week after the [OpenTelemetry collector | v0.151.0 | @swiatekm | | v0.152.0 | @iblancasa | | v0.153.0 | @atoulme | +| v0.154.0 | @jaronoff97 | diff --git a/bundle/community/manifests/opentelemetry-operator.clusterserviceversion.yaml b/bundle/community/manifests/opentelemetry-operator.clusterserviceversion.yaml index acb0e09f88..2e75d64dfb 100644 --- a/bundle/community/manifests/opentelemetry-operator.clusterserviceversion.yaml +++ b/bundle/community/manifests/opentelemetry-operator.clusterserviceversion.yaml @@ -99,13 +99,13 @@ metadata: categories: Logging & Tracing,Monitoring,Observability certified: "false" containerImage: ghcr.io/open-telemetry/opentelemetry-operator/opentelemetry-operator - createdAt: "2026-03-04T12:42:01Z" + createdAt: "2026-03-05T21:42:04Z" description: Provides the OpenTelemetry components, including the Collector operators.operatorframework.io/builder: operator-sdk-v1.29.0 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: github.com/open-telemetry/opentelemetry-operator support: OpenTelemetry Community - name: opentelemetry-operator.v0.145.0 + name: opentelemetry-operator.v0.146.0 namespace: placeholder spec: apiservicedefinitions: {} @@ -558,7 +558,7 @@ spec: value: "true" - name: ENABLE_NGINX_AUTO_INSTRUMENTATION value: "true" - image: ghcr.io/open-telemetry/opentelemetry-operator/opentelemetry-operator:0.145.0 + image: ghcr.io/open-telemetry/opentelemetry-operator/opentelemetry-operator:0.146.0 livenessProbe: httpGet: path: /healthz @@ -643,7 +643,7 @@ spec: minKubeVersion: 1.25.0 provider: name: OpenTelemetry Community - version: 0.145.0 + version: 0.146.0 webhookdefinitions: - admissionReviewVersions: - v1alpha1 diff --git a/bundle/openshift/manifests/opentelemetry-operator.clusterserviceversion.yaml b/bundle/openshift/manifests/opentelemetry-operator.clusterserviceversion.yaml index 97ddee0e48..b16a7d47a4 100644 --- a/bundle/openshift/manifests/opentelemetry-operator.clusterserviceversion.yaml +++ b/bundle/openshift/manifests/opentelemetry-operator.clusterserviceversion.yaml @@ -99,13 +99,13 @@ metadata: categories: Logging & Tracing,Monitoring,Observability certified: "false" containerImage: ghcr.io/open-telemetry/opentelemetry-operator/opentelemetry-operator - createdAt: "2026-03-04T12:42:01Z" + createdAt: "2026-03-05T21:42:04Z" description: Provides the OpenTelemetry components, including the Collector operators.operatorframework.io/builder: operator-sdk-v1.29.0 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: github.com/open-telemetry/opentelemetry-operator support: OpenTelemetry Community - name: opentelemetry-operator.v0.145.0 + name: opentelemetry-operator.v0.146.0 namespace: placeholder spec: apiservicedefinitions: {} @@ -576,7 +576,7 @@ spec: value: "true" - name: TLS_CONFIGURE_OPERANDS value: "true" - image: ghcr.io/open-telemetry/opentelemetry-operator/opentelemetry-operator:0.145.0 + image: ghcr.io/open-telemetry/opentelemetry-operator/opentelemetry-operator:0.146.0 livenessProbe: httpGet: path: /healthz @@ -668,7 +668,7 @@ spec: minKubeVersion: 1.25.0 provider: name: OpenTelemetry Community - version: 0.145.0 + version: 0.146.0 webhookdefinitions: - admissionReviewVersions: - v1alpha1 diff --git a/docs/compatibility.md b/docs/compatibility.md index 01ed81744a..56f5eca2d3 100644 --- a/docs/compatibility.md +++ b/docs/compatibility.md @@ -46,6 +46,7 @@ The OpenTelemetry Operator _might_ work on versions outside of the given range, | OpenTelemetry Operator | Kubernetes | Cert-Manager | Prometheus-Operator | |------------------------|----------------|--------------|-----------------------| +| v0.146.0 | v1.25 to v1.35 | v1 | v0.89.0 | | v0.145.0 | v1.25 to v1.35 | v1 | v0.89.0 | | v0.144.0 | v1.25 to v1.35 | v1 | v0.88.0 | | v0.143.0 | v1.25 to v1.35 | v1 | v0.87.1 | @@ -72,7 +73,6 @@ The OpenTelemetry Operator _might_ work on versions outside of the given range, | v0.120.0 | v1.23 to v1.32 | v1 | v0.76.2 | | v0.119.0 | v1.23 to v1.32 | v1 | v0.76.2 | | v0.118.0 | v1.23 to v1.32 | v1 | v0.76.2 | -| v0.117.0 | v1.23 to v1.32 | v1 | v0.76.2 | [kubernetes_releases]: https://kubernetes.io/releases/ [openshift_support]: https://access.redhat.com/support/policy/updates/openshift diff --git a/versions.txt b/versions.txt index 20fb4e5140..a7410091b4 100644 --- a/versions.txt +++ b/versions.txt @@ -2,16 +2,16 @@ # by default with the OpenTelemetry Operator. This would usually be the latest # stable OpenTelemetry version. When you update this file, make sure to update the # the docs as well. -opentelemetry-collector=0.145.0 +opentelemetry-collector=0.146.0 # Represents the current release of the OpenTelemetry Operator. -operator=0.145.0 +operator=0.146.0 # Represents the current release of the Target Allocator. -targetallocator=0.145.0 +targetallocator=0.146.0 # Represents the current release of the Operator OpAMP Bridge. -operator-opamp-bridge=0.145.0 +operator-opamp-bridge=0.146.0 # Represents the current release of Java instrumentation. # This version should not be greater than 1.x.x. @@ -19,7 +19,7 @@ autoinstrumentation-java=1.33.6 # Represents the current release of NodeJS instrumentation. # Should match value in autoinstrumentation/nodejs/package.json -autoinstrumentation-nodejs=0.70.0 +autoinstrumentation-nodejs=0.71.0 # Represents the current release of Python instrumentation. # Should match value in autoinstrumentation/python/requirements.txt