diff --git a/website/content/en/docs/upgrading-sdk-version/v1.38.0.md b/website/content/en/docs/upgrading-sdk-version/v1.38.0.md index 49941bc9620..6eda33c4d89 100644 --- a/website/content/en/docs/upgrading-sdk-version/v1.38.0.md +++ b/website/content/en/docs/upgrading-sdk-version/v1.38.0.md @@ -145,7 +145,7 @@ if these migrations become difficult to follow, it might be beneficial to scaffo + Metrics: metricsServerOptions, ``` -7) [go/v4, helm/v1, ansible/v1] Update your `/config/default/kustomization.yaml` file with the below changes: +7) [go/v4, helm/v1, ansible/v1] Update your `config/default/kustomization.yaml` file with the below changes: ```diff # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. #- ../prometheus @@ -165,9 +165,9 @@ if these migrations become difficult to follow, it might be beneficial to scaffo + kind: Deployment ``` -8) [go/v4, helm/v1, ansible/v1] Remove `/config/default/manager_auth_proxy_patch.yaml` and `/config/default/manager_config_patch.yaml` files. +8) [go/v4, helm/v1, ansible/v1] Remove `config/default/manager_auth_proxy_patch.yaml` and `config/default/manager_config_patch.yaml` files. -9) [go/v4, helm/v1, ansible/v1] Add `/config/default/manager_metrics_patch.yaml` file with the below changes: +9) [go/v4, helm/v1, ansible/v1] Add `config/default/manager_metrics_patch.yaml` file with the below changes: ```diff # This patch adds the args to allow exposing the metrics endpoint using HTTPS - op: add @@ -175,7 +175,7 @@ if these migrations become difficult to follow, it might be beneficial to scaffo value: --metrics-bind-address=:8443 ``` -10) [helm/v1, ansible/v1] Update `/config/default/manager_metrics_patch.yaml` file with the below changes: +10) [helm/v1, ansible/v1] Update `config/default/manager_metrics_patch.yaml` file with the below changes: ```diff # This patch adds the args to allow securing the metrics endpoint - op: add @@ -187,7 +187,7 @@ if these migrations become difficult to follow, it might be beneficial to scaffo value: --metrics-require-rbac ``` -11) [go/v4, helm/v1, ansible/v1] Add `/config/default/metrics_service.yaml` file with the below changes: +11) [go/v4, helm/v1, ansible/v1] Add `config/default/metrics_service.yaml` file with the below changes: ```diff apiVersion: v1 kind: Service @@ -208,13 +208,13 @@ if these migrations become difficult to follow, it might be beneficial to scaffo control-plane: controller-manager ``` -12) [go/v4, helm/v1, ansible/v1] Update your `/config/manager/manager.yaml` file with the below changes (**Note: The port for ansible is 6789**): +12) [go/v4, helm/v1, ansible/v1] Update your `config/manager/manager.yaml` file with the below changes (**Note: The port for ansible is 6789**): ```diff - --leader-elect + - --health-probe-bind-address=:8081 ``` -13) [go/v4, helm/v1, ansible/v1] Update your `/config/prometheus/monitor.yaml` file with the below changes: +13) [go/v4, helm/v1, ansible/v1] Update your `config/prometheus/monitor.yaml` file with the below changes: ```diff - path: /metrics - port: https @@ -232,7 +232,7 @@ if these migrations become difficult to follow, it might be beneficial to scaffo insecureSkipVerify: true ``` -14) [go/v4, helm/v1, ansible/v1] Remove the following files from `/config/rbac` +14) [go/v4, helm/v1, ansible/v1] Remove the following files from `config/rbac` ```diff - auth_proxy_client_clusterrole.yaml - auth_proxy_role.yaml @@ -240,7 +240,7 @@ if these migrations become difficult to follow, it might be beneficial to scaffo - auth_proxy_service.yaml ``` -15) [go/v4, helm/v1, ansible/v1] Update your `/config/rbac/kustomization.yaml` file with the below changes: +15) [go/v4, helm/v1, ansible/v1] Update your `config/rbac/kustomization.yaml` file with the below changes: ```diff - leader_election_role_binding.yaml - # Comment the following 4 lines if you want to disable @@ -261,7 +261,7 @@ if these migrations become difficult to follow, it might be beneficial to scaffo + - metrics_reader_role.yaml ``` -16) [go/v4, helm/v1, ansible/v1] Add `/config/rbac/metrics_auth_role.yaml` file with the below changes: +16) [go/v4, helm/v1, ansible/v1] Add `config/rbac/metrics_auth_role.yaml` file with the below changes: ```diff apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -282,7 +282,7 @@ if these migrations become difficult to follow, it might be beneficial to scaffo - create ``` -17) [go/v4, helm/v1, ansible/v1] Add `/config/rbac/metrics_auth_role_binding.yaml` file with the below changes: +17) [go/v4, helm/v1, ansible/v1] Add `config/rbac/metrics_auth_role_binding.yaml` file with the below changes: ```diff apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -298,7 +298,7 @@ if these migrations become difficult to follow, it might be beneficial to scaffo namespace: system ``` -18) [go/v4, helm/v1, ansible/v1] Add `/config/rbac/metrics_reader_role.yaml` file with the below changes: +18) [go/v4, helm/v1, ansible/v1] Add `config/rbac/metrics_reader_role.yaml` file with the below changes: ```diff apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/website/content/en/docs/upgrading-sdk-version/v1.39.0.md b/website/content/en/docs/upgrading-sdk-version/v1.39.0.md index df90c8bb442..57ada4183be 100644 --- a/website/content/en/docs/upgrading-sdk-version/v1.39.0.md +++ b/website/content/en/docs/upgrading-sdk-version/v1.39.0.md @@ -15,19 +15,19 @@ so this release should be easier to follow. ``` 2) [go/v4] Update your `go.mod` file to upgrade the dependencies and run `go mod tidy` to download them - ```go - - github.com/onsi/ginkgo/v2 v2.17.1 - - github.com/onsi/gomega v1.32.0 - - k8s.io/api v0.30.1 - - k8s.io/apimachinery v0.30.1 - - k8s.io/client-go v0.30.1 - - sigs.k8s.io/controller-runtime v0.18.4 - + github.com/onsi/ginkgo/v2 v2.19.0 - + github.com/onsi/gomega v1.33.1 - + k8s.io/api v0.31.0 - + k8s.io/apimachinery v0.31.0 - + k8s.io/client-go v0.31.0 - + sigs.k8s.io/controller-runtime v0.19.0 + ```diff + - github.com/onsi/ginkgo/v2 v2.17.1 + - github.com/onsi/gomega v1.32.0 + - k8s.io/api v0.30.1 + - k8s.io/apimachinery v0.30.1 + - k8s.io/client-go v0.30.1 + - sigs.k8s.io/controller-runtime v0.18.4 + + github.com/onsi/ginkgo/v2 v2.19.0 + + github.com/onsi/gomega v1.33.1 + + k8s.io/api v0.31.0 + + k8s.io/apimachinery v0.31.0 + + k8s.io/client-go v0.31.0 + + sigs.k8s.io/controller-runtime v0.19.0 ``` 3) [go/v4] Update your `Makefile` with the below changes: @@ -45,7 +45,7 @@ so this release should be easier to follow. + ENVTEST_VERSION ?= release-0.19 ``` -4) [go/v4] Update your `main.go` file with the below changes: +4) [go/v4] Update your `cmd/main.go` file with the below changes: ```diff - // - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.18.4/pkg/metrics/server + // - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.19.0/pkg/metrics/server @@ -54,7 +54,7 @@ so this release should be easier to follow. + // https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.19.0/pkg/metrics/filters#WithAuthenticationAndAuthorization ``` -5) [go/v4, helm/v1, ansible/v1] Update your `/config/default/kustomization.yaml` file with the below changes: +5) [go/v4, helm/v1, ansible/v1] Update your `config/default/kustomization.yaml` file with the below changes: ```diff +# [NETWORK POLICY] Protect the /metrics endpoint and Webhook Server with NetworkPolicy. +# Only Pod(s) running a namespace labeled with 'metrics: enabled' will be able to gather the metrics. @@ -63,7 +63,7 @@ so this release should be easier to follow. +#- ../network-policy ``` -6) [go/v4, helm/v1, ansible/v1] Add `/config/network-policy/allow-metrics-traffic.yaml` +6) [go/v4, helm/v1, ansible/v1] Add `config/network-policy/allow-metrics-traffic.yaml` ```diff + # This NetworkPolicy allows ingress traffic + # with Pods running on namespaces labeled with 'metrics: enabled'. Only Pods on those @@ -93,12 +93,12 @@ so this release should be easier to follow. + protocol: TCP ``` -7) [helm/v1, ansible/v1] Add `/config/network-policy/kustomization.yaml` +7) [helm/v1, ansible/v1] Add `config/network-policy/kustomization.yaml` ```diff + resources: + - allow-metrics-traffic.yaml -8) [go/v4] Add `/config/network-policy/allow-webhook-traffic.yaml` +8) [go/v4] Add `config/network-policy/allow-webhook-traffic.yaml` ```diff + # This NetworkPolicy allows ingress traffic to your webhook server running + # as part of the controller-manager from specific namespaces and pods. CR(s) which uses webhooks @@ -128,7 +128,7 @@ so this release should be easier to follow. + protocol: TCP ``` -9) [go/v4] Add `/config/network-policy/kustomization.yaml` +9) [go/v4] Add `config/network-policy/kustomization.yaml` ```diff + resources: + - allow-webhook-traffic.yaml diff --git a/website/content/en/docs/upgrading-sdk-version/v1.40.0.md b/website/content/en/docs/upgrading-sdk-version/v1.40.0.md index 5fe00f7e553..856f8b79788 100644 --- a/website/content/en/docs/upgrading-sdk-version/v1.40.0.md +++ b/website/content/en/docs/upgrading-sdk-version/v1.40.0.md @@ -45,7 +45,7 @@ _See [#6928](https://github.com/operator-framework/operator-sdk/pull/6928) for m ## Update your project to properly support TLS certificates for webhooks and metrics server -1. Update the `main.go` file in your project to support TLS certificates for webhooks and metrics server. +1. Update the `cmd/main.go` file in your project to support TLS certificates for webhooks and metrics server. - Add the new flag definitions to accept custom certificate file paths and names: @@ -162,7 +162,7 @@ _See [#6928](https://github.com/operator-framework/operator-sdk/pull/6928) for m ``` Note that you can use as reference the `main.go` file available in the -Operator SDK repository for the tag release `v1.40.0` to see how the code should look like, +Operator SDK repository for the tag release `v1.40.0` to see how the code should look, see: [testdata/go/v4/memcached-operator/cmd/main.go](https://github.com/operator-framework/operator-sdk/tree/v1.40.0/testdata/go/v4/memcached-operator/cmd/main.go) 2. Add the new certificates in the `config/certmanager` directory: @@ -300,7 +300,7 @@ _See [#6928](https://github.com/operator-framework/operator-sdk/pull/6928) for m **Changes required under the hood `config/crd/`** - 1. Update the `config/crd/kustomization.yaml` for the file to include the new marker -`+kubebuilder:scaffold:crdkustomizewebhookpatch` for the tool be able to inject +`#+kubebuilder:scaffold:crdkustomizewebhookpatch` for the tool be able to inject the path for any new CRD that is created with the `--conversion` flag. - 2. Ensure that under the patches section you have only patches for the CRDs which are created with the `--conversion` flag. @@ -311,7 +311,7 @@ the files prefixed with `webhookpatch_.yaml` for the CRDs that have the **Changes required under the hood `config/default/`** - 1. Update the `config/default/kustomization.yaml` for the file to include the new marker -`+kubebuilder:scaffold:crdkustomizecainjectionns` for the tool be able to inject for any new CRD +`#+kubebuilder:scaffold:crdkustomizecainjectionns` for the tool be able to inject for any new CRD that is created with the `--conversion` flag as well to have commented the default replacement. For further information see an example in Kubebuilder testdata samples [testdata/project-v4/config/default/kustomization.yaml](https://github.com/kubernetes-sigs/kubebuilder/blob/7c707052daa2e8bd51f47548c02710b1f1f7a77e/testdata/project-v4/config/default/kustomization.yaml#L157-L252).