operator: Cut v25.1.1-beta3 release

Taskfile.yaml

@@ -184,7 +184,7 @@ tasks:
   sync:operator:chart:
     - task: sync:chart
       vars:
-        REF: operator/v25.1.1-beta2
+        REF: operator/v25.1.1-beta3
         LOCAL_DIR: charts/operator
         REMOTE_DIR: operator/chart
 

charts/operator/Chart.yaml

@@ -5,8 +5,8 @@ type: application
 
 # The operator helm chart is considered part of the operator itself. Therefore
 # version == appVersion.
-version: v25.1.1-beta2
-appVersion: v25.1.1-beta2
+version: v25.1.1-beta3
+appVersion: v25.1.1-beta3
 kubeVersion: ">= 1.25.0-0"
 
 sources:
@@ -25,9 +25,9 @@ annotations:
       url: https://helm.sh/docs/intro/install/
   artifacthub.io/images: |
     - name: redpanda-operator
-      image: docker.redpanda.com/redpandadata/redpanda-operator:v25.1.1-beta2
+      image: docker.redpanda.com/redpandadata/redpanda-operator:v25.1.1-beta3
     - name: redpanda
-      image: docker.redpanda.com/redpandadata/redpanda:v25.1.1
+      image: docker.redpanda.com/redpandadata/redpanda:v25.1.2
   artifacthub.io/crds: |
     - kind: Redpanda
       version: v1alpha1

charts/operator/README.md

@@ -3,7 +3,7 @@
 description: Find the default values and descriptions of settings in the Redpanda Operator Helm chart.
 ---
 
-![Version: v25.1.1-beta2](https://img.shields.io/badge/Version-v25.1.1--beta2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v25.1.1-beta2](https://img.shields.io/badge/AppVersion-v25.1.1--beta2-informational?style=flat-square)
+![Version: v25.1.1-beta3](https://img.shields.io/badge/Version-v25.1.1--beta3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v25.1.1-beta3](https://img.shields.io/badge/AppVersion-v25.1.1--beta3-informational?style=flat-square)
 
 This page describes the official Redpanda Operator Helm Chart. In particular, this page describes the contents of the chart’s [`values.yaml` file](./values.yaml). Each of the settings is listed and described on this page, along with any default values.
 
@@ -160,54 +160,6 @@ Pull secrets may be used to provide credentials to image repositories See the [K
 
 **Default:** `[]`
 
-### [kubeRbacProxy](https://artifacthub.io/packages/helm/redpanda-data/operator?modal=values&path=kubeRbacProxy)
-
-Configuration for the `kube-rbac-proxy`, a component that provides an HTTP proxy to perform authorization checks.
-
-**Default:**
-
-```
-{"image":{"pullPolicy":"IfNotPresent","repository":"gcr.io/kubebuilder/kube-rbac-proxy","tag":"v0.14.0"},"logLevel":10}
-```
-
-### [kubeRbacProxy.image](https://artifacthub.io/packages/helm/redpanda-data/operator?modal=values&path=kubeRbacProxy.image)
-
-Sets settings for pulling the `kube-rbac-proxy` image.
-
-**Default:**
-
-```
-{"pullPolicy":"IfNotPresent","repository":"gcr.io/kubebuilder/kube-rbac-proxy","tag":"v0.14.0"}
-```
-
-### [kubeRbacProxy.image.pullPolicy](https://artifacthub.io/packages/helm/redpanda-data/operator?modal=values&path=kubeRbacProxy.image.pullPolicy)
-
-Sets the `pullPolicy` for `kube-rbac-proxy` image
-
-**Default:** `"IfNotPresent"`
-
-### [kubeRbacProxy.image.repository](https://artifacthub.io/packages/helm/redpanda-data/operator?modal=values&path=kubeRbacProxy.image.repository)
-
-Sets the repository in which the `kube-rbac-proxy` image is available.
-
-**Default:**
-
-```
-"gcr.io/kubebuilder/kube-rbac-proxy"
-```
-
-### [kubeRbacProxy.image.tag](https://artifacthub.io/packages/helm/redpanda-data/operator?modal=values&path=kubeRbacProxy.image.tag)
-
-Sets the `kube-rbac-proxy` image tag.
-
-**Default:** `"v0.14.0"`
-
-### [kubeRbacProxy.logLevel](https://artifacthub.io/packages/helm/redpanda-data/operator?modal=values&path=kubeRbacProxy.logLevel)
-
-Sets log level for kube rbac proxy
-
-**Default:** `10`
-
 ### [logLevel](https://artifacthub.io/packages/helm/redpanda-data/operator?modal=values&path=logLevel)
 
 Log level Valid values (from least to most verbose) are: `warn`, `info`, `debug`, and `trace`.
@@ -273,7 +225,7 @@ Role-based Access Control (RBAC) configuration for the Redpanda Operator.
 **Default:**
 
 ```
-{"create":true,"createAdditionalControllerCRs":false,"createRPKBundleCRs":true}
+{"create":true,"createAdditionalControllerCRs":true,"createRPKBundleCRs":true}
 ```
 
 ### [rbac.create](https://artifacthub.io/packages/helm/redpanda-data/operator?modal=values&path=rbac.create)
@@ -284,13 +236,13 @@ Enables the creation of additional RBAC roles.
 
 ### [rbac.createAdditionalControllerCRs](https://artifacthub.io/packages/helm/redpanda-data/operator?modal=values&path=rbac.createAdditionalControllerCRs)
 
-Creates additional RBAC cluster roles that are needed to run additional controllers using `additionalCmdFlags`.
+Create RBAC cluster roles needed for the Redpanda Helm chart's 'rbac.enabled' feature. WARNING: Disabling this value may prevent the operator from deploying certain configurations of redpanda.
 
-**Default:** `false`
+**Default:** `true`
 
 ### [rbac.createRPKBundleCRs](https://artifacthub.io/packages/helm/redpanda-data/operator?modal=values&path=rbac.createRPKBundleCRs)
 
-Create RBAC cluster roles needed for the Redpanda Helm chart's 'rbac.enabled' feature.
+Create ClusterRoles needed for the Redpanda Helm chart's 'rbac.rpkDebugBundle' feature.
 
 **Default:** `true`
 

charts/operator/files/three_node_redpanda.yaml

@@ -21,7 +21,6 @@ spec:
         authenticationMethod: none
         enabled: true
         external: {}
-        kafkaEndpoint: kafka-default
         port: 8082
         tls:
           cert: ""

charts/operator/templates/_rbac.go.tpl

@@ -10,7 +10,7 @@
 {{- (dict "r" (coalesce nil)) | toJson -}}
 {{- break -}}
 {{- end -}}
-{{- $bundles := (list (mustMergeOverwrite (dict "Enabled" false "RuleFiles" (coalesce nil) "Name" "") (dict "Name" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "Enabled" (eq $values.scope "Cluster") "RuleFiles" (list "files/rbac/leader-election.ClusterRole.yaml" "files/rbac/pvcunbinder.ClusterRole.yaml" "files/rbac/v1-manager.ClusterRole.yaml"))) (mustMergeOverwrite (dict "Enabled" false "RuleFiles" (coalesce nil) "Name" "") (dict "Name" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "Enabled" (eq $values.scope "Namespace") "RuleFiles" (list "files/rbac/leader-election.ClusterRole.yaml" "files/rbac/v2-manager.ClusterRole.yaml"))) (mustMergeOverwrite (dict "Enabled" false "RuleFiles" (coalesce nil) "Name" "") (dict "Name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "additional-controllers")))) "r") "Enabled" (and (eq $values.scope "Namespace") $values.rbac.createAdditionalControllerCRs) "RuleFiles" (list "files/rbac/decommission.ClusterRole.yaml" "files/rbac/managed-decommission.ClusterRole.yaml" "files/rbac/node-watcher.ClusterRole.yaml" "files/rbac/old-decommission.ClusterRole.yaml" "files/rbac/pvcunbinder.ClusterRole.yaml")))) -}}
+{{- $bundles := (list (mustMergeOverwrite (dict "Enabled" false "RuleFiles" (coalesce nil) "Name" "") (dict "Name" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "Enabled" (eq $values.scope "Cluster") "RuleFiles" (list "files/rbac/leader-election.ClusterRole.yaml" "files/rbac/pvcunbinder.ClusterRole.yaml" "files/rbac/v1-manager.ClusterRole.yaml"))) (mustMergeOverwrite (dict "Enabled" false "RuleFiles" (coalesce nil) "Name" "") (dict "Name" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "Enabled" (eq $values.scope "Namespace") "RuleFiles" (list "files/rbac/leader-election.ClusterRole.yaml" "files/rbac/v2-manager.ClusterRole.yaml"))) (mustMergeOverwrite (dict "Enabled" false "RuleFiles" (coalesce nil) "Name" "") (dict "Name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "additional-controllers")))) "r") "Enabled" (and (eq $values.scope "Namespace") $values.rbac.createAdditionalControllerCRs) "RuleFiles" (list "files/rbac/decommission.ClusterRole.yaml" "files/rbac/node-watcher.ClusterRole.yaml" "files/rbac/old-decommission.ClusterRole.yaml" "files/rbac/pvcunbinder.ClusterRole.yaml")))) -}}
 {{- $clusterRoles := (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "rules" (coalesce nil)) (mustMergeOverwrite (dict) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "ClusterRole")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "metrics-reader")))) "r") "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot)))) "r") "annotations" $values.annotations)) "rules" (list (mustMergeOverwrite (dict "verbs" (coalesce nil)) (dict "verbs" (list "get") "nonResourceURLs" (list "/metrics"))))))) -}}
 {{- range $_, $bundle := $bundles -}}
 {{- if (not $bundle.Enabled) -}}
@@ -45,7 +45,7 @@
 {{- (dict "r" (coalesce nil)) | toJson -}}
 {{- break -}}
 {{- end -}}
-{{- $bundles := (list (mustMergeOverwrite (dict "Enabled" false "RuleFiles" (coalesce nil) "Name" "") (dict "Name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "election-role")))) "r") "Enabled" true "RuleFiles" (list "files/rbac/leader-election.Role.yaml"))) (mustMergeOverwrite (dict "Enabled" false "RuleFiles" (coalesce nil) "Name" "") (dict "Name" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "Enabled" (eq $values.scope "Cluster") "RuleFiles" (list "files/rbac/pvcunbinder.Role.yaml"))) (mustMergeOverwrite (dict "Enabled" false "RuleFiles" (coalesce nil) "Name" "") (dict "Name" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "Enabled" (eq $values.scope "Namespace") "RuleFiles" (list "files/rbac/rack-awareness.Role.yaml" "files/rbac/sidecar.Role.yaml" "files/rbac/v2-manager.Role.yaml"))) (mustMergeOverwrite (dict "Enabled" false "RuleFiles" (coalesce nil) "Name" "") (dict "Name" (printf "%s%s" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "-additional-controllers") "Enabled" (and (eq $values.scope "Namespace") $values.rbac.createAdditionalControllerCRs) "RuleFiles" (list "files/rbac/decommission.Role.yaml" "files/rbac/node-watcher.Role.yaml" "files/rbac/old-decommission.Role.yaml" "files/rbac/managed-decommission.Role.yaml" "files/rbac/pvcunbinder.Role.yaml"))) (mustMergeOverwrite (dict "Enabled" false "RuleFiles" (coalesce nil) "Name" "") (dict "Name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "rpk-bundle")))) "r") "Enabled" $values.rbac.createRPKBundleCRs "RuleFiles" (list "files/rbac/rpk-debug-bundle.Role.yaml")))) -}}
+{{- $bundles := (list (mustMergeOverwrite (dict "Enabled" false "RuleFiles" (coalesce nil) "Name" "") (dict "Name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "election-role")))) "r") "Enabled" true "RuleFiles" (list "files/rbac/leader-election.Role.yaml"))) (mustMergeOverwrite (dict "Enabled" false "RuleFiles" (coalesce nil) "Name" "") (dict "Name" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "Enabled" (eq $values.scope "Cluster") "RuleFiles" (list "files/rbac/pvcunbinder.Role.yaml"))) (mustMergeOverwrite (dict "Enabled" false "RuleFiles" (coalesce nil) "Name" "") (dict "Name" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "Enabled" (eq $values.scope "Namespace") "RuleFiles" (list "files/rbac/rack-awareness.Role.yaml" "files/rbac/sidecar.Role.yaml" "files/rbac/v2-manager.Role.yaml"))) (mustMergeOverwrite (dict "Enabled" false "RuleFiles" (coalesce nil) "Name" "") (dict "Name" (printf "%s%s" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "-additional-controllers") "Enabled" (and (eq $values.scope "Namespace") $values.rbac.createAdditionalControllerCRs) "RuleFiles" (list "files/rbac/decommission.Role.yaml" "files/rbac/node-watcher.Role.yaml" "files/rbac/old-decommission.Role.yaml" "files/rbac/pvcunbinder.Role.yaml"))) (mustMergeOverwrite (dict "Enabled" false "RuleFiles" (coalesce nil) "Name" "") (dict "Name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "rpk-bundle")))) "r") "Enabled" $values.rbac.createRPKBundleCRs "RuleFiles" (list "files/rbac/rpk-debug-bundle.Role.yaml")))) -}}
 {{- $roles := (coalesce nil) -}}
 {{- range $_, $bundle := $bundles -}}
 {{- if (not $bundle.Enabled) -}}

charts/operator/values.schema.json

@@ -713,35 +713,6 @@
         }
       ]
     },
-    "kubeRbacProxy": {
-      "additionalProperties": false,
-      "properties": {
-        "image": {
-          "additionalProperties": false,
-          "properties": {
-            "pullPolicy": {
-              "description": "The Kubernetes Pod image pull policy.",
-              "pattern": "^(Always|Never|IfNotPresent)$",
-              "type": "string"
-            },
-            "repository": {
-              "type": "string"
-            },
-            "tag": {
-              "type": "string"
-            }
-          },
-          "required": [
-            "pullPolicy"
-          ],
-          "type": "object"
-        },
-        "logLevel": {
-          "type": "integer"
-        }
-      },
-      "type": "object"
-    },
     "livenessProbe": {
       "additionalProperties": false,
       "properties": {

charts/operator/values.yaml

@@ -25,19 +25,6 @@ image:
   # -- Sets the `pullPolicy` for the `redpanda-operator` image.
   pullPolicy: IfNotPresent
 
-# -- Configuration for the `kube-rbac-proxy`, a component that provides an HTTP proxy to perform authorization checks.
-kubeRbacProxy:
-  # -- Sets log level for kube rbac proxy
-  logLevel: 10
-  # -- Sets settings for pulling the `kube-rbac-proxy` image.
-  image:
-    # -- Sets the repository in which the `kube-rbac-proxy` image is available.
-    repository: gcr.io/kubebuilder/kube-rbac-proxy
-    # -- Sets the `kube-rbac-proxy` image tag.
-    tag: v0.14.0
-    # -- Sets the `pullPolicy` for `kube-rbac-proxy` image
-    pullPolicy: IfNotPresent
-
 # -- Configuration for the Kubernetes Controller Manager used by Redpanda Operator.
 # The Controller Manager is a component of the Kubernetes control plane that runs controller processes. These controllers are background threads that handle the orchestration and operational logic of Kubernetes, ensuring the desired state of the cluster matches the observed state.
 config:
@@ -74,10 +61,10 @@ logLevel: "info"
 rbac:
   # -- Enables the creation of additional RBAC roles.
   create: true
-  # -- Creates additional RBAC cluster roles that are
-  # needed to run additional controllers using `additionalCmdFlags`.
-  createAdditionalControllerCRs: false
   # -- Create RBAC cluster roles needed for the Redpanda Helm chart's 'rbac.enabled' feature.
+  # WARNING: Disabling this value may prevent the operator from deploying certain configurations of redpanda.
+  createAdditionalControllerCRs: true
+  # -- Create ClusterRoles needed for the Redpanda Helm chart's 'rbac.rpkDebugBundle' feature.
   createRPKBundleCRs: true
 
 # -- Specifies whether to create Webhook resources both to intercept and potentially modify or reject Kubernetes API requests as well as authenticate requests to the Kubernetes API. Only valid when `scope` is set to Cluster.