From c5227c1c820644a6edf796f4984b9688bd507b14 Mon Sep 17 00:00:00 2001 From: Techassi Date: Mon, 18 Nov 2024 16:16:33 +0100 Subject: [PATCH 1/5] Update CHANGELOG.md from release 24.11.0 --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4f30966a..47b99fb8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,8 @@ All notable changes to this project will be documented in this file. ## [Unreleased] +## [24.11.0] - 2024-11-18 + ### Added - Added regorule library for accessing user-info-fetcher ([#580]). From 5935dffabdd4b16c1f7056cf2e98e7a8f628caad Mon Sep 17 00:00:00 2001 From: Stacky McStackface <95074132+stackable-bot@users.noreply.github.com> Date: Mon, 18 Nov 2024 22:48:11 +0100 Subject: [PATCH 2/5] chore: Generated commit to update templated files since the last template run up to stackabletech/operator-templating@fd40109c1bd66c79fa74bf67a5b5bff1e3a96ce8 (#653) Reference-to: stackabletech/operator-templating@fd40109 (Add make render-doc command) --- Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile b/Makefile index 22c78753..541424f7 100644 --- a/Makefile +++ b/Makefile @@ -29,6 +29,9 @@ SHELL=/usr/bin/env bash -euo pipefail render-readme: scripts/render_readme.sh +render-docs: + scripts/docs_templating.sh + ## Docker related targets docker-build: docker build --force-rm --build-arg VERSION=${VERSION} -t "${DOCKER_REPO}/${ORGANIZATION}/${OPERATOR_NAME}:${VERSION}-${ARCH}" -f docker/Dockerfile . From 1efd22c59634970fcf4ca9f239aff4d039e9d4b2 Mon Sep 17 00:00:00 2001 From: Nick <10092581+NickLarsenNZ@users.noreply.github.com> Date: Wed, 20 Nov 2024 20:16:31 +1300 Subject: [PATCH 3/5] chore(getting_started): replace templating instructions with make (#654) --- .../opa/examples/getting_started/getting_started.sh | 9 +-------- .../opa/examples/getting_started/getting_started.sh.j2 | 9 +-------- 2 files changed, 2 insertions(+), 16 deletions(-) diff --git a/docs/modules/opa/examples/getting_started/getting_started.sh b/docs/modules/opa/examples/getting_started/getting_started.sh index 460522ba..317b53c8 100755 --- a/docs/modules/opa/examples/getting_started/getting_started.sh +++ b/docs/modules/opa/examples/getting_started/getting_started.sh @@ -2,14 +2,7 @@ set -euo pipefail # DO NOT EDIT THE SCRIPT -# Instead, update the j2 template, and regenerate it for dev: -# cat < Date: Mon, 25 Nov 2024 15:25:44 +0100 Subject: [PATCH 4/5] Patch op-rs version to use one that fixes SUP-148. (#656) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Patch op-rs version to use one that fixes SUP-148. * Updated changelog Use released op-rs version. * Regenerate Nix files * Run pre-commit --------- Co-authored-by: Sönke Liebau Co-authored-by: Siegfried Weber --- CHANGELOG.md | 2 ++ Cargo.lock | 8 ++++---- Cargo.nix | 14 +++++++------- Cargo.toml | 2 +- crate-hashes.json | 6 +++--- .../opa-operator/templates/roles-opa-builder.yaml | 2 +- rust/operator-binary/src/controller.rs | 10 +++++----- .../kuttl/logging/test_log_aggregation.sh | 2 +- 8 files changed, 24 insertions(+), 22 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 47b99fb8..dcbbdae1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,7 @@ All notable changes to this project will be documented in this file. - Bundle builder should no longer keep serving deleted rules until it is restarted ([#578]). - Failing to parse one `OpaCluster` should no longer cause the whole operator to stop functioning ([#638]). +- BREAKING: Use distinct ServiceAccounts for the Stacklets, so that multiple Stacklets can be deployed in one namespace. Existing Stacklets will use the newly created ServiceAccounts after restart ([#656]). ### Removed @@ -37,6 +38,7 @@ All notable changes to this project will be documented in this file. [#622]: https://github.com/stackabletech/opa-operator/pull/622 [#637]: https://github.com/stackabletech/opa-operator/pull/637 [#638]: https://github.com/stackabletech/opa-operator/pull/638 +[#656]: https://github.com/stackabletech/opa-operator/pull/656 ## [24.7.0] - 2024-07-24 diff --git a/Cargo.lock b/Cargo.lock index c9cb8ac9..97ac4141 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2761,8 +2761,8 @@ dependencies = [ [[package]] name = "stackable-operator" -version = "0.80.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.80.0#6fbe32300b60f95e0baa2ab0ff2daf961b06531c" +version = "0.82.0" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.82.0#415bbd031bd52e9c0c5392060235030e9930b46b" dependencies = [ "chrono", "clap", @@ -2800,7 +2800,7 @@ dependencies = [ [[package]] name = "stackable-operator-derive" version = "0.3.1" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.80.0#6fbe32300b60f95e0baa2ab0ff2daf961b06531c" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.82.0#415bbd031bd52e9c0c5392060235030e9930b46b" dependencies = [ "darling", "proc-macro2", @@ -2811,7 +2811,7 @@ dependencies = [ [[package]] name = "stackable-shared" version = "0.0.1" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.80.0#6fbe32300b60f95e0baa2ab0ff2daf961b06531c" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.82.0#415bbd031bd52e9c0c5392060235030e9930b46b" dependencies = [ "kube", "semver", diff --git a/Cargo.nix b/Cargo.nix index 3c9d1241..4b7234a9 100644 --- a/Cargo.nix +++ b/Cargo.nix @@ -8942,13 +8942,13 @@ rec { }; "stackable-operator" = rec { crateName = "stackable-operator"; - version = "0.80.0"; + version = "0.82.0"; edition = "2021"; workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; - rev = "6fbe32300b60f95e0baa2ab0ff2daf961b06531c"; - sha256 = "16jrq3wdwz63210jgmqbx3snrr15wxw6l1smqhzv7b7jpq8qvya3"; + rev = "415bbd031bd52e9c0c5392060235030e9930b46b"; + sha256 = "0phasjwb64rxgn5hs8vks92icmx9255bd5v9dms280clrfpcg4hy"; }; libName = "stackable_operator"; authors = [ @@ -9105,8 +9105,8 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; - rev = "6fbe32300b60f95e0baa2ab0ff2daf961b06531c"; - sha256 = "16jrq3wdwz63210jgmqbx3snrr15wxw6l1smqhzv7b7jpq8qvya3"; + rev = "415bbd031bd52e9c0c5392060235030e9930b46b"; + sha256 = "0phasjwb64rxgn5hs8vks92icmx9255bd5v9dms280clrfpcg4hy"; }; procMacro = true; libName = "stackable_operator_derive"; @@ -9140,8 +9140,8 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; - rev = "6fbe32300b60f95e0baa2ab0ff2daf961b06531c"; - sha256 = "16jrq3wdwz63210jgmqbx3snrr15wxw6l1smqhzv7b7jpq8qvya3"; + rev = "415bbd031bd52e9c0c5392060235030e9930b46b"; + sha256 = "0phasjwb64rxgn5hs8vks92icmx9255bd5v9dms280clrfpcg4hy"; }; libName = "stackable_shared"; authors = [ diff --git a/Cargo.toml b/Cargo.toml index 37489b69..33975e7d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -33,7 +33,7 @@ semver = "1.0" serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" snafu = "0.8" -stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "stackable-operator-0.80.0" } +stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "stackable-operator-0.82.0" } strum = { version = "0.26", features = ["derive"] } tar = "0.4" tokio = { version = "1.40", features = ["full"] } diff --git a/crate-hashes.json b/crate-hashes.json index 562fb18b..0ca37e6e 100644 --- a/crate-hashes.json +++ b/crate-hashes.json @@ -1,6 +1,6 @@ { - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.80.0#stackable-operator-derive@0.3.1": "16jrq3wdwz63210jgmqbx3snrr15wxw6l1smqhzv7b7jpq8qvya3", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.80.0#stackable-operator@0.80.0": "16jrq3wdwz63210jgmqbx3snrr15wxw6l1smqhzv7b7jpq8qvya3", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.80.0#stackable-shared@0.0.1": "16jrq3wdwz63210jgmqbx3snrr15wxw6l1smqhzv7b7jpq8qvya3", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.82.0#stackable-operator-derive@0.3.1": "0phasjwb64rxgn5hs8vks92icmx9255bd5v9dms280clrfpcg4hy", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.82.0#stackable-operator@0.82.0": "0phasjwb64rxgn5hs8vks92icmx9255bd5v9dms280clrfpcg4hy", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.82.0#stackable-shared@0.0.1": "0phasjwb64rxgn5hs8vks92icmx9255bd5v9dms280clrfpcg4hy", "git+https://github.com/stackabletech/product-config.git?tag=0.7.0#product-config@0.7.0": "0gjsm80g6r75pm3824dcyiz4ysq1ka4c1if6k1mjm9cnd5ym0gny" } \ No newline at end of file diff --git a/deploy/helm/opa-operator/templates/roles-opa-builder.yaml b/deploy/helm/opa-operator/templates/roles-opa-builder.yaml index 5041954f..e64626ea 100644 --- a/deploy/helm/opa-operator/templates/roles-opa-builder.yaml +++ b/deploy/helm/opa-operator/templates/roles-opa-builder.yaml @@ -4,7 +4,7 @@ metadata: name: {{ .Release.Name }}-opa-bundle-builder-clusterrole # This role is used for the OPA bundle builder. # It needs to read ConfigMaps and watch ConfigMaps for changes, -# because the Rego rules that are used to build the bundles are +# because the Rego rules that are used to build the bundles are # stored in the ConfigMaps. rules: - apiGroups: diff --git a/rust/operator-binary/src/controller.rs b/rust/operator-binary/src/controller.rs index 8ab38a0c..743dccd1 100644 --- a/rust/operator-binary/src/controller.rs +++ b/rust/operator-binary/src/controller.rs @@ -38,7 +38,7 @@ use stackable_operator::{ apps::v1::{DaemonSet, DaemonSetSpec}, core::v1::{ ConfigMap, EmptyDirVolumeSource, EnvVar, HTTPGetAction, Probe, SecretVolumeSource, - Service, ServicePort, ServiceSpec, + Service, ServiceAccount, ServicePort, ServiceSpec, }, }, apimachinery::pkg::{apis::meta::v1::LabelSelector, util::intstr::IntOrString}, @@ -457,7 +457,7 @@ pub async fn reconcile_opa( build_rbac_resources(opa, APP_NAME, required_labels).context(BuildRbacResourcesSnafu)?; let rbac_sa = cluster_resources - .add(client, rbac_sa) + .add(client, rbac_sa.clone()) .await .context(ApplyServiceAccountSnafu)?; cluster_resources @@ -495,7 +495,7 @@ pub async fn reconcile_opa( &merged_config, &ctx.opa_bundle_builder_image, &ctx.user_info_fetcher_image, - &rbac_sa.name_any(), + &rbac_sa, )?; cluster_resources @@ -740,7 +740,7 @@ fn build_server_rolegroup_daemonset( merged_config: &OpaConfig, opa_bundle_builder_image: &str, user_info_fetcher_image: &str, - sa_name: &str, + service_account: &ServiceAccount, ) -> Result { let role = opa.role(opa_role); let role_group = opa @@ -932,7 +932,7 @@ fn build_server_rolegroup_daemonset( .build(), ) .context(AddVolumeSnafu)? - .service_account_name(sa_name) + .service_account_name(service_account.name_any()) .security_context( PodSecurityContextBuilder::new() .run_as_user(1000) diff --git a/tests/templates/kuttl/logging/test_log_aggregation.sh b/tests/templates/kuttl/logging/test_log_aggregation.sh index cd6f5577..bdf407bc 100755 --- a/tests/templates/kuttl/logging/test_log_aggregation.sh +++ b/tests/templates/kuttl/logging/test_log_aggregation.sh @@ -8,4 +8,4 @@ then exit 1; fi -echo "Test successful!"; \ No newline at end of file +echo "Test successful!"; From 7b8b6ba4002b9b23f5ef1a3b51480273b7a2850e Mon Sep 17 00:00:00 2001 From: Siegfried Weber Date: Tue, 26 Nov 2024 17:31:28 +0100 Subject: [PATCH 5/5] Update changelog --- CHANGELOG.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index dcbbdae1..a0bd335c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file. ## [Unreleased] +### Fixed + +- BREAKING: Use distinct ServiceAccounts for the Stacklets, so that multiple Stacklets can be + deployed in one namespace. Existing Stacklets will use the newly created ServiceAccounts after + restart ([#656]). + +[#656]: https://github.com/stackabletech/opa-operator/pull/656 + ## [24.11.0] - 2024-11-18 ### Added @@ -25,7 +33,6 @@ All notable changes to this project will be documented in this file. - Bundle builder should no longer keep serving deleted rules until it is restarted ([#578]). - Failing to parse one `OpaCluster` should no longer cause the whole operator to stop functioning ([#638]). -- BREAKING: Use distinct ServiceAccounts for the Stacklets, so that multiple Stacklets can be deployed in one namespace. Existing Stacklets will use the newly created ServiceAccounts after restart ([#656]). ### Removed @@ -38,7 +45,6 @@ All notable changes to this project will be documented in this file. [#622]: https://github.com/stackabletech/opa-operator/pull/622 [#637]: https://github.com/stackabletech/opa-operator/pull/637 [#638]: https://github.com/stackabletech/opa-operator/pull/638 -[#656]: https://github.com/stackabletech/opa-operator/pull/656 ## [24.7.0] - 2024-07-24