diff --git a/cli_reference/osdk/cli-osdk-install.adoc b/cli_reference/osdk/cli-osdk-install.adoc index 7a14c6c09fbc..d3f452cfa0da 100644 --- a/cli_reference/osdk/cli-osdk-install.adoc +++ b/cli_reference/osdk/cli-osdk-install.adoc @@ -11,7 +11,7 @@ See xref:../../operators/operator_sdk/osdk-about.adoc#osdk-about[Developing Oper [NOTE] ==== -{product-title} 4.8 and later supports Operator SDK v1.8.0. +{product-title} 4.9 and later supports Operator SDK v1.10.1. ==== include::modules/osdk-installing-cli-linux-macos.adoc[leveloffset=+1] diff --git a/modules/osdk-ansible-inside-operator-local.adoc b/modules/osdk-ansible-inside-operator-local.adoc index 0988142ed98e..eafc47c24714 100644 --- a/modules/osdk-ansible-inside-operator-local.adoc +++ b/modules/osdk-ansible-inside-operator-local.adoc @@ -45,7 +45,7 @@ $ make run [source,terminal] ---- /home/user/memcached-operator/bin/ansible-operator run -{"level":"info","ts":1612739145.2871568,"logger":"cmd","msg":"Version","Go Version":"go1.15.5","GOOS":"linux","GOARCH":"amd64","ansible-operator":"v1.8.0","commit":"1abf57985b43bf6a59dcd18147b3c574fa57d3f6"} +{"level":"info","ts":1612739145.2871568,"logger":"cmd","msg":"Version","Go Version":"go1.15.5","GOOS":"linux","GOARCH":"amd64","ansible-operator":"v1.10.1","commit":"1abf57985b43bf6a59dcd18147b3c574fa57d3f6"} ... {"level":"info","ts":1612739148.347306,"logger":"controller-runtime.metrics","msg":"metrics server is starting to listen","addr":":8080"} {"level":"info","ts":1612739148.3488882,"logger":"watches","msg":"Environment variable not set; using default value","envVar":"ANSIBLE_VERBOSITY_MEMCACHED_CACHE_EXAMPLE_COM","default":2} diff --git a/modules/osdk-ansible-inside-operator-logs-view.adoc b/modules/osdk-ansible-inside-operator-logs-view.adoc index 24c0219018df..6363782a8d5a 100644 --- a/modules/osdk-ansible-inside-operator-logs-view.adoc +++ b/modules/osdk-ansible-inside-operator-logs-view.adoc @@ -25,7 +25,7 @@ $ oc logs deployment/-controller-manager \ .Example output [source,terminal] ---- -{"level":"info","ts":1612732105.0579333,"logger":"cmd","msg":"Version","Go Version":"go1.15.5","GOOS":"linux","GOARCH":"amd64","ansible-operator":"v1.8.0","commit":"1abf57985b43bf6a59dcd18147b3c574fa57d3f6"} +{"level":"info","ts":1612732105.0579333,"logger":"cmd","msg":"Version","Go Version":"go1.15.5","GOOS":"linux","GOARCH":"amd64","ansible-operator":"v1.10.1","commit":"1abf57985b43bf6a59dcd18147b3c574fa57d3f6"} {"level":"info","ts":1612732105.0587437,"logger":"cmd","msg":"WATCH_NAMESPACE environment variable not set. Watching all namespaces.","Namespace":""} I0207 21:08:26.110949 7 request.go:645] Throttling request took 1.035521578s, request: GET:https://172.30.0.1:443/apis/flowcontrol.apiserver.k8s.io/v1alpha1?timeout=32s {"level":"info","ts":1612732107.768025,"logger":"controller-runtime.metrics","msg":"metrics server is starting to listen","addr":"127.0.0.1:8080"} diff --git a/modules/osdk-installing-cli-linux-macos.adoc b/modules/osdk-installing-cli-linux-macos.adoc index f2acc8823472..8e1f55991f99 100644 --- a/modules/osdk-installing-cli-linux-macos.adoc +++ b/modules/osdk-installing-cli-linux-macos.adoc @@ -3,8 +3,8 @@ // * cli_reference/osdk/cli-osdk-install.adoc // * operators/operator_sdk/osdk-installing-cli.adoc -:ocp_ver: 4.8.4 -:osdk_ver: v1.8.0 +:ocp_ver: 4.9 +:osdk_ver: v1.10.1 [id="osdk-installing-cli-linux-macos_{context}"] = Installing the Operator SDK CLI @@ -25,7 +25,7 @@ endif::[] . Navigate to the link:https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/operator-sdk/{ocp_ver}/[OpenShift mirror site]. -. From the `{ocp_ver}` directory, download the latest version of the tarball for Linux. +. From the latest {ocp_ver} directory, download the latest version of the tarball for Linux. . Unpack the archive: + diff --git a/modules/osdk-operatorconditions.adoc b/modules/osdk-operatorconditions.adoc index 8d490c946931..091f9c3b10ff 100644 --- a/modules/osdk-operatorconditions.adoc +++ b/modules/osdk-operatorconditions.adoc @@ -24,7 +24,7 @@ The Operator is allowed to modify only the `status` subresource of the CR. Opera [NOTE] ==== -Operator SDK v1.8.0 supports `operator-lib` v0.3.0. +Operator SDK v1.10.1 supports `operator-lib` v0.3.0. ==== .Prerequisites diff --git a/modules/osdk-scorecard-config.adoc b/modules/osdk-scorecard-config.adoc index 71f7a6904e2b..2eeb873b35db 100644 --- a/modules/osdk-scorecard-config.adoc +++ b/modules/osdk-scorecard-config.adoc @@ -2,7 +2,7 @@ // // * operators/operator_sdk/osdk-scorecard.adoc -:osdk_ver: v1.8.0 +:osdk_ver: v1.10.1 [id="osdk-scorecard-config_{context}"] = Scorecard configuration diff --git a/modules/osdk-scorecard-output.adoc b/modules/osdk-scorecard-output.adoc index 68bc1e62f3c9..79f4089b48ae 100644 --- a/modules/osdk-scorecard-output.adoc +++ b/modules/osdk-scorecard-output.adoc @@ -2,7 +2,7 @@ // // * operators/operator_sdk/osdk-scorecard.adoc -:osdk_ver: v1.8.0 +:osdk_ver: v1.10.1 [id="osdk-scorecard-output_{context}"] = Scorecard output diff --git a/modules/osdk-scorecard-parallel.adoc b/modules/osdk-scorecard-parallel.adoc index 3ba21878e209..bf707ee11f80 100644 --- a/modules/osdk-scorecard-parallel.adoc +++ b/modules/osdk-scorecard-parallel.adoc @@ -2,7 +2,7 @@ // // * operators/operator_sdk/osdk-scorecard.adoc -:osdk_ver: v1.8.0 +:osdk_ver: v1.10.1 [id="osdk-scorecard-parallel_{context}"] = Enabling parallel testing diff --git a/modules/osdk-upgrading-v130-to-v180.adoc b/modules/osdk-upgrading-v130-to-v180.adoc deleted file mode 100644 index 29ce11dfde86..000000000000 --- a/modules/osdk-upgrading-v130-to-v180.adoc +++ /dev/null @@ -1,858 +0,0 @@ -// Module included in the following assemblies: -// -// * operators/operator_sdk/osdk-upgrading-projects.adoc - -:osdk_ver: v1.8.0 -:osdk_ver_n1: v1.3.0 - -[id="osdk-upgrading-v130-to-v180_{context}"] -= Upgrading projects for Operator SDK {osdk_ver} - -The following upgrade steps must be performed to upgrade an existing Operator project for compatibility with {osdk_ver}. - -.Prerequisites - -- Operator SDK {osdk_ver} installed -- Operator project that was previously created or maintained with Operator SDK {osdk_ver_n1} - -.Procedure - -. Make the following changes to your `PROJECT` file: - -.. Update the `PROJECT` file `plugins` object to use `manifests` and `scorecard` objects. -+ -The `manifests` and `scorecard` plug-ins that create Operator Lifecycle Manager (OLM) and scorecard manifests now have plug-in objects for running `create` subcommands to create related files. - -** For Go-based Operator projects, an existing Go-based plug-in configuration object is already present. While the old configuration is still supported, these new objects will be useful in the future as configuration options are added to their respective plug-ins: -+ -.Old configuration -[source,yaml] ----- -version: 3-alpha -... -plugins: - go.sdk.operatorframework.io/v2-alpha: {} ----- -+ -.New configuration -[source,yaml] ----- -version: 3-alpha -... -plugins: - manifests.sdk.operatorframework.io/v2: {} - scorecard.sdk.operatorframework.io/v2: {} ----- - -** Optional: For Ansible- and Helm-based Operator projects, the plug-in configuration object previously did not exist. While you are not required to add the plug-in configuration objects, these new objects will be useful in the future as configuration options are added to their respective plug-ins: -+ -[source,yaml] ----- -version: 3-alpha -... -plugins: - manifests.sdk.operatorframework.io/v2: {} - scorecard.sdk.operatorframework.io/v2: {} ----- - -.. The `PROJECT` config version `3-alpha` must be upgraded to `3`. The `version` key in your `PROJECT` file represents the `PROJECT` config version: -+ -.Old `PROJECT` file -[source,yaml] ----- -version: 3-alpha -resources: -- crdVersion: v1 -... ----- -+ -Version `3-alpha` has been stabilized as link:https://book.kubebuilder.io/migration/v2vsv3.html[version 3] and contains a set of config fields sufficient to fully describe a project. While this change is not technically breaking because the spec at that version was alpha, it was used by default in `operator-sdk` commands, so it should be marked as breaking and have a convenient upgrade path. - -... Run the `alpha config-3alpha-to-3` command to convert most of your `PROJECT` file from version `3-alpha` to `3`: -+ -[source,terminal] ----- -$ operator-sdk alpha config-3alpha-to-3 ----- -+ -.Example output -[source,terminal] ----- -Your PROJECT config file has been converted from version 3-alpha to 3. Please make sure all config data is correct. ----- -+ -The command will also output comments with directions where automatic conversion is not possible. - -... Verify the change: -+ -.New `PROJECT` file -[source,yaml] ----- -version: "3" -resources: -- api: - crdVersion: v1 -... ----- - -. Make the following changes to your `config/manager/manager.yaml` file: - -.. For Ansible- and Helm-based Operator projects, add liveness and readiness probes. -+ -New projects built with the Operator SDK have the probes configured by default. The endpoints `/healthz` and `/readyz` are available now in the provided image base. You can update your existing projects to use the probes by updating the `Dockerfile` to use the latest base image, then add the following to the `manager` container in the `config/manager/manager.yaml` file: -+ -.Configuration for Ansible-based Operator projects -[%collapsible] -==== -[source,yaml] ----- - livenessProbe: - httpGet: - path: /healthz - port: 6789 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /readyz - port: 6789 - initialDelaySeconds: 5 - periodSeconds: 10 ----- -==== -+ -.Configuration for Helm-based Operator projects -[%collapsible] -==== -[source,yaml] ----- - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 ----- -==== - -.. For Ansible- and Helm-based Operator projects, add security contexts to your manager's deployment. -+ -In the `config/manager/manager.yaml` file, add the following security contexts: -+ -.`config/manager/manager.yaml` file -[%collapsible] -==== -[source,yaml] ----- -spec: - ... - template: - ... - spec: - securityContext: - runAsNonRoot: true - containers: - - name: manager - securityContext: - allowPrivilegeEscalation: false ----- -==== - -. Make the following changes to your `Makefile`: - -.. For Ansible- and Helm-based Operator projects, update the `helm-operator` and `ansible-operator` URLs in the `Makefile`: - -** For Ansible-based Operator projects, change: -+ -[source,terminal] ----- -https://github.com/operator-framework/operator-sdk/releases/download/v1.3.0/ansible-operator-v1.3.0-$(ARCHOPER)-$(OSOPER) ----- -+ -to: -+ -[source,terminal] ----- -https://github.com/operator-framework/operator-sdk/releases/download/v1.8.0/ansible-operator_$(OS)_$(ARCH) ----- - -** For Helm-based Operator projects, change: -+ -[source,terminal] ----- -https://github.com/operator-framework/operator-sdk/releases/download/v1.3.0/helm-operator-v1.3.0-$(ARCHOPER)-$(OSOPER) ----- -+ -to: -+ -[source,terminal] ----- -https://github.com/operator-framework/operator-sdk/releases/download/v1.8.0/helm-operator_$(OS)_$(ARCH) ----- - -.. For Ansible- and Helm-based Operator projects, update the `helm-operator`, `ansible-operator`, and `kustomize` rules in the `Makefile`. These rules download a local binary but do not use it if a global binary is present: -+ -.`Makefile` diff for Ansible-based Operator projects -[%collapsible] -==== -[source,diff] ----- - PATH := $(PATH):$(PWD)/bin - SHELL := env PATH=$(PATH) /bin/sh --OS := $(shell uname -s | tr '[:upper:]' '[:lower:]') --ARCH := $(shell uname -m | sed 's/x86_64/amd64/') -+OS = $(shell uname -s | tr '[:upper:]' '[:lower:]') -+ARCH = $(shell uname -m | sed 's/x86_64/amd64/') -+OSOPER = $(shell uname -s | tr '[:upper:]' '[:lower:]' | sed 's/darwin/apple-darwin/' | sed 's/linux/linux-gnu/') -+ARCHOPER = $(shell uname -m ) - --# Download kustomize locally if necessary, preferring the $(pwd)/bin path over global if both exist. --.PHONY: kustomize --KUSTOMIZE = $(shell pwd)/bin/kustomize - kustomize: --ifeq (,$(wildcard $(KUSTOMIZE))) --ifeq (,$(shell which kustomize 2>/dev/null)) -+ifeq (, $(shell which kustomize 2>/dev/null)) - @{ \ - set -e ;\ -- mkdir -p $(dir $(KUSTOMIZE)) ;\ -- curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v3.5.4/kustomize_v3.5.4_$(OS)_$(ARCH).tar.gz | \ -- tar xzf - -C bin/ ;\ -+ mkdir -p bin ;\ -+ curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v3.5.4/kustomize_v3.5.4_$(OS)_$(ARCH).tar.gz | tar xzf - -C bin/ ;\ - } -+KUSTOMIZE=$(realpath ./bin/kustomize) - else --KUSTOMIZE = $(shell which kustomize) --endif -+KUSTOMIZE=$(shell which kustomize) - endif - --# Download ansible-operator locally if necessary, preferring the $(pwd)/bin path over global if both exist. --.PHONY: ansible-operator --ANSIBLE_OPERATOR = $(shell pwd)/bin/ansible-operator - ansible-operator: --ifeq (,$(wildcard $(ANSIBLE_OPERATOR))) --ifeq (,$(shell which ansible-operator 2>/dev/null)) -+ifeq (, $(shell which ansible-operator 2>/dev/null)) - @{ \ - set -e ;\ -- mkdir -p $(dir $(ANSIBLE_OPERATOR)) ;\ -- curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.3.0/ansible-operator_$(OS)_$(ARCH) ;\ -- chmod +x $(ANSIBLE_OPERATOR) ;\ -+ mkdir -p bin ;\ -+ curl -LO https://github.com/operator-framework/operator-sdk/releases/download/v1.8.0/ansible-operator-v1.8.0-$(ARCHOPER)-$(OSOPER) ;\ -+ mv ansible-operator-v1.8.0-$(ARCHOPER)-$(OSOPER) ./bin/ansible-operator ;\ -+ chmod +x ./bin/ansible-operator ;\ - } -+ANSIBLE_OPERATOR=$(realpath ./bin/ansible-operator) - else --ANSIBLE_OPERATOR = $(shell which ansible-operator) --endif -+ANSIBLE_OPERATOR=$(shell which ansible-operator) - endif ----- -==== -+ -.`Makefile` diff for Helm-based Operator projects -[%collapsible] -==== -[source,diff] ----- - PATH := $(PATH):$(PWD)/bin - SHELL := env PATH=$(PATH) /bin/sh --OS := $(shell uname -s | tr '[:upper:]' '[:lower:]') --ARCH := $(shell uname -m | sed 's/x86_64/amd64/') -+OS = $(shell uname -s | tr '[:upper:]' '[:lower:]') -+ARCH = $(shell uname -m | sed 's/x86_64/amd64/') -+OSOPER = $(shell uname -s | tr '[:upper:]' '[:lower:]' | sed 's/darwin/apple-darwin/' | sed 's/linux/linux-gnu/') -+ARCHOPER = $(shell uname -m ) - --# Download kustomize locally if necessary, preferring the $(pwd)/bin path over global if both exist. --.PHONY: kustomize --KUSTOMIZE = $(shell pwd)/bin/kustomize - kustomize: --ifeq (,$(wildcard $(KUSTOMIZE))) --ifeq (,$(shell which kustomize 2>/dev/null)) -+ifeq (, $(shell which kustomize 2>/dev/null)) - @{ \ - set -e ;\ -- mkdir -p $(dir $(KUSTOMIZE)) ;\ -- curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v3.5.4/kustomize_v3.5.4_$(OS)_$(ARCH).tar.gz | \ -- tar xzf - -C bin/ ;\ -+ mkdir -p bin ;\ -+ curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v3.5.4/kustomize_v3.5.4_$(OS)_$(ARCH).tar.gz | tar xzf - -C bin/ ;\ - } -+KUSTOMIZE=$(realpath ./bin/kustomize) - else --KUSTOMIZE = $(shell which kustomize) --endif -+KUSTOMIZE=$(shell which kustomize) - endif - --# Download helm-operator locally if necessary, preferring the $(pwd)/bin path over global if both exist. --.PHONY: helm-operator --HELM_OPERATOR = $(shell pwd)/bin/helm-operator - helm-operator: --ifeq (,$(wildcard $(HELM_OPERATOR))) --ifeq (,$(shell which helm-operator 2>/dev/null)) -+ifeq (, $(shell which helm-operator 2>/dev/null)) - @{ \ - set -e ;\ -- mkdir -p $(dir $(HELM_OPERATOR)) ;\ -- curl -sSLo $(HELM_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.3.0/helm-operator_$(OS)_$(ARCH) ;\ -- chmod +x $(HELM_OPERATOR) ;\ -+ mkdir -p bin ;\ -+ curl -LO https://github.com/operator-framework/operator-sdk/releases/download/v1.8.0/helm-operator-v1.8.0-$(ARCHOPER)-$(OSOPER) ;\ -+ mv helm-operator-v1.8.0-$(ARCHOPER)-$(OSOPER) ./bin/helm-operator ;\ -+ chmod +x ./bin/helm-operator ;\ - } -+HELM_OPERATOR=$(realpath ./bin/helm-operator) - else --HELM_OPERATOR = $(shell which helm-operator) --endif -+HELM_OPERATOR=$(shell which helm-operator) - endif ----- -==== - -.. Move the positional directory argument `.` in the `make` target for `docker-build`. -+ -The directory argument `.` in the `docker-build` target was moved to the last positional argument to align with `podman` CLI expectations, which makes substitution cleaner: -+ -.Old target -[source,terminal] ----- -docker-build: - docker build . -t ${IMG} ----- -+ -.New target -[source,terminal] ----- -docker-build: - docker build -t ${IMG} . ----- -+ -You can make this change by running the following command: -+ -[source,terminal] ----- -$ sed -i 's/docker build . -t ${IMG}/docker build -t ${IMG} ./' $(git grep -l 'docker.*build \. ') ----- - -.. For Ansible- and Helm-based Operator projects, add a `help` target to the `Makefile`. -+ -Ansible- and Helm-based projects now provide `help` target in the `Makefile` by default, similar to a `--help` flag. You can manually add this target to your `Makefile` using the following lines: -+ -.`help` target -[%collapsible] -==== -[source,make] ----- -##@ General - -# The help target prints out all targets with their descriptions organized -# beneath their categories. The categories are represented by '##@' and the -# target descriptions by '##'. The awk commands is responsible for reading the -# entire set of makefiles included in this invocation, looking for lines of the -# file as xyz: ## something, and then pretty-format the target and help. Then, -# if there's a line with ##@ something, that gets pretty-printed as a category. -# More info on the usage of ANSI control characters for terminal formatting: -# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters -# More info on the awk command: -# http://linuxcommand.org/lc3_adv_awk.php - -help: ## Display this help. - @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) ----- -==== - -.. Add `opm` and `catalog-build` targets. You can use these targets to create your own catalogs for your Operator or add your Operator bundles to an existing catalog: - -... Add the targets to your `Makefile` by adding the following lines: -+ -.`opm` and `catalog-build` targets -[%collapsible] -==== -[source,make] ----- -.PHONY: opm -OPM = ./bin/opm -opm: -ifeq (,$(wildcard $(OPM))) -ifeq (,$(shell which opm 2>/dev/null)) - @{ \ - set -e ;\ - mkdir -p $(dir $(OPM)) ;\ - curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.15.1/$(OS)-$(ARCH)-opm ;\ - chmod +x $(OPM) ;\ - } -else -OPM = $(shell which opm) -endif -endif -BUNDLE_IMGS ?= $(BUNDLE_IMG) -CATALOG_IMG ?= $(IMAGE_TAG_BASE)-catalog:v$(VERSION) ifneq ($(origin CATALOG_BASE_IMG), undefined) FROM_INDEX_OPT := --from-index $(CATALOG_BASE_IMG) endif -.PHONY: catalog-build -catalog-build: opm - $(OPM) index add --container-tool docker --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT) - -.PHONY: catalog-push -catalog-push: ## Push the catalog image. - $(MAKE) docker-push IMG=$(CATALOG_IMG) ----- -==== - -... If you are updating a Go-based Operator project, also add the following `Makefile` variables: -+ -.`Makefile` variables -[%collapsible] -==== -[source,make] ----- -OS = $(shell go env GOOS) -ARCH = $(shell go env GOARCH) ----- -==== - -.. For Go-based Operator projects, set the `SHELL` variable in your `Makefile` to the system `bash` binary. -+ -Importing the `setup-envtest.sh` script requires `bash`, so the `SHELL` variable must be set to `bash` with error options: -+ -.`Makefile` diff -[%collapsible] -==== -[source,diff] ----- -else GOBIN=$(shell go env GOBIN) -endif -+# Setting SHELL to bash allows bash commands to be executed by recipes. -+# This is a requirement for 'setup-envtest.sh' in the test target. -+# Options are set to exit when a recipe line exits non-zero or a piped command fails. -+SHELL = /usr/bin/env bash -o pipefail -+.SHELLFLAGS = -ec -+ all: build ----- -==== - -. For Go-based Operator projects, upgrade `controller-runtime` to v0.8.3 and Kubernetes dependencies to v0.20.2 by changing the following entries in your `go.mod` file, then rebuild your project: -+ -.`go.mod` file -[%collapsible] -==== -[source,go] ----- -... - k8s.io/api v0.20.2 - k8s.io/apimachinery v0.20.2 - k8s.io/client-go v0.20.2 - sigs.k8s.io/controller-runtime v0.8.3 ----- -==== - -. Add a `system:controller-manager` service account to your project. A non-default service account `controller-manager` is now generated by the `operator-sdk init` command to improve security for Operators installed in shared namespaces. To add this service account to your existing project, follow these steps: - -.. Create the `ServiceAccount` definition in a file: -+ -.`config/rbac/service_account.yaml` file -[%collapsible] -==== -[source,yaml] ----- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: controller-manager - namespace: system ----- -==== - -.. Add the service account to the list of RBAC resources: -+ -[source,terminal] ----- -$ echo "- service_account.yaml" >> config/rbac/kustomization.yaml ----- - -.. Update all `RoleBinding` and `ClusterRoleBinding` objects that reference the Operator's service account: -+ -[source,terminal] ----- -$ find config/rbac -name *_binding.yaml -exec sed -i -E 's/ name: default/ name: controller-manager/g' {} \; ----- - -.. Add the service account name to the manager deployment's `spec.template.spec.serviceAccountName` field: -+ -[source,terminal] ----- -$ sed -i -E 's/([ ]+)(terminationGracePeriodSeconds:)/\1serviceAccountName: controller-manager\n\1\2/g' config/manager/manager.yaml ----- - -.. Verify the changes look like the following diffs: -+ -.`config/manager/manager.yaml` file diff -[%collapsible] -==== -[source,diff] ----- -... - requests: - cpu: 100m - memory: 20Mi -+ serviceAccountName: controller-manager - terminationGracePeriodSeconds: 10 ----- -==== -+ -.`config/rbac/auth_proxy_role_binding.yaml` file diff -[%collapsible] -==== -[source,diff] ----- -... - name: proxy-role - subjects: - - kind: ServiceAccount -- name: default -+ name: controller-manager - namespace: system ----- -==== -+ -.`config/rbac/kustomization.yaml` file diff -[%collapsible] -==== -[source,diff] ----- - resources: -+- service_account.yaml - - role.yaml - - role_binding.yaml - - leader_election_role.yaml ----- -==== -+ -.`config/rbac/leader_election_role_binding.yaml` file diff -[%collapsible] -==== -[source,diff] ----- -... - name: leader-election-role - subjects: - - kind: ServiceAccount -- name: default -+ name: controller-manager - namespace: system ----- -==== -+ -.`config/rbac/role_binding.yaml` file diff -[%collapsible] -==== -[source,diff] ----- -... - name: manager-role - subjects: - - kind: ServiceAccount -- name: default -+ name: controller-manager - namespace: system ----- -==== -+ -.`config/rbac/service_account.yaml` file diff -[%collapsible] -==== -[source,diff] ----- -+apiVersion: v1 -+kind: ServiceAccount -+metadata: -+ name: controller-manager -+ namespace: system ----- -==== - -. Make the following changes to your `config/manifests/kustomization.yaml` file: - -.. Add a link:https://kustomize.io/[Kustomize] patch to remove the link:https://cert-manager.io/[cert-manager] `volume` and `volumeMount` objects from your cluster service version (CSV). -+ -Because Operator Lifecycle Manager (OLM) does not yet support cert-manager, a JSON patch was added to remove this volume and mount so OLM can create and manage certificates for your Operator. -+ -In the `config/manifests/kustomization.yaml` file, add the following lines: -+ -.`config/manifests/kustomization.yaml` file -[%collapsible] -==== -[source,yaml] ----- -patchesJson6902: -- target: - group: apps - version: v1 - kind: Deployment - name: controller-manager - namespace: system - patch: |- - # Remove the manager container's "cert" volumeMount, since OLM will create and mount a set of certs. - # Update the indices in this path if adding or removing containers/volumeMounts in the manager's Deployment. - - op: remove - path: /spec/template/spec/containers/1/volumeMounts/0 - # Remove the "cert" volume, since OLM will create and mount a set of certs. - # Update the indices in this path if adding or removing volumes in the manager's Deployment. - - op: remove - path: /spec/template/spec/volumes/0 ----- -==== - -.. Optional: For Ansible- and Helm-based Operator projects, configure `ansible-operator` and `helm-operator` with a component config. To add this option, follow these steps: - -... Create the following file: -+ -.`config/default/manager_config_patch.yaml` file -[%collapsible] -==== -[source,yaml] ----- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager - args: - - "--config=controller_manager_config.yaml" - volumeMounts: - - name: manager-config - mountPath: /controller_manager_config.yaml - subPath: controller_manager_config.yaml - volumes: - - name: manager-config - configMap: - name: manager-config ----- -==== - -... Create the following file: -+ -.`config/manager/controller_manager_config.yaml` file -[%collapsible] -==== -[source,yaml] ----- -apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 -kind: ControllerManagerConfig -health: - healthProbeBindAddress: :6789 -metrics: - bindAddress: 127.0.0.1:8080 - -leaderElection: - leaderElect: true - resourceName: ----- -==== - -... Update the `config/default/kustomization.yaml` file by applying the following changes to `resources`: -+ -.`config/default/kustomization.yaml` file -[%collapsible] -==== -[source,yaml] ----- - resources: - ... - - manager_config_patch.yaml ----- -==== - -... Update the `config/manager/kustomization.yaml` file by applying the following changes: -+ -.`config/manager/kustomization.yaml` file -[%collapsible] -==== -[source,yaml] ----- - generatorOptions: - disableNameSuffixHash: true - - configMapGenerator: - - files: - - controller_manager_config.yaml - name: manager-config - apiVersion: kustomize.config.k8s.io/v1beta1 - kind: Kustomization - images: - - name: controller - newName: quay.io/example/memcached-operator - newTag: v0.0.1 ----- -==== - -.. Optional: Add a manager config patch to the `config/default/kustomization.yaml` file. -+ -The generated `--config` flag was not added to either the `ansible-operator` or `helm-operator` binary when link:https://master.book.kubebuilder.io/component-config-tutorial/tutorial.html[config file] support was originally added, so it does not currently work. The `--config` flag supports configuration of both binaries by file; this method of configuration only applies to the underlying link:https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/manager#Manager[controller manager] and not the Operator as a whole. -+ -To optionally configure the Operator's deployment with a config file, make changes to the `config/default/kustomization.yaml` file as shown in the following diff: -+ -.`config/default/kustomization.yaml` file diff -[%collapsible] -==== -[source,diff] ----- -# If you want your controller-manager to expose the /metrics # endpoint w/o any authn/z, please comment the following line. -\- manager_auth_proxy_patch.yaml -+# Mount the controller config file for loading manager configurations -+# through a ComponentConfig type -+- manager_config_patch.yaml ----- -==== -+ -Flags can be used as is or to override config file values. - -. For Ansible- and Helm-based Operator projects, add role rules for leader election by making the following changes to the `config/rbac/leader_election_role.yaml` file: -+ -.`config/rbac/leader_election_role.yaml` file -[%collapsible] -==== -[source,yaml] ----- -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete ----- -==== - -. For Ansible-based Operator projects, update Ansible collections. -+ -In your `requirements.yml` file, change the `version` field for `community.kubernetes` to `1.2.1`, and the `version` field for `operator_sdk.util` to `0.2.0`. - -. Make the following changes to your `config/default/manager_auth_proxy_patch.yaml` file: - -** For Ansible-based Operator projects, add the `--health-probe-bind-address=:6789` argument to the `config/default/manager_auth_proxy_patch.yaml` file: -+ -.`config/default/manager_auth_proxy_patch.yaml` file -[%collapsible] -==== -[source,yaml] ----- -spec: - template: - spec: - containers: - - name: manager - args: - - "--health-probe-bind-address=:6789" - ... ----- -==== - -** For Helm-based Operator projects: - -... Add the `--health-probe-bind-address=:8081` argument to the `config/default/manager_auth_proxy_patch.yaml` file: -+ -.`config/default/manager_auth_proxy_patch.yaml` file -[%collapsible] -==== -[source,yaml] ----- -spec: - template: - spec: - containers: - - name: manager - args: - - "--health-probe-bind-address=:8081" - ... ----- -==== - -... Replace the deprecated flag `--enable-leader-election` with `--leader-elect`, and the deprecated flag `--metrics-addr` with `--metrics-bind-address`. - -. Make the following changes to your `config/prometheus/monitor.yaml` file: - -.. Add scheme, token, and TLS config to the Prometheus `ServiceMonitor` metrics endpoint. -+ -The `/metrics` endpoint, while specifying the `https` port on the manager pod, was not actually configured to serve over HTTPS because no `tlsConfig` was set. Because `kube-rbac-proxy` secures this endpoint as a manager sidecar, using the service account token mounted into the pod by default corrects this problem. -+ -Apply the changes to the `config/prometheus/monitor.yaml` file as shown in the following diff: -+ -.`config/prometheus/monitor.yaml` file diff -[%collapsible] -==== -[source,diff] ----- -spec: - endpoints: - - path: /metrics - port: https -+ scheme: https -+ bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token -+ tlsConfig: -+ insecureSkipVerify: true - selector: - matchLabels: - control-plane: controller-manager ----- -==== -+ -[NOTE] -==== -If you removed `kube-rbac-proxy` from your project, ensure that you secure the `/metrics` endpoint using a proper link:https://prometheus.io/docs/guides/tls-encryption[TLS configuration]. -==== - -. Ensure that existing dependent resources have owner annotations. -+ -For Ansible-based Operator projects, link:https://sdk.operatorframework.io/docs/building-operators/ansible/reference/retroactively-owned-resources/[owner reference annotations] -on cluster-scoped dependent resources and dependent resources in other namespaces were not applied correctly. A workaround was to add these annotations manually, which is no longer required as this bug has been fixed. - -. Deprecate support for package manifests. -+ -The link:https://operatorframework.io/[Operator Framework] is removing support for the Operator package manifest format in a future release. As part of the ongoing deprecation process, the `operator-sdk generate packagemanifests` and `operator-sdk run packagemanifests` commands are now deprecated. To migrate package manifests to bundles, the `operator-sdk pkgman-to-bundle` command can be used. -+ -Run the `operator-sdk pkgman-to-bundle --help` command and see "Migrating package manifest projects to bundle format" for more details. - -. Update the finalizer names for your Operator. -+ -The finalizer name format suggested by link:https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#finalizers[Kubernetes documentation] is: -+ -[source,terminal] ----- -/ ----- -+ -while the format previously documented for Operator SDK was: -+ -[source,terminal] ----- -. ----- -+ -If your Operator uses any finalizers with names that match the incorrect format, change them to match the official format. For example, `finalizer.cache.example.com` must be changed to `cache.example.com/finalizer`. - -Your Operator project is now compatible with Operator SDK {osdk_ver}. - -:!osdk_ver: -:!osdk_ver_n1: diff --git a/modules/osdk-upgrading-v180-to-v1101.adoc b/modules/osdk-upgrading-v180-to-v1101.adoc new file mode 100644 index 000000000000..f9dfc39b28c4 --- /dev/null +++ b/modules/osdk-upgrading-v180-to-v1101.adoc @@ -0,0 +1,38 @@ +// Module included in the following assemblies: +// +// * operators/operator_sdk/osdk-upgrading-projects.adoc + +:osdk_ver: v1.10.1 +:osdk_ver_n1: v1.8.0 + +[id="osdk-upgrading-v180-to-v1101_{context}"] += Upgrading projects for Operator SDK {osdk_ver} + +The following upgrade steps must be performed to upgrade an existing Operator project for compatibility with {osdk_ver}. + +.Prerequisites + +- Operator SDK {osdk_ver} installed +- Operator project that was previously created or maintained with Operator SDK {osdk_ver_n1} + +.Procedure + +* For Ansible-based Operator projects, update the command in the `Set pull policy` section of the `molecule/default/prepare.yml` file: ++ +.`molecule/default/prepare.yml` file diff +[%collapsible] +==== +[source,diff] +---- + - name: Set pull policy +- command: '{{ "{{ kustomize }}" }} edit add patch pull_policy/{{ "{{ operator_pull_policy }}" }}.yaml' ++ command: '{{ "{{ kustomize }}" }} edit add patch --path pull_policy/{{ "{{ operator_pull_policy }}" }}.yaml' +---- +==== ++ +Ansible projects are now scaffolded with Kustomize version 3.8.7. This version of Kustomize requires that the path to patch files be provided with the `--path` flag in the `add patch` command. + +Your Operator project is now compatible with Operator SDK {osdk_ver}. + +:!osdk_ver: +:!osdk_ver_n1: diff --git a/operators/operator_sdk/osdk-about.adoc b/operators/operator_sdk/osdk-about.adoc index 3e12d633a776..f06302b4e90b 100644 --- a/operators/operator_sdk/osdk-about.adoc +++ b/operators/operator_sdk/osdk-about.adoc @@ -27,7 +27,7 @@ Operator authors with cluster administrator access to a Kubernetes-based cluster [NOTE] ==== -{product-title} 4.8 supports Operator SDK v1.8.0 or later. +{product-title} 4.9 supports Operator SDK v1.10.0 or later. ==== [id="osdk-about-what-are-operators"] diff --git a/operators/operator_sdk/osdk-installing-cli.adoc b/operators/operator_sdk/osdk-installing-cli.adoc index a0ea1f9288af..7e84f139cf60 100644 --- a/operators/operator_sdk/osdk-installing-cli.adoc +++ b/operators/operator_sdk/osdk-installing-cli.adoc @@ -3,7 +3,7 @@ include::modules/common-attributes.adoc[] :context: osdk-installing-cli -:osdk_ver: v1.8.0 +:osdk_ver: v1.10.1 toc::[] diff --git a/operators/operator_sdk/osdk-upgrading-projects.adoc b/operators/operator_sdk/osdk-upgrading-projects.adoc index 31368452898f..ee7282fd88d1 100644 --- a/operators/operator_sdk/osdk-upgrading-projects.adoc +++ b/operators/operator_sdk/osdk-upgrading-projects.adoc @@ -3,9 +3,9 @@ include::modules/common-attributes.adoc[] :context: osdk-upgrading-projects -:osdk_ver: v1.8.0 -:osdk_ver_n1: v1.3.0 -:product-version-n1: 4.7 +:osdk_ver: v1.10.1 +:osdk_ver_n1: v1.8.0 +:product-version-n1: 4.8 toc::[] @@ -13,12 +13,18 @@ toc::[] However, to ensure your existing Operator projects maintain compatibility with Operator SDK {osdk_ver}, upgrade steps are required for the associated breaking changes introduced since {osdk_ver_n1}. You must perform the upgrade steps manually in any of your Operator projects that were previously created or maintained with {osdk_ver_n1}. -include::modules/osdk-upgrading-v130-to-v180.adoc[leveloffset=+1] +include::modules/osdk-upgrading-v180-to-v1101.adoc[leveloffset=+1] + +[id="osdk-upgrading-projects-known-issues"] +== Known issues + +* The `ansible-operator` binary rejects the `kubeconfig` file if the server URL contains a path. There is currently no workaround other than running the Operator as a pod in the cluster, in which case it uses the internal endpoint. The fix for this issue is currently blocked waiting on a fix to the `apimachinery` package. See link:https://github.com/operator-framework/operator-sdk/issues/4925[operator-framework/operator-sdk#4925] for more details. [id="additional-resources_osdk-upgrading-projects"] == Additional resources * xref:../../operators/operator_sdk/osdk-pkgman-to-bundle.adoc#osdk-pkgman-to-bundle[Migrating package manifest projects to bundle format] +* link:https://docs.openshift.com/container-platform/4.8/operators/operator_sdk/osdk-upgrading-projects.html#osdk-upgrading-v130-to-v180_osdk-upgrading-projects[Upgrading projects for Operator SDK v1.8.0] :!osdk_ver: :!osdk_ver_n1: