1.0.39435

Changes:

• cfb40ee Make elastic pool id configurable on Azure SQL DB (#2184)

This list of changes was auto generated.

v2.0.0-alpha.6

This version is unsupported. To try it out, follow the instructions in the README. After installation, you can see the usage instructions for how to get started.

Breaking changes

Replaced raw secrets with references to Kubernetes secrets

Replaced properties containing raw secrets (passwords, SSH keys, etc) with references to Kubernetes secrets.
This change is not backwards compatible. We realize that breaking changes are difficult for users, but felt that it was better to make this change now in alpha than delay. In this case, the change has significant positive security implications.

The following resources were impacted:

1. dbformysql.azure.com/v1alpha1api20210501/FlexibleServer: Property administratorLoginPassword
2. dbforpostgresql.azure.com/v1alpha1api20210601/FlexibleServer: Property administratorLoginPassword
3. compute.azure.com/v1alpha1api20201201/VirtualMachine: Property osProfile.AdminPassword
4. compute.azure.com/v1alpha1api20201201/VirtualMachineScaleSet: Property virtualMachineProfile.osProfile

Migration

The migration path for each of these resources is the same:

1. Ensure that the version of ASO you are running is alpha-6 or later.
2. Mark the existing resource with annotation serviceoperator.azure.com/reconcile-policy=detach-on-delete.
3. Delete the resource with kubectl delete. This won't delete the resource in Azure due to the above annotation.
4. Create a Kubernetes secret containing the value which was previously directly in the resource spec (for example the administratorLoginPassword). This secret must be in the same namespace as where the resource will be created.
5. Update the resource YAML to refer to the secret. See the example.
6. kubectl apply the updated resource YAML. This will adopt the resource that already exists in Azure (left from step 3).

Release notes

• Added support for the following new resources:
  • ContainerRegistry resource (#2074)
  • Compute/Image (#2090)
  • Compute/Snapshot (#2090)
• Stop using specHash optimization - reconcile should always PUT to Azure (#2202)
• Turn off Go client retries (#2033)
• Added support for the reconcile-policy annotation (#2060)
• Simplify configuration of which resources to export (#2071)
• Add support for resource extensions generation (#2064)

New Contributors

• @jonnylangefeld made their first contribution in #1766
• @uya116 made their first contribution in #2012
• @vaspahomov made their first contribution in #2078
• @super-harsh made their first contribution in #2064

Full Changelog: v2.0.0-alpha.5...v2.0.0-alpha.6

v2.0.0-alpha.5

This version is unsupported. To try it out, follow the instructions in the README. After installation, you can see the usage instructions for how to get started.

Release notes

• Fixes the conversion webhook bug in the previous release YAML that prevented creation of resources. See #2018 for more information.
• Added support for the following new resources:
  • EventGrid:
    • Domain
    • DomainsTopic
    • EventSubscription

Full Changelog: 2.0.0-alpha.4...2.0.0-alpha.5

v2.0.0-alpha.4

This version is unsupported. To try it out, follow the instructions in the README. After installation, you can see the usage instructions for how to get started.

Breaking changes

This release has two breaking changes that will affect existing deployments of the v2 Azure service operator. The ASO team realize that this is inconvenient for existing users, but decided that making the changes now while the operator is in alpha is better than trying to make them post-beta (or never making them). There are migration steps listed for each change.

API group change

The microsoft. prefix for Azure resources has been removed because it's redundant (since the groups are all under azure.com). For example, the YAML for a CosmosDB DatabaseAccount now starts with:

apiVersion: documentdb.azure.com/v1alpha1api20210515
kind: DatabaseAccount

Previously it was:

apiVersion: microsoft.documentdb.azure.com/v1alpha1api20210515
kind: DatabaseAccount

To migrate existing resources from the old API group to the new one, use the following steps:

1. Apply this release's operator YAML - this will create the new CRDs and update the deployment to use the new image. Ensure that any pods for the previous version of the operator have stopped. This will avoid the Azure resources being deleted when we clean up the old Kubernetes resources in step 4.
2. Edit the source YAML used to deploy the existing resources to have the new API group (for example documentdb.azure.com rather than microsoft.documentdb.azure.com).
3. Apply the updated YAML for the resources. These will be linked to the existing Azure resources.
4. For each old microsoft. resource, remove its serviceoperator.azure.com/finalizer and then delete it. You can find the resources with this command:
   kubectl api-resources -o name | grep 'microsoft\..*\.azure\.com' | paste -sd "," - | xargs kubectl get -A
   This is safe at this point because the alpha.4 version of the operator is only watching resources for the new non-microsoft. CRDs.
5. Delete the old microsoft. CRDs with:
   kubectl api-resources -o name | grep 'microsoft\..*\.azure\.com' | xargs kubectl delete customresourcedefinition

Removing namespace from resource references

The namespace field on resource references (for example vnetSubnetIDReference on ManagedClustersAgentPool) has been removed, following the Kubernetes Architecture SIG's recommendations on object references.

If you have resources with references to resources in a different namespace, edit the YAML of the reference to use the ARM ID of the resource in Azure rather than the group/kind/namespace/name of the resource in the Kubernetes cluster.

Release notes

• Added support for the following new resources:
  • PostgreSQL FlexibleServersConfiguration
  • SignalR
  • MySQL:
    • FlexibleServer
    • FlexibleServersDatabase
    • FlexibleServersFirewallRule
  • Application Insights:
    • Webtest
    • Component
  • Redis:
    • Redis
    • RedisLinkedServer
    • RedisFirewallRule
    • RedisPatchSchedule
    • RedisEnterprise
    • RedisEnterpriseDatabase

Full Changelog: v2.0.0-alpha.3...v2.0.0-alpha.4

v2.0.0-alpha.3

This version is unsupported. To try it out, follow the instructions in the README. After installation, you can see the usage instructions for how to get started.

Release notes

• Added support for the following new resources:
  • EventGrid Topic
  • EventHub:
    • Namespace
    • NamespacesAuthorizationRule
    • NamespacesEventhub
    • NamespacesEventhubsAuthorizationRule
    • NamespacesEventhubsConsumerGroup
  • VirtualMachine
  • NetworkInterface
• Added a new Documentation site
• Added condition severity to Azure resources' print columns
• Support deploying ASOv2 alongside v1 in the same cluster
• Support running the operator with a managed identity rather than service principal

Full Changelog: v2.0.0-alpha.2...v2.0.0-alpha.3

v2.0.0-alpha.2

This version is unsupported. To try it out, follow the instructions in the README. After installation, you can see the usage instructions for how to get started.

Release notes

• Added support for the following new resources:
  • Cosmos DB:
    • MongodbDatabase
    • MongodbDatabaseCollection
    • SqlDatabase
    • SqlDatabaseContainer
    • SqlDatabaseContainerTrigger
    • SqlDatabaseContainerStoredProcedure
    • SqlDatabaseContainerUserDefinedFunction
  • PostgreSQL:
    • FlexibleServer
    • FlexibleServersDatabase
    • FlexibleServersFirewallRule
  • RoleAssignment
• Moved the code generator and controller from hack folder to new v2 folder so they are much easier to find.
• Ported support for operator-per-namespace multitenancy to the v2 operator. This enables running multiple ASO deployments in one cluster watching different namespaces and using different credentials.
• Improved error reporting in logging and resource conditions.

Full Changelog: v2.0.0-alpha.1...v2.0.0-alpha.2

v2.0.0-alpha.1

This version is unsupported. To try it out, follow the instructions in the README. After installation, you can see the usage instructions for how to get started.

Release notes

• Added support for the following new resources:
  • NeworkSecurityGroup
  • NetworkSecurityGroupsSecurityRule
  • UserAssignedIdentity
  • AKS ManagedCluster
  • AKS ManagedClustersAgentPool
• Removed kubebuilder validations on Status resources. These validations could sometimes prevent the operator from saving status.
• Optimize controller back-off for the cloud (starts out slower, but doesn't back off quite as much as before so that we catch changes faster even once we've reached full back-off).
• Prevent controller reconciliation when only the Status of a resource has been changed.
• Improved the error message returned to users if the Owner is missing or pointing to a resource of the wrong type.
• Improved log messages written by the controller.
• Fixed bug with ResourceReference regex that incorrectly prevented some valid ARM IDs from being specified.

1.0.28631: Fix conversion webhooks in operator bundle (#1765)

Changes:

• 4fb3081 Fix conversion webhooks in operator bundle (#1765)
• b87d92c Controller logging improvements (#1759)
• a82afe8 Improve golden file testing (#1737)
• a7a086d Improve owner missing error message (#1747)
• 943f298 Fix README instruction indentation of yaml example (#1755)
• 89ac128 Add git diff output if files have changed (#1753)
• cfb25c0 Use reconcile predicates to prevent reconcile on status update (#1752)
• 6917a6e Add check for uncommitted changes after build (#1750)
• 7460cd4 Minor fix to README (#1751)
• 7bf2652 Small usability improvements to Dockerfile (#1749)

See More

• aa0a45c Rename _apis directory to apis and commit it (#1741)
• 1a18073 Update documentation for v2 (#1733)
• 452439c Add round trip tests of Property Assignment methods (#1725)
• 9d1f49f Add tests for pipeline stage to inject JSON Serialization tests (#1727)
• 2d87ed9 Update kind (#1738)
• 2b5686b Fix ASOv1 CI due to Kubebuilder download break (#1746)
• f6f07c6 Capture a couple of architecture decisions (#1740)
• ae76dcd Increase test polling speed some to reduce flakiness (#1745)
• ba7ac7b Stop VS Code complaning about devcontainer.json (#1736)
• 55d7d52 Improve recording default timeouts and controller backoff timing (#1731)
• f68f4c2 Remove all status validations (#1732)
• a7345fd Fixes for CI breakage (#1734)
• b3e7293 Add new options to support KeyVault soft delete (#1717)
• 315fe4d Fix EOLN settings so devcontainer works on Windows (#1719)
• 6652fb1 Suppress classes causing test failures (#1724)
• 1def7c5 Add operator mode configuration (#1658)
• e190674 Remove envtest job timeout for now (#1723)
• 71269af Tidyup and testing of JSON Serialization Tests (#1710)
• 290d399 Add UserManagedIdentity support (#1716)
• 2ffb918 Use PropertyBag for storage of unknown properties (#1682)
• 2d5ce77 Add NSG and NSG Rule support (#1701)
• a24a5e7 Add document for how to add a code generated resource (#1711) [ #1683 ]
• 98d093e Fix push target (#1713)
• fa62dda Remove "infra" from resource suffix (#1712)
• d772e2d Code generator code gardening (#1700)
• 4d4f459 Add printcolumns support on generated resources (#1699)
• f153260 Push releases to public MCR (#1709)
• 75e0aec Update kind version (#1707)
• 7619d96 GITHUB_WORKSPACE doesn't work in asset action (#1706)
• 77ce79e Push image from host rather than devcontainer (#1705)
• 5589763 Fix run-kustomize task and reorder steps (#1704)
• 5eb3e9f Make build-version work with multiple pre-release bits (#1703)
• 9f4d734 Change docker-login method (#1702)
• 74b5279 Bundle configuration/Kustomize output and upload to release (#1697)
• 7359ae7 Ignore changes to .github & .devcontainer dirs (#1698)
• 8342e41 Use Conditions rather than annotations to determine reconcile state (#1696)
• 34f39d5 Update Azure SDK version and update Helm chart parameters (#1695)
• 14ee7ad Release pipeline for v2 builds (#1692) [ #1632 ]
• be04d13 Improve the external API of the PropertyBag (#1669)
• cddee0f Generalize our JSON serialization test case to work with resources too (#1693)
• c4f0f09 Force top level status properties to be optional (#1694)
• 4c3c12d New conditions pipeline stages (#1689)
• 462f59f Update makefile with latest operator bundle version (#1677)
• 00f5405 Generate DeepCopy() methods for genruntime types (#1688)
• e697bc1 Update go-task and use deduplication (#1690)
• e2dd065 Use Github Action to add needs-triage label (#1687)
• 1db5905 Don't CommitUpdate twice in a single reconcile loop (#1684)
• 189aae5 Add new conditions type (#1675)
• e0b7929 Implement conversions for Specs and Statuses (#1649)
• dfff16c Use Update (PUT) not Patch when modifying spec and status (#1674)
• d8fd4d2 Ad concurrency key to live resource usage (#1660)
• fe3c776 Update our triage docs for new tag (#1681)
• a8e30ae Update helm chart to 1.7.0 (ASO version 1.0.27207) (#1676)

This list of changes was auto generated.

v2.0.0-alpha.0

First release of the v2.0.0-alpha series.

This version is unsupported. To try it out:

1. Install cert-manager, follow step #1 in the old quickstart.
2. Download the YAML file attached to this release and run kubectl apply -f <filename>.
3. Create the appropriate secrets. Firstly, create a Service Principal according to step #3 in the old quickstart. After setting the appropriate environment variables, run:

   $ cat <<EOF | kubectl apply -f -
   apiVersion: v1
   kind: Secret
   metadata:
     name: aso-controller-settings
     namespace: azureoperator-system
   stringData:
     AZURE_SUBSCRIPTION_ID: "$AZURE_SUBSCRIPTION_ID"
     AZURE_TENANT_ID: "$AZURE_TENANT_ID"
     AZURE_CLIENT_ID: "$AZURE_CLIENT_ID"
     AZURE_CLIENT_SECRET: "$AZURE_CLIENT_SECRET"
   EOF

For further instructions, see the README.

1.0.27207: Code gardening for code generation (#1672)

Changes:

• f317fde Increase CI timeout (#1673)
• ed4d1c5 Add needs-triage label automatically (#1671)
• 5a137b1 Fix possible VNET panic (#1652)
• 1e9cc4f Enforce alternatives to %v and %+v (#1639)
• 4cf831f Small MySQLServer samples update (#1641)
• 81091cf Support user specified MySQLServer secrets (#1625)
• a2d6835 Run Linux container only on Linux nodes (#1563)

See More

• f20673d Change Properties to a map (#1655)
• de0f04f Flatten ResourceGroup properties in Status (#1659)
• 4289ebe Support MySQLServer secret rollover (#1654)
• ad2459e Improve our Pipeline tests (#1656)
• 1e5b3d2 Eliminate most use of hard coded strings for pipeline stage names (#1640)
• 6667d97 Implement the Convertible interface on non-hub resources (#1628)
• b7ccaba Create conversion graph (#1627)
• c1e1902 Clean up autogenerated properties (#1653)
• 02973a1 Update ASO v1 dependencies (#1646)
• 6460930 Prune unused types after flattening (#1650)
• 4460654 Update ASO V2 dependencies (#1648)
• 77f01f2 Update generated servicebus queue/topic to 2021 API (#1642)
• 9954b93 Introduce Pipeline State (#1644)
• e8a90cd Add another case to handle in allOf merging (#1636)
• 668c02b Short-circuit "element" updates in one place (#1635)
• 409bc54 Fix header check (#1643)
• ad0d3e6 Design for customer facing resource states (#1614)
• 744f90b Add tparallel linter and fix (#1638)
• 5df37e7 Improve flattening (#1631) [ #1591 ]
• e16e163 Move Property Assignment Function into the functions package (#1622)
• 5e6b16b Convert Direction from enum into a discriminated union (#1618)
• a9e9a0e Return error if reference-like property is not labelled (#1629)
• 3ced054 Improve flattening pipeline stage errors and logs (#1630)
• 4b1363e Inject Hub() function on hub storage resources (#1616)
• 2e113ed Persist original ARM API version for use by generic controller (#1606)
• 1e458b2 One pager design on improving object structure (#1504)
• d4b0803 Ensure DB connections are closed when we've finished with them (#1619)
• a087f27 Add CodeQL analysis (#1624)
• 88c4c6f Pin golangci-lint version (#1623)
• bf8eb13 Fix subtest naming (#1621)
• fafcaca Minor improvements to astbuilder (#1613)
• 2578fbe Ensure test uses float value (#1617)
• 9aa558c Improve deployment process (#1605)
• 64508fd Annotate a resource with the namespace of the operator handling it (#1594)
• e16e429 Document our issue triage process and search criteria (#1610)
• 0b5e1f2 Add support for V2 VMSS (#1603)
• 07deed3 Don't fail on flattening collisions (#1608)
• 2a360fb Helm Chart: Added support for using existing secret for Azure Service Operator (#1600)
• 3b1d6ce Improve the API for TypeNameSet (#1607)
• 76d4bf8 Update aad-pod-identity helm chart dependency to 4.1.1 (#1583)
• 916430a Flattening (#1548) [ #1447 ]
• 9f78d9e Allow TypeNames from external packages (#1599)
• f40b9a7 Move pipeline stages into subpackage (#1593)
• c2e7189 Select parameter name exactly once (#1589)
• 3d5e5a3 Dont use -v for envtest-live either (#1601)
• 20a468e Fix Storage Conversion generation bug (#1595)
• d420499 Add new pipeline stage that merges groups (#1579) [ #1578 ]
• 5ab3cdb Extract OverlayWith() method (#1598)
• fe4f54b Some small test improvements (#1596)
• e844e18 Update flect and code (#1586) [ #1454 ]
• b6fed6a Specification for Preservation of ARM API Versioning (#1538)
• 0e4cd9c Config transformers and filters now error if no matches (#1577)
• 90631f0 Improve recorded test logging (#1571)
• f60f783 Use shared devcontainer image in PR builds (#1581)
• cc42aa3 Build & push Devcontainer image to GitHub Container Registry (#1580)
• d2ea772 Build aso-controller image (#1550)
• a6df6c7 Provide support for property conversions of JSON properties (#1574)
• ac7b7b1 Cache docker image (#1572)
• f347750 Temporarily remove stderr check in pipeline clean up task (#1575)
• 2b2437f Fix generated comments to reflect azure-service-operator (#1570)
• cac6e83 Simplify Property Conversion Context (#1562)
• 69e8589 Create Test Package (#1567)
• 2ceb10b Add Disk (from microsoft.compute/20200930) to generated resources (#1568)
• a4d3a51 Add AZURE_TARGET_NAMESPACES to restrict the namespaces the operator watches (#1559)
• 6bc381c Remove dangerous format specifiers (#1566)
• 0e33a74 Generate the latest resource versions from the 2019 spec (#1556)
• f92bb04 Allow property assignments to pull values from functions (#1545)
• b10a226 Create testcases package (#1557)
• 90da966 Allow resources to have additional properties (#1558)
• a261848 Fix some small casing issues (#1561)
• cc87f74 Document the current process for testing new operator bundle versions (#1544)
• d28ea4b Helm chart update 1.5.0 (#1552)

This list of changes was auto generated.