All notable changes to this project will be documented in this file.
- Don't error in case the
initial_reconcileReceiver is dropped (#1133).
- Add support for mutating webhooks (#1119).
- BREAKING: Refactor the entire
WebhookServermechanism, so multiple webhooks can run in parallel. Put individual webhooks (currentlyConversionWebhookandMutatingWebhook) behind theWebhooktrait (#1119).
-
Force apply the CRD in the CRD maintainer (#1116).
This ensures the operator will be the sole manager of the CRD (and all its fields) going forward. This avoids running into conflicts when CRDs were previously deployed by helm or stackablectl.
- Add
CustomResourceDefinitionMaintainerwhich applies and patches CRDs triggered by TLS certificate rotations of theConversionWebhookServer. It additionally provides aoneshotchannel which can for example be used to trigger creation/patching of any custom resources deployed by the operator (#1099). - Add
ConversionWebhookServer::with_maintainerwhich creates a conversion webhook server and a CRD maintainer (#1099).
- BREAKING:
ConversionWebhookServer::newnow returns a pair of values (#1099):- The conversion webhook server itself
- A
mpsc::Receiver<Certificate>to provide consumers the newly generated TLS certificate
- BREAKING: Constants for ports, IP addresses and socket addresses are now associated constants on
(Conversion)WebhookServerinstead of free-standing ones (#1099).
- BREAKING: The
maintain_crdsandfield_managerfields inConversionWebhookOptionsare removed (#1099).
- BREAKING: Support disabling CRD maintenance using a new boolean flag in
ConversionWebhookOptions(#1085).
- BREAKING: Re-write the
ConversionWebhookServer. It can now do CRD conversions, handle multiple CRDs and takes care of reconciling the CRDs (#1066). - BREAKING: The
TlsServercan now handle certificate rotation. To achieve this, a newCertificateResolverwas added. Also,TlsServer::newnow returns an additionalmpsc::Receiver<Certificate>, so that the caller can get notified about certificate rotations happening (#1066). stackable_webhook::Optionshas been renamed tostackable_webhook::WebhookOptions, as well asOptionsBuildertoWebhookOptionsBuilder(#1066).
- Remove
StatefulWebhookHandlerto reduce maintenance effort. Also, webhooks are ideally stateless, so that they can be scaled horizontally. It can be re-added once needed (#1066).
- Don't pull in the
aws-lc-rscrate, as this currently fails to build inmake run-dev(#1043).
- BREAKING: The constant
DEFAULT_IP_ADDRESShas been renamed toDEFAULT_LISTEN_ADDRESSand binds to all addresses (instead of only loopback) by default. This was changed because all the webhooks deployed to Kubernetes (e.g. conversion or mutating - which this crate targets) need to be accessible by it, which is not the case when only using loopback. Also, the constantDEFAULT_SOCKET_ADDRhas been renamed toDEFAULT_SOCKET_ADDRESS(#1045).
- Remove instrumentation of long running functions, add more granular instrumentation of futures. Adjust span and event levels (#811).
- Bump rust-toolchain to 1.79.0 (#822).
- Fix the extraction of
ConnectInfo(data about the connection client) and theHostinfo (data about the server) in theAxumTraceLayer. This was previously not extracted correctly and thus not included in the OpenTelemetry compatible traces (#806). - Spawn blocking code on a blocking thread (#815).
- Instrument
WebhookServerwithAxumTraceLayer, add static healthcheck without instrumentation (#758). - Add shutdown signal hander for the
WebhookServer(#767).
- Bump Rust dependencies and GitHub Actions (#782).
- Bump kube to 0.89.0 and update all dependencies (#762).
- BREAKING: Bump k8s compilation version to
1.29. Also bump all dependencies. There are some breaking changes in k8s-openapi, e.g. PVCs now haveVolumeResourceRequirementsinstead ofResourceRequirements, andPodAffinityTermhas two new fieldsmatch_label_keysandmismatch_label_keys(#769). - Bump GitHub workflow actions (#772).
- Revert
zeroizeversion bump (#772).
- Explicitly set the TLS provider for the ServerConfig, and enable "safe" protocols (#778).