v2.0.0-beta.1

Breaking changes

• Removed the password field of osProfile in virtualmachinescalesets.compute.azure.com status. This field was never returned by the underlying API and so was always empty.
• Renamed eTag to etag in the status of workspaces.operationalinsights.azure.com. This field was always empty previously. See the upstream change for more context.

If you have not taken an explicit dependency on one of the status fields mentioned above you should be able to directly upgrade from v2.0.0-beta.0 to v2.0.0-beta.1 .

Helm chart breaking changes

• CRDs are now managed as resources by Helm. This was necessary for Helm to apply CRD updates. See #2338 for more details.

Warning: If you deployed v2.0.0-beta.0 with Helm, you must manually adopt the CRDs into the Helm release before upgrading to v2.0.0-beta.1 or helm upgrade will fail. You can use the script below to do this.

First set set HELM_RELEASE=<your helm release name> and HELM_RELEASE_NAMESPACE=azureserviceoperator-system

#!/bin/bash

set -euo pipefail

echo "Annotating ASO CRDs with release-name=${HELM_RELEASE}, release-namespace=${HELM_RELEASE_NAMESPACE}"

for CRD in $(kubectl get crds -o='custom-columns=Name:.metadata.name' | grep azure.com)
do
    kubectl label crd ${CRD} app.kubernetes.io/managed-by=Helm --overwrite
    kubectl annotate crd ${CRD} meta.helm.sh/release-name=${HELM_RELEASE} --overwrite
    kubectl annotate crd ${CRD} meta.helm.sh/release-namespace=${HELM_RELEASE_NAMESPACE} --overwrite
done

Release notes

New resources

• containerinstance.ContainerGroup by @majguo (#2330)
• cdn.Profile and cdn.ProfilesEndpoint (#2286)
• dbformariadb.Server, dbformariadb.Database and dbformariadb.Configuration (#2306)
• keyvault.Vault (#2310)
• networking.RouteTable and networking.RouteTablesRoute (#2302)
• dbformysql.User (#2328)

Features

• A number of documentation improvements, including changing the format of the documentation website to look nicer while also being easier to navigate.
• Added liveness probe to operator pod (#2254)
• Add validation for AzureName and Owner immutability (#2260)
• Added infrastructure to support reconciling resources that aren't ARM resources. The first example of this is the new dbformysql.User support (#2328)
• Expose fullyQualifiedDomainName as a secret for postgres and mysql (#2297)
• Make manager container the default for kubectl logs (#2303)
• Update version of gopkg.in/yaml.v3 to address CVE-2022-28948 (#2320)
• Update azcore, azidentity and azure-sdk to v1.0.0 (#2331)
• Add support for AKS ManagedCluster credentials (#2355)

Bug fixes

• Add missing secret permissions to ASO service account (#2346)
• Fix bug where controller could crash if attempting to emit metric for HTTP response that timed out (#2347)
• Add leases access to leader role (#2365)
• Clearer error if AzureName is not set (#2366)

Upcoming deprecations

The v1alpha1 resources will be deprecated no sooner than v2.0.0-beta.2.

Please migrate away from these resources by updating the apiVersion to the corresponding v1beta... API. See supported resources for details about the specific apiVersion to use for each type of resource.

New Contributors

• @majguo made their first contribution in #2330

Full Changelog: v2.0.0-beta.0...v2.0.0-beta.1

v2.0.0-beta.0

Release notes

• Added v1beta versions of all resources.
• Added support for Azure generated secrets. Azure generated secrets are supported for the following resources:
  • storage.StorageAccount
  • cache.Redis
  • documentdb.DatabaseAccount
• Added support for the following new resources:
  • storage.StorageAccountsManagementPolicy
• Documentation improvements:
  • Added CRD reference documentation. See for example the authorization.azure.com reference docs.
  • Document ASO's usage of Condition's (#2130).
  • Improved readability of supported resources page (#2221)
• Added Helm chart.
• Enabled tracking of various Azure specific metrics in addition to built-in controller-runtime metrics (#2180).
• Updated version of controller-runtime, controller-gen, and envtest (#2217).
• Bug fixes:
  • Fixed a bug where the Ready Condition of a resource was not set in some error cases (#2098).
  • Fixed a bug where some errors were incorrectly classified as a warning when they were actually fatal (#2108).
  • Fixed a bug where resources with required fields weren't correctly being rejected when those fields were not included (#2126).
  • Fixed a bug where some Status types had kubebuilder validations (#2148).
  • Fixed a bug where a VNET update could unexpectedly delete subnets in that VNET (#2169).
  • Fixed a bug where invalid code could be generated for resources with multiple versions and complex relationships between those versions (#2186, #2201)

Upcoming deprecations

The v1alpha1 resources will be deprecated no sooner than v2.0.0-beta.2.

Please migrate away from these resources by updating the apiVersion to the corresponding v1beta... API. See supported resources for details about the specific apiVersion to use for each type of resource.

1.0.39435

Changes:

• cfb40ee Make elastic pool id configurable on Azure SQL DB (#2184)

This list of changes was auto generated.

v2.0.0-alpha.6

This version is unsupported. To try it out, follow the instructions in the README. After installation, you can see the usage instructions for how to get started.

Breaking changes

Replaced raw secrets with references to Kubernetes secrets

Replaced properties containing raw secrets (passwords, SSH keys, etc) with references to Kubernetes secrets.
This change is not backwards compatible. We realize that breaking changes are difficult for users, but felt that it was better to make this change now in alpha than delay. In this case, the change has significant positive security implications.

The following resources were impacted:

1. dbformysql.azure.com/v1alpha1api20210501/FlexibleServer: Property administratorLoginPassword
2. dbforpostgresql.azure.com/v1alpha1api20210601/FlexibleServer: Property administratorLoginPassword
3. compute.azure.com/v1alpha1api20201201/VirtualMachine: Property osProfile.AdminPassword
4. compute.azure.com/v1alpha1api20201201/VirtualMachineScaleSet: Property virtualMachineProfile.osProfile

Migration

The migration path for each of these resources is the same:

1. Ensure that the version of ASO you are running is alpha-6 or later.
2. Mark the existing resource with annotation serviceoperator.azure.com/reconcile-policy=detach-on-delete.
3. Delete the resource with kubectl delete. This won't delete the resource in Azure due to the above annotation.
4. Create a Kubernetes secret containing the value which was previously directly in the resource spec (for example the administratorLoginPassword). This secret must be in the same namespace as where the resource will be created.
5. Update the resource YAML to refer to the secret. See the example.
6. kubectl apply the updated resource YAML. This will adopt the resource that already exists in Azure (left from step 3).

Release notes

• Added support for the following new resources:
  • ContainerRegistry resource (#2074)
  • Compute/Image (#2090)
  • Compute/Snapshot (#2090)
• Stop using specHash optimization - reconcile should always PUT to Azure (#2202)
• Turn off Go client retries (#2033)
• Added support for the reconcile-policy annotation (#2060)
• Simplify configuration of which resources to export (#2071)
• Add support for resource extensions generation (#2064)

New Contributors

• @jonnylangefeld made their first contribution in #1766
• @uya116 made their first contribution in #2012
• @vaspahomov made their first contribution in #2078
• @super-harsh made their first contribution in #2064

Full Changelog: v2.0.0-alpha.5...v2.0.0-alpha.6

v2.0.0-alpha.5

This version is unsupported. To try it out, follow the instructions in the README. After installation, you can see the usage instructions for how to get started.

Release notes

• Fixes the conversion webhook bug in the previous release YAML that prevented creation of resources. See #2018 for more information.
• Added support for the following new resources:
  • EventGrid:
    • Domain
    • DomainsTopic
    • EventSubscription

Full Changelog: 2.0.0-alpha.4...2.0.0-alpha.5

v2.0.0-alpha.4

This version is unsupported. To try it out, follow the instructions in the README. After installation, you can see the usage instructions for how to get started.

Breaking changes

This release has two breaking changes that will affect existing deployments of the v2 Azure service operator. The ASO team realize that this is inconvenient for existing users, but decided that making the changes now while the operator is in alpha is better than trying to make them post-beta (or never making them). There are migration steps listed for each change.

API group change

The microsoft. prefix for Azure resources has been removed because it's redundant (since the groups are all under azure.com). For example, the YAML for a CosmosDB DatabaseAccount now starts with:

apiVersion: documentdb.azure.com/v1alpha1api20210515
kind: DatabaseAccount

Previously it was:

apiVersion: microsoft.documentdb.azure.com/v1alpha1api20210515
kind: DatabaseAccount

To migrate existing resources from the old API group to the new one, use the following steps:

1. Apply this release's operator YAML - this will create the new CRDs and update the deployment to use the new image. Ensure that any pods for the previous version of the operator have stopped. This will avoid the Azure resources being deleted when we clean up the old Kubernetes resources in step 4.
2. Edit the source YAML used to deploy the existing resources to have the new API group (for example documentdb.azure.com rather than microsoft.documentdb.azure.com).
3. Apply the updated YAML for the resources. These will be linked to the existing Azure resources.
4. For each old microsoft. resource, remove its serviceoperator.azure.com/finalizer and then delete it. You can find the resources with this command:
   kubectl api-resources -o name | grep 'microsoft\..*\.azure\.com' | paste -sd "," - | xargs kubectl get -A
   This is safe at this point because the alpha.4 version of the operator is only watching resources for the new non-microsoft. CRDs.
5. Delete the old microsoft. CRDs with:
   kubectl api-resources -o name | grep 'microsoft\..*\.azure\.com' | xargs kubectl delete customresourcedefinition

Removing namespace from resource references

The namespace field on resource references (for example vnetSubnetIDReference on ManagedClustersAgentPool) has been removed, following the Kubernetes Architecture SIG's recommendations on object references.

If you have resources with references to resources in a different namespace, edit the YAML of the reference to use the ARM ID of the resource in Azure rather than the group/kind/namespace/name of the resource in the Kubernetes cluster.

Release notes

• Added support for the following new resources:
  • PostgreSQL FlexibleServersConfiguration
  • SignalR
  • MySQL:
    • FlexibleServer
    • FlexibleServersDatabase
    • FlexibleServersFirewallRule
  • Application Insights:
    • Webtest
    • Component
  • Redis:
    • Redis
    • RedisLinkedServer
    • RedisFirewallRule
    • RedisPatchSchedule
    • RedisEnterprise
    • RedisEnterpriseDatabase

Full Changelog: v2.0.0-alpha.3...v2.0.0-alpha.4

v2.0.0-alpha.3

This version is unsupported. To try it out, follow the instructions in the README. After installation, you can see the usage instructions for how to get started.

Release notes

• Added support for the following new resources:
  • EventGrid Topic
  • EventHub:
    • Namespace
    • NamespacesAuthorizationRule
    • NamespacesEventhub
    • NamespacesEventhubsAuthorizationRule
    • NamespacesEventhubsConsumerGroup
  • VirtualMachine
  • NetworkInterface
• Added a new Documentation site
• Added condition severity to Azure resources' print columns
• Support deploying ASOv2 alongside v1 in the same cluster
• Support running the operator with a managed identity rather than service principal

Full Changelog: v2.0.0-alpha.2...v2.0.0-alpha.3

v2.0.0-alpha.2

This version is unsupported. To try it out, follow the instructions in the README. After installation, you can see the usage instructions for how to get started.

Release notes

• Added support for the following new resources:
  • Cosmos DB:
    • MongodbDatabase
    • MongodbDatabaseCollection
    • SqlDatabase
    • SqlDatabaseContainer
    • SqlDatabaseContainerTrigger
    • SqlDatabaseContainerStoredProcedure
    • SqlDatabaseContainerUserDefinedFunction
  • PostgreSQL:
    • FlexibleServer
    • FlexibleServersDatabase
    • FlexibleServersFirewallRule
  • RoleAssignment
• Moved the code generator and controller from hack folder to new v2 folder so they are much easier to find.
• Ported support for operator-per-namespace multitenancy to the v2 operator. This enables running multiple ASO deployments in one cluster watching different namespaces and using different credentials.
• Improved error reporting in logging and resource conditions.

Full Changelog: v2.0.0-alpha.1...v2.0.0-alpha.2

v2.0.0-alpha.1

This version is unsupported. To try it out, follow the instructions in the README. After installation, you can see the usage instructions for how to get started.

Release notes

• Added support for the following new resources:
  • NeworkSecurityGroup
  • NetworkSecurityGroupsSecurityRule
  • UserAssignedIdentity
  • AKS ManagedCluster
  • AKS ManagedClustersAgentPool
• Removed kubebuilder validations on Status resources. These validations could sometimes prevent the operator from saving status.
• Optimize controller back-off for the cloud (starts out slower, but doesn't back off quite as much as before so that we catch changes faster even once we've reached full back-off).
• Prevent controller reconciliation when only the Status of a resource has been changed.
• Improved the error message returned to users if the Owner is missing or pointing to a resource of the wrong type.
• Improved log messages written by the controller.
• Fixed bug with ResourceReference regex that incorrectly prevented some valid ARM IDs from being specified.

1.0.28631: Fix conversion webhooks in operator bundle (#1765)

Changes:

• 4fb3081 Fix conversion webhooks in operator bundle (#1765)
• b87d92c Controller logging improvements (#1759)
• a82afe8 Improve golden file testing (#1737)
• a7a086d Improve owner missing error message (#1747)
• 943f298 Fix README instruction indentation of yaml example (#1755)
• 89ac128 Add git diff output if files have changed (#1753)
• cfb25c0 Use reconcile predicates to prevent reconcile on status update (#1752)
• 6917a6e Add check for uncommitted changes after build (#1750)
• 7460cd4 Minor fix to README (#1751)
• 7bf2652 Small usability improvements to Dockerfile (#1749)

See More

• aa0a45c Rename _apis directory to apis and commit it (#1741)
• 1a18073 Update documentation for v2 (#1733)
• 452439c Add round trip tests of Property Assignment methods (#1725)
• 9d1f49f Add tests for pipeline stage to inject JSON Serialization tests (#1727)
• 2d87ed9 Update kind (#1738)
• 2b5686b Fix ASOv1 CI due to Kubebuilder download break (#1746)
• f6f07c6 Capture a couple of architecture decisions (#1740)
• ae76dcd Increase test polling speed some to reduce flakiness (#1745)
• ba7ac7b Stop VS Code complaning about devcontainer.json (#1736)
• 55d7d52 Improve recording default timeouts and controller backoff timing (#1731)
• f68f4c2 Remove all status validations (#1732)
• a7345fd Fixes for CI breakage (#1734)
• b3e7293 Add new options to support KeyVault soft delete (#1717)
• 315fe4d Fix EOLN settings so devcontainer works on Windows (#1719)
• 6652fb1 Suppress classes causing test failures (#1724)
• 1def7c5 Add operator mode configuration (#1658)
• e190674 Remove envtest job timeout for now (#1723)
• 71269af Tidyup and testing of JSON Serialization Tests (#1710)
• 290d399 Add UserManagedIdentity support (#1716)
• 2ffb918 Use PropertyBag for storage of unknown properties (#1682)
• 2d5ce77 Add NSG and NSG Rule support (#1701)
• a24a5e7 Add document for how to add a code generated resource (#1711) [ #1683 ]
• 98d093e Fix push target (#1713)
• fa62dda Remove "infra" from resource suffix (#1712)
• d772e2d Code generator code gardening (#1700)
• 4d4f459 Add printcolumns support on generated resources (#1699)
• f153260 Push releases to public MCR (#1709)
• 75e0aec Update kind version (#1707)
• 7619d96 GITHUB_WORKSPACE doesn't work in asset action (#1706)
• 77ce79e Push image from host rather than devcontainer (#1705)
• 5589763 Fix run-kustomize task and reorder steps (#1704)
• 5eb3e9f Make build-version work with multiple pre-release bits (#1703)
• 9f4d734 Change docker-login method (#1702)
• 74b5279 Bundle configuration/Kustomize output and upload to release (#1697)
• 7359ae7 Ignore changes to .github & .devcontainer dirs (#1698)
• 8342e41 Use Conditions rather than annotations to determine reconcile state (#1696)
• 34f39d5 Update Azure SDK version and update Helm chart parameters (#1695)
• 14ee7ad Release pipeline for v2 builds (#1692) [ #1632 ]
• be04d13 Improve the external API of the PropertyBag (#1669)
• cddee0f Generalize our JSON serialization test case to work with resources too (#1693)
• c4f0f09 Force top level status properties to be optional (#1694)
• 4c3c12d New conditions pipeline stages (#1689)
• 462f59f Update makefile with latest operator bundle version (#1677)
• 00f5405 Generate DeepCopy() methods for genruntime types (#1688)
• e697bc1 Update go-task and use deduplication (#1690)
• e2dd065 Use Github Action to add needs-triage label (#1687)
• 1db5905 Don't CommitUpdate twice in a single reconcile loop (#1684)
• 189aae5 Add new conditions type (#1675)
• e0b7929 Implement conversions for Specs and Statuses (#1649)
• dfff16c Use Update (PUT) not Patch when modifying spec and status (#1674)
• d8fd4d2 Ad concurrency key to live resource usage (#1660)
• fe3c776 Update our triage docs for new tag (#1681)
• a8e30ae Update helm chart to 1.7.0 (ASO version 1.0.27207) (#1676)

This list of changes was auto generated.