v1.2.0
Customize SpiceDB Deployments
This release of the spicedb-operator includes new features for customizing the way the operator deploys and manages SpiceDB clusters.
A new patches field is available on the SpiceDBCluster that allows flexible customization of the resources the operator creates with Strategic Merge Patch patches or with JSON6902 patch operations.
The status field of the SpiceDBCluster will indicate if there are issues applying patches to the generated resources.
Examples
Strategic Merge Patch:
apiVersion: authzed.com/v1alpha1
kind: SpiceDBCluster
metadata:
name: dev
spec:
config:
datastoreEngine: memory
secretName: dev-spicedb-config
patches:
- kind: Deployment
patch:
metadata:
labels:
added: via-patch
spec:
template:
metadata:
labels:
added: pod-label-via-patchExplicit JSON6902 Patch:
apiVersion: authzed.com/v1alpha1
kind: SpiceDBCluster
metadata:
name: dev
spec:
config:
datastoreEngine: memory
secretName: dev-spicedb-config
patches:
- kind: Deployment
patch:
op: add
path: /metadata/labels
value:
added: via-patchYou can specify multiple patches for the same object (later in the list are applied over top of earlier in the list):
apiVersion: authzed.com/v1alpha1
kind: SpiceDBCluster
metadata:
name: dev
spec:
config:
datastoreEngine: memory
secretName: dev-spicedb-config
patches:
- kind: Deployment
patch:
op: add
path: /metadata/labels
value:
added: via-patch
- kind: Deployment
patch:
metadata:
labels:
added-2: via-patch-2Wildcard * can be used to apply a patch to all resources:
apiVersion: authzed.com/v1alpha1
kind: SpiceDBCluster
metadata:
name: dev
spec:
config:
datastoreEngine: memory
secretName: dev-spicedb-config
patches:
- kind: '*'
patch:
op: add
path: /metadata/labels
value:
added: via-wildcard-patchMemory Update Graph
Although the memory datastore has no need for migrations or automated updates, this release includes an update graph for the memory datastore. You can now use the memory datastore for testing with the same UX as the other datastores.
extraPodAnnotations and extraPodLabels now apply to the migration pods too
You could already add extra annotations and labels to SpiceDB pods, but now they can be added to migration jobs as well. Thanks to @thomasklein94 for the addition!
What's Changed
- Add v1.16.2 to update graphs by @ecordell in #144
- support merge_group event types in GHA by @ecordell in #149
- feat: add extraPodAnnotations on migrations jobs by @thomasklein94 in #147
- Allow clients to specify arbitrary overrides of operator-managed resources by @ecordell in #135
- Bump alpine from 3.17.0 to 3.17.2 by @dependabot in #148
- Bump github.com/spf13/cobra from 1.4.0 to 1.6.1 by @dependabot in #101
- Don't report telemetry from e2e test clusters by @ecordell in #153
- Add update graph for memory datastore by @ecordell in #152
- configurable graph files for tests by @ecordell in #154
- fix: multiple patches modifying arrays with pre-existing values by @ecordell in #156
- Respect StrategicMergePatch metadata when patching by @ecordell in #159
New Contributors
- @thomasklein94 made their first contribution in #147
Full Changelog: v1.1.2...v1.2.0
Install with kubectl
kubectl apply --server-side -f https://github.com/authzed/spicedb-operator/releases/download/v1.2.0/bundle.yamlInclude or modify this release in your own kustomize bundle
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- https://github.com/authzed/spicedb-operator/config?ref=v1.2.0
images:
- name: ghcr.io/authzed/spicedb-operator
newTag: v1.2.0Install with kustomizer
Release manifests can be found at oci://ghcr.io/authzed/spicedb-operator-manifests:v1.2.0 and can be installed or inspected with kustomizer:
kustomizer apply inventory spicedb-operator --artifact oci://ghcr.io/authzed/spicedb-operator-manifests:v1.2.0Docker Images
This release's image is available at:
authzed/spicedb-operator:v1.2.0quay.io/authzed/spicedb-operator:v1.2.0ghcr.io/authzed/spicedb-operator:v1.2.0
