diff --git a/CHANGELOG.md b/CHANGELOG.md index cfd52640..60d714a6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,19 @@ All notable changes to this project are documented in this file. +## 0.10.0 + +**Release date:** 2023-01-07 + +⚠️ This is a **breaking 💣** release. The release now requires cert-manager to run. + +Improvements: +- Add mutating and validating admission webhooks [#229](https://github.com/alexandrevilain/temporal-operator/pull/229) +- Add support for mTLS enabled clusters in WorkerProcess [#223](https://github.com/alexandrevilain/temporal-operator/pull/223) + +Updates: +- Updated ClusterServiceVersion for Operatorhub release v0.9.1 [#231](https://github.com/alexandrevilain/temporal-operator/pull/231) + ## 0.9.1 **Release date:** 2022-12-24 diff --git a/README.md b/README.md index c8795332..7e03dac3 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ First install cert-manager on your cluster. The operator comes with admissions w ``` kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.10.1/cert-manager.yaml ``` -(You can use the installation method you want, see the [cert-manager's documentation](https://cert-manager.io/docs/installation/)) +(You can use the installation method you want, see the [cert-manager's documentation](https://cert-manager.io/docs/installation/)). Note that you can use your own certificates if you don't want cert-manager on your cluster. Then install Temporal Operator's CRDs and the operator itself on your cluster: diff --git a/VERSION b/VERSION index f514a2f0..2774f858 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.9.1 \ No newline at end of file +0.10.0 \ No newline at end of file diff --git a/bundle/manifests/temporal-operator-webhook-service_v1_service.yaml b/bundle/manifests/temporal-operator-webhook-service_v1_service.yaml new file mode 100644 index 00000000..f08f3b74 --- /dev/null +++ b/bundle/manifests/temporal-operator-webhook-service_v1_service.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/created-by: temporal-operator + app.kubernetes.io/instance: webhook-service + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: service + app.kubernetes.io/part-of: temporal-operator + name: temporal-operator-webhook-service +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/bundle/manifests/temporal-operator.clusterserviceversion.yaml b/bundle/manifests/temporal-operator.clusterserviceversion.yaml index 678f2c71..946e12f3 100644 --- a/bundle/manifests/temporal-operator.clusterserviceversion.yaml +++ b/bundle/manifests/temporal-operator.clusterserviceversion.yaml @@ -87,8 +87,8 @@ metadata: "buildDir": "samples-go/helloworld", "buildRegistry": { "passwordSecretRef": { - "key": "PASSWORD", - "name": "docker-password" + "key": "PASSWORD", + "name": "docker-password" }, "repository": "docker.io", "username": "ktenzer" @@ -96,7 +96,7 @@ metadata: "enabled": false, "gitRepository": { "reference": { - "branch": "main" + "branch": "main" }, "url": "https://github.com/ktenzer/samples-go.git" }, @@ -121,7 +121,7 @@ metadata: containerImage: ghcr.io/alexandrevilain/temporal-operator:v0.9.1 operators.operatorframework.io/builder: operator-sdk-v1.23.0 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 - name: temporal-operator.v0.9.1 + name: temporal-operator.v0.10.0 namespace: placeholder spec: apiservicedefinitions: {} @@ -467,7 +467,7 @@ spec: - --leader-elect command: - /manager - image: ghcr.io/alexandrevilain/temporal-operator:v0.9.1 + image: ghcr.io/alexandrevilain/temporal-operator:v0.10.0 livenessProbe: httpGet: path: /healthz @@ -475,6 +475,10 @@ spec: initialDelaySeconds: 15 periodSeconds: 20 name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP readinessProbe: httpGet: path: /readyz @@ -490,10 +494,19 @@ spec: memory: 64Mi securityContext: allowPrivilegeEscalation: false + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true securityContext: runAsNonRoot: true serviceAccountName: temporal-operator-controller-manager terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert permissions: - rules: - apiGroups: @@ -558,5 +571,86 @@ spec: provider: name: Temporal Community url: https://temporal.io/ - version: 0.9.1 replaces: temporal-operator.v0.7.0 + version: 0.10.0 + webhookdefinitions: + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: temporal-operator-controller-manager + failurePolicy: Fail + generateName: mtemporalc.kb.io + rules: + - apiGroups: + - temporal.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - temporalclusters + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-temporal-io-v1beta1-temporalcluster + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: temporal-operator-controller-manager + failurePolicy: Fail + generateName: mtemporalworkerprocess.kb.io + rules: + - apiGroups: + - temporal.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - temporalworkerprocesses + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-temporal-io-v1beta1-temporalworkerprocess + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: temporal-operator-controller-manager + failurePolicy: Fail + generateName: vtemporalc.kb.io + rules: + - apiGroups: + - temporal.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - temporalclusters + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-temporal-io-v1beta1-temporalcluster + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: temporal-operator-controller-manager + failurePolicy: Fail + generateName: vtemporalworkerprocess.kb.io + rules: + - apiGroups: + - temporal.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - temporalworkerprocesses + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-temporal-io-v1beta1-temporalworkerprocess diff --git a/bundle/manifests/temporal.io_temporalclusters.yaml b/bundle/manifests/temporal.io_temporalclusters.yaml index 72bfdf49..98aa83e2 100644 --- a/bundle/manifests/temporal.io_temporalclusters.yaml +++ b/bundle/manifests/temporal.io_temporalclusters.yaml @@ -162,7 +162,6 @@ spec: from. type: string listenPort: - default: 9090 description: ListenPort for prometheus to serve metrics from. format: int32 type: integer diff --git a/bundle/manifests/temporal.io_temporalworkerprocesses.yaml b/bundle/manifests/temporal.io_temporalworkerprocesses.yaml index bc79a46d..ec6ff44a 100644 --- a/bundle/manifests/temporal.io_temporalworkerprocesses.yaml +++ b/bundle/manifests/temporal.io_temporalworkerprocesses.yaml @@ -46,7 +46,8 @@ spec: description: TemporalWorkerProcessSpec defines the desired state of TemporalWorkerProcess properties: builder: - description: Builder is the configuration for building a TemporalWorkerProcess + description: Builder is the configuration for building a TemporalWorkerProcess. + THIS FEATURE IS HIGHLY EXPERIMENTAL. properties: attempt: description: BuildAttempt is the build attempt number of a given @@ -267,9 +268,7 @@ spec: to build worker image. type: string required: - - attempt - conditions - - created - ready - version type: object diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index c2af5da0..c372ce84 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -4,4 +4,4 @@ resources: - manager.yaml images: - name: ghcr.io/alexandrevilain/temporal-operator - newTag: v0.9.1 + newTag: v0.10.0 diff --git a/config/manifests/bases/temporal-operator.clusterserviceversion.yaml b/config/manifests/bases/temporal-operator.clusterserviceversion.yaml index 678f2c71..1f8237d0 100644 --- a/config/manifests/bases/temporal-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/temporal-operator.clusterserviceversion.yaml @@ -558,5 +558,5 @@ spec: provider: name: Temporal Community url: https://temporal.io/ - version: 0.9.1 replaces: temporal-operator.v0.7.0 + version: 0.10.0 diff --git a/config/samples/temporal.io_v1beta1_temporalworkerprocess.yaml b/config/samples/temporal.io_v1beta1_temporalworkerprocess.yaml index 60ed327a..1ebc441c 100644 --- a/config/samples/temporal.io_v1beta1_temporalworkerprocess.yaml +++ b/config/samples/temporal.io_v1beta1_temporalworkerprocess.yaml @@ -3,4 +3,28 @@ kind: TemporalWorkerProcess metadata: name: temporalworkerprocess-sample spec: - # TODO(user): Add fields here + builder: + attempt: 3 + buildDir: samples-go/helloworld + buildRegistry: + passwordSecretRef: + key: PASSWORD + name: docker-password + repository: docker.io + username: ktenzer + enabled: false + gitRepository: + reference: + branch: main + url: https://github.com/ktenzer/samples-go.git + image: quay.io/podman/stable + version: latest + clusterRef: + name: prod + namespace: temporal + image: ktenzer/helloworld-worker + jobTtlSecondsAfterFinished: 300 + pullPolicy: Always + replicas: 3 + temporalNamespace: default + version: latest \ No newline at end of file