Skip to content

v2.0.0-alpha.6

Pre-release
Pre-release
Compare
Choose a tag to compare
@matthchr matthchr released this 15 Feb 23:49
· 1236 commits to main since this release
v2.0.0-alpha.6
25513e2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This version is unsupported. To try it out, follow the instructions in the README. After installation, you can see the usage instructions for how to get started.

Breaking changes

Replaced raw secrets with references to Kubernetes secrets

Replaced properties containing raw secrets (passwords, SSH keys, etc) with references to Kubernetes secrets.
This change is not backwards compatible. We realize that breaking changes are difficult for users, but felt that it was better to make this change now in alpha than delay. In this case, the change has significant positive security implications.

The following resources were impacted:

  1. dbformysql.azure.com/v1alpha1api20210501/FlexibleServer: Property administratorLoginPassword
  2. dbforpostgresql.azure.com/v1alpha1api20210601/FlexibleServer: Property administratorLoginPassword
  3. compute.azure.com/v1alpha1api20201201/VirtualMachine: Property osProfile.AdminPassword
  4. compute.azure.com/v1alpha1api20201201/VirtualMachineScaleSet: Property virtualMachineProfile.osProfile

Migration

The migration path for each of these resources is the same:

  1. Ensure that the version of ASO you are running is alpha-6 or later.
  2. Mark the existing resource with annotation serviceoperator.azure.com/reconcile-policy=detach-on-delete.
  3. Delete the resource with kubectl delete. This won't delete the resource in Azure due to the above annotation.
  4. Create a Kubernetes secret containing the value which was previously directly in the resource spec (for example the administratorLoginPassword). This secret must be in the same namespace as where the resource will be created.
  5. Update the resource YAML to refer to the secret. See the example.
  6. kubectl apply the updated resource YAML. This will adopt the resource that already exists in Azure (left from step 3).

Release notes

  • Added support for the following new resources:
    • ContainerRegistry resource (#2074)
    • Compute/Image (#2090)
    • Compute/Snapshot (#2090)
  • Stop using specHash optimization - reconcile should always PUT to Azure (#2202)
  • Turn off Go client retries (#2033)
  • Added support for the reconcile-policy annotation (#2060)
  • Simplify configuration of which resources to export (#2071)
  • Add support for resource extensions generation (#2064)

New Contributors

Full Changelog: v2.0.0-alpha.5...v2.0.0-alpha.6

Contributors

jonnylangefeld, vaspahomov, and 2 other contributors
Assets 5