v2.1.0
Release notes
Breaking changes
The operator no longer installs CRDs by default
Action required: When installing ASO for the first time, you must now specify crdPattern (for Helm) or --crd-patterns (in operator pod cmdline for raw YAML) to select the subset of CRDs you would like to install.
When upgrading ASO, existing CRDs will be automatically updated to the new version but new CRDs added in that release will not automatically be installed. This means that when upgrading the operator, if you don't want to use any CRDs newly added in that release you don't need to do anything.
Action required: When upgrading ASO, if you want to install new CRDs (for example CRDs just added in the version of ASO you are upgrading to) you must specify crdPattern (Helm) or --crd-patterns (YAML) to install the CRDs. For example: if you do want to use a newly added CRD (such as network.azure.com/bastionHosts mentioned below), you would need to specify crdPatterns=network.azure.com/* when performing the upgrade.
See CRD management in ASO for more details about this change and why it was made.
serviceoperator.azure.com/credential-from no longer supports cross namespace secret references
This was never documented as supported but worked unintentionally. The feature now works as it was always documented: allowing references to secrets only if the secret is in the same namespace as the resource itself.
This was a security issue which we had to close.
See #2919 for more details.
Upgrades from releases prior to v2.0.0-beta.5 are still disallowed
We recommend upgrading from v2.0.0-beta.5 to v2.0.0 and then to v2.1.0.
Upgrading to v2.1.0 from a version prior to v2.0.0-beta.5 is blocked in Helm by a Helm upgrade hook.
Upcoming Breaking changes
Beta CRD deprecation
Beta CRD versions (any version with v1beta prefix) will be deprecated no sooner than v2.3.0. We recommend you start using v1api prefixed versions now. You can easily swap from a v1beta version to a v1api version by just replacing v1beta with v1api in your CRD YAML.
AKS ManagedClusterServicePrincipalProfile.Secret will change from string to genruntime.SecretReference
We realized that this field contains a secret and as such should not be specified. Secrets should not appear in plain text in CRs. We will be making a breaking change in 2.2.0 to resolve this issue.
In the meantime: We strongly recommend you use managed identity (the default) for your clusters.
Tools
- asoctl can now import entire Resource Groups (#2908)
- asoctl can now save imported resources to separate YAML files (#2963)
New resources
- Support Azure DataFactory (#2883)
- Support Microsoft.Network/bastionHosts (#2913)
- Support Microsoft.DBForPostgreSQL FlexibleServer Users (#2834)
- Support Microsoft.Network/natGateways (#2906)
- Support Microsoft.Network/dnszone and Microsoft.Network/dnszone/recordSets (#2918)
- Support Microsoft.Search/searchService (#2916)
- Support Microsoft.DBForMySQL/flexibleServers/configuration #(2987)
- Support Microsoft.ServiceBus/authorizationRules (#2988)
- Support Microsoft.Network/loadBalancers/inboundNatRule (#2984)
- Support Microsoft.Storage/accounts/fileService, tableService, fileShare and table (#2960)
Features
- Updated
kindand other dependencies (#2897) - Support export of AppInsights/Component ConnectionString and InstrumentationKey (#2899)
- Support AAD users for MySQL via existing MySQL User resource (#2954)
- Allow users to configure a subset of CRDs to install (#3007)
Bug fixes
- Fixed bug where we mistakenly retried on OperationNotAllowed for all resources, instead of just a few (#2946)
Documentation
- Regenerate API documentation (#2925)
- Fix various broken links, for example in (#2991)
- Split resources indexes into groups (#3000)
New Contributors
- @johgoe made their first contribution in #2834
- @khareyash05 made their first contribution in #2956
Full Changelog: v2.0.0...v2.1.0
