diff --git a/website/content/en/docs/upgrading-sdk-version/v1.6.0.md b/website/content/en/docs/upgrading-sdk-version/v1.6.0.md index a972269bee3..416227cdd16 100644 --- a/website/content/en/docs/upgrading-sdk-version/v1.6.0.md +++ b/website/content/en/docs/upgrading-sdk-version/v1.6.0.md @@ -15,7 +15,7 @@ To add this option your project you will need to: - manager_config_patch.yaml ``` - Update the `config/manager/kustomization.yaml` by adding: - ```yaml +```yaml generatorOptions: disableNameSuffixHash: true @@ -29,14 +29,15 @@ To add this option your project you will need to: - name: controller newName: quay.io/example/memcached-operator newTag: v0.0.1 - ``` +``` _See [#4701](https://github.com/operator-framework/operator-sdk/pull/4701) for more details._ ## (ansible/v1, helm/v1) Add Role rules for leader election. Add the rule for the `apiGroups` `coordination.k8s.io` and the resource `leases` in config/rbac/leader_election_role.yaml: -```yaml rules: +```yaml +rules: - apiGroups: - "" - coordination.k8s.io @@ -100,7 +101,8 @@ _See [#4660](https://github.com/operator-framework/operator-sdk/pull/4660) for m ## (ansible/v1, helm/v1) Add `securityContext`'s to your manager's Deployment. In `config/manager/manager.yaml`, add the following security contexts: -```yaml spec: +```yaml +spec: ... template: ... @@ -119,7 +121,7 @@ _See [#4655](https://github.com/operator-framework/operator-sdk/pull/4655) for m OLM does [not yet support cert-manager](https://olm.operatorframework.io/docs/advanced-tasks/adding-admission-and-conversion-webhooks/#certificate-authority-requirements), so a JSON patch was added to remove this volume and mount such that OLM can itself create and manage certs for your Operator. In `config/manifests/kustomization.yaml`, add the following: -```yaml +```yaml patchesJson6902: - target: group: apps @@ -202,17 +204,36 @@ _See [#4406](https://github.com/operator-framework/operator-sdk/pull/4406) for m ## (go/v2, go/v3, ansible/v1, helm/v1) Changed `BUNDLE_IMG` and added `IMAGE_TAG_BASE` Makefile variables The following Makefile changes were made to allow `make bundle-build bundle-push catalog-build catalog-push` and encode image repo/namespace information in the Makefile by default: -```diff +IMAGE_TAG_BASE ?= <registry>/<operator name> + -BUNDLE_IMG ?= controller-bundle:$(VERSION) +BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION) ``` +```diff ++IMAGE_TAG_BASE ?= <registry>/<operator name> ++ +-BUNDLE_IMG ?= controller-bundle:$(VERSION) +BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION) +``` + For example, if `IMAGE_TAG_BASE ?= foo/bar-operator` then running `make bundle-build bundle-push catalog-build catalog-push` would build `foo/bar-operator-bundle:v0.0.1` and `foo/bar-operator-catalog:v0.0.1` then push them to the `docker.io/foo` namespaced registry. _See [#4406](https://github.com/operator-framework/operator-sdk/pull/4406) for more details._ -## (ansible/v1, helm/v1) Add a `system:controller-manager` ServiceAccount to your project. +## (ansible/v1, helm/v1) Add the `controller-manager` ServiceAccount to your project. -A non-default ServiceAccount `controller-manager` is scaffolded on `operator-sdk init`, to improve security for operators installed in shared namespaces. To add this ServiceAccount to your project, do the following: ```sh # Create the ServiceAccount. cat <<EOF > config/rbac/service_account.yaml apiVersion: v1 kind: ServiceAccount metadata: +A non-default ServiceAccount `controller-manager` is scaffolded on `operator-sdk init`, to improve security for operators installed in shared namespaces. To add this ServiceAccount to your project, do the following: ```sh +# Create the ServiceAccount. +cat <<EOF > config/rbac/service_account.yaml apiVersion: v1 +kind: ServiceAccount +metadata: name: controller-manager namespace: system -EOF # Add it to the list of RBAC resources. echo "- service_account.yaml" >> config/rbac/kustomization.yaml # Update all RoleBinding and ClusterRoleBinding subjects that reference the operator's ServiceAccount. find config/rbac -name *_binding.yaml -exec sed -i -E 's/ name: default/ name: controller-manager/g' {} \; # Add the ServiceAccount name to the manager Deployment's spec.template.spec.serviceAccountName. sed -i -E 's/([ ]+)(terminationGracePeriodSeconds:)/\1serviceAccountName: controller-manager\n\1\2/g' config/manager/manager.yaml ``` The changes should look like: ```diff # config/manager/manager.yaml +EOF +# Add it to the list of RBAC resources. +echo "- service_account.yaml" >> config/rbac/kustomization.yaml +# Update all RoleBinding and ClusterRoleBinding subjects that reference the operator's ServiceAccount. +find config/rbac -name *_binding.yaml -exec sed -i -E 's/ name: default/ name: controller-manager/g' {} \; # Add the ServiceAccount name to the manager Deployment's spec.template.spec.serviceAccountName. sed -i -E 's/([ ]+)(terminationGracePeriodSeconds:)/\1serviceAccountName: controller-manager\n\1\2/g' config/manager/manager.yaml +``` + +The changes should look like: + +```diff +# config/manager/manager.yaml requests: cpu: 100m memory: 20Mi @@ -222,7 +243,8 @@ EOF # Add it to the list of RBAC resources. echo "- service_account.yaml" >> con name: proxy-role subjects: - kind: ServiceAccount -- name: default + name: controller-manager +- name: default ++ name: controller-manager namespace: system # config/rbac/kustomization.yaml resources: @@ -234,14 +256,22 @@ EOF # Add it to the list of RBAC resources. echo "- service_account.yaml" >> con name: leader-election-role subjects: - kind: ServiceAccount -- name: default + name: controller-manager +- name: default ++ name: controller-manager namespace: system # config/rbac/role_binding.yaml name: manager-role subjects: - kind: ServiceAccount -- name: default + name: controller-manager +- name: default ++ name: controller-manager namespace: system -# config/rbac/service_account.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller-manager + namespace: system ``` +# config/rbac/service_account.yaml ++apiVersion: v1 ++kind: ServiceAccount ++metadata: ++ name: controller-manager ++ namespace: system +``` _See [#4653](https://github.com/operator-framework/operator-sdk/pull/4653) for more details._