Release v0.0.34

openMCP

Components:

mcp-operator [v0.42.1]:

Changes included in v0.42.1:

🐛 Fixes

• update the controlplane resource even when in deletion #216
  • [USER][BUGFIX] Trigger the update of the ControlPlane resource even when CloudOrchestrator has a deletion timestamp

---

openmcp-operator [v0.16.0]:

Changes included in v0.16.0:

🚀 Features

• release v0.16.0 #190
  • [USER][FEATURE] - Release v0.16.0
• prepare for high availability #188
  • [OPERATOR][FEATURE] Add high availability features for the openmcp-operator and service-providers, cluster-providers and platform-services
• exclude provider fields from status update & utility to set these fields #187
  • [DEVELOPER][FEATURE] - Utility function for service providers to add the kinds of their managed resources to the ServiceProvider status

🔧 Chores

• remove namespace field from secret reference in AccessRequest status #183
  • [USER][BREAKING] Removed the status.secretRef.namespace field from AccessRequest resources which was added by accident. The access secrets are expected to be in the same namespace as the AccessRequest itself, so wherever this field is read, it can just be replaced with the AccessRequest's namespace.
• improve the advanced clusteraccess library's abilities to mock fake clients in unit tests #186
  • [DEVELOPER][FEATURE] The advanced ClusterAccess library's capabilities regarding unit tests have been enhanced by adding a configurable FakeClientGenerator to the reconciler. If set, this function will be called when trying to build a client.Client out of an AccessRequest's kubeconfig secret. This enables the test code to inject fake client implementations into the reconciler's Access method and thereby removes the need for any test-specific coding in the controller's logic itself.

---

gitops-templates [v0.1.0]:

Changes included in v0.1.0:

---

control-plane-operator [v0.1.18]:

Changes included in v0.1.18:

🐛 Fixes

• go.mod dependencies #122
  • [DEPENDENCY][OTHER] Fixing dependencies errors because of pointer type declaration and usage error

---

quota-operator [v0.14.0]:

Changes included in v0.14.0:

---

project-workspace-operator [v0.19.0]:

Changes included in v0.19.0:

---

bootstrapper [v0.5.1]:

Changes included in v0.5.1:

🐛 Fixes

• serilization of componentReferences #97
  • [USER][BUGIFX] Fix serilization of componentReferences in component versions

---

service-provider-landscaper [v0.10.0]:

Changes included in v0.10.0:

🚀 Features

• read own deployment configuration resource to get image pull secrets #152
  • [OPERATOR][FEATURE] Configure image pull secrets specified in the service provider deployment resource

---

service-provider-crossplane [v0.1.1]:

Changes included in v0.1.1:

🔧 Chores

• upgrade dependencies #49
  • [DEPENDENCY][OTHER] Fixing pointer type usage due to dependency updates

---

cluster-provider-gardener [v0.9.1]:

Changes included in v0.9.1:

🐛 Fixes

• preserve metadata fields #141
  • [USER][FEATURE] Allow to use the metadata field of the Shoot Template in the ProviderConfig

---

cluster-provider-kind [v0.0.15]:

Changes included in v0.0.15:

🚀 Features

• add script for local development #70
  • [DEVELOPER][FEATURE] Add scripts for enabling local development with cluster-provider-kind.

---

platform-service-dns [v0.0.2]:

Changes included in v0.0.2:

🔧 Chores

• bug fixes and secret copying #21
  • [OPERATOR][BREAKING] The structure of the DNSServiceConfig CRD changed slightly: spec.secretsToCopy was an array before, now it is a struct with the toPlatformCluster and toTargetCluster fields that contain the array which was on the top-level field before.
  • [OPERATOR][BUGFIX] Fixed some bugs related to the validation of the DNSServiceConfig CRD.
  • [OPERATOR][BUGFIX] Fixed a bug where the HelmRelease manifest was generated incorrectly if a helm chart in an OCI registry was referenced.
  • [OPERATOR][FEATURE] In addition to copying secrets from the provider namespace (on the platform cluster) into the cluster namespace (also on the platform cluster), it is now also possible to copy secrets into the namespace on the target cluster where the external-dns helm chart is deployed into.

---

Release v0.0.33

openMCP

Components:

mcp-operator [v0.42.1]:

Changes included in v0.42.1:

🐛 Fixes

• update the controlplane resource even when in deletion #216
  • [USER][BUGFIX] Trigger the update of the ControlPlane resource even when CloudOrchestrator has a deletion timestamp

---

openmcp-operator [v0.16.0]:

Changes included in v0.16.0:

🚀 Features

• release v0.16.0 #190
  • [USER][FEATURE] - Release v0.16.0
• prepare for high availability #188
  • [OPERATOR][FEATURE] Add high availability features for the openmcp-operator and service-providers, cluster-providers and platform-services
• exclude provider fields from status update & utility to set these fields #187
  • [DEVELOPER][FEATURE] - Utility function for service providers to add the kinds of their managed resources to the ServiceProvider status

🔧 Chores

• remove namespace field from secret reference in AccessRequest status #183
  • [USER][BREAKING] Removed the status.secretRef.namespace field from AccessRequest resources which was added by accident. The access secrets are expected to be in the same namespace as the AccessRequest itself, so wherever this field is read, it can just be replaced with the AccessRequest's namespace.
• improve the advanced clusteraccess library's abilities to mock fake clients in unit tests #186
  • [DEVELOPER][FEATURE] The advanced ClusterAccess library's capabilities regarding unit tests have been enhanced by adding a configurable FakeClientGenerator to the reconciler. If set, this function will be called when trying to build a client.Client out of an AccessRequest's kubeconfig secret. This enables the test code to inject fake client implementations into the reconciler's Access method and thereby removes the need for any test-specific coding in the controller's logic itself.

---

gitops-templates [v0.1.0]:

Changes included in v0.1.0:

---

control-plane-operator [v0.1.18]:

Changes included in v0.1.18:

🐛 Fixes

• go.mod dependencies #122
  • [DEPENDENCY][OTHER] Fixing dependencies errors because of pointer type declaration and usage error

---

quota-operator [v0.14.0]:

Changes included in v0.14.0:

---

project-workspace-operator [v0.19.0]:

Changes included in v0.19.0:

---

bootstrapper [v0.5.0]:

Changes included in v0.5.0:

🚀 Features

• add deploy-eso #91
  • [USER][FEATURE] Add deploy-eso command

---

service-provider-landscaper [v0.10.0]:

Changes included in v0.10.0:

🚀 Features

• read own deployment configuration resource to get image pull secrets #152
  • [OPERATOR][FEATURE] Configure image pull secrets specified in the service provider deployment resource

---

service-provider-crossplane [v0.1.1]:

Changes included in v0.1.1:

🔧 Chores

• upgrade dependencies #49
  • [DEPENDENCY][OTHER] Fixing pointer type usage due to dependency updates

---

cluster-provider-gardener [v0.9.1]:

Changes included in v0.9.1:

🐛 Fixes

• preserve metadata fields #141
  • [USER][FEATURE] Allow to use the metadata field of the Shoot Template in the ProviderConfig

---

cluster-provider-kind [v0.0.15]:

Changes included in v0.0.15:

🚀 Features

• add script for local development #70
  • [DEVELOPER][FEATURE] Add scripts for enabling local development with cluster-provider-kind.

---

platform-service-dns [v0.0.2]:

Changes included in v0.0.2:

🔧 Chores

• bug fixes and secret copying #21
  • [OPERATOR][BREAKING] The structure of the DNSServiceConfig CRD changed slightly: spec.secretsToCopy was an array before, now it is a struct with the toPlatformCluster and toTargetCluster fields that contain the array which was on the top-level field before.
  • [OPERATOR][BUGFIX] Fixed some bugs related to the validation of the DNSServiceConfig CRD.
  • [OPERATOR][BUGFIX] Fixed a bug where the HelmRelease manifest was generated incorrectly if a helm chart in an OCI registry was referenced.
  • [OPERATOR][FEATURE] In addition to copying secrets from the provider namespace (on the platform cluster) into the cluster namespace (also on the platform cluster), it is now also possible to copy secrets into the namespace on the target cluster where the external-dns helm chart is deployed into.

---

Release v0.0.32

openMCP

Components:

mcp-operator [v0.42.1]:

Changes included in v0.42.1:

🐛 Fixes

• update the controlplane resource even when in deletion #216
  • [USER][BUGFIX] Trigger the update of the ControlPlane resource even when CloudOrchestrator has a deletion timestamp

---

openmcp-operator [v0.16.0]:

Changes included in v0.16.0:

🚀 Features

• release v0.16.0 #190
  • [USER][FEATURE] - Release v0.16.0
• prepare for high availability #188
  • [OPERATOR][FEATURE] Add high availability features for the openmcp-operator and service-providers, cluster-providers and platform-services
• exclude provider fields from status update & utility to set these fields #187
  • [DEVELOPER][FEATURE] - Utility function for service providers to add the kinds of their managed resources to the ServiceProvider status

🔧 Chores

• remove namespace field from secret reference in AccessRequest status #183
  • [USER][BREAKING] Removed the status.secretRef.namespace field from AccessRequest resources which was added by accident. The access secrets are expected to be in the same namespace as the AccessRequest itself, so wherever this field is read, it can just be replaced with the AccessRequest's namespace.
• improve the advanced clusteraccess library's abilities to mock fake clients in unit tests #186
  • [DEVELOPER][FEATURE] The advanced ClusterAccess library's capabilities regarding unit tests have been enhanced by adding a configurable FakeClientGenerator to the reconciler. If set, this function will be called when trying to build a client.Client out of an AccessRequest's kubeconfig secret. This enables the test code to inject fake client implementations into the reconciler's Access method and thereby removes the need for any test-specific coding in the controller's logic itself.

---

gitops-templates [v0.1.0]:

Changes included in v0.1.0:

---

control-plane-operator [v0.1.17]:

Changes included in v0.1.17:

🚀 Features

• add OCIRepositoryAdapter #118
  • [DEVELOPER][FEATURE] Add support for OCIRepository resources as SourceAdapter for the Juggler lib

---

quota-operator [v0.14.0]:

Changes included in v0.14.0:

---

project-workspace-operator [v0.19.0]:

Changes included in v0.19.0:

---

bootstrapper [v0.5.0]:

Changes included in v0.5.0:

🚀 Features

• add deploy-eso #91
  • [USER][FEATURE] Add deploy-eso command

---

service-provider-landscaper [v0.10.0]:

Changes included in v0.10.0:

🚀 Features

• read own deployment configuration resource to get image pull secrets #152
  • [OPERATOR][FEATURE] Configure image pull secrets specified in the service provider deployment resource

---

service-provider-crossplane [v0.0.5]:

Changes included in v0.0.5:

🚀 Features

• add crd manifests to component #32
  • [OPERATOR][FEATURE] Add CRD manifests to OCM component

---

cluster-provider-gardener [v0.9.0]:

Changes included in v0.9.0:

🚀 Features

• wait with cluster deletion until foreign finalizers are removed #132
  • [USER][FEATURE] The ClusterProvider Gardener will not trigger the shoot deletion anymore if the Cluster contains other finalizers than its own one. This allows other controllers with finalizers on the Cluster - likely because they deployed something on the cluster - to cleanup first before the cluster is deleted, thereby potentially preventing leaked/orphaned resources.
• enable omitting provider name prefix in rbac #134
  • [USER][FEATURE] For subjects with kind Group or User in an AccessRequest's spec. oidc.roleBindings[*].subjects entry, it is now possible to prefix the name with ::. This will cause the ClusterProvider to just remove this prefix instead of applying the oidc provider name when creating (Cluster)RoleBindings out of this configuration. By using this method, it is now possible to bind to k8s-predefined Groups such as system:authenticated by specifying ::system:authenticated as subject name, for example.

🔧 Chores

• rename AccessRequest secret #131
  • [USER][BREAKING] The secrets created for AccessRequest resources are now named <access-request-name>.kubeconfig. Before, they were just named like the owning AccessRequest itself. Existing secrets with the old name will continue to exist until the AccessRequest is removed, but they will not be updated anymore.

---

cluster-provider-kind [v0.0.15]:

Changes included in v0.0.15:

🚀 Features

• add script for local development #70
  • [DEVELOPER][FEATURE] Add scripts for enabling local development with cluster-provider-kind.

---

platform-service-dns [v0.0.2]:

Changes included in v0.0.2:

🔧 Chores

• bug fixes and secret copying #21
  • [OPERATOR][BREAKING] The structure of the DNSServiceConfig CRD changed slightly: spec.secretsToCopy was an array before, now it is a struct with the toPlatformCluster and toTargetCluster fields that contain the array which was on the top-level field before.
  • [OPERATOR][BUGFIX] Fixed some bugs related to the validation of the DNSServiceConfig CRD.
  • [OPERATOR][BUGFIX] Fixed a bug where the HelmRelease manifest was generated incorrectly if a helm chart in an OCI registry was referenced.
  • [OPERATOR][FEATURE] In addition to copying secrets from the provider namespace (on the platform cluster) into the cluster namespace (also on the platform cluster), it is now also possible to copy secrets into the namespace on the target cluster where the external-dns helm chart is deployed into.

---

Release v0.0.31

openMCP

Components:

mcp-operator [v0.42.0]:

Changes included in v0.42.0:

---

openmcp-operator [v0.15.2]:

Changes included in v0.15.2:

🚀 Features

• advanced clusteraccess library #173
  • [DEVELOPER][BREAKING] The behavior of the library in lib/clusteraccess has changed slightly: Before, the Reconcile method would wait for some other controller to create the namespace and requeue the reconciliation until it existed. Now, it will instead create the namespace itself.
  • [DEVELOPER][FEATURE] The lib/clusteraccess/advanced package now contains a highly flexible library for generating access to clusters during a controller's reconciliation loop. See the documentation for further information.

🐛 Fixes

• requeue mcp if not ready #184
  • [USER][BUGFIX] Fixed a bug that caused an MCPv2 to not be requeued for reconciliation despite not being Ready yet, causing it to be stuck in Progressing until a reconciliation was triggered externally.

---

gitops-templates [v0.1.0]:

Changes included in v0.1.0:

---

control-plane-operator [v0.1.17]:

Changes included in v0.1.17:

🚀 Features

• add OCIRepositoryAdapter #118
  • [DEVELOPER][FEATURE] Add support for OCIRepository resources as SourceAdapter for the Juggler lib

---

quota-operator [v0.14.0]:

Changes included in v0.14.0:

---

project-workspace-operator [v0.19.0]:

Changes included in v0.19.0:

---

bootstrapper [v0.4.0]:

Changes included in v0.4.0:

🚀 Features

• more ocm template funcs #89
  • [USER][FEATURE] Add getRootComponentVersion and getResourceFromComponentVersion template functions

---

service-provider-landscaper [v0.10.0]:

Changes included in v0.10.0:

🚀 Features

• read own deployment configuration resource to get image pull secrets #152
  • [OPERATOR][FEATURE] Configure image pull secrets specified in the service provider deployment resource

---

service-provider-crossplane [v0.0.5]:

Changes included in v0.0.5:

🚀 Features

• add crd manifests to component #32
  • [OPERATOR][FEATURE] Add CRD manifests to OCM component

---

cluster-provider-gardener [v0.9.0]:

Changes included in v0.9.0:

🚀 Features

• wait with cluster deletion until foreign finalizers are removed #132
  • [USER][FEATURE] The ClusterProvider Gardener will not trigger the shoot deletion anymore if the Cluster contains other finalizers than its own one. This allows other controllers with finalizers on the Cluster - likely because they deployed something on the cluster - to cleanup first before the cluster is deleted, thereby potentially preventing leaked/orphaned resources.
• enable omitting provider name prefix in rbac #134
  • [USER][FEATURE] For subjects with kind Group or User in an AccessRequest's spec. oidc.roleBindings[*].subjects entry, it is now possible to prefix the name with ::. This will cause the ClusterProvider to just remove this prefix instead of applying the oidc provider name when creating (Cluster)RoleBindings out of this configuration. By using this method, it is now possible to bind to k8s-predefined Groups such as system:authenticated by specifying ::system:authenticated as subject name, for example.

🔧 Chores

• rename AccessRequest secret #131
  • [USER][BREAKING] The secrets created for AccessRequest resources are now named <access-request-name>.kubeconfig. Before, they were just named like the owning AccessRequest itself. Existing secrets with the old name will continue to exist until the AccessRequest is removed, but they will not be updated anymore.

---

cluster-provider-kind [v0.0.15]:

Changes included in v0.0.15:

🚀 Features

• add script for local development #70
  • [DEVELOPER][FEATURE] Add scripts for enabling local development with cluster-provider-kind.

---

platform-service-dns [v0.0.2]:

Changes included in v0.0.2:

🔧 Chores

• bug fixes and secret copying #21
  • [OPERATOR][BREAKING] The structure of the DNSServiceConfig CRD changed slightly: spec.secretsToCopy was an array before, now it is a struct with the toPlatformCluster and toTargetCluster fields that contain the array which was on the top-level field before.
  • [OPERATOR][BUGFIX] Fixed some bugs related to the validation of the DNSServiceConfig CRD.
  • [OPERATOR][BUGFIX] Fixed a bug where the HelmRelease manifest was generated incorrectly if a helm chart in an OCI registry was referenced.
  • [OPERATOR][FEATURE] In addition to copying secrets from the provider namespace (on the platform cluster) into the cluster namespace (also on the platform cluster), it is now also possible to copy secrets into the namespace on the target cluster where the external-dns helm chart is deployed into.

---

Release v0.0.29

openMCP

Components:

mcp-operator [v0.42.0]:

Changes included in v0.42.0:

---

openmcp-operator [v0.15.2]:

Changes included in v0.15.2:

🚀 Features

• advanced clusteraccess library #173
  • [DEVELOPER][BREAKING] The behavior of the library in lib/clusteraccess has changed slightly: Before, the Reconcile method would wait for some other controller to create the namespace and requeue the reconciliation until it existed. Now, it will instead create the namespace itself.
  • [DEVELOPER][FEATURE] The lib/clusteraccess/advanced package now contains a highly flexible library for generating access to clusters during a controller's reconciliation loop. See the documentation for further information.

🐛 Fixes

• requeue mcp if not ready #184
  • [USER][BUGFIX] Fixed a bug that caused an MCPv2 to not be requeued for reconciliation despite not being Ready yet, causing it to be stuck in Progressing until a reconciliation was triggered externally.

---

gitops-templates [v0.1.0]:

Changes included in v0.1.0:

---

control-plane-operator [v0.1.17]:

Changes included in v0.1.17:

🚀 Features

• add OCIRepositoryAdapter #118
  • [DEVELOPER][FEATURE] Add support for OCIRepository resources as SourceAdapter for the Juggler lib

---

quota-operator [v0.14.0]:

Changes included in v0.14.0:

---

project-workspace-operator [v0.19.0]:

Changes included in v0.19.0:

---

bootstrapper [v0.4.0]:

Changes included in v0.4.0:

🚀 Features

• more ocm template funcs #89
  • [USER][FEATURE] Add getRootComponentVersion and getResourceFromComponentVersion template functions

---

service-provider-landscaper [v0.10.0]:

Changes included in v0.10.0:

🚀 Features

• read own deployment configuration resource to get image pull secrets #152
  • [OPERATOR][FEATURE] Configure image pull secrets specified in the service provider deployment resource

---

service-provider-crossplane [v0.0.5]:

Changes included in v0.0.5:

🚀 Features

• add crd manifests to component #32
  • [OPERATOR][FEATURE] Add CRD manifests to OCM component

---

cluster-provider-gardener [v0.9.0]:

Changes included in v0.9.0:

🚀 Features

• wait with cluster deletion until foreign finalizers are removed #132
  • [USER][FEATURE] The ClusterProvider Gardener will not trigger the shoot deletion anymore if the Cluster contains other finalizers than its own one. This allows other controllers with finalizers on the Cluster - likely because they deployed something on the cluster - to cleanup first before the cluster is deleted, thereby potentially preventing leaked/orphaned resources.
• enable omitting provider name prefix in rbac #134
  • [USER][FEATURE] For subjects with kind Group or User in an AccessRequest's spec. oidc.roleBindings[*].subjects entry, it is now possible to prefix the name with ::. This will cause the ClusterProvider to just remove this prefix instead of applying the oidc provider name when creating (Cluster)RoleBindings out of this configuration. By using this method, it is now possible to bind to k8s-predefined Groups such as system:authenticated by specifying ::system:authenticated as subject name, for example.

🔧 Chores

• rename AccessRequest secret #131
  • [USER][BREAKING] The secrets created for AccessRequest resources are now named <access-request-name>.kubeconfig. Before, they were just named like the owning AccessRequest itself. Existing secrets with the old name will continue to exist until the AccessRequest is removed, but they will not be updated anymore.

---

cluster-provider-kind [v0.0.15]:

Changes included in v0.0.15:

🚀 Features

• add script for local development #70
  • [DEVELOPER][FEATURE] Add scripts for enabling local development with cluster-provider-kind.

---

platform-service-dns [v0.0.2]:

Changes included in v0.0.2:

🔧 Chores

• bug fixes and secret copying #21
  • [OPERATOR][BREAKING] The structure of the DNSServiceConfig CRD changed slightly: spec.secretsToCopy was an array before, now it is a struct with the toPlatformCluster and toTargetCluster fields that contain the array which was on the top-level field before.
  • [OPERATOR][BUGFIX] Fixed some bugs related to the validation of the DNSServiceConfig CRD.
  • [OPERATOR][BUGFIX] Fixed a bug where the HelmRelease manifest was generated incorrectly if a helm chart in an OCI registry was referenced.
  • [OPERATOR][FEATURE] In addition to copying secrets from the provider namespace (on the platform cluster) into the cluster namespace (also on the platform cluster), it is now also possible to copy secrets into the namespace on the target cluster where the external-dns helm chart is deployed into.

---

Release v0.0.28

openMCP

Components:

mcp-operator [v0.41.0]:

Changes included in v0.41.0:

---

openmcp-operator [v0.15.2]:

Changes included in v0.15.2:

🚀 Features

• advanced clusteraccess library #173
  • [DEVELOPER][BREAKING] The behavior of the library in lib/clusteraccess has changed slightly: Before, the Reconcile method would wait for some other controller to create the namespace and requeue the reconciliation until it existed. Now, it will instead create the namespace itself.
  • [DEVELOPER][FEATURE] The lib/clusteraccess/advanced package now contains a highly flexible library for generating access to clusters during a controller's reconciliation loop. See the documentation for further information.

🐛 Fixes

• requeue mcp if not ready #184
  • [USER][BUGFIX] Fixed a bug that caused an MCPv2 to not be requeued for reconciliation despite not being Ready yet, causing it to be stuck in Progressing until a reconciliation was triggered externally.

---

gitops-templates [v0.0.7]:

Changes included in v0.0.7:

🐛 Fixes

• openmcp resource ordering #5.

---

control-plane-operator [v0.1.17]:

Changes included in v0.1.17:

🚀 Features

• add OCIRepositoryAdapter #118
  • [DEVELOPER][FEATURE] Add support for OCIRepository resources as SourceAdapter for the Juggler lib

---

quota-operator [v0.13.0]:

Changes included in v0.13.0:

---

project-workspace-operator [v0.18.0]:

Changes included in v0.18.0:

---

bootstrapper [v0.3.0]:

Changes included in v0.3.0:

🚀 Features

• allow the user to specify its own template input data #88
  • [USER][FEATURE] The bootsrapper configuration now has an additional field called templateInput which can hold arbitrary data that is passed to the template during command ´managed-deployment-repo`.

---

service-provider-landscaper [v0.10.0]:

Changes included in v0.10.0:

🚀 Features

• read own deployment configuration resource to get image pull secrets #152
  • [OPERATOR][FEATURE] Configure image pull secrets specified in the service provider deployment resource

---

service-provider-crossplane [v0.0.5]:

Changes included in v0.0.5:

🚀 Features

• add crd manifests to component #32
  • [OPERATOR][FEATURE] Add CRD manifests to OCM component

---

cluster-provider-gardener [v0.9.0]:

Changes included in v0.9.0:

🚀 Features

• wait with cluster deletion until foreign finalizers are removed #132
  • [USER][FEATURE] The ClusterProvider Gardener will not trigger the shoot deletion anymore if the Cluster contains other finalizers than its own one. This allows other controllers with finalizers on the Cluster - likely because they deployed something on the cluster - to cleanup first before the cluster is deleted, thereby potentially preventing leaked/orphaned resources.
• enable omitting provider name prefix in rbac #134
  • [USER][FEATURE] For subjects with kind Group or User in an AccessRequest's spec. oidc.roleBindings[*].subjects entry, it is now possible to prefix the name with ::. This will cause the ClusterProvider to just remove this prefix instead of applying the oidc provider name when creating (Cluster)RoleBindings out of this configuration. By using this method, it is now possible to bind to k8s-predefined Groups such as system:authenticated by specifying ::system:authenticated as subject name, for example.

🔧 Chores

• rename AccessRequest secret #131
  • [USER][BREAKING] The secrets created for AccessRequest resources are now named <access-request-name>.kubeconfig. Before, they were just named like the owning AccessRequest itself. Existing secrets with the old name will continue to exist until the AccessRequest is removed, but they will not be updated anymore.

---

cluster-provider-kind [v0.0.15]:

Changes included in v0.0.15:

🚀 Features

• add script for local development #70
  • [DEVELOPER][FEATURE] Add scripts for enabling local development with cluster-provider-kind.

---

platform-service-dns [v0.0.2]:

Changes included in v0.0.2:

🔧 Chores

• bug fixes and secret copying #21
  • [OPERATOR][BREAKING] The structure of the DNSServiceConfig CRD changed slightly: spec.secretsToCopy was an array before, now it is a struct with the toPlatformCluster and toTargetCluster fields that contain the array which was on the top-level field before.
  • [OPERATOR][BUGFIX] Fixed some bugs related to the validation of the DNSServiceConfig CRD.
  • [OPERATOR][BUGFIX] Fixed a bug where the HelmRelease manifest was generated incorrectly if a helm chart in an OCI registry was referenced.
  • [OPERATOR][FEATURE] In addition to copying secrets from the provider namespace (on the platform cluster) into the cluster namespace (also on the platform cluster), it is now also possible to copy secrets into the namespace on the target cluster where the external-dns helm chart is deployed into.

---

Release v0.0.27

openMCP

Components:

mcp-operator [v0.41.0]:

Changes included in v0.41.0:

---

openmcp-operator [v0.15.2]:

Changes included in v0.15.2:

🚀 Features

• advanced clusteraccess library #173
  • [DEVELOPER][BREAKING] The behavior of the library in lib/clusteraccess has changed slightly: Before, the Reconcile method would wait for some other controller to create the namespace and requeue the reconciliation until it existed. Now, it will instead create the namespace itself.
  • [DEVELOPER][FEATURE] The lib/clusteraccess/advanced package now contains a highly flexible library for generating access to clusters during a controller's reconciliation loop. See the documentation for further information.

🐛 Fixes

• requeue mcp if not ready #184
  • [USER][BUGFIX] Fixed a bug that caused an MCPv2 to not be requeued for reconciliation despite not being Ready yet, causing it to be stuck in Progressing until a reconciliation was triggered externally.

---

gitops-templates [v0.0.7]:

Changes included in v0.0.7:

🐛 Fixes

• openmcp resource ordering #5.

---

control-plane-operator [v0.1.16]:

Changes included in v0.1.16:

🚀 Features

• enable concurrent reconciles #113
  • [OPERATOR][BUGFIX] fix: token expiry logic
  • [OPERATOR][FEATURE] feat: enable concurrent reconciles

---

quota-operator [v0.13.0]:

Changes included in v0.13.0:

---

project-workspace-operator [v0.18.0]:

Changes included in v0.18.0:

---

service-provider-landscaper [v0.10.0]:

Changes included in v0.10.0:

🚀 Features

• read own deployment configuration resource to get image pull secrets #152
  • [OPERATOR][FEATURE] Configure image pull secrets specified in the service provider deployment resource

---

service-provider-crossplane [v0.0.5]:

Changes included in v0.0.5:

🚀 Features

• add crd manifests to component #32
  • [OPERATOR][FEATURE] Add CRD manifests to OCM component

---

cluster-provider-gardener [v0.8.0]:

Changes included in v0.8.0:

🐛 Fixes

• add crds path to the base include in the taskfile #115
  • [OPERATOR][BUGFIX] Add missing CRDs

---

cluster-provider-kind [v0.0.15]:

Changes included in v0.0.15:

🚀 Features

• add script for local development #70
  • [DEVELOPER][FEATURE] Add scripts for enabling local development with cluster-provider-kind.

---

bootstrapper [v0.2.2]:

Changes included in v0.2.2:

🐛 Fixes

• set ocm config for list componentversions #86
  • [USER][FIX] - Set ocm config for list componentversions

---

Release v0.0.26

openMCP

Components:

mcp-operator [v0.41.0]:

Changes included in v0.41.0:

---

openmcp-operator [v0.15.1]:

Changes included in v0.15.1:

🚀 Features

• allow to skip the workload cluster management #171
  • [DEVELOPER][FEATURE] Allow to skip management of Workload cluster in Access Request Reconciler

🐛 Fixes

• access request handling for MCP V2 #172
  • [USER][BUGFIX] Correctly handle MCPs without an OIDC config
    Change : to _ for the access secret provider prefix.

---

gitops-templates [v0.0.7]:

Changes included in v0.0.7:

🐛 Fixes

• openmcp resource ordering #5.

---

control-plane-operator [v0.1.16]:

Changes included in v0.1.16:

🚀 Features

• enable concurrent reconciles #113
  • [OPERATOR][BUGFIX] fix: token expiry logic
  • [OPERATOR][FEATURE] feat: enable concurrent reconciles

---

quota-operator [v0.13.0]:

Changes included in v0.13.0:

---

project-workspace-operator [v0.18.0]:

Changes included in v0.18.0:

---

service-provider-landscaper [v0.10.0]:

Changes included in v0.10.0:

🚀 Features

• read own deployment configuration resource to get image pull secrets #152
  • [OPERATOR][FEATURE] Configure image pull secrets specified in the service provider deployment resource

---

service-provider-crossplane [v0.0.5]:

Changes included in v0.0.5:

🚀 Features

• add crd manifests to component #32
  • [OPERATOR][FEATURE] Add CRD manifests to OCM component

---

cluster-provider-gardener [v0.8.0]:

Changes included in v0.8.0:

🐛 Fixes

• add crds path to the base include in the taskfile #115
  • [OPERATOR][BUGFIX] Add missing CRDs

---

cluster-provider-kind [v0.0.15]:

Changes included in v0.0.15:

🚀 Features

• add script for local development #70
  • [DEVELOPER][FEATURE] Add scripts for enabling local development with cluster-provider-kind.

---

bootstrapper [v0.2.0]:

Changes included in v0.2.0:

🚀 Features

• add ocm templating functions #72
  • [OPERATOR][FEATURE] Add OCM component version templating funtions

🐛 Fixes

• never prune the root kustomizations #65
  • [OPERATOR][FEATURE] Disable pruning for root kustomization

---

Release v0.0.25

openMCP

Components:

mcp-operator [v0.40.0]:

Changes included in v0.40.0:

---

openmcp-operator [v0.15.1]:

Changes included in v0.15.1:

🚀 Features

• allow to skip the workload cluster management #171
  • [DEVELOPER][FEATURE] Allow to skip management of Workload cluster in Access Request Reconciler

🐛 Fixes

• access request handling for MCP V2 #172
  • [USER][BUGFIX] Correctly handle MCPs without an OIDC config
    Change : to _ for the access secret provider prefix.

---

gitops-templates [v0.0.7]:

Changes included in v0.0.7:

🐛 Fixes

• openmcp resource ordering #5.

---

control-plane-operator [v0.1.16]:

Changes included in v0.1.16:

🚀 Features

• enable concurrent reconciles #113
  • [OPERATOR][BUGFIX] fix: token expiry logic
  • [OPERATOR][FEATURE] feat: enable concurrent reconciles

---

quota-operator [v0.12.0]:

Changes included in v0.12.0:

---

project-workspace-operator [v0.17.0]:

Changes included in v0.17.0:

---

service-provider-landscaper [v0.9.0]:

Changes included in v0.9.0:

🚀 Features

• dynamic allocation of TLSRoute #145
  • [USER][FEATURE] Add openMCP DNS support
• allow users to select the landscaper version out of a list of available versions #141
  • [USER][FEATURE] Allow users to select the version of the Landscaper that shall be deployed out of a list of available versions in the ProviderConfig.

---

service-provider-crossplane [v0.0.5]:

Changes included in v0.0.5:

🚀 Features

• add crd manifests to component #32
  • [OPERATOR][FEATURE] Add CRD manifests to OCM component

---

cluster-provider-gardener [v0.8.0]:

Changes included in v0.8.0:

🐛 Fixes

• add crds path to the base include in the taskfile #115
  • [OPERATOR][BUGFIX] Add missing CRDs

---

cluster-provider-kind [v0.0.15]:

Changes included in v0.0.15:

🚀 Features

• add script for local development #70
  • [DEVELOPER][FEATURE] Add scripts for enabling local development with cluster-provider-kind.

---

bootstrapper [v0.1.1]:

Changes included in v0.1.1:

🐛 Fixes

• only apply flux kustomization #60
  • [USER][BUGFIX] Only apply Manifests of Kind Flux Kustomization to the target cluster to avoid race conditions.

---

Release v0.0.21

openMCP

Components:

mcp-operator [v0.40.0]:

Changes included in v0.40.0:

---

openmcp-operator [v0.14.0]:

Changes included in v0.14.0:

🔨 Refactoring

• OIDC validation and defaulting #157
  • [OPERATOR][BREAKING] The naming restriction for the default OIDC provider has been removed (was restricted to default before) and it is now defaulted to openmcp instead.
  • [USER][BREAKING] The validation for the spec.iam.oidcProviders field in the ManagedControlPlaneV2 resource has been changed in multiple ways:
    • usernamePrefix and groupsPrefix have been removed and are now always assumed to be <name>:
    • name is not allowed to be set to system (prevents k8s service account impersonation)
    • The regex validation rule for name has been fixed
    • issuer and clientID are now required and the former one must look like an URL
    • Duplicate OIDC provider names or ones that clash with the default OIDC provider are now prevented
• change default scheduler scope to 'Cluster' #153
  • [OPERATOR][BREAKING] The scheduler's default scope has been changed to Cluster (was Namespaced before).
• make logging verbosity case-insensitive #155
  • [OPERATOR][OTHER] It is now possible to specify the logging verbosity in the PlatformService, ClusterProvider, and ServiceProvider resources also in lowercase.

🚀 Features

• sync Cluster conditions to MCP #152
  • [USER][FEATURE] The MCPv2 resource now syncs conditions from its primary Cluster into its own status.
• MCP purpose override #151
  • [USER][FEATURE] The label core.openmcp.cloud/purpose can now be used on ManagedControlPlaneV2 resources to override the default cluster purpose.

---

gitops-templates [v0.0.7]:

Changes included in v0.0.7:

🐛 Fixes

• openmcp resource ordering #5.

---

control-plane-operator [v0.1.14]:

Changes included in v0.1.14:

🐛 Fixes

• [bugfix] [developer] function IsCRDNotFound should also work with NoResourceMatchErrors #105: fix: function IsCRDNotFound should also work with NoResourceMatchErrors
• [bugfix] [user] permissions for accessing Crossplane Usage resources #106: Fixing permission issues on Crossplane Usage resources

---

quota-operator [v0.12.0]:

Changes included in v0.12.0:

---

project-workspace-operator [v0.17.0]:

Changes included in v0.17.0:

---

service-provider-landscaper [v0.7.0]:

Changes included in v0.7.0:

🚀 Features

• add crd manifests to component #132
  • [OPERATOR][FEATURE] Add CRD manifests to OCM component

🐛 Fixes

• remove serviceaccount of main controller of ls instances #123
  • [USER][BUGFIX] - Fixes the issue that the main controller of landscaper instances did not start.

---

service-provider-crossplane [v0.0.5]:

Changes included in v0.0.5:

🚀 Features

• add crd manifests to component #32
  • [OPERATOR][FEATURE] Add CRD manifests to OCM component

---

cluster-provider-gardener [v0.8.0]:

Changes included in v0.8.0:

🐛 Fixes

• add crds path to the base include in the taskfile #115
  • [OPERATOR][BUGFIX] Add missing CRDs

---

cluster-provider-kind [v0.0.15]:

Changes included in v0.0.15:

🚀 Features

• add script for local development #70
  • [DEVELOPER][FEATURE] Add scripts for enabling local development with cluster-provider-kind.

---

bootstrapper [v0.1.1]:

Changes included in v0.1.1:

🐛 Fixes

• only apply flux kustomization #60
  • [USER][BUGFIX] Only apply Manifests of Kind Flux Kustomization to the target cluster to avoid race conditions.

---