You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[OPERATOR][FEATURE] Add high availability features for the openmcp-operator and service-providers, cluster-providers and platform-services
exclude provider fields from status update & utility to set these fields #187
[DEVELOPER][FEATURE] - Utility function for service providers to add the kinds of their managed resources to the ServiceProvider status
π§ Chores
remove namespace field from secret reference in AccessRequest status #183
[USER][BREAKING] Removed the status.secretRef.namespace field from AccessRequest resources which was added by accident. The access secrets are expected to be in the same namespace as the AccessRequest itself, so wherever this field is read, it can just be replaced with the AccessRequest's namespace.
improve the advanced clusteraccess library's abilities to mock fake clients in unit tests #186
[DEVELOPER][FEATURE] The advanced ClusterAccess library's capabilities regarding unit tests have been enhanced by adding a configurable FakeClientGenerator to the reconciler. If set, this function will be called when trying to build a client.Client out of an AccessRequest's kubeconfig secret. This enables the test code to inject fake client implementations into the reconciler's Access method and thereby removes the need for any test-specific coding in the controller's logic itself.
wait with cluster deletion until foreign finalizers are removed #132
[USER][FEATURE] The ClusterProvider Gardener will not trigger the shoot deletion anymore if the Cluster contains other finalizers than its own one. This allows other controllers with finalizers on the Cluster - likely because they deployed something on the cluster - to cleanup first before the cluster is deleted, thereby potentially preventing leaked/orphaned resources.
[USER][FEATURE] For subjects with kind Group or User in an AccessRequest's spec. oidc.roleBindings[*].subjects entry, it is now possible to prefix the name with ::. This will cause the ClusterProvider to just remove this prefix instead of applying the oidc provider name when creating (Cluster)RoleBindings out of this configuration. By using this method, it is now possible to bind to k8s-predefined Groups such as system:authenticated by specifying ::system:authenticated as subject name, for example.
[USER][BREAKING] The secrets created for AccessRequest resources are now named <access-request-name>.kubeconfig. Before, they were just named like the owning AccessRequest itself. Existing secrets with the old name will continue to exist until the AccessRequest is removed, but they will not be updated anymore.
[OPERATOR][BREAKING] The structure of the DNSServiceConfig CRD changed slightly: spec.secretsToCopy was an array before, now it is a struct with the toPlatformCluster and toTargetCluster fields that contain the array which was on the top-level field before.
[OPERATOR][BUGFIX] Fixed some bugs related to the validation of the DNSServiceConfig CRD.
[OPERATOR][BUGFIX] Fixed a bug where the HelmRelease manifest was generated incorrectly if a helm chart in an OCI registry was referenced.
[OPERATOR][FEATURE] In addition to copying secrets from the provider namespace (on the platform cluster) into the cluster namespace (also on the platform cluster), it is now also possible to copy secrets into the namespace on the target cluster where the external-dns helm chart is deployed into.
