Releases: authzed/spicedb-operator
v1.1.0
Update Channels
This release introduces update channel support for SpiceDBClusters. Update channels record the safe paths and configurations to step through when updating SpiceDB versions, so that you don't have to worry about it yourself. For example, updating to 1.14.0 when using the postgres datastore engine requires a carefully coordinated series of steps to avoid downtime - the operator automates these steps for you.
Picking a channel on install will install SpiceDB and keep it up-to-date as new releases are published:
apiVersion: authzed.com/v1alpha1
kind: SpiceDBCluster
metadata:
name: dev
spec:
channel: stable
config:
datastoreEngine: cockroachdb
status:
currentVersion:
name: v1.14.1
channel: stableIf you specify a specific version, the operator will instead tell you what the next safe versions are, so that you can pick exactly when an update happens:
apiVersion: authzed.com/v1alpha1
kind: SpiceDBCluster
metadata:
name: dev
spec:
channel: stable
version: v1.14.0
config:
datastoreEngine: cockroachdb
status:
currentVersion:
name: v1.14.0
channel: stable
availableVersions:
- name: v1.14.1
channel: stable
description: direct update with no migrationsThe operator still supports running SpiceDB images directly if you wish to run a custom build.
New Configuration Options
A number of new config options have been introduced since the last release:
Specify the log level of the migration job separately from the log level for the cluster:
spec:
config:
migrationLogLevel: debug
logLevel: infoSpecify migration phase (not needed if using update channels):
spec:
config:
datastoreMigrationPhase: phase1Set custom annotations on SpiceDB pods (thanks @mgagliardo91!):
spec:
config:
extraPodAnnotations:
my: annotationSet custom annotations on the ServiceAccount:
spec:
config:
extraServiceAccountAnnotations:
my: annotationSet a custom ServiceAccountName:
spec:
config:
serviceAccountName: my-saWhat's Changed
- Configure log level and migration log level separately by @ecordell in #83
- Check for secret existence by @ecordell in #87
- bump to controller-idioms 0.5.0 by @ecordell in #89
- Add required update edges by @ecordell in #94
- Bump k8s.io/code-generator from 0.25.0 to 0.25.3 by @dependabot in #96
- Bump mvdan.cc/gofumpt from 0.3.1 to 0.4.0 by @dependabot in #93
- Allow explicitly setting migration phase, and always take required edges by @ecordell in #100
- default target migration to
headif it is otherwise unset by @ecordell in #104 - feat: allow custom annotations by @mgagliardo91 in #107
- Specify spicedb version instead of image by @ecordell in #105
- Bump alpine from 3.16.2 to 3.17.0 by @dependabot in #116
- disables dispatch for memory datastore by @vroldanbet in #112
- make dispatch port announcement conditional by @ensonic in #117
- pkg/updates: move logic into graph methods by @jzelinskie in #118
- Service account annotations by @jakedt in #120
- pkg/config: add ServiceAccountName to config by @jzelinskie in #122
- pkg/config: Set correct Serice Account on pods by @bison in #123
- Spanner credentials updates by @jakedt in #121
- pkg/config: restart migration containers on failure by @jakedt in #125
- add ability to unpause paused clusters by @ecordell in #127
- add attributes to available versions by @ecordell in #128
- Support through v1.16.1 by @ecordell in #129
- Switch to goreleaser-pro by @ecordell in #130
- include
bundle.yamlfile in the GH release by @ecordell in #131 - Build release manifests in a .gitignored directory by @ecordell in #132
New Contributors
- @mgagliardo91 made their first contribution in #107
- @ensonic made their first contribution in #117
- @bison made their first contribution in #123
Full Changelog: v1.0.0...v1.1.0
Install with kubectl
kubectl apply --server-side -f https://github.com/authzed/spicedb-operator/releases/download/v1.1.0/bundle.yamlInclude or modify this release in your own kustomize bundle
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- https://github.com/authzed/spicedb-operator/config?ref=v1.1.0
images:
- name: ghcr.io/authzed/spicedb-operator
newTag: v1.1.0Install with kustomizer
Release manifests can be found at oci://ghcr.io/authzed/spicedb-operator-manifests:v1.1.0 and can be installed or inspected with kustomizer:
kustomizer apply inventory spicedb-operator --artifact oci://ghcr.io/authzed/spicedb-operator-manifests:v1.1.0Docker Images
This release's image is available at:
authzed/spicedb-operator:v1.1.0quay.io/authzed/spicedb-operator:v1.1.0ghcr.io/authzed/spicedb-operator:v1.1.0
Contributors
Assets 10
v1.0.0
SpiceDB Operator is Open Source!
With the release of 1.0.0, we're happy to announce that the SpiceDB Operator is Open Source!
The Operator makes it simple to:
- quickly spin up multi-node SpiceDB clusters on Kubernetes
- ensure migrations complete properly when upgrading to a new release of SpiceDB
- keep up with the latest available SpiceDB versions as they become available
- configure TLS for all of SpiceDB's services
Check out the readme and the examples for installation and configuration instructions.
What's Changed
- support multiple allowed spicedb images by @ecordell in #34
- some minor improvements by @vroldanbet in #33
- some improvements to keys.go by @vroldanbet in #37
- trigger deployment update on secret changes by @vroldanbet in #40
- support passthrough config on migration jobs by @ecordell in #41
- add basic kustomize manifests by @ecordell in #42
- add controller name to logging middleware by @ecordell in #43
- Add generic helpers by @ecordell in #48
- fix: plumb log level through to the deployment by @ecordell in #28
- README: clean to look similar to spicedb readme by @jzelinskie in #35
- Refactoring and updates to common controller library by @ecordell in #52
- Bump alpine from 3.15 to 3.16.2 by @dependabot in #53
- update permissions by @ecordell in #55
- Bump go.uber.org/zap from 1.19.1 to 1.23.0 by @dependabot in #56
- Bump github.com/fsnotify/fsnotify from 1.5.1 to 1.5.4 by @dependabot in #21
- Bump mvdan.cc/gofumpt from 0.3.0 to 0.3.1 by @dependabot in #5
- switch to controller-idioms by @ecordell in #63
- Bump cloud.google.com/go/spanner from 1.31.0 to 1.37.0 by @dependabot in #65
- add an option to the operator config for disabling image warnings by @ecordell in #67
- bump controller-idioms to 0.3.0 by @ecordell in #68
- fix global config copy by @ecordell in #69
- Bump k8s.io/klog/v2 from 2.70.1 to 2.80.0 by @dependabot in #70
- Bump github.com/onsi/gomega from 1.19.0 to 1.20.2 by @dependabot in #72
- Default operator config and full deployment example by @ecordell in #75
- Bump github.com/spf13/afero from 1.8.2 to 1.9.2 by @dependabot in #71
- Bump sigs.k8s.io/controller-tools from 0.8.0 to 0.9.2 by @dependabot in #64
- Bump goreleaser action to go 1.19 by @ecordell in #81
New Contributors
- @vroldanbet made their first contribution in #33
Full Changelog: v0.4.0...v1.0.0
Docker Images
This release is available at authzed/spicedb-operator:v1.0.0, quay.io/authzed/spicedb-operator:v1.0.0, ghcr.io/authzed/spicedb-operator:v1.0.0
Contributors
Assets 9
v0.4.0
What's Changed
- add test migration secrets by @ecordell in #27
- pkg/config: expose metrics via service endpoints by @jzelinskie in #26
New Contributors
- @jzelinskie made their first contribution in #26
Full Changelog: v0.3.0...v0.4.0
Docker Images
This release is available at authzed/spicedb-operator:v0.4.0, quay.io/authzed/spicedb-operator:v0.4.0, ghcr.io/authzed/spicedb-operator:v0.4.0
Contributors
Assets 9
v0.3.0
What's Changed
- allow secrets to be owned by multiple clusters by @ecordell in #15
- Bump github.com/spf13/afero from 1.6.0 to 1.8.2 by @dependabot in #1
- Bump github.com/onsi/gomega from 1.18.1 to 1.19.0 by @dependabot in #3
- add -tls-no-verify to probes by @jakedt in #20
New Contributors
- @dependabot made their first contribution in #1
Full Changelog: v0.2.0...v0.3.0
Docker Images
This release is available at authzed/spicedb-operator:v0.3.0, quay.io/authzed/spicedb-operator:v0.3.0, ghcr.io/authzed/spicedb-operator:v0.3.0
Contributors
Assets 9
v0.2.0
What's Changed
- Fix default envPrefix by @ecordell in #16
- Don't require
migration_secretkey in cluster secret by @ecordell in #17 - add serviceaccount to migration job by @ecordell in #18
Full Changelog: v0.1.0...v0.2.0
Docker Images
This release is available at authzed/spicedb-operator:v0.2.0, quay.io/authzed/spicedb-operator:v0.2.0, ghcr.io/authzed/spicedb-operator:v0.2.0
Contributors
Assets 9
v0.1.0
What's Changed
- License, Release, Readme, etc by @ecordell in #6
- fix release dockerfile by @ecordell in #10
- Allow non-string config values by @ecordell in #7
- fix start loop in manager by @ecordell in #12
- add custom metrics collector by @jakedt in #14
New Contributors
Full Changelog: v0.0.0...v0.1.0
Docker Images
This release is available at authzed/spicedb-operator:v0.1.0, quay.io/authzed/spicedb-operator:v0.1.0, ghcr.io/authzed/spicedb-operator:v0.1.0