- Added
env_varsfield to define custom environment variables. #1161 - Added support for annotating pulp-operator managed Deployments. #1190
- Added a section explaining how to add custom Pulp settings. #1163
- Fixed the signing services issues. #939
- Fixed an error in wrong definition of tuples in
settings.py. #1122 - Modified how
pulp_settingsfield is parsed to better handle generic configs. #1132 - Updated the pulp-server
Secretto import all funcs/vars from django-auth-ldap. #1154
- Added the steps to configure signing services. #1003
- Updated the index page with a little bit more context of operators and fixes. #1145
- Added support to configure LDAP with Pulp. #1042
- Added capability to customize annotations of serviceAccount created by operator. #1079
- Modified pulpcore containers entrypoints to support
pulp-minimal:3.33image. #1081 - Fixed a backup issue in pulp-secret-key with special chars. #1098
- Fixed the KubeAPIWarningLogger PodSecurity warning messages. #1102
- Added doc steps to rotate database fields encryption key. #742
- Updated the
reset-admin-passwordwarning message to also don't reset the
password via/api/v3/usersendpoint. #1078
- Added a job to handle
ALLOWED_CONTENT_CHECKSUMSmodifications. #1060 - Mofified k8s jobs resource names to avoid name colision if multiple Pulp CRs are created in the same namespace. #1074
- Fixed a regression where the
s3-regionwas defined as a requiredSecretfield. #1057 - Fixed a regression where handling of the
s3-endpointoption was not possible #1066
- Removed unused fields from CRD. #817
- Removed CRD fields from old ansible version of the operator. #1044
- Added a check for missing file_storage_storage_class definition whenever file_storage_size or file_storage_access_mode is/are provided. #946
- Moved API container entrypoint migration script to k8s jobs. #991
- Added the OpenTelemetry support as sidecar container for pulp-api pods. #1006
- Added support to define Redis PVC storage size. #1016
- Added new fields to set resources for init-container and metrics sidecar containers. #1019
- Added the
pulp_secret_keyfield to set the DjangoSECRET_KEY. #1040
- Fixed an issue in OCP clusters where every ingress would be created with the same configurations (regardless of ingressclass). #917
- Fixed an issue in OCP clusters where the "pulp-redirect" Ingress would not get removed after modifying ingress_class_name. #918
- Fixed an issue in
Ingress.spec.rules.http.pathsfrom non "nginx" or "openshift-default" ingresses. #923 - Modified the format of backup dir names. #937
- Fixed a bug that caused the CONTENT_ORIGIN scheme to always be https. #1048
- Added a doc section with instructions to install pulp-operator using Helm. #1008
- The operator will not get the default ingress domain nor verify the ingressclass anymore to avoid the need of clusterroles. #885
- Modified the default readiness probe endpoint when DOMAIN is enabled. #987
- Modified the reconciliation for
pulpcore-contentto wait forAPIpods get into a READY state before updating theDeploymentin case of image version change. #969 - Added a log message when restarting
apiandcontentpods in case of a secret reconciliation. #973
- Added a watcher on some secrets not managed by the operator and added a reconciliation loop in case these secrets get modified. #521
- Added a networking section in configuration doc. #666
- Added more information regarding the usage and limitation of
emptyDir. #824
- The container_token_secret was not getting its name from Pulp CR. #852
- Add Documentation for custom S3 endpoints #882
- Added a feature to deploy and sync Galaxy execution environments. #821
- Modified postgres mount point to keep compatibility with ansible-based operator version. #848
- Added a check for
ingress_hostbeing null wheningress_typedefined as "ingress". #675 - Fixed a permission/ownership error during bkp/restore procedure. #808
- Fixed a deadlock on status update. #829
- Fixed an issue on rendering Pulp settings wrongly. #830
- Fixed an issue with container token pub key mount point. #834
- Fixed an issue with default values for TOKEN_SERVER and TOKEN_AUTH_DISABLED in settings.py. #836
- Added steps to configure and run backup/restore procedure. #765
- Added steps to manually configure ingress. #771
- Document how to install multiple instances of Pulp operator. #827
- Added a field to set IngressClass name. #674
- Added a field to pass a secret name to configure route custom certificates. #800
- Fixed an issue with envtest failing because of an assessment with old value. #807
- Described the Operator unmanaged state. #792
- Added a configmap to avoid pulprestore controller execution. #550
- Add Ingress TLS secret #676
- Added a field to set affinity for bkp-manager pods. #782
- Make web available when ingress isn't nginx #770
- Ensure reconciliation when ingress is modified #672
- Fixed an issue with .status.conditions[] not getting updated for pulpcore-workers. #735
- Fixed an issue with .status.conditions[] getting updated in a specific order. #736
- Fixed an issue in RequeueAfter reconciliation logic. #747
- Added a "retry" in case controller fails to update operator's status.conditions[]. #751
- Fix ingress type assertion #755
- Set update error message as DEBUG instead of ERROR. #756
- Added PDB configuration through Pulp CR. #433
- Modified affinity field to allow inter-pod affinity/anti-affinity configuration. #434
- Added option to mount custom CA. #513
- Added probe fields in pulp CR. #516
- Added configuration to change the operator log level. #571
- Added a field to control the restore deployment replicas. By default it will be set to false (restore controller will redeploy only a single replica of each component). #572
- Added more node selector configuration (cache and web pods). Added field to define route labels. #577
- Added default readiness probe for pulp-web pods. #579
- Added configuration to use external Redis instance. #614
- Modified (through processPodSecurityContext) the UID that runs the entrypoint of the container process. #627
- Modified Pulp CRD to collect info to connect to an external database from a Secret. #630
- Added a field to configure the deployment strategy. #635
- Let the operator namespace-scoped. #657
- Use Nginx Ingress as reverse proxy #660
- Added a check for configurations in non-ocp env with ingress_type==route. #669
- Updated CRD field comments. #711
- Utilize the renamed
pulp-minimalandgalaxy-minimalimages. Also have CI test the new big s6-contining imagespulpandpulp-galaxy-ng. #717 - Set nginx fields default values in controller (not in CR). #722
- Improved route paths provisioning loop. #729
- Added logic on how to handle different/multiple types of storage in Pulp CR. #526
- Fixed an issue with backup of PVCs manually created. #580
- Fixed an issue with backup controller failing when there was no signing secret. #581
- Fixed .status.condition not reflecting the real state. #600
- Add serviceaccounts permission #601
- Removed default values for Pulp database when configuring external PostgreSQL. #622
- Set ContainerTokenSecret as immutable (the controller will reconcile with the same value if the field is modified). Set AdminPasswordSecret as immutable (the controller will reconcile with the same value if the field is modified). Added ImagePullSecrets reconciliation logic. Fixed TrustedCa volumeMount reconciliation logic. Fixed NodeSelector reconciliation logic. Fixed Tolerations reconciliation logic. Fixed TopologySpreadConstraints reconciliation logic. Fixed ResourceRequirements removal logic. Fixed PDB removal logic. Fixed Strategy removal logic. Set Cache.ExternalCacheSecret as immutable (the controller will reconcile with the same value if the field is modified). Fixed Cache.RedisPort reconciliation logic. Fixed Cache.Resources reconciliation logic. Fixed Cache.NodeSelector reconciliation logic. Fixed Cache.Tolerations reconciliation logic. #646
- Fixed a bug in route reconciliation. #648
- Fixed the backoff loop not incrementing exponentially on error. #650
- Ensure Nginx Ingress Controller is used when multiple controllers are installed #673
- Added ingressclass clusterrole. #709
- Ensure ingress status conditions #714
- Fixed issue with headless services propagating new address to pulp-web pods. #737
- Added steps to configure object storage. #593
- Added troubleshooting section. #596
- Stacktrace enabled only for above "panic" level. #605
- Added steps to configure operator's database. #619
- Fix broken links #681
- Added a section explaining default secrets created by the operator. #683
- Omitted pulp-web role if ingress_type==route, which brings some benefits like:
- reduce point of failure
- reduce complexity
- reduce resource consumption
- reduce communication hops #436
- Add support for pulp_container signing service #564
- Adding NodeSelector/Toleration to Redis Deployment #561
- Allows users to correctly set predefined pvc with backup_pvc. It was hardcoded in the remove ownerReferences task. Now correctly uses the dynamic variable backup_claim. #610
- Added more information on
.status.conditionsCR field. #435 - Added readiness probe to content and workers #455
- Remove ownerReferences from DB fields encryption secret to avoid garbage collection #467
- Make no_log configurable #443
- Improve pulp status health check #447
- Upgrade to PostgreSQL 13 and add data migration logic #358
- Made Nginx, Gunicorn, HAproxy timeouts configurable #418
- The Pulp API can now be rerooted using the new
API_ROOTsetting. By default it is set to/pulp/. Pulp appends the stringapi/v3/onto the value ofAPI_ROOT. #421
- Ensure Nginx
client_max_body_sizeis correctly set #418 - Ensure content can be signed #426
- Fix restore when
deployment_nameis set #427
- Set reconcile period to 0s to resolve issue with reconciliation loop not converging #385
- Patch container-auth secret creation to ensure the reconciliation loop converges #403
- Revert #373 to ensure the reconciliation loop converges #403
- Add configurable timeout for pulp-api and pulp-content #390
- Add configurable workers for pulp-api and pulp-content #392
- Fix a reference to an incorrect variable in pulp-status role #388
- Provide default values for container registry #394
- Modified image_pull_secret to allow users to provide multiple secrets. #343
- Implement the galaxy collection signing service #362
- Backup & restore the default signing service #366
- Enable backup for ReadWriteOnce access mode #380
- Fix backup/restore events #378
- Add ability to configure extra args for postgres #344
- Add the ability to specify topologySpreadConstraints #345
- Allow service annotations not only for LoadBalancer type #346
- Support nodeSelector and tolerations #348
- Ensure the operator works with pre-defined TLS secret #354
- Made Redis optional when installing pulp #323
- Made Operator work with arbitrary namespaces #326
- Made web image and ingress to have the same max_body_size #330
- Fixed pulp-api and pulp-web liveness probes. #332
- Fixes TokenReview authentication #337
- Support cert-manager format on container token secret #313
- Enable Execution Environments by default #315
- Renamed services to avoid overwriting environment variables https://kubernetes.io/docs/concepts/services-networking/service/#environment-variables #309
- Mount
/var/lib/pulp/tmpon pulp-content #299 - Raise resource limits for worker container to avoid OOMKill #302
- Raise resource limits for content container to avoid OOMKill #303
- Made request size limit configurable #227
- Ensure resource manager is not started for pulpcore >= 3.16 #231
- Set RELATED_IMAGE_ vars to enable disconnected deployments #232
- Image pull policy defaults to IfNotPresent #229
- Removed tags, registry, and projects so users can add images with custom registries and tags in image override #218
- Create or import a key for pulp-api to use when encrypting sensitive db fields #8730
- Enable new tasking system #9020
- Added support to override PosgreSQL sslmode #9421
- Ensure default storage for Postgres #221
- Move from cluster-scoped operator model to namespace-scoped model #208
- Dropping OCP 4.6 support #9330
- Enable container based database migration support #8472
- Enable backup of database and secrets associated with Pulp custom resource #8473
- Enable backup of storage associated with Pulp custom resource #8474
- Enable restore of deployment associated with Pulp custom resource backup #8513
- Add additional backup and restore flexibility to allow for restore from only a PVC #8630
- Allow user to specify the storage class for the Redis PVC #8877
- Allow user to specify empty string for PostgreSQL PVC storage class #8733
- Update nodeport templating in API and Content services #8810
- Fix collision on file_storage fact usage after pulp prefix cleanup #8832
- Fix Nodeport flow to create ports in standard range and only on the web service. Also allows node_ip discover based on where the pod is running. #8833
- Resolve Pulp status correctly when deployed in a separate namespace #8880
- Document how to deploy Pulp on OpenShift #8836
- Add deployment of nginx webserver with pulp snippets #5657
- Container building machinery for the operator #7171
- Enable the creation of Ingress or Route objects based on the specifications within the custom resource #8272
- Deploy postgres database using a secret to store configuration instead of it existing in the custom resource; allows credentials to be kept secret. #8289
- Enable the use of S3 compliant or Azure object storage as storage backend #8361
- Operator will provide information data via custom resource status object #8402
- Enable installation of operator using OLM catalog #8409
- Enable resource requirement specification for deployments and have operator check for running nodes and healthy status #8456
- Only build plugins from pulp org #7234
- Fix storage option check so that Azure Blob Storage can be used as a backend #8424