fix(deps): update non-minor dependencies #131
Open
+102
−37
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
![renovate-approve[bot]](https://avatars.githubusercontent.com/in/7394?s=60&v=4){kind=small}
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/non-minor-deps
branch
from
ee119be to
b632925
Compare
renovate
bot
force-pushed
the
renovate/non-minor-deps
branch
from
b632925 to
ec646e8
Compare
renovate
bot
force-pushed
the
renovate/non-minor-deps
branch
from
ec646e8 to
9b30299
Compare
renovate
bot
force-pushed
the
renovate/non-minor-deps
branch
from
9b30299 to
8e80242
Compare
renovate
bot
force-pushed
the
renovate/non-minor-deps
branch
from
8e80242 to
83b57d6
Compare
renovate
bot
force-pushed
the
renovate/non-minor-deps
branch
from
83b57d6 to
9d9a4ac
Compare
renovate
bot
force-pushed
the
renovate/non-minor-deps
branch
2 times, most recently
from
cb13efd to
099f6db
Compare
renovate
bot
force-pushed
the
renovate/non-minor-deps
branch
from
099f6db to
f087358
Compare
renovate
bot
force-pushed
the
renovate/non-minor-deps
branch
from
f087358 to
10496fa
Compare
renovate
bot
force-pushed
the
renovate/non-minor-deps
branch
from
10496fa to
3dbaf54
Compare
renovate
bot
force-pushed
the
renovate/non-minor-deps
branch
from
5d9a86a to
6f50107
Compare
renovate
bot
force-pushed
the
renovate/non-minor-deps
branch
from
6f50107 to
7b9c630
Compare
renovate
bot
force-pushed
the
renovate/non-minor-deps
branch
from
7b9c630 to
fffdc66
Compare
renovate
bot
force-pushed
the
renovate/non-minor-deps
branch
from
fffdc66 to
b172d10
Compare
renovate
bot
force-pushed
the
renovate/non-minor-deps
branch
from
b172d10 to
4b13c7c
Compare
renovate
bot
force-pushed
the
renovate/non-minor-deps
branch
from
4b13c7c to
b36573d
Compare
renovate
bot
force-pushed
the
renovate/non-minor-deps
branch
from
b36573d to
24e0a3d
Compare
renovate
bot
force-pushed
the
renovate/non-minor-deps
branch
from
24e0a3d to
44e4da0
Compare
renovate
bot
force-pushed
the
renovate/non-minor-deps
branch
from
44e4da0 to
7f166a3
Compare
renovate
bot
force-pushed
the
renovate/non-minor-deps
branch
from
7f166a3 to
81361f6
Compare
renovate
bot
force-pushed
the
renovate/non-minor-deps
branch
from
81361f6 to
3b9bf96
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.32.1-debian-12-r5->1.32.3-debian-12-r312-debian-12-r36->12-debian-12-r41v1.17.0->v1.17.1v0.1.57->v0.1.64v0.3.69->v0.3.86v0.2.26->v0.2.311.24.0->1.24.21.24.0->1.24.2v0.32.1->v0.32.3v0.32.1->v0.32.3v0.32.1->v0.32.3v0.32.1->v0.32.3v0.32.1->v0.32.3v0.32.1->v0.32.3v0.20.1->v0.20.42e8ba92->7606727v0.17.1->v0.17.3Release Notes
cert-manager/cert-manager (github.com/cert-manager/cert-manager)
v1.17.1Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
This release is primarily intended to address a breaking change in Cloudflare's API which impacted ACME DNS-01 challenges using Cloudflare.
Many thanks to the community members who reported this issue!
Changes by Kind
Bug or Regression
sap/admission-webhook-runtime (github.com/sap/admission-webhook-runtime)
v0.1.64Compare Source
v0.1.63Compare Source
v0.1.62Compare Source
v0.1.61Compare Source
v0.1.60Compare Source
v0.1.59Compare Source
v0.1.58Compare Source
sap/component-operator-runtime (github.com/sap/component-operator-runtime)
v0.3.86: v03.86Compare Source
Fixes
This is a bugfix release; it fixes #265 and #267.
The logic around the
SsaOverrideupdate policy should now work reliably.Incompatible changes
Previously, with
SsaOverridefields owned by field managers starting withkubectlorhelmwere reclaimed by component-operator-runtime and, if the intended manifest did not have an opinion on these fields, dropped. With that releasehelmis removed from this list of specially treated field managers. This change is necessary to avoid clashes with flux's helm-controller which uses field managerhelm-controller.v0.3.85Compare Source
v0.3.84Compare Source
Changes
This is a bugfix release; see https://github.com/SAP/component-operator-runtime/pull/260.
v0.3.83Compare Source
This release is about revisiting/improving the timeout handling of components.
Improving the logic of the processing/timeout flow
It is well-known that every component has a processing timeout. Components can specify the timeout value by implementing the
component.TimeoutConfigurationinterface. Otherwise (or if a zero timeout is specified), it will be defaulted by the effective requeue interval, which defaults to 10 minutes.Then, note that a component can be in a 'processing' or 'non-processing' state (which is not directly related to
status.statebeingProcessing). Here, 'processing' means thatstatus.processingSinceis non-initial. Now, if a component is reconciled, a certain component digest is calculated from the component's annotations, spec and references in the spec (see below for more details about references). Whenever this component digest differs from the currentstatus.processingDigest, thenstatus.processingSinceis set to the current time, andstatus.processingDigestis set to the new component digest.Roughly spoken, that means a new timeout countdown is started.
In addition to 'processing' a component can be in a 'timeout' state; this is the case if the
status.processingSincetimestamp lies more than the specified timeout duration in the past. If a component gets into the 'timeout' statestatus.state) will be set toErrorwith condition reasonTimeoutErrororPending), and the condition reason is set toTimeout.That means, a timeout can always be reliably detected by checking if the condition reason equals
Timeout.A 'processing' component will be set to 'non-processing' (that is,
status.processingSinceis cleared) if the component becomes ready (in that case, in addition, one immediate requeue is triggered).Calculation of the component digest
At the beginning of the reconcilation of a component, a (component) digest is calculated that considers
metadata.annotationsof the componentmetadata.generationresp. the spec of the componentConfigMapReference,ConfigMapKeyReference,SecretReference,SecretKeyReference,Reference.Such references will be automatically loaded at the beginning of the reconcile iteration; for the builtin
ConfigMapandSecretreference types the logic is part of the framework, and for types implementing theinterface, the loading and digest logic is to be provided by the implementation. Besides being used in the timeout handling as
status.processingDigest, the component digestOnObjectOrComponentChange.Roughly speaking, the component digest should identify result of reconciling the component as exact as possible; that means: applying two components with identical digest should produce the same cluster state.
Incompatible changes
Besides the changes outlined above (which should not have a bad impact) this release contains the following incompatible changes:
status.statewas set toPendingwith reasonPending, respectively toDeletionPendingwith reasonDeletionPending; the reason values are changed toRetryingandDeletionRetrying, respectivelyRestartingwas added, that will be used withstatus.statebeingPending, if the processing state of a component is reset due to a component digest change.v0.3.82Compare Source
v0.3.81Compare Source
v0.3.80Compare Source
v0.3.79Compare Source
Enhancements
So far, the framework emitted really many component events, mostly if the component is in
Processingstate. That often exceeded the burst of the event broadcaster provided by controller-runtime (b=25, r=1/300, see https://github.com/kubernetes/client-go/blob/b46275ad754db4dd7695a48cd3ca673e0154dd9e/tools/record/events_cache.go#L43).We change that now. If there are identical subsequent events produced for a component, only the first one will be emitted within 5 minutes; after 5 minutes, again one instance of the throttled event may be sent, and so on.
v0.3.78Compare Source
Notable changes
status.ProcessingDigest) is now considering themetadata.generationof the component.v0.3.77Compare Source
Enhancements
New methods are added to
cluster.Client:In addition there is a new reconciler option
with
This allow to replace or modify the default component/hook client that would be used by the reconciler
v0.3.76Compare Source
v0.3.75Compare Source
Enhancements
Additional managed types
By its nature, component-operator-runtime tries to handle extension types (such as CRDs or API groups added through APIService federation), and instances of these types, in a smart way.
That is, if the component contains extension types, and also instances of these types, it tries to process things in the right order; that means, during apply the instances will be applied as late as possible (to ensure that controllers and webhooks are up); and during delete, the instances will be deleted as early as possible (to ensure that controllers and webhooks are still there). Furthermore, during deletion, foreign instances (that is, instances of these types that are not part of the component) block the deletion of the whole component.
Sometimes, components are implicitly adding extension types to the cluster; in the sense that the extension types are not explicitly part of the manifests, but added in the dark through controllers, once running. A typical example are crossplane providers.
This PR tries to add some relief in this situation. Components can now list 'additional managed types', by implementing the
TypeConfigurationinterface; these 'additional managed types' will be treated in the same way as extension types which are explicitly mentioned in the manifest.Improved APIService handling
Up to now,
APIServiceobjects were deployed along with the other regular (that was: unmanaged) objects of the current apply wave. As a consequence, if the federated API server was not yet ready,stale group versionerrors were returned by the discovery API of the main API server. To overcome this problem,APIServiceobjects receive a special handling now, in the sense that they are reconciled (in the apply wave) after all other regular objects, and before all managed instances. That means: within each apply order, objects are deployed to readiness in three sub stagesAPIServiceobjects)APIService)Within each of these sub groups, the static ordering defined in
sortObjectsForApply()is effective.More robust handling of external recreations happening during deletion
Previously there was a rare race condition while deleting objects (either during component delete or component apply):
The old logic was:
ScheduledForDeletionduring apply or if the whole component is being deleted); if successful (that is API server responds with 2xx) then the inventory status of the dependent object is set toDeleting.Now, if the object was recreated by someone right between 1. and 2. then the reconciler went stuck.
Note that really does not happen usually (also because the critical period is very, very short).
To overcome, we are now checking the deletion timestamp of the dependent object (if still or again existing). If it has none, then we check the owner; if it is not us, then we give the object up (because apparently, someone else has just recreated it).
v0.3.74Compare Source
Improvements
So far, there was no special logic to check status status of
CustomResourceDefinitionandAPIServiceresources.That is, they were considered ready immediately, which was causing problems (for example, lookup errors when querying the discovery API immediately after creating an
APIService, such as... stale GroupVersion discovery ...).To mitigate, the default status analyzer now evaluates existing conditions (such as the
Availablecondition ofAPIService).v0.3.73Compare Source
v0.3.72Compare Source
Incompatible changes
Background: values passed to the built-in generators and transformers
are of type
map[string]any. Of course, templates are rendered with themissingkey=zerooption.But still, if a key is missing in the values, the empty value of
any(returned in this case)makes the go templating engine return
<no value>in that case.Helm decided to override that by replacing all occurrences of the string
<no value>in any template output.Starting with this PR we adopt the helm approach, and do the same.
v0.3.71Compare Source
Incompatible changes
Orphanis slightly changed; previouslyOrphanhad no effect if a dependent object became redundant during apply (that is, it was part of the component manifest before, and is no longer now). Now, if an object has an effective deletion policyOrphan, then it will be always orphaned ifEnhancements
OrphanOnApplyandOrphanOnDelete, with the obvious meaning.apiResourcesis added forKustomizeGenerator. It returns[]*metav1.APIResourceList, as returned by the discovery client's methodServerGroupsAndResources, see https://pkg.go.dev/k8s.io/client-go@v0.32.1/discovery#ServerResourcesInterface.ServerGroupsAndResources.v0.3.70Compare Source
Changes
This release finalizes the reworking of the force-reapply logic started in https://github.com/SAP/component-operator-runtime/releases/tag/v0.3.62.
So far, a dependent object was applied to the cluster if
status.inventory[].lastAppliedAttimestamp is set and is more than 60m in the past.The third condition is now changed to
status.inventory[].lastAppliedAttimestamp is not set, or is set and is more than 60m in the past.As a consequence, the component CRD now must contain the
status.inventory[].lastAppliedAtfield, that is the consumers must have regenerated their CRD to reflect the current component-operator-runtime API types, as already stated in the release notes of v0.3.62.sap/go-generics (github.com/sap/go-generics)
v0.2.31Compare Source
v0.2.30Compare Source
v0.2.29Compare Source
v0.2.28Compare Source
v0.2.27Compare Source
golang/go (go)
v1.24.2v1.24.1kubernetes/api (k8s.io/api)
v0.32.3Compare Source
v0.32.2Compare Source
kubernetes/apiextensions-apiserver (k8s.io/apiextensions-apiserver)
v0.32.3Compare Source
v0.32.2Compare Source
kubernetes/apimachinery (k8s.io/apimachinery)
v0.32.3Compare Source
v0.32.2Compare Source
kubernetes/client-go (k8s.io/client-go)
v0.32.3Compare Source
v0.32.2Compare Source
kubernetes/code-generator (k8s.io/code-generator)
v0.32.3Compare Source
v0.32.2Compare Source
kubernetes/kube-aggregator (k8s.io/kube-aggregator)
v0.32.3Compare Source
v0.32.2Compare Source
kubernetes-sigs/controller-runtime (sigs.k8s.io/controller-runtime)
v0.20.4Compare Source
What's Changed
Full Changelog: kubernetes-sigs/controller-runtime@v0.20.3...v0.20.4
v0.20.3Compare Source
What's Changed
Full Changelog: kubernetes-sigs/controller-runtime@v0.20.2...v0.20.3
v0.20.2Compare Source
What's Changed
Full Changelog: kubernetes-sigs/controller-runtime@v0.20.1...v0.20.2
kubernetes-sigs/controller-tools (sigs.k8s.io/controller-tools)
v0.17.3Compare Source
What's Changed
--load-build-tagsflag by @joelanford in https://github.com/kubernetes-sigs/controller-tools/pull/1181Dependencies
New Contributors
Full Changelog: kubernetes-sigs/controller-tools@v0.17.2...v0.17.3
v0.17.2Compare Source
What's Changed
kubebuilderby @davidxia in https://github.com/kubernetes-sigs/controller-tools/pull/1141Dependencies
New Contributors
Full Changelog: kubernetes-sigs/controller-tools@v0.17.1...v0.17.2
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.