Skip to content

v2.2.0
Compare
Choose a tag to compare
@theunrepentantgeek theunrepentantgeek released this 20 Jul 21:53
· 570 commits to main since this release
v2.2.0
95d58ad
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Release notes

Breaking changes

AKS ManagedClusterServicePrincipalProfile.Secret changed from string to genruntime.SecretReference (#3026)

We always try to avoid breaking changes, but in this case, allowing raw passwords in the spec is a security problem and as such we've
decided to take a break to correct this issue.

Action required: If the ContainerService/ManagedClusters resource is installed in your cluster and the ManagedClusterServicePrincipalProfile.Secret property is set on your ManagedCluster resource, follow the steps in breaking changes document.

Removed the following Status properties, which were never populated (#3034):

  • MachineLearningServices:

    • UserAccountCredentials_STATUS.AdminUserPassword
    • UserAccountCredentials_STATUS.AdminUserSshPublicKey
    • VirtualMachineSshCredentials_STATUS.Password

  • Synapse:

    • Workspace_STATUS.SqlAdministratorLoginPassword

Upcoming Breaking changes

Beta CRD deprecation

Beta CRD versions (any version with v1beta prefix) will be deprecated no sooner than v2.3.0. We recommend you start using v1api prefixed versions now. You can easily swap from a v1beta version to a v1api version by just replacing v1beta with v1api in your CRD YAML.

Tools

  • Tolerate some errors during asoctl import (#3151)
  • Fix asoctl when importing resources with fixed names (#3099)

New resources

  • DataProtection/BackupVaults (#3078)
  • Devices/IotHub (#2999)
  • Network/DnsResolver, Network/DnsResolvers/InboundEndpoint and Network/DnsResolvers/OutboundEndpoint (#3046)
  • Network/DnsForwardingRuleSet and Network/DnsForwardingRuleSet/ForwardingRule (#3046)
  • ContainerService/ManagedCluster/TrustedAccessRoleBinding

Features

  • Improve pod securityContext parameters (#3072)
  • Export API keys(AdminPrimaryKey, AdminSecondaryKey, QueryKey) for Search/SearchService (#3065)
  • Support autogenerating RoleAssignment GUID for AzureName (#3094)
  • Export FederatedIdentityCredential.Issuer and FederatedIdentityCredential.Subject as ConfigMaps (#3125)
  • Bump cert-manager version to v1.12.1 (#3073)
  • Bump controller-runtime version to 0.15.0 (#3138)

Bug Fixes

  • Prevent resource drift that could occur without correction by ASO for Resource Providers which work more as a PATCH than a PUT (#3060)
  • Resource with reconcile-policy: skip now populates ConfigMap (#2985)
  • Fix bug where pre-upgrade check could mistakenly check CRDs that weren't ASO CRDs, causing upgrade to fail (#3128)
  • SecurityRules are now merged with NetworkSecurityGroup to avoid clearing and re-create them during reconciliation (#3121)
  • Fix networking resources deletion of child resources during adoption (#3136)

Documentation

  • Improve our documentation for Dev Setup (#3041)
  • Include hand-crafted resources in documentation indexes (#3055)
  • Update Managed Identity documentation (#3071)
  • Add CRD pattern docs for each group (#3147)

External Contributors

Full Changelog: v2.1.0...v2.2.0

Contributors

khareyash05 and shay-ag
Assets 11