gardener/etcd-druid (github.com/gardener/etcd-druid)
### [`v0.23.0`](https://redirect.github.com/gardener/etcd-druid/releases/tag/v0.23.0)
[Compare Source](https://redirect.github.com/gardener/etcd-druid/compare/v0.22.7...v0.23.0)
### \[gardener/etcd-druid]
#### ⚠️ Breaking Changes
- `[OPERATOR]` Custodian controller has now been removed in favour of etcd status reconciliation handled by etcd controller. CLI flags `--custodian-workers` and `--custodian-sync-period` have now been removed, and are no longer recognised by etcd-druid. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)]
- `[OPERATOR]` Labels on druid-managed resources are now streamlined, and no longer include `name` and `instance`. Instead, these are now standard labels `app.kubernetes.io/managed-by` and `app.kubernetes.io/part-of`, as [recommended by Kubernetes](https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/#labels). Additionally, `app.kubernetes.io/component` label is also used to set the type of the component for an etcd cluster. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)]
- `[OPERATOR]` Creation of Etcd resource no longer requires annotation `gardener.cloud/operation: reconcile` to be set on it for etcd-druid to reconcile it. In other words, creation of Etcd resource is immediate, irrespective of whether etcd-spec-auto-reconciliation is enabled or not. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)]
- `[OPERATOR]` CLI flag `--workers` has now been renamed to `--etcd-workers`. Additionally, etcd controller also accepts new CLI flags `enable-etcd-spec-auto-reconcile` to control how and when the etcd spec is reconciled, and `etcd-status-sync-period` to specify the duration after which an event will be re-queued to ensure etcd status reconciliation. CLI flag `ignore-operation-annotation` has been deprecated, and will be removed in an upcoming release. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)]
- `[OPERATOR]` Volume mounts for the etcd StatefulSet have now been fixed, to allow individually specifying TLS secrets for the etcd and backup-restore servers. CA and TLS certificates used for etcd client-server communication, relevant to the container that they are mounted on, can be found at `/var/etcd/ssl/`. CA and TLS certificates used for etcd peer communication, relevant to the container that they are mounted on, can be found at `/var/etcd/ssl/peer`. CA and TLS certificates used for etcd-backup-restore client-server communication, relevant to the container that they are mounted on, can be found at `/var/etcdbr/ssl`. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)]
- `[DEVELOPER]` Vendor directory has now been removed from the project. Please run `make tidy` to pull dependencies into go mod cache initially, and whenever required. by [@shreyas-s-rao](https://redirect.github.com/shreyas-s-rao) \[[#748](https://redirect.github.com/gardener/etcd-druid/issues/748)]
- `[USER]` Before upgrading druid to `v0.23.0+`, please ensure that druid is running with at least `v0.22.3+`. This is required to avoid any downtime during the upgrade of the etcds by the new druid version, as well as to ensure backward compatibility of your etcds, in case you wish to downgrade back to `v0.22.3+`. by [@shreyas-s-rao](https://redirect.github.com/shreyas-s-rao) \[[#823](https://redirect.github.com/gardener/etcd-druid/issues/823)]
#### 📰 Noteworthy
- `[OPERATOR]` A new condition `DataVolumesReady` has been introduced in `etcd.Status` to capture and report PVC warnings. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)]
- `[OPERATOR]` Annotation `druid.gardener.cloud/ignore-reconciliation` has been marked as deprecated. Please use `druid.gardener.cloud/suspend-etcd-spec-reconcile` instead, which provides the same behavior. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)]
- `[OPERATOR]` Scale-up logic for single-node etcd clusters with peerTLS disabled to multi-node etcd clusters with peerTLS enabled, has been improved by making it deterministic and eliminates an unnecessary restart of the first etcd member, thus making this process faster and error-free. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)]
- `[OPERATOR]` CLI flag `--leader-election-resource-lock` is now deprecated, and will be set to `leases` from a future release onwards. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)]
- `[OPERATOR]` A new validating webhook named `sentinel` has been introduced to safeguard resources created by etcd-druid. A new annotation `druid.gardener.cloud/disable-etcd-component-protection` has been introduced, which if set, tells sentinel webhook to allow manual changes by an operator on any resource managed by etcd-druid.
This webhook is disabled by default, and can be enabled as follows:
- If deploying druid via the binary, please pass CLI flag `--enable-sentinel-webhook` to it. Additionally, CLI flags `--webhook-server-bind-address`, `--webhook-server-port` and `--webhook-server-tls-server-cert-dir` need to be passed when enabling the webhook, which enforces TLS communication using the given certs.
- If deploying druid via the Helm charts, please set chart value `webhooks.sentinel.enabled: true`.
- If deploying druid via Skaffold, please set environment variable `DRUID_ENABLE_SENTINEL_WEBHOOK=true`. This is also applicable when running Make targets such as `deploy`, `deploy-dev`, `deploy-debug`, `test-e2e`, etc, except for `ci-e2e-kind`. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)]
- `[OPERATOR]` The component model used for deploying resources has now been replaced with a simplified `ResourceOperator` model, found under `/internal/operator`. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)]
- `[OPERATOR]` CLI flag `--metrics-addr` is now deprecated. Please use `--metrics-bind-address` and `--metrics-port` instead. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)]
- `[USER]` Remove usage of \*\_STORAGE_API_ENDPOINT\` environment variables for Google and Azure providers. Storage API endpoint / domain will instead be directly consumed by etcd-backup-restore from the mounted backup secret. by [@shreyas-s-rao](https://redirect.github.com/shreyas-s-rao) \[[#856](https://redirect.github.com/gardener/etcd-druid/issues/856)]
- `[DEVELOPER]` We are moving towards using golang native tests. This also allowed us to relook at the unit and integration tests that we have. In this PR we have only partially introduced comprehensive golang native tests for specific packages (`internal/operator`, `internal/webhook`, `internal/controller/etcd/` and `internal/utils/`). We have also added comprehensive integration tests for etcd controller and the new IT tests are present at `test/it/controller/etcd`. In future PRs we will replace the ginkgo based tests and replace it with native golang tests for rest of the packages as well. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)]
- `[DEVELOPER]` All packages under `/pkg` and `/controllers` directories have now been moved to new parent `/internal` directory. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)]
#### ✨ New Features
- `[OPERATOR]` Etcd resource status now includes field `LastErrors` to indicate any errors encountered in the last reconciliation of the etcd resource. Custom error codes have been introduced to help capture contextual information from the reconciliation run. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)]
- `[OPERATOR]` Etcd resource status now includes field `LastOperation` to indicate the last operation performed on the etcd resource. This includes a unique `RunID` to help sift through logs containing the specific `RunID`, improving debuggability. Every reconciler run generates a unique `RunID`. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)]
- `[DEVELOPER]` `etcd-druid` now supports end-to-end testing with `Azurite` - the Azure Blob Storage Emulator by [@renormalize](https://redirect.github.com/renormalize) \[[#753](https://redirect.github.com/gardener/etcd-druid/issues/753)]
- `[DEVELOPER]` Builds for non-native platforms can now be done using the `docker-build` make target instead of having to invoke the `docker buildx` command. The platform can be specified using the `PLATFORM` variable which is passed while invoking make. by [@renormalize](https://redirect.github.com/renormalize) \[[#873](https://redirect.github.com/gardener/etcd-druid/issues/873)]
- `[USER]` Added support for new backup store provider `stackit` which is an alias for `S3`. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)]
#### 🏃 Others
- `[OPERATOR]` etcd-backup-restore container was started with SYS_PTRACE linux capability. This prevented creating etcd cluster with [Pod Security Standards](https://kubernetes.io/docs/concepts/security/pod-security-standards/). This linux capability has now been removed as it is no longer required. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)]
- `[OPERATOR]` set cpu and memory requests for compaction pods by [@anveshreddy18](https://redirect.github.com/anveshreddy18) \[[#853](https://redirect.github.com/gardener/etcd-druid/issues/853)]
- `[OPERATOR]` Etcd pods now mount files with `DefaultMode` set to `0640`. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)]
- `[OPERATOR]` Upgrade `github.com/gardener/etcd-backup-restore` dependency from `0.26.0` to `0.29.0` by [@anveshreddy18](https://redirect.github.com/anveshreddy18) \[[#830](https://redirect.github.com/gardener/etcd-druid/issues/830)]
- `[OPERATOR]` 1. Dependency version upgrades done to gardener/gardener, controller-runtime, controller-tools, k8s.io/\*, logr, zap, ginkgo, uber mock, uuid dependencies.\
2\. Adapted golanglint-ci recommendations.\
3\. Removed dependency on gardener/gardener hack/scripts.\
by [@unmarshall](https://redirect.github.com/unmarshall) \[[#834](https://redirect.github.com/gardener/etcd-druid/issues/834)]
- `[OPERATOR]` Enhanced parallel execution support in e2e tests, reducing time and improving test suite robustness. by [@seshachalam-yv](https://redirect.github.com/seshachalam-yv) \[[#833](https://redirect.github.com/gardener/etcd-druid/issues/833)]
- `[OPERATOR]` Upgrades to golang version 1.22.4 by [@unmarshall](https://redirect.github.com/unmarshall) \[[#826](https://redirect.github.com/gardener/etcd-druid/issues/826)]
- `[OPERATOR]` Updated e2e tests to support label changes during HA upgrades, preventing the reconciliation process from getting stuck and ensuring smooth transitions in deployment scenarios.
by [@seshachalam-yv](https://redirect.github.com/seshachalam-yv) \[[#838](https://redirect.github.com/gardener/etcd-druid/issues/838)]
- `[OPERATOR]` Introduced new Makefile targets:\
`deploy-dev` - starts skaffold in dev mode allowing reloading druid upon change.\
`deploy-debug` - starts skaffold in debug mode allowing using breakpoints to interrupt the control-flow.\
`undeploy` - uses skaffold delete to delete all resources that are installed via skaffold. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)]
- `[OPERATOR]` Enabling the configurability of `--max-backups` for LimitBasedGC through the etcd resource spec `.spec.backup.maxBackupsLimitBasedGC`. by [@anveshreddy18](https://redirect.github.com/anveshreddy18) \[[#755](https://redirect.github.com/gardener/etcd-druid/issues/755)]
- `[OPERATOR]` Updated README.md by [@unmarshall](https://redirect.github.com/unmarshall) \[[#851](https://redirect.github.com/gardener/etcd-druid/issues/851)]
- `[DEVELOPER]` Introduced testing guidelines, added developer productivity scripts and make targets to stress test, debug integration tests, formatting and detecting incompatible api changes. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#857](https://redirect.github.com/gardener/etcd-druid/issues/857)]
- `[DEVELOPER]` Fixes unit tests for internal/health package, includes missing tests in the Makefile `test` target and minor refactoring of test utility functions. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#822](https://redirect.github.com/gardener/etcd-druid/issues/822)]
- `[DEVELOPER]` Add Make target `make docker-clean` for cleaning up all docker builds related to etcd-druid. by [@shreyas-s-rao](https://redirect.github.com/shreyas-s-rao) \[[#842](https://redirect.github.com/gardener/etcd-druid/issues/842)]
- `[DEVELOPER]` Add Make targets `make clean-build-cache` and `make clean-mod-cache` for cleaning up Go build and mod caches respectively. by [@shreyas-s-rao](https://redirect.github.com/shreyas-s-rao) \[[#842](https://redirect.github.com/gardener/etcd-druid/issues/842)]
- `[DEVELOPER]` use `localstack:s3-latest` image instead of `localstack:latest` in tests for faster setup by [@anveshreddy18](https://redirect.github.com/anveshreddy18) \[[#805](https://redirect.github.com/gardener/etcd-druid/issues/805)]
- `[DEVELOPER]` remove deprecated pkg `k8s.io/utils/pointer` and use pkg `k8s.io/utils/ptr` by [@anveshreddy18](https://redirect.github.com/anveshreddy18) \[[#861](https://redirect.github.com/gardener/etcd-druid/issues/861)]
#### 📖 Documentation
- `[OPERATOR]` Introduce DEP-05: Design document for operator out-of-band tasks. by [@ishan16696](https://redirect.github.com/ishan16696) \[[#757](https://redirect.github.com/gardener/etcd-druid/issues/757)]
### \[gardener/etcd-backup-restore]
#### ⚠️ Breaking Changes
- `[USER]` Remove support for specifying Azure custom endpoint via environment variable `AZURE_STORAGE_API_ENDPOINT`. Please use the new `domain` field (via JSON or file) instead. by [@shreyas-s-rao](https://redirect.github.com/shreyas-s-rao) \[[gardener/etcd-backup-restore#759](https://redirect.github.com/gardener/etcd-backup-restore/issues/759)]
#### 🏃 Others
- `[DEVELOPER]` Added support to use Azurite, which emulates Azure Blob Storage for local development and testing - which can be enabled by setting the `AZURE_EMULATOR_ENABLED` and `AZURITE_STORAGE_API_ENDPOINT` environment variables. by [@renormalize](https://redirect.github.com/renormalize) \[[gardener/etcd-backup-restore#699](https://redirect.github.com/gardener/etcd-backup-restore/issues/699)]
- `[DEVELOPER]` Fixed the `check` make target when run locally, and a link in docs/development/new_cp_support.md. by [@renormalize](https://redirect.github.com/renormalize) \[[gardener/etcd-backup-restore#754](https://redirect.github.com/gardener/etcd-backup-restore/issues/754)]
- `[DEVELOPER]` Added documentation to use `etcdbrctl` as a process for testing locally, for a better developer experience and faster iteration speeds. by [@renormalize](https://redirect.github.com/renormalize) \[[gardener/etcd-backup-restore#723](https://redirect.github.com/gardener/etcd-backup-restore/issues/723)]
- `[DEVELOPER]` AWS S3 client Go module upgraded from v1.32.6 to v1.54.20. by [@renormalize](https://redirect.github.com/renormalize) \[[gardener/etcd-backup-restore#755](https://redirect.github.com/gardener/etcd-backup-restore/issues/755)]
- `[DEVELOPER]` Improved error handling for OpenStack Swift during deletion of objects. by [@renormalize](https://redirect.github.com/renormalize) \[[gardener/etcd-backup-restore#710](https://redirect.github.com/gardener/etcd-backup-restore/issues/710)]
- `[DEVELOPER]` Added support for using fake-gcs-server for all etcdbr functionalities. To enable: Either
1. Set `GOOGLE_EMULATOR_ENABLED` environment variable when running `etcdbrctl` command OR
2. Set `emulatorEnabled: true` in GCP backup secret when deploying via Helm chart. by [@anveshreddy18](https://redirect.github.com/anveshreddy18) \[[gardener/etcd-backup-restore#697](https://redirect.github.com/gardener/etcd-backup-restore/issues/697)]
- `[USER]` Do not rely on the snapshotter state when stopping the snapshotter. The snapshotter will now always be closed when a member goes from being the leader to any other state. by [@avestuk](https://redirect.github.com/avestuk) \[[gardener/etcd-backup-restore#680](https://redirect.github.com/gardener/etcd-backup-restore/issues/680)]
- `[USER]` Add support for specifying Google storage API endpoint via file `~/.gcp/storageAPIEndpoint`. Environment variable `GOOGLE_STORAGE_API_ENDPOINT` is deprecated, and will be removed shortly. by [@shreyas-s-rao](https://redirect.github.com/shreyas-s-rao) \[[gardener/etcd-backup-restore#759](https://redirect.github.com/gardener/etcd-backup-restore/issues/759)]
- `[USER]` Add support for specifying custom domains for Azure storage. by [@shreyas-s-rao](https://redirect.github.com/shreyas-s-rao) \[[gardener/etcd-backup-restore#759](https://redirect.github.com/gardener/etcd-backup-restore/issues/759)]
- `[OPERATOR]` Bump alpine base version for Docker build to `3.18.2`. by [@shreyas-s-rao](https://redirect.github.com/shreyas-s-rao) \[[gardener/etcd-backup-restore#638](https://redirect.github.com/gardener/etcd-backup-restore/issues/638)]
- `[OPERATOR]` etcd-backup-restore now supports server-side encryption using customer provided keys (SSE-C) for S3-compatible providers by [@amold1](https://redirect.github.com/amold1) \[[gardener/etcd-backup-restore#719](https://redirect.github.com/gardener/etcd-backup-restore/issues/719)]
#### Docker Images
- etcd-druid: `europe-docker.pkg.dev/gardener-project/releases/gardener/etcd-druid:v0.23.0`
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
v0.22.7->v0.23.0Release Notes
gardener/etcd-druid (github.com/gardener/etcd-druid)
### [`v0.23.0`](https://redirect.github.com/gardener/etcd-druid/releases/tag/v0.23.0) [Compare Source](https://redirect.github.com/gardener/etcd-druid/compare/v0.22.7...v0.23.0) ### \[gardener/etcd-druid] #### ⚠️ Breaking Changes - `[OPERATOR]` Custodian controller has now been removed in favour of etcd status reconciliation handled by etcd controller. CLI flags `--custodian-workers` and `--custodian-sync-period` have now been removed, and are no longer recognised by etcd-druid. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)] - `[OPERATOR]` Labels on druid-managed resources are now streamlined, and no longer include `name` and `instance`. Instead, these are now standard labels `app.kubernetes.io/managed-by` and `app.kubernetes.io/part-of`, as [recommended by Kubernetes](https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/#labels). Additionally, `app.kubernetes.io/component` label is also used to set the type of the component for an etcd cluster. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)] - `[OPERATOR]` Creation of Etcd resource no longer requires annotation `gardener.cloud/operation: reconcile` to be set on it for etcd-druid to reconcile it. In other words, creation of Etcd resource is immediate, irrespective of whether etcd-spec-auto-reconciliation is enabled or not. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)] - `[OPERATOR]` CLI flag `--workers` has now been renamed to `--etcd-workers`. Additionally, etcd controller also accepts new CLI flags `enable-etcd-spec-auto-reconcile` to control how and when the etcd spec is reconciled, and `etcd-status-sync-period` to specify the duration after which an event will be re-queued to ensure etcd status reconciliation. CLI flag `ignore-operation-annotation` has been deprecated, and will be removed in an upcoming release. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)] - `[OPERATOR]` Volume mounts for the etcd StatefulSet have now been fixed, to allow individually specifying TLS secrets for the etcd and backup-restore servers. CA and TLS certificates used for etcd client-server communication, relevant to the container that they are mounted on, can be found at `/var/etcd/ssl/`. CA and TLS certificates used for etcd peer communication, relevant to the container that they are mounted on, can be found at `/var/etcd/ssl/peer`. CA and TLS certificates used for etcd-backup-restore client-server communication, relevant to the container that they are mounted on, can be found at `/var/etcdbr/ssl`. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)] - `[DEVELOPER]` Vendor directory has now been removed from the project. Please run `make tidy` to pull dependencies into go mod cache initially, and whenever required. by [@shreyas-s-rao](https://redirect.github.com/shreyas-s-rao) \[[#748](https://redirect.github.com/gardener/etcd-druid/issues/748)] - `[USER]` Before upgrading druid to `v0.23.0+`, please ensure that druid is running with at least `v0.22.3+`. This is required to avoid any downtime during the upgrade of the etcds by the new druid version, as well as to ensure backward compatibility of your etcds, in case you wish to downgrade back to `v0.22.3+`. by [@shreyas-s-rao](https://redirect.github.com/shreyas-s-rao) \[[#823](https://redirect.github.com/gardener/etcd-druid/issues/823)] #### 📰 Noteworthy - `[OPERATOR]` A new condition `DataVolumesReady` has been introduced in `etcd.Status` to capture and report PVC warnings. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)] - `[OPERATOR]` Annotation `druid.gardener.cloud/ignore-reconciliation` has been marked as deprecated. Please use `druid.gardener.cloud/suspend-etcd-spec-reconcile` instead, which provides the same behavior. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)] - `[OPERATOR]` Scale-up logic for single-node etcd clusters with peerTLS disabled to multi-node etcd clusters with peerTLS enabled, has been improved by making it deterministic and eliminates an unnecessary restart of the first etcd member, thus making this process faster and error-free. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)] - `[OPERATOR]` CLI flag `--leader-election-resource-lock` is now deprecated, and will be set to `leases` from a future release onwards. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)] - `[OPERATOR]` A new validating webhook named `sentinel` has been introduced to safeguard resources created by etcd-druid. A new annotation `druid.gardener.cloud/disable-etcd-component-protection` has been introduced, which if set, tells sentinel webhook to allow manual changes by an operator on any resource managed by etcd-druid. This webhook is disabled by default, and can be enabled as follows: - If deploying druid via the binary, please pass CLI flag `--enable-sentinel-webhook` to it. Additionally, CLI flags `--webhook-server-bind-address`, `--webhook-server-port` and `--webhook-server-tls-server-cert-dir` need to be passed when enabling the webhook, which enforces TLS communication using the given certs. - If deploying druid via the Helm charts, please set chart value `webhooks.sentinel.enabled: true`. - If deploying druid via Skaffold, please set environment variable `DRUID_ENABLE_SENTINEL_WEBHOOK=true`. This is also applicable when running Make targets such as `deploy`, `deploy-dev`, `deploy-debug`, `test-e2e`, etc, except for `ci-e2e-kind`. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)] - `[OPERATOR]` The component model used for deploying resources has now been replaced with a simplified `ResourceOperator` model, found under `/internal/operator`. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)] - `[OPERATOR]` CLI flag `--metrics-addr` is now deprecated. Please use `--metrics-bind-address` and `--metrics-port` instead. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)] - `[USER]` Remove usage of \*\_STORAGE_API_ENDPOINT\` environment variables for Google and Azure providers. Storage API endpoint / domain will instead be directly consumed by etcd-backup-restore from the mounted backup secret. by [@shreyas-s-rao](https://redirect.github.com/shreyas-s-rao) \[[#856](https://redirect.github.com/gardener/etcd-druid/issues/856)] - `[DEVELOPER]` We are moving towards using golang native tests. This also allowed us to relook at the unit and integration tests that we have. In this PR we have only partially introduced comprehensive golang native tests for specific packages (`internal/operator`, `internal/webhook`, `internal/controller/etcd/` and `internal/utils/`). We have also added comprehensive integration tests for etcd controller and the new IT tests are present at `test/it/controller/etcd`. In future PRs we will replace the ginkgo based tests and replace it with native golang tests for rest of the packages as well. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)] - `[DEVELOPER]` All packages under `/pkg` and `/controllers` directories have now been moved to new parent `/internal` directory. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)] #### ✨ New Features - `[OPERATOR]` Etcd resource status now includes field `LastErrors` to indicate any errors encountered in the last reconciliation of the etcd resource. Custom error codes have been introduced to help capture contextual information from the reconciliation run. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)] - `[OPERATOR]` Etcd resource status now includes field `LastOperation` to indicate the last operation performed on the etcd resource. This includes a unique `RunID` to help sift through logs containing the specific `RunID`, improving debuggability. Every reconciler run generates a unique `RunID`. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)] - `[DEVELOPER]` `etcd-druid` now supports end-to-end testing with `Azurite` - the Azure Blob Storage Emulator by [@renormalize](https://redirect.github.com/renormalize) \[[#753](https://redirect.github.com/gardener/etcd-druid/issues/753)] - `[DEVELOPER]` Builds for non-native platforms can now be done using the `docker-build` make target instead of having to invoke the `docker buildx` command. The platform can be specified using the `PLATFORM` variable which is passed while invoking make. by [@renormalize](https://redirect.github.com/renormalize) \[[#873](https://redirect.github.com/gardener/etcd-druid/issues/873)] - `[USER]` Added support for new backup store provider `stackit` which is an alias for `S3`. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)] #### 🏃 Others - `[OPERATOR]` etcd-backup-restore container was started with SYS_PTRACE linux capability. This prevented creating etcd cluster with [Pod Security Standards](https://kubernetes.io/docs/concepts/security/pod-security-standards/). This linux capability has now been removed as it is no longer required. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)] - `[OPERATOR]` set cpu and memory requests for compaction pods by [@anveshreddy18](https://redirect.github.com/anveshreddy18) \[[#853](https://redirect.github.com/gardener/etcd-druid/issues/853)] - `[OPERATOR]` Etcd pods now mount files with `DefaultMode` set to `0640`. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)] - `[OPERATOR]` Upgrade `github.com/gardener/etcd-backup-restore` dependency from `0.26.0` to `0.29.0` by [@anveshreddy18](https://redirect.github.com/anveshreddy18) \[[#830](https://redirect.github.com/gardener/etcd-druid/issues/830)] - `[OPERATOR]` 1. Dependency version upgrades done to gardener/gardener, controller-runtime, controller-tools, k8s.io/\*, logr, zap, ginkgo, uber mock, uuid dependencies.\ 2\. Adapted golanglint-ci recommendations.\ 3\. Removed dependency on gardener/gardener hack/scripts.\ by [@unmarshall](https://redirect.github.com/unmarshall) \[[#834](https://redirect.github.com/gardener/etcd-druid/issues/834)] - `[OPERATOR]` Enhanced parallel execution support in e2e tests, reducing time and improving test suite robustness. by [@seshachalam-yv](https://redirect.github.com/seshachalam-yv) \[[#833](https://redirect.github.com/gardener/etcd-druid/issues/833)] - `[OPERATOR]` Upgrades to golang version 1.22.4 by [@unmarshall](https://redirect.github.com/unmarshall) \[[#826](https://redirect.github.com/gardener/etcd-druid/issues/826)] - `[OPERATOR]` Updated e2e tests to support label changes during HA upgrades, preventing the reconciliation process from getting stuck and ensuring smooth transitions in deployment scenarios. by [@seshachalam-yv](https://redirect.github.com/seshachalam-yv) \[[#838](https://redirect.github.com/gardener/etcd-druid/issues/838)] - `[OPERATOR]` Introduced new Makefile targets:\ `deploy-dev` - starts skaffold in dev mode allowing reloading druid upon change.\ `deploy-debug` - starts skaffold in debug mode allowing using breakpoints to interrupt the control-flow.\ `undeploy` - uses skaffold delete to delete all resources that are installed via skaffold. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#777](https://redirect.github.com/gardener/etcd-druid/issues/777)] - `[OPERATOR]` Enabling the configurability of `--max-backups` for LimitBasedGC through the etcd resource spec `.spec.backup.maxBackupsLimitBasedGC`. by [@anveshreddy18](https://redirect.github.com/anveshreddy18) \[[#755](https://redirect.github.com/gardener/etcd-druid/issues/755)] - `[OPERATOR]` Updated README.md by [@unmarshall](https://redirect.github.com/unmarshall) \[[#851](https://redirect.github.com/gardener/etcd-druid/issues/851)] - `[DEVELOPER]` Introduced testing guidelines, added developer productivity scripts and make targets to stress test, debug integration tests, formatting and detecting incompatible api changes. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#857](https://redirect.github.com/gardener/etcd-druid/issues/857)] - `[DEVELOPER]` Fixes unit tests for internal/health package, includes missing tests in the Makefile `test` target and minor refactoring of test utility functions. by [@unmarshall](https://redirect.github.com/unmarshall) \[[#822](https://redirect.github.com/gardener/etcd-druid/issues/822)] - `[DEVELOPER]` Add Make target `make docker-clean` for cleaning up all docker builds related to etcd-druid. by [@shreyas-s-rao](https://redirect.github.com/shreyas-s-rao) \[[#842](https://redirect.github.com/gardener/etcd-druid/issues/842)] - `[DEVELOPER]` Add Make targets `make clean-build-cache` and `make clean-mod-cache` for cleaning up Go build and mod caches respectively. by [@shreyas-s-rao](https://redirect.github.com/shreyas-s-rao) \[[#842](https://redirect.github.com/gardener/etcd-druid/issues/842)] - `[DEVELOPER]` use `localstack:s3-latest` image instead of `localstack:latest` in tests for faster setup by [@anveshreddy18](https://redirect.github.com/anveshreddy18) \[[#805](https://redirect.github.com/gardener/etcd-druid/issues/805)] - `[DEVELOPER]` remove deprecated pkg `k8s.io/utils/pointer` and use pkg `k8s.io/utils/ptr` by [@anveshreddy18](https://redirect.github.com/anveshreddy18) \[[#861](https://redirect.github.com/gardener/etcd-druid/issues/861)] #### 📖 Documentation - `[OPERATOR]` Introduce DEP-05: Design document for operator out-of-band tasks. by [@ishan16696](https://redirect.github.com/ishan16696) \[[#757](https://redirect.github.com/gardener/etcd-druid/issues/757)] ### \[gardener/etcd-backup-restore] #### ⚠️ Breaking Changes - `[USER]` Remove support for specifying Azure custom endpoint via environment variable `AZURE_STORAGE_API_ENDPOINT`. Please use the new `domain` field (via JSON or file) instead. by [@shreyas-s-rao](https://redirect.github.com/shreyas-s-rao) \[[gardener/etcd-backup-restore#759](https://redirect.github.com/gardener/etcd-backup-restore/issues/759)] #### 🏃 Others - `[DEVELOPER]` Added support to use Azurite, which emulates Azure Blob Storage for local development and testing - which can be enabled by setting the `AZURE_EMULATOR_ENABLED` and `AZURITE_STORAGE_API_ENDPOINT` environment variables. by [@renormalize](https://redirect.github.com/renormalize) \[[gardener/etcd-backup-restore#699](https://redirect.github.com/gardener/etcd-backup-restore/issues/699)] - `[DEVELOPER]` Fixed the `check` make target when run locally, and a link in docs/development/new_cp_support.md. by [@renormalize](https://redirect.github.com/renormalize) \[[gardener/etcd-backup-restore#754](https://redirect.github.com/gardener/etcd-backup-restore/issues/754)] - `[DEVELOPER]` Added documentation to use `etcdbrctl` as a process for testing locally, for a better developer experience and faster iteration speeds. by [@renormalize](https://redirect.github.com/renormalize) \[[gardener/etcd-backup-restore#723](https://redirect.github.com/gardener/etcd-backup-restore/issues/723)] - `[DEVELOPER]` AWS S3 client Go module upgraded from v1.32.6 to v1.54.20. by [@renormalize](https://redirect.github.com/renormalize) \[[gardener/etcd-backup-restore#755](https://redirect.github.com/gardener/etcd-backup-restore/issues/755)] - `[DEVELOPER]` Improved error handling for OpenStack Swift during deletion of objects. by [@renormalize](https://redirect.github.com/renormalize) \[[gardener/etcd-backup-restore#710](https://redirect.github.com/gardener/etcd-backup-restore/issues/710)] - `[DEVELOPER]` Added support for using fake-gcs-server for all etcdbr functionalities. To enable: Either 1. Set `GOOGLE_EMULATOR_ENABLED` environment variable when running `etcdbrctl` command OR 2. Set `emulatorEnabled: true` in GCP backup secret when deploying via Helm chart. by [@anveshreddy18](https://redirect.github.com/anveshreddy18) \[[gardener/etcd-backup-restore#697](https://redirect.github.com/gardener/etcd-backup-restore/issues/697)] - `[USER]` Do not rely on the snapshotter state when stopping the snapshotter. The snapshotter will now always be closed when a member goes from being the leader to any other state. by [@avestuk](https://redirect.github.com/avestuk) \[[gardener/etcd-backup-restore#680](https://redirect.github.com/gardener/etcd-backup-restore/issues/680)] - `[USER]` Add support for specifying Google storage API endpoint via file `~/.gcp/storageAPIEndpoint`. Environment variable `GOOGLE_STORAGE_API_ENDPOINT` is deprecated, and will be removed shortly. by [@shreyas-s-rao](https://redirect.github.com/shreyas-s-rao) \[[gardener/etcd-backup-restore#759](https://redirect.github.com/gardener/etcd-backup-restore/issues/759)] - `[USER]` Add support for specifying custom domains for Azure storage. by [@shreyas-s-rao](https://redirect.github.com/shreyas-s-rao) \[[gardener/etcd-backup-restore#759](https://redirect.github.com/gardener/etcd-backup-restore/issues/759)] - `[OPERATOR]` Bump alpine base version for Docker build to `3.18.2`. by [@shreyas-s-rao](https://redirect.github.com/shreyas-s-rao) \[[gardener/etcd-backup-restore#638](https://redirect.github.com/gardener/etcd-backup-restore/issues/638)] - `[OPERATOR]` etcd-backup-restore now supports server-side encryption using customer provided keys (SSE-C) for S3-compatible providers by [@amold1](https://redirect.github.com/amold1) \[[gardener/etcd-backup-restore#719](https://redirect.github.com/gardener/etcd-backup-restore/issues/719)] #### Docker Images - etcd-druid: `europe-docker.pkg.dev/gardener-project/releases/gardener/etcd-druid:v0.23.0`Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Renovate Bot.