Releases: slauger/openvox-operator
Releases · slauger/openvox-operator
v0.5.0
0.5.0 (2026-04-23)
Bug Fixes
- add emptyDir volumes for puppet vardir and rundir (e2b83b0)
- prevent reconcile loop that blocked certificate renewal (0d75493), closes #334
- reduce activeDeadlineSeconds for autosign-policy nomatch job (9930da8), closes #338
- replace em-dash with ASCII hyphen in comment (ecfc6a6)
- use jsonpath wait instead of condition=Failed for nomatch job (3e1d863)
Features
v0.4.0
0.4.0 (2026-04-21)
Bug Fixes
- add webhook.rb and openvox-report binary to openvox-server image (b0152bd), closes #319
- address review feedback (6bde7af)
- address review feedback for certificate renewal (8ed867d)
- delete e2e namespaces before uninstalling operator in cleanup (d8e3726)
- deps: update k8s.io/utils digest to 28399d8 (2395db1)
- emit all crossed expiry thresholds at once and error on empty certname (f5e180e)
- enforce TLS 1.2 minimum on all CA HTTP clients (6dc6382)
- handle errcheck lint for mock test setup calls (494ddab)
- harden renewal against edge cases (9f0d0a8)
- include auto-generated dnsAltNames in pool-gateway e2e assertion (a292feb)
- increase operator memory limits to prevent OOMKill (9566137)
- promote k8s.io/utils to direct dependency (003a14b)
- remove concurrency block from e2e-single to avoid deadlock (d9e96a8)
- remove syslog native extension build workaround (20c4b20), closes OpenVoxProject/openvox#410 #306
- remove versioning=loose and bump openvox-agent to 8.26.2 (2f64c86)
- replace deprecated Requeue with RequeueAfter (c93442d)
- require unit suffix in renewBefore, deduplicate CSR building, add cleanup retry limit (048931c)
- robust e2e-cleanup with finalizer handling, remove BYO webhook tests (e30a2d2)
- split E2E workflow into all-groups and single-group triggers (2085653)
- use CN-based auth.conf rules for operator-signing cert (71ae908)
- use gateway.networking.k8s.io/v1 for TLSRoute in pool-gateway e2e test (f15149b)
- use json.Marshal for clean API body and guard ensurePendingKey against transient errors (c15de0d)
- use shell variable for CA_BUNDLE in e2e-operator-webhooks-byo (9d03501)
- work around syslog native C extension build failure on JRuby (e6a3f2a), closes #306
Features
v0.3.0
0.3.0 (2026-04-17)
Bug Fixes
- deps: update go dependencies (914fceb)
- drop /pdb/cmd/v1 suffix from puppetdb ReportProcessor URL examples (20a91ec)
- remove redundant push trigger from e2e-images workflow (#281) (3163305)
- resolve CI failures for csrExtensions PR (bc5628b)
- resolve staticcheck SA5011 nil pointer warnings in tests (589609c)
- update Go toolchain to 1.26.2 and pin builder images (#286) (8020876)
- update renovate datasource for openvox-agent to correct repo (#303) (2e4a1c9)
- use postUpdateOptions for gomodTidy in Renovate config (7e6c086)
Features
v0.2.0
0.2.0 (2026-04-06)
Bug Fixes
- add attestations:write permission to all container build callers (#204) (e82c8f7)
- add Database CRD to RBAC rules (04c1912)
- add missing auth.conf for OpenVox DB (#175) (06fffea)
- add missing bootstrap.cfg and fix entrypoint for OpenVox DB (#177) (bee19e7)
- add missing networkpolicies RBAC and remove stale endpoints permission (9c8b2cd), closes #217
- add openvox-db image and openvox-db-postgres chart to release workflow (2e502ee), closes #220
- add RetryOnConflict to all Status().Update() calls (#243) (#251) (88218c8)
- assert ReportProcessors are Active before Server check in agent-report E2E (#276) (6d819f6)
- auto-enable storeconfigs when database is enabled in Helm chart (c1c7fb8), closes #209
- Config controller deadlock and operator log check filters (13a9ce3), closes #263
- correct jar filename in openvox-db Containerfile (e5aa1ed)
- correct jar filename in openvox-db Containerfile (#172) (7db10e2)
- drop e2e-wait, just verify cluster connectivity (0eacf9c)
- drop full curl install from mock image, curl-minimal suffices (#269) (872acb9)
- E2E test reliability and module metadata (#254) (e041674)
- enable pg_trgm extension in CNPG E2E cluster (#180) (59a0fce)
- enable stdout logging for OpenVox DB in containers (#179) (0acdc51)
- expose readOnlyRootFilesystem in openvox-stack Helm chart (0acda47), closes #208
- filter 'connection refused' from E2E operator log checks (0247416)
- lowercase error string to satisfy staticcheck ST1005 (ce825a6)
- make E2E operator log check a warning instead of failing the test (#277) (2e6051f)
- mount emptyDir for OpenVox DB vardir (#178) (0a793f2)
- poll for deployment existence in e2e-wait before kubectl wait (5e36c69)
- prevent double-trigger of auto-pr workflow (77796dc)
- remove broken Go workflow badge from README (451353d)
- remove unicode box-drawing characters from e2e workflow comments (8ba364e)
- rename openvox-code to openvox-e2e-code (#259) (#270) (7f50703), closes #260
- replace Chainsaw Job condition asserts with kubectl wait (ad00640)
- replace jvm-ssl-utils workaround with jruby-openssl 0.15.7 (fe9477c), closes jruby/jruby-openssl#349 #149
- replace unicode characters in auto-pr workflow [skip ci] (7340b74)
- replace Unicode em dash with ASCII in code comment (52db6a1)
- replace wget with curl in mock image and E2E tests (2e8b4b1)
- split e2e-cleanup to prevent CRD deletion race condition (5124696)
- switch release workflow to manual dispatch (57b7a67)
- use all commit messages instead of truncated diff for auto-PR (16629b1)
- use buildx imagetools for manifest creation with provenance (#205) (25a7c32)
- use databaseRef in openvox-stack and fix openvox-db-postgres NOTES.txt (6735964), closes #222 #223
- use FQDN for Database status.URL (512901e), closes #193
- use localhost HTTP listener for Database health probes (8b03d8c)
- use ParseDurationToSeconds for crlRefreshInterval instead of time.ParseDuration (addd903), closes #219
- use release version as auto-pr title (90f16ab)
Features
- add --enable-gateway-api flag for explicit opt-out (#238) (730ea39), closes #230
- add Database CRD for OpenVox DB deployment (5c70d61), closes #11
- add databaseRef to Config for automatic PuppetDB wiring (857a7bd), closes #182
- add EventRecorder to PoolReconciler (898f170), closes #210
- add helm-unittest test suite for all charts (#237) (d34b667), closes #233
- add NetworkPolicy support for Server and Database (#202) ([1b...
v0.1.0
0.1.0 (2026-03-23)
Bug Fixes
- add error logging to helper functions that silently return nil (ace3e29), closes #115
- add events.k8s.io to ClusterRole RBAC (1400c69)
- add id-token permission to all E2E jobs for manifest signing (b6b2574)
- add libffi-devel for fiddle gem in openvox-code image (b9993d1)
- add missing RBAC rules for reportprocessors and poddisruptionbudgets (8a66ed6)
- add ownerReferences to CA setup job Secrets for automatic GC (00e080c), closes #51
- add puppet to PATH in agent image and resolve status conflict (112728b)
- add timeout to webhook.rb report processor shim (bc7f6c5)
- address logic bugs in Server, Pool, and Deployment controllers (b712b6e)
- address review findings for ReportProcessor CRD (ad2994c)
- adopt secrets in controller instead of setting ownerReferences in job (9eb98c4)
- bump go directive to 1.26.1 to resolve stdlib vulnerabilities (dfa2b2d)
- change max-active-instances default from 2 to 1 (540872b)
- collection of bugfixes (#75 #76 #77 #81 #82 #83) (d77c431)
- correct CI badge workflow file extension (9372dd4)
- default imagePullPolicy to Always in Helm chart (411159b)
- deps: update go dependencies (ec3734c)
- deps: update go dependencies (e5a1478)
- disable successComment in semantic-release (31bd228)
- emit CAInitialized event only on phase transition to Ready (9cbef61)
- enforce TLS 1.2 minimum and log silent watcher errors (#86) (034e306)
- go mod tidy and update openvox-server build context to repo root (15d27fe)
- grant id-token permission for cosign keyless signing (114e34d)
- handle resp.Body.Close error returns for errcheck lint (028fdae)
- inject CA Service FQDN into job env instead of modifying Certificate CR (4df83c8)
- log status update errors instead of silently ignoring them (136ee78)
- make E2E workflow manual-only with optional registry image tag (90c72f2)
- migrate from deprecated record.EventRecorder to events.EventRecorder (bcfcf8c)
- mount SSL certs via subPath to keep directory writable (60d9aec)
- non-blocking cert signing, CA cert selection, Helm servers array (3c98019)
- override max-active-instances via JVM system property (15a5da4)
- pin openvox-db base image to ubi9 9.7-1773895171 (89a01e2)
- pin r10k version via Gemfile to satisfy hadolint DL3028 (ca259a9)
- reduce transient startup messages from error to info (af64e4c)
- regenerate CRD manifests for WaitingForSigning phase (6aaf832)
- regenerate CRDs with controller-gen v0.16.5 (8481bd0)
- regenerate CRDs with controller-gen v0.16.5 (matching CI) (8bb9839)
- regenerate CRDs with controller-gen v0.20.1 (71e0bc0)
- remove unnecessary fmt.Sprintf in metrics renderer (0af22e5)
- remove unused autosignPolicyPath constant (d5c30a9)
- remove unused int32Ptr helper (1fcea8b)
- remove unused test helpers withExternalTLSSecret and withExternalInsecureSkipVerify (4c1710e)
- rename CA internal service to -internal to avoid Pool naming conflict (4970694)
- rename shellcheck job to avoid duplicate name in CI (dac6266)
- replace em dash with ASCII hyphen in test comment (a853e12)
- replace en dash and box drawing chars with ASCII equivalents (f3d3e4c)
- replace en-dash with ASCII equivalent in test comment (0e072ca)
- replace non-ASCII em dashes in Foreman docs section (90506db)
- replace smart quotes in CEL validation rules with size() expressions (82b5af4), closes #30
- replace Unicode smart quote in CEL validation rule with ASCII single quotes (90a1531)
- replace Unicode smart quotes with ASCII in CEL rules (3455026)
- requeue when NotAfter cannot be extracted from certificate secret (72cdd86), closes #114
- resolve CI failures for lint and envtest (2a69b5a)
- resolve CI failures in shellcheck, hadolint, and govulncheck (12ab0d8)
- resolve errcheck lint violations in mock server (7e20de7)
- resolve golangci-lint errors in test files (c9d37cd)
- resolve golangci-lint failures in controller tests ([a6e4181](a6e418181e...