github/kamaji
1
0
Fork 0
mirror of https://github.com/clastix/kamaji.git synced 2026-02-14 18:10:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
939 Commits 4 Branches 109 Tags
cb8086754b56e080b54b510a5e2a005a9fa99b77
Commit Graph

264 Commits

Author SHA1 Message Date
Timofei Larkin
8d25078c47 feat: don't clobber 3rd-party labels (#992) 
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
 2025-10-17 17:35:20 +02:00
Dario Tranchitella
de459fb5da feat!: write permissions (#937) 
* fix: decoding object only if requested

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* feat(api): limiting write permissions

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* feat: write permissions handlers, routes, and controller

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* docs: write permissions

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-10-03 14:30:58 +02:00
Loïc Brun
285cef0f02 fix(konnectivity): rotate certicate during certificate authority rotation (#976) 2025-10-02 16:17:59 +02:00
dependabot[bot]
b0faf7d31e feat(deps): bump sigs.k8s.io/controller-runtime from 0.22.0 to 0.22.1 (#953) 
* feat(deps): bump sigs.k8s.io/controller-runtime from 0.22.0 to 0.22.1

Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.22.0 to 0.22.1.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.22.0...v0.22.1)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-version: 0.22.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(golangci-lint): apply is no more deprecated

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-09-11 15:25:42 +02:00
Dario Tranchitella
17869a4e0f fix(controller-manager): supporting extra args override (#959) 
* fix(controller-manager): supporting extra args override

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* chore: removing deprecated intstr.FromInt usage

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-09-10 14:23:32 +02:00
Dario Tranchitella
2a7749839e feat!: inflecting version for konnectivity components from tcp (#934) 
* feat(api)!: inflecting version for konnectivity components from tcp

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* feat: inflecting version for konnectivity components from tcp

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* docs(konnectivity): warning about missing container artefacts

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-09-10 12:19:33 +02:00
Pierre Gaxatte
5d6f512df1 fix(certificates): use a stable format for the rotate annotation value (#955) 2025-09-09 12:27:11 +02:00
Dario Tranchitella
1a0858d350 fix: konnectivity logs and nil pointer dereference (#951) 
* fix(konnectivity): avoiding nil pointer reconcile for agent

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* fix(log): ignoring not found errors for konnectivity cleanup

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-09-07 11:02:44 +02:00
Dario Tranchitella
e2a0648989 fix: default values for schema and username (#941) 
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-09-05 15:32:10 +02:00
Dario Tranchitella
4a474d5749 fix: handling create or update for patch resources (#942) 
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-09-05 09:42:17 +02:00
Dario Tranchitella
b9fee273eb fix: patching of kube-proxy and coredns advanced objects (#940) 
* fix(coredns): using patch for deployment and service reconciliation

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* feat(kubeproxy): using patch for daemonset reconciliation

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-09-04 16:56:09 +02:00
Dario Tranchitella
dc470f247d feat(k8s): support for v1.34.0 (#925) 
* feat(k8s): support for v1.34.0

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* chore(crds): fields update and documentation

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-09-01 10:11:02 +02:00
Dario Tranchitella
d30af82691 feat(deps): bump k8s.io/kubernetes from 1.33.3 to 1.33.4 (#912) 
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-08-14 14:40:10 +02:00
Dario Tranchitella
9ed00b98e6 feat(deps): bump k8s.io/kubernetes from 1.33.2 to 1.33.3 (#906) 
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-08-11 14:39:03 +02:00
Mateusz Kwiatkowski
f52fe45c46 feat: add hostNetwork support for the Konnectivity Agent (#883) 
This commit extends CRD API: Added hostNetwork field to KonnectivityAgentSpec struct.
It's false by default so it's backwards compatible.

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-07-30 22:31:38 +02:00
Dario Tranchitella
5e68fd8fe0 fix: honouring certificate expiratin threshold (#886) 
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-07-28 09:40:16 +02:00
Philipp Riederer
0990317595 feat!: support setting the username for the relational database (#891) 
* Support setting the username for the relational database

fixes #889

* update crd+documentation
 2025-07-24 14:05:26 +02:00
Dario Tranchitella
cac1631523 feat: rotating certificates via annotation (#877) 
* fix(kubeconfig): checking certificate authority data for validity

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* feat: rotating certificates via annotation

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* docs: rotating certificates via annotation

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-07-21 09:23:29 +02:00
Dario Tranchitella
d1eb860918 feat!: support for konnectivity deployment mode (#875) 
* feat(konnectivity): support for deployment mode

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* feat(helm)!: support for konnectivity deployment mode

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* chore(sample): support for konnectivity deployment mode

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* docs: support for konnectivity deployment mode

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-07-21 09:21:35 +02:00
Dario Tranchitella
0ab8843418 feat(chore): support for customising container repository via ldflags (#873) 
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-07-14 13:38:09 +02:00
Dario Tranchitella
09c9743465 feat(deps): updating kamaji-etcd and kubeadm dependencies (#865) 
* feat(deps): upgrading kamaji-etcd helm dependency

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* feat(deps): upgrading kubeadm support to v1.33.2

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-07-03 09:49:09 +02:00
Dario Tranchitella
3230a70475 feat(migration): enhancements and customisable timeout (#845) 
* feat(migration): customising timeout via tcp annotation

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* docs: customising migration timeout via tcp annotation

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* fix(migrate): delete job in case of timeout change

This will delete the failed job due to an incorrect timeout and performs
the creation of a new object rather than updating it, since its
immutability in the API specification.

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-06-20 19:32:49 +02:00
Dario Tranchitella
32ef65820d feat: toggable cleanup schema prior migration (#840) 
* feat(migration): cleanup prior migration

When using the annotation `kamaji.clastix.io/cleanup-prior-migration`
with a true boolean value, Kamaji will perform a clean-up on the target
DataStore to avoid stale resources when back and forth migrations occur.

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* docs: cleanup prior migration

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-06-13 08:06:24 +02:00
Dario Tranchitella
eeb12c232b feat(metrics): exposing resource handlers time bucket (#836) 
* refactor: static names and avoiding clash

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* feat(metrics): exposing resource handlers time bucket

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-06-10 17:28:10 +02:00
Dario Tranchitella
ca622ef9ae feat(k8s): upgrade support to v1.33.1 (#826) 
* feat(k8s): upgrade support to v1.33.1

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* feat(deps): upgrade support to k8s v1.33.1

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-05-29 16:48:23 +02:00
Dario Tranchitella
f750073af6 refactor!: k8s api server validation for kubelet preferred address type uniqueness (#812) 
* feat(api): relying on k8s list set for unique items

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* feat(crd)!: relying on k8s list set for unique items

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* chore(webhook): removing unused webhook for kubelet preferred address type

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* docs(crd): kubelet preferred address type uniqueness

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-05-07 12:13:00 +02:00
Dario Tranchitella
c2bb50933a feat: supporting k8s v1.33 (#792) 
* chore(go): updating dependencies for k8s v1.33

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* refactor: aligning to k8s v1.33 changes

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* feat(kubeadm): supporting k8s v1.33.0

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* chore(test): aligning changes to k8s v1.33

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* chore(sample): updating to k8s v1.33.0

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* docs: support to k8s v1.33

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* feat(helm)!: support to k8s v1.33

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* chore(makefile): removing kind deploy

Main makefile handles the provisioning of it according to e2e test
suite.

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* fix(test): removing sa on test and fixing worker nodes join

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-04-24 13:18:15 +02:00
Dario Tranchitella
2204fdad63 fix(datastore): pod template hashing for storage migration (#710) 
* fix(datastore): pod template hashing for storage migration

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* test: ensuring migration works for etcd and postgresql

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-04-14 14:20:19 +02:00
Dario Tranchitella
b68010e072 feat!: introducing sleeping status (#773) 
* feat(api): introducing sleeping status

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* chore(helm)!: introducing sleeping status

Marking this commit as breaking since a CustomResourceDefinition update
is required for users dealing with scale to zero since the introduction
of the new enum for the status field.

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* docs: introducing sleeping status

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-04-07 16:44:13 +02:00
Dario Tranchitella
b2ec531183 chore(go): upgrading to 1.24 (#766) 
* chore(go): upgrading to 1.24

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* chore(ci): building golanci-lint from source

* chore(golangci-lint): aligning to v2 release

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-04-01 21:09:46 +02:00
Ammar Yasser
0f3de13d26 feat: validate datastores with cel (#762) 
* feat: Validate DataStores with CEL using the following rules

- certificateAuthority privateKey must have secretReference or content when driver is etcd
- clientCertificate must have secretReference or content when driver is etcd
- clientCertificate privateKey must have secretReference or content when driver is etcd
- When driver is not etcd and tlsConfig exists, certificateAuthority must be null or contain valid content
- When driver is not etcd and tlsConfig exists, clientCertificate must be null or contain valid content
- When driver is not etcd and basicAuth exists, username must have secretReference or content
- When driver is not etcd and basicAuth exists, password must have secretReference or content
- When driver is not etcd, either tlsConfig or basicAuth must be provided

Signed-off-by: aerosouund <aerosound161@gmail.com>

* fix: Add extra rule

Signed-off-by: aerosouund <aerosound161@gmail.com>

* fix: ginkgo flag ordering

Signed-off-by: aerosouund <aerosound161@gmail.com>

* fix: Fix syntax of tls or basic auth rule and remove the certificate authority rule

Signed-off-by: aerosouund <aerosound161@gmail.com>

* test: Add ginkgo tests for validations

Signed-off-by: aerosouund <aerosound161@gmail.com>

* fix(test): missing default values

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* chore(ci): running integration tests as gh job

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: aerosouund <aerosound161@gmail.com>
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
Co-authored-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-03-31 19:03:55 +02:00
Dario Tranchitella
8b22f22bd3 fix: check cert names and ips including tcp address (#758) 
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-03-27 18:34:57 +01:00
Dario Tranchitella
a8f8582ea6 fix(datastore): handling datastore with no client certificate (#745) 
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-03-23 22:29:33 +01:00
Pandry
09a5b05a9c feat: removes LoadBalancerIP field from service spec (#713) 
Addresses #688, this commit removes the deprecated `spec.loadBalancerIP`.
With the property being set in the service, the AWS cloud controller complained and caused issues.
 2025-03-21 07:55:12 +01:00
Dario Tranchitella
c87d6ffc47 fix(crypto): validating cp endpoint for api server cert (#737) 
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-03-21 07:53:37 +01:00
Dario Tranchitella
22a40409f2 fix: client certificate is required for etcd datastore (#733) 2025-03-20 14:36:08 +01:00
daseul cho
e7df0f15d8 fix: cleanup ingress managed by kamaji (#726) 2025-03-16 11:14:06 +01:00
Dario Tranchitella
6a6c83a1c6 feat: supporting k8s v1.32.3 (#722) 
* deps: upgrading replace mods to v0.32.3

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* feat(kubeadm): supporting k8s v1.32.3

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-03-13 14:59:26 +01:00
Dario Tranchitella
9d48eaecb3 fix!(kubeadm): cluster-info configmap reconciliation (#715) 
This commit introduces a breaking change such as the removal of
the default bootstrap token created by kubeadm on an idempotent basis.

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-03-12 15:17:47 +01:00
Mario Valderrama
d5ed4db445 fix: wait until deployment stabilizes to set status Ready (#718) 
Signed-off-by: Mario Valderrama <mario.valderrama@ionos.com>
 2025-03-12 13:10:53 +01:00
Johann Wagner
899da1aec4 fix: evaluate all conditions of a migration job to find out if completed (#706) 2025-02-28 16:17:20 +01:00
Dario Tranchitella
3de661b4e6 feat: validating api server cert sans (#701) 
* feat(webhook): validating api server cert sans

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* feat(controller): validating api server cert sans

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-02-20 15:43:22 +01:00
Dario Tranchitella
2f5ba4820a feat: supporting kubernetes v1.32.2 (#695) 
* feat(deps): updating k8s.io packages to v0.32.2

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* feat(kubeadm): supporting k8s v1.32.2

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-02-17 15:39:12 +01:00
Dario Tranchitella
339d6497ba feat: supporting kubernetes up to v1.32.1 (#686) 
* feat: supporting kubernetes up to v1.32.1

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* docs: styling for enums

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-02-06 09:29:08 +01:00
Dario Tranchitella
1ddaeb3aae fix: trusting public CA from k8s.io container images (#682) 
* fix: trusting public CA from k8s.io container images

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* chore(golangci-lint): timeout from configuration file

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-02-01 18:15:27 +01:00
Dario Tranchitella
1d72802abd refactor: avoid logging error and sentinel for status (#673) 
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-01-22 11:08:01 +01:00
dependabot[bot]
f82350f17b feat(deps): bump sigs.k8s.io/controller-runtime from 0.19.3 to 0.20.0 (#670) 
* feat(deps): bump sigs.k8s.io/controller-runtime from 0.19.3 to 0.20.0

Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.19.3 to 0.20.0.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.19.3...v0.20.0)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* chore(generate): upgrade to k8s.io/kubernetes v0.32.1

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* chore(helm): descriptions upgrade to k8s.io/kubernetes v0.32.1

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* docs: descriptions upgrade to k8s.io/kubernetes v0.32.1

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-01-21 18:46:48 +01:00
Mario Valderrama
f29e2195d3 feat: support ECDSA private keys for etcd (#667) 
* feat: support ECDSA private keys

Signed-off-by: Mario Valderrama <mario.valderrama@ionos.com>

* fix: use jetstack cert-manager chart

Signed-off-by: Mario Valderrama <mario.valderrama@ionos.com>

---------

Signed-off-by: Mario Valderrama <mario.valderrama@ionos.com>
 2025-01-17 15:36:00 +01:00
Dario Tranchitella
9171f46c60 feat: supporting kubernetes up to v1.31.4 (#649) 
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2024-12-11 11:59:46 +01:00
Dario Tranchitella
2b17282b0e chore(go): bumping up to go1.23 (#643) 
* chore(go): bumping up to go1.23

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* chore(golangci-lint): bumping up to v1.62.2

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2024-12-01 16:09:26 +01:00