0.132.0
🚩 Deprecations 🚩
collector: Remove opencensus receiver from parsing logic as it is no longer supported in OpenTelemetry Collector (#4239)
The opencensus receiver has been removed from the operator's receiver parsing logic.
Since 2025-02-14 its no longer supported and got removed from the Collector Distributions.
💡 Enhancements 💡
-
collector: enable native sidecar on OpenShift 4.16+ with k8s version newer then v1.29 by default. (#4247) -
collector: Use native sidecar on k8s 1.29+ (#3356)
The operator will automatically use native sidecars whenever a Kubernetes
version 1.29 or higher is discovered.
The usage of native sidecars can be disabled with--feature-gates=-sidecarcontainers.native.
See: https://kubernetes.io/blog/2023/08/25/native-sidecar-containers/ -
collector: Add network policy for the collector. (#4231)
This change adds a network policy to the collector to allow traffic to all collector receivers and egress traffic from the collector pod.
The collector network policy can be enabled in the collector CR.spec: networkPolicy: enabled: true
By default it is disabled, however the default value is configured with a feature gate
--feature-gates=operand.networkpolicy.
The feature gate will be enabled in the future releases. -
operator: Operator now creates a NetworkPolicy to restrict access to the operator pod. (#4230)
The operator network policy can be enabled with--feature-gates=+operator.networkpolicy.
The feature gate is disabled by default and it will be enabled in the future releases.
Following APIs are allowe: ingress on port 9443 (webhook), 8080 (metrics port), 8443 (metrics RBAC proxy) and egress on port 6443 (API server). -
target allocator: Add network policy for the target allocator. (#4231)
This change adds a network policy to the target allocator which allows traffic to the port8080and outgoing traffic to the API server.
The target allocator network policy can be enabled in the target allocator CR.spec: networkPolicy: enabled: true
By default it is disabled, however the default value is configured with a feature gate
--feature-gates=operand.networkpolicy.
The feature gate will be enabled in the future releases. -
opamp: Correlates the OpAMP data from the proxy server with the bridge's own OpAMP data. (#3837) -
collector: k8sattributes: Add automatic RBAC for new service.name resource attribute generator (#4131)
The k8sattributes processor recently added support for automatic service.name resource attribute generation.
This change ensures that when service.name is configured in the k8sattributes processor, the operator
automatically adds the necessary RBAC rules for replicasets access, which is required for extracting
k8s.deployment.name.
🧰 Bug fixes 🧰
-
opamp: fixes a bug where the bridge deployment wouldn't rollout on a config change. (#4020) -
collector: Fix a Deployment restart issue caused when the HPA settings changed, the webhook would modify spec.replicas. (#2585) -
collector: Operator no longer overwrites ingress annoations on change (#4322)
The operator now respects external manipulations of the Ingress object — instead of
overwriting annotations it respects existing to prevent annotation-overwrite issues
that caused reconciliation loops with external controllers (e.g., Rancher). -
collector, target allocator, opamp: Remove unnecessary cert-manager CA annotation from CRDs (#4321)
Remove annotationcert-manager.io/inject-ca-fromfrom all OpenShift CRD manifests. The CRDs on OpenShift are installed via OLM which handles the CA injection.
The annotation is also not needed for non-OpenShift installations on CRDs that do not have a conversion webhook.