From bc0e23906cc4ce79e6f5fa7cfd632852fa6b1edc Mon Sep 17 00:00:00 2001 From: Siegfried Weber Date: Mon, 23 Mar 2026 17:11:38 +0100 Subject: [PATCH 01/16] feat: Implement annotation restarter.stackable.tech/ignore --- Cargo.nix | 18 +++++++-------- crate-hashes.json | 18 +++++++-------- .../src/restart_controller/statefulset.rs | 22 ++++++++++++++----- 3 files changed, 35 insertions(+), 23 deletions(-) diff --git a/Cargo.nix b/Cargo.nix index c6cadaa..46246bf 100644 --- a/Cargo.nix +++ b/Cargo.nix @@ -4801,7 +4801,7 @@ rec { src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; rev = "8425ce312cfadcc49c157bada79cac04c3ad5229"; - sha256 = "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c"; + sha256 = "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3"; }; libName = "k8s_version"; authors = [ @@ -9293,7 +9293,7 @@ rec { src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; rev = "8425ce312cfadcc49c157bada79cac04c3ad5229"; - sha256 = "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c"; + sha256 = "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3"; }; libName = "stackable_certs"; authors = [ @@ -9479,7 +9479,7 @@ rec { src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; rev = "8425ce312cfadcc49c157bada79cac04c3ad5229"; - sha256 = "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c"; + sha256 = "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3"; }; libName = "stackable_operator"; authors = [ @@ -9651,7 +9651,7 @@ rec { src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; rev = "8425ce312cfadcc49c157bada79cac04c3ad5229"; - sha256 = "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c"; + sha256 = "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3"; }; procMacro = true; libName = "stackable_operator_derive"; @@ -9686,7 +9686,7 @@ rec { src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; rev = "8425ce312cfadcc49c157bada79cac04c3ad5229"; - sha256 = "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c"; + sha256 = "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3"; }; libName = "stackable_shared"; authors = [ @@ -9767,7 +9767,7 @@ rec { src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; rev = "8425ce312cfadcc49c157bada79cac04c3ad5229"; - sha256 = "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c"; + sha256 = "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3"; }; libName = "stackable_telemetry"; authors = [ @@ -9877,7 +9877,7 @@ rec { src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; rev = "8425ce312cfadcc49c157bada79cac04c3ad5229"; - sha256 = "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c"; + sha256 = "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3"; }; libName = "stackable_versioned"; authors = [ @@ -9921,7 +9921,7 @@ rec { src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; rev = "8425ce312cfadcc49c157bada79cac04c3ad5229"; - sha256 = "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c"; + sha256 = "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3"; }; procMacro = true; libName = "stackable_versioned_macros"; @@ -9989,7 +9989,7 @@ rec { src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; rev = "8425ce312cfadcc49c157bada79cac04c3ad5229"; - sha256 = "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c"; + sha256 = "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3"; }; libName = "stackable_webhook"; authors = [ diff --git a/crate-hashes.json b/crate-hashes.json index 6839c8b..2bebff2 100644 --- a/crate-hashes.json +++ b/crate-hashes.json @@ -4,14 +4,14 @@ "git+https://github.com/kube-rs/kube-rs?rev=fe69cc486ff8e62a7da61d64ec3ebbd9e64c43b5#kube-derive@3.0.1": "1irm4g79crlxjm3iqrgvx0f6wxdcj394ky84q89pk9i36y2mlw3n", "git+https://github.com/kube-rs/kube-rs?rev=fe69cc486ff8e62a7da61d64ec3ebbd9e64c43b5#kube-runtime@3.0.1": "1irm4g79crlxjm3iqrgvx0f6wxdcj394ky84q89pk9i36y2mlw3n", "git+https://github.com/kube-rs/kube-rs?rev=fe69cc486ff8e62a7da61d64ec3ebbd9e64c43b5#kube@3.0.1": "1irm4g79crlxjm3iqrgvx0f6wxdcj394ky84q89pk9i36y2mlw3n", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#k8s-version@0.1.3": "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#stackable-certs@0.4.0": "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#stackable-operator-derive@0.3.1": "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#stackable-operator@0.107.1": "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#stackable-shared@0.1.0": "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#stackable-telemetry@0.6.2": "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#stackable-versioned-macros@0.8.3": "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#stackable-versioned@0.8.3": "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#stackable-webhook@0.9.0": "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#k8s-version@0.1.3": "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#stackable-certs@0.4.0": "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#stackable-operator-derive@0.3.1": "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#stackable-operator@0.107.1": "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#stackable-shared@0.1.0": "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#stackable-telemetry@0.6.2": "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#stackable-versioned-macros@0.8.3": "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#stackable-versioned@0.8.3": "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#stackable-webhook@0.9.0": "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3", "git+https://github.com/stackabletech/product-config.git?tag=0.8.0#product-config@0.8.0": "1dz70kapm2wdqcr7ndyjji0lhsl98bsq95gnb2lw487wf6yr7987" } \ No newline at end of file diff --git a/rust/operator-binary/src/restart_controller/statefulset.rs b/rust/operator-binary/src/restart_controller/statefulset.rs index 2cbdd92..149a975 100644 --- a/rust/operator-binary/src/restart_controller/statefulset.rs +++ b/rust/operator-binary/src/restart_controller/statefulset.rs @@ -278,7 +278,13 @@ pub async fn get_updated_restarter_annotations( format!( "{}/{}", cm.metadata.uid.as_ref()?, - cm.metadata.resource_version.as_ref()? + if cm.annotations().get("restarter.stackable.tech/ignore") + == Some(&"true".to_owned()) + { + "any" + } else { + cm.metadata.resource_version.as_ref()? + } ), )) })); @@ -308,16 +314,22 @@ pub async fn get_updated_restarter_annotations( annotations.extend( secret_refs .flat_map(|secret_ref| secrets.get(&secret_ref)) - .flat_map(|cm| { + .flat_map(|secret| { Some(( format!( "secret.restarter.stackable.tech/{}", - cm.metadata.name.as_ref()? + secret.metadata.name.as_ref()? ), format!( "{}/{}", - cm.metadata.uid.as_ref()?, - cm.metadata.resource_version.as_ref()? + secret.metadata.uid.as_ref()?, + if secret.annotations().get("restarter.stackable.tech/ignore") + == Some(&"true".to_owned()) + { + "any" + } else { + secret.metadata.resource_version.as_ref()? + } ), )) }), From dc5a83e00e83bfd1eabfb47d141e02180a81822c Mon Sep 17 00:00:00 2001 From: Siegfried Weber Date: Wed, 1 Apr 2026 11:15:15 +0200 Subject: [PATCH 02/16] test(restarter): Test annotation restarter.stackable.tech/ignore --- .../templates/kuttl/restarter/10-assert.yaml | 4 +- .../restarter/10-create-test-resources.yaml | 93 +++++++++++++++++++ tests/templates/kuttl/restarter/10-sleep.yaml | 44 --------- .../templates/kuttl/restarter/20-assert.yaml | 14 ++- .../kuttl/restarter/20-hot-reload.yaml | 14 +++ .../kuttl/restarter/20-update-cm.yaml | 7 -- .../templates/kuttl/restarter/21-assert.yaml | 16 ++++ .../kuttl/restarter/21-trigger-restart.yaml | 14 +++ .../templates/kuttl/restarter/test-script.sh | 25 +++++ 9 files changed, 177 insertions(+), 54 deletions(-) create mode 100644 tests/templates/kuttl/restarter/10-create-test-resources.yaml delete mode 100644 tests/templates/kuttl/restarter/10-sleep.yaml create mode 100644 tests/templates/kuttl/restarter/20-hot-reload.yaml delete mode 100644 tests/templates/kuttl/restarter/20-update-cm.yaml create mode 100644 tests/templates/kuttl/restarter/21-assert.yaml create mode 100644 tests/templates/kuttl/restarter/21-trigger-restart.yaml create mode 100644 tests/templates/kuttl/restarter/test-script.sh diff --git a/tests/templates/kuttl/restarter/10-assert.yaml b/tests/templates/kuttl/restarter/10-assert.yaml index 8926a3d..dbf238f 100644 --- a/tests/templates/kuttl/restarter/10-assert.yaml +++ b/tests/templates/kuttl/restarter/10-assert.yaml @@ -1,12 +1,12 @@ --- apiVersion: kuttl.dev/v1beta1 kind: TestAssert -timeout: 30 +timeout: 120 --- apiVersion: apps/v1 kind: StatefulSet metadata: - name: sleep + name: test status: readyReplicas: 1 replicas: 1 diff --git a/tests/templates/kuttl/restarter/10-create-test-resources.yaml b/tests/templates/kuttl/restarter/10-create-test-resources.yaml new file mode 100644 index 0000000..87eef0b --- /dev/null +++ b/tests/templates/kuttl/restarter/10-create-test-resources.yaml @@ -0,0 +1,93 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: configmap-not-ignored +data: + revision: "1" +--- +apiVersion: v1 +kind: Secret +metadata: + name: secret-not-ignored +stringData: + revision: "1" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: configmap-ignored + annotations: + restarter.stackable.tech/ignore: "true" +data: + revision: "1" +--- +apiVersion: v1 +kind: Secret +metadata: + name: secret-ignored + annotations: + restarter.stackable.tech/ignore: "true" +stringData: + revision: "1" +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: test + labels: + restarter.stackable.tech/enabled: "true" +spec: + selector: + matchLabels: + app: test + serviceName: test + replicas: 1 + template: + metadata: + labels: + app: test + spec: + serviceAccount: integration-tests-sa + volumes: + - name: configmap-not-ignored + configMap: + name: configmap-not-ignored + - name: secret-not-ignored + secret: + secretName: secret-not-ignored + - name: configmap-ignored + configMap: + name: configmap-ignored + - name: secret-ignored + secret: + secretName: secret-ignored + containers: + - name: test + image: alpine + command: + - sleep + args: + - infinity + volumeMounts: + - mountPath: /config/configmap-not-ignored-subpath/revision + name: configmap-not-ignored + # Use a subPath, so that changes are only visible after a restart. + subPath: revision + - mountPath: /config/secret-not-ignored-subpath/revision + name: secret-not-ignored + # Use a subPath, so that changes are only visible after a restart. + subPath: revision + - mountPath: /config/configmap-ignored + name: configmap-ignored + - mountPath: /config/secret-ignored + name: secret-ignored + - mountPath: /config/configmap-ignored-subpath/revision + name: configmap-ignored + # Use a subPath, so that changes are only visible after a restart. + subPath: revision + - mountPath: /config/secret-ignored-subpath/revision + name: secret-ignored + # Use a subPath, so that changes are only visible after a restart. + subPath: revision + terminationGracePeriodSeconds: 5 diff --git a/tests/templates/kuttl/restarter/10-sleep.yaml b/tests/templates/kuttl/restarter/10-sleep.yaml deleted file mode 100644 index 4d592f6..0000000 --- a/tests/templates/kuttl/restarter/10-sleep.yaml +++ /dev/null @@ -1,44 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: sleep -data: - property: value ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: sleep - labels: - restarter.stackable.tech/enabled: "true" -spec: - selector: - matchLabels: - app: sleep - serviceName: "sleep" - replicas: 1 - template: - metadata: - labels: - app: sleep - spec: - serviceAccount: integration-tests-sa - volumes: - - name: config - configMap: - name: sleep - items: - - key: property - path: property - containers: - - name: sleep - image: alpine - command: - - sleep - args: - - infinity - volumeMounts: - - name: config - mountPath: /config - terminationGracePeriodSeconds: 5 diff --git a/tests/templates/kuttl/restarter/20-assert.yaml b/tests/templates/kuttl/restarter/20-assert.yaml index 5235897..c0b55ec 100644 --- a/tests/templates/kuttl/restarter/20-assert.yaml +++ b/tests/templates/kuttl/restarter/20-assert.yaml @@ -3,4 +3,16 @@ apiVersion: kuttl.dev/v1beta1 kind: TestAssert timeout: 180 commands: - - script: test "restarted" = $(kubectl exec sleep-0 -c sleep -n $NAMESPACE -- cat /config/property) + - script: | + . ../../../../templates/kuttl/restarter/test-script.sh + + # Resources mounted via subPath are not hot-reloaded by Kubernetes. + # It is expected, that the restart controller ignored the annotated resources and that only + # the resources not mounted via subPath were updated. + + assert_revision 1 configmap-not-ignored-subpath + assert_revision 1 secret-not-ignored-subpath + assert_revision 1 configmap-ignored-subpath + assert_revision 1 secret-ignored-subpath + assert_revision 2 configmap-ignored + assert_revision 2 secret-ignored diff --git a/tests/templates/kuttl/restarter/20-hot-reload.yaml b/tests/templates/kuttl/restarter/20-hot-reload.yaml new file mode 100644 index 0000000..557501c --- /dev/null +++ b/tests/templates/kuttl/restarter/20-hot-reload.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: configmap-ignored +data: + revision: "2" +--- +apiVersion: v1 +kind: Secret +metadata: + name: secret-ignored +stringData: + revision: "2" diff --git a/tests/templates/kuttl/restarter/20-update-cm.yaml b/tests/templates/kuttl/restarter/20-update-cm.yaml deleted file mode 100644 index 0ac0446..0000000 --- a/tests/templates/kuttl/restarter/20-update-cm.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: sleep -data: - property: restarted diff --git a/tests/templates/kuttl/restarter/21-assert.yaml b/tests/templates/kuttl/restarter/21-assert.yaml new file mode 100644 index 0000000..c5bed07 --- /dev/null +++ b/tests/templates/kuttl/restarter/21-assert.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +timeout: 180 +commands: + - script: | + . ../../../../templates/kuttl/restarter/test-script.sh + + # After a restart, all resources should have been updated. + + assert_revision 2 configmap-not-ignored-subpath + assert_revision 2 secret-not-ignored-subpath + assert_revision 2 configmap-ignored-subpath + assert_revision 2 secret-ignored-subpath + assert_revision 2 configmap-ignored + assert_revision 2 secret-ignored diff --git a/tests/templates/kuttl/restarter/21-trigger-restart.yaml b/tests/templates/kuttl/restarter/21-trigger-restart.yaml new file mode 100644 index 0000000..08650bf --- /dev/null +++ b/tests/templates/kuttl/restarter/21-trigger-restart.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: configmap-not-ignored +data: + revision: "2" +--- +apiVersion: v1 +kind: Secret +metadata: + name: secret-not-ignored +stringData: + revision: "2" diff --git a/tests/templates/kuttl/restarter/test-script.sh b/tests/templates/kuttl/restarter/test-script.sh new file mode 100644 index 0000000..b2e69dc --- /dev/null +++ b/tests/templates/kuttl/restarter/test-script.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env sh + +get_revision () { + resource="$1" + + kubectl exec test-0 \ + --namespace "$NAMESPACE" \ + --container test -- \ + cat "/config/$resource/revision" +} + +assert_revision () { + expected_value="$1" + resource="$2" + + actual_value="$(get_revision "$resource")" + if test "$expected_value" = "$actual_value" + then + echo "[PASS] $resource contains expected value" + else + echo "[FAIL] $resource does not contain expected value: " \ + "expected: $expected_value != actual: $actual_value" + exit 1 + fi +} From 87a00e0055d3e750f9b4316ab280c89d1acdd1b9 Mon Sep 17 00:00:00 2001 From: Siegfried Weber Date: Wed, 1 Apr 2026 11:20:18 +0200 Subject: [PATCH 03/16] chore: Update changelog --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4f5aee6..07502eb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,13 @@ All notable changes to this project will be documented in this file. ## [Unreleased] +### Added + +- Support the `restarter.stackable.tech/ignore` annotation on ConfigMaps and Secrets to exclude + them from the restarter controller ([#410]). + +[#410]: https://github.com/stackabletech/commons-operator/pull/410 + ## [26.3.0] - 2026-03-16 ## [26.3.0-rc1] - 2026-03-16 From 4ec9e812844fc4b59910f0a39d1f46e83fb1dee1 Mon Sep 17 00:00:00 2001 From: Siegfried Weber Date: Wed, 1 Apr 2026 11:37:52 +0200 Subject: [PATCH 04/16] docs: Document the annotation "restarter.stackable.tech/ignore" --- .../commons-operator/pages/restarter.adoc | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/docs/modules/commons-operator/pages/restarter.adoc b/docs/modules/commons-operator/pages/restarter.adoc index e2e2c8b..69d4c36 100644 --- a/docs/modules/commons-operator/pages/restarter.adoc +++ b/docs/modules/commons-operator/pages/restarter.adoc @@ -30,3 +30,45 @@ Label:: `restarter.stackable.tech/enabled` The operator can restart StatefulSets when any referenced configuration object (ConfigMap or Secret) changes. To enable this, set the `restarter.stackable.tech/enabled` label on the StatefulSet to `true`. + +Annotation:: `restarter.stackable.tech/ignore` + +If a resource is only used for initialization or is hot-reloaded and should not trigger a restart, add the annotation `restarter.stackable.tech/ignore: "true"` to the corresponding ConfigMap or Secret: + +[source,yaml] +---- +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: statefulset-with-enabled-restarter + labels: + restarter.stackable.tech/enabled: "true" +spec: + template: + spec: + volumes: + - name: hot-reloaded-configmap + configMap: + name: hot-reloaded-configmap + - name: hot-reloaded-secret + secret: + secretName: hot-reloaded-secret +... +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: hot-reloaded-configmap + annotations: + restarter.stackable.tech/ignore: "true" +... +--- +apiVersion: v1 +kind: Secret +metadata: + name: hot-reloaded-secret + annotations: + restarter.stackable.tech/ignore: "true" +... +---- From 7d3005fd745ae1456f79082b05f7069cfd018b1f Mon Sep 17 00:00:00 2001 From: Siegfried Weber Date: Thu, 2 Apr 2026 13:42:14 +0200 Subject: [PATCH 05/16] chore: Upgrade to Rust edition 2024 --- Cargo.nix | 2 +- Cargo.toml | 2 +- .../src/restart_controller/pod.rs | 23 ++++++++----------- 3 files changed, 12 insertions(+), 15 deletions(-) diff --git a/Cargo.nix b/Cargo.nix index 46246bf..19fb680 100644 --- a/Cargo.nix +++ b/Cargo.nix @@ -9391,7 +9391,7 @@ rec { "stackable-commons-operator" = rec { crateName = "stackable-commons-operator"; version = "0.0.0-dev"; - edition = "2021"; + edition = "2024"; crateBin = [ { name = "stackable-commons-operator"; diff --git a/Cargo.toml b/Cargo.toml index 76451a1..f205682 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -6,7 +6,7 @@ resolver = "2" version = "0.0.0-dev" authors = ["Stackable GmbH "] license = "OSL-3.0" -edition = "2021" +edition = "2024" repository = "https://github.com/stackabletech/commons-operator" [workspace.dependencies] diff --git a/rust/operator-binary/src/restart_controller/pod.rs b/rust/operator-binary/src/restart_controller/pod.rs index 0fffaa7..7a7e2e1 100644 --- a/rust/operator-binary/src/restart_controller/pod.rs +++ b/rust/operator-binary/src/restart_controller/pod.rs @@ -220,23 +220,20 @@ async fn report_result( const EVICT_ERROR_MESSAGE: &str = "Cannot evict pod as it would violate the pod's disruption budget."; - // TODO: We need Rust 1.88 and 2024 edition for if-let-chains - if let kube::Error::Api(s) = evict_pod_error { - if let Status { + if let kube::Error::Api(s) = evict_pod_error + && let Status { code: TOO_MANY_REQUESTS_HTTP_CODE, message: error_message, .. } = s.deref() - { - if error_message == EVICT_ERROR_MESSAGE { - tracing::info!( - k8s.object.ref = %pod_ref, - error = %evict_pod_error, - "Tried to evict Pod, but wasn't allowed to do so, as it would violate the Pod's disruption budget. Retrying later" - ); - return; - } - } + && error_message == EVICT_ERROR_MESSAGE + { + tracing::info!( + k8s.object.ref = %pod_ref, + error = %evict_pod_error, + "Tried to evict Pod, but wasn't allowed to do so, as it would violate the Pod's disruption budget. Retrying later" + ); + return; } } From faf1a7319a6542645fb5af81f453d406491edb7e Mon Sep 17 00:00:00 2001 From: Siegfried Weber Date: Thu, 2 Apr 2026 14:42:27 +0200 Subject: [PATCH 06/16] feat: Support ignore annotations on StatefulSets --- CHANGELOG.md | 6 +- .../src/restart_controller/statefulset.rs | 122 +++++++++++------- .../restarter/10-create-test-resources.yaml | 62 +++++++-- .../templates/kuttl/restarter/20-assert.yaml | 12 +- .../kuttl/restarter/20-hot-reload.yaml | 18 ++- .../templates/kuttl/restarter/21-assert.yaml | 12 +- 6 files changed, 159 insertions(+), 73 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 07502eb..0c3e93f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,8 +6,10 @@ All notable changes to this project will be documented in this file. ### Added -- Support the `restarter.stackable.tech/ignore` annotation on ConfigMaps and Secrets to exclude - them from the restarter controller ([#410]). +- Support the annotation `restarter.stackable.tech/ignore` on ConfigMaps and Secrets and the + annotations `restarter.stackable.tech/ignore-configmap.x` and + `restarter.stackable.tech/ignore-secret.x` on StatefulSets to exclude ConfigMaps and Secrets from + the restarter controller ([#410]). [#410]: https://github.com/stackabletech/commons-operator/pull/410 diff --git a/rust/operator-binary/src/restart_controller/statefulset.rs b/rust/operator-binary/src/restart_controller/statefulset.rs index 149a975..b99d9b4 100644 --- a/rust/operator-binary/src/restart_controller/statefulset.rs +++ b/rust/operator-binary/src/restart_controller/statefulset.rs @@ -1,4 +1,9 @@ -use std::{collections::BTreeMap, future::Future, sync::Arc, time::Duration}; +use std::{ + collections::{BTreeMap, BTreeSet}, + future::Future, + sync::Arc, + time::Duration, +}; use futures::{Stream, StreamExt, TryStream, stream}; use serde_json::json; @@ -128,13 +133,16 @@ pub async fn start( trigger_all( { let cm_reader = cm_store.as_reader(); - reflector(cm_store, metadata_watcher(cms, watcher::Config::default())) - .inspect(move |_| { - if let Some(tx) = cm_store_tx.take() { - tx.init(cm_reader.clone()); - } - }) - .touched_objects() + reflector( + cm_store, + metadata_watcher(cms, watcher::Config::default().labels("restarter.stackable.tech/ignore != true")) + ) + .inspect(move |_| { + if let Some(tx) = cm_store_tx.take() { + tx.init(cm_reader.clone()); + } + }) + .touched_objects() }, sts_store.as_reader(), ), @@ -143,7 +151,7 @@ pub async fn start( let secret_reader = secret_store.as_reader(); reflector( secret_store, - metadata_watcher(secrets, watcher::Config::default()), + metadata_watcher(secrets, watcher::Config::default().labels("restarter.stackable.tech/ignore != true")), ) .inspect(move |_| { if let Some(tx) = secret_store_tx.take() { @@ -235,6 +243,32 @@ pub async fn get_updated_restarter_annotations( let ns = sts.metadata.namespace.as_deref().expect( "A StatefulSet observed by a reflector (so send by Kubernetes) always has a namespace set", ); + + let ignored_config_maps = sts + .metadata + .annotations + .iter() + .flatten() + .filter(|annotation| { + annotation + .0 + .starts_with("restarter.stackable.tech/ignore-configmap.") + }) + .map(|x| x.1) + .collect::>(); + let ignored_secrets = sts + .metadata + .annotations + .iter() + .flatten() + .filter(|annotation| { + annotation + .0 + .starts_with("restarter.stackable.tech/ignore-secret.") + }) + .map(|x| x.1) + .collect::>(); + let mut annotations = BTreeMap::::new(); let pod_specs = sts .spec @@ -269,25 +303,24 @@ pub async fn get_updated_restarter_annotations( }) .map(|cm_ref| cm_ref.within(ns)); let cms = ctx.cms.get().await.context(ConfigMapsUninitializedSnafu)?; - annotations.extend(cm_refs.flat_map(|cm_ref| cms.get(&cm_ref)).flat_map(|cm| { - Some(( - format!( - "configmap.restarter.stackable.tech/{}", - cm.metadata.name.as_ref()? - ), - format!( - "{}/{}", - cm.metadata.uid.as_ref()?, - if cm.annotations().get("restarter.stackable.tech/ignore") - == Some(&"true".to_owned()) - { - "any" - } else { - cm.metadata.resource_version.as_ref()? - } - ), - )) - })); + annotations.extend( + cm_refs + .map(|cm_ref| (cm_ref.name.clone(), cms.get(&cm_ref))) + .map(|(cm_name, cm)| { + ( + format!("configmap.restarter.stackable.tech/{cm_name}",), + if let Some(cm) = cm + && let Some(uid) = &cm.metadata.uid + && let Some(resource_version) = &cm.metadata.resource_version + && !ignored_config_maps.contains(&cm_name) + { + format!("{uid}/{resource_version}",) + } else { + "changes-ignored".to_owned() + }, + ) + }), + ); let secret_refs = pod_specs .flat_map(|pod_spec| { find_pod_refs( @@ -313,25 +346,20 @@ pub async fn get_updated_restarter_annotations( let secrets = ctx.secrets.get().await.context(SecretsUninitializedSnafu)?; annotations.extend( secret_refs - .flat_map(|secret_ref| secrets.get(&secret_ref)) - .flat_map(|secret| { - Some(( - format!( - "secret.restarter.stackable.tech/{}", - secret.metadata.name.as_ref()? - ), - format!( - "{}/{}", - secret.metadata.uid.as_ref()?, - if secret.annotations().get("restarter.stackable.tech/ignore") - == Some(&"true".to_owned()) - { - "any" - } else { - secret.metadata.resource_version.as_ref()? - } - ), - )) + .map(|secret_ref| (secret_ref.name.clone(), secrets.get(&secret_ref))) + .map(|(secret_name, secret)| { + ( + format!("secret.restarter.stackable.tech/{secret_name}",), + if let Some(secret) = secret + && let Some(uid) = &secret.metadata.uid + && let Some(resource_version) = &secret.metadata.resource_version + && !ignored_secrets.contains(&secret_name) + { + format!("{uid}/{resource_version}",) + } else { + "changes-ignored".to_owned() + }, + ) }), ); Ok(annotations) diff --git a/tests/templates/kuttl/restarter/10-create-test-resources.yaml b/tests/templates/kuttl/restarter/10-create-test-resources.yaml index 87eef0b..0bc86fc 100644 --- a/tests/templates/kuttl/restarter/10-create-test-resources.yaml +++ b/tests/templates/kuttl/restarter/10-create-test-resources.yaml @@ -16,7 +16,7 @@ stringData: apiVersion: v1 kind: ConfigMap metadata: - name: configmap-ignored + name: configmap-self-ignored annotations: restarter.stackable.tech/ignore: "true" data: @@ -25,18 +25,34 @@ data: apiVersion: v1 kind: Secret metadata: - name: secret-ignored + name: secret-self-ignored annotations: restarter.stackable.tech/ignore: "true" stringData: revision: "1" --- +apiVersion: v1 +kind: ConfigMap +metadata: + name: configmap-ignored-in-statefulset +data: + revision: "1" +--- +apiVersion: v1 +kind: Secret +metadata: + name: secret-ignored-in-statefulset +stringData: + revision: "1" +--- apiVersion: apps/v1 kind: StatefulSet metadata: name: test labels: restarter.stackable.tech/enabled: "true" + restarter.stackable.tech/ignore-configmap.0: configmap-ignored-in-statefulset + restarter.stackable.tech/ignore-secret.0: secret-ignored-in-statefulset spec: selector: matchLabels: @@ -56,12 +72,18 @@ spec: - name: secret-not-ignored secret: secretName: secret-not-ignored - - name: configmap-ignored + - name: configmap-self-ignored + configMap: + name: configmap-self-ignored + - name: secret-self-ignored + secret: + secretName: secret-self-ignored + - name: configmap-ignored-in-statefulset configMap: - name: configmap-ignored - - name: secret-ignored + name: configmap-ignored-in-statefulset + - name: secret-ignored-in-statefulset secret: - secretName: secret-ignored + secretName: secret-ignored-in-statefulset containers: - name: test image: alpine @@ -78,16 +100,28 @@ spec: name: secret-not-ignored # Use a subPath, so that changes are only visible after a restart. subPath: revision - - mountPath: /config/configmap-ignored - name: configmap-ignored - - mountPath: /config/secret-ignored - name: secret-ignored - - mountPath: /config/configmap-ignored-subpath/revision - name: configmap-ignored + - mountPath: /config/configmap-self-ignored + name: configmap-self-ignored + - mountPath: /config/secret-self-ignored + name: secret-self-ignored + - mountPath: /config/configmap-self-ignored-subpath/revision + name: configmap-self-ignored + # Use a subPath, so that changes are only visible after a restart. + subPath: revision + - mountPath: /config/secret-self-ignored-subpath/revision + name: secret-self-ignored + # Use a subPath, so that changes are only visible after a restart. + subPath: revision + - mountPath: /config/configmap-ignored-in-statefulset + name: configmap-ignored-in-statefulset + - mountPath: /config/secret-ignored-in-statefulset + name: secret-ignored-in-statefulset + - mountPath: /config/configmap-ignored-in-statefulset-subpath/revision + name: configmap-ignored-in-statefulset # Use a subPath, so that changes are only visible after a restart. subPath: revision - - mountPath: /config/secret-ignored-subpath/revision - name: secret-ignored + - mountPath: /config/secret-ignored-in-statefulset-subpath/revision + name: secret-ignored-in-statefulset # Use a subPath, so that changes are only visible after a restart. subPath: revision terminationGracePeriodSeconds: 5 diff --git a/tests/templates/kuttl/restarter/20-assert.yaml b/tests/templates/kuttl/restarter/20-assert.yaml index c0b55ec..42f197f 100644 --- a/tests/templates/kuttl/restarter/20-assert.yaml +++ b/tests/templates/kuttl/restarter/20-assert.yaml @@ -12,7 +12,11 @@ commands: assert_revision 1 configmap-not-ignored-subpath assert_revision 1 secret-not-ignored-subpath - assert_revision 1 configmap-ignored-subpath - assert_revision 1 secret-ignored-subpath - assert_revision 2 configmap-ignored - assert_revision 2 secret-ignored + assert_revision 1 configmap-self-ignored-subpath + assert_revision 1 secret-self-ignored-subpath + assert_revision 2 configmap-self-ignored + assert_revision 2 secret-self-ignored + assert_revision 1 configmap-ignored-in-statefulset-subpath + assert_revision 1 secret-ignored-in-statefulset-subpath + assert_revision 2 configmap-ignored-in-statefulset + assert_revision 2 secret-ignored-in-statefulset diff --git a/tests/templates/kuttl/restarter/20-hot-reload.yaml b/tests/templates/kuttl/restarter/20-hot-reload.yaml index 557501c..3ef493e 100644 --- a/tests/templates/kuttl/restarter/20-hot-reload.yaml +++ b/tests/templates/kuttl/restarter/20-hot-reload.yaml @@ -2,13 +2,27 @@ apiVersion: v1 kind: ConfigMap metadata: - name: configmap-ignored + name: configmap-self-ignored data: revision: "2" --- apiVersion: v1 kind: Secret metadata: - name: secret-ignored + name: secret-self-ignored +stringData: + revision: "2" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: configmap-ignored-in-statefulset +data: + revision: "2" +--- +apiVersion: v1 +kind: Secret +metadata: + name: secret-ignored-in-statefulset stringData: revision: "2" diff --git a/tests/templates/kuttl/restarter/21-assert.yaml b/tests/templates/kuttl/restarter/21-assert.yaml index c5bed07..974de6f 100644 --- a/tests/templates/kuttl/restarter/21-assert.yaml +++ b/tests/templates/kuttl/restarter/21-assert.yaml @@ -10,7 +10,11 @@ commands: assert_revision 2 configmap-not-ignored-subpath assert_revision 2 secret-not-ignored-subpath - assert_revision 2 configmap-ignored-subpath - assert_revision 2 secret-ignored-subpath - assert_revision 2 configmap-ignored - assert_revision 2 secret-ignored + assert_revision 2 configmap-self-ignored-subpath + assert_revision 2 secret-self-ignored-subpath + assert_revision 2 configmap-self-ignored + assert_revision 2 secret-self-ignored + assert_revision 2 configmap-ignored-in-statefulset-subpath + assert_revision 2 secret-ignored-in-statefulset-subpath + assert_revision 2 configmap-ignored-in-statefulset + assert_revision 2 secret-ignored-in-statefulset From 26e336b1f2836eaa36daed02be008745ba75c711 Mon Sep 17 00:00:00 2001 From: Siegfried Weber Date: Thu, 2 Apr 2026 15:12:37 +0200 Subject: [PATCH 07/16] docs: Document the annotations "restarter.stackable.tech/ignore-configmap.*" and "restarter.stackable.tech/ignore-secret.*" --- .../commons-operator/pages/restarter.adoc | 28 +++++++++++++++---- 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/docs/modules/commons-operator/pages/restarter.adoc b/docs/modules/commons-operator/pages/restarter.adoc index 69d4c36..9f951bc 100644 --- a/docs/modules/commons-operator/pages/restarter.adoc +++ b/docs/modules/commons-operator/pages/restarter.adoc @@ -31,9 +31,10 @@ Label:: `restarter.stackable.tech/enabled` The operator can restart StatefulSets when any referenced configuration object (ConfigMap or Secret) changes. To enable this, set the `restarter.stackable.tech/enabled` label on the StatefulSet to `true`. -Annotation:: `restarter.stackable.tech/ignore` +Annotation:: `restarter.stackable.tech/ignore-configmap.*` +Annotation:: `restarter.stackable.tech/ignore-secret.*` -If a resource is only used for initialization or is hot-reloaded and should not trigger a restart, add the annotation `restarter.stackable.tech/ignore: "true"` to the corresponding ConfigMap or Secret: +These annotations can be added if the restarter is enabled on a StatefulSet, but some ConfigMaps or Secrets should be excluded from triggering a restart. `*` can be replaced with any value and is only used to make the annotation key unique. [source,yaml] ---- @@ -44,23 +45,36 @@ metadata: name: statefulset-with-enabled-restarter labels: restarter.stackable.tech/enabled: "true" + annotations: + restarter.stackable.tech/ignore-configmap.0: hot-reloaded-configmap + restarter.stackable.tech/ignore-secret.0: hot-reloaded-secret spec: template: spec: volumes: - - name: hot-reloaded-configmap + - name: configuration configMap: name: hot-reloaded-configmap - - name: hot-reloaded-secret + - name: credentials secret: secretName: hot-reloaded-secret ... +---- + +== ConfigMap/Secret + +Label:: `restarter.stackable.tech/ignore` + +If a ConfigMap or Secret is only used for initializing a StatefulSet or contains data which can be hot-reloaded, add the label `restarter.stackable.tech/ignore: "true"` to avoid unnecessary restarts of the StatefulSet pods: + +[source,yaml] +---- --- apiVersion: v1 kind: ConfigMap metadata: name: hot-reloaded-configmap - annotations: + labels: restarter.stackable.tech/ignore: "true" ... --- @@ -68,7 +82,9 @@ apiVersion: v1 kind: Secret metadata: name: hot-reloaded-secret - annotations: + labels: restarter.stackable.tech/ignore: "true" ... ---- + +Unlike the StatefulSet annotations `restarter.stackable.tech/ignore-configmap.\*` and `restarter.stackable.tech/ignore-secret.*`, this label affects every StatefulSet that references the labeled ConfigMaps or Secrets. From 643205847dbd56605b26abb5446a00ccecc47454 Mon Sep 17 00:00:00 2001 From: Siegfried Weber Date: Thu, 2 Apr 2026 15:59:33 +0200 Subject: [PATCH 08/16] chore: Restructure code --- .../src/restart_controller/statefulset.rs | 66 +++++++++++-------- 1 file changed, 38 insertions(+), 28 deletions(-) diff --git a/rust/operator-binary/src/restart_controller/statefulset.rs b/rust/operator-binary/src/restart_controller/statefulset.rs index b99d9b4..5d9d5a7 100644 --- a/rust/operator-binary/src/restart_controller/statefulset.rs +++ b/rust/operator-binary/src/restart_controller/statefulset.rs @@ -135,7 +135,11 @@ pub async fn start( let cm_reader = cm_store.as_reader(); reflector( cm_store, - metadata_watcher(cms, watcher::Config::default().labels("restarter.stackable.tech/ignore != true")) + metadata_watcher( + cms, + watcher::Config::default() + .labels("restarter.stackable.tech/ignore != true"), + ), ) .inspect(move |_| { if let Some(tx) = cm_store_tx.take() { @@ -151,7 +155,11 @@ pub async fn start( let secret_reader = secret_store.as_reader(); reflector( secret_store, - metadata_watcher(secrets, watcher::Config::default().labels("restarter.stackable.tech/ignore != true")), + metadata_watcher( + secrets, + watcher::Config::default() + .labels("restarter.stackable.tech/ignore != true"), + ), ) .inspect(move |_| { if let Some(tx) = secret_store_tx.take() { @@ -244,36 +252,12 @@ pub async fn get_updated_restarter_annotations( "A StatefulSet observed by a reflector (so send by Kubernetes) always has a namespace set", ); - let ignored_config_maps = sts - .metadata - .annotations - .iter() - .flatten() - .filter(|annotation| { - annotation - .0 - .starts_with("restarter.stackable.tech/ignore-configmap.") - }) - .map(|x| x.1) - .collect::>(); - let ignored_secrets = sts - .metadata - .annotations - .iter() - .flatten() - .filter(|annotation| { - annotation - .0 - .starts_with("restarter.stackable.tech/ignore-secret.") - }) - .map(|x| x.1) - .collect::>(); - let mut annotations = BTreeMap::::new(); let pod_specs = sts .spec .iter() .flat_map(|sts_spec| sts_spec.template.spec.as_ref()); + let cm_refs = pod_specs .clone() .flat_map(|pod_spec| { @@ -303,6 +287,18 @@ pub async fn get_updated_restarter_annotations( }) .map(|cm_ref| cm_ref.within(ns)); let cms = ctx.cms.get().await.context(ConfigMapsUninitializedSnafu)?; + let ignored_cms = sts + .metadata + .annotations + .iter() + .flatten() + .filter(|annotation| { + annotation + .0 + .starts_with("restarter.stackable.tech/ignore-configmap.") + }) + .map(|x| x.1) + .collect::>(); annotations.extend( cm_refs .map(|cm_ref| (cm_ref.name.clone(), cms.get(&cm_ref))) @@ -312,7 +308,7 @@ pub async fn get_updated_restarter_annotations( if let Some(cm) = cm && let Some(uid) = &cm.metadata.uid && let Some(resource_version) = &cm.metadata.resource_version - && !ignored_config_maps.contains(&cm_name) + && !ignored_cms.contains(&cm_name) { format!("{uid}/{resource_version}",) } else { @@ -321,6 +317,7 @@ pub async fn get_updated_restarter_annotations( ) }), ); + let secret_refs = pod_specs .flat_map(|pod_spec| { find_pod_refs( @@ -344,6 +341,18 @@ pub async fn get_updated_restarter_annotations( }) .map(|secret_ref| secret_ref.within(ns)); let secrets = ctx.secrets.get().await.context(SecretsUninitializedSnafu)?; + let ignored_secrets = sts + .metadata + .annotations + .iter() + .flatten() + .filter(|annotation| { + annotation + .0 + .starts_with("restarter.stackable.tech/ignore-secret.") + }) + .map(|x| x.1) + .collect::>(); annotations.extend( secret_refs .map(|secret_ref| (secret_ref.name.clone(), secrets.get(&secret_ref))) @@ -362,6 +371,7 @@ pub async fn get_updated_restarter_annotations( ) }), ); + Ok(annotations) } From c1a490682ba99085b91f40a1030032681daef69f Mon Sep 17 00:00:00 2001 From: Siegfried Weber Date: Thu, 2 Apr 2026 16:05:07 +0200 Subject: [PATCH 09/16] chore: Fix cargo-deny warning --- Cargo.lock | 4 ++-- Cargo.nix | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 038e8ea..37b5cbb 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2428,9 +2428,9 @@ dependencies = [ [[package]] name = "rustls-webpki" -version = "0.103.9" +version = "0.103.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7df23109aa6c1567d1c575b9952556388da57401e4ace1d15f79eedad0d8f53" +checksum = "df33b2b81ac578cabaf06b89b0631153a3f416b0a886e8a7a1707fb51abbd1ef" dependencies = [ "ring", "rustls-pki-types", diff --git a/Cargo.nix b/Cargo.nix index 19fb680..c1f0ce5 100644 --- a/Cargo.nix +++ b/Cargo.nix @@ -8178,9 +8178,9 @@ rec { }; "rustls-webpki" = rec { crateName = "rustls-webpki"; - version = "0.103.9"; + version = "0.103.10"; edition = "2021"; - sha256 = "0lwg1nnyv7pp2lfwwjhy81bxm233am99jnsp3iymdhd6k8827pyp"; + sha256 = "1vyipcdbazvhl6kyi1m8n0bg98sk25iv12bby2xcly653awb4cyz"; libName = "webpki"; dependencies = [ { From 148d2eefb6ae60c184e16f581ea6bb81ebcffea1 Mon Sep 17 00:00:00 2001 From: Siegfried Weber Date: Mon, 13 Apr 2026 09:17:08 +0200 Subject: [PATCH 10/16] Update docs/modules/commons-operator/pages/restarter.adoc Co-authored-by: Sebastian Bernauer --- docs/modules/commons-operator/pages/restarter.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/modules/commons-operator/pages/restarter.adoc b/docs/modules/commons-operator/pages/restarter.adoc index 9f951bc..7f5f887 100644 --- a/docs/modules/commons-operator/pages/restarter.adoc +++ b/docs/modules/commons-operator/pages/restarter.adoc @@ -65,7 +65,7 @@ spec: Label:: `restarter.stackable.tech/ignore` -If a ConfigMap or Secret is only used for initializing a StatefulSet or contains data which can be hot-reloaded, add the label `restarter.stackable.tech/ignore: "true"` to avoid unnecessary restarts of the StatefulSet pods: +If a ConfigMap or Secret is only used for initializing a StatefulSet or contains data which can be hot-reloaded, add the label `restarter.stackable.tech/ignore: "true"` to avoid unnecessary restarts of the StatefulSet Pods: [source,yaml] ---- From 2c49aa6d202ed77591b5d8fc0b35dbef5df7b15b Mon Sep 17 00:00:00 2001 From: Siegfried Weber Date: Mon, 13 Apr 2026 09:24:25 +0200 Subject: [PATCH 11/16] chore: Fix changelog --- CHANGELOG.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0c3e93f..27141c4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,10 +6,9 @@ All notable changes to this project will be documented in this file. ### Added -- Support the annotation `restarter.stackable.tech/ignore` on ConfigMaps and Secrets and the - annotations `restarter.stackable.tech/ignore-configmap.x` and - `restarter.stackable.tech/ignore-secret.x` on StatefulSets to exclude ConfigMaps and Secrets from - the restarter controller ([#410]). +- Support the label `restarter.stackable.tech/ignore` on ConfigMaps and Secrets and the annotations + `restarter.stackable.tech/ignore-configmap.x` and `restarter.stackable.tech/ignore-secret.x` on + StatefulSets to exclude ConfigMaps and Secrets from the restarter controller ([#410]). [#410]: https://github.com/stackabletech/commons-operator/pull/410 From 77c9416022c90eaf9df3440ff64d00ba59fa3820 Mon Sep 17 00:00:00 2001 From: Siegfried Weber Date: Mon, 13 Apr 2026 10:24:34 +0200 Subject: [PATCH 12/16] Update rust/operator-binary/src/restart_controller/statefulset.rs Co-authored-by: Sebastian Bernauer --- .../operator-binary/src/restart_controller/statefulset.rs | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/rust/operator-binary/src/restart_controller/statefulset.rs b/rust/operator-binary/src/restart_controller/statefulset.rs index 5d9d5a7..c276976 100644 --- a/rust/operator-binary/src/restart_controller/statefulset.rs +++ b/rust/operator-binary/src/restart_controller/statefulset.rs @@ -292,12 +292,10 @@ pub async fn get_updated_restarter_annotations( .annotations .iter() .flatten() - .filter(|annotation| { - annotation - .0 - .starts_with("restarter.stackable.tech/ignore-configmap.") + .filter_map(|(key, value)| { + key.starts_with("restarter.stackable.tech/ignore-configmap.") + .then_some(value) }) - .map(|x| x.1) .collect::>(); annotations.extend( cm_refs From 74b5ac7ffbdf70f11f212147c805754b1bd1d286 Mon Sep 17 00:00:00 2001 From: Siegfried Weber Date: Wed, 15 Apr 2026 13:45:57 +0200 Subject: [PATCH 13/16] chore: Ignore RUSTSEC-2026-0097 in deny.toml --- deny.toml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/deny.toml b/deny.toml index 8ec7e45..9a84a26 100644 --- a/deny.toml +++ b/deny.toml @@ -38,6 +38,16 @@ ignore = [ # # This can only be removed again if we decide to use a different crate. "RUSTSEC-2024-0436", + + # https://rustsec.org/advisories/RUSTSEC-2026-0097 + # rand 0.8.5 is unsound when log+thread_rng features are enabled and a custom logger calls rand::rng(). + # + # This version is pulled in transitively via num-bigint-dig -> rsa -> stackable-certs and cannot be + # updated until the upstream rsa crate bumps its rand dependency. + # + # This should be fixed in rsa v0.10. + # Release tracking issue: https://github.com/RustCrypto/RSA/issues/647 + "RUSTSEC-2026-0097", ] [bans] From dcdad6fb1822cc8a9556336cc933db838de6545d Mon Sep 17 00:00:00 2001 From: Siegfried Weber Date: Wed, 15 Apr 2026 14:08:32 +0200 Subject: [PATCH 14/16] chore: Upgrade stackable-operator to version 0.110.0 --- Cargo.lock | 101 ++++++++++------ Cargo.nix | 195 ++++++++++++++++++++----------- Cargo.toml | 2 +- crate-hashes.json | 23 ++-- rust/operator-binary/src/main.rs | 8 +- 5 files changed, 209 insertions(+), 120 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 37b5cbb..b305a32 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1113,6 +1113,12 @@ version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" +[[package]] +name = "humantime" +version = "2.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "135b12329e5e3ce057a9f972339ea52bc954fe1e9358ef27f95e89716fbc5424" + [[package]] name = "hyper" version = "1.8.1" @@ -1501,17 +1507,18 @@ dependencies = [ [[package]] name = "k8s-version" version = "0.1.3" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#8425ce312cfadcc49c157bada79cac04c3ad5229" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.110.0#95490f2d703d20cf1895e5976fdc5fb8f02aa293" dependencies = [ "darling", "regex", - "snafu 0.8.9", + "snafu 0.9.0", ] [[package]] name = "kube" -version = "3.0.1" -source = "git+https://github.com/kube-rs/kube-rs?rev=fe69cc486ff8e62a7da61d64ec3ebbd9e64c43b5#fe69cc486ff8e62a7da61d64ec3ebbd9e64c43b5" +version = "3.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "acc5a6a69da2975ed9925d56b5dcfc9cc739b66f37add06785b7c9f6d1e88741" dependencies = [ "k8s-openapi", "kube-client", @@ -1522,8 +1529,9 @@ dependencies = [ [[package]] name = "kube-client" -version = "3.0.1" -source = "git+https://github.com/kube-rs/kube-rs?rev=fe69cc486ff8e62a7da61d64ec3ebbd9e64c43b5#fe69cc486ff8e62a7da61d64ec3ebbd9e64c43b5" +version = "3.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fcaf2d1f1a91e1805d4cd82e8333c022767ae8ffd65909bbef6802733a7dd40" dependencies = [ "base64", "bytes", @@ -1556,8 +1564,9 @@ dependencies = [ [[package]] name = "kube-core" -version = "3.0.1" -source = "git+https://github.com/kube-rs/kube-rs?rev=fe69cc486ff8e62a7da61d64ec3ebbd9e64c43b5#fe69cc486ff8e62a7da61d64ec3ebbd9e64c43b5" +version = "3.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f126d2db7a8b532ec1d839ece2a71e2485dc3bbca6cc3c3f929becaa810e719e" dependencies = [ "derive_more", "form_urlencoded", @@ -1574,8 +1583,9 @@ dependencies = [ [[package]] name = "kube-derive" -version = "3.0.1" -source = "git+https://github.com/kube-rs/kube-rs?rev=fe69cc486ff8e62a7da61d64ec3ebbd9e64c43b5#fe69cc486ff8e62a7da61d64ec3ebbd9e64c43b5" +version = "3.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d6b9b97e121fce957f9cafc6da534abc4276983ab03190b76c09361e2df849fa" dependencies = [ "darling", "proc-macro2", @@ -1587,8 +1597,9 @@ dependencies = [ [[package]] name = "kube-runtime" -version = "3.0.1" -source = "git+https://github.com/kube-rs/kube-rs?rev=fe69cc486ff8e62a7da61d64ec3ebbd9e64c43b5#fe69cc486ff8e62a7da61d64ec3ebbd9e64c43b5" +version = "3.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c072737075826ee74d3e615e80334e41e617ca3d14fb46ef7cdfda822d6f15f2" dependencies = [ "ahash", "async-broadcast", @@ -2428,9 +2439,9 @@ dependencies = [ [[package]] name = "rustls-webpki" -version = "0.103.10" +version = "0.103.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "df33b2b81ac578cabaf06b89b0631153a3f416b0a886e8a7a1707fb51abbd1ef" +checksum = "8279bb85272c9f10811ae6a6c547ff594d6a7f3c6c6b02ee9726d1d0dcfcdd06" dependencies = [ "ring", "rustls-pki-types", @@ -2736,6 +2747,15 @@ dependencies = [ "snafu-derive 0.8.9", ] +[[package]] +name = "snafu" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d1d4bced6a69f90b2056c03dcff2c4737f98d6fb9e0853493996e1d253ca29c6" +dependencies = [ + "snafu-derive 0.9.0", +] + [[package]] name = "snafu-derive" version = "0.6.10" @@ -2759,6 +2779,18 @@ dependencies = [ "syn 2.0.116", ] +[[package]] +name = "snafu-derive" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "54254b8531cafa275c5e096f62d48c81435d1015405a91198ddb11e967301d40" +dependencies = [ + "heck", + "proc-macro2", + "quote", + "syn 2.0.116", +] + [[package]] name = "socket2" version = "0.6.2" @@ -2794,7 +2826,7 @@ checksum = "6ce2be8dc25455e1f91df71bfa12ad37d7af1092ae736f3a6cd0e37bc7810596" [[package]] name = "stackable-certs" version = "0.4.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#8425ce312cfadcc49c157bada79cac04c3ad5229" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.110.0#95490f2d703d20cf1895e5976fdc5fb8f02aa293" dependencies = [ "const-oid", "ecdsa", @@ -2806,7 +2838,7 @@ dependencies = [ "rsa", "sha2", "signature", - "snafu 0.8.9", + "snafu 0.9.0", "stackable-shared", "tokio", "tokio-rustls", @@ -2837,9 +2869,10 @@ dependencies = [ [[package]] name = "stackable-operator" -version = "0.107.1" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#8425ce312cfadcc49c157bada79cac04c3ad5229" +version = "0.110.0" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.110.0#95490f2d703d20cf1895e5976fdc5fb8f02aa293" dependencies = [ + "base64", "clap", "const_format", "delegate", @@ -2854,13 +2887,14 @@ dependencies = [ "k8s-openapi", "kube", "product-config", + "rand 0.9.2", "regex", "schemars", "semver", "serde", "serde_json", "serde_yaml", - "snafu 0.8.9", + "snafu 0.9.0", "stackable-operator-derive", "stackable-shared", "stackable-telemetry", @@ -2877,7 +2911,7 @@ dependencies = [ [[package]] name = "stackable-operator-derive" version = "0.3.1" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#8425ce312cfadcc49c157bada79cac04c3ad5229" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.110.0#95490f2d703d20cf1895e5976fdc5fb8f02aa293" dependencies = [ "darling", "proc-macro2", @@ -2888,7 +2922,7 @@ dependencies = [ [[package]] name = "stackable-shared" version = "0.1.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#8425ce312cfadcc49c157bada79cac04c3ad5229" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.110.0#95490f2d703d20cf1895e5976fdc5fb8f02aa293" dependencies = [ "jiff", "k8s-openapi", @@ -2897,15 +2931,15 @@ dependencies = [ "semver", "serde", "serde_yaml", - "snafu 0.8.9", + "snafu 0.9.0", "strum", "time", ] [[package]] name = "stackable-telemetry" -version = "0.6.2" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#8425ce312cfadcc49c157bada79cac04c3ad5229" +version = "0.6.3" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.110.0#95490f2d703d20cf1895e5976fdc5fb8f02aa293" dependencies = [ "axum", "clap", @@ -2916,7 +2950,7 @@ dependencies = [ "opentelemetry-semantic-conventions", "opentelemetry_sdk", "pin-project", - "snafu 0.8.9", + "snafu 0.9.0", "strum", "tokio", "tower", @@ -2928,21 +2962,21 @@ dependencies = [ [[package]] name = "stackable-versioned" -version = "0.8.3" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#8425ce312cfadcc49c157bada79cac04c3ad5229" +version = "0.9.0" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.110.0#95490f2d703d20cf1895e5976fdc5fb8f02aa293" dependencies = [ "schemars", "serde", "serde_json", "serde_yaml", - "snafu 0.8.9", + "snafu 0.9.0", "stackable-versioned-macros", ] [[package]] name = "stackable-versioned-macros" -version = "0.8.3" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#8425ce312cfadcc49c157bada79cac04c3ad5229" +version = "0.9.0" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.110.0#95490f2d703d20cf1895e5976fdc5fb8f02aa293" dependencies = [ "convert_case", "convert_case_extras", @@ -2959,13 +2993,14 @@ dependencies = [ [[package]] name = "stackable-webhook" -version = "0.9.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#8425ce312cfadcc49c157bada79cac04c3ad5229" +version = "0.9.1" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.110.0#95490f2d703d20cf1895e5976fdc5fb8f02aa293" dependencies = [ "arc-swap", "async-trait", "axum", "futures-util", + "humantime", "hyper", "hyper-util", "k8s-openapi", @@ -2975,7 +3010,7 @@ dependencies = [ "rand 0.9.2", "serde", "serde_json", - "snafu 0.8.9", + "snafu 0.9.0", "stackable-certs", "stackable-shared", "stackable-telemetry", diff --git a/Cargo.nix b/Cargo.nix index c1f0ce5..99f578b 100644 --- a/Cargo.nix +++ b/Cargo.nix @@ -3480,6 +3480,14 @@ rec { ]; }; + "humantime" = rec { + crateName = "humantime"; + version = "2.3.0"; + edition = "2021"; + sha256 = "092lpipp32ayz4kyyn4k3vz59j9blng36wprm5by0g2ykqr14nqk"; + features = { + }; + }; "hyper" = rec { crateName = "hyper"; version = "1.8.1"; @@ -4800,8 +4808,8 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; - rev = "8425ce312cfadcc49c157bada79cac04c3ad5229"; - sha256 = "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3"; + rev = "95490f2d703d20cf1895e5976fdc5fb8f02aa293"; + sha256 = "0svjfddsbx72mscsmg1nh581pkdb4ay8nia5gmly0wbfzj7wgq44"; }; libName = "k8s_version"; authors = [ @@ -4819,7 +4827,7 @@ rec { } { name = "snafu"; - packageId = "snafu 0.8.9"; + packageId = "snafu 0.9.0"; } ]; features = { @@ -4830,14 +4838,9 @@ rec { }; "kube" = rec { crateName = "kube"; - version = "3.0.1"; + version = "3.1.0"; edition = "2024"; - workspace_member = null; - src = pkgs.fetchgit { - url = "https://github.com/kube-rs/kube-rs"; - rev = "fe69cc486ff8e62a7da61d64ec3ebbd9e64c43b5"; - sha256 = "1irm4g79crlxjm3iqrgvx0f6wxdcj394ky84q89pk9i36y2mlw3n"; - }; + sha256 = "0hc7x38zdjdphmkx1b9pdyv3kiwwzkfbamjxjbcmx5x2knkadidc"; authors = [ "clux " "Natalie Klestrup Röijezon " @@ -4908,14 +4911,9 @@ rec { }; "kube-client" = rec { crateName = "kube-client"; - version = "3.0.1"; + version = "3.1.0"; edition = "2024"; - workspace_member = null; - src = pkgs.fetchgit { - url = "https://github.com/kube-rs/kube-rs"; - rev = "fe69cc486ff8e62a7da61d64ec3ebbd9e64c43b5"; - sha256 = "1irm4g79crlxjm3iqrgvx0f6wxdcj394ky84q89pk9i36y2mlw3n"; - }; + sha256 = "0h6xlwrjg07npsdr0rgxiyp6f9q27hryi0ndsh2ih7m9y78z5jhg"; libName = "kube_client"; authors = [ "clux " @@ -5041,7 +5039,7 @@ rec { name = "tokio"; packageId = "tokio"; optional = true; - features = [ "time" "signal" "sync" ]; + features = [ "time" "signal" "sync" "rt" ]; } { name = "tokio-util"; @@ -5141,14 +5139,9 @@ rec { }; "kube-core" = rec { crateName = "kube-core"; - version = "3.0.1"; + version = "3.1.0"; edition = "2024"; - workspace_member = null; - src = pkgs.fetchgit { - url = "https://github.com/kube-rs/kube-rs"; - rev = "fe69cc486ff8e62a7da61d64ec3ebbd9e64c43b5"; - sha256 = "1irm4g79crlxjm3iqrgvx0f6wxdcj394ky84q89pk9i36y2mlw3n"; - }; + sha256 = "17ki1s0smv4vj8zkrk56phxxr1943sky5v1rv30jwlwbgbdx49pi"; libName = "kube_core"; authors = [ "clux " @@ -5228,14 +5221,9 @@ rec { }; "kube-derive" = rec { crateName = "kube-derive"; - version = "3.0.1"; + version = "3.1.0"; edition = "2024"; - workspace_member = null; - src = pkgs.fetchgit { - url = "https://github.com/kube-rs/kube-rs"; - rev = "fe69cc486ff8e62a7da61d64ec3ebbd9e64c43b5"; - sha256 = "1irm4g79crlxjm3iqrgvx0f6wxdcj394ky84q89pk9i36y2mlw3n"; - }; + sha256 = "1yj9z0niwdh9djvr0cdh7ac7chmw999xmimgkizrbkhz29zbkffn"; procMacro = true; libName = "kube_derive"; authors = [ @@ -5282,14 +5270,9 @@ rec { }; "kube-runtime" = rec { crateName = "kube-runtime"; - version = "3.0.1"; + version = "3.1.0"; edition = "2024"; - workspace_member = null; - src = pkgs.fetchgit { - url = "https://github.com/kube-rs/kube-rs"; - rev = "fe69cc486ff8e62a7da61d64ec3ebbd9e64c43b5"; - sha256 = "1irm4g79crlxjm3iqrgvx0f6wxdcj394ky84q89pk9i36y2mlw3n"; - }; + sha256 = "1whmdwnq5nnzgkpldyql7p51grj19qrq0pk17r6yfvl2fmq76wn0"; libName = "kube_runtime"; authors = [ "clux " @@ -8178,9 +8161,9 @@ rec { }; "rustls-webpki" = rec { crateName = "rustls-webpki"; - version = "0.103.10"; + version = "0.103.12"; edition = "2021"; - sha256 = "1vyipcdbazvhl6kyi1m8n0bg98sk25iv12bby2xcly653awb4cyz"; + sha256 = "01nxzkfd1l96jzp04svc7iznlkarzx3wb9p63a0i17rc4y2vnyc2"; libName = "webpki"; dependencies = [ { @@ -9127,6 +9110,34 @@ rec { }; resolvedDefaultFeatures = [ "alloc" "default" "rust_1_61" "rust_1_65" "std" ]; }; + "snafu 0.9.0" = rec { + crateName = "snafu"; + version = "0.9.0"; + edition = "2018"; + sha256 = "1ii9r99x5qcn754m624yzgb9hzvkqkrcygf0aqh0pyb9dbnvrm6i"; + authors = [ + "Jake Goulding " + ]; + dependencies = [ + { + name = "snafu-derive"; + packageId = "snafu-derive 0.9.0"; + } + ]; + features = { + "backtrace" = [ "dep:backtrace" ]; + "backtraces-impl-backtrace-crate" = [ "backtrace" ]; + "default" = [ "std" "rust_1_81" ]; + "futures" = [ "futures-core-crate" "pin-project" ]; + "futures-core-crate" = [ "dep:futures-core-crate" ]; + "futures-crate" = [ "dep:futures-crate" ]; + "internal-dev-dependencies" = [ "futures-crate" ]; + "pin-project" = [ "dep:pin-project" ]; + "std" = [ "alloc" ]; + "unstable-provider-api" = [ "snafu-derive/unstable-provider-api" ]; + }; + resolvedDefaultFeatures = [ "alloc" "default" "rust_1_81" "std" ]; + }; "snafu-derive 0.6.10" = rec { crateName = "snafu-derive"; version = "0.6.10"; @@ -9189,6 +9200,42 @@ rec { }; resolvedDefaultFeatures = [ "rust_1_61" ]; }; + "snafu-derive 0.9.0" = rec { + crateName = "snafu-derive"; + version = "0.9.0"; + edition = "2018"; + sha256 = "0h0x61kyj4fvilcr2nj02l85shw1ika64vq9brf2gyna662ln9al"; + procMacro = true; + libName = "snafu_derive"; + authors = [ + "Jake Goulding " + ]; + dependencies = [ + { + name = "heck"; + packageId = "heck"; + usesDefaultFeatures = false; + } + { + name = "proc-macro2"; + packageId = "proc-macro2"; + usesDefaultFeatures = false; + } + { + name = "quote"; + packageId = "quote"; + usesDefaultFeatures = false; + } + { + name = "syn"; + packageId = "syn 2.0.116"; + usesDefaultFeatures = false; + features = [ "clone-impls" "derive" "full" "parsing" "printing" "proc-macro" ]; + } + ]; + features = { + }; + }; "socket2" = rec { crateName = "socket2"; version = "0.6.2"; @@ -9292,8 +9339,8 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; - rev = "8425ce312cfadcc49c157bada79cac04c3ad5229"; - sha256 = "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3"; + rev = "95490f2d703d20cf1895e5976fdc5fb8f02aa293"; + sha256 = "0svjfddsbx72mscsmg1nh581pkdb4ay8nia5gmly0wbfzj7wgq44"; }; libName = "stackable_certs"; authors = [ @@ -9351,7 +9398,7 @@ rec { } { name = "snafu"; - packageId = "snafu 0.8.9"; + packageId = "snafu 0.9.0"; } { name = "stackable-shared"; @@ -9473,19 +9520,23 @@ rec { }; "stackable-operator" = rec { crateName = "stackable-operator"; - version = "0.107.1"; + version = "0.110.0"; edition = "2024"; workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; - rev = "8425ce312cfadcc49c157bada79cac04c3ad5229"; - sha256 = "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3"; + rev = "95490f2d703d20cf1895e5976fdc5fb8f02aa293"; + sha256 = "0svjfddsbx72mscsmg1nh581pkdb4ay8nia5gmly0wbfzj7wgq44"; }; libName = "stackable_operator"; authors = [ "Stackable GmbH " ]; dependencies = [ + { + name = "base64"; + packageId = "base64"; + } { name = "clap"; packageId = "clap"; @@ -9549,6 +9600,10 @@ rec { name = "product-config"; packageId = "product-config"; } + { + name = "rand"; + packageId = "rand 0.9.2"; + } { name = "regex"; packageId = "regex"; @@ -9577,7 +9632,7 @@ rec { } { name = "snafu"; - packageId = "snafu 0.8.9"; + packageId = "snafu 0.9.0"; } { name = "stackable-operator-derive"; @@ -9650,8 +9705,8 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; - rev = "8425ce312cfadcc49c157bada79cac04c3ad5229"; - sha256 = "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3"; + rev = "95490f2d703d20cf1895e5976fdc5fb8f02aa293"; + sha256 = "0svjfddsbx72mscsmg1nh581pkdb4ay8nia5gmly0wbfzj7wgq44"; }; procMacro = true; libName = "stackable_operator_derive"; @@ -9685,8 +9740,8 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; - rev = "8425ce312cfadcc49c157bada79cac04c3ad5229"; - sha256 = "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3"; + rev = "95490f2d703d20cf1895e5976fdc5fb8f02aa293"; + sha256 = "0svjfddsbx72mscsmg1nh581pkdb4ay8nia5gmly0wbfzj7wgq44"; }; libName = "stackable_shared"; authors = [ @@ -9730,7 +9785,7 @@ rec { } { name = "snafu"; - packageId = "snafu 0.8.9"; + packageId = "snafu 0.9.0"; } { name = "strum"; @@ -9761,13 +9816,13 @@ rec { }; "stackable-telemetry" = rec { crateName = "stackable-telemetry"; - version = "0.6.2"; + version = "0.6.3"; edition = "2024"; workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; - rev = "8425ce312cfadcc49c157bada79cac04c3ad5229"; - sha256 = "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3"; + rev = "95490f2d703d20cf1895e5976fdc5fb8f02aa293"; + sha256 = "0svjfddsbx72mscsmg1nh581pkdb4ay8nia5gmly0wbfzj7wgq44"; }; libName = "stackable_telemetry"; authors = [ @@ -9818,7 +9873,7 @@ rec { } { name = "snafu"; - packageId = "snafu 0.8.9"; + packageId = "snafu 0.9.0"; } { name = "strum"; @@ -9871,13 +9926,13 @@ rec { }; "stackable-versioned" = rec { crateName = "stackable-versioned"; - version = "0.8.3"; + version = "0.9.0"; edition = "2024"; workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; - rev = "8425ce312cfadcc49c157bada79cac04c3ad5229"; - sha256 = "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3"; + rev = "95490f2d703d20cf1895e5976fdc5fb8f02aa293"; + sha256 = "0svjfddsbx72mscsmg1nh581pkdb4ay8nia5gmly0wbfzj7wgq44"; }; libName = "stackable_versioned"; authors = [ @@ -9904,7 +9959,7 @@ rec { } { name = "snafu"; - packageId = "snafu 0.8.9"; + packageId = "snafu 0.9.0"; } { name = "stackable-versioned-macros"; @@ -9915,13 +9970,13 @@ rec { }; "stackable-versioned-macros" = rec { crateName = "stackable-versioned-macros"; - version = "0.8.3"; + version = "0.9.0"; edition = "2024"; workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; - rev = "8425ce312cfadcc49c157bada79cac04c3ad5229"; - sha256 = "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3"; + rev = "95490f2d703d20cf1895e5976fdc5fb8f02aa293"; + sha256 = "0svjfddsbx72mscsmg1nh581pkdb4ay8nia5gmly0wbfzj7wgq44"; }; procMacro = true; libName = "stackable_versioned_macros"; @@ -9983,13 +10038,13 @@ rec { }; "stackable-webhook" = rec { crateName = "stackable-webhook"; - version = "0.9.0"; + version = "0.9.1"; edition = "2024"; workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; - rev = "8425ce312cfadcc49c157bada79cac04c3ad5229"; - sha256 = "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3"; + rev = "95490f2d703d20cf1895e5976fdc5fb8f02aa293"; + sha256 = "0svjfddsbx72mscsmg1nh581pkdb4ay8nia5gmly0wbfzj7wgq44"; }; libName = "stackable_webhook"; authors = [ @@ -10013,6 +10068,10 @@ rec { name = "futures-util"; packageId = "futures-util"; } + { + name = "humantime"; + packageId = "humantime"; + } { name = "hyper"; packageId = "hyper"; @@ -10057,7 +10116,7 @@ rec { } { name = "snafu"; - packageId = "snafu 0.8.9"; + packageId = "snafu 0.9.0"; } { name = "stackable-certs"; diff --git a/Cargo.toml b/Cargo.toml index f205682..2f6d4e8 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,7 +10,7 @@ edition = "2024" repository = "https://github.com/stackabletech/commons-operator" [workspace.dependencies] -stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "stackable-operator-0.107.1", features = ["crds", "webhook"] } +stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "stackable-operator-0.110.0", features = ["crds", "webhook"] } anyhow = "1.0" built = { version = "0.8", features = ["chrono", "git2"] } diff --git a/crate-hashes.json b/crate-hashes.json index 2bebff2..1f3488f 100644 --- a/crate-hashes.json +++ b/crate-hashes.json @@ -1,17 +1,12 @@ { - "git+https://github.com/kube-rs/kube-rs?rev=fe69cc486ff8e62a7da61d64ec3ebbd9e64c43b5#kube-client@3.0.1": "1irm4g79crlxjm3iqrgvx0f6wxdcj394ky84q89pk9i36y2mlw3n", - "git+https://github.com/kube-rs/kube-rs?rev=fe69cc486ff8e62a7da61d64ec3ebbd9e64c43b5#kube-core@3.0.1": "1irm4g79crlxjm3iqrgvx0f6wxdcj394ky84q89pk9i36y2mlw3n", - "git+https://github.com/kube-rs/kube-rs?rev=fe69cc486ff8e62a7da61d64ec3ebbd9e64c43b5#kube-derive@3.0.1": "1irm4g79crlxjm3iqrgvx0f6wxdcj394ky84q89pk9i36y2mlw3n", - "git+https://github.com/kube-rs/kube-rs?rev=fe69cc486ff8e62a7da61d64ec3ebbd9e64c43b5#kube-runtime@3.0.1": "1irm4g79crlxjm3iqrgvx0f6wxdcj394ky84q89pk9i36y2mlw3n", - "git+https://github.com/kube-rs/kube-rs?rev=fe69cc486ff8e62a7da61d64ec3ebbd9e64c43b5#kube@3.0.1": "1irm4g79crlxjm3iqrgvx0f6wxdcj394ky84q89pk9i36y2mlw3n", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#k8s-version@0.1.3": "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#stackable-certs@0.4.0": "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#stackable-operator-derive@0.3.1": "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#stackable-operator@0.107.1": "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#stackable-shared@0.1.0": "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#stackable-telemetry@0.6.2": "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#stackable-versioned-macros@0.8.3": "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#stackable-versioned@0.8.3": "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.107.1#stackable-webhook@0.9.0": "08ahxagis53c7bxnj53xgzv5l619av1lwfc67cswrsp2wcakzns3", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.110.0#k8s-version@0.1.3": "0svjfddsbx72mscsmg1nh581pkdb4ay8nia5gmly0wbfzj7wgq44", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.110.0#stackable-certs@0.4.0": "0svjfddsbx72mscsmg1nh581pkdb4ay8nia5gmly0wbfzj7wgq44", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.110.0#stackable-operator-derive@0.3.1": "0svjfddsbx72mscsmg1nh581pkdb4ay8nia5gmly0wbfzj7wgq44", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.110.0#stackable-operator@0.110.0": "0svjfddsbx72mscsmg1nh581pkdb4ay8nia5gmly0wbfzj7wgq44", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.110.0#stackable-shared@0.1.0": "0svjfddsbx72mscsmg1nh581pkdb4ay8nia5gmly0wbfzj7wgq44", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.110.0#stackable-telemetry@0.6.3": "0svjfddsbx72mscsmg1nh581pkdb4ay8nia5gmly0wbfzj7wgq44", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.110.0#stackable-versioned-macros@0.9.0": "0svjfddsbx72mscsmg1nh581pkdb4ay8nia5gmly0wbfzj7wgq44", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.110.0#stackable-versioned@0.9.0": "0svjfddsbx72mscsmg1nh581pkdb4ay8nia5gmly0wbfzj7wgq44", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.110.0#stackable-webhook@0.9.1": "0svjfddsbx72mscsmg1nh581pkdb4ay8nia5gmly0wbfzj7wgq44", "git+https://github.com/stackabletech/product-config.git?tag=0.8.0#product-config@0.8.0": "1dz70kapm2wdqcr7ndyjji0lhsl98bsq95gnb2lw487wf6yr7987" } \ No newline at end of file diff --git a/rust/operator-binary/src/main.rs b/rust/operator-binary/src/main.rs index f8c587e..a9fb028 100644 --- a/rust/operator-binary/src/main.rs +++ b/rust/operator-binary/src/main.rs @@ -57,11 +57,11 @@ async fn main() -> anyhow::Result<()> { match opts.cmd { Command::Crd => { AuthenticationClass::merged_crd(AuthenticationClassVersion::V1Alpha1)? - .print_yaml_schema(built_info::PKG_VERSION, SerializeOptions::default())?; + .print_yaml_schema(built_info::PKG_VERSION, &SerializeOptions::default())?; S3Connection::merged_crd(S3ConnectionVersion::V1Alpha1)? - .print_yaml_schema(built_info::PKG_VERSION, SerializeOptions::default())?; + .print_yaml_schema(built_info::PKG_VERSION, &SerializeOptions::default())?; S3Bucket::merged_crd(S3BucketVersion::V1Alpha1)? - .print_yaml_schema(built_info::PKG_VERSION, SerializeOptions::default())?; + .print_yaml_schema(built_info::PKG_VERSION, &SerializeOptions::default())?; } Command::Run(CommonsOperatorRunArguments { common: @@ -96,7 +96,7 @@ async fn main() -> anyhow::Result<()> { let sigterm_watcher = SignalWatcher::sigterm()?; let eos_checker = - EndOfSupportChecker::new(built_info::BUILT_TIME_UTC, maintenance.end_of_support)? + EndOfSupportChecker::new(built_info::BUILT_TIME_UTC, &maintenance.end_of_support)? .run(sigterm_watcher.handle()) .map(anyhow::Ok); From 85069ceeb68e6d1ac6c369b89ad05a6eb0907c55 Mon Sep 17 00:00:00 2001 From: Siegfried Weber Date: Wed, 15 Apr 2026 14:09:41 +0200 Subject: [PATCH 15/16] chore: Update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8d1bc03..1cb62ac 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ All notable changes to this project will be documented in this file. ### Changed - Document Helm deployed RBAC permissions and remove unnecessary permissions ([#412]). +- Bump stackable-operator to version 0.110.0 ([#410]). [#410]: https://github.com/stackabletech/commons-operator/pull/410 [#412]: https://github.com/stackabletech/commons-operator/pull/412 From 46a8275ea514ae3541d9ef300923e7d559393273 Mon Sep 17 00:00:00 2001 From: Siegfried Weber Date: Wed, 15 Apr 2026 14:37:11 +0200 Subject: [PATCH 16/16] chore: Update deny.toml --- deny.toml | 3 --- 1 file changed, 3 deletions(-) diff --git a/deny.toml b/deny.toml index 9a84a26..4fa854b 100644 --- a/deny.toml +++ b/deny.toml @@ -44,9 +44,6 @@ ignore = [ # # This version is pulled in transitively via num-bigint-dig -> rsa -> stackable-certs and cannot be # updated until the upstream rsa crate bumps its rand dependency. - # - # This should be fixed in rsa v0.10. - # Release tracking issue: https://github.com/RustCrypto/RSA/issues/647 "RUSTSEC-2026-0097", ]