Sync sn operator crds rbac, upgrade to 0.17.0 version#105
Open
Sync sn operator crds rbac, upgrade to 0.17.0 version#105
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Updates the sn-operator Helm chart to align CRDs and RBAC with the newer sn-operator release series (chart v0.17.0 / app v0.17.x), including new/expanded schema fields across multiple CRDs and updated permissions for newly managed resources.
Changes:
- Bump Helm chart
versiontov0.17.0andappVersiontov0.17.8. - Sync/expand CRD OpenAPI schemas across StreamNative and Pulsar resources (new fields like
listenerName,fileKeyRef, autoscalingtolerance, etc.). - Update RBAC rules to include
connectionsresources and adjust Strimzi Kafka permissions.
Reviewed changes
Copilot reviewed 20 out of 21 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| charts/sn-operator/Chart.yaml | Chart/app version bump for the 0.17.x release line. |
| charts/sn-operator/templates/rules.yaml | RBAC updates (add connections; adjust Strimzi Kafka permissions). |
| charts/sn-operator/crds/zookeeper.streamnative.io_zookeeperclusters.yaml | CRD schema updates (e.g., listenerName, fileKeyRef). |
| charts/sn-operator/crds/pulsar.streamnative.io_pulsarproxies.yaml | CRD schema updates (autoscaling tolerance, listenerName, fileKeyRef). |
| charts/sn-operator/crds/pulsar.streamnative.io_pulsarfunctionsworkers.yaml | CRD schema updates (autoscaling tolerance, mode, crLabels, endpoints, listenerName, fileKeyRef). |
| charts/sn-operator/crds/pulsar.streamnative.io_pulsarbrokers.yaml | CRD schema updates (autoscaling tolerance, catalog/bigLake fields, crLabels, listenerName, fileKeyRef). |
| charts/sn-operator/crds/pulsar.streamnative.io_pulsarbrokerrevisions.yaml | CRD schema updates (catalog/bigLake fields, crLabels, listenerName, fileKeyRef). |
| charts/sn-operator/crds/k8s.streamnative.io_storagecatalogs.yaml | CRD schema updates (schema registry-related fields). |
| charts/sn-operator/crds/k8s.streamnative.io_snschemaregistries.yaml | CRD schema updates (authn/authz config, store config fields, listenerName, fileKeyRef). |
| charts/sn-operator/crds/k8s.streamnative.io_pulsarcoordinators.yaml | CRD schema updates (client auth config, metrics auth config, toolSet additions, listenerName). |
| charts/sn-operator/crds/k8s.streamnative.io_pfsqlclusters.yaml | CRD schema updates (listenerName). |
| charts/sn-operator/crds/k8s.streamnative.io_oxiaclusters.yaml | CRD schema updates (listenerName, fileKeyRef). |
| charts/sn-operator/crds/k8s.streamnative.io_mqttproxies.yaml | CRD schema updates (listenerName, fileKeyRef). |
| charts/sn-operator/crds/k8s.streamnative.io_kafkarestproxies.yaml | CRD schema updates (listenerName, kafkaClusterRef, SELinux change policy). |
| charts/sn-operator/crds/k8s.streamnative.io_kafkaconnects.yaml | CRD schema updates (autoscaling tolerance, fileKeyRef, stopSignal, restartPolicyRules, podCertificate, SELinux change policy). |
| charts/sn-operator/crds/k8s.streamnative.io_kafkaclusters.yaml | Major CRD schema expansion (adds large config surface; loosens externalKafkaResourceRefs requirements; adds image/version). |
| charts/sn-operator/crds/k8s.streamnative.io_coordinators.yaml | CRD schema updates (client auth config, toolSet additions). |
| charts/sn-operator/crds/k8s.streamnative.io_consoles.yaml | CRD schema updates (fileKeyRef). |
| charts/sn-operator/crds/k8s.streamnative.io_apikeys.yaml | CRD schema updates (listenerName). |
| charts/sn-operator/crds/k8s.streamnative.io_agentfunctions.yaml | CRD schema updates (autoscaling tolerance, fileKeyRef, stopSignal, restartPolicyRules, podCertificate, SELinux change policy). |
| charts/sn-operator/crds/bookkeeper.streamnative.io_bookkeeperclusters.yaml | CRD schema updates (autoscaling tolerance, fileKeyRef, listenerName). |
Comments suppressed due to low confidence (1)
charts/sn-operator/templates/rules.yaml:247
- This change expands the ClusterRole to include
create/deleteonkafkas.kafka.strimzi.io. Since this materially increases privileges, please confirm the sn-operator actually needs to create/delete Kafka CRs; if it only reconciles existing resources, keep this rule read/patch/update-only (or document why the higher privileges are required).
- apiGroups:
- kafka.strimzi.io
resources:
- kafkas
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # follow Semantic Versioning. They should reflect the version the application is using. | ||
| # It is recommended to use it with quotes. | ||
| appVersion: "v0.16.1" | ||
| appVersion: "v0.17.8" |
There was a problem hiding this comment.
PR title says upgrade to 0.17.0, but the chart appVersion is set to v0.17.8. Please align the title/description with the actual operator version being shipped (or adjust appVersion if 0.17.0 is intended).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.