Release Notes

Enhancements

• Add support for DataPower firmware version 10.5.0.18, available in the 10.5-lts channel.
• DataPowerRollout Status now includes timestamps for creation & completion.
• DataPowerRollouts now generate events for tracking lifecycle changes.
• Environment variables defined in the DataPowerService (spec.env) are now combined (deduplicated) in the StatefulSet & Pods, taking the last value provided.

Platform

• Add support for Kubernetes 1.33.
• Remove support for Kubernetes 1.30.

Enhancements

• Add support for DataPower firmware version 10.5.0.17, available in the 10.5-lts channel.

Fixes

• Fix an issue where Warnings in the DataPowerService CR would continously iterate.
• Fix an issue that prevented RunAsRoot from triggering a rollout.
• Fix an issue where CertManager would not properly be detected.
• Fix an issue where reconciliation of DataPowerServices could halt due to stream timeout.

Platform

• Add support for OpenShift 4.18.

Enhancements

• Add support for DataPower firmware version 10.5.0.16, available in the 10.5-lts channel.

Platform

• Add support for Kubernetes 1.32.
• Remove support for Kubernetes 1.29.

Enhancements

• Add support for DataPower firmware version 10.5.0.15, available in the 10.5-lts channel.

Enhancements

• Add support for DataPower firmware version 10.5.0.14, available in the 10.5-lts channel.

Fixes

• Fix a known issue where DataPower Operator would fail to reconcile with VPA installed. More Information

Platform

• Add support for Kubernetes 1.31.
• Remove support for Kubernetes 1.28.
• For a full list of supported platforms, see Supported Platforms.

Fixes

• Fix a known issue where DataPower Operator would fail to reconcile with Grafana Installed. More Information

Enhancements

• Add support for DataPower firmware version 10.5.0.13, available in the 10.5-lts channel.

Fixes

• Fix an issue with OperandRequests not being found. More Information.
• Reduce cluster permissions required by the Operator. More Information.
• Reduce the amount of logs at info Level.

License change

DataPower firmware version 10.5.0.13 has different licenses from previous 10.5.0.x LTS versions. When upgrading your DataPowerService, you will need to update the license spec to reflect the new license. See the Licenses Guide for reference.

Enhancements

• Add support for DataPower firmware version 10.5.0.12, available in the 10.5-lts channel.

License change

DataPower firmware version 10.5.0.12 has different licenses from previous 10.5.0.x LTS versions. When upgrading your DataPowerService, you will need to update the license spec to reflect the new license. See the Licenses Guide for reference.

Platform

• Add support for OpenShift 4.16.
• Add support for Kubernetes 1.30.
• Remove support for Kubernetes 1.27.
• For a full list of supported platforms, see Supported Platforms.

Known issues

• Failed to get empty OperandRequest

Enhancements

• Add support for DataPower firmware version 10.5.0.11, available in the 10.5-lts channel.
• Add support for DataPower firmware version 10.0.1.19, available in the 10.0-lts channel.

DataPowerService API changes

• The resources spec has been expanded, and now allows specifying both CPU requests and limits. Previously, only requests was allowed and the DataPower Operator would use the same value for limits when creating the StatefulSet.
• CPU request and limit minimums have been lowered:
  • Minimum CPU request is now 100m.
  • Minimum CPU limit is now 500m.

Enhancements

• Add support for DataPower firmware version 10.5.0.10, available in the 10.5-lts channel.
• Add support for DataPower firmware version 10.0.1.18, available in the 10.0-lts channel.

Platform

• Add support for Kubernetes 1.29.
• Remove support for Kubernetes 1.26.
• Remove support for OpenShift 4.10.

OLM

• datapower-operator-catalog is now a multi-architecture image and file-based catalog.
  • The remaining DataPower Operator and Operand images are still amd64 only.
  • This change should be transparent and cause no side-effects.

Enhancements

• Add support for DataPower firmware version 10.5.0.9, available in the 10.5-lts channel.
• Add support for DataPower firmware version 10.0.1.17, available in the 10.0-lts channel.
• New firmware status object in DataPowerService custom resources.

MustGather API

In this release, we have back-ported the DataPowerMustGather (introduced in 1.8.0) and DataPowerMustGatherManager (introduced in 1.9.0) APIs to the v1.6 stream.

• DataPowerMustGather API
• DataPowerMustGatherManager API
• Operand Troubleshooting Guide

Platform

• Add OpenShift 4.14 support.

Enhancements

• Add support for DataPower firmware version 10.5.0.8, available in the 10.5-lts channel.
• Add support for DataPower firmware version 10.0.1.16, available in the 10.0-lts channel.

Fixes

• Set fsGroup in DataPower podSecurityContext when running on Kubernetes.
  • When runAsRoot is enabled in the DataPowerService, the fsGroup will be set to 0.
  • Otherwise, the fsGroup will be set to 1000.
  • This fix does not apply to OpenShift environments.
• Fix an issue which caused application domain configuration to be pulled into the default domain when using both the domains API in the DataPowerService and persistence for the config:/// directory.
• Fix an issue which would cause the DataPower Operator pod to crash when running on a pre-release version of OpenShift.

Platform

• Add support for Kubernetes 1.28.
• Remove support for Kubernetes 1.25.

DataPowerService API changes

• A new property, env, has been added to jaegerTracing to allow for customization of the jaeger-tracing-agent container environment variables.

Fixes

• Fix an issue which caused changes to the DataPowerService jaegerTracing spec to not be reconciled to the StatefulSet.

Enhancements

• Add support for DataPower firmware version 10.5.0.7, available in the 10.5-lts channel.
• Add support for DataPower firmware version 10.5.0.5R, available in the 10.5-lts channel.
• Add support for DataPower firmware version 10.5.0.4R, available in the 10.5-lts channel.
• Add support for DataPower firmware version 10.0.1.15, available in the 10.0-lts channel.

Fixes

• Fix an issue which would cause the datapower-operator pod to crash if its ownerReference on the datapower-operator-conversion-webhook Deployment was removed or missing.
• Remove unnecessary permissions from the default minimal ServiceAccount created for a DataPowerService operand when one is not provided by the user in serviceAccountName.

Platform

• Remove support for Kubernetes 1.24.

Enhancements

• Add support for DataPower firmware version 10.5.0.6, available in the 10.5-lts channel.
• Add support for DataPower firmware version 10.0.1.14, available in the 10.0-lts channel.

DataPowerService API changes

Several changes were made to the domains spec in the v1beta3 API, including:

• dpApp is now optional.
• dpApp.config is now optional.

The goal of these changes is to make working with the domains spec as flexible as possible. Now, the only required field is name, and providing only this field is enough to create a domain in the DataPower operand. Optionally, any other properties can be provided (dpApp, certs, settings, passwordMap, etc.) to incrementally build up your domain's configuration as desired.

Fixes

• Fix an issue in the DataPowerService v1beta3 API validation webhook which would cause validation failures when running on an unsupported OCP version (e.g. 4.11). Instead, this is now raised as a Warning condition on the DataPowerService custom resource.
• Fix an issue which caused changes to the DataPowerService jaegerTracing spec to not be reconciled to the StatefulSet.
• Fix an issue in which the DataPowerService status.labelSelector was not kept up-to-date.
  • In addition, this field's value is now a minimal set of labels similar to what's used in the StatefulSet's headless Service.
• Fix an issue which caused the DataPowerService status.replicas not to be reconciled, resulting in the scale subresource's status always reporting zero replicas.

Platform

• Add support for Kubernetes 1.27.

Enhancements

• Add support for DataPower firmware version 10.5.0.5, available in the 10.5-lts channel.
• Add support for DataPower firmware version 10.0.1.13, available in the 10.0-lts channel.

DataPowerService API changes

Several changes were made to the domains spec in the v1beta3 API, including:

Fixes

• Fix an issue that would cause the operator to crash when handling a large amount of pod events.
• Fix an issue that would cause the operator to crash when reconciling a DataPowerService which defines a domain with no dpApp.config.
  • Note: the validation webhook will now reject such config.
• Fix an issue that would cause StatefulSet rollouts due to transient errors during CP4I discovery.
• Fix known issue: Airgap install failure due to 'unable to retrieve source image docker.io'.
• Changes to a DataPowerService domain's passphrase Secret will now be reconciled.

Meta

• The Domain Configuration guide page has been rewritten, and the API docs for the domains property have been moved to a dedicated page.

Enhancements

• Add support for DataPower firmware version 10.5.0.4, available in the 10.5-lts channel.
• Add support for DataPower firmware version 10.0.1.12, available in the 10.0-lts channel.

Platform

• Add OpenShift 4.12 support.
• Add Kubernetes 1.26 support.
• Remove Kubernetes 1.23 support.

Changes

• Default logging timestamp format for datapower-operator and datapower-operator-conversion-webhook Pods is now rfc3339nano (was epoch). This can be changed by modifying the --zap-time-encoding argument in the respective Deployment resource; or more info, see Logging.
• Improve resilience in conversion-webhook failover algorithm. For more details, see orphaned webhooks.
• The DataPower Operator version is now annotated (datapower.ibm.com/operator-version) on all owned CustomResourceDefinitions.
• Clarify log messages from DataPowerMonitor controller when reconciling resources paused by an in-progress DataPowerRollout.

Fixes

• Fix an issue in which changes to DataPowerService hostAliases would not propagate to the StatefulSet.
• Fix an issue which caused DataPowerRollout reconcilation to fail under certain scenarios with a long namespace.
• Fix an issue in DataPowerService validation which allowed multiple domains to be specified with the same name, resulting in StatefulSet errors.
• Fix an issue that would prevent a new operator instance from being able to adopt / recover a degraded conversion-webhook Deployment in a separate namespace.
• Fix an issue which could cause the operator to crash after creating the StatefulSet.

Enhancements

• Add support for DataPower firmware version 10.5.0.3, available in the 10.5-lts channel.
• Add support for DataPower firmware version 10.0.1.11, available in the 10.0-lts channel.
• New properties in v1beta3 DataPowerService API:
  • healthCheck - Configuration for DataPower Health Check service.
  • readinessTimeoutSeconds - Configure a readiness timeout for DataPower Pods.
  • hostAliases - Configure static host alias entries for DataPower.

Changes

• Update the minimum values allowed in resources for experimentation.
  • Reduce minimum CPU request to 0.5 CPU, or 500m. Default remains 1 CPU for nonproduction and 4 CPU for production.
  • Reduce minimum Memory request / limit to 2 GB, or 2Gi. Default request remains 4Gi and default limit remains 8Gi.
• The operator now controls the livenessProbe configuration for new DataPowerService versions. See the updated API docs for details.

Fixes

• Fix an issue in the DataPowerRollout controller which would prevent an automatic rollout from progressing if the gateway-peering configurations were incongruent among the pods.
• Fix an issue in the webhook Secret initialization that would cause the operator to crash if cert-manager was installed incorrectly.
• Fix a port conflict between the Prometheus snmp_exporter process and the new DataPower web-mgmt interface.
  • Prometheus snmp_exporter listener port changed from 63512 to 9116.

Enhancements

• Add support for DataPower firmware version 10.0.1.10, available in the 10.0-lts channel.

Changes

• datapower-limited image location has changed to icr.io/cpopen/datapower/datapower-limited, see Pulling images from the IBM Entitled Registry.

v1.2-eus EOL

• The v1.2-eus DataPower Operator channel reaches end-of-life October 31, 2022. The v1.6 DataPower Operator is now the maintaining LTS stream for 10.0.1 DataPower operand.
• Add 10.0-lts channel and versions to the Available versions offered by the Operator, enabling upgrade experience within IBM Cloud Pak for Integration.

Enhancements

• Add support for DataPower firmware version 10.5.0.2, available in the 10.5-lts channel.

Platform

• Add support for Kubernetes 1.25.

Fixes

• Fix image formats to ensure backward compatibility to Docker Image Manifest Version 2, Schema 2 (v2s2).
• Fix DataPowerService status.versions to remove versions older than the current status.versions.reconciled.
• Fix search algorithm used by the datapower-operator-conversion-webhook management routine, resolving an issue that would result in the following error being logged during operator boot: Something went wrong when creating conversion webhook deployment.

Enhancements

• Add support for DataPower firmware version 10.5.0.1, available in the 10.5-lts channel.

Platform

• Add support for Kubernetes 1.24.

Fixes

• Fix an issue that may occur when attempting to reinstall the operator on OCP 4.8+.

Enhancements

• Add support for DataPower firmware version 10.5.0.0, available in the 10.5-lts channel.
• Add support for DataPower firmware version 10.0.1.8, available in the 10.0-lts channel.

Platform

• Required minimum OpenShift Container Platform (OCP) version is now 4.10.
• Required minimum Kubernetes version is now 1.23.

Fixes

• Fix an issue relating to CP4I discovery, leading to unnecessary DataPower StatefulSet updates.