Skip to content

Releases: strangelove-ventures/cosmos-operator

v0.25.1

25 Jun 03:07
@agouin agouin
v0.25.1
d67dcdc
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.25.1 Latest
Latest

What's Changed

  • fix: use dynamic ports from CometConfig in service builder by @danbryan in #500

Full Changelog: v0.25.0...v0.25.1

Contributors

danbryan
Assets 2
Loading

v0.25.0

18 Jun 18:20
@agouin agouin
v0.25.0
fe3fff5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.25.0

Highlights

  • Version additional pods (i.e. sidecar pods instead of sidecar containers) with your instances to auto upgrade at upgrade heights #486
  • Security audit performed and updates to reduce control of cosmos-operator within cluster, primarily removing access to kubernetes Secrets and config to allow Roles and RoleBindings to be managed externally. #466 SEE BREAKING CHANGES to determine if you need to migrate your P2P keys
  • Create privval services #464
  • Enable nodeSelector override per instance #450
  • Allow external ServiceAccount to be used for pods #484
  • Allow Comet RPC and P2P ports to be customized #485
  • Allow bypassing version check for custom genesis scenarios #492

Breaking Changes

If coming from version < v0.25.0-rc: cosmos-operator no longer has access to secrets. This was done for security reasons so that if a rogue cosmos-operator (not an official release from this repo or otherwise compromised version) was nefariously installed in the cluster, it would not have access to the kubernetes Secrets. The impact of this:

  • cosmos-operator no longer stores the node_key.json, the p2p identity key, as a kubernetes Secret. It is now stored in the existing ConfigMap since it is not a sensitive key. This change reduces the surface area of control of the cosmos-operator within the cluster.
  • Your old node_key.json p2p keys will NOT be retained in the migration. New ones will be generated unless you migrate them. If the node(s) you are upgrading are not acting as persistent peers for other nodes (serving p2p publicly and other nodes have the node as a persistent peer with the peer ID), there is no concern. The node(s) will get new p2p identities and will connect to other nodes without issue.
  • To retain the p2p node_key.json for any of your nodes, back it up out of the secret and store it in the configmap using the following procedure.

P2P Key node_key.json Migration

Read the previous section to determine if this is necessary for any of your nodes.

  1. Set environment variables
NAMESPACE=cosmos-sentry-noble-mainnet
NAME=noble-mainnet-sentry # Name of cosmosfullnode
INDEX=0 # instance index (pod)
  1. Extract and decode the secret data:
kubectl get secret -n ${NAMESPACE} ${NAME}-node-key-${INDEX} --template='{{index .data "node_key.json"}}' | base64 -d > "${NAMESPACE}-${NAME}-${INDEX}-node_key.json"
  1. Verify key was successfully fetched and stored locally
cat "${NAMESPACE}-${NAME}-${INDEX}-node_key.json"
{"priv_key":{"type":"tendermint/PrivKeyEd25519","value":"BASE64HERE"}}
  1. Then patch the configmap to add the new data:
kubectl patch configmap -n ${NAMESPACE} ${NAME}-${INDEX} --patch-file /dev/stdin <<EOF
data:
  node_key.json: |
$(cat "${NAMESPACE}-${NAME}-${INDEX}-node_key.json" | sed 's/^/    /')
EOF
  1. Verify the configmap now has the node_key.json
kubectl describe configmap -n ${NAMESPACE} ${NAME}-${INDEX}

Name:         noble-mainnet-sentry-0
Namespace:    cosmos-sentry-noble-mainnet
Labels:       ...
Annotations:  app.kubernetes.io/ordinal: 0

Data
====
app-overlay.toml:
----
...

config-overlay.toml:
----
...

node_key.json:
----
{"priv_key":{"type":"tendermint/PrivKeyEd25519","value":"BASE64HERE"}}

...

  1. Repeat 1-5 for all nodes you would like to retain the node_key.json for. Once done across all nodes, upgrade the cosmos-operator to v0.25.0
    Note, if you forgot to migrate prior to upgrade, that's okay. You can run the migration post upgrade, then restart the pods to pick up the modified node key.

  2. Remove old node-key secrets and local temporary node_key.json files.

What's Changed

  • build(deps): Bump github.com/go-logr/logr from 1.3.0 to 1.4.2 by @dependabot in #458
  • build(deps): Bump golang.org/x/net from 0.23.0 to 0.33.0 by @dependabot in #463
  • build(deps): Bump go.uber.org/goleak from 1.2.1 to 1.3.0 by @dependabot in #460
  • build(deps): Bump github.com/samber/lo from 1.38.1 to 1.47.0 by @dependabot in #459
  • docs: fix typo in quick_start.md by @VitalikBerashvili in #465
  • feat: privval service creation logic + conflict resolutions by @vimystic in #464
  • build(deps): Bump go.uber.org/zap from 1.26.0 to 1.27.0 by @dependabot in #467
  • build(deps): Bump github.com/spf13/viper from 1.16.0 to 1.19.0 by @dependabot in #468
  • chore: Move pprof server listener start to if check for profiling by @pharr117 in #472
  • feat: node key secret to configmap by @pharr117 in #466
  • feat: add nodeSelector to InstanceOverridesSpec by @vimystic in #450
  • build(deps): Bump golang.org/x/net from 0.33.0 to 0.36.0 by @dependabot in #476
  • fix: node collector by @agouin in #479
  • build(deps): Bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 by @dependabot in #478
  • feat: allow enabling additional service ports by @agouin in #480
  • feat: allow external service account for pods by @agouin in #484
  • feat: customize comet rpc and p2p ports by @agouin in #485
  • feat: support additional pods by @agouin in #486
  • chore: remove descriptions from cosmosfullnode CRD in kustomize config by @agouin in #487
  • fix: unique name label on additionalVersionedPods by @agouin in #488
  • feat: allow prefer scheduling additional pods on same node as main pods by @agouin in #489
  • feat: continue on version-check failure by @agouin in #492

New Contributors

Full Changelog: v0.24.0...v0.25.0

Contributors

agouin, pharr117, and 3 other contributors
Loading

v0.25.0-rc10

15 Apr 01:02
@agouin agouin
v0.25.0-rc10
5f01b1d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.25.0-rc10 Pre-release
Pre-release

What's Changed

  • feat: continue on version-check failure by @agouin in #492

Full Changelog: v0.25.0-rc9...v0.25.0-rc10

Contributors

agouin
Loading

v0.25.0-rc9

07 Apr 04:59
@agouin agouin
v0.25.0-rc9
36ebd8c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.25.0-rc9 Pre-release
Pre-release

What's Changed

  • feat: allow prefer scheduling additional pods on same node as main pods by @agouin in #489

Full Changelog: v0.25.0-rc8...v0.25.0-rc9

Contributors

agouin
Loading

v0.25.0-rc8

07 Apr 04:19
@agouin agouin
v0.25.0-rc8
a936831
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.25.0-rc8 Pre-release
Pre-release

What's Changed

  • fix: unique name label on additionalVersionedPods by @agouin in #488

Full Changelog: v0.25.0-rc7...v0.25.0-rc8

Contributors

agouin
Loading

v0.25.0-rc7

07 Apr 02:13
@agouin agouin
v0.25.0-rc7
207d806
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.25.0-rc7 Pre-release
Pre-release

What's Changed

  • chore: remove descriptions from cosmosfullnode CRD in kustomize config by @agouin in #487

Full Changelog: v0.25.0-rc6...v0.25.0-rc7

Contributors

agouin
Loading

v0.25.0-rc6

02 Apr 22:29
@agouin agouin
v0.25.0-rc6
ed17196
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.25.0-rc6 Pre-release
Pre-release

What's Changed

Full Changelog: v0.25.0-rc5...v0.25.0-rc6

Contributors

agouin
Loading

v0.25.0-rc5

02 Apr 02:10
@agouin agouin
v0.25.0-rc5
d8c06e8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.25.0-rc5 Pre-release
Pre-release

What's Changed

  • feat: customize comet rpc and p2p ports by @agouin in #485

Full Changelog: v0.25.0-rc4...v0.25.0-rc5

Contributors

agouin
Loading

v0.25.0-rc4

02 Apr 00:25
@agouin agouin
v0.25.0-rc4
876808a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.25.0-rc4 Pre-release
Pre-release

What's Changed

  • feat: allow external service account for pods by @agouin in #484

Full Changelog: v0.25.0-rc3...v0.25.0-rc4

Contributors

agouin
Loading

v0.25.0-rc3

29 Mar 00:59
@agouin agouin
v0.25.0-rc3
60c0afd
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.25.0-rc3 Pre-release
Pre-release

What's Changed

  • build(deps): Bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 by @dependabot in #478
  • feat: allow enabling additional service ports by @agouin in #480

Full Changelog: v0.25.0-rc2...v0.25.0-rc3

Contributors

agouin and dependabot
Loading