Skip to content

v2.3.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 19 Mar 13:09
· 35 commits to main since this release
v2.3.0
26e6021
This commit was signed with the committer’s verified signature.
lukebond Luke Bond
GPG key ID: C544D7FD0F13EBD3
Verified
Learn about vigilant mode.

Restate Operator v2.3.0

✨ New Features

  • GCP Workload Identity via Config Connector — The operator now automatically creates IAMPolicyMember resources to bind Kubernetes service accounts to GCP service accounts via Workload Identity. This is triggered when a RestateCluster has iam.gke.io/gcp-service-account in serviceAccountAnnotations. The GCP project ID is extracted from the service account email, so no additional configuration is needed beyond the annotation. A canary job validates that credentials are available before the StatefulSet proceeds. This mirrors the existing AWS Pod Identity Association pattern and requires Config Connector to be installed on the GKE cluster.

  • Configurable cluster DNS suffix — The operator now supports configuring the Kubernetes cluster DNS suffix via the --cluster-dns CLI flag, CLUSTER_DNS environment variable, or Helm clusterDns value. Previously cluster.local was hardcoded in all internal service URLs. This is needed for multi-cluster setups, federated environments, and clusters with custom DNS naming.

  • Configurable drain delay — Added drainDelaySeconds to the RestateDeployment CRD's spec.restate section. This controls how long the operator waits after a deployment is drained before removing the old version. Default remains 300 seconds (5 minutes). (#96)

🐛 Bug Fixes

  • Improved admin API error messages — When a deployment registration is rejected by the admin API (e.g. breaking changes without --force), the error message now includes the response from Restate and is logged and emitted as a Kubernetes event, making failures much easier to diagnose. (#100)

  • Fixed canary job completion detection — Fixed a bug where a completed canary job was treated as still pending, causing the operator to loop indefinitely with a NotReady status condition. (#102)

⚙️ Configuration Changes

  • New Helm value clusterDns for configuring the cluster DNS suffix (default: cluster.local)
  • Conditional RBAC for IAMPolicyMember CRDs when GCP Workload Identity is enabled

⚠️ Upgrading Notes

CRD Update Required: Helm does not automatically upgrade CRDs. After upgrading the operator, you must manually apply the updated CRDs:

kubectl apply --server-side -f https://github.com/restatedev/restate-operator/releases/download/v2.3.0/restateclusters.yaml
kubectl apply --server-side -f https://github.com/restatedev/restate-operator/releases/download/v2.3.0/restatedeployments.yaml
kubectl apply --server-side -f https://github.com/restatedev/restate-operator/releases/download/v2.3.0/restatecloudenvironments.yaml

Then upgrade the operator via Helm:

helm upgrade restate-operator restatedev/restate-operator --version 2.3.0

Full release notes: release-notes/v2.3.0.md

Assets 5
Loading