From cced37c3649e700655e9a14ac95f2381129709b1 Mon Sep 17 00:00:00 2001 From: Techassi Date: Wed, 4 Feb 2026 12:35:26 +0100 Subject: [PATCH 1/4] feat: Add graceful shutdown --- Cargo.lock | 16 ++++++++-------- Cargo.nix | 30 +++++++++++++++--------------- Cargo.toml | 2 +- crate-hashes.json | 14 +++++++------- rust/operator-binary/src/main.rs | 9 +++++++-- 5 files changed, 38 insertions(+), 33 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 8446e11f..e96f839b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1372,7 +1372,7 @@ dependencies = [ [[package]] name = "k8s-version" version = "0.1.3" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.102.0#402911782469fd689308f3e57c38ad249dec83f3" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.105.0#7bfcac5f6515c8b4c8cf8def2edfde5ed8621aaa" dependencies = [ "darling 0.23.0", "regex", @@ -2512,8 +2512,8 @@ dependencies = [ [[package]] name = "stackable-operator" -version = "0.102.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.102.0#402911782469fd689308f3e57c38ad249dec83f3" +version = "0.105.0" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.105.0#7bfcac5f6515c8b4c8cf8def2edfde5ed8621aaa" dependencies = [ "chrono", "clap", @@ -2551,7 +2551,7 @@ dependencies = [ [[package]] name = "stackable-operator-derive" version = "0.3.1" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.102.0#402911782469fd689308f3e57c38ad249dec83f3" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.105.0#7bfcac5f6515c8b4c8cf8def2edfde5ed8621aaa" dependencies = [ "darling 0.23.0", "proc-macro2", @@ -2562,7 +2562,7 @@ dependencies = [ [[package]] name = "stackable-shared" version = "0.0.3" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.102.0#402911782469fd689308f3e57c38ad249dec83f3" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.105.0#7bfcac5f6515c8b4c8cf8def2edfde5ed8621aaa" dependencies = [ "chrono", "k8s-openapi", @@ -2579,7 +2579,7 @@ dependencies = [ [[package]] name = "stackable-telemetry" version = "0.6.1" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.102.0#402911782469fd689308f3e57c38ad249dec83f3" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.105.0#7bfcac5f6515c8b4c8cf8def2edfde5ed8621aaa" dependencies = [ "axum", "clap", @@ -2603,7 +2603,7 @@ dependencies = [ [[package]] name = "stackable-versioned" version = "0.8.3" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.102.0#402911782469fd689308f3e57c38ad249dec83f3" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.105.0#7bfcac5f6515c8b4c8cf8def2edfde5ed8621aaa" dependencies = [ "schemars", "serde", @@ -2616,7 +2616,7 @@ dependencies = [ [[package]] name = "stackable-versioned-macros" version = "0.8.3" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.102.0#402911782469fd689308f3e57c38ad249dec83f3" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.105.0#7bfcac5f6515c8b4c8cf8def2edfde5ed8621aaa" dependencies = [ "convert_case", "darling 0.23.0", diff --git a/Cargo.nix b/Cargo.nix index b3cbd443..c63a0b67 100644 --- a/Cargo.nix +++ b/Cargo.nix @@ -4275,8 +4275,8 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; - rev = "402911782469fd689308f3e57c38ad249dec83f3"; - sha256 = "16j834cchvq6psb4lm5fjz6nm04cg3aqhsffyls20y617ky7whpy"; + rev = "7bfcac5f6515c8b4c8cf8def2edfde5ed8621aaa"; + sha256 = "02z7c2kjhcwg153j74n52wwcr5x0z70hc21hlsrxyclmc8ps1lmd"; }; libName = "k8s_version"; authors = [ @@ -8205,13 +8205,13 @@ rec { }; "stackable-operator" = rec { crateName = "stackable-operator"; - version = "0.102.0"; + version = "0.105.0"; edition = "2024"; workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; - rev = "402911782469fd689308f3e57c38ad249dec83f3"; - sha256 = "16j834cchvq6psb4lm5fjz6nm04cg3aqhsffyls20y617ky7whpy"; + rev = "7bfcac5f6515c8b4c8cf8def2edfde5ed8621aaa"; + sha256 = "02z7c2kjhcwg153j74n52wwcr5x0z70hc21hlsrxyclmc8ps1lmd"; }; libName = "stackable_operator"; authors = [ @@ -8379,8 +8379,8 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; - rev = "402911782469fd689308f3e57c38ad249dec83f3"; - sha256 = "16j834cchvq6psb4lm5fjz6nm04cg3aqhsffyls20y617ky7whpy"; + rev = "7bfcac5f6515c8b4c8cf8def2edfde5ed8621aaa"; + sha256 = "02z7c2kjhcwg153j74n52wwcr5x0z70hc21hlsrxyclmc8ps1lmd"; }; procMacro = true; libName = "stackable_operator_derive"; @@ -8414,8 +8414,8 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; - rev = "402911782469fd689308f3e57c38ad249dec83f3"; - sha256 = "16j834cchvq6psb4lm5fjz6nm04cg3aqhsffyls20y617ky7whpy"; + rev = "7bfcac5f6515c8b4c8cf8def2edfde5ed8621aaa"; + sha256 = "02z7c2kjhcwg153j74n52wwcr5x0z70hc21hlsrxyclmc8ps1lmd"; }; libName = "stackable_shared"; authors = [ @@ -8496,8 +8496,8 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; - rev = "402911782469fd689308f3e57c38ad249dec83f3"; - sha256 = "16j834cchvq6psb4lm5fjz6nm04cg3aqhsffyls20y617ky7whpy"; + rev = "7bfcac5f6515c8b4c8cf8def2edfde5ed8621aaa"; + sha256 = "02z7c2kjhcwg153j74n52wwcr5x0z70hc21hlsrxyclmc8ps1lmd"; }; libName = "stackable_telemetry"; authors = [ @@ -8606,8 +8606,8 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; - rev = "402911782469fd689308f3e57c38ad249dec83f3"; - sha256 = "16j834cchvq6psb4lm5fjz6nm04cg3aqhsffyls20y617ky7whpy"; + rev = "7bfcac5f6515c8b4c8cf8def2edfde5ed8621aaa"; + sha256 = "02z7c2kjhcwg153j74n52wwcr5x0z70hc21hlsrxyclmc8ps1lmd"; }; libName = "stackable_versioned"; authors = [ @@ -8650,8 +8650,8 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; - rev = "402911782469fd689308f3e57c38ad249dec83f3"; - sha256 = "16j834cchvq6psb4lm5fjz6nm04cg3aqhsffyls20y617ky7whpy"; + rev = "7bfcac5f6515c8b4c8cf8def2edfde5ed8621aaa"; + sha256 = "02z7c2kjhcwg153j74n52wwcr5x0z70hc21hlsrxyclmc8ps1lmd"; }; procMacro = true; libName = "stackable_versioned_macros"; diff --git a/Cargo.toml b/Cargo.toml index 6ab00f98..fa276e7f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,7 +11,7 @@ repository = "https://github.com/stackabletech/nifi-operator" [workspace.dependencies] product-config = { git = "https://github.com/stackabletech/product-config.git", tag = "0.8.0" } -stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "stackable-operator-0.102.0", features = ["telemetry", "versioned"] } +stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "stackable-operator-0.105.0", features = ["telemetry", "versioned"] } anyhow = "1.0" built = { version = "0.8", features = ["chrono", "git2"] } diff --git a/crate-hashes.json b/crate-hashes.json index 68215a44..c7bba396 100644 --- a/crate-hashes.json +++ b/crate-hashes.json @@ -4,12 +4,12 @@ "git+https://github.com/stackabletech/kube-rs?branch=2.0.1-fix-schema-hoisting#kube-derive@2.0.1": "1a7bcl0w1jg71jc4iml0vjp8dpzy71mhxl012grxcy2xp5i6xvgf", "git+https://github.com/stackabletech/kube-rs?branch=2.0.1-fix-schema-hoisting#kube-runtime@2.0.1": "1a7bcl0w1jg71jc4iml0vjp8dpzy71mhxl012grxcy2xp5i6xvgf", "git+https://github.com/stackabletech/kube-rs?branch=2.0.1-fix-schema-hoisting#kube@2.0.1": "1a7bcl0w1jg71jc4iml0vjp8dpzy71mhxl012grxcy2xp5i6xvgf", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.102.0#k8s-version@0.1.3": "16j834cchvq6psb4lm5fjz6nm04cg3aqhsffyls20y617ky7whpy", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.102.0#stackable-operator-derive@0.3.1": "16j834cchvq6psb4lm5fjz6nm04cg3aqhsffyls20y617ky7whpy", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.102.0#stackable-operator@0.102.0": "16j834cchvq6psb4lm5fjz6nm04cg3aqhsffyls20y617ky7whpy", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.102.0#stackable-shared@0.0.3": "16j834cchvq6psb4lm5fjz6nm04cg3aqhsffyls20y617ky7whpy", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.102.0#stackable-telemetry@0.6.1": "16j834cchvq6psb4lm5fjz6nm04cg3aqhsffyls20y617ky7whpy", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.102.0#stackable-versioned-macros@0.8.3": "16j834cchvq6psb4lm5fjz6nm04cg3aqhsffyls20y617ky7whpy", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.102.0#stackable-versioned@0.8.3": "16j834cchvq6psb4lm5fjz6nm04cg3aqhsffyls20y617ky7whpy", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.105.0#k8s-version@0.1.3": "02z7c2kjhcwg153j74n52wwcr5x0z70hc21hlsrxyclmc8ps1lmd", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.105.0#stackable-operator-derive@0.3.1": "02z7c2kjhcwg153j74n52wwcr5x0z70hc21hlsrxyclmc8ps1lmd", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.105.0#stackable-operator@0.105.0": "02z7c2kjhcwg153j74n52wwcr5x0z70hc21hlsrxyclmc8ps1lmd", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.105.0#stackable-shared@0.0.3": "02z7c2kjhcwg153j74n52wwcr5x0z70hc21hlsrxyclmc8ps1lmd", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.105.0#stackable-telemetry@0.6.1": "02z7c2kjhcwg153j74n52wwcr5x0z70hc21hlsrxyclmc8ps1lmd", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.105.0#stackable-versioned-macros@0.8.3": "02z7c2kjhcwg153j74n52wwcr5x0z70hc21hlsrxyclmc8ps1lmd", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.105.0#stackable-versioned@0.8.3": "02z7c2kjhcwg153j74n52wwcr5x0z70hc21hlsrxyclmc8ps1lmd", "git+https://github.com/stackabletech/product-config.git?tag=0.8.0#product-config@0.8.0": "1dz70kapm2wdqcr7ndyjji0lhsl98bsq95gnb2lw487wf6yr7987" } \ No newline at end of file diff --git a/rust/operator-binary/src/main.rs b/rust/operator-binary/src/main.rs index 96b8b2dd..b4945411 100644 --- a/rust/operator-binary/src/main.rs +++ b/rust/operator-binary/src/main.rs @@ -28,6 +28,7 @@ use stackable_operator::{ logging::controller::report_controller_reconciled, shared::yaml::SerializeOptions, telemetry::Tracing, + utils::signal::SignalWatcher, }; use crate::{ @@ -88,9 +89,13 @@ async fn main() -> anyhow::Result<()> { description = built_info::PKG_DESCRIPTION ); + // Watches for the SIGTERM signal and sends a signal to all receivers, which gracefully + // shuts down all concurrent tasks below (EoS checker, controller). + let sigterm_watcher = SignalWatcher::sigterm()?; + let eos_checker = EndOfSupportChecker::new(built_info::BUILT_TIME_UTC, maintenance.end_of_support)? - .run() + .run(sigterm_watcher.handle()) .map(anyhow::Ok); let product_config = product_config.load(&[ @@ -133,7 +138,6 @@ async fn main() -> anyhow::Result<()> { watch_namespace.get_api::(&client), watcher::Config::default(), ) - .shutdown_on_signal() .watches( client .get_api::>(&()), @@ -156,6 +160,7 @@ async fn main() -> anyhow::Result<()> { .map(|nifi| ObjectRef::from_obj(&*nifi)) }, ) + .graceful_shutdown_on(sigterm_watcher.handle()) .run( controller::reconcile_nifi, controller::error_policy, From 8faa100bbb7d0c7e8302f6ba6ce141470aaeaaa8 Mon Sep 17 00:00:00 2001 From: Techassi Date: Wed, 4 Feb 2026 12:35:41 +0100 Subject: [PATCH 2/4] chore: Update CRD documentation --- deploy/helm/nifi-operator/crds/crds.yaml | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/deploy/helm/nifi-operator/crds/crds.yaml b/deploy/helm/nifi-operator/crds/crds.yaml index 9cf42785..bfb5a599 100644 --- a/deploy/helm/nifi-operator/crds/crds.yaml +++ b/deploy/helm/nifi-operator/crds/crds.yaml @@ -184,14 +184,7 @@ spec: Since git-sync v4.x.x this field is mapped to the flag `--ref`. type: string credentialsSecret: - description: |- - The name of the Secret used to access the repository if it is not public. - - The referenced Secret must include two fields: `user` and `password`. - The `password` field can either be an actual password (not recommended) or a GitHub token, - as described in the git-sync [documentation]. - - [documentation]: https://github.com/kubernetes/git-sync/tree/v4.2.4?tab=readme-ov-file#manual + description: An optional secret used for git access. nullable: true type: string depth: @@ -221,7 +214,7 @@ spec: [example]: https://docs.stackable.tech/home/nightly/airflow/usage-guide/mounting-dags#_example type: object repo: - description: 'The git repository URL that will be cloned, for example: `https://github.com/stackabletech/airflow-operator`.' + description: 'The git repository URL that will be cloned, for example: `https://github.com/stackabletech/airflow-operator` or `ssh://git@github.com:stackable-airflow/dags.git`.' format: uri type: string wait: @@ -996,7 +989,7 @@ spec: default: {} description: |- In the `podOverrides` property you can define a - [PodTemplateSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#podtemplatespec-v1-core) + [PodTemplateSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#podtemplatespec-v1-core) to override any property that can be set on a Kubernetes Pod. Read the [Pod overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#pod-overrides) @@ -1596,7 +1589,7 @@ spec: default: {} description: |- In the `podOverrides` property you can define a - [PodTemplateSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#podtemplatespec-v1-core) + [PodTemplateSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#podtemplatespec-v1-core) to override any property that can be set on a Kubernetes Pod. Read the [Pod overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#pod-overrides) From 52e55ddf3b8b9c4e5eb68fc81dc25dff0d9385cf Mon Sep 17 00:00:00 2001 From: Techassi Date: Wed, 4 Feb 2026 12:36:32 +0100 Subject: [PATCH 3/4] chore: Bump bytes crate to 1.11.1 Fixes RUSTSEC-2026-0007. --- Cargo.lock | 4 ++-- Cargo.nix | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e96f839b..790dc446 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -275,9 +275,9 @@ checksum = "46c5e41b57b8bba42a04676d81cb89e9ee8e859a1a66f80a5a72e1cb76b34d43" [[package]] name = "bytes" -version = "1.10.1" +version = "1.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d71b6127be86fdcfddb610f7182ac57211d4b18a3e9c82eb2d17662f2227ad6a" +checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33" [[package]] name = "cc" diff --git a/Cargo.nix b/Cargo.nix index c63a0b67..8502275f 100644 --- a/Cargo.nix +++ b/Cargo.nix @@ -896,9 +896,9 @@ rec { }; "bytes" = rec { crateName = "bytes"; - version = "1.10.1"; - edition = "2018"; - sha256 = "0smd4wi2yrhp5pmq571yiaqx84bjqlm1ixqhnvfwzzc6pqkn26yp"; + version = "1.11.1"; + edition = "2021"; + sha256 = "0czwlhbq8z29wq0ia87yass2mzy1y0jcasjb8ghriiybnwrqfx0y"; authors = [ "Carl Lerche " "Sean McArthur " From 073657d609826692064f1e592c7e2b67efb68fd0 Mon Sep 17 00:00:00 2001 From: Techassi Date: Wed, 4 Feb 2026 12:40:37 +0100 Subject: [PATCH 4/4] chore: Add changelog entry --- CHANGELOG.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 749b56dd..7c104fb6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,12 +11,9 @@ All notable changes to this project will be documented in this file. - Enable the [restart-controller](https://docs.stackable.tech/home/nightly/commons-operator/restarter/), so that the Pods are automatically restarted on config changes ([#888]). - Added support for `2.7.2` ([#893]). -### Removed - -- Removed support for `1.27.0` and `2.4.0` ([#893]). - ### Changed +- Gracefully shutdown all concurrent tasks by forwarding the SIGTERM signal ([#894]). - BREAKING: Reworked authorization config to closer match the Apache NiFi internal authorizer interfaces ([#884]). ### Fixed @@ -25,12 +22,17 @@ All notable changes to this project will be documented in this file. - The operator now utilizes the `.spec.clusterConfig.authorization.opa.package` property instead of hard-coding the package name to `nifi` ([#881]). - An `initialAdminUser` can now be provided for file-based authorization (e.g. LDAP) ([#884]). +### Removed + +- Removed support for `1.27.0` and `2.4.0` ([#893]). + [#870]: https://github.com/stackabletech/nifi-operator/pull/870 [#881]: https://github.com/stackabletech/nifi-operator/pull/881 [#884]: https://github.com/stackabletech/nifi-operator/pull/884 [#885]: https://github.com/stackabletech/nifi-operator/pull/885 [#888]: https://github.com/stackabletech/nifi-operator/pull/888 [#893]: https://github.com/stackabletech/nifi-operator/pull/893 +[#894]: https://github.com/stackabletech/nifi-operator/pull/894 ## [25.11.0] - 2025-11-07