(DOCSP-39139) Release notes for 1.25, licensing updates and prep for the release (#1706)

* (DOCSP-39139) Release notes for 1.25, licensing updates and prep for the release

* Edits, to be continued

* Edits

* Edits

* Changed version to a variable, per comment from Lukasz

* Include copy review comments from Sarah

Author: JuliaMongo

config/redirects

@@ -2,8 +2,8 @@
 # while we work out how to deploy this property.
 
 define: base https://www.mongodb.com/docs/kubernetes-operator
-define: versions v0.8 v0.9 v0.10 v0.11 v0.12 v1.0 v1.1 v1.2 v1.3 v1.4 v1.5 v1.6 v1.7 v1.8 v1.9 v1.10 v1.11 v1.12 v1.13 v1.14 v1.15 v1.16 v1.17 v1.18 v1.19 v1.20 v1.21 v1.22 v1.23 v1.24 master
-symlink: v1.25 -> master
+define: versions v0.8 v0.9 v0.10 v0.11 v0.12 v1.0 v1.1 v1.2 v1.3 v1.4 v1.5 v1.6 v1.7 v1.8 v1.9 v1.10 v1.11 v1.12 v1.13 v1.14 v1.15 v1.16 v1.17 v1.18 v1.19 v1.20 v1.21 v1.22 v1.23 v1.24 v1.25 master
+symlink: v1.26 -> master
 symlink: upcoming -> master
 
 ########

source/includes/list-tables/compatibility-k8s-os.rst

@@ -9,8 +9,8 @@
      - OpenShift Version
 
    * - 1.25 
-     - April 24, 2024
-     - April 24, 2025 
+     - April 30, 2024
+     - April 30, 2025 
      - 1.27, 1.28, 1.29 
      - 4.14
 

source/includes/list-tables/compatibility-mdb.rst

@@ -1,18 +1,13 @@
-.. important::
-
-   Starting with the |k8s-op-short| 1.17 release, Ubuntu base images are
-   deprecated. Ubuntu base images are removed in the |k8s-op-short|
-   1.19 release. MongoDB continues to support the Red Hat UBI 8 base images.
-   To provide feedback about this change, use the `MongoDB Feedback Engine 
-   <https://feedback.mongodb.com/forums/924355-ops-tools?category_id=370990>`__.
-
 .. list-table::
    :header-rows: 1
    :widths: 50 50
 
    * - |k8s-op-short| Release Series
      - Base Image
 
+   * - 1.25.x
+     - Red Hat UBI 8 Base Image
+
    * - 1.24.x
      - Red Hat UBI 8 Base Image
 

source/includes/list-tables/compatibility-om.rst

@@ -8,7 +8,7 @@
    * - 1.25.x
      - 6.0, 7.0
 
-   * - 1.24.x   
+   * - 1.24.x
      - 6.0, 7.0
 
    * - 1.23.x

source/reference/k8s-operator-multi-cluster-specification.txt

@@ -395,8 +395,7 @@ Optional ``MongoDBMultiCluster`` Resource Settings
   Key-value pairs that let you add cloud provider-specific
   configuration settings to a specific cluster in your |multi-cluster|. This setting overrides the global
   setting, :ref:`spec.externalAccess.externalService.annotations <multi-spec-externalaccess-externalservice-annotations>`. 
-  To learn more, see |k8s-annotations| and
-  and the documentation for your |k8s| cloud provider.
+  To learn more, see |k8s-annotations| and the documentation for your |k8s| cloud provider.
 
   .. include:: /includes/list-tables/annotation-placeholders-multi-cluster.rst
 

source/reference/support-lifecycle.txt

@@ -22,7 +22,7 @@ Considerations
 
 - Versioning of the |k8s-op-short| doesn't follow the semantic versioning
   convention. A  major version of the |k8s-op-short| is X.X, for example,
-  1.22 or 1.23.
+  1.24 or 1.25.
 
 - The End of Life dates in this section might be subject to change.
 
@@ -33,6 +33,9 @@ Considerations
    * - |k8s-op-short| Version
      - End of Life Date
 
+   * - 1.25.x
+     - 2025-04-30
+
    * - 1.24.x
      - 2024-12-21
 

source/release-notes.txt

@@ -12,6 +12,164 @@ Release Notes for |k8s-op-full|
    :depth: 1
    :class: singlecol
 
+.. _ent-op-1.25.x:
+
+|k8s-op-full| 1.25 Series
+-------------------------
+
+.. _ent_op-1.25.0:
+
+|k8s-op-full| 1.25.0
+~~~~~~~~~~~~~~~~~~~~
+
+*Released 2024-04-30*
+
+Breaking Change
+`````````````````
+
+- **``MongoDBOpsManager``** resource. The |k8s-op-short| no longer supports
+  |onprem| 5.0. Upgrade to a later version of |onprem|. While |onprem| 5.0
+  may continue to work with the |k8s-op-short|, MongoDB won't test the
+  |k8s-op-short| against |onprem| 5.0.
+
+New Features
+`````````````
+
+- **``MongoDBOpsManager``** resource: Adds support for deploying the |application|
+  on multiple |k8s| clusters. To learn more, see :ref:`deploy-om-multi-cluster`.
+- (Public Preview) **``MongoDB``, ``OpsManager``** resources: Introduces
+  opt-in :ref:`static-containers` for all types of deployments.
+
+  - In this release, use static containers only for testing purposes.
+    Static containers might become the default in a later release.
+  - To activate static containers mode, set the ``MDB_DEFAULT_ARCHITECTURE``
+    environment variable at the |k8s-op-short| level to ``static``.
+    Alternatively, annotate a specific ``MongoDB`` or ``OpsManager``
+    custom resource with ``mongodb.com/v1.architecture: "static"``.
+  - The |k8s-op-short| supports seamless migration between the static and
+    non-static architectures. To learn more, see:
+
+    - :ref:`Use Static Containers <static-containers>`
+    - :ref:`Migrate to Static Containers <migrate-to-static-containers>`
+
+- **``OpsManager``** resource: Adds the ``spec.internalConnectivity`` field
+  to allow overrides for the service used by the |k8s-op-short| to ensure
+  internal connectivity to the ``OpsManager`` resource-hosting Pods.
+
+- **``MongoDB``** resource: You can recover a resource due to a broken
+  Automation configuration in sharded clusters. In previous releases,
+  you could recover other types of resources but not sharded clusters.
+  To learn more, see :ref:`troubleshooting-automatic-recovery`.
+
+- **``MongoDB``, ``MongoDBMultiCluster``** resources: These resources now
+  allow you to add placeholders in external services.
+
+  - You can define |k8s-annotations| for external services managed by the |k8s-op-short|
+    that contain placeholders which will be automatically replaced by the proper values.
+    Previously, the |k8s-op-short| configured the same annotations for all
+    external services created for each Pod. Starting with this release,
+    you can add placeholders so that the |k8s-op-short| can customize
+    annotations in each service with values that are relevant and unique
+    for each particular Pod. To learn more, see:
+
+    - ``MongoDB`` resource: :setting:`spec.externalAccess.externalService.annotations`
+    - ``MongoDBMultiCluster`` resource :ref:`spec.externalAccess.externalService.annotations <multi-spec-externalaccess-externalservice-annotations>`
+
+- The |kubectl-mongodb|: Allows you to print build information when
+  using the plugin.
+- The ``setup`` command of the |kubectl-mongodb|: Adds the
+  :ref:`registry.imagePullSecrets <imagePullSecrets>` setting.
+  If specified, created service accounts reference the specified secret on
+  the ``imagePullSecrets`` field.
+- Improves handling of configurations when the |k8s-op-short| watches more
+  than one namespace, and when you install the |k8s-op-short| in a namespace
+  that differs from the namespace in which the |k8s-op-short| watches resources.
+
+- Optimizes setting up roles and permissions in member |k8s| clusters
+  using a single service account per |k8s| cluster with correctly configured
+  roles and role bindings (no cluster roles are necessary) for each watched
+  namespace.
+
+- Extends the existing event-based reconciliation process by a time-based
+  reconciliation that is triggered every 24 hours. This ensures that all
+  Monitoring Agents are always upgraded in a timely manner.
+
+- OpenShift and OLM Operator: Removes the requirement for cluster-wide
+  permissions. Previously, the |k8s-op-short| needed these permissions to
+  configure admission webhooks. Starting with this release, webhooks are
+  automatically configured by `OLM <https://olm.operatorframework.io/docs/advanced-tasks/adding-admission-and-conversion-webhooks/>`__.
+
+- Adds an optional ``MDB_WEBHOOK_REGISTER_CONFIGURATION`` environment
+  variable for the |k8s-op-short|. The variable controls whether the |k8s-op-short|
+  should perform automatic admission webhook configuration. The default is ``true``.
+  The variable is set to ``false`` for OLM and OpenShift deployments.
+
+Helm Chart Installation Changes
+`````````````````````````````````
+
+- Adds a new ``operator.webhook.registerConfiguration`` parameter that
+  controls whether the |k8s-op-short| should perform an automatic admission
+  webhook configuration by setting the ``MDB_WEBHOOK_REGISTER_CONFIGURATION``
+  environment variable for the |k8s-op-short|. The default is ``true``.
+  The variable is set to ``false`` for OLM and OpenShift deployments.
+
+- Changes the default ``agent.version`` to ``107.0.0.8502-1``. This changes
+  the default Agent used in |k8s-op-short| deployments that you install using
+  a Helm chart.
+
+- Adds the ``operator.additionalArguments`` variable with the default of
+  ``[]`` to allow you to pass additional arguments for the |k8s-op-short| binary.
+- Adds the ``operator.createResourcesServiceAccountsAndRoles`` variable
+  with the default of ``true`` to control whether to install roles and
+  service accounts for ``MongoDB`` and ``OpsManager`` resources. When you
+  use the |kubectl-mongodb| to configure the |k8s-op-short| for
+  a multi-|k8s| cluster deployment, the plugin installs all necessary
+  roles and service accounts. Therefore, to avoid clashes, in some cases
+  don't install those roles using the |k8s-op-short| Helm chart.
+
+Bug Fixes
+```````````
+
+- **``MongoDBMultiCluster``** resource: Fixes an issue where the |k8s-op-short|
+  reported that ``spec.externalAccess.externalDomain`` and
+  ``spec.clusterSpecList[*].externalAccess.externalDomains`` fields were
+  required even though they weren't used. The |k8s-op-short| prematurely
+  triggered a validation for these fields in cases where the custom resources
+  contained a defined ``spec.externalAccess`` structure. Starting with this
+  release, the |k8s-op-short| checks for uniqueness of external domains only
+  when you define the external domains in ``spec.externalAccess.externalDomain``
+  or ``spec.clusterSpecList[*].externalAccess.externalDomains`` settings.
+
+- **``MongoDB``** resource: Fixes a bug where upon deleting a ``MongoDB`` resource,
+  the ``controlledFeature`` policies remained set on the related |onprem| or
+  |cloud-short| instance, making cleanup in the UI impossible in the case
+  of losing the |k8s-op-short|.
+
+- **``OpsManager``** resource: Fixes an issue where the ``admin-key`` secret
+  was deleted when you removed the ``OpsManager`` custom resource.
+  Fixing the ``admin-key`` secret deletion enables easier re-installation of |onprem|.
+
+- **MongoDB Readiness Probe**: Fixes a misleading error message for the
+  readiness probe: ``"... kubelet  Readiness probe failed:..."``. This affects
+  all MongoDB deployments.
+
+- **Operator**: Fixes cases where in some instances, while communicating with
+  the ``OpsManager`` custom resource, the |k8s-op-short| skipped TLS verification,
+  even if you enabled TLS.
+
+Improvements
+```````````````
+
+- **Kubectl plugin**: The released |kubectl-mongodb| binaries are now signed, and the
+  signatures are published with the `release assets <https://github.com/mongodb/mongodb-enterprise-kubernetes/releases>`__.
+  The public key is available at `this address <https://cosign.mongodb.com/mongodb-enterprise-kubernetes-operator.pem>`__.
+  The released |kubectl-mongodb| binaries are also notarized for MacOS.
+
+- **Released Images signed**: All container images published for the |k8s-op-short|
+  are cryptographically signed. This is visible in the MongoDB |quay| registry.
+  You can verify the signatures using the MongoDB public key. Released images
+  are available at `this address <https://cosign.mongodb.com/mongodb-enterprise-kubernetes-operator.pem>`__.
+
 .. _ent-op-1.24.x:
 
 |k8s-op-full| 1.24 Series