Release v0.142.0

0.142.0

🛑 Breaking changes 🛑

• operator: Remove kube-rbac-proxy from operator deployment and use controller-runtime built-in auth (#3369)
  The operator now uses controller-runtime built-in auth for the metrics server. It is disabled by default.
  The client accessing the metrics endpoint must have the following RBAC rule nonResourceURLs: "/metrics", verbs: get.
  Which didn't change from the previous approach of using kube-rbac-proxy.

  This changes adds following flags to the operator:
  metrics-secure - enables authentication and authorization for the metrics server. If no TLS certificates are provided, self signed certificates will be generated.
  metrics-tls-cert-file - TLS certificate file for the metrics server
  metrics-tls-key-file - TLS private key file for the metrics server

  This change changes the following flags on the operator:
  --metrics-addr - changes from 127.0.0.1:8080 to :8443 which matches the operator's metrics service port.

💡 Enhancements 💡

• target allocator: Add support for prometheus scrape classes (#3600)
  Added support for configuring scrapeClasses when using the PrometheusCR-feature of the target allocator. The format of the scrapeClasses array is exactly as same as spec.scrapeClasses of the Prometheus CRD.
• operator: Add support for Kubernetes 1.35 (#4575)
• collector: exposes the spec.hostPID field for the collector. (#4214)
  This will allow to set the spec.HostPID field for the collector. By default this the field is false.

🧰 Bug fixes 🧰

• target allocator: Fix CA certificate race condition with client cert renewals by extending its duration and and renewal attempt. (#4441)
  The CA certificate now has a 2-year duration (instead of the default 90 days) to prevent race conditions
  where client and server certificates could be signed by different CA versions during simultaneous renewal.
  This ensures the CA remains stable while dependent certificates renew regularly.

• collector: Add finalizers to OpenTelemetryCollector CR only when cluster roles and bindings for SA are created by Operator. (#4367)
  Finalizer usage was restricted to cluster scoped resources only. Namespaced resources no longer receive finalizers,
  preventing blocked namespace deletion if the operator is removed first. The change aligns finalizer behavior with
  cluster-level RBAC availability, ensuring finalizers are applied only when the operator has the required
  cluster scoped permissions.

• config: Fix manager logger initialization (#4584)
  Apply config before setting up logger to configure it properly.

• operator: Fix the --annotations-filter and --labels-filter CLI flags. (#4594)

Components

• OpenTelemetry Collector - v0.142.0
• OpenTelemetry Contrib - v0.142.0
• Java auto-instrumentation - v1.33.6
• .NET auto-instrumentation - v1.2.0
• Node.JS - v0.67.3
• Python - v0.60b1
• Go - v0.22.1
• ApacheHTTPD - 1.0.4
• Nginx - 1.0.4

Release v0.141.0

0.141.0

💡 Enhancements 💡

• collector: Ensure the collector container is always listed first in the podspec (#4548)
  This is so tools like kubectx logs will always default to the collector container instead of any additional containers that are configured.
• target allocator: make evaluation_interval configurable for Prometheus CR watcher (#4520)
• operator: Support for Kubernetes 1.34 version. (#4415)

Components

• OpenTelemetry Collector - v0.141.0
• OpenTelemetry Contrib - v0.141.0
• Java auto-instrumentation - v1.33.6
• .NET auto-instrumentation - v1.2.0
• Node.JS - v0.67.2
• Python - v0.60b0
• Go - v0.22.1
• ApacheHTTPD - 1.0.4
• Nginx - 1.0.4

Release v0.140.0

0.140.0

🛑 Breaking changes 🛑

• operator: Remove native sidecar feature gate (#4451)
  The feature gate operator.sidecarcontainers.native has been removed.
  It was introduced in v0.111.0, enabled by default since v0.132.0, and marked as stable in v0.139.0.
  Native sidecars are now automatically enabled on Kubernetes v1.29+ without requiring a feature gate.
  If you were explicitly enabling or disabling this feature gate with --feature-gates=+operator.sidecarcontainers.native,
  you must remove that flag.

💡 Enhancements 💡

• collector: Promote the operator.golang.flags feature flag to Beta (#4452)
  The operator will set the GOMEMLIMIT and GOMAXPROCS environment variables based
  on the pod configuration of the collector container by default.

• operator: Use pod and namespace label selector in operator NetworkPolicy for the API server Egress on OpenShift. (#4490)
  On OpenShift use pod ("apiserver": "true") and namespace (kubernetes.io/metadata.name": "openshift-kube-apiserver")
  label selectors in API server Egress network policy.

🧰 Bug fixes 🧰

• auto-instrumentation: Fixes the precedence of spec.env in Instrumentation CR so global env vars correctly override defaults. (#4068)
  Previously, environment variables set under spec.env were ignored in favor of default instrumentation config,
  unless duplicated in each language block. This change ensures the correct order of precedence is applied:
  language-specific env vars > spec.env > defaults.

• collector: Fix mounting spec.configmaps in sidecar mode (#4489)
  Configmaps defined in spec.configmaps were not properly mounted in the sidecar mode.

• github action: Remove unused VERSION and VERSION_DATE environment variables from publish workflows (#4470)
  Removed the unused "Read version" step that set VERSION and VERSION_DATE environment variables in both publish-target-allocator.yaml and publish-operator-opamp-bridge.yaml workflows. These variables were never referenced anywhere in the workflows.

Components

• OpenTelemetry Collector - v0.140.0
• OpenTelemetry Contrib - v0.140.0
• Java auto-instrumentation - v1.33.6
• .NET auto-instrumentation - v1.2.0
• Node.JS - v0.66.0
• Python - v0.59b0
• Go - v0.22.1
• ApacheHTTPD - 1.0.4
• Nginx - 1.0.4

Release v0.139.0

0.139.0

💡 Enhancements 💡

• operator: Promote the operator.sidecarcontainers.native feature flag to Stable. (#4451)
  By default, the operator will continue to use native sidecars on Kubernetes versions
  newer than 1.29. This behaviour cannot be disabled.
  The operator flag will be removed with the release of version 0.140.0.

• collector: Promote the operator.collector.default.config feature gate to Stable (#4453)

Components

• OpenTelemetry Collector - v0.139.0
• OpenTelemetry Contrib - v0.139.0
• Java auto-instrumentation - v1.33.6
• .NET auto-instrumentation - v1.2.0
• Node.JS - v0.66.0
• Python - v0.59b0
• Go - v0.22.1
• ApacheHTTPD - 1.0.4
• Nginx - 1.0.4

Release v0.138.0

0.138.0

💡 Enhancements 💡

• collector: Migrate simple OpenTelemetryCollector validations from the webhook to CRD annotations so Kubernetes enforces them server-side. ()

🛑 Breaking changes 🛑

• target allocator: Remove the operator.collector.targetallocatorcr feature flag (#2422)
  This behavior has been enabled by default since version 0.127.0.

🚩 Deprecations 🚩

• auto-instrumentation: Deprecate VolumeSizeLimit in the Instrumentation CRD (#3382)
  • The volumeSizeLimit field is deprecated.
  • Use spec.<lang>.volume.size instead of spec.<lang>.volumeSizeLimit.
  • The validating webhook emits a warning when volumeSizeLimit is used.

🧰 Bug fixes 🧰

• target allocator: Add missing TA ownership watches to cert-manager Certificate and Issuer (#4368)
• collector: Set the log level to 4 when default pdb is created. ()
• collector: Fix autoscaler not scaling above minReplicas; replicas now respect the scale subresource and never fall below autoscaler.minReplicas. (#4400) Also rename helper GetInitialReplicas to GetDesiredReplicas to reflect reconcile-time behavior.

Components

• OpenTelemetry Collector - v0.138.0

• OpenTelemetry Contrib - v0.138.0

• Java auto-instrumentation - v1.33.6

• .NET auto-instrumentation - v1.2.0

• Node.JS - v0.64.1

• Python - v0.59b0

• Go - v0.22.1

• ApacheHTTPD - 1.0.4

• Nginx - 1.0.4

  The flag can no longer be disabled. It will be completely removed in 0.138.0.

💡 Enhancements 💡

• collector: Add logs when the Operator finds an issue during the unmarshall process for spec.service.telemetry section. (#4111)
• collector: Add spec.dnsPolicy field to the OpenTelemetryCollector to allow users to specify the DNS policy for the collector pods. (#4265)
• github action: Add link checking workflow to validate documentation (#3425)
  • Added ci-markdown-link.yml workflow using linkspector to check for broken links in markdown files
  • Added .linkspector.yml configuration file
• collector: add startup probe to the collector CRD (#4347)
• collector: Validate collector ports from the config to ensure they are within the valid range (1-65535). (#4399)
  • This change adds validation for collector ports specified in the configuration file.
  • Ports must be within the range of 1 to 65535; otherwise, an error will be raised during CR creation.
  • This helps prevent misconfigurations that could lead to runtime errors.

🧰 Bug fixes 🧰

• collector: Respect telemetry metrics readers when deriving the internal metrics endpoint. (#4049, #4233)

  • Fixes monitoring Service and container port mismatches when .spec.config.service.telemetry.metrics.readers[].pull.exporter.prometheus.port is set.
  • Defaults remain 0.0.0.0:8888 when neither address nor a Prometheus reader is configured.

• target allocator, opamp: Fix version not being updated after version upgrade. (#4378)

• target-allocator: Fixed potential duplicate scrape targets caused by Prometheus relabeling. (#3617)

• auto-instrumentation: Fix nginxCloneScriptTemplate for old shells (#3651)

Components

Release v0.137.0

0.137.0

🛑 Breaking changes 🛑

• target allocator: Promote the operator.collector.targetallocatorcr feature flag to Stable (#2422)
  The flag can no longer be disabled. It will be completely removed in 0.138.0.

💡 Enhancements 💡

• collector: Add logs when the Operator finds an issue during the unmarshall process for spec.service.telemetry section. (#4111)
• collector: Add spec.dnsPolicy field to the OpenTelemetryCollector to allow users to specify the DNS policy for the collector pods. (#4265)
• github action: Add link checking workflow to validate documentation (#3425)
  • Added ci-markdown-link.yml workflow using linkspector to check for broken links in markdown files
  • Added .linkspector.yml configuration file
• collector: add startup probe to the collector CRD (#4347)
• collector: Validate collector ports from the config to ensure they are within the valid range (1-65535). (#4399)
  • This change adds validation for collector ports specified in the configuration file.
  • Ports must be within the range of 1 to 65535; otherwise, an error will be raised during CR creation.
  • This helps prevent misconfigurations that could lead to runtime errors.

🧰 Bug fixes 🧰

• collector: Respect telemetry metrics readers when deriving the internal metrics endpoint. (#4049, #4233)

  • Fixes monitoring Service and container port mismatches when .spec.config.service.telemetry.metrics.readers[].pull.exporter.prometheus.port is set.
  • Defaults remain 0.0.0.0:8888 when neither address nor a Prometheus reader is configured.

• target allocator, opamp: Fix version not being updated after version upgrade. (#4378)

• target-allocator: Fixed potential duplicate scrape targets caused by Prometheus relabeling. (#3617)

• auto-instrumentation: Fix nginxCloneScriptTemplate for old shells (#3651)

Components

• OpenTelemetry Collector - v0.137.0
• OpenTelemetry Contrib - v0.137.0
• Java auto-instrumentation - v1.33.6
• .NET auto-instrumentation - v1.2.0
• Node.JS - v0.64.1
• Python - v0.59b0
• Go - v0.22.1
• ApacheHTTPD - 1.0.4
• Nginx - 1.0.4

Release v0.136.0

0.136.0

🧰 Bug fixes 🧰

• target-allocator: Fixes the incorrect k8s version for the traffic distribution feature. (#4394)
• collector: Fix statefulset serviceName field change handling. (#4371)
  The Operator 0.129.1 introduced a new feature which allows setting the serviceName of the collector statefulset (#4041).
  This feature introduced two issues:
  1. upgrade failure because the default stateful serviceName changed
  2. the statefulset serviceName field is mutable, therefore a change of the collector serviceName field is not applied

Components

• OpenTelemetry Collector - v0.136.0
• OpenTelemetry Contrib - v0.136.0
• Java auto-instrumentation - v1.33.6
• .NET auto-instrumentation - v1.2.0
• Node.JS - v0.64.1
• Python - v0.58b0
• Go - v0.22.1
• ApacheHTTPD - 1.0.4
• Nginx - 1.0.4

Release v0.135.0

0.135.0

💡 Enhancements 💡

• collector, target allocator: Add TrafficDistribution support for OpenTelemetryCollector and TargetAllocator Services (#4285)
  The TrafficDistribution field is now available in OpenTelemetryCollector and TargetAllocator.
  This field allows setting the traffic distribution policy for Kubernetes Services.

Components

• OpenTelemetry Collector - v0.135.0
• OpenTelemetry Contrib - v0.135.0
• Java auto-instrumentation - v1.33.6
• .NET auto-instrumentation - v1.2.0
• Node.JS - v0.63.0
• Python - v0.58b0
• Go - v0.22.1
• ApacheHTTPD - 1.0.4
• Nginx - 1.0.4

Release v0.134.0

0.134.0

💡 Enhancements 💡

• target allocator: Add CollectorTargetReloadInterval option to configure the interval at which the Prometheus receiver reloads targets from the target allocator (#4095)

🧰 Bug fixes 🧰

• collector: Always return a valid OpenTelemetryCollector configuration during v1beta1 conversion. (#4288)

Components

• OpenTelemetry Collector - v0.134.0
• OpenTelemetry Contrib - v0.134.0
• Java auto-instrumentation - v1.33.6
• .NET auto-instrumentation - v1.2.0
• Node.JS - v0.63.0
• Python - v0.58b0
• Go - v0.22.1
• ApacheHTTPD - 1.0.4
• Nginx - 1.0.4

0.133.0

⚠️ Skip Release ⚠️

• operator: Skipped OpenTelemetry Operator release due to an issue on the collectors protobuf parsing that caused HTTP 400 errors for metric submissions. In case of expecitly using the collector v0.133.0 this behavior can be by passed by disabling the collector feature gate pdata.useCustomProtoEncoding.
  For more details see: (opentelemetry-collector#13727)[https://github.com/open-telemetry/opentelemetry-collector/issues/13727]

apiVersion: opentelemetry.io/v1beta1
kind: OpenTelemetryCollector
metadata:
  name: my-collector
spec:
  image: otel/opentelemetry-collector:0.133.0
  args:
    - --feature-gates=-pdata.useCustomProtoEncoding

Release v0.132.0

0.132.0

🚩 Deprecations 🚩

• collector: Remove opencensus receiver from parsing logic as it is no longer supported in OpenTelemetry Collector (#4239)
  The opencensus receiver has been removed from the operator's receiver parsing logic.
  Since 2025-02-14 its no longer supported and got removed from the Collector Distributions.

💡 Enhancements 💡

• collector: enable native sidecar on OpenShift 4.16+ with k8s version newer then v1.29 by default. (#4247)

• collector: Use native sidecar on k8s 1.29+ (#3356)
  The operator will automatically use native sidecars whenever a Kubernetes
  version 1.29 or higher is discovered.
  The usage of native sidecars can be disabled with --feature-gates=-sidecarcontainers.native.
  See: https://kubernetes.io/blog/2023/08/25/native-sidecar-containers/

• collector: Add network policy for the collector. (#4231)
  This change adds a network policy to the collector to allow traffic to all collector receivers and egress traffic from the collector pod.
  The collector network policy can be enabled in the collector CR.

  spec:
    networkPolicy:
      enabled: true

  By default it is disabled, however the default value is configured with a feature gate --feature-gates=operand.networkpolicy.
  The feature gate will be enabled in the future releases.

• operator: Operator now creates a NetworkPolicy to restrict access to the operator pod. (#4230)
  The operator network policy can be enabled with --feature-gates=+operator.networkpolicy.
  The feature gate is disabled by default and it will be enabled in the future releases.
  Following APIs are allowe: ingress on port 9443 (webhook), 8080 (metrics port), 8443 (metrics RBAC proxy) and egress on port 6443 (API server).

• target allocator: Add network policy for the target allocator. (#4231)
  This change adds a network policy to the target allocator which allows traffic to the port 8080 and outgoing traffic to the API server.
  The target allocator network policy can be enabled in the target allocator CR.

  spec:
    networkPolicy:
      enabled: true

  By default it is disabled, however the default value is configured with a feature gate --feature-gates=operand.networkpolicy.
  The feature gate will be enabled in the future releases.

• opamp: Correlates the OpAMP data from the proxy server with the bridge's own OpAMP data. (#3837)

• collector: k8sattributes: Add automatic RBAC for new service.name resource attribute generator (#4131)
  The k8sattributes processor recently added support for automatic service.name resource attribute generation.
  This change ensures that when service.name is configured in the k8sattributes processor, the operator
  automatically adds the necessary RBAC rules for replicasets access, which is required for extracting
  k8s.deployment.name.

🧰 Bug fixes 🧰

• opamp: fixes a bug where the bridge deployment wouldn't rollout on a config change. (#4020)

• collector: Fix a Deployment restart issue caused when the HPA settings changed, the webhook would modify spec.replicas. (#2585)

• collector: Operator no longer overwrites ingress annoations on change (#4322)
  The operator now respects external manipulations of the Ingress object — instead of
  overwriting annotations it respects existing to prevent annotation-overwrite issues
  that caused reconciliation loops with external controllers (e.g., Rancher).

• collector, target allocator, opamp: Remove unnecessary cert-manager CA annotation from CRDs (#4321)
  Remove annotation cert-manager.io/inject-ca-from from all OpenShift CRD manifests. The CRDs on OpenShift are installed via OLM which handles the CA injection.
  The annotation is also not needed for non-OpenShift installations on CRDs that do not have a conversion webhook.

Components

• OpenTelemetry Collector - v0.132.0
• OpenTelemetry Contrib - v0.132.0
• Java auto-instrumentation - v1.33.6
• .NET auto-instrumentation - v1.2.0
• Node.JS - v0.62.2
• Python - v0.57b0
• Go - v0.22.1
• ApacheHTTPD - 1.0.4
• Nginx - 1.0.4