Releases: kcp-dev/kcp
Releases · kcp-dev/kcp
v0.26.0
Changes by Kind
API Change
- Rebase 1.31 (#3160, @mjudeikis)
Feature
- Add support for
internal.kcp.io/inactive
annotation on logical clusters to forbid any access beyond logical clusters. (#3152, @RedbackThomson)
Performance & Optimizations
- Fix performance issue of all watches to termindate after 30s. (#3162, @sttts)
- Fix performance problem in virtual workspace authorization. (#3163, @sttts)
- Make workspace deletion more reliable, trying harder to not leak
LogicalClusters
. (#3119, @sttts) - Optimize apibinding reconciler to produce less work for the memory garbage collector. (#3166, @sttts)
- Optimize authorization in virtual workspaces. (#3167, @sttts)
- Reduce memory consumption of the admission webhook plugin. (#3165, @sttts)
- Skip attempt to create root directory if
--root-directory=""
is set (#3158, @embik)
Dependencies
Added
- cel.dev/expr: v0.15.0
- github.com/antlr4-go/antlr/v4: v4.13.0
- github.com/go-task/slim-sprig/v3: v3.0.0
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/cri-client: ab5c3a6
- github.com/shurcooL/sanitized_anchor_name: v1.0.0
- github.com/urfave/cli: v1.22.1
- gopkg.in/evanphx/json-patch.v4: v4.12.0
Changed
- cloud.google.com/go/compute/metadata: v0.2.3 → v0.3.0
- github.com/Microsoft/hcsshim: v0.8.25 → v0.8.26
- github.com/alecthomas/kingpin/v2: v2.3.2 → v2.4.0
- github.com/cenkalti/backoff/v4: v4.2.1 → v4.3.0
- github.com/cespare/xxhash/v2: v2.2.0 → v2.3.0
- github.com/cncf/udpa/go: c52dc94 → 269d4d4
- github.com/cncf/xds/go: e9ce688 → 555b57e
- github.com/container-storage-interface/spec: v1.8.0 → v1.9.0
- github.com/coredns/corefile-migration: v1.0.21 → v1.0.23
- github.com/cpuguy83/go-md2man/v2: v2.0.2 → v2.0.4
- github.com/davecgh/go-spew: v1.1.1 → d8f796a
- github.com/envoyproxy/go-control-plane: v0.11.1 → v0.12.0
- github.com/envoyproxy/protoc-gen-validate: v1.0.2 → v1.0.4
- github.com/fxamacker/cbor/v2: v2.6.0 → v2.7.0
- github.com/go-logr/logr: v1.4.1 → v1.4.2
- github.com/go-openapi/swag: v0.22.3 → v0.22.4
- github.com/golang/glog: v1.1.2 → v1.2.1
- github.com/golang/mock: v1.6.0 → v1.1.1
- github.com/google/cel-go: v0.17.8 → v0.20.1
- github.com/google/pprof: 4bb14d4 → 4bfdf5a
- github.com/google/uuid: v1.3.1 → v1.6.0
- github.com/grpc-ecosystem/grpc-gateway/v2: v2.16.0 → v2.20.0
- github.com/kcp-dev/apimachinery/v2: v2.0.0 → a9eb975
- github.com/kcp-dev/client-go: bf1c9b8 → f5949d8
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/api: 321bee1 → ab5c3a6
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiextensions-apiserver: 321bee1 → ab5c3a6
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/apimachinery: 321bee1 → ab5c3a6
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiserver: 321bee1 → ab5c3a6
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/cli-runtime: 321bee1 → ab5c3a6
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/client-go: 321bee1 → ab5c3a6
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/cloud-provider: 321bee1 → ab5c3a6
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/cluster-bootstrap: 321bee1 → ab5c3a6
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/code-generator: 321bee1 → ab5c3a6
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-base: 321bee1 → ab5c3a6
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-helpers: 321bee1 → ab5c3a6
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/controller-manager: 321bee1 → ab5c3a6
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/cri-api: 321bee1 → ab5c3a6
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/csi-translation-lib: 321bee1 → ab5c3a6
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/dynamic-resource-allocation: 321bee1 → ab5c3a6
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/endpointslice: 321bee1 → ab5c3a6
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/kms: 321bee1 → ab5c3a6
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-aggregator: 321bee1 → ab5c3a6
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-controller-manager: 321bee1 → ab5c3a6
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-proxy: 321bee1 → ab5c3a6
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-scheduler: 321bee1 → ab5c3a6
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/kubectl: 321bee1 → ab5c3a6
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/kubelet: 321bee1 → ab5c3a6
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/metrics: 321bee1 → ab5c3a6
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/mount-utils: 321bee1 → ab5c3a6
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/pod-security-admission: 321bee1 → ab5c3a6
- github.com/kcp-dev/kubernetes/stagi...
v0.25.0
Changes by Kind
Dependency Change
- Kcp is built with Go 1.22.5 now (#3145, @embik)
- Update dependencies to address CVE-2023-45288 and CVE-2024-24786 (#3136, @embik)
API Change
- Allow claiming
SubjectAccessReview
andLocalSubjectAccessReview
in apiexports. (#3129, @sttts) - Fix apply configuration client for APIExport. (#3153, @sttts)
- Remove
ClusterWorkspaces
resource as it has been replaced byWorkspaces
in previous releases (#3123, @embik) - Remove the need to put a
replace
directive in place forgithub.com/kcp-dev/kcp/cli
when importinggithub.com/kcp-dev/kcp
(#3146, @embik) - Set the kcp.io/cluster annotation on objects passed to an admission webhook on create. (#3124, @sttts)
- Update to Kubernetes 1.30 (#3140, @embik)
- Update to Kubernetes 1.30.3 (#3150, @embik)
Feature
- Add
--version
flag tokubectl-workspace
(#3135, @embik) - Add
kubectl create workspace
plugin. (#3154, @sttts) - Add support for
internal.kcp.io/inactive
annotation on logical clusters to forbid any access beyond logical clusters. (#3152, @RedbackThomson)
Bug or Regression
- Calls intialize indexer only once before the informer starts (#3139, @ramramu3433)
- Fix
postStartHook
being present two times on log lines (#3134, @embik) - Fix sequencing of controllers/informers start and leader election (#3132, @ramramu3433)
Other (Cleanup or Flake)
v0.24.0
User Facing Changes
- Add experimental workspace mount reconciler (#3058, @mjudeikis)
- Kcp ws use support for relative and absolute multi-step navigation (#3088, @mjudeikis)
- ✨ Add Webhook URL based CRD conversions (#3090, @palnabarun)
- Add support for /openapi/v3 endpoints for workspaces with awareness of static resources, CRDs and APIBindings. (#3118, @sttts)
- Fix workspaces hot reload for index controller (#3095, @mjudeikis)
- Implement
SelfSubjectRulesReview
API, enabling usage of e.g.kubectl auth can-i --list
(#3097, @embik) - Re-enable Kubernetes Webhook Token Authentication (#3096, @ajwdev)
- Update etcd version to 3.5.13 (#3114, @embik)
Dependencies
- github.com/golang/protobuf: v1.5.3 → v1.5.4
- github.com/kcp-dev/logicalcluster/v3: v3.0.4 → v3.0.5
- github.com/sirupsen/logrus: v1.9.0 → v1.9.3
- go.etcd.io/bbolt: v1.3.7 → v1.3.9
- go.etcd.io/etcd/api/v3: v3.5.9 → v3.5.13
- go.etcd.io/etcd/client/pkg/v3: v3.5.9 → v3.5.13
- go.etcd.io/etcd/client/v2: v2.305.9 → v2.305.13
- go.etcd.io/etcd/client/v3: v3.5.9 → v3.5.13
- go.etcd.io/etcd/pkg/v3: v3.5.9 → v3.5.13
- go.etcd.io/etcd/raft/v3: v3.5.9 → v3.5.13
- go.etcd.io/etcd/server/v3: v3.5.9 → v3.5.13
- golang.org/x/sync: v0.4.0 → v0.5.0
- google.golang.org/protobuf: v1.31.0 → v1.33.0
PRs
- ✨ Index mounting ordering & few debug nits by @mjudeikis in #3085
- ✨ Add workspace mount battery & controller by @mjudeikis in #3058
- 🌱 add mount test into index by @mjudeikis in #3089
- 🐛 fix mount workspace reload by @mjudeikis in #3095
- ✨ add krew index build by @mjudeikis in #3094
- ✨ Feature: Re-enable webhook token authentication by @ajwdev in #3096
- 📖 Document how storage keys are computed for workspaces by @p0lyn0mial in #1905
- 📖 Update documentation with CNCF community group by @embik in #3101
- 📖 Deploy most recent release documentation as 'latest' alias by @embik in #3102
- ✨ kubectl support ../../ & ..:..: by @mjudeikis in #3088
- ✨ cli/use: simplify tests and add tests for relative paths by @sttts in #3103
- 🌱 Publish RC candidates by @mjudeikis in #3105
- ✨ Add Tilt setup to contrib by @mjudeikis in #3037
- ✨ Webhook URL based CRD conversions by @palnabarun in #3090
- 📖 Update documentation dependencies and add dark mode by @embik in #3109
- 📖 Organize generated CRD documentation by API group by @embik in #3110
- ✨ Implement
RulesFor
forGlobalAuthorizer
andLocalAuthorizer
to enableSelfSubjectRulesReview
by @embik in #3097 - 📖 Add architecture brain-dump. by @sttts in #3108
- 📖 Refactor documentation sections and mention Helm chart by @embik in #3113
- 🌱 Bump etcd dependencies to 3.5.13 by @embik in #3114
- 🌱 Set controller rest config timeout to 30secs by @sankar17 in #3112
- ✨ Implement cluster-aware OpenAPI v3 by @sttts in #3118
- 🐛 Implement RoundTripperWrapper everywhere to allow cancellation by @sttts in #3120
New Contributors
- @ajwdev made their first contribution in #3096
- @palnabarun made their first contribution in #3090
- @sankar17 made their first contribution in #3112
Full Changelog: v0.23.0...v0.24.0
v0.23.0
Changes by Kind
API Change
- Add optional nameValidation field to ApiResourceSchemaSpec. This field is used to add an internal annotation to the bound API and the name validation strategy is decided based on the value. (#3082, @praveenrewar)
Uncategorized
- The kubectl plugins have been moved into their own github.com/kcp-dev/kcp/cli module for easier vendoring. (#3084, @sttts)
- Use correct verb in metrics-viewer ClusterRole to give access to
/metrics
(#3081, @embik)
Dependencies
Added
Nothing has changed.
Changed
Nothing has changed.
Removed
Nothing has changed.
v0.22.0
Changes by Kind
API Change
- Add experimental mounts API (#3057, @mjudeikis)
- Make LogicalCluster claimable resource for deeper level integration ontop of KCP (#3035, @mjudeikis)
Feature
- Add a
metrics-viewer
user subject to the ClusterRoleBinding created by themetrics-viewer
battery, for which credentials can be generated outside of kcp (#3064, @embik) - Add cache-server binary into image (#3067, @mjudeikis)
- Add new
admin
battery which is enabled by default (#3041, @embik) - Simplify index package for frontproxy (#3056, @mjudeikis)
Bug or Regression
- Fix
system:admin
context and addsystem:base
in generatedadmin.kubeconfig
(#3070, @embik) - Fix metrics battery bug (#3060, @mjudeikis)
Other (Cleanup or Flake)
- Add FOSSA license scanner (#3054, @fossabot)
- Reduce log verbosity for processing/queueing messages in controllers (#3073, @xrstf)
Dependencies
Added
- cloud.google.com/go/dataproc/v2: v2.0.1
Changed
- cloud.google.com/go/aiplatform: v1.45.0 → v1.48.0
- cloud.google.com/go/analytics: v0.21.2 → v0.21.3
- cloud.google.com/go/baremetalsolution: v0.5.0 → v1.1.1
- cloud.google.com/go/batch: v0.7.0 → v1.3.1
- cloud.google.com/go/beyondcorp: v0.6.1 → v1.0.0
- cloud.google.com/go/bigquery: v1.52.0 → v1.53.0
- cloud.google.com/go/cloudbuild: v1.10.1 → v1.13.0
- cloud.google.com/go/cloudtasks: v1.11.1 → v1.12.1
- cloud.google.com/go/compute: v1.21.0 → v1.23.0
- cloud.google.com/go/contactcenterinsights: v1.9.1 → v1.10.0
- cloud.google.com/go/container: v1.22.1 → v1.24.0
- cloud.google.com/go/datacatalog: v1.14.1 → v1.16.0
- cloud.google.com/go/dataplex: v1.8.1 → v1.9.0
- cloud.google.com/go/datastore: v1.12.1 → v1.13.0
- cloud.google.com/go/datastream: v1.9.1 → v1.10.0
- cloud.google.com/go/deploy: v1.11.0 → v1.13.0
- cloud.google.com/go/dialogflow: v1.38.0 → v1.40.0
- cloud.google.com/go/documentai: v1.20.0 → v1.22.0
- cloud.google.com/go/eventarc: v1.12.1 → v1.13.0
- cloud.google.com/go/firestore: v1.11.0 → v1.12.0
- cloud.google.com/go/gkebackup: v0.4.0 → v1.3.0
- cloud.google.com/go/gkemulticloud: v0.6.1 → v1.0.0
- cloud.google.com/go/kms: v1.12.1 → v1.15.0
- cloud.google.com/go/maps: v0.7.0 → v1.4.0
- cloud.google.com/go/metastore: v1.11.1 → v1.12.0
- cloud.google.com/go/policytroubleshooter: v1.7.1 → v1.8.0
- cloud.google.com/go/pubsub: v1.32.0 → v1.33.0
- cloud.google.com/go/run: v0.9.0 → v1.2.0
- cloud.google.com/go/servicedirectory: v1.10.1 → v1.11.0
- cloud.google.com/go/speech: v1.17.1 → v1.19.0
- cloud.google.com/go/translate: v1.8.1 → v1.8.2
- cloud.google.com/go/video: v1.17.1 → v1.19.0
- cloud.google.com/go/vmwareengine: v0.4.1 → v1.0.0
- cloud.google.com/go: v0.110.4 → v0.110.7
- github.com/felixge/httpsnoop: v1.0.3 → v1.0.4
- github.com/go-logr/logr: v1.2.4 → v1.3.0
- github.com/golang/glog: v1.1.0 → v1.1.2
- go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc: v0.45.0 → v0.46.0
- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.45.0 → v0.46.0
- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.19.0 → v1.20.0
- go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.19.0 → v1.20.0
- go.opentelemetry.io/otel/metric: v1.19.0 → v1.20.0
- go.opentelemetry.io/otel/sdk: v1.19.0 → v1.20.0
- go.opentelemetry.io/otel/trace: v1.19.0 → v1.20.0
- go.opentelemetry.io/otel: v1.19.0 → v1.20.0
- go.uber.org/goleak: v1.2.1 → v1.3.0
- golang.org/x/crypto: v0.14.0 → v0.18.0
- golang.org/x/sys: v0.13.0 → v0.16.0
- golang.org/x/term: v0.13.0 → v0.16.0
- golang.org/x/text: v0.13.0 → v0.14.0
- google.golang.org/genproto/googleapis/api: 782d3b1 → b8732ec
- google.golang.org/genproto/googleapis/rpc: 782d3b1 → b8732ec
- google.golang.org/genproto: 782d3b1 → b8732ec
- google.golang.org/grpc: v1.58.2 → v1.59.0
Removed
- cloud.google.com/go/dataproc: v1.12.0
v0.21.0
First release where KCP is part of CNCF Sandbox!
Major change - rebase to Kubernetes 1.28
What's Changed
- 📖 Update release process doc by @mjudeikis in #2988
⚠️ Remove apiresource.kcp.io apis by @mjudeikis in #2992- 📖 Fix typo in CONTRIBUTING.md by @fgiloux in #2993
- 🐛 make help by @carlory in #3005
- 🌱 add vendor into .gitignore by @carlory in #3009
- ✨ Add leader election for kcp (core) controllers by @embik in #2996
- ✨ Add --cors-allowed-origins flag to kcp-front-proxy by @xrstf in #3013
- 📖 Update README to include link to community meeting agenda doc by @embik in #3014
- 📖 Add logo variants by @embik in #3015
- ✨ Rebase to 1.28 by @sttts in #3017
- 🐛 Bump lint to 20min by @mjudeikis in #3020
- 🌱 Bump uraimo/run-on-arch-action from 2.5.0 to 2.5.1 by @dependabot in #2999
- 🌱 Add new maintainers by @sttts in #3022
- 🌱 Increase workspace init timeout in e2e tests to 60 seconds by @embik in #3025
- 📖 Adopt CNCF Code of Conduct by @embik in #3027
- 🐛 prow fix go version validate by @mjudeikis in #3019
- 🌱 Increase resource requests on Prow jobs but only run if code changed by @embik in #3029
- ✨ Add CRDs to built-in types by @mjudeikis in #3018
- 🐛 Memory leak fix in mutating & validating webhooks by @mjudeikis in #3026
- 🐛 Fix frontproxy by @mjudeikis in #3023
- 📖 docs: generate list of carry commits for rebasing by @nikhita in #2994
- 🌱 Bump Go Dependencies by @xrstf in #3031
- 🌱 Add metrics-viewer 'battery' by @mjudeikis in #3024
- ✨ tag container images with branch name, too by @xrstf in #3030
- 🐛 logicalcluster-deletion: skip bound resources by @sttts in #2958
- 📖 WIP: docs: add a sharding overview by @sttts in #3000
- 🌱 update SDK Go dependencies to match main go.mod by @xrstf in #3032
New Contributors
Full Changelog: v0.20.0...v0.21.0
v0.20.0
This release contains major breaking changes and change of Governance in the KCP project.
Major breaking change are removal of TMC and rebase to Kubernetes 1.26.
You must wipe any preexisting etcd data before trying to use v0.20.0
- 📖 Add rebase documentation by @ncdc in #2950
- ✨ Update to Kubernetes 1.26.3 by @sttts in #2956
⚠️ Remove TMC/Syncer by @xrstf in #2963⚠️ Remove TMC bootstrap assets by @mjudeikis in #2971- ✨ Consolidate sdk/apis & deprecating apis, client go module by @mjudeikis in #2968
- 🐛 GOVERNANCE.md: lower-case kcp outside of captions by @sttts in #2962
- 🌱 Add Prowjobs by @xrstf in #2975
New Contributors
KCP team thanks to all new contributors joining the community!
- @cychiang made their first contribution in #2801
- @yhrn made their first contribution in #2862
- @bnallapeta made their first contribution in #840
- @dhanusaputra made their first contribution in #2941
- @fileppb made their first contribution in #2937
- @scheeles made their first contribution in #2984
What's Changed
- 🌱 build(deps): bump actions/cache from 3.2.4 to 3.2.5 by @dependabot in #2778
- 🐛 bind compute: handle placement already exists correctly by @ncdc in #2779
- 🐛Fix multiple CRDs/workspaces/versions by @ncdc in #2751
- 🌱 build(deps): bump docker/build-push-action from 3 to 4 by @dependabot in #2715
- 📖 Add example on how resource name should be provided for syncing by @kasturinarra in #2702
- 🐛 Prevent gc/quota workqueue backlogs by @ncdc in #2764
- 🌱 syncer vw: add API definition logging by @ncdc in #2780
- 🌱 Make syncer vw global by @ncdc in #2744
- 📖 Move docs to mkdocs-material by @ncdc in #2768
- 📖 docs: enable manual action triggering by @ncdc in #2788
- 🌱 more docs CI changes by @ncdc in #2790
- 🌱 docs: fix Makefile, pip install by @ncdc in #2791
- 🌱 docs: fix pip install by @ncdc in #2792
- 🌱 docs: fix mike config file path by @ncdc in #2793
- 📖 Fix contributing link by @nrb in #2796
- 🌱 More mkdocs updates by @ncdc in #2798
- 📖 Update link for investigations directory by @cychiang in #2801
- ✨ Add Upsync controller by @bipuladh in #2214
- 🌱 fix broken documentation links by @ncdc in #2806
- 🌱 docs: document the process by @ncdc in #2808
- 🐛 Only validate the path component of a fully-qualified
APIExport
ref by @mamachanko in #2809 - 🌱 test/e2e,cmd/test: scrape metrics for test servers and e2e tests by @s-urbaniak in #2774
- 🐛 Fix location cannot be found by placement during scheduling by @qiujian16 in #2784
- 🌱 workspace_reconcile_scheduling: allow for skipping a shard with a special annotation during scheduling by @p0lyn0mial in #2782
- 🐛 cli: honor expanded
~
in kcp ws by @stevekuznetsov in #2816 - 🌱 server: split apart first tmc pieces by @sttts in #2795
- ✨ cache: add a synthetic delay to the cache server by @stevekuznetsov in #2742
- ✨ Provide access to physical cluster pod definitions from upstream KCP, relying on upsyncing by @davidfestal in #2805
- 🐛 Fix nil pointer error in the Upsyncer reconcile by @davidfestal in #2822
- 🌱 Make DirectOrGoRunCommand aware of the deployment-coordinator being moved to tmc/cmd by @fabriziopandini in #2814
- 📖 Generate section overviews by @ncdc in #2823
- 🌱 docs: actually add main.py module to git by @ncdc in #2825
- 🌱 Add --labels to kubectl kcp workload sync by @fabriziopandini in #2815
- 📖 Add initial APIs content by @ncdc in #2828
- 📖 APIExportEndpointSlice and Partition doc by @fgiloux in #2799
- 🌱 Remove direct klog usage by @ncdc in #2842
- 🐛 Add verb
access
to syncer by @mjudeikis in #2847 - ✨ Syncer: also mutate
StatefulSet
s andReplicaSet
s by @davidfestal in #2845 - 📖 docs/../developers: describe metrics gathering for e2e tests by @s-urbaniak in #2840
- 🌱 PartitionSet e2e by @fgiloux in #2642
- 📖 docs: simplify i18n by @ncdc in #2852
- 🌱 Fix docs by @ncdc in #2853
- 🌱 docs: fix venv by @ncdc in #2854
- 🌱 docs: only build main+release branches by @ncdc in #2860
- 📖 Fix link to partitions.md by @yhrn in #2862
- 🌱 docs: test builds for PRs, update material version by @ncdc in #2861
- ✨ Add a flag to crd-puller to specify only the required CRDs that needs to be synced by @bnallapeta in #840
- 📖 docs: add APIConversions to API ref by @ncdc in #2864
- 🐛 Fix the spec.URL in workspace using canonicalPath by @qiujian16 in #2846
- 🌱 minor docs improvements by @ncdc in #2866
- 🌱 adding logs to investigate E2E flake by @fgiloux in #2868
- ✨ Add Ready column to
APIBinding
andAPIExport
by @mjudeikis in #2851 - 🌱 Simplify heartbeat controller by @csams in #2691
- 🌱 Move enhancements to separate repo by @ncdc in #2875
- 🌱 Tunnel: Validate namespace/pod at the syncer side by @jmprusi in #2819
- ✨ Enable the SyncerTunnel featuregate by default by @jmprusi in #2881
- ✨ Upsync Endpoints of synced services by @davidfestal in #2829
- 📖 docs: add rest access patterns, etcd storage path by @ncdc in #2867
- 🌱 shard controller: use committer by @ncdc in #2873
- 🌱 docs: make PromeCIeus a link by @ncdc in #2884
- 🌱 tmc: split apart virtual workspaces by @sttts in #2836
- 🌱 split
pkg/client
with go workspaces by @mjudeikis in #2869 - 🌱 rename ClusterWorkspace to Workspace by @lionelvillard in #2888
- 🐛 tunneler: return retry-after when dialer not ready by @jmprusi in #2890
- 🐛 Disable default apiserver timeout (60s) for Syncer tunnel connection by @jmprusi in #2897
- 🌱 build(deps): Bump actions/setup-go from 3 to 4 by @dependabot in #2899
- 📖 Fix obsolete wording by @davidfestal in #2901
- 🌱 pkg/authorization/maxpermpolicy: add delegation reason by @s-urbaniak in #2903
- 🐛 Decouple internal and external logical-cluster-admin access by @hardys in #2882
- 📖 Update Placement, Locations, and Scheduling doc by @MikeSpreitzer in #2902
- 🐛 Avoid duplicated Partitions being created during PartitionSet reconciliation by @fgiloux in #2889
- 🐛 fix(CLI): sync command should honor provided IO streams by @astefanutti in #2907
⚠️ Consolidate API and client into single module/package by @mjudeikis in #2894- ✨ client: Generate apply configurations by @astefanutti in #2583
- 🌱 fix some typos in the syncer documentation by @lionelvillard in #2927
- 🌱 TMC E2E tests sharding support - step 1 by @davidfestal in #2908
- 🐛 Remove root:compute deps in controller by @qiujian16 in #2877
- 🌱 Add cache informers for synctargets/locations in placement controller by @nrb in #2915
- 📖 Document data types that are replicated by @nrb in #2925
- 🐛 Cleanup tmc e2e tests to remove data races by @davidfestal in https://github.c...
v0.11.0
This release contains breaking changes. You must wipe any preexisting etcd data before trying to use v0.11!
Changes since v0.10.0
⚠️ Breaking Changes
- Move Workspace.Status.{Cluster, URL} to Spec (#2557)
- replace kcp.dev by kcp.io (#2523)
- ClusterWorkspace => LogicalCluster refactor (#2510)
✨ New Features
- Provide access to physical cluster pod definitions from upstream KCP, relying on upsyncing (#2805)
- cache: add a synthetic delay to the cache server (#2742)
- Add Upsync controller (#2214)
- Adding DNS network policies (#2423)
- Partitionset reconciliation (#2513)
- Add pods resource to the default Kubernetes APIExport (#2417)
- Support for pod logs and other subresources (#2401)
- enable shard scheduling and fix e2e tests (#2596)
- Make apigen a standalone go module (#2669)
- Add conversions + CEL transformations for APIResourceSchemas (#2105)
- Admission for APIExportEndpointSlice (#2560)
- Install Calico in kind for CI testing (#2431)
- Partition reconciliation (#2469)
- wire more controllers cross-shard and authz (#2562)
- DRY committer factory functions (#2590)
- Refactor Syncer based on the enhanced ddsif, with controller manager and endpoints controller (#2452)
- Synctarget: Have URLs for both syncer and upsyncer (#2570)
- server: wire cache informers instead of root informers (#2559)
- Allow home workspaces to be accessed via
user:<username>
(#2547) - APIExportEndpointSlice reconciliation (#2432)
- Use distroless/static:debug as base image (#2512)
🐛 Bug Fixes
- Fix nil pointer error in the Upsyncer reconcile (#2822)
- cli: honor expanded
~
in kcp ws (#2816) - Fix location cannot be found by placement during scheduling (#2784)
- Only validate the path component of a fully-qualified
APIExport
ref (#2809) - Prevent gc/quota workqueue backlogs (#2764)
- Fix multiple CRDs/workspaces/versions (#2751)
- bind compute: handle placement already exists correctly (#2779)
- Bump github.com/emicklei/go-restful from 2.9.5+incompatible to 2.16.0+incompatible in /cmd/apigen (#2777)
- Enqueue location upon synctarget update (#2624)
- tmc e2e: fix Syncer virtual workspace e2e test flakes (#2767)
- pkg/tunneler: remove non-error verbose log (#2766)
- Fix TMC flake in the Upsyncer VW e2e test (#2765)
- Fix make install doesn't exit without required tools (#2760)
- test/e2e/scheduling: don't require kind for upsynced test (#2761)
- E2E failing on APIExportEndpointSlice creation (flake) (#2755)
- workload/resource: handle upsynced resources (#2533)
- Fix frontmatter on replicating new resource doc (#2752)
- Drop non-existent workspace get command from help output (#2731)
- cmd/sharded-test-server: Reuse Certificates instead of generating new ones (#2746)
- Show workspace name in kubectl kcp ws tree (#2719)
- Fix API binding privilege escalation (#2695)
- Fix Makefile clean target and add .kcp cleanup (#2712)
- Deflake quota e2e (#2688)
- Fix typo breaking codegen: crds not stored at the right location (#2724)
- Fix gap in APIExport virtual workspace queues (#2720)
- Do not look up APIExports in the generic webhook (#2690)
- test/e2e: remove a data race (#2694)
- Deflake TestSpecSyncerProcess (#2684)
- *: update listers to have correct NotFound messages (#2683)
- Use status.phase as printer column on workspaces and logical clusters (#2680)
- Add a kcp RequestInfoResolver (#2677)
- server: revert non-standalone VW URL (#2667)
- Use APIExport cluster names within webhooks (#2637)
- controller: use the global informer to get Shards (#2660)
- e2e: temporarily schedule all workspaces on the root shard for tmc-related tests (#2651)
- server: relax ShardVirtualWorkspace flag validation (#2659)
- add support for standalone virtualworkspace server (#2407)
- e2e/conversion: wrap create in eventually (#2644)
- reconciler/apiexport: use the gloabl informer to get Shards (#2641)
- e2e/reconciler/workspace: use cluster client (#2639)
- e2e/watchcache: use cluster client for creating content in a workspace (#2632)
- pkg/reconciler/apis/apibinding: return error in case of conflicts (#2645)
- pkg/server: ensure that home workspace handler gets authz with audit … (#2628)
- Add bind permission for kubernetes apiexport (#2618)
- Role and ClusterRole merger should not modify cache objects (#2604)
- IndexByLogicalClusterPathAndName should return clusterpath and name (#2606)
- cache: stop reporting an error from a CRD lister on incorrect cluster name (#2592)
- e2e: PrivateKcpServer enable audit-policy (#2591)
- committer: fix equality check in statusless committer (#2602)
- reconciler/cache: remove reflection and fix replicate+NotFound logic (#2594)
- WorkspaceType admission should respect LimitAllow{Parents, Children}.None (#2588)
- Fix APIExport virtual workspace API bug (#2564)
- workspace controller: use loopback client for local shard (#2554)
- cel-go: update to pull in data race fix (#2549)
- Docker build/push should not use a matrix (#2544)
- Add missing CGO_ENABLED flag in the install makefile target (#2540)
- Increase CRD cleanup requeue delay; remove e2e test (#2541)
- kcp: fix waitForOptionalSync method to wait for a proper signal (#2536)
- pkg/authorization: prevent double audit logs (#2511)
- pkg/softimpersonation: deep copy rest config (#2509)
- Fix and add test to capture a race w/ partial metadata in cache (#2505)
- docs: mkdir before moving (#2503)
- Fix parsing of requests to root path of a workload cluster (#2405)
🌱 Others
- Remove direct klog usage (#2842)
- Add --labels to kubectl kcp workload sync (#2815)
- docs: actually add main.py module to git (#2825)
- Make DirectOrGoRunCommand aware of the deployment-coordinator being moved to tmc/cmd (#2814)
- server: split apart first tmc pieces (#2795)
- workspace_reconcile_scheduling: allow for skipping a shard with a special annotation during scheduling (#2782)
- test/e2e,cmd/test: scrape metrics for test servers and e2e tests (#2774)
- docs: document the process (#2808)
- fix broken documentation links (#2806)
- More mkdocs updates (#2798)
- docs: fix mike config file path (#2793)
- docs: fix pip install (#2792)
- docs: fix Makefile, pip install (#2791)
- more docs CI changes (#2790)
- Make syncer vw global (#2744)
- syncer vw: add API definition logging (#2780)
- build(deps): bump docker/build-push-action from 3 to 4 (#2715)
- build(deps): bump actions/cache from 3.2.4 to 3.2.5 (#2778)
- manifest: remove outdated manifests (#2716)
- Fix git in Prow (#2769)
- /pkg/proxy/server: handle /readyz and /livez outside of the auth chain (#2747)
- tmc e2e : Split SyncerFixture (#2730)
- Small improvements to dev workflow (#2753)
- Use a private kcp per disruptive replication test (#2745)
- Add make target to download e2e logs from Prow (#2734)
- Dockerfile: remove SHELL for OCI compliance (#2728)
- Enable virtual workspace server audit logging (#2733)
- Fix ready-to-test location (#2736)
- More APIExport VW e2e deflaking (#2735)
- test/e2e: DRY up waiting on conditions (#2703)
- remove deprecated home workspaces fields, add waiting for unmanaged servers in e2e (#2707)
- Trying to fix doc generation (#2717)
- tests: gather metrics (#2705)
- build(deps): bump actions/cache from 3.2.3 to 3.2.4 (#2704)
- End-to-end tests for APIExportEndpointSlice (#2608)
- correctly log unstructured group/resource with k8s reflector (#2701)
- reconcilers/workspace: add logging to outgoing client calls (#2698)
- pkg/authorization: enable audit logging for SAR requests (#2678)
- logicalcluster_deletion_controller uses committer (#2661)
- test/e2e: add support for dynamic users using client certs (#2640)
- clusterworkspacetype_controller uses committer. (#2674)
- Remove trailing parentheses in ASCII diagram link (#2670)
- bootstrap_controller uses committer (#2653)
- Bump actions/cache from 3.0.11 to 3.2.3 (#2567)
- build(deps): bump uraimo/run-on-arch-action from 2.3.0 to 2.5.0 (#2531)
- placement_controller uses committer (#2648)
- extraannotationsync: use function pointers (#2646)
- location_controller uses committer (#2638)
- permissionclaimlabel_controller uses committer (#2636)
- Admission cleanup (#2629)
- run replication tests on a shared kcp instance (#2620)
- test/e2e/virtual/apiexport: make authorizer test self-contained (#2611)
- Enable KUBE_CACHE_MUTATION_DETECTOR in e2e tests (#2605)
- e2e: TestAuditLogs remove duplicate audit-log-path (#2610)
- reconciler/cache/reconciler: simplify and generalize (#2609)
- remove tenancy v1beta1 (#2595)
- resource controller: log each gvr by itself instead of accumulating (#2600)
- Use caching authorizers per-workspace in initializingworkspaces/builder (#2477)
- Stop checking PR descriptions in CI (#2599)
- clean up workspace e2e fixtures (#2586)
- Update logcheck to 0.4.0 (#2587)
- *: update to some structured, contextual logging (#2576)
- cache: add replication tests for WorkspaceType resource (#2578)
- verify-contextual-logging should diff from old to new (#2577)
- Rename ClusterWorkspace (#2569)
- apiexport: strongly type enqueue params (#2575)
- Add e2e DNS tests (#2542)
- vw/apiexport: strongly type enqueue params (#2574)
- crdcleanup: strongly type enqueue params (#2573)
- *: remove tenancy.kcp.dev/v1alpha1.ClusterWorkspace (#2543)
- index controller rename (#2561)
- add missing unit tests for the index (#2565)
- cluster workspace rename (#2558)
- Switch cel-go to upstream v0.12.6 (#2556)
- Debug deployment coordinator e2e (#2555)
- Update golangci-lint 1.50.1, add more linters (#2480)
- Cross-compile container image binaries from host platform (#2551)
- add missing unit tests for the pathannotation admission plugin (#2535)
- follow-ups of workspace refactor (#2553)
- Add authorizer test for static endpoints (#2487)
- Skip upsynced resources in resource scheduling (#2545)
- Scope APIBinding logger (#2546)
- DDSIF: ...
v0.11.0-alpha.1
What's Changed
- 🌱 build(deps): bump actions/cache from 3.2.4 to 3.2.5 by @dependabot in #2778
- 🐛 bind compute: handle placement already exists correctly by @ncdc in #2779
- 🐛Fix multiple CRDs/workspaces/versions by @ncdc in #2751
- 🌱 build(deps): bump docker/build-push-action from 3 to 4 by @dependabot in #2715
- 📖 Add example on how resource name should be provided for syncing by @kasturinarra in #2702
- 🐛 Prevent gc/quota workqueue backlogs by @ncdc in #2764
- 🌱 syncer vw: add API definition logging by @ncdc in #2780
- 🌱 Make syncer vw global by @ncdc in #2744
Full Changelog: v0.11.0-alpha.0...v0.11.0-alpha.1
v0.11.0-alpha.0
Changelog
- 95dbac2 Merge pull request #2777 from kcp-dev/dependabot/go_modules/cmd/apigen/github.com/emicklei/go-restful-2.16.0incompatible
- 2adeb0c Bump github.com/emicklei/go-restful in /cmd/apigen
- 880576a Merge pull request #2624 from qiujian16/fix-synctarget-enqueue
- ee81cfe Merge pull request #2423 from lionelvillard/dns-network-policies
- 2a1c00a Merge pull request #2716 from hardys/rm_manifests
- 5ebd7bf Merge pull request #2767 from davidfestal/fix-syncer-vw-flakes
- 656ad4d changes after review
- 81870cb fix unit test
- 1e47c2b create kubernetes endpoint in fake cluster.
- fc683ba better error message
- b8c2617 reenable test against fake cluster
- 5d0246d check tenantid is set and correct (when upgrading kcp)
- 6016ada add tenant-id label and use it in network policies
- 8a824eb cluster test requires kind
- 4f500f8 add e2e test
- 5d7672c add networkpolicies in the fake pcluster
- e562310 fix unit test
- df2c102 Adding dns network policies - Part 1
- 2244d9a Merge pull request #2766 from jmprusi/jmprusi/fix-verbose-log-podsubresourcehandler
- 561880e Merge pull request #2769 from ncdc/fix-prow-git-issue
- bc5deb3 Fix git in Prow
- d687963 tmc e2e: use
framework.Eventually
... - 55dc271 tmc e2e: put the sink worksace on the root shard
- 22d6d78 pkg/tunneler: remove non-error verbose log
- b9f1494 Merge pull request #2747 from s-urbaniak/proxy-healthz-livez
- 25f906c Merge pull request #2765 from davidfestal/fix-flake-2762
- acb6f3d Fix flake #2762
- 09cbd2f Merge pull request #2760 from wangke19/fix-without-requirement-not-quit
- 5b3b404 Merge pull request #2761 from jmprusi/jmprusi/fix-test-nokind
- 2dcb532 test/e2e/scheduling: don't require kind for upsynced test
- 87f44d4 Merge pull request #2513 from fgiloux/partitionset-reconciliation
- aeabc6e Fix make install doesn't exit without requirement tools
- d63ce02 Add logic for PartitionSet reconciliation
- 1235ac4 Merge pull request #2755 from fgiloux/slice-e2e
- c48c567 Merge pull request #2533 from jmprusi/jmprusi/upsync-scheduling-fix
- 3e7ec62 test/e2e/framework: don't fail tests if synctarget is gone
- c6b6154 workload/resource: handle upsynced resources
- 74e06bb Merge pull request #2730 from davidfestal/split-SyncerFixture
- 3df11d7 Fix a possible flake where the referenced APIExport may not be available on the cache server before the APIExportEndpointSlice is created.
- 77af933 Rename as requested in review
- 17a6ba8 Fix review last comments
- 0da8dad Remove unnecessary private function
- 8f125fe e2e: Separate
SyncerFixture.CreateAndStart()
... - 6dae242 Fixes after PR review comments
- a1476bf tmc e2e : Split SyncerFixture...
- 3a58b1c Merge pull request #2417 from jmprusi/2415-when-the-kcpsyncertunnel-feature-gate-is-enabled-pods-should-be-added-to-the-compute-workspaces-automatically
- e50fa57 Merge pull request #2753 from fabriziopandini/small-improvements-to-dev-workflow
- a43bada add support for specifying KIND_CLUSTER_NAME make when running build-kind-images
- cc878df Merge pull request #2752 from hasheddan/fix-docs-publish
- e1c09ef Fix frontmatter on replicating new resource doc
- da4d3ae Merge pull request #2731 from hasheddan/no-ws-get
- e20bc8f pkg/virtual/syncer: don't expose Pods or endpoints via syncer vw
- 85965fe test/e2e/syncer: remove non-needed clusterrole from test
- e69da7e cliplugin/sync: append pod subresources
- eb61c60 test/e2e/syncer: ensure pods cannot be created outside upsyncer
- 238fdc6 Merge pull request #2722 from MikeSpreitzer/describe-bind
- 248fd6f Drop non-existent workspace get command from help output
- 9954055 Merge pull request #2749 from kasturinarra/fix_doc
- c29c35b Fix unknown flag --apiexport
- b48ab6a add few gitignore patterns
- 1fe028e /pkg/proxy/server: handle /readyz and /livez outside of the auth chain
- 278060d Merge pull request #2725 from p0lyn0mial/document-replicating-new-type
- e4613df Merge pull request #2746 from p0lyn0mial/sharded-test-server-reuse-certs
- ce35514 cmd/sharded-test-server: Reuse Certificates instead of generating new ones
- ca871c1 Merge pull request #2745 from ncdc/deflake-replication-disruptive-tests
- ba4a15b Use a private kcp per disruptive replication test
- 26d200c Merge pull request #2734 from ncdc/add-download-prow-logs-script
- f18044f Merge pull request #2728 from hardys/dockerfiles
- 103b4fd Merge pull request #2733 from ncdc/vw-enable-audit
- 752666a Merge pull request #2736 from ncdc/fix-sentinel
- 35073e6 Merge pull request #2735 from ncdc/deflake-apiexport-vw-test
- c7a62d7 Deflake test/e2e/reconciler/apiexportendpointslice
- 0bb6642 More APIExport VW e2e deflaking
- c3fbb9c test/e2e/tunnels: use root:compute:kubernetes apiexport
- 7d7777e kube124: Adds PODs to the kubernetes apiexport
- a398c33 Add make target to download e2e logs from Prow
- 998b73b Merge pull request #2703 from stevekuznetsov/skuznets/eventually-condition
- 0395579 Fix ready-to-test location
- 1f3b590 fix imports
- adabd8e test/e2e/quota: don't assume an error exists
- 1e4d2dd apiexport: improve test error message
- 95c8280 test/e2e: DRY up waiting on conditions
- f00df0a Enable virtual workspace server audit logging
- 2113c9a Merge pull request #2707 from ncdc/fix-e2e-kcp-servers
- 0b403cb apiexportendpointslice: use framework.Eventually
- bc8fb6a Fix TestAPIExportAuthorizers flake
- 8db9070 Fix TestAPIExportAuthorizers flake.
- 3092dfc Use sentinel file for e2e readiness
- 1cfbe44 e2e: support terminating "go run kcp start"
- a9c50f4 e2e: all server types wait for readiness
- d77370e Clean up home workspaces
- 57e9339 Merge pull request #2719 from hasheddan/use-ws-name-tree
- e79d1e0 Merge pull request #2695 from s-urbaniak/fix-wrong-bind
- e850191 Merge pull request #2712 from hardys/makefile_fix
- 7d55514 Merge pull request #2688 from ncdc/deflake-quota
- ebce7c8 Dockerfile: remove SHELL for OCI compliance
- c40e9aa Fix typo in --full flag help
- 055a328 Show workspace name in kubectl kcp ws tree
- 669dd8d Merge pull request #2717 from ncdc/doc-gen
- 7035800 pkg/virtual/apiexport: impersonate requests
- 68175dd Merge pull request #2724 from fgiloux/codegen
- b1da6c0 document how to add a new resource for replication
- 780bc64 Schemas changes missing due to issue in codegen script
- 8941a0d manifest: remove outdated manifests
- a40856e Makefile: add clean-workdir target
- 867f13e Makefile: fix clean target
- b085a04 Fix typo breaking codegen: crds not stored at the right location
- 0f1d809 Brush up TMC quickstart
- 53fdaf5 Merge pull request #2720 from ncdc/fix-apiexport-vw-queue-gap
- c359931 Fix gap in APIExport virtual workspace queues
- 4b5d5dc Trying to fix docs
- 6124312 Merge pull request #2673 from avinal/avinal/fix-docs-versioning
- 258292a Merge pull request #2708 from pdettori/update-docs
- 2ed4948 .github/community_meeting.yaml: add links to issues
- c3ca137 document kcp bind commmand to allow to sync deployment in quickstart
- 163da25 Merge pull request #2705 from ncdc/gather-metrics-at-end-of-tests
- d5374d5 tests: gather metrics
- 91a2061 Merge pull request #2704 from kcp-dev/dependabot/github_actions/actions/cache-3.2.4
- c0207ef build(deps): bump actions/cache from 3.2.3 to 3.2.4
- 22d06c1 Merge pull request #2608 from fgiloux/slice-e2e
- f53db78 Merge pull request #2401 from jmprusi/jmprusi/syncer-tunnels-pod-logs
- da4b8d7 Merge pull request #2596 from sttts/sttts-random-workspace-scheduling
- 8f04da8 make update-contextual-logging
- 63c32b0 e2e/virtual/apiexport: fix for multi-shard
- 5aa4278 e2e/virtual/initializingworkspaces: adapt TestInitializingWorkspacesVirtualWorkspaceAccess to multi shard
- f2b7e8f e2e/framework: WorkspaceShard helper
- ab51453 e2e/authorizer: fix TestAuthorizer
- 6fb281a e2e/virtual/syncer: add TODO_WithoutMultiShardSupport()
- e5b7fe8 e2e/framework: fix NewPrivilegedOrganizationFixture cross-shard
- b569732 e2e/authorizer: fix priming race
- 3268428 e2e: unify subtests to be compatible with Goland
- 3bdf22c reconciler/tenancy/repliatelogicalcluster: fix logic typo
- e0cf0fc cmd: seed random number generator
- 1da2755 e2e/apibindings: fix TestAPIBindingPermissionClaimsConditions
- 7b5e5cc cache: replicate ClusterRoleBinding pointing to system:admin ClusterRole
- 641ac0d reconciler/tenancy: replicate LogicalClusters for WorkspaceType
- b68b3db reconciler/cache/labellogicalcluster: fix comments and log messages
- e27c70a e2e/apibindings: in TestAPIBinding fix virtual workspace testing
- 20fa070 authorization: wire global informers into requiredgroups and workspace content
- cbea43c reconciler/replicateclusterrole: replicate ClusterRoles for workspacetypes with "initialize" verb
- 56ad664 reconciler/tenancy/workspacetype: rename clusterworkspacetype to workspacetype
- d1e28e2 reconciler/workspacetype_controller: assing shard.spec.VirtualWorkspaceURL not shard.spec.externalURL
- 0ad0911 cache: wire cache client and cache informers into virtual workspaces
- 6638bb8 cache: replicate rbac logicalcluster access objects only when LogicalCluster is replicated
- f3b65e6 cache: replicate LogicalClusters for APIExport workspace and relevant rbac objects
- eb8ceb0 Fix e2e compliance TestValidatingWebhooInWorkspace
- 4cb260f e2e/apibindings: count * lists across all shards
- 47f4980 e2e: kubeconfig for any shard
- de14bc3 Makefile correctly pass SHARDS variable to test-e2e-sharded-minimal target
- 86bc8aa apis/tenancy/workspaces: add region label column
- c9b50c3 admission/webhooks: wire global webhook configurations
- a898194 cache: replicate admission webhooks
- 24925e2 reconciler/tenancy: add replicate controller for workspacetypes
- 31bca0f reconciler/cache: generalize label controllers
- 4731a79 reconciler/apis/replication: unif...