Skip to content

v0.10.0
Compare
Choose a tag to compare
@github-actions github-actions released this 13 Dec 19:20
· 1411 commits to main since this release
v0.10.0
This tag was signed with the committer’s verified signature.
ncdc Andy Goldstein
GPG key ID: 409C2BE062A844A4
Learn about vigilant mode.
2525454
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Changes since v0.9.0

✨ New Features

Core + APIs

  • Add the API only of APIExportEndpointSlice, Partition and PartitionSet (#2342)
  • Relax workspace object name validation (#2341)
  • Add garbage collector controller (#2112)
  • Add command for fetching permission claims (#2203)
  • Add command to create APIBindings (#2027)
  • Check for identityHash in APIExport admission and support multiple versions for APIs in permission claims (#2169)
  • Allow use of JSON logging format (#2157)
  • Add transformations during request forwarding... (#2221)
  • *: migrate to use cluster-aware apiextensions-apiserver clients, listers and informers (#2257)
  • Switch to cluster-aware k8s clients, listers & informers (#2104)

Sharding

  • Adding ClusterWorkspaceShard to the resources stored in the cache server (#2381)
  • sharded-test-server: support for running the caching layer (#2320)

TMC

  • New Deployment Splitter as a coordination controller (#2336)
  • Update DNS resources when syncer starts (#2420)
  • Only schedule to synctarget with compatible APIs (#2329)
  • Upsyncer VW: Enable status subresource (#2400)
  • Create one DNS nameserver per workspace (#2293)
  • Downstream Namespace cleanup: ensure namespace is empty and delete after a grace period (#2299)
  • Implements Upsyncer Virtual Workspace (#2180)
  • Syncer transfos and coordination controller helpers (#2289)
  • Add bind workload cmd (#2258)
  • Update kcp sync command to support global kubernetes APIExport (#2164)
  • Add cluster-wide resources support to the resource reconciler (#1998)
  • Support for local cluster services DNS resolution (#1708)

🐛 Bug Fixes

  • Skip maximal permission policy authorizer for deep SAR requests (#2385)
  • Fix double identities for wildcard requests from APIExport virtual workspace (#2306)
  • give the front proxy a distinct config for direct(internal) shard communication. (#2382)
  • Ignore APIBinding 403 errors when changing WS (#2438)
  • cache: do not use protobufs for self-communication (#2387)
  • Add missing battery annotation for root-compute-workspace (#2474)
  • Syncer: add 'get' permission on downstream namespaces (#2475)
  • Avoid updating placement from getter (#2473)
  • Syncer: Remaining fixes on downstream namespace cleaning (#2453)
  • Fix wrong index in cluster-wide resource scheduling (#2460)
  • Remove list SyncTarget in bind compute cmd (#2451)
  • cliplugins/bind: fix incorrect error message (#2447)
  • fix Internal error when creating a ClusterRole while authenticated as a ServiceAccount (#2373)
  • CLI: Better error messages to bind compute (#2424)
  • Syncer: fix APIImporter broken after one recent rebase (#2408)
  • Fix Syncer-related e2e flake due to the use of environment variable (#2403)
  • Further cleanup to tmc-related e2e tests (#2379)
  • Fix BoundWorkspace race condition (#2386)
  • Syncer namespace cleanup refactor (#2374)
  • Fix group in scheduling.kcp.dev maximum permission policy cluster role (#2376)
  • Lookup DNS IP in Service (#2367)
  • syncer: Fix wrong logic in dns-related process (#2370)
  • test/e2e/virtual/syncer: skip tests until fixed (#2372)
  • Add request, latency, and workqueue metrics to front proxy (#2302)
  • CLI: Fix sync command apiexports option usage (#2361)
  • clusterworkspaceshard: fix admission and shard creation for multi-shard setups (#2360)
  • cmd/sync: ensure port is set on cluster url (#2354)
  • sharded-test-server: fix the way we calculate the embedded etcd client ports (#2339)
  • Clean up shadow CRDs after API bindings are deleted (#2298)
  • Support deployments/scale in root compute (#2343)
  • Fix cluster authentication trust controller hotloop (#2330)
  • Fix root phase 0 bootstrapping sometimes failing (#2307)
  • Fix incorrect cleaning of deletion annotations (#2288)
  • Return apierrors.StatusError inside client getters (#2292)
  • Fix: watch a certain synctarget only (#2294)
  • test/e2e/framework: Don't try to pull logs from a non-ready POD (#2283)
  • .github: cache Go build output (#2277)
  • quota: use a workqueue to manage updating monitors (#2270)
  • Avoid syncers deleting namespace from other synctargets. (#2264)
  • Revert additional proxy auth methods in e2e-sharded (#2262)
  • permissionclaim_labeler: use accepted claims in spec to drive labels (#2253)
  • Correctly serve APIBindings in the APIExport virtual workspace (#2189)
  • fix CLI tree not showing bottom leafs (#2242)
  • Fix Dockerfile by copying tmc directory into build directory (#2238)
  • docs: no new tabs on external links in menu (#2237)
  • docs: adding missing blog link (#2236)
  • cache: fix a datarace (#2226)
  • docs: link back to kcp.io from logo (#2235)
  • docs: fix layout, add favicons, fix search (#2234)
  • Give permission claim controllers their own name (#2190)
  • replication: fix the Kind for APIResourceSchema (#2228)
  • kcp: run the embeeded cache server only when a kubeconfig was provided (#2227)
  • Isolate tmc-related logging constants in a dedicated package (#2202)
  • cache: take into account EmbeddedEtcd options (#2188)
  • virtualworkspace/workspaces: fix generateName (#2193)
  • types_apibinding,types_apiexport: revert applied/export permission claims (#2177)
  • Fix permissionclaim patch thrashing (#2174)
  • Create VirtualWorkSpaceURL on first APIBinding (#2135)
  • Fix wrong annotation in logging call (#2145)
  • pkg/apis/test/cel: fix closure reference (#2158)
  • cmd/Sync: remove serviceaccounts from default resource list (#2150)
  • fix 'make install' on mac (#2149)
  • fix: apigen to write files when previous versions are not present (#2137)

🌱 Others

  • pkg/authorization: add delegation reason in audit (#2476)
  • Use Go 1.19, set GOMEMLIMIT in kcp manifest (#2468)
  • remove EnableMultiCluster hack (#2448)
  • pkg/authorization: switch to audit logger, and anonymizer, improve audit log messages (#2442)
  • Contextual logging fixes (#2445)
  • Update logicalcluster dependency (#2436)
  • migrate kcp clientset (#2378)
  • Reuse global index in placement controllers (#2380)
  • go.mod: bump to pick up cluster-aware apiextensions clients (#2353)
  • Protect imports target with Go version check (#2348)
  • build(deps): bump cytopia/upload-artifact-retry-action from 0.1.5 to 0.1.6 (#2340)
  • proxy: optionally enable OIDC auth (#2319)
  • pkg/virtual/apiexport: remove unused informer (#2337)
  • types_apiexport: make all and resourceSelector/namespace optional (#2286)
  • build(deps): bump cytopia/upload-artifact-retry-action from 0.1.2 to 0.1.5 (#2335)
  • test-server: split New/Start/Ready phases (#2303)
  • cache: add e2e scenarios for testing behaviour of the cache server (#2256)
  • add new flag (root-directory) for the cache server binary (#2317)
  • cache: WithShardScope doesn't require a shard name for well-know paths (#2313)
  • cache:replication:e2e: export functions for working with the cache server (#2311)
  • cache: add replicateAPIResourceSchema test scenario (#2240)
  • sharded-test-server: consistently use workDirPath (#2297)
  • pkg/../types_apiexport: add name, namespace (#2222)
  • test/e2e: add more logging for syncer e2e (#2279)
  • .github: restrict kind tests to those that require it (#2275)
  • test/e2e: stop dumping YAML (#2273)
  • test/e2e: add the concept of suites, allow selecting (#2266)
  • make: add non-kind shared and sharded e2e (#2265)
  • hack: remove run-sharded-kcp.sh (#2259)
  • proxy: Optionally enable token auth (#2178)
  • cmd/test-server/kcp/shard.go: use contextual logging (#2209)
  • remove unused informer (#2250)
  • Register workspace authz metrics (#2248)
  • cache: run the replication controller when the cache server is enabled (#2132)
  • pkg/authorization: rename apibinding_authorizer to maximal_permission_policy_authorizer (#2224)
  • build(deps): bump actions/cache from 2 to 3.0.11 (#2231)
  • build(deps): bump actions/setup-node from 2 to 3 (#2230)
  • cmd/syncer: switch to contextual logging (#2206)
  • cache: replicate all APIExports and APIResourceSchemas (#2213)
  • e2e framework: introduce KcpConfigOption function (#2197)
  • cmd/kcp: use structural logging (#2205)
  • build(deps): bump container-tools/kind-action from 1 to 2 (#2201)
  • Syncer: update vscode launch configuation (#2198)
  • apibindingdeletion: use mockable methods (#2173)
  • build(deps): bump uraimo/run-on-arch-action from 2.2.1 to 2.3.0 (#2191)
  • bump to the latest kube level (#2186)
  • cache: indroduce cache-server-kubeconfig-file flag (#2183)
  • remove API export reference from API binding status, make API export reference in API binding immutable (#2144)
  • cache: extend the replication controller to reconcile apiresourceschema (#2090)
  • identitycache: refactor to not use fake clients in testing (#2168)
  • Remove fake client from namespacelifecycle test (#2162)
  • proxy: remove unused/duplicated Authentication code (#2171)
  • crd-puller: replace fakes in tests (#2163)
  • Syncer: Complete the move to structural logging (#2134)
  • bump controller gen (#2143)

📖 Documentation

  • Improve docs for developers/library-usage (#2322)
  • Correcting the link to the developers doc (#2346)
  • Add doc for kcp bind compute (#2305)
  • Fix grammar of kcp command help message (#2267)
  • Updated README.md links (#2255)
  • Remove reference to APIExport's status.resourceSchemasInUse (field was removed) (#2233)
  • Fix docs deploy github action (#2223)
  • Add github actions to push docs (#2153)
  • Add hugo documentation structure to docs (#2219)
  • Update syncer doc on apiexports flag (#2210)
  • tmc: storage docs and apis (#1971)
  • update docs and docs-gen according to hugo syntax (#2120)
  • Link to apigen source in quickstart API doc (#2142)
  • Update syncer.md to make the syncer dev steps a bit clear for the local kcp kind-based syncer scenario. (#2347)

Thanks to all our contributors! 😊

Assets 15