Releases: kcp-dev/kcp
Releases · kcp-dev/kcp
v0.11.0-alpha.0
Changelog
- 95dbac2 Merge pull request #2777 from kcp-dev/dependabot/go_modules/cmd/apigen/github.com/emicklei/go-restful-2.16.0incompatible
- 2adeb0c Bump github.com/emicklei/go-restful in /cmd/apigen
- 880576a Merge pull request #2624 from qiujian16/fix-synctarget-enqueue
- ee81cfe Merge pull request #2423 from lionelvillard/dns-network-policies
- 2a1c00a Merge pull request #2716 from hardys/rm_manifests
- 5ebd7bf Merge pull request #2767 from davidfestal/fix-syncer-vw-flakes
- 656ad4d changes after review
- 81870cb fix unit test
- 1e47c2b create kubernetes endpoint in fake cluster.
- fc683ba better error message
- b8c2617 reenable test against fake cluster
- 5d0246d check tenantid is set and correct (when upgrading kcp)
- 6016ada add tenant-id label and use it in network policies
- 8a824eb cluster test requires kind
- 4f500f8 add e2e test
- 5d7672c add networkpolicies in the fake pcluster
- e562310 fix unit test
- df2c102 Adding dns network policies - Part 1
- 2244d9a Merge pull request #2766 from jmprusi/jmprusi/fix-verbose-log-podsubresourcehandler
- 561880e Merge pull request #2769 from ncdc/fix-prow-git-issue
- bc5deb3 Fix git in Prow
- d687963 tmc e2e: use
framework.Eventually
... - 55dc271 tmc e2e: put the sink worksace on the root shard
- 22d6d78 pkg/tunneler: remove non-error verbose log
- b9f1494 Merge pull request #2747 from s-urbaniak/proxy-healthz-livez
- 25f906c Merge pull request #2765 from davidfestal/fix-flake-2762
- acb6f3d Fix flake #2762
- 09cbd2f Merge pull request #2760 from wangke19/fix-without-requirement-not-quit
- 5b3b404 Merge pull request #2761 from jmprusi/jmprusi/fix-test-nokind
- 2dcb532 test/e2e/scheduling: don't require kind for upsynced test
- 87f44d4 Merge pull request #2513 from fgiloux/partitionset-reconciliation
- aeabc6e Fix make install doesn't exit without requirement tools
- d63ce02 Add logic for PartitionSet reconciliation
- 1235ac4 Merge pull request #2755 from fgiloux/slice-e2e
- c48c567 Merge pull request #2533 from jmprusi/jmprusi/upsync-scheduling-fix
- 3e7ec62 test/e2e/framework: don't fail tests if synctarget is gone
- c6b6154 workload/resource: handle upsynced resources
- 74e06bb Merge pull request #2730 from davidfestal/split-SyncerFixture
- 3df11d7 Fix a possible flake where the referenced APIExport may not be available on the cache server before the APIExportEndpointSlice is created.
- 77af933 Rename as requested in review
- 17a6ba8 Fix review last comments
- 0da8dad Remove unnecessary private function
- 8f125fe e2e: Separate
SyncerFixture.CreateAndStart()
... - 6dae242 Fixes after PR review comments
- a1476bf tmc e2e : Split SyncerFixture...
- 3a58b1c Merge pull request #2417 from jmprusi/2415-when-the-kcpsyncertunnel-feature-gate-is-enabled-pods-should-be-added-to-the-compute-workspaces-automatically
- e50fa57 Merge pull request #2753 from fabriziopandini/small-improvements-to-dev-workflow
- a43bada add support for specifying KIND_CLUSTER_NAME make when running build-kind-images
- cc878df Merge pull request #2752 from hasheddan/fix-docs-publish
- e1c09ef Fix frontmatter on replicating new resource doc
- da4d3ae Merge pull request #2731 from hasheddan/no-ws-get
- e20bc8f pkg/virtual/syncer: don't expose Pods or endpoints via syncer vw
- 85965fe test/e2e/syncer: remove non-needed clusterrole from test
- e69da7e cliplugin/sync: append pod subresources
- eb61c60 test/e2e/syncer: ensure pods cannot be created outside upsyncer
- 238fdc6 Merge pull request #2722 from MikeSpreitzer/describe-bind
- 248fd6f Drop non-existent workspace get command from help output
- 9954055 Merge pull request #2749 from kasturinarra/fix_doc
- c29c35b Fix unknown flag --apiexport
- b48ab6a add few gitignore patterns
- 1fe028e /pkg/proxy/server: handle /readyz and /livez outside of the auth chain
- 278060d Merge pull request #2725 from p0lyn0mial/document-replicating-new-type
- e4613df Merge pull request #2746 from p0lyn0mial/sharded-test-server-reuse-certs
- ce35514 cmd/sharded-test-server: Reuse Certificates instead of generating new ones
- ca871c1 Merge pull request #2745 from ncdc/deflake-replication-disruptive-tests
- ba4a15b Use a private kcp per disruptive replication test
- 26d200c Merge pull request #2734 from ncdc/add-download-prow-logs-script
- f18044f Merge pull request #2728 from hardys/dockerfiles
- 103b4fd Merge pull request #2733 from ncdc/vw-enable-audit
- 752666a Merge pull request #2736 from ncdc/fix-sentinel
- 35073e6 Merge pull request #2735 from ncdc/deflake-apiexport-vw-test
- c7a62d7 Deflake test/e2e/reconciler/apiexportendpointslice
- 0bb6642 More APIExport VW e2e deflaking
- c3fbb9c test/e2e/tunnels: use root:compute:kubernetes apiexport
- 7d7777e kube124: Adds PODs to the kubernetes apiexport
- a398c33 Add make target to download e2e logs from Prow
- 998b73b Merge pull request #2703 from stevekuznetsov/skuznets/eventually-condition
- 0395579 Fix ready-to-test location
- 1f3b590 fix imports
- adabd8e test/e2e/quota: don't assume an error exists
- 1e4d2dd apiexport: improve test error message
- 95c8280 test/e2e: DRY up waiting on conditions
- f00df0a Enable virtual workspace server audit logging
- 2113c9a Merge pull request #2707 from ncdc/fix-e2e-kcp-servers
- 0b403cb apiexportendpointslice: use framework.Eventually
- bc8fb6a Fix TestAPIExportAuthorizers flake
- 8db9070 Fix TestAPIExportAuthorizers flake.
- 3092dfc Use sentinel file for e2e readiness
- 1cfbe44 e2e: support terminating "go run kcp start"
- a9c50f4 e2e: all server types wait for readiness
- d77370e Clean up home workspaces
- 57e9339 Merge pull request #2719 from hasheddan/use-ws-name-tree
- e79d1e0 Merge pull request #2695 from s-urbaniak/fix-wrong-bind
- e850191 Merge pull request #2712 from hardys/makefile_fix
- 7d55514 Merge pull request #2688 from ncdc/deflake-quota
- ebce7c8 Dockerfile: remove SHELL for OCI compliance
- c40e9aa Fix typo in --full flag help
- 055a328 Show workspace name in kubectl kcp ws tree
- 669dd8d Merge pull request #2717 from ncdc/doc-gen
- 7035800 pkg/virtual/apiexport: impersonate requests
- 68175dd Merge pull request #2724 from fgiloux/codegen
- b1da6c0 document how to add a new resource for replication
- 780bc64 Schemas changes missing due to issue in codegen script
- 8941a0d manifest: remove outdated manifests
- a40856e Makefile: add clean-workdir target
- 867f13e Makefile: fix clean target
- b085a04 Fix typo breaking codegen: crds not stored at the right location
- 0f1d809 Brush up TMC quickstart
- 53fdaf5 Merge pull request #2720 from ncdc/fix-apiexport-vw-queue-gap
- c359931 Fix gap in APIExport virtual workspace queues
- 4b5d5dc Trying to fix docs
- 6124312 Merge pull request #2673 from avinal/avinal/fix-docs-versioning
- 258292a Merge pull request #2708 from pdettori/update-docs
- 2ed4948 .github/community_meeting.yaml: add links to issues
- c3ca137 document kcp bind commmand to allow to sync deployment in quickstart
- 163da25 Merge pull request #2705 from ncdc/gather-metrics-at-end-of-tests
- d5374d5 tests: gather metrics
- 91a2061 Merge pull request #2704 from kcp-dev/dependabot/github_actions/actions/cache-3.2.4
- c0207ef build(deps): bump actions/cache from 3.2.3 to 3.2.4
- 22d06c1 Merge pull request #2608 from fgiloux/slice-e2e
- f53db78 Merge pull request #2401 from jmprusi/jmprusi/syncer-tunnels-pod-logs
- da4b8d7 Merge pull request #2596 from sttts/sttts-random-workspace-scheduling
- 8f04da8 make update-contextual-logging
- 63c32b0 e2e/virtual/apiexport: fix for multi-shard
- 5aa4278 e2e/virtual/initializingworkspaces: adapt TestInitializingWorkspacesVirtualWorkspaceAccess to multi shard
- f2b7e8f e2e/framework: WorkspaceShard helper
- ab51453 e2e/authorizer: fix TestAuthorizer
- 6fb281a e2e/virtual/syncer: add TODO_WithoutMultiShardSupport()
- e5b7fe8 e2e/framework: fix NewPrivilegedOrganizationFixture cross-shard
- b569732 e2e/authorizer: fix priming race
- 3268428 e2e: unify subtests to be compatible with Goland
- 3bdf22c reconciler/tenancy/repliatelogicalcluster: fix logic typo
- e0cf0fc cmd: seed random number generator
- 1da2755 e2e/apibindings: fix TestAPIBindingPermissionClaimsConditions
- 7b5e5cc cache: replicate ClusterRoleBinding pointing to system:admin ClusterRole
- 641ac0d reconciler/tenancy: replicate LogicalClusters for WorkspaceType
- b68b3db reconciler/cache/labellogicalcluster: fix comments and log messages
- e27c70a e2e/apibindings: in TestAPIBinding fix virtual workspace testing
- 20fa070 authorization: wire global informers into requiredgroups and workspace content
- cbea43c reconciler/replicateclusterrole: replicate ClusterRoles for workspacetypes with "initialize" verb
- 56ad664 reconciler/tenancy/workspacetype: rename clusterworkspacetype to workspacetype
- d1e28e2 reconciler/workspacetype_controller: assing shard.spec.VirtualWorkspaceURL not shard.spec.externalURL
- 0ad0911 cache: wire cache client and cache informers into virtual workspaces
- 6638bb8 cache: replicate rbac logicalcluster access objects only when LogicalCluster is replicated
- f3b65e6 cache: replicate LogicalClusters for APIExport workspace and relevant rbac objects
- eb8ceb0 Fix e2e compliance TestValidatingWebhooInWorkspace
- 4cb260f e2e/apibindings: count * lists across all shards
- 47f4980 e2e: kubeconfig for any shard
- de14bc3 Makefile correctly pass SHARDS variable to test-e2e-sharded-minimal target
- 86bc8aa apis/tenancy/workspaces: add region label column
- c9b50c3 admission/webhooks: wire global webhook configurations
- a898194 cache: replicate admission webhooks
- 24925e2 reconciler/tenancy: add replicate controller for workspacetypes
- 31bca0f reconciler/cache: generalize label controllers
- 4731a79 reconciler/apis/replication: unif...
v0.10.0
Changes since v0.9.0
✨ New Features
Core + APIs
- Add the API only of APIExportEndpointSlice, Partition and PartitionSet (#2342)
- Relax workspace object name validation (#2341)
- Add garbage collector controller (#2112)
- Add command for fetching permission claims (#2203)
- Add command to create APIBindings (#2027)
- Check for identityHash in APIExport admission and support multiple versions for APIs in permission claims (#2169)
- Allow use of JSON logging format (#2157)
- Add transformations during request forwarding... (#2221)
- *: migrate to use cluster-aware apiextensions-apiserver clients, listers and informers (#2257)
- Switch to cluster-aware k8s clients, listers & informers (#2104)
Sharding
- Adding ClusterWorkspaceShard to the resources stored in the cache server (#2381)
- sharded-test-server: support for running the caching layer (#2320)
TMC
- New Deployment Splitter as a coordination controller (#2336)
- Update DNS resources when syncer starts (#2420)
- Only schedule to synctarget with compatible APIs (#2329)
- Upsyncer VW: Enable status subresource (#2400)
- Create one DNS nameserver per workspace (#2293)
- Downstream Namespace cleanup: ensure namespace is empty and delete after a grace period (#2299)
- Implements Upsyncer Virtual Workspace (#2180)
- Syncer transfos and coordination controller helpers (#2289)
- Add bind workload cmd (#2258)
- Update kcp sync command to support global kubernetes APIExport (#2164)
- Add cluster-wide resources support to the resource reconciler (#1998)
- Support for local cluster services DNS resolution (#1708)
🐛 Bug Fixes
- Skip maximal permission policy authorizer for deep SAR requests (#2385)
- Fix double identities for wildcard requests from APIExport virtual workspace (#2306)
- give the front proxy a distinct config for direct(internal) shard communication. (#2382)
- Ignore APIBinding 403 errors when changing WS (#2438)
- cache: do not use protobufs for self-communication (#2387)
- Add missing battery annotation for root-compute-workspace (#2474)
- Syncer: add 'get' permission on downstream namespaces (#2475)
- Avoid updating placement from getter (#2473)
- Syncer: Remaining fixes on downstream namespace cleaning (#2453)
- Fix wrong index in cluster-wide resource scheduling (#2460)
- Remove list SyncTarget in bind compute cmd (#2451)
- cliplugins/bind: fix incorrect error message (#2447)
- fix Internal error when creating a ClusterRole while authenticated as a ServiceAccount (#2373)
- CLI: Better error messages to
bind compute
(#2424) - Syncer: fix APIImporter broken after one recent rebase (#2408)
- Fix Syncer-related e2e flake due to the use of environment variable (#2403)
- Further cleanup to tmc-related e2e tests (#2379)
- Fix BoundWorkspace race condition (#2386)
- Syncer namespace cleanup refactor (#2374)
- Fix group in scheduling.kcp.dev maximum permission policy cluster role (#2376)
- Lookup DNS IP in Service (#2367)
- syncer: Fix wrong logic in dns-related process (#2370)
- test/e2e/virtual/syncer: skip tests until fixed (#2372)
- Add request, latency, and workqueue metrics to front proxy (#2302)
- CLI: Fix sync command apiexports option usage (#2361)
- clusterworkspaceshard: fix admission and shard creation for multi-shard setups (#2360)
- cmd/sync: ensure port is set on cluster url (#2354)
- sharded-test-server: fix the way we calculate the embedded etcd client ports (#2339)
- Clean up shadow CRDs after API bindings are deleted (#2298)
- Support
deployments/scale
in root compute (#2343) - Fix cluster authentication trust controller hotloop (#2330)
- Fix root phase 0 bootstrapping sometimes failing (#2307)
- Fix incorrect cleaning of deletion annotations (#2288)
- Return apierrors.StatusError inside client getters (#2292)
- Fix: watch a certain synctarget only (#2294)
- test/e2e/framework: Don't try to pull logs from a non-ready POD (#2283)
- .github: cache Go build output (#2277)
- quota: use a workqueue to manage updating monitors (#2270)
- Avoid syncers deleting namespace from other synctargets. (#2264)
- Revert additional proxy auth methods in e2e-sharded (#2262)
- permissionclaim_labeler: use accepted claims in spec to drive labels (#2253)
- Correctly serve APIBindings in the APIExport virtual workspace (#2189)
- fix CLI tree not showing bottom leafs (#2242)
- Fix Dockerfile by copying tmc directory into build directory (#2238)
- docs: no new tabs on external links in menu (#2237)
- docs: adding missing blog link (#2236)
- cache: fix a datarace (#2226)
- docs: link back to kcp.io from logo (#2235)
- docs: fix layout, add favicons, fix search (#2234)
- Give permission claim controllers their own name (#2190)
- replication: fix the Kind for APIResourceSchema (#2228)
- kcp: run the embeeded cache server only when a kubeconfig was provided (#2227)
- Isolate tmc-related logging constants in a dedicated package (#2202)
- cache: take into account EmbeddedEtcd options (#2188)
- virtualworkspace/workspaces: fix generateName (#2193)
- types_apibinding,types_apiexport: revert applied/export permission claims (#2177)
- Fix permissionclaim patch thrashing (#2174)
- Create VirtualWorkSpaceURL on first APIBinding (#2135)
- Fix wrong annotation in logging call (#2145)
- pkg/apis/test/cel: fix closure reference (#2158)
- cmd/Sync: remove serviceaccounts from default resource list (#2150)
- fix 'make install' on mac (#2149)
- fix: apigen to write files when previous versions are not present (#2137)
🌱 Others
- pkg/authorization: add delegation reason in audit (#2476)
- Use Go 1.19, set GOMEMLIMIT in kcp manifest (#2468)
- remove EnableMultiCluster hack (#2448)
- pkg/authorization: switch to audit logger, and anonymizer, improve audit log messages (#2442)
- Contextual logging fixes (#2445)
- Update logicalcluster dependency (#2436)
- migrate kcp clientset (#2378)
- Reuse global index in placement controllers (#2380)
- go.mod: bump to pick up cluster-aware apiextensions clients (#2353)
- Protect imports target with Go version check (#2348)
- build(deps): bump cytopia/upload-artifact-retry-action from 0.1.5 to 0.1.6 (#2340)
- proxy: optionally enable OIDC auth (#2319)
- pkg/virtual/apiexport: remove unused informer (#2337)
- types_apiexport: make all and resourceSelector/namespace optional (#2286)
- build(deps): bump cytopia/upload-artifact-retry-action from 0.1.2 to 0.1.5 (#2335)
- test-server: split New/Start/Ready phases (#2303)
- cache: add e2e scenarios for testing behaviour of the cache server (#2256)
- add new flag (root-directory) for the cache server binary (#2317)
- cache: WithShardScope doesn't require a shard name for well-know paths (#2313)
- cache:replication:e2e: export functions for working with the cache server (#2311)
- cache: add replicateAPIResourceSchema test scenario (#2240)
- sharded-test-server: consistently use workDirPath (#2297)
- pkg/../types_apiexport: add name, namespace (#2222)
- test/e2e: add more logging for syncer e2e (#2279)
- .github: restrict kind tests to those that require it (#2275)
- test/e2e: stop dumping YAML (#2273)
- test/e2e: add the concept of suites, allow selecting (#2266)
- make: add non-kind shared and sharded e2e (#2265)
- hack: remove run-sharded-kcp.sh (#2259)
- proxy: Optionally enable token auth (#2178)
- cmd/test-server/kcp/shard.go: use contextual logging (#2209)
- remove unused informer (#2250)
- Register workspace authz metrics (#2248)
- cache: run the replication controller when the cache server is enabled (#2132)
- pkg/authorization: rename apibinding_authorizer to maximal_permission_policy_authorizer (#2224)
- build(deps): bump actions/cache from 2 to 3.0.11 (#2231)
- build(deps): bump actions/setup-node from 2 to 3 (#2230)
- cmd/syncer: switch to contextual logging (#2206)
- cache: replicate all APIExports and APIResourceSchemas (#2213)
- e2e framework: introduce KcpConfigOption function (#2197)
- cmd/kcp: use structural logging (#2205)
- build(deps): bump container-tools/kind-action from 1 to 2 (#2201)
- Syncer: update vscode launch configuation (#2198)
- apibindingdeletion: use mockable methods (#2173)
- build(deps): bump uraimo/run-on-arch-action from 2.2.1 to 2.3.0 (#2191)
- bump to the latest kube level (#2186)
- cache: indroduce cache-server-kubeconfig-file flag (#2183)
- remove API export reference from API binding status, make API export reference in API binding immutable (#2144)
- cache: extend the replication controller to reconcile apiresourceschema (#2090)
- identitycache: refactor to not use fake clients in testing (#2168)
- Remove fake client from namespacelifecycle test (#2162)
- proxy: remove unused/duplicated Authentication code (#2171)
- crd-puller: replace fakes in tests (#2163)
- Syncer: Complete the move to structural logging (#2134)
- bump controller gen (#2143)
📖 Documentation
- Improve docs for developers/library-usage (#2322)
- Correcting the link to the developers doc (#2346)
- Add doc for kcp bind compute (#2305)
- Fix grammar of kcp command help message (#2267)
- Updated README.md links (#2255)
- Remove reference to APIExport's status.resourceSchemasInUse (field was removed) (#2233)
- Fix docs deploy github action (#2223)
- Add github actions to push docs (#2153)
- Add hugo documentation structure to docs (#2219)
- Update syncer doc on apiexports flag (#2210)
- tmc: storage docs and apis (#1971)
- update docs and docs-gen according to hugo syntax (#2120)
- Link to apigen source in quickstart API doc (#2142)
- Update syncer.md to make the syncer dev steps a bit clear for the local kcp kind-based syncer scenario. (#2347)
Thanks to all our contributors! 😊
v0.9.1
What's Changed
- [release-0.9] 🐛 fix 'make install' on mac by @openshift-cherrypick-robot in #2159
- [release-0.9] 🐛 Fix permissionclaim patch thrashing by @openshift-cherrypick-robot in #2175
Full Changelog: v0.9.0...v0.9.1
v0.9.0
Changes since v0.8.2
✨ New Features
- sync resources from syncer virtual server (#1995)
- pkg/admission/apibinding: more informative authorization failure message (#2124)
- Add reservednames admission plugin to surface clearer error messages (#2118)
- Add kubectl workspace plugin and adjust usage output (#1901)
- Warn users when APIBindings PermissionClaims don't match APIExport's PermissionClaims (#2046)
- Add profiler support to front proxy and virtual workspaces (#2023)
- Add support for default APIBindings to create per ClusterWorkspaceType when initializing a workspace (#1877)
- Add root compute workspace (#1962)
- *: use cluster-aware keyfuncs & splitters (#1958)
- Syncer Tunneler: Pod logs, .... (#873)
🐛 Bug Fixes
- Remove the logical-cluster & sync-target labels from syncer namespace (#2130)
- Syncer AdvancedScheduling fixes: Avoid syncing down the experimental status annotation. (#2129)
- Fix bugs in the resource controller (#2126)
- kubectl-kcp: remove duplicated NewFlagSet (#2125)
- Detect kubectl plugin via FlagSet Name (#2121)
- Only delete ClusterRoles and ClusterRoleBindings when Workspace finalizer is removed (#2113)
- Fix link rendering in FAQ.md (#2115)
- Fix typo (#2114)
- fix- nil context in workspace-use plugin (#2106)
- syncer: apply name transformations to spec controller downstream informer (#2096)
- Fix make install (#2098)
- fix OS and ARCH not being properly initialized (#2097)
- syncer/status: make sure the resource is owned by this syncer before updating the status (#2049)
- Allow go to determine ARCH and OS during build (#2091)
- Avoid redundant delete in workspace deletion (#2086)
- apibinder: don't use external address for now (#2095)
- Add trailing slash to COPY command in Dockerfile (#2077)
- Revert "syncer: remove finalizer if downstream resource has been deleted" (#2078)
- syncer: remove finalizer if downstream resource has been deleted (#2055)
- apis: use correct annotation to require fields (#2067)
- Fix kubectl overrides in 'kubectl workspace' plugin commands (#2058)
- bug fix Add maximal permission policy for compute APIExport (#2033)
- pkg/admission/webhook: differentiate states (#2031)
- pkg/admission/webhook: fix nil panic (#2029)
- Fix scripts to run on mac with gnu sed (#2026)
- syncer: use the correct key splitter (#1985)
- syncer: bifurcate the namespace controller (#1978)
- *: split meta namespace keys correctly (#1957)
- Don't calculate new placements for resources that are being deleted (#1953)
- Fix generated APIResourceSchema names (#1940)
- cache-client: fix npe when the context wasn't set (#1927)
- fix filename for negotiatedapiresources (#1917)
- pkg/authorization/apibinding_authorizer: fix nil panic (#1920)
- Fix ctrl-c not gracefully terminating (#1900)
- pkg/virtual/workspaces/registry: fix panic sending to a closed channel (#1889)
🌱 Others
- cache: replication controller: attach the shard annotation during object creation (#2122)
- Proxy refactor to options/config/server pattern (#2110)
- cmd/kcp-front-proxy: use component-base/cli Run (#2108)
- cache: introduce the replication controller (#2024)
- cache-server: disable ServerSideApply feature (#2109)
- Remove klog from tests (#2072)
- Remove ingress splitter and deployment splitter which do not work currently... (#2103)
- pkg/apis: update logicalcluster to v2.0.0-alpha.3 (#2085)
- authz: remove the concept of a merged informer (#2083)
- Add make targets to update and verify go.mod (#2071)
- build(deps): bump uraimo/run-on-arch-action from 2.2.0 to 2.2.1 (#2081)
- Remove deploy task from github actions (#2084)
- Combine Dockerfile kubectl layers to save space (#2079)
- Add ppc64le support to e2e test workflow (#2019)
- cache server: stop serving subresources for built-in resources (#2063)
- syncer(apiimporter,syncer,tunneler}: use structured, contextual logging (#2054)
- Move VW registry's rest file to contextual logging (#2069)
- Upgrade to logicalcluster v2.0.0-alpha.3 (#2070)
- turn off goreleaser from PRs and pushes to main (#2074)
- tenancy: allow single-character logical cluster names (#2020)
- kcp: controllers don't have to check if caches have been synced during startup (#2053)
- proxy: pass context for contextual logging (#2044)
- apibinding, types: remove ancestor check (#2060)
- authorisation: stop using the ValidClusterFrom method (#1996)
- pkg/server: enable audit logging in virtual workspace apiserver (#2047)
- test/e2e: enable audit logs (#2045)
- cmd/kcp-front-proxy move filters into module (#2043)
- pkg/proxy use contextual logging (#2042)
- Update community meeting template (#2040)
- Stop shortening git sha used to update RH gitops repo (#2025)
- Wire the cache server into the kcp server (#1954)
- add CLI `workspace tree' (#1989)
- Front proxy use contextual logging (#2002)
- Update batteries-included option usage (#2001)
- WithClusterScope: should not assign a default cluster name (#1871)
- kcp: add flags related to the cache server (#1970)
- cache: expose the cache-server under "/services/cache" path (#1961)
- cache: small refactor to make wiring into kcp easier (#1949)
- pkg/util: delete (#1951)
- cache: moves common HTTP handlers to a shared pkg (#1947)
- cache: makes all internal clients shard and cluster aware (#1928)
- Remove deploy task from GitHub Actions (#2084)
- Enable PR verifier (#1941)
- cache-server: adds ShardNameFromObjectRoundTripper (#1926)
- bump to the latest kube level (#1918)
- verify-go-versions.sh make CONTRIBUTING.md check conditional (#1915)
- fix readme typo (#1925)
- spellcheck across the repository (#1908)
- Update README.md golang version and add to verify script (#1894)
- build(deps): bump imjasonh/setup-ko from 0.5 to 0.6 (#1912)
- Simplify plugin code (#1701)
📖 Documentation
- Update readme (#1911)
- Generate CLI docs (#2000)
- Add a quickstart doc for tenancy and APIs (#2064)
- Update FAQ links to point to renamed concepts.md (#2100)
- Document the cache-server (#1896)
- docs/architecture: remove because totally outdated (#1892)
- Add initial release process docs (#1886)
Thanks to all our contributors! 😊
v0.8.2
What's Changed
- [release-0.8] pkg/virtual/workspaces/registry: fix panic sending to a closed channel by @openshift-cherrypick-robot in #1897
- [release-0.8] Fix ctrl-c not gracefully terminating by @openshift-cherrypick-robot in #1903
- [release-0.8] pkg/authorization/apibinding_authorizer: fix nil panic by @openshift-cherrypick-robot in #1921
- [release-0.8] build(deps): bump imjasonh/setup-ko from 0.5 to 0.6 by @openshift-cherrypick-robot in #1923
Full Changelog: v0.8.0...v0.8.2
v0.8.1
⚠️ This release does not have the syncer image due to an issue with our GitHub actions. Please use v0.8.2 instead
What's Changed
- [release-0.8] pkg/virtual/workspaces/registry: fix panic sending to a closed channel by @openshift-cherrypick-robot in #1897
- [release-0.8] Fix ctrl-c not gracefully terminating by @openshift-cherrypick-robot in #1903
- [release-0.8] pkg/authorization/apibinding_authorizer: fix nil panic by @openshift-cherrypick-robot in #1921
Full Changelog: v0.8.0...v0.8.1
v0.8.0
What's Changed
- VW: Fix permission checking in
root
by @davidfestal in #1686 - Add more logging by @ncdc in #1692
- make internal apis available for apiexport permission claims by @robinbobbitt in #1676
- reconciler/{apis,scheduling,tenancy}: use structured, contextual logging by @stevekuznetsov in #1695
- Syncer: refuse to work on sync target UID discrepancy. by @jmprusi in #1687
- Completely cleanup support of personal workspaces in top-level organizations by @davidfestal in #1685
- Makefile: set UNSAFE_E2E_HACK_DISABLE_ETCD_FSYNC=true in all e2e tests by @sttts in #1704
- *: remove member verb by @s-urbaniak in #1711
- Replace clusterworkspaces/{content,workspace} subresources in RBAC with workspaces{/content,} by @sttts in #1712
- virtual/workspace: use real authorizer by @sttts in #1710
- server: hardens the remote shard registration by @p0lyn0mial in #1700
- pkg/virtual/syncer/builder: fix incorrect comment by @jmprusi in #1713
- Add --batteries-included by @sttts in #1688
- updates the tests building a list of VirtualWorkspaceURLs assigned to ClusterWorkspaceShards by @p0lyn0mial in #1699
- exclude authn/authz apis from claimable list by @robinbobbitt in #1716
- logging: use kind-prefixed fields instead of string-formatting by @stevekuznetsov in #1705
- Fixes log line formatting by @m1kola in #1718
- Part 14: scope clients in tests/e2e/framework by @varshaprasad96 in #1709
- Remove the redirect from shard to virtual workspaces by @davidfestal in #1706
- Add goreleaser by @sttts in #1721
- pkg/reconciler/workload: move to structured, contextual logging by @stevekuznetsov in #1719
- goreleaser: increase timeout and reduce archs by @sttts in #1731
- goreleaser: add write permissions to GITHUB_TOKEN by @sttts in #1735
- Dockerfile: add kubectl by @sttts in #1737
- logging: stop using formatted strings for object identifiers by @stevekuznetsov in #1730
- Part 13: Scope clients in test/e2e/virtual by @varshaprasad96 in #1707
- Refactor permission claim labels reconciler by @shawn-hurley in #1617
- hack: verify-go-version.sh in all the repo by @sttts in #1738
- cli/workspace: don't get Workspace in parent on absolute use, but check inside the workspace by @sttts in #1726
- Update Slack channel name by @ncdc in #1744
- virtual: stutter less in constructors by @stevekuznetsov in #1747
- syncer: handle only the k8s export by @stevekuznetsov in #1748
- Permission claim fixes / cleanups by @sttts in #1745
- Part 15: Scope clients in test/e2e/fixtures by @varshaprasad96 in #1732
- the identity provider gets data from a local cm too by @p0lyn0mial in #1727
- Add ppc64le support by @snehakpersistent in #1757
- adds ApiExportIdentityProviderController by @p0lyn0mial in #1725
- docs/syncer.md: add missing instructions by @s-urbaniak in #1746
- .github: fix community meeting link by @sttts in #1766
- Generate CRD defaults for known types by @lionelvillard in #1769
- Start centralizing APIExport indexers by @ncdc in #1762
- Fix image build by @ncdc in #1771
- Add content, toplevel audit annotations by @ncdc in #1767
- Generic helper for consistent post-reconcile spec and status updates by @csams in #1754
- Set service protocol defaults by @lionelvillard in #1783
- Add missing autoscaling single-word group name by @lionelvillard in #1785
- bootstrap: create the default ns in the system:shard ws by @p0lyn0mial in #1782
- Ignore .goreleaser.yaml in GH CI by @ncdc in #1789
- cache-server scaffolding by @p0lyn0mial in #1790
- wires the APIIdentityCacheController by @p0lyn0mial in #1781
- Introduce staticcheck linter for deprecations by @varshaprasad96 in #1798
- Fix schemacompat npe by @ncdc in #1802
- ddsif: exclude v1beta1 Workspaces by @ncdc in #1805
- Fix bug allowing metadata edits to e.g. creationTimestamp for built-in types as CRDs by @ncdc in #1809
- Fix leftover resource when deleting a namespace by @jmprusi in #1743
- synctarget export controller by @qiujian16 in #1624
- Change issue template to newer issue forms by @avinal in #1196
- cache-server: starts empty apiextentions-server by @p0lyn0mial in #1811
- controllers: avoid double copy of the rest config by @p0lyn0mial in #1780
- pkg/server: use structured, contextual logging by @stevekuznetsov in #1797
- Part 18: Scope ingress controller by @varshaprasad96 in #1817
- authorization: add system:masters-only deep SAR via X-Kcp-Internal-Deep-SubjectAccessReview header by @s-urbaniak in #1739
- Part 19: Scoped cmd/front-proxy by @varshaprasad96 in #1819
- e2e/watchcache: remove ddsif testing by @ncdc in #1761
- cache-server: expose apiresourceschemas and apiexports by @p0lyn0mial in #1815
- bump to the latest kube level by @p0lyn0mial in #1832
- various: logging cleanups by @ncdc in #1837
- Fix GH issue template labels by @ncdc in #1825
- Watch cache: use resource.group for object type in log messages and metrics by @ncdc in #1834
- etcd3: include GroupResource in logs/metrics by @ncdc in #1839
- Fix NewNamespaceLocator param name by @ncdc in #1844
- Add exported claims by @shawn-hurley in #1831
- Lint for contextual logging by @nrb in #1835
- Cluster scoped quota by @ncdc in #1846
- Adds E2E test to verify Audit logs contain workspace annotation by @bipuladh in #1830
- sharded-test-server: support standalone vw server by @ncdc in #1800
- cache-server: set the storage prefix to /cache by @p0lyn0mial in #1850
- deletors: skip projected resources by @ncdc in #1860
- e2e: save data in some temporary directory by @stevekuznetsov in #1861
- Add more e2e test cases for permission claims by @ncdc in #1864
- pkg/authorization: add audit logging by @s-urbaniak in #1833
- sharded-test-server: log the full command line with parameters by @pkprzekwas in #1869
- Syncer: Adds validation to make --sync-target-uid flag required by @jmprusi in #1867
- home-ws: wait for tenancy binding readiness by @ncdc in #1872
- cache-server: provides client-related functionality for dealing with a shard on the HTTP level by @p0lyn0mial in #1853
- modified cmd.Use for kubectl-workspaces by @apoorvajagtap in #1756
- bump to the latest kube level by @p0lyn0mial in #1851
- Makefile: add update-contextual-logging by @sttts in #1876
- resource controller: fix NPE by @ncdc in #1880
- *: make import aliases consistent by @stevekuznetsov in #1881
- KCP: stop messing with the RawPath by @p0lyn0mial in #1883
- cache-server: adds WithShardScope HTTP filter by @p0lyn0mial in #1841
- virtual: Support SSA patch requests for non-existent objects by @astefanutti in #1854
- virtual/apiexport: serve wildcard apibindings by @sttts in #1563
- Only serve compatible APIs for syncTarget by @Qi...
v0.7.10
v0.7.9
v0.7.8
What's Changed
- [release-0.7] Fix schemacompat npe by @openshift-cherrypick-robot in #1803
Full Changelog: v0.7.7...v0.7.8