v0.6.0-alpha.0
Pre-release
Pre-release
Milestone Blocker Epics
- #1225 Multi-Release-Epic: Sharding
- #1219 API Export Permissions on Binding
- #1149 ClusterWorkspaceType Take 2
- #1069 User home workspaces
- #981 Multi-workspace controller development
- #912 Consume Compute via Transparent Multi Cluster set up in a different workspace
What's Changed
- virtual: Avoid error logs for
/readz
requests by @davidfestal in #1185 - Add authorizers in virtual workspaces by @davidfestal in #1186
- kubectl/crd snapshot: support multidoc by @ncdc in #1182
- adds crdNoOverlappingGVRAdmission admission by @p0lyn0mial in #1170
- pkg/authorization/apibinding_authorizer: don't ignore indexer errors. by @s-urbaniak in #1197
- Unify workloads.kcp.dev => workload.kcp.dev by @sttts in #1200
- Syncer/mutators: Resolve fieldRef "metadata.namespace" Envs before pushing to pcluster by @jmprusi in #1199
- Add technical docs of locations and state machine by @sttts in #1174
- Implement the Syncer virtual workspace authorizer by @davidfestal in #1176
- makefile: manage boilerplate verification locally by @stevekuznetsov in #1173
- Change gitops folder commit hash update is applied to by @kylape in #1204
- Change gitops folder commit hash update is applied to (take 2) by @kylape in #1205
- adding authorizer for the api export virtual workspace by @shawn-hurley in #1177
- CONTRIBUTING.md: add Go Proverbs by @sttts in #1208
- Replace
--use
with--enter
by @MikeSpreitzer in #1212 - APIExport virtual workspace: add core/v1 by @ncdc in #1220
- e2e: extract APIExport/APIBinding helpers by @ncdc in #1218
- contrib: rename demo to demos-unmaintained by @sttts in #1215
- Added ppc64le support to KCP image by @mayurwaghmode in #1216
- Add E2E tests for cordon/uncordon/drain CLI by @chrisahl in #1098
- Add virtual workspace readiness checks to the KCP server in the embedded case by @davidfestal in #1226
- build(deps): bump docker/setup-qemu-action from 1 to 2 by @dependabot in #1229
- e2e/apibinding: require.Eventually for discovery by @sttts in #1231
- e2e/virtual/initializers: fix flake in TestInitializingWorkspacesVirtualWorkspaceDiscovery by @sttts in #1232
- clusterworkspacetype: stop special-casing Universal by @stevekuznetsov in #1237
- Enable syncer finalizers (k8s & virtual) by default. by @jmprusi in #1228
- APIBinding reconciler checks for overlapping CRDs in a logical cluster by @p0lyn0mial in #1217
- Fix Ingress cluster assignment based on namespace placement by @astefanutti in #1241
- CONTRIBUTING.md: document nested require statements by @sttts in #1251
- e2e/virtual/syncer: fixing race with resource controller in TestSyncerVirtualWorkspace by @sttts in #1247
- ci: turn off GitHub CI for jobs we run in Prow by @stevekuznetsov in #1207
- pkg/etcd,server: add --embedded-etcd-force-new-cluster by @s-urbaniak in #1250
- ci: delete demos.yaml by @ncdc in #1252
- Added ppc64le and arm64 support to the Syncer image by @mayurwaghmode in #1235
- tenancy: qualify cluster workspace types by @stevekuznetsov in #1230
- Update video on readme to v0.4 by @robszumski in #1260
- ClusterWorkspace+Types: allow name "org" by @sttts in #1263
- pkg/authorization: don't check for cluster workspace lister. by @s-urbaniak in #1265
- apibinding: make reference.workspace.path optional and defaulted by @sttts in #1262
- clusterworkspaces: make initializers implicit by @stevekuznetsov in #1264
- kubectl kcp ws: fix type printing by @stevekuznetsov in #1268
- reconciler/workload/resource: use RF3339 timestamp format by @jmprusi in #1269
- Placement API by @qiujian16 in #1258
- README.md: add hypercube logo and sources by @sttts in #1210
- clusterworkspacetype: expose virtual workspace URLs by @stevekuznetsov in #1270
- initializingworkspaces: enforce permissions by @stevekuznetsov in #1267
- virtual: Remove unsupported verbs from virtual API server discovery by @astefanutti in #1272
- Remove logo icon file with invalid name by @astefanutti in #1276
- virtual workspaces: skips registartion of default health checks by @p0lyn0mial in #1273
- authorization: clarify/fix service accounts and workspace initialization by @s-urbaniak in #1261
- Added prerequisites on the README by @ppatierno in #1284
- cmd/test-server: pass flags to kcp by @sttts in #1286
- fix typo: indexByWorks{ap->pa}ce by @sttts in #1290
- reconciler/apiexport: don't klog.Fatal by @sttts in #1291
- cli: fix ClusterWorkspace columns output by @sttts in #1296
- cmd/kcp: non-zero return code on error by @sttts in #1287
- server: centrally create and start ddsif by @sttts in #1295
- Reduce log noise by @sttts in #1297
- reconciler/placement: fix patch typo by @sttts in #1298
- e2e: switch NewWorkspaceFixture to options by @sttts in #1289
- Clean up unused e2e helpers by @sttts in #1300
- admission/clusterworkspace: check errors in unit test by @sttts in #1302
- pkg/reconciler/apis/apiexport: clarify patching strategy in case of programming errors by @s-urbaniak in #1304
- Makefile: add test-e2e-shared by @sttts in #1310
- tenancy: show Deleting in phase column during ClusterWorkspace deletion by @sttts in #1303
- APIBinding/Workspace deletion improvement by @sttts in #1299
- github/ci.yaml: use test-e2e-shared make target by @sttts in #1311
- e2e/syncer: less noise with framework.Eventually by @sttts in #1317
- reconciler/clusterworkspace: split into independent reconcilers by @sttts in #1288
- admin.kubeconfig: remove cross-cluster context by @sttts in #1312
- e2e/framework: wait some time until printing message in Eventually by @sttts in #1292
- authorizer: unify workspace access reason by @sttts in #1314
- admission: record the user creating a workspace by @stevekuznetsov in #1321
- Fix partial meta request determination logic by @ncdc in #1322
- ClusterWorkspaces: add optional spec.shard scheduling constraints by @sttts in #1318
- admission/apibinding: fail closed when OpenAPI does not validate by @sttts in #1301
- Update replace directive to last k/k commit by @davidfestal in #1306
- server/apiextensions: use indexes and fixes by @sttts in #1294
- front-proxy: add --authentication-{pass-on,drop}-groups by @sttts in #1305
- virtualworkspace: add a proxy for workspace content by @stevekuznetsov in #1323
- turn the watch cache on by @p0lyn0mial in #1240
- pkg/virtual: externalize VW name and remove extra informers by @sttts in #1328
- virtualworkspaces: propagate clarifying changes by @stevekuznetsov in #1329
- virtualworkspaces: allow access to remove iniitalizers by @stevekuznetsov in #1330
- pkg/admission: add reserved metadata admission plugin by @s-urbaniak in #1343
- e2e/syncer: switch to multi-arch image by @sttts in #1347
- Use logicalcluster.ClusterHeader constant for X-Kubernetes-Cluster by @sttts in #1348
- Do not stomp other APIExports in a workspace with NegotatedAPIResources by @sttts in #1346
- reconciler/workload/namespace: stop hotloop by @sttts in #1345
- Fix hotloop in placement due to bad patch by @ncdc in #1352
- e2e: print artifact paths by @sttts in #1356
- reconciler/apibinding: clean up logs by @sttts in #1358
- e2e: cope with asynchronously served (bound) CRDs by @sttts in #1357
- virtual: clean up post-start errors and var names by @sttts in #1360
- Add shard proxying and add (1-shard) sharded CI job with front-proxy by @sttts in #1203
- e2e/syncer: make the test app sleep, not restart with AlreadyExists by @sttts in #1355
- e2e: reduce redundant syncer test logs by @sttts in #1342
- CONTRIBUTING.md: document testing by @sttts in #1363
- e2e/framework: doc Eventually by @sttts in #1362
- turn off the watch cache temporarily until we resolve the issue with DDSIF (not syncing after restart) by @p0lyn0mial in #1368
- reconciler/apibinding: V(2) mapping schemas by @sttts in #1359
- pkg/admission/reservedmetadata: optimize allocations by @s-urbaniak in #1367
- kcp CLI: error out for an non existent workspace while changing ws by @sm43 in #1278
- server/apiextensions: stop serving non-wildcard identity requests by @sttts in #1365
- server: only make default paths absolute, not user-provided ones by @sttts in #1349
- cmd/kcp-front-proxy/authentication/groups.go: fix groups filtering by @s-urbaniak in #1371
- Makefile: be tolerant if local directory is not a git checkout by @s-urbaniak in #1379
- Makefile: wait for test server admin.kubeconfig before starting tests by @sttts in #1381
- informer: do not klog.Fatalf by @sttts in #1383
- admission: only reserve our exact groups by @stevekuznetsov in #1386
- Use authorization.WorkspaceAcccessNotPermittedReason by @sttts in #1378
- apibinding/conflictchecker: use APIBinding.status.boundResources, not APIExport by @sttts in #1382
- VSCode: cleanup KCP launch configurations and use tokens by @davidfestal in #1390
- virtual: generalize label selector wrapper and get rid of panic by @sttts in #1393
- virtual: Support create, delete and deletecollection requests by @astefanutti in #1283
- virtual/fixedgvs: import cleanup by @sttts in #1394
- Revert "apibinding/conflictchecker: use APIBinding.status.boundResources, not APIExport" by @sttts in #1400
- Update OWNERS to fix my name by @davidfestal in #1403
- pkg/server/virtual.go: fix redirection of url request parameters by @s-urbaniak in #1401
- kcp workspaces: improve wording for workspace creation by @stevekuznetsov in #1402
- Workspaces VW: Fix obsolete permission management... by @davidfestal in #1374
- Fix image build by @ncdc in #1407
- authz: protect status subresource from non-system:masters by @sttts in #1396
- System CRDs -> APIBindings by @sttts in #1316
- Various dynamic discovery shared informer factory updates by @ncdc in #1372
- Fix: Add version for kcp and syncer by @varshaprasad96 in #1409
- workspaces VW: Fix CWT management by @davidfestal in #1414
- cmd,pkg: use constant for system:master by @s-urbaniak in #1410
- tenancy: add cluster workspace type extensions by @stevekuznetsov in #1375
- Noticed typo on the log by @matzew in #1391
- brings back the watch cache by @p0lyn0mial in #1377
- Exit build process if Kubernetes version is missing by @doru1004 in #1418
- e2e: stop spamming entire objects by @stevekuznetsov in #1424
- config: generate APIResourceSchemas and APIExports robustly by @stevekuznetsov in #1422
- e2e/virtual/apiexport: fix authz flake by @sttts in #1436
- e2e/framework: fix root dir for in-process server by @sttts in #1437
- syncer: avoid fatal WorkloadCluster get by @sttts in #1439
- syncer/apiimporter: log what it does by @sttts in #1443
- Hunting APIBinding flake by @sttts in #1438
- config/universal: mark default ns create-only by @sttts in #1444
- e2e/watchcache: fix missing identity logic by @sttts in #1442
- Add kcp start options for embedded etcd server Prometheus scrape URLs by @MikeSpreitzer in #1435
- placement controller by @qiujian16 in #1277
- Bump kube: to pickup multi-value indexer fix #79 by @sttts in #1447
- apis: add omitempty to optional fields by @stevekuznetsov in #1423
- Add kcp start option --embedded-etcd-quota-backend-bytes by @MikeSpreitzer in #1430
- README: update docs for starting by @stevekuznetsov in #1451
- server: bootstrap root phase-1 after controllers are starting by @sttts in #1453
- Add --version flag for kubectl-kcp plugin by @apoorvajagtap in #1432
- reconciler/apibinding: flake: resources should only be bound when established by @sttts in #1440
- Bootstrap new
ClusterWorkspaceType
s for the Home workspaces feature. by @davidfestal in #1455 - server/apiextensions: disable non-system-CRD non-identity wildcard requests by @sttts in #1395
- tenancy: fully qualify type references by @stevekuznetsov in #1429
- config/root: fix CWTs by @stevekuznetsov in #1464
- Rename: WorkloadCluster->SyncTarget by @ncdc in #1461
- Add e2e-sharded docs only job by @ncdc in #1466
- Add flake hunting docs by @ncdc in #1463
- docs: link to virtual workspaces demo by @markmc in #1460
- Fix trailing new lines by @davidfestal in #1469
- authorizer/apibinding: prefix users and groups in MaximalPermissionPolicy by @sttts in #1411
- Add soft impersonation utils for client-go clients by @davidfestal in #1468
- apis/apis/APIExport: fix typos in maximalPermissionPolicy by @sttts in #1470
- Implement the Home workspaces http handler by @davidfestal in #1373
- Impersonation in
workspaces
virtual workspace SubjectAccessReview requests by @davidfestal in #1456 - CLI: Support home workspace through
~
by @davidfestal in #1392 - Reworking namespaces by @jmprusi in #1309
- e2e: add user-agents to hand-crafted rest configs by @stevekuznetsov in #1459
- Add shard-base-url flag to default clusterworkspaceshards by @csams in #1478
- cli/workload/sync: improve usability by @sttts in #1475
- reconciler/apis/apibinding: make phase=Bound permanent by @sttts in #1420
- Update placement doc by @qiujian16 in #1472
- API: Rename and make ClusterResourceStateLabelPrefix public by @jmprusi in #1485
- Testing wrapping of cluster client calls by @varshaprasad96 in #1376
- Syncer: add support for qps and burst by @ncdc in #1486
- adds a shard-name flag for assigning a name to a shard instance by @p0lyn0mial in #1479
- *: remove the vestigial attempt at cross-shard resourceversions by @stevekuznetsov in #1487
- config/root: avoid race of bootstrapping with controller by @sttts in #1491
- admission/clusterworkspace: move owner annotation code here by @sttts in #1492
- server/home: check owner on 'GET ~' and fix flake by @sttts in #1480
- Wipe owner info as soon as possible by @sttts in #1494
- sharded-test-server: allows for specifying the number of shards to create by @p0lyn0mial in #1484
- apis/workload: move workload.kcp.dev/skip-default-object-creation here from apis.kcp.dev/v1alpha1 by @sttts in #1481
- e2e: require two failed pings to fail the test by @stevekuznetsov in #1489
- Adding permissions claims API for granting more resource for VirtualWorkspace by @shawn-hurley in #1244
- Allows syncer feature gate annotation in reserved-metadata admission by @jmprusi in #1496
- apibinding: name checker should take into account the group name by @p0lyn0mial in #1505
- admission/clusteworkspacetypeexists: in-place validation, fixes by @sttts in #1503
- Waiting for the binding to have observed the permission claims in test by @shawn-hurley in #1511
- pkg/apis: fix go mod by @ncdc in #1513
- use a more minimal k8s fork by @stevekuznetsov in #1498
- Add stub livez handler in the proxy by @csams in #1508
- admission/clusterworkspaceexists: use builder pattern in tests by @sttts in #1516
- admission/clusteworkspacetypeexists: lower-case types, dashes, cli type search by @sttts in #1474
- cli: deprecate list command by @sttts in #1519
- test-servers: enable audit logs by @sttts in #1441
- Fix a typo s/matchins/matching by @kasturinarra in #1525
- Don't unschedule a resource if blocked by a cluster or syncer finalizer by @jmprusi in #1515
- Remove non-existing scheduling-disabled label from ReservedMetadata allow list by @jmprusi in #1522
- cli: switch meaning of 'kubectl ws' to go to home workspace, add 'kubectl ws .' by @sttts in #1521
- cli: promote '--short' option to be usable also in 'kubectl ws --short' syntax by @sttts in #1520
- cli/workload/sync: MaxSyncTargetNameLength decreased by SyncerIDPrefix length by @robinbobbitt in #1527
- server/home: avoid returning an uninitialized ~ workspace by @sttts in #1523
New Contributors
- @p0lyn0mial made their first contribution in #1170
- @MikeSpreitzer made their first contribution in #1212
- @mayurwaghmode made their first contribution in #1216
- @robszumski made their first contribution in #1260
- @ppatierno made their first contribution in #1284
- @sm43 made their first contribution in #1278
- @matzew made their first contribution in #1391
- @doru1004 made their first contribution in #1418
- @apoorvajagtap made their first contribution in #1432
- @markmc made their first contribution in #1460
- @kasturinarra made their first contribution in #1525
Full Changelog: v0.5.0-alpha.0...v0.6.0-alpha.0