v0.27.0

Changes by Kind

Breaking Change

• Release artifacts for ppc64le are no longer published (#3211, @embik)

Security

• Fix impersonation for non-system users (GHSA-c7xh-gjv4-4jgv) (#3206, @mjudeikis)
• Add additional authorizer to APIExport Virtual Workspace that queries APIBinding for authorization decisions (GHSA-w2rr-38wv-8rrp / CVE-2025-29922) (#3338, @embik)

API Change

• Expose the kcp e2e test framework through the SDK. (#3327, @sttts)
• Updated dependencies to be in line with Kubernetes v1.31.6 (#3307, @gman0)

Feature

• Pass through original identity of controllers accessing a logical cluster through the APIExport virtual workspace. To get the required permissions, a warrant mechanism is added through user extra fields that attaches secondary user identities purely used for authorization. (#3156, @sttts)
• Make APIExportEndpointSlices consumer aware (#3256, @mjudeikis)
• Add workspace phase reporter reconciler (#3183, @mjudeikis)
• Add the Unavailable phase to the API (#3183, @mjudeikis)
• Implement exclusion of Unavailable workspaces from serving via proxy to avoid serving something which is not supposed to be served. (#3183, @mjudeikis)
• Add OpenAPI v3 schema support to the Virtual Workspace framework (#3246, @xmudrii)
• Add --accept-permission-claim and --reject-permission-claim flag to kubectl kcp bind apiexport (#3334, @mjudeikis)
• Add original user/groups information as extra to the impersonating client used by virtual workspace. (#3155, @turkenh)
• Add support for external webhook authorization. (#3198, @xrstf)
• Add user info support for scopes through the extra key authentication.kcp.io/scopes: cluster:<name>,... to contain a user in a certain cluster. Multiple extra values are conjunctive, i.e. their intersection is the allowed scope. (#3235, @sttts)
• Enable structured authentication configuration from a file with —authentication-config flag. (#3295, @cnvergence)
• Enhance local development experience for VirtualWorkspaces, adding --mappings-file option for local dev (#3199, @mjudeikis)
• Provide --authorization-order flag that allows kcp administrator to tune the authorizer behaviour and rearrange the order. (#3281, @cnvergence)
• Provide a feature gate GlobalServiceAccount that enables cross-workspace ServiceAccount authorization (requires --service-account-lookup=false in sharded environments). (#3328, @cnvergence)
• Replicate APIExportEndpointSlices to cache server (#3277, @mjudeikis)

Bug or Regression

• Fix critical race condition between APIBindings and CRDs potentially allowing the same resource to be bound by multiple bindings or CRDs, leading to data loss or inconsistent state. (#3251, @sttts)
• Fix external modifications to annotations being reverted by admission webhook (#3229, @ntnn)
• Add additional validation for impersonation to prevent groups and extras privileged impersonations. (#3243, @mjudeikis)
• Fix regression in DeepCopy generator (#3188, @mjudeikis)
• Purposefully crash if leader election was won but controllers failed to install, allowing another instance to take leadership (#3196, @embik)
• Update kcp start options to print to stdout (#3237, @jmcshane)

Other (Cleanup or Flake)

• Add wget to final image (#3240, @mjudeikis)
• Build apigen binary on releases (#3326, @mjudeikis)
• Crd-puller will generate files with 0644 permissions instead of 0777. (#3319, @xrstf)
• Update golangci-lint to 1.26.2, remove dependency on standalone staticcheck binary (#3208, @xrstf)
• kcp is built with Go 1.23.7 (#3331, @embik)
• kcp is built with Go 1.22.10 (#3212, @embik)
• kcp is built with Go 1.22.9 (#3200, @embik)

Dependencies

Added

• github.com/kcp-dev/embeddedetcd: v1.0.2

Changed

• github.com/go-openapi/jsonpointer: v0.19.6 → v0.21.0
• github.com/go-openapi/jsonreference: v0.20.2 → v0.21.0
• github.com/go-openapi/swag: v0.22.4 → v0.23.0
• github.com/google/gnostic-models: v0.6.8 → v0.6.9
• github.com/kcp-dev/apimachinery/v2: a9eb975 → 431177b
• github.com/kcp-dev/client-go: f5949d8 → 3dea338
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/api: ab5c3a6 → 0011b8c
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiextensions-apiserver: ab5c3a6 → 0011b8c
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/apimachinery: ab5c3a6 → 0011b8c
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiserver: ab5c3a6 → 0011b8c
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/cli-runtime: ab5c3a6 → 0011b8c
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/client-go: ab5c3a6 → 0011b8c
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/cloud-provider: ab5c3a6 → 0011b8c
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/cluster-bootstrap: ab5c3a6 → 0011b8c
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/code-generator: ab5c3a6 → 0011b8c
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-base: ab5c3a6 → 0011b8c
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-helpers: ab5c3a6 → 0011b8c
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/controller-manager: ab5c3a6 → 0011b8c
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/cri-api: ab5c3a6 → 0011b8c
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/cri-client: ab5c3a6 → 0011b8c
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/csi-translation-lib: ab5c3a6 → 0011b8c
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/dynamic-resource-allocation: ab5c3a6 → 0011b8c
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/endpointslice: ab5c3a6 → 0011b8c
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/kms: ab5c3a6 → 0011b8c
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-aggregator: ab5c3a6 → 0011b8c
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-controller-manager: ab5c3a6 → 0011b8c
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-proxy: ab5c3a6 → 0011b8c
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-scheduler: ab5c3a6 → 0011b8c
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/kubectl: ab5c3a6 → 0011b8c
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/kubelet: ab5c3a6 → 0011b8c
• github.com...

v0.26.3

Note: v0.26.2 has not been released properly due to an issue in our release engineering tools and thus, should be skipped.

Changes by Kind

Security

• Add additional authorizer to APIExport Virtual Workspace that queries APIBinding for authorization decisions (GHSA-w2rr-38wv-8rrp) (#3338, @embik)

v0.27.0-rc.1

Changelog

• 2309e76 Merge pull request #3324 from Soot3/main
• 28f5a2c Merge pull request #3326 from mjudeikis/mjudeikis/add.apigen.build
• 68bef78 Update docs/content/concepts/workspaces/workspace-types.md
• 4a43c68 build apigen on make build
• 4f11204 update upload gh action
• aaa0f4b build apigen on releases
• 84b4e02 Update workspace-types.md
• 265b734 Merge pull request #3319 from xrstf/fix-crd-permissions
• 4194fde Merge pull request #3317 from gman0/verify-go-modules-no-pager
• ee3cfd3 Merge pull request #3322 from sttts/sttts-e2e-more-helpers
• 299da74 test/e2e/framework: move more helpers
• 4195908 Merge pull request #3321 from sttts/sttts-e2e-unused
• 3e3a4f8 test/e2e/framework: split server code apart
• ef21ddb test/e2e: remove empty shard test and unused helpers
• edb6028 do not create executable YAML files from crd-puller
• c7b02b3 hack/verify-go-modules.sh: don't run pager with git diff
• dfcda9f Merge pull request #3314 from embik/reduce-jobs-for-docs
• 943bcf8 Merge pull request #3312 from gman0/compare-deps-versions
• 9ea768b Merge pull request #3315 from gman0/fix-indexctr-updatehandler
• f19f2c9 Fix update handler in pkg/proxy/index controller
• 4d953ae Limit several jobs to not run for doc changes
• 1e741bb Merge pull request #3313 from Skarlso/doc-update-location
• f01aea5 Merge pull request #3311 from mjudeikis/mjudeikis/tmc.nit
• 47a9b9b doc: remove superflous output from make install command in the docs
• ae51cc9 hack/verify-go-modules.sh: compare dependency versions against k8s.io/kubernetes
• d86e180 nit in TMC investigation

v0.26.1

Changes by Kind

API Change

• Fix impersonation for non-system users (GHSA-c7xh-gjv4-4jgv) (#3206, @mjudeikis)

Uncategorized

• Kcp is built with Go 1.22.10 (#3213, @embik)
• Release artifacts for ppc64le are no longer published (#3211, @embik)

Dependencies

Added

Nothing has changed.

Changed

• github.com/kcp-dev/kubernetes/staging/src/k8s.io/api: ab5c3a6 → 70835f6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiextensions-apiserver: ab5c3a6 → 70835f6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/apimachinery: ab5c3a6 → 70835f6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiserver: ab5c3a6 → 70835f6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/cli-runtime: ab5c3a6 → 70835f6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/client-go: ab5c3a6 → 70835f6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/cloud-provider: ab5c3a6 → 70835f6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/cluster-bootstrap: ab5c3a6 → 70835f6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/code-generator: ab5c3a6 → 70835f6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-base: ab5c3a6 → 70835f6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-helpers: ab5c3a6 → 70835f6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/controller-manager: ab5c3a6 → 70835f6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/cri-api: ab5c3a6 → 70835f6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/cri-client: ab5c3a6 → 70835f6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/csi-translation-lib: ab5c3a6 → 70835f6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/dynamic-resource-allocation: ab5c3a6 → 70835f6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/endpointslice: ab5c3a6 → 70835f6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/kms: ab5c3a6 → 70835f6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-aggregator: ab5c3a6 → 70835f6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-controller-manager: ab5c3a6 → 70835f6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-proxy: ab5c3a6 → 70835f6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-scheduler: ab5c3a6 → 70835f6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/kubectl: ab5c3a6 → 70835f6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/kubelet: ab5c3a6 → 70835f6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/metrics: ab5c3a6 → 70835f6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/mount-utils: ab5c3a6 → 70835f6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/pod-security-admission: ab5c3a6 → 70835f6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/sample-apiserver: ab5c3a6 → 70835f6
• github.com/kcp-dev/kubernetes: ab5c3a6 → 70835f6

Removed

Nothing has changed.

v0.26.0

Changes by Kind

API Change

• Rebase 1.31 (#3160, @mjudeikis)

Feature

• Add support for internal.kcp.io/inactive annotation on logical clusters to forbid any access beyond logical clusters. (#3152, @RedbackThomson)

Performance & Optimizations

• Fix performance issue of all watches to termindate after 30s. (#3162, @sttts)
• Fix performance problem in virtual workspace authorization. (#3163, @sttts)
• Make workspace deletion more reliable, trying harder to not leak LogicalClusters. (#3119, @sttts)
• Optimize apibinding reconciler to produce less work for the memory garbage collector. (#3166, @sttts)
• Optimize authorization in virtual workspaces. (#3167, @sttts)
• Reduce memory consumption of the admission webhook plugin. (#3165, @sttts)
• Skip attempt to create root directory if --root-directory="" is set (#3158, @embik)

Dependencies

Added

• cel.dev/expr: v0.15.0
• github.com/antlr4-go/antlr/v4: v4.13.0
• github.com/go-task/slim-sprig/v3: v3.0.0
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/cri-client: ab5c3a6
• github.com/shurcooL/sanitized_anchor_name: v1.0.0
• github.com/urfave/cli: v1.22.1
• gopkg.in/evanphx/json-patch.v4: v4.12.0

Changed

• cloud.google.com/go/compute/metadata: v0.2.3 → v0.3.0
• github.com/Microsoft/hcsshim: v0.8.25 → v0.8.26
• github.com/alecthomas/kingpin/v2: v2.3.2 → v2.4.0
• github.com/cenkalti/backoff/v4: v4.2.1 → v4.3.0
• github.com/cespare/xxhash/v2: v2.2.0 → v2.3.0
• github.com/cncf/udpa/go: c52dc94 → 269d4d4
• github.com/cncf/xds/go: e9ce688 → 555b57e
• github.com/container-storage-interface/spec: v1.8.0 → v1.9.0
• github.com/coredns/corefile-migration: v1.0.21 → v1.0.23
• github.com/cpuguy83/go-md2man/v2: v2.0.2 → v2.0.4
• github.com/davecgh/go-spew: v1.1.1 → d8f796a
• github.com/envoyproxy/go-control-plane: v0.11.1 → v0.12.0
• github.com/envoyproxy/protoc-gen-validate: v1.0.2 → v1.0.4
• github.com/fxamacker/cbor/v2: v2.6.0 → v2.7.0
• github.com/go-logr/logr: v1.4.1 → v1.4.2
• github.com/go-openapi/swag: v0.22.3 → v0.22.4
• github.com/golang/glog: v1.1.2 → v1.2.1
• github.com/golang/mock: v1.6.0 → v1.1.1
• github.com/google/cel-go: v0.17.8 → v0.20.1
• github.com/google/pprof: 4bb14d4 → 4bfdf5a
• github.com/google/uuid: v1.3.1 → v1.6.0
• github.com/grpc-ecosystem/grpc-gateway/v2: v2.16.0 → v2.20.0
• github.com/kcp-dev/apimachinery/v2: v2.0.0 → a9eb975
• github.com/kcp-dev/client-go: bf1c9b8 → f5949d8
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/api: 321bee1 → ab5c3a6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiextensions-apiserver: 321bee1 → ab5c3a6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/apimachinery: 321bee1 → ab5c3a6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiserver: 321bee1 → ab5c3a6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/cli-runtime: 321bee1 → ab5c3a6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/client-go: 321bee1 → ab5c3a6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/cloud-provider: 321bee1 → ab5c3a6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/cluster-bootstrap: 321bee1 → ab5c3a6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/code-generator: 321bee1 → ab5c3a6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-base: 321bee1 → ab5c3a6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-helpers: 321bee1 → ab5c3a6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/controller-manager: 321bee1 → ab5c3a6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/cri-api: 321bee1 → ab5c3a6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/csi-translation-lib: 321bee1 → ab5c3a6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/dynamic-resource-allocation: 321bee1 → ab5c3a6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/endpointslice: 321bee1 → ab5c3a6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/kms: 321bee1 → ab5c3a6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-aggregator: 321bee1 → ab5c3a6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-controller-manager: 321bee1 → ab5c3a6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-proxy: 321bee1 → ab5c3a6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-scheduler: 321bee1 → ab5c3a6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/kubectl: 321bee1 → ab5c3a6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/kubelet: 321bee1 → ab5c3a6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/metrics: 321bee1 → ab5c3a6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/mount-utils: 321bee1 → ab5c3a6
• github.com/kcp-dev/kubernetes/staging/src/k8s.io/pod-security-admission: 321bee1 → ab5c3a6
• github.com/kcp-dev/kubernetes/stagi...

v0.25.0

Changes by Kind

Dependency Change

• Kcp is built with Go 1.22.5 now (#3145, @embik)
• Update dependencies to address CVE-2023-45288 and CVE-2024-24786 (#3136, @embik)

API Change

• Allow claiming SubjectAccessReview and LocalSubjectAccessReview in apiexports. (#3129, @sttts)
• Fix apply configuration client for APIExport. (#3153, @sttts)
• Remove ClusterWorkspaces resource as it has been replaced by Workspaces in previous releases (#3123, @embik)
• Remove the need to put a replace directive in place for github.com/kcp-dev/kcp/cli when importing github.com/kcp-dev/kcp (#3146, @embik)
• Set the kcp.io/cluster annotation on objects passed to an admission webhook on create. (#3124, @sttts)
• Update to Kubernetes 1.30 (#3140, @embik)
• Update to Kubernetes 1.30.3 (#3150, @embik)

Feature

• Add --version flag to kubectl-workspace (#3135, @embik)
• Add kubectl create workspace plugin. (#3154, @sttts)
• Add support for internal.kcp.io/inactive annotation on logical clusters to forbid any access beyond logical clusters. (#3152, @RedbackThomson)

Bug or Regression

• Calls intialize indexer only once before the informer starts (#3139, @ramramu3433)
• Fix postStartHook being present two times on log lines (#3134, @embik)
• Fix sequencing of controllers/informers start and leader election (#3132, @ramramu3433)

Other (Cleanup or Flake)

• Remove kcp-core binary (kcp remains unchanged) (#3148, @embik)
• Write diagnostics (deprecation notices and warnings) in kubectl-workspace to stderr instead of stdout (#3133, @embik)

v0.24.0

User Facing Changes

• Add experimental workspace mount reconciler (#3058, @mjudeikis)
• Kcp ws use support for relative and absolute multi-step navigation (#3088, @mjudeikis)
• ✨ Add Webhook URL based CRD conversions (#3090, @palnabarun)
• Add support for /openapi/v3 endpoints for workspaces with awareness of static resources, CRDs and APIBindings. (#3118, @sttts)
• Fix workspaces hot reload for index controller (#3095, @mjudeikis)
• Implement SelfSubjectRulesReview API, enabling usage of e.g. kubectl auth can-i --list (#3097, @embik)
• Re-enable Kubernetes Webhook Token Authentication (#3096, @ajwdev)
• Update etcd version to 3.5.13 (#3114, @embik)

Dependencies

• github.com/golang/protobuf: v1.5.3 → v1.5.4
• github.com/kcp-dev/logicalcluster/v3: v3.0.4 → v3.0.5
• github.com/sirupsen/logrus: v1.9.0 → v1.9.3
• go.etcd.io/bbolt: v1.3.7 → v1.3.9
• go.etcd.io/etcd/api/v3: v3.5.9 → v3.5.13
• go.etcd.io/etcd/client/pkg/v3: v3.5.9 → v3.5.13
• go.etcd.io/etcd/client/v2: v2.305.9 → v2.305.13
• go.etcd.io/etcd/client/v3: v3.5.9 → v3.5.13
• go.etcd.io/etcd/pkg/v3: v3.5.9 → v3.5.13
• go.etcd.io/etcd/raft/v3: v3.5.9 → v3.5.13
• go.etcd.io/etcd/server/v3: v3.5.9 → v3.5.13
• golang.org/x/sync: v0.4.0 → v0.5.0
• google.golang.org/protobuf: v1.31.0 → v1.33.0

PRs

• ✨ Index mounting ordering & few debug nits by @mjudeikis in #3085
• ✨ Add workspace mount battery & controller by @mjudeikis in #3058
• 🌱 add mount test into index by @mjudeikis in #3089
• 🐛 fix mount workspace reload by @mjudeikis in #3095
• ✨ add krew index build by @mjudeikis in #3094
• ✨ Feature: Re-enable webhook token authentication by @ajwdev in #3096
• 📖 Document how storage keys are computed for workspaces by @p0lyn0mial in #1905
• 📖 Update documentation with CNCF community group by @embik in #3101
• 📖 Deploy most recent release documentation as 'latest' alias by @embik in #3102
• ✨ kubectl support ../../ & ..:..: by @mjudeikis in #3088
• ✨ cli/use: simplify tests and add tests for relative paths by @sttts in #3103
• 🌱 Publish RC candidates by @mjudeikis in #3105
• ✨ Add Tilt setup to contrib by @mjudeikis in #3037
• ✨ Webhook URL based CRD conversions by @palnabarun in #3090
• 📖 Update documentation dependencies and add dark mode by @embik in #3109
• 📖 Organize generated CRD documentation by API group by @embik in #3110
• ✨ Implement RulesFor for GlobalAuthorizer and LocalAuthorizer to enable SelfSubjectRulesReview by @embik in #3097
• 📖 Add architecture brain-dump. by @sttts in #3108
• 📖 Refactor documentation sections and mention Helm chart by @embik in #3113
• 🌱 Bump etcd dependencies to 3.5.13 by @embik in #3114
• 🌱 Set controller rest config timeout to 30secs by @sankar17 in #3112
• ✨ Implement cluster-aware OpenAPI v3 by @sttts in #3118
• 🐛 Implement RoundTripperWrapper everywhere to allow cancellation by @sttts in #3120

New Contributors

• @ajwdev made their first contribution in #3096
• @palnabarun made their first contribution in #3090
• @sankar17 made their first contribution in #3112

Full Changelog: v0.23.0...v0.24.0

v0.23.0

Changes by Kind

API Change

• Add optional nameValidation field to ApiResourceSchemaSpec. This field is used to add an internal annotation to the bound API and the name validation strategy is decided based on the value. (#3082, @praveenrewar)

Uncategorized

• The kubectl plugins have been moved into their own github.com/kcp-dev/kcp/cli module for easier vendoring. (#3084, @sttts)
• Use correct verb in metrics-viewer ClusterRole to give access to /metrics (#3081, @embik)

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

v0.22.0

Changes by Kind

API Change

• Add experimental mounts API (#3057, @mjudeikis)
• Make LogicalCluster claimable resource for deeper level integration ontop of KCP (#3035, @mjudeikis)

Feature

• Add a metrics-viewer user subject to the ClusterRoleBinding created by the metrics-viewer battery, for which credentials can be generated outside of kcp (#3064, @embik)
• Add cache-server binary into image (#3067, @mjudeikis)
• Add new admin battery which is enabled by default (#3041, @embik)
• Simplify index package for frontproxy (#3056, @mjudeikis)

Bug or Regression

• Fix system:admin context and add system:base in generated admin.kubeconfig (#3070, @embik)
• Fix metrics battery bug (#3060, @mjudeikis)

Other (Cleanup or Flake)

• Add FOSSA license scanner (#3054, @fossabot)
• Reduce log verbosity for processing/queueing messages in controllers (#3073, @xrstf)

Dependencies

Added

• cloud.google.com/go/dataproc/v2: v2.0.1

Changed

• cloud.google.com/go/aiplatform: v1.45.0 → v1.48.0
• cloud.google.com/go/analytics: v0.21.2 → v0.21.3
• cloud.google.com/go/baremetalsolution: v0.5.0 → v1.1.1
• cloud.google.com/go/batch: v0.7.0 → v1.3.1
• cloud.google.com/go/beyondcorp: v0.6.1 → v1.0.0
• cloud.google.com/go/bigquery: v1.52.0 → v1.53.0
• cloud.google.com/go/cloudbuild: v1.10.1 → v1.13.0
• cloud.google.com/go/cloudtasks: v1.11.1 → v1.12.1
• cloud.google.com/go/compute: v1.21.0 → v1.23.0
• cloud.google.com/go/contactcenterinsights: v1.9.1 → v1.10.0
• cloud.google.com/go/container: v1.22.1 → v1.24.0
• cloud.google.com/go/datacatalog: v1.14.1 → v1.16.0
• cloud.google.com/go/dataplex: v1.8.1 → v1.9.0
• cloud.google.com/go/datastore: v1.12.1 → v1.13.0
• cloud.google.com/go/datastream: v1.9.1 → v1.10.0
• cloud.google.com/go/deploy: v1.11.0 → v1.13.0
• cloud.google.com/go/dialogflow: v1.38.0 → v1.40.0
• cloud.google.com/go/documentai: v1.20.0 → v1.22.0
• cloud.google.com/go/eventarc: v1.12.1 → v1.13.0
• cloud.google.com/go/firestore: v1.11.0 → v1.12.0
• cloud.google.com/go/gkebackup: v0.4.0 → v1.3.0
• cloud.google.com/go/gkemulticloud: v0.6.1 → v1.0.0
• cloud.google.com/go/kms: v1.12.1 → v1.15.0
• cloud.google.com/go/maps: v0.7.0 → v1.4.0
• cloud.google.com/go/metastore: v1.11.1 → v1.12.0
• cloud.google.com/go/policytroubleshooter: v1.7.1 → v1.8.0
• cloud.google.com/go/pubsub: v1.32.0 → v1.33.0
• cloud.google.com/go/run: v0.9.0 → v1.2.0
• cloud.google.com/go/servicedirectory: v1.10.1 → v1.11.0
• cloud.google.com/go/speech: v1.17.1 → v1.19.0
• cloud.google.com/go/translate: v1.8.1 → v1.8.2
• cloud.google.com/go/video: v1.17.1 → v1.19.0
• cloud.google.com/go/vmwareengine: v0.4.1 → v1.0.0
• cloud.google.com/go: v0.110.4 → v0.110.7
• github.com/felixge/httpsnoop: v1.0.3 → v1.0.4
• github.com/go-logr/logr: v1.2.4 → v1.3.0
• github.com/golang/glog: v1.1.0 → v1.1.2
• go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc: v0.45.0 → v0.46.0
• go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.45.0 → v0.46.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.19.0 → v1.20.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.19.0 → v1.20.0
• go.opentelemetry.io/otel/metric: v1.19.0 → v1.20.0
• go.opentelemetry.io/otel/sdk: v1.19.0 → v1.20.0
• go.opentelemetry.io/otel/trace: v1.19.0 → v1.20.0
• go.opentelemetry.io/otel: v1.19.0 → v1.20.0
• go.uber.org/goleak: v1.2.1 → v1.3.0
• golang.org/x/crypto: v0.14.0 → v0.18.0
• golang.org/x/sys: v0.13.0 → v0.16.0
• golang.org/x/term: v0.13.0 → v0.16.0
• golang.org/x/text: v0.13.0 → v0.14.0
• google.golang.org/genproto/googleapis/api: 782d3b1 → b8732ec
• google.golang.org/genproto/googleapis/rpc: 782d3b1 → b8732ec
• google.golang.org/genproto: 782d3b1 → b8732ec
• google.golang.org/grpc: v1.58.2 → v1.59.0

Removed

• cloud.google.com/go/dataproc: v1.12.0

v0.21.0

First release where KCP is part of CNCF Sandbox!
Major change - rebase to Kubernetes 1.28

What's Changed

• 📖 Update release process doc by @mjudeikis in #2988
• ⚠️ Remove apiresource.kcp.io apis by @mjudeikis in #2992
• 📖 Fix typo in CONTRIBUTING.md by @fgiloux in #2993
• 🐛 make help by @carlory in #3005
• 🌱 add vendor into .gitignore by @carlory in #3009
• ✨ Add leader election for kcp (core) controllers by @embik in #2996
• ✨ Add --cors-allowed-origins flag to kcp-front-proxy by @xrstf in #3013
• 📖 Update README to include link to community meeting agenda doc by @embik in #3014
• 📖 Add logo variants by @embik in #3015
• ✨ Rebase to 1.28 by @sttts in #3017
• 🐛 Bump lint to 20min by @mjudeikis in #3020
• 🌱 Bump uraimo/run-on-arch-action from 2.5.0 to 2.5.1 by @dependabot in #2999
• 🌱 Add new maintainers by @sttts in #3022
• 🌱 Increase workspace init timeout in e2e tests to 60 seconds by @embik in #3025
• 📖 Adopt CNCF Code of Conduct by @embik in #3027
• 🐛 prow fix go version validate by @mjudeikis in #3019
• 🌱 Increase resource requests on Prow jobs but only run if code changed by @embik in #3029
• ✨ Add CRDs to built-in types by @mjudeikis in #3018
• 🐛 Memory leak fix in mutating & validating webhooks by @mjudeikis in #3026
• 🐛 Fix frontproxy by @mjudeikis in #3023
• 📖 docs: generate list of carry commits for rebasing by @nikhita in #2994
• 🌱 Bump Go Dependencies by @xrstf in #3031
• 🌱 Add metrics-viewer 'battery' by @mjudeikis in #3024
• ✨ tag container images with branch name, too by @xrstf in #3030
• 🐛 logicalcluster-deletion: skip bound resources by @sttts in #2958
• 📖 WIP: docs: add a sharding overview by @sttts in #3000
• 🌱 update SDK Go dependencies to match main go.mod by @xrstf in #3032

New Contributors

• @carlory made their first contribution in #3005
• @nikhita made their first contribution in #2994

Full Changelog: v0.20.0...v0.21.0