Download Latest Version
apigen_0.27.1_darwin_amd64.tar.gz (30.5 MB)
Get an email when there's a new version of kcp Kubernetes
Changes by Kind
Breaking Change
- Release artifacts for ppc64le are no longer published (#3211, @embik)
Security
- Fix impersonation for non-system users (GHSA-c7xh-gjv4-4jgv) (#3206, @mjudeikis)
- Add additional authorizer to APIExport Virtual Workspace that queries APIBinding for authorization decisions (GHSA-w2rr-38wv-8rrp) (#3338, @embik)
API Change
- Expose the kcp e2e test framework through the SDK. (#3327, @sttts)
- Updated dependencies to be in line with Kubernetes v1.31.6 (#3307, @gman0)
Feature
- Pass through original identity of controllers accessing a logical cluster through the APIExport virtual workspace. To get the required permissions, a warrant mechanism is added through user extra fields that attaches secondary user identities purely used for authorization. (#3156, @sttts)
- Make APIExportEndpointSlices consumer aware (#3256, @mjudeikis)
- Add workspace phase reporter reconciler (#3183, @mjudeikis)
- Add the Unavailable phase to the API (#3183, @mjudeikis)
- Implement exclusion of Unavailable workspaces from serving via proxy to avoid serving something which is not supposed to be served. (#3183, @mjudeikis)
- Add OpenAPI v3 schema support to the Virtual Workspace framework (#3246, @xmudrii)
- Add
--accept-permission-claimand--reject-permission-claimflag tokubectl kcp bind apiexport(#3334, @mjudeikis) - Add original user/groups information as extra to the impersonating client used by virtual workspace. (#3155, @turkenh)
- Add support for external webhook authorization. (#3198, @xrstf)
- Add user info support for scopes through the extra key
authentication.kcp.io/scopes: cluster:<name>,...to contain a user in a certain cluster. Multiple extra values are conjunctive, i.e. their intersection is the allowed scope. (#3235, @sttts) - Enable structured authentication configuration from a file with —authentication-config flag. (#3295, @cnvergence)
- Enhance local development experience for VirtualWorkspaces, adding
--mappings-fileoption for local dev (#3199, @mjudeikis) - Provide
--authorization-orderflag that allows kcp administrator to tune the authorizer behaviour and rearrange the order. (#3281, @cnvergence) - Provide a feature gate
GlobalServiceAccountthat enables cross-workspaceServiceAccountauthorization (requires--service-account-lookup=falsein sharded environments). (#3328, @cnvergence) - Replicate
APIExportEndpointSlicesto cache server (#3277, @mjudeikis)
Bug or Regression
- Fix critical race condition between APIBindings and CRDs potentially allowing the same resource to be bound by multiple bindings or CRDs, leading to data loss or inconsistent state. (#3251, @sttts)
- Fix external modifications to annotations being reverted by admission webhook (#3229, @ntnn)
- Add additional validation for impersonation to prevent groups and extras privileged impersonations. (#3243, @mjudeikis)
- Fix regression in DeepCopy generator (#3188, @mjudeikis)
- Purposefully crash if leader election was won but controllers failed to install, allowing another instance to take leadership (#3196, @embik)
- Update kcp start options to print to stdout (#3237, @jmcshane)
Other (Cleanup or Flake)
- Add wget to final image (#3240, @mjudeikis)
- Build apigen binary on releases (#3326, @mjudeikis)
- Crd-puller will generate files with 0644 permissions instead of 0777. (#3319, @xrstf)
- Update golangci-lint to 1.26.2, remove dependency on standalone staticcheck binary (#3208, @xrstf)
- kcp is built with Go 1.23.7 (#3331, @embik)
- kcp is built with Go 1.22.10 (#3212, @embik)
- kcp is built with Go 1.22.9 (#3200, @embik)
Dependencies
Added
Changed
- github.com/go-openapi/jsonpointer: v0.19.6 → v0.21.0
- github.com/go-openapi/jsonreference: v0.20.2 → v0.21.0
- github.com/go-openapi/swag: v0.22.4 → v0.23.0
- github.com/google/gnostic-models: v0.6.8 → v0.6.9
- github.com/kcp-dev/apimachinery/v2: a9eb975 → 431177b
- github.com/kcp-dev/client-go: f5949d8 → 3dea338
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/api: ab5c3a6 → 0011b8c
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiextensions-apiserver: ab5c3a6 → 0011b8c
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/apimachinery: ab5c3a6 → 0011b8c
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiserver: ab5c3a6 → 0011b8c
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/cli-runtime: ab5c3a6 → 0011b8c
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/client-go: ab5c3a6 → 0011b8c
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/cloud-provider: ab5c3a6 → 0011b8c
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/cluster-bootstrap: ab5c3a6 → 0011b8c
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/code-generator: ab5c3a6 → 0011b8c
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-base: ab5c3a6 → 0011b8c
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-helpers: ab5c3a6 → 0011b8c
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/controller-manager: ab5c3a6 → 0011b8c
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/cri-api: ab5c3a6 → 0011b8c
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/cri-client: ab5c3a6 → 0011b8c
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/csi-translation-lib: ab5c3a6 → 0011b8c
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/dynamic-resource-allocation: ab5c3a6 → 0011b8c
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/endpointslice: ab5c3a6 → 0011b8c
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/kms: ab5c3a6 → 0011b8c
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-aggregator: ab5c3a6 → 0011b8c
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-controller-manager: ab5c3a6 → 0011b8c
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-proxy: ab5c3a6 → 0011b8c
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-scheduler: ab5c3a6 → 0011b8c
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/kubectl: ab5c3a6 → 0011b8c
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/kubelet: ab5c3a6 → 0011b8c
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/metrics: ab5c3a6 → 0011b8c
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/mount-utils: ab5c3a6 → 0011b8c
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/pod-security-admission: ab5c3a6 → 0011b8c
- github.com/kcp-dev/kubernetes/staging/src/k8s.io/sample-apiserver: ab5c3a6 → 0011b8c
- github.com/kcp-dev/kubernetes: ab5c3a6 → 0011b8c
- github.com/mailru/easyjson: v0.7.7 → v0.9.0
- github.com/spf13/pflag: d5e0c06 → v1.0.6
- golang.org/x/crypto: v0.24.0 → v0.35.0
- golang.org/x/mod: v0.17.0 → v0.23.0
- golang.org/x/net: v0.26.0 → v0.36.0
- golang.org/x/sync: v0.7.0 → v0.11.0
- golang.org/x/sys: v0.21.0 → v0.30.0
- golang.org/x/telemetry: f48c80b → bda5523
- golang.org/x/term: v0.21.0 → v0.29.0
- golang.org/x/text: v0.16.0 → v0.22.0
- golang.org/x/tools: e35e4cc → v0.30.0
- google.golang.org/protobuf: v1.34.2 → v1.36.5