0.76.0

Highlights

#[derive(CustomResource)] now supports schemas with untagged enums

Expanding on our existing support for storing Rust's struct enums in CRDs, Kube will now try to convert #[serde(untagged)] enums as well. Note that if the same field is present in multiple untagged variants then they must all have the same shape.

Removed deprecated try_flatten_* functions

These have been deprecated since 0.72, and are replaced by the equivalent WatchStreamExt methods.

What's Changed

Added

• Adds example to Controller::watches by @Dav1dde in #1026
• Discovery: Add ApiGroup::resources_by_stability by @imuxin in #1022
• Add support for untagged enums in CRDs by @sbernauer in #1028
• Derive PartialEq for DynamicObject by @pbzweihander in #1048

Removed

• Runtime: Remove deprecated util try_flatten_ helpers by @clux in #1019
• Remove native-tls feature by @kazk in #1044

Fixed

• add fieldManager querystring to all operations by @goenning in #1031
• Add verify_tls1x_signature for NoCertVerification by @rvql in #1034
• Fix compatibility with schemars' preserve_order feature by @teozkr in #1050
• Hoist enum values from subschemas by @teozkr in #1051

New Contributors

• @Dav1dde made their first contribution in #1026
• @rvql made their first contribution in #1034
• @imuxin made their first contribution in #1022

Full Changelog: 0.75.0...0.76.0

0.75.0

Highlights

Upgrade k8s-openapi to 0.16 for Kubernetes 1.25

The update to [email protected] makes this the first release with tentative Kubernetes 1.25 support.
While the new structs and apis now exist, we recommend holding off on using 1.25 until a deserialization bug in the apiserver is resolved upstream. See #997 / #1008 for details.

To upgrade, ensure you bump both kube and k8s-openapi:

cargo upgrade kube k8s-openapi

New/Old Config::incluster default to connect in cluster

Our previous default of connecting to the Kubernetes apiserver via kubernetes.default.svc has been reverted back to use the old environment variables after Kubernetes updated their position that the environment variables are not legacy. This does unfortunately regress on rustls support, so for those users we have included a Config::incluster_dns to work around the old rustls issue while it is open.

Controller error_policy extension

The error_policy fn now has access to the object that failed the reconciliation to ease metric creation / failure attribution. The following change is needed on the user side:

-fn error_policy(error: &Error, ctx: Arc<Data>) -> Action {
+fn error_policy(_obj: Arc<YourObject>, error: &Error, ctx: Arc<Data>) -> Action {

Polish / Subresources / Conversion

There are also a slew of ergonomics improvements, closing of gaps in subresources, adding initial support for ConversionReview, making Api::namespaced impossible to use for non-namepaced resources (a common pitfall), as well as many great fixes to the edge cases in portforwarding and finalizers. Many of these changes came from first time contributors. A huge thank you to everyone involved.

What's Changed

Added

• Make Config::auth_info public by @danrspencer in #959
• Make raw Client::send method public by @tiagolobocastro in #972
• Make types on AdmissionRequest and AdmissionResponse public by @clux in #977
• Add #[serde(default)] to metadata field of DynamicObject by @pbzweihander in #987
• Add create_subresource method to Api and create_token_request method to Api<ServiceAccount> by @pbzweihander in #989
• Controller: impl Eq and PartialEq for Action by @Sherlock-Holo in #993
• Add support for CRD ConversionReview types by @MikailBag in #999

Changed

• Constrain Resource trait and Api::namespaced by Scope by @clux in #956
• Add connect/read/write timeouts to Config by @goenning in #971
• Controller: Include the object being reconciled in the error_policy by @felipesere in #995
• Config: New incluster and incluster_dns constructors by @olix0r in #1001
• Upgrade k8s-openapi to 0.16 by @clux in #1008

Fixed

• Remove tracing::instrument from apply_debug_overrides by @kazk in #958
• fix duplicate finalizers race condition by @alex-hunt-materialize in #965
• fix: portforward connection cleanup by @tiagolobocastro in #973

New Contributors

• @danrspencer made their first contribution in #959
• @alex-hunt-materialize made their first contribution in #965
• @tiagolobocastro made their first contribution in #972
• @goenning made their first contribution in #971
• @pbzweihander made their first contribution in #987
• @Sherlock-Holo made their first contribution in #993
• @felipesere made their first contribution in #995

Full Changelog: 0.74.0...0.75.0

0.74.0

Highlights

Polish, bug fixes, guidelines, ci improvements, and new contributors

This release features smaller improvements/additions/cleanups/fixes, many of which are from new first-time contributors! Thank you everyone!
The listed deadlock fix was backported to 0.73.1.

We have also been trying to clarify and prove a lot more of our external-facing guarantees, and as a result:

• We have codified our Kubernetes versioning policy
• The Rust version policy has extended its support range
• Our CI has been extended

ResourceExt::name deprecation

A consequence of all the policy writing and the improved clarity we have decided to deprecate the common ResourceExt::name helper.

This method could panic and it is unexpected for the users and bad for our consistency. To get the old functionality, you can replace any .name() call on a Kubernetes resources with .name_unchecked(); but as the name implies, it can panic (in a local setting, or during admission). We recommend you replace it with the new ResourceExt::name_any for a general identifier:

-pod.name()
+pod.name_any()

What's Changed

Added

• Add support for passing the fieldValidation query parameter on patch by @phroggyy in #929
• Add conditions::is_job_completed by @clux in #935

Changed

• Deprecate ResourceExt::name in favour of safe name_* alternatives by @clux in #945

Removed

• Remove #[kube(apiextensions)] flag from kube-derive by @clux in #920

Fixed

• Document every public derived fn from kube-derive by @clux in #919
• fix applier hangs which can happen with many watched objects by @moustafab in #925
• Applier: Improve reconciler reschedule context to avoid deadlocking on full channel by @teozkr in #932
• Fix deserialization issue in AdmissionResponse by @clux in #939
• Admission controller example fixes by @Alibirb in #950

New Contributors

• @moustafab made their first contribution in #925
• @phroggyy made their first contribution in #929
• @Alibirb made their first contribution in #950

Full Changelog: 0.73.0...0.74.0

0.73.1

Highlights

This patch release fixes a bug causing applier and Controller to deadlock when too many Kubernetes object change events were ingested at once. All users of applier and Controller are encouraged to upgrade as quickly as possible. Older versions are also affected, this bug is believed to have existed since the original release of kube_runtime.

What's Changed

Fixed

• [0.73 backport] fix applier hangs which can happen with many watched objects (#925) by @moustafab (backported by @teozkr) in #927

Full Changelog: 0.73.0...0.73.1

0.73.0

Highlights

New k8s-openapi version and MSRV

Support added for Kubernetes v1_24 support via the new k8s-openapi version. Please also run cargo upgrade --workspace k8s-openapi when upgrading kube.

This also bumps our MSRV to 1.60.0.

Reconciler change

A small ergonomic change in the reconcile signature has removed the need for the Context object. This has been replaced by an Arc. The following change is needed in your controller:

-async fn reconcile(doc: Arc<MyObject>, context: Context<Data>) -> Result<Action, Error>
+async fn reconcile(doc: Arc<MyObject>, context: Arc<Data>) -> Result<Action, Error>

This will simplify the usage of the context argument. You should no longer need to pass .get_ref() on its every use.
See the controller-rs upgrade change for details.

What's Changed

Added

• Add Discovery::groups_alphabetical following kubectl sort order by @clux in #887

Changed

• Replace runtime::controller::Context with Arc by @teozkr in #910
• runtime: Return the object from await_condition by @olix0r in #877
• Bump k8s-openapi to 0.15 for kubernetes v1_24 and bump MSRV to 1.60 by @clux in #916

Full Changelog: 0.72.0...0.73.0

0.72.0

Highlights

Ergonomics improvements

A new runtime::WatchSteamExt (#899 + #906) allows for simpler setups for streams from watcher or reflector.

- let stream = utils::try_flatten_applied(StreamBackoff::new(watcher(api, lp), b));
+ let stream = watcher(api, lp).backoff(b).applied_objects();

The util::try_flatten_* helpers have been marked as deprecated since they are not used by the stream impls.

A new reflector:store() fn allows simpler reflector setups #907:

- let store = reflector::store::Writer::<Node>::default();
- let reader = store.as_reader();
+ let (reader, writer) = reflector::store();

Additional conveniences getters/settes to ResourceExt for manged_fields and creation_timestamp #888 + #898, plus a GroupVersion::with_kind path to a GVK, and a TryFrom<TypeMeta> for GroupVersionKind in #896.

CRD Version Selection

Managing multiple version in CustomResourceDefinitions can be pretty complicated, but we now have helpers and docs on how to tackle it.

A new function kube::core::crd::merge_crds have been added (in #889) to help push crd schemas generated by kube-derived crds with different #[kube(version)] properties. See the kube-derive#version documentation for details.

A new example showcases how one can manage two or more versions of a crd and what the expected truncation outcomes are when moving between versions.

Examples

Examples now have moved to tracing for its logging, respects RUST_LOG, and namespace selection via the kubeconfig context. There is also a larger kubectl example showcasing kubectl apply -f yaml as well as kubectl {edit,delete,get,watch} via #885 + #897.

What's Changed

Added

• Allow merging multi-version CRDs into a single schema by @clux in #889
• Add GroupVersion::with_kind and TypeMeta -> GroupVersionKind converters by @clux in #896
• Add managed_fields accessors to ResourceExt by @clux in #898
• Add ResourceExt::creation_timestamp by @clux in #888
• Support lowercase http_proxy & https_proxy evars by @DevineLiu in #892
• Add a WatchStreamExt trait for stream chaining by @clux in #899
• Add Event::modify + reflector::store helpers by @clux in #907

Changed

• Switch to kubernetes cluster dns for incluster url everywhere by @clux in #876
• Update tower-http requirement from 0.2.0 to 0.3.2 by @dependabot in #893

Removed

• Remove deprecated legacy crd v1beta1 by @clux in #890

New Contributors

• @DevineLiu made their first contribution in #892

Full Changelog: 0.71.0...0.72.0

0.71.0

Highlights

Several quality of life changes and improvements this release such as for port-forwarding, a new ClientBuilder, better handling of kube-derive edge-cases.

We highlight some changes here that you should be especially aware of:

events::Recorder publishing to kube-system for cluster scoped resources

Publishing events via Recorder for cluster scoped resources (supported since 0.70.0) now publish to kube-system rather than default, as all but the newest clusters struggle with publishing events in the default namespace.

Default TLS stack set to OpenSSL

The previous native-tls default was there because we used to depend on reqwest, but because we depended on openssl anyway the feature does not make much sense. Changing to openssl-tls also improves the situation on macOS where the Security Framework struggles with PKCS#12 certs from OpenSSL v3. The native-tls feature will still be available in this release in case of issues, but the plan is to decommission it shortly. Of course, we all ideally want to move to rustls, but we are still blocked by #153.

What's Changed

Added

• Add ClientBuilder that lets users add custom middleware without full stack replacement by @teozkr in #855
• Support top-level enums in CRDs by @sbernauer in #856

Changed

• portforward: Improve API and support background task cancelation by @olix0r in #854
• Make remote commands cancellable and remove panics by @kazk in #861
• Change the default TLS to OpenSSL by @kazk in #863
• change event recorder cluster namespace to kube-system by @clux in #871

Fixed

• Fix schemas containing both properties and additionalProperties by @jcaesar in #845
• Make dependency pins between sibling crates stricter by @clux in #864
• Fix in-cluster kube_host_port generation for IPv6 by @somnusfish in #875

New Contributors

• @jcaesar made their first contribution in #845
• @somnusfish made their first contribution in #875

Full Changelog: 0.70.0...0.71.0

0.70.0

Highlights

Support for EC keys with rustls

This was one of the big blockers for using rustls against clusters like k3d or k3s
While not sufficient to fix using those clusters out of the box, it is now possible to use them with a workarodund

More ergonomic reconciler

The signature and end the Ok action in reconcile fns has been simplified slightly, and requires the following user updates:

-async fn reconcile(obj: Arc<MyObject>, ctx: Context<Data>) -> Result<ReconcilerAction, Error> {
-    ...
-    Ok(ReconcilerAction {
-        requeue_after: Some(Duration::from_secs(300)),
-    })
+async fn reconcile(obj: Arc<MyObject>, ctx: Context<Data>) -> Result<Action, Error> {
+    ...
+    Ok(Action::requeue(Duration::from_secs(300)))

The Action import lives in the same place as the old ReconcilerAction.

What's Changed

Added

• Add support for EC private keys by @farcaller in #804
• Add helper for creating a controller owner_ref on Resource by @clux in #850

Changed

• Remove scheduler::Error by @teozkr in #827
• Bump parking_lot to 0.12, but allow dep duplicates by @clux in #836
• Update tokio-tungstenite requirement from 0.16.1 to 0.17.1 by @dependabot in #841
• Let OccupiedEntry::commit take PostParams by @teozkr in #842
• Change ReconcileAction to Action and add associated ctors by @clux in #851

Fixed

• Fix deadlock in token reloading by @clux in #830 - also in 0.69.1
• Token reloading with RwLock by @kazk in #835
• Fix event publishing for cluster scoped crds by @zhrebicek in #847
• Fix invalid CRD when Enum variants have descriptions by @sbernauer in #852

New Contributors

• @chinatsu made their first contribution in #834
• @farcaller made their first contribution in #804
• @zhrebicek made their first contribution in #847
• @sbernauer made their first contribution in #852

Full Changelog: 0.69.0...0.70.0

0.69.1

Highlights

This is an emergency patch release fixing a bug in 0.69.0 where a kube::Client would deadlock after running inside a cluster for about a minute (#829).

All users of 0.69.0 are encouraged to upgrade immediately. 0.68.x and below are not affected.

What's Changed

Fixed

• [0.69.x] Fix deadlock in token reloading by @clux (backported by @teozkr) in #831

Full Changelog: 0.69.0...0.69.1

0.69.0

Highlights

Ergonomic Additions to Api

Two new methods have been added to the client Api this release to reduce the amount of boiler-plate needed for common patterns.

• Api::entry via 811 - to aid idempotent crud operation flows (following the style of Map::Entry)
• Api::get_opt via 809 - to aid dealing with the NotFound type error via a returned Option

In-cluster Token reloading

Following a requirement for Kubernetes clients against versions >= 1.22.0, our bundled AuthLayer will reload tokens every minute when deployed in-cluster.

What's Changed

Added

• Add conversion for ObjectRef<K> to ObjectReference by @teozkr in #815
• Add Api::get_opt for better existence handling by @teozkr in #809
• Entry API by @teozkr in #811

Changed

• Reload token file at least once a minute by @kazk in #768
• Prefer kubeconfig over in-cluster config by @teozkr in #823

Fixed

• Disable CSR utilities on K8s <1.19 by @teozkr in #817

New Contributors

• @hasheddan made their first contribution in #813

Full Changelog: 0.68.0...0.69.0