0.73.1 / 2022-06-03
This patch release fixes a bug causing applier
and Controller
to deadlock when too many Kubernetes object change events were ingested at once. All users of applier
and Controller
are encouraged to upgrade as quickly as possible. Older versions are also affected, this bug is believed to have existed since the original release of kube_runtime
.
- [0.73 backport] fix applier hangs which can happen with many watched objects (#925) by @moustafab (backported by @teozkr) in kube-rs#927
Full Changelog: https://github.com/kube-rs/kube-rs/compare/0.73.0...0.73.1 0.73.0 / 2022-05-23
Support added for Kubernetes v1_24
support via the new k8s-openapi
version. Please also run cargo upgrade --workspace k8s-openapi
when upgrading kube
.
This also bumps our MSRV to 1.60.0
.
A small ergonomic change in the reconcile
signature has removed the need for the Context
object. This has been replaced by an Arc
. The following change is needed in your controller:
-async fn reconcile(doc: Arc<MyObject>, context: Context<Data>) -> Result<Action, Error>
+async fn reconcile(doc: Arc<MyObject>, context: Arc<Data>) -> Result<Action, Error>
This will simplify the usage of the context
argument. You should no longer need to pass .get_ref()
on its every use.
See the controller-rs upgrade change for details.
- Add Discovery::groups_alphabetical following kubectl sort order by @clux in kube-rs#887
- Replace runtime::controller::Context with Arc by @teozkr in kube-rs#910
- runtime: Return the object from
await_condition
by @olix0r in kube-rs#877 - Bump k8s-openapi to 0.15 for kubernetes v1_24 and bump MSRV to 1.60 by @clux in kube-rs#916
0.72.0 / 2022-05-13
A new runtime::WatchSteamExt
(#899 + #906) allows for simpler setups for streams from watcher
or reflector
.
- let stream = utils::try_flatten_applied(StreamBackoff::new(watcher(api, lp), b));
+ let stream = watcher(api, lp).backoff(b).applied_objects();
The util::try_flatten_*
helpers have been marked as deprecated since they are not used by the stream impls.
A new reflector:store()
fn allows simpler reflector setups #907:
- let store = reflector::store::Writer::<Node>::default();
- let reader = store.as_reader();
+ let (reader, writer) = reflector::store();
Additional conveniences getters/settes to ResourceExt
for manged_fields and creation_timestamp #888 + #898, plus a GroupVersion::with_kind
path to a GVK, and a TryFrom<TypeMeta> for GroupVersionKind
in #896.
Managing multiple version in CustomResourceDefinitions can be pretty complicated, but we now have helpers and docs on how to tackle it.
A new function kube::core::crd::merge_crds
have been added (in #889) to help push crd schemas generated by kube-derived crds with different #[kube(version)]
properties. See the kube-derive#version documentation for details.
A new example showcases how one can manage two or more versions of a crd and what the expected truncation outcomes are when moving between versions.
Examples now have moved to tracing
for its logging, respects RUST_LOG
, and namespace selection via the kubeconfig context. There is also a larger kubectl example showcasing kubectl apply -f yaml
as well as kubectl {edit,delete,get,watch}
via #885 + #897.
- Allow merging multi-version CRDs into a single schema by @clux in kube-rs#889
- Add GroupVersion::with_kind and TypeMeta -> GroupVersionKind converters by @clux in kube-rs#896
- Add managed_fields accessors to ResourceExt by @clux in kube-rs#898
- Add ResourceExt::creation_timestamp by @clux in kube-rs#888
- Support lowercase http_proxy & https_proxy evars by @DevineLiu in kube-rs#892
- Add a WatchStreamExt trait for stream chaining by @clux in kube-rs#899
- Add Event::modify + reflector::store helpers by @clux in kube-rs#907
- Switch to kubernetes cluster dns for incluster url everywhere by @clux in kube-rs#876
- Update tower-http requirement from 0.2.0 to 0.3.2 by @dependabot in kube-rs#893
- Remove deprecated legacy crd v1beta1 by @clux in kube-rs#890
0.71.0 / 2022-04-12
Several quality of life changes and improvement this release for port-forwarding, a new ClientBuilder
, better handling of kube-derive
edge-cases.
We highlight some changes here that you should be especially aware of.
Publishing events via Recorder for cluster scoped resources (supported since 0.70.0
) now publish to kube-system
rather than default
, as all but the newest clusters struggle with publishing events in the default
namespace.
The previous native-tls
default was there because we used to depend on reqwest
, but because we depended on openssl anyway the feature does not make much sense. Changing to openssl-tls
also improves the situation on macOS where the Security Framework struggles with PKCS#12 certs from OpenSSL v3. The native-tls
feature will still be available in this release in case of issues, but the plan is to decommission it shortly. Of course, we all ideally want to move to rustls, but we are still blocked by #153.
- Add
ClientBuilder
that lets users add custom middleware without full stack replacement by @teozkr in kube-rs#855 - Support top-level enums in CRDs by @sbernauer in kube-rs#856
- portforward: Improve API and support background task cancelation by @olix0r in kube-rs#854
- Make remote commands cancellable and remove panics by @kazk in kube-rs#861
- Change the default TLS to OpenSSL by @kazk in kube-rs#863
- change event recorder cluster namespace to kube-system by @clux in kube-rs#871
- Fix schemas containing both properties and additionalProperties by @jcaesar in kube-rs#845
- Make dependency pins between sibling crates stricter by @clux in kube-rs#864
- Fix in-cluster kube_host_port generation for IPv6 by @somnusfish in kube-rs#875
0.70.0 / 2022-03-20
This was one of the big blockers for using rustls
against clusters like k3d
or k3s
While not sufficient to fix using those clusters out of the box, it is now possible to use them with a workarodund
The signature and end the Ok
action in reconcile
fns has been simplified slightly, and requires the following user updates:
-async fn reconcile(obj: Arc<MyObject>, ctx: Context<Data>) -> Result<ReconcilerAction, Error> {
- ...
- Ok(ReconcilerAction {
- requeue_after: Some(Duration::from_secs(300)),
- })
+async fn reconcile(obj: Arc<MyObject>, ctx: Context<Data>) -> Result<Action, Error> {
+ ...
+ Ok(Action::requeue(Duration::from_secs(300)))
The Action
import lives in the same place as the old ReconcilerAction
.
- Add support for EC private keys by @farcaller in kube-rs#804
- Add helper for creating a controller owner_ref on Resource by @clux in kube-rs#850
- Remove
scheduler::Error
by @teozkr in kube-rs#827 - Bump parking_lot to 0.12, but allow dep duplicates by @clux in kube-rs#836
- Update tokio-tungstenite requirement from 0.16.1 to 0.17.1 by @dependabot in kube-rs#841
- Let OccupiedEntry::commit take PostParams by @teozkr in kube-rs#842
- Change ReconcileAction to Action and add associated ctors by @clux in kube-rs#851
- Token reloading with RwLock by @kazk in kube-rs#835
- Fix event publishing for cluster scoped crds by @zhrebicek in kube-rs#847
- Fix invalid CRD when Enum variants have descriptions by @sbernauer in kube-rs#852
0.69.1 / 2022-02-16
This is an emergency patch release fixing a bug in 0.69.0 where a kube::Client
would deadlock after running inside a cluster for about a minute (#829).
All users of 0.69.0 are encouraged to upgrade immediately. 0.68.x and below are not affected.
- [0.69.x] Fix deadlock in token reloading by @clux (backported by @teozkr) in kube-rs#831
0.69.0 / 2022-02-14
Two new methods have been added to the client Api
this release to reduce the amount of boiler-plate needed for common patterns.
Api::entry
via 811 - to aid idempotent crud operation flows (following the style ofMap::Entry
)Api::get_opt
via 809 - to aid dealing with theNotFound
type error via a returnedOption
Following a requirement for Kubernetes clients against versions >= 1.22.0
, our bundled AuthLayer
will reload tokens every minute when deployed in-cluster.
- Add conversion for
ObjectRef<K>
toObjectReference
by @teozkr in kube-rs#815 - Add
Api::get_opt
for better existence handling by @teozkr in kube-rs#809 - Entry API by @teozkr in kube-rs#811
- Reload token file at least once a minute by @kazk in kube-rs#768
- Prefer kubeconfig over in-cluster config by @teozkr in kube-rs#823
- Disable CSR utilities on K8s <1.19 by @teozkr in kube-rs#817
0.68.0 / 2022-02-01
To reduce the amount of allocation done inside the runtime
by reflectors and controllers, the following change via #786 is needed on the signature of your reconcile
functions:
-async fn reconcile(myobj: MyK, ctx: Context<Data>) -> Result<ReconcilerAction>
+async fn reconcile(myobj: Arc<MyK>, ctx: Context<Data>) -> Result<ReconcilerAction>
This also affects the finalizer helper.
As one of the last steps toward gold level client requirements, port-forwarding landed in #446. There are 3 new examples (port_forward*.rs
) that showcases how to use this websocket based functionality.
- Add a VS Code devcontainer configuration by @olix0r in kube-rs#788
- Add support for user impersonation by @teozkr in kube-rs#797
- Add port forward by @kazk in kube-rs#446
- runtime: Store resources in an
Arc
by @olix0r in kube-rs#786 - Propagate Arc through the finalizer reconciler helper by @teozkr in kube-rs#792
- Disable unused default features of chrono crate by @dreamer in kube-rs#801
- Use absolute path to Result in derives by @teozkr in kube-rs#795
- core: add missing reason to Display on Error::Validation in Request by @clux in kube-rs#798
0.67.0 / 2022-01-25
- runtime: Replace
DashMap
with a lockedAHashMap
by @olix0r in kube-rs#785 - update k8s-openapi for kubernetes 1.23 support by @clux in kube-rs#789
0.66.0 / 2022-01-15
Tons of ergonomics improvements, and 3 new contributors. Highlighted first is the 3 most discussed changes:
It is now possible to embed complex enums inside structs that use #[derive(CustomResource)]
.
This has been a highly requested feature since the inception of auto-generated schemas. It does not work for all cases, and has certain ergonomics caveats, but represents a huge step forwards.
Note that if you depend on kube-derive
directly rather than via kube
then you must now add the schema
feature to kube-core
To avoid spamming the apiserver when on certain watch errors cases, it's now possible to stream wrap the watcher
to set backoffs. The new default_backoff
follows existing client-go
conventions of being kind to the apiserver.
Initially, this is default-enabled in Controller
watches (configurable via Controller::trigger_backoff
) and avoids spam errors when crds are not installed.
To aid users picking the most appropriate version of a kind
from api discovery or through a CRD, two new sort orders have been exposed on the new kube_core::Version
Version::priority
implementing kubernetes version priorityVersion::generation
implementing a more traditional; generational sort (highest version)
Merged PRs from github release.
- Add
DeleteParams
constructors for easily settingPropagationPolicy
by @kate-goldenring in kube-rs#757 - Add Serialize to ObjecList and add field-selector and jsonpath example by @ChinYing-Li in kube-rs#760
- Implement cordon/uncordon for Node by @ChinYing-Li in kube-rs#762
- Export Version priority parser with Ord impls in kube_core by @clux in kube-rs#764
- Add Api fns for arbitrary subresources and approval subresource for CertificateSigningRequest by @ChinYing-Li in kube-rs#773
- Add backoff handling for watcher and Controller by @clux in kube-rs#703
- Remove crate private
identity_pem
field fromConfig
by @kazk in kube-rs#771 - Use SecretString in AuthInfo to avoid credential leaking by @ChinYing-Li in kube-rs#766
0.65.0 / 2021-12-10
- BREAKING: Removed
kube::Error::OpenSslError
- #716 - BREAKING: Removed
kube::Error::SslError
- #704 and #716 - BREAKING: Added
kube::Error::NativeTls(kube::client::NativeTlsError)
for errors from Native TLS - #716 - BREAKING: Added
kube::Error::RustlsTls(kube::client::RustlsTlsError)
for errors from Rustls TLS - #704 - Modified
Kubeconfig
parsing - allow empty kubeconfigs as per kubectl - #721 - Added
Kubeconfig::from_yaml
- #718 via #719 - Updated
rustls
to 0.20.1 - #704 - BREAKING: Added
ObjectRef
to the object that failed to be reconciled tokube::runtime::controller::Error::ReconcileFailed
- #733 - BREAKING: Removed
api_version
andkind
fields fromkind
structs generated bykube::CustomResource
- #739 - Updated
tokio-tungstenite
to 0.16 - #750 - Updated
tower-http
to 0.2.0 - #748 - BREAKING:
kube-client
: replaceRefreshTokenLayer
withAsyncFilterLayer
inAuthLayer
- #752
0.64.0 / 2021-11-16
- BREAKING: Replaced feature
kube-derive/schema
with attribute#[kube(schema)]
- #690- If you currently disable default
kube-derive
default features to avoid automatic schema generation, add#[kube(schema = "disabled")]
to your spec struct instead
- If you currently disable default
- BREAKING: Moved
CustomResource
derive crate overrides into subattribute#[kube(crates(...))]
- #690- Replace
#[kube(kube_core = .., k8s_openapi = .., schema = .., serde = .., serde_json = ..)]
with#[kube(crates(kube_core = .., k8s_openapi = .., schema = .., serde = .., serde_json = ..))]
- Replace
- Added
openssl-tls
feature to useopenssl
for TLS on all platforms. Note that, even thoughnative-tls
uses a platform specific TLS,kube
requiresopenssl
on all platforms becausenative-tls
only allows PKCS12 input to load certificates and private key at the moment, and creating PKCS12 requiresopenssl
. - #700 - BREAKING: Changed to fail loading configurations with PEM-encoded certificates containing invalid sections instead of ignoring them. Updated
pem
to 1.0.1. - #702 oauth
: Updatedtame-oauth
to 0.6.0 which supports the same default credentials flow as the Gooauth2
for Google OAuth. In addition to reading the service account information from JSON file specified withGOOGLE_APPLICATION_CREDENTIALS
environment variable, Application Default Credentials fromgcloud
, and obtaining OAuth tokens from local metadata server when running inside GCP are now supported. - #701
We started working on improving error ergonomics. See the tracking issue #688 for more details.
The following is the summary of changes to kube::Error
included in this release:
- Added
Error::Auth(kube::client::AuthError)
(errors related to client auth, some of them were previously inError::Kubeconfig
) - Added
Error::BuildRequest(kube::core::request::Error)
(errors building request fromkube::core
) - Added
Error::InferConfig(kube::config::InferConfigError)
(forClient::try_default
) - Added
Error::OpensslTls(kube::client::OpensslTlsError)
(newopenssl-tls
feature) - #700 - Added
Error::UpgradeConnection(kube::client::UpgradeConnectinError)
(ws
feature, errors from upgrading a connection) - Removed
Error::Connection
(was unused) - Removed
Error::RequestBuild
(was unused) - Removed
Error::RequestSend
(was unused) - Removed
Error::RequestParse
(was unused) - Removed
Error::InvalidUri
(replaced by variants of errors inkube::config
errors) - Removed
Error::RequestValidation
(replaced by a variant ofError::BuildRequest
) - Removed
Error::Kubeconfig
(replaced byError::InferConfig
, andError::Auth
) - Removed
Error::ProtocolSwitch
(ws
only, replaced byError::UpgradeConnection
) - Removed
Error::MissingUpgradeWebSocketHeader
(ws
only, replaced byError::UpgradeConnection
) - Removed
Error::MissingConnectionUpgradeHeader
(ws
only, replaced byError::UpgradeConnection
) - Removed
Error::SecWebSocketAcceptKeyMismatch
(ws
only, replaced byError::UpgradeConnection
) - Removed
Error::SecWebSocketProtocolMismatch
(ws
only, replaced byError::UpgradeConnection
) - Removed
impl From<T> for Error
Expand for more details
The following breaking changes were made as a part of an effort to refine errors (the list is large, but most of them are lower level, and shouldn't require much change in most cases):
- Removed
impl From<E> for kube::Error
- #686 - Removed unused error variants in
kube::Error
:Connection
,RequestBuild
,RequestSend
,RequestParse
- #689 - Removed unused error variant
kube::error::ConfigError::LoadConfigFile
- #689 - Changed
kube::Error::RequestValidation(String)
tokube::Error::BuildRequest(kube::core::request::Error)
. Includes possible errors from building an HTTP request, and contains some errors fromkube::core
that was previously grouped underkube::Error::SerdeError
andkube::Error::HttpError
.kube::core::request::Error
is described below. - #686 - Removed
kube::core::Error
andkube::core::Result
.kube::core::Error
was replaced by more specific errors. - #686- Replaced
kube::core::Error::InvalidGroupVersion
withkube::core::gvk::ParseGroupVersionError
- Changed the error returned from
kube::core::admission::AdmissionRequest::with_patch
tokube::core::admission::SerializePatchError
(waskube::core::Error::SerdeError
) - Changed the error associated with
TryInto<AdmissionRequest<T>>
tokube::core::admission::ConvertAdmissionReviewError
(waskube::core::Error::RequestValidation
) - Changed the error returned from methods of
kube::core::Request
tokube::core::request::Error
(waskube::core::Error
).kube::core::request::Error
represents possible errors when building an HTTP request. The removedkube::core::Error
hadRequestValidation(String)
,SerdeError(serde_json::Error)
, andHttpError(http::Error)
variants. They are nowValidation(String)
,SerializeBody(serde_json::Error)
, andBuildRequest(http::Error)
respectively inkube::core::request::Error
.
- Replaced
- Changed variants of error enums in
kube::runtime
to tuples. Replacedsnafu
withthiserror
. - #686 - Removed
kube::error::ConfigError
andkube::Error::Kubeconfig(ConfigError)
- #696- Error variants related to client auth were moved to a new error
kube::client::AuthError
as described below - Remaining variants were split into
kube::config::{InferConfigError, InClusterError, KubeconfigError}
as described below
- Error variants related to client auth were moved to a new error
- Added
kube::client::AuthError
by extracting error variants related to client auth fromkube::ConfigError
and adding more variants to preserve context - #696 - Moved
kube::error::OAuthError
tokube::client::OAuthError
- #696 - Changed all errors in
kube::client::auth
tokube::client::AuthError
- #696 - Added
kube::Error::Auth(kube::client::AuthError)
- #696 - Added
kube::config::InferConfigError
which is an error fromConfig::infer()
andkube::Error::InferConfig(kube::config::InferConfigError)
- #696 - Added
kube::config::InClusterError
for errors related to loading in-cluster configuration by splittingkube::ConfigError
and adding more variants to preserve context. - #696 - Added
kube::config::KubeconfigError
for errors related to loading kubeconfig by splittingkube::ConfigError
and adding more variants to preserve context. - #696 - Changed methods of
kube::Config
to return these erorrs instead ofkube::Error
- #696 - Removed
kube::Error::InvalidUri
which was replaced by error variants preserving context, such asKubeconfigError::ParseProxyUrl
- #696 - Moved all errors from upgrading to a WebSocket connection into
kube::Error::UpgradeConnection(kube::client::UpgradeConnectionError)
- #696
0.63.2 / 2021-10-28
kube::runtime::events
: fix build and hide module on kubernetes < 1.19 (events/v1 missing there) - #685
0.63.1 / 2021-10-26
kube::runtime::wait::Condition
added boolean combinators (not
/and
/or
) - #678kube
: fix docs.rs build - #681 via #682
0.63.0 / 2021-10-26
- rust
edition
bumped to2021
- #664, #666, #667 kube::CustomResource
derive can now take arbitrary#[kube(k8s_openapi)]
style-paths fork8s_openapi
,schemars
,serde
, andserde_json
- #675kube
: fixnative-tls
included when onlyrustls-tls
feature is selected - #673 via #674
0.62.0 / 2021-10-22
- no need to keep both
kube
andkube_runtime
inCargo.toml
anymore - fixes issues with dependabot / lock-step upgrading
- change
kube_runtime::X
import paths tokube::runtime::X
when moving to the feature
kube::runtime
addedevents
module with an eventRecorder
- #249 via #653 + #662 + #663kube::runtime::wait::conditions
addedis_crd_established
helper - #659kube::CustomResource
derive can now take an arbitrary#[kube(kube_core)]
path forkube::core
- #658kube::core
consistently re-exported across crates- docs: major overhaul + architecture.md - #416 via #652
0.61.0 / 2021-10-09
kube-core
: BREAKING: extendCustomResourceExt
trait with::shortnames
method (impl inkube-derive
) - #641kube-runtime
: addwait
module toawait_condition
, and addedwatch_object
to watcher - #632 via #633kube
: addRestart
marker trait to allowApi::restart
on core workloads - #630 via #635- bump dependencies:
tokio-tungstenite
,k8s-openapi
,schemars
,tokio
in particular - #643 + #645
0.60.0 / 2021-09-02
kube
: supportk8s-openapi
withv1_22
features - #621 via #622kube
:BREAKING
: support forCustomResourceDefinition
atv1beta1
now requires an opt-indeprecated-crd-v1beta1
feature - #622kube-core
: add content-type header to requests with body - #626 via #627
0.59.0 / 2021-08-09
BREAKING
: bumpedk8s-openapi
to 0.13.0 - #581 via #616kube
connects to kubernetes via cluster dns when usingrustls
- #587 via #597kube
nicer serialization ofKubeconfig
- #613kube-core
added serde traits forApiResource
- #590kube-core
addedCrdExtensions::crd_name
method (implemented bykube-derive
) - #583kube-core
added theHasSpec
andHasStatus
traits - #605kube-derive
added support to automatically implement theHasSpec
andHasStatus
traits - #605kube-runtime
fix tracing span hierarchy from applier - #600
0.58.1 / 2021-07-06
kube-runtime
: fix non-unix builds - #582
0.58.0 / 2021-07-05
kube
:BREAKING
: subresource marker traits renamed conjugation:Log
,Execute
,Attach
,Evict
(previouslyLogging
,Executable
,Attachable
,Evictable
) - #536 via #560kube-derive
added#[kube(category)]
attr to set CRD categories - #559kube-runtime
addedfinalizer
helper #291 via #475kube-runtime
added tracing for why reconciliations happened #457 via #571kube-runtime
addedController::reconcile_all_on
to allow scheduling all objects for reconciliation #551 via #555kube-runtime
addedController::graceful_shutdown_on
for shutting down theController
while waiting for running reconciliations to finish - #552 via #573
- BREAKING:
controller::applier
now starts a graceful shutdown when thequeue
terminates - BREAKING:
scheduler
now shuts down immediately whenrequests
terminates, rather than waiting for the pending reconciliations to drain
kube-runtime
added tracking for reconciliation reason
- Added:
Controller::owns_with
andController::watches_with
to pass adyntype
argument for dynamicApi
s - #575 - BREAKING:
Controller::owns
signature changed to not allowDynamicType
s - BREAKING:
controller::trigger_*
now returns aReconcileRequest
rather thanObjectRef
. TheObjectRef
can be accessed via theobj_ref
field
- Api::replace can fail to unset list values with k8s-openapi 0.12 #581
- BREAKING: custom clients via
Client::new
must passconfig.default_namespace
as 2nd arg
- BREAKING:
kube-derive
users must importkube::CustomResourceExt
(orkube::core::crd::v1beta1::CustomResourceExt
if using legacy#[kube(apiextensions = "v1beta1")]
) to use generated methodsFoo::crd
orFoo::api_resource
- BREAKING:
k8s_openapi
bumped to 0.12.0 - #531- Generated structs simplified +
Resource
trait expanded - Adds support for kubernetes
v1_21
- Contains bugfix for kubernetes#102159
- Generated structs simplified +
- BREAKING:
kube::Resource
trait now requires aplural
implementation
- Api::replace can fail to unset list values with k8s-openapi 0.12 #581
kube
: addedApi::default_namespaced
- #209 via #534kube
: addedconfig
feature - #533 via #535kube
: BREAKING: movedclient::discovery
module tokube::discovery
and rewritten module #538
discovery
: addedoneshot
helpers for quick selection of recommended resources / kinds #538discovery
: movedApiResource
andApiCapabilities
(result of discovery) tokube_core::discovery
- BREAKING: removed internal
ApiResource::from_apiresource
- three new examples added:
custom_client
,custom_client_tls
andcustom_client_trace
- Big feature streamlining, big service and layer restructuring, dependency restructurings
- Changes can hit advanced users, but unlikely to hit base use cases with
Api
andClient
. - In depth changes broken down below:
- Add
kube::client::ConfigExt
extendingConfig
for customClient
. This includes methods to configure TLS connection when building a custom client #539native-tls
:Config::native_tls_https_connector
andConfig::native_tls_connector
rustls-tls
:Config::rustls_https_connector
andConfig::rustls_client_config
- Remove the requirement of having
native-tls
orrustls-tls
enabled whenclient
is enabled. Allow one, both or none.- When both, the default Service will use
native-tls
because of #153.rustls
can be still used with a custom client. Users will have an option to configure TLS at runtime. - When none, HTTP connector is used.
- When both, the default Service will use
- Remove TLS features from
kube-runtime
- BREAKING: Features must be removed if specified
- Remove
client
feature fromnative-tls
andrust-tls
featuresconfig
+native-tls
/rustls-tls
can be used independently, e.g., to create a simple HTTP client- BREAKING:
client
feature must be added ifdefault-features = false
ConfigExt::base_uri_layer
(BaseUriLayer
) to set cluster URL (#539)ConfigExt::auth_layer
that returns optional layer to manageAuthorization
header (#539)gzip
: Replaced custom decompression module withDecompressionLayer
fromtower-http
(#539)- Replaced custom
LogRequest
withTraceLayer
fromtower-http
(#539)- Request body is no longer shown
- Basic and Bearer authentication using
AddAuthorizationLayer
(borrowing from tower-rs/tower-http#95 until released) - BREAKING: Remove
headers
fromConfig
. Injecting arbitrary headers is now done with a layer on a custom client.
- Remove
static_assertions
since it's no longer used - Replace
tokio_rustls
withrustls
andwebpki
since we're not usingtokio_rustls
directly - Replace uses of
rustls::internal::pemfile
withrustls-pemfile
- Remove
url
and always usehttp::Uri
- BREAKING:
Config::cluster_url
is nowhttp::Uri
- BREAKING:
Error::InternalUrlError(url::ParseError)
andError::MalformedUrl(url::ParseError)
replaced byError::InvalidUri(http::uri::InvalidUri)
- BREAKING:
kube
:client
feature added (default-enabled) - #528kube
:PatchParams
force now only works withPatch::Apply
#528kube
:api
discovery
module now uses a newApiResource
struct #495 + #482kube
:api
BREAKING:DynamicObject
+Object
now takes anApiResource
rather than aGroupVersionKind
kube
:api
BREAKING:discovery
module'sGroup
renamed toApiGroup
kube
:client
BREAKING:kube::client::Status
moved tokube::core::Status
(accidental, re-adding in 0.56)kube-core
crate factored out ofkube
to reduce dependencies - #516 via #517 + #519 + #522 + #528 + #530kube
:kube::Service
removed to allowkube::Client
to take an abritraryService<http::Request<hyper::Body>>
- #532
- yanked 30 minutes after release due to #525
- changes lifted to 0.55.0
kube
:admission
controller module added under feature - #477 via #484 + fixes in #488 #498 #499 + #507 + #509kube
:config
parsing of pem blobs now resilient against missing newlines - #504 via #505kube
:discovery
module added to simplify dynamic api usage - #491kube
:api
BREAKING:DynamicObject::namespace
renamed to::within
- #502kube
:api
BREAKING: addedResourceExt
trait moving the getters fromResource
trait - #486kube
:api
added a generic interface for subresources viaRequest
- #487kube
:api
fix bug inPatchParams::dry_run
not being serialized correctly - #511
The most likely issue you'll run into is from kube
when using Resource
trait which has been split:
+use kube::api::ResouceExt;
- let name = Resource::name(&foo);
- let ns = Resource::namespace(&foo).expect("foo is namespaced");
+ let name = ResourceExt::name(&foo);
+ let ns = ResourceExt::namespace(&foo).expect("foo is namespaced");
kube-derive
: allow overriding#[kube(plural)]
and#[kube(singular)]
- #458 via #463kube
: added tracing instrumentation for io operations inkube::Api
- #455kube
:DeleteParams
'sPreconditions
is now public - #459 via #460kube
: remove dependency on duplicatederive_accept_key
forws
- #452kube
: Properly verify websocket keys inws
handshake - #447kube
: BREAKING: removed optional, and deprecatedruntime
module - #454kube
: BREAKING:ListParams
bookmarks default enabled - #226 via #445- renames member
::allow_bookmarks
to::bookmarks
::default()
setsbookmark
totrue
to avoid bad bad defaults #219- method
::allow_bookmarks()
replaced by::disable_bookmarks()
- renames member
kube
:DynamicObject
andGroupVersionKind
introduced for full dynamic object supportkube-runtime
: watchers/reflectors/controllers can be used with dynamic objects from api discoverykube
: Pluralisation now only happens fork8s_openapi
objects by default #481- inflector dependency removed #471
- added internal pluralisation helper for
k8s_openapi
objects
kube
: BREAKING: Restructuring of low levelResource
request builder #474Resource
renamed toRequest
and requires only apath_url
to construct
kube
: BREAKING: Mostly internalMeta
trait revamped to support dynamic typeskube-runtime
: BREAKING: lower level interface changes as a result ofkube::api::Meta
trait:
- THESE SHOULD NOT AFFECT YOU UNLESS YOU ARE IMPLEMENTING / CUSTOMISING LOW LEVEL TYPES DIRECTLY
ObjectRef
now generic overkube::Resource
rather thanRuntimeResource
reflector::{Writer, Store}
takes akube::Resource
rather than ak8s_openapi::Resource
kube-derive
: BREAKING: Generated type no longer generatesk8s-openapi
traits
While we had a few breaking changes. Most are to low level internal interfaces and should not change much, but some changes you might need to make:
- if using the old, low-level
kube::api::Resource
, please consider the easierkube::Api
, or look at tests inrequest.rs
ortyped.rs
if you need the low level interface - search replace
kube::api::Meta
withkube::Resource
if used - trait was renamed - if implementing the trait, add
type DynamicType = ();
to the impl - remove calls to
ListParams::allow_bookmarks
(allow default) - handle
WatchEvent::Bookmark
or setListParams::disable_bookmarks()
- look at examples if replacing the long deprecated legacy runtime
The following constants from k8s_openapi::Resource
no longer exist. Please use kube::Resource
and:
- replace
Foo::KIND
withFoo::kind(&())
- replace
Foo::GROUP
withFoo::group(&())
- replace
Foo::VERSION
withFoo::version(&())
- replace
Foo::API_VERSION
withFoo::api_version(&())
kube
Config
now allows arbirary extension objects - #425kube
Config
now allows multiple yaml documents per kubeconfig - #440 via #441kube-derive
now more robust and is usingdarling
- #435- docs improvements to patch + runtime
- feat: added support for stacked kubeconfigs - #132 via #411
- refactor: authentication logic moved out of
kube::config
and into intokube::service
- #409
- BREAKING:
Config::get_auth_header
removed
- refactor: remove
hyper
dependency fromkube::api
- #410 - refactor:
kube::Service
simpler auth and gzip handling - #405 + #408
- dependency on
reqwest
+ removed in favour ofhyper
+tower
#394- refactor:
kube::Client
now useskube::Service
(atower::Service<http::Request<hyper::Body>>
) instead ofreqwest::Client
to handle all requests - refactor:
kube::Client
now uses atokio_util::codec
for internal buffering - refactor:
async-tungstenite
ws feature dependency replaced withtokio-tungstenite
.WebSocketStream
is now created from a connection upgraded withhyper
- refactor:
oauth2
module for GCP OAuth replaced with optionaltame-oauth
dependency - BREAKING: GCP OAuth is now opt-in (
oauth
feature). Note that GCP provider with command based token source is supported by default. - BREAKING: Gzip decompression is now opt-in (
gzip
feature) because Kubernetes does not have compression enabled by default yet and this feature requires extra dependencies. #399 - BREAKING:
Client::new
now takes aService
instead ofConfig
#400. Allows custom service for features not supported out of the box and testing. To create aClient
fromConfig
, useClient::try_from
instead. - BREAKING: Removed
Config::proxy
. Proxy is no longer supported out of the box, but it should be possible by using a custom Service. - fix: Refreshable token from auth provider not refreshing
- fix: Panic when loading config with non-GCP provider #238
- refactor:
- feat: subresource support added for
Evictable
types (marked forPod
) - #393 kube
: subresource marker traits renamed toLoggable
,Executable
,Attachable
(previouslyLoggingObject
,ExecutingObject
,AttachableObject
) - #395examples
showcasingkubectl cp
like behaviour #381 via #392
- bump
k8s-openapi
to0.11.0
- #388 - breaking:
kube
: no longer necessary to serialize patches yourself - #386PatchParams
removesPatchStrategy
Api::patch*
methods now take an enumPatch
type- optional
jsonpatch
feature added forPatch::Json
- chore: upgrade
tokio
to1.0
- #363- BREAKING: This requires the whole application to upgrade to
tokio
1.0 andreqwest
to 0.11.0
- BREAKING: This requires the whole application to upgrade to
- docs: fix broken documentation in
kube
0.46.0 #367 - bug:
kube
: removed panics fromws
features, fixrustls
support + improve docs #369 via #370 + #373 - bug:
AttachParams
now fixes owned method chaining (slightly breaks from 0.46 if using &mut ref before) - #364 - feat:
AttachParams::interactive_tty
convenience method added - #364 - bug: fix
Runner
(and thusController
andapplier
) not waking correctly when starting new tasks - #375
- maintenance release for 0.46 (last supported tokio 0.2 release) from
tokio02
branch - bug backport: fix
Runner
(and thusController
andapplier
) not waking correctly when starting new tasks - #375
- feat:
kube
now has optional websocket support withasync_tungstenite
underws
andws-*-tls
features #360 - feat:
AttachableObject
marker trait added and implemented fork8s_openapi::api::core::v1::Pod
#360 - feat:
AttachParams
added forApi::exec
andApi::attach
forAttachableObject
s #360 - examples:
pod_shell
,pod_attach
,pod_exec
demonstrating the new features #360
- feat:
kube-derive
now has a default enabledschema
feature- allows opting out of
schemars
dependency for handwriting crds - #355
- allows opting out of
- breaking:
kube-derive
attrstruct_name
renamed tostruct
- #359 - docs: improvements on
kube
,kube-runtime
,kube-derive
- feat:
kube-derive
now generates openapi v3 schemas and is thus usable with v1CustomResourceDefinition
- #129 and #264 via #348- BREAKING:
kube-derive
types now requireJsonSchema
derived viaschemars
libray (not breaking if going to 0.45.0)
- BREAKING:
- feat:
kube_runtime::controller
: now reconciles objects in parallel - #346- BREAKING:
kube_runtime::controller::applier
now requires that thereconciler
'sFuture
isUnpin
,Box::pin
it or submit it to a runtime if this is not acceptable - BREAKING:
kube_runtime::controller::Controller
now requires that thereconciler
'sFuture
isSend + 'static
, use the low-levelapplier
interface instead if this is not acceptable
- BREAKING:
- bug:
kube-runtime
: removed accidentally includedk8s-openapi
default features (you have to opt in to them yourself) - feat:
kube
:TypeMeta
now derives additionallyDebug, Eq, PartialEq, Hash
- bump:
k8s-openapi
to0.10.0
- #330 - bump:
serde_yaml
- #349 - bump:
dirs
todirs-next
- #340
- bug:
kube-derive
attr#[kube(shortname)]
now working correctly - bug:
kube-derive
now working with badly cased existing types - #313 - missing:
kube
now correctly exportsconfig::NamedAuthInfo
- #323 - feat:
kube
: exposeConfig::get_auth_header
for istio use cases - #322 - feat:
kube
: local config now tackles gcloud auth exec params - #328 and #84 kube-derive
now actually requires GVK (in particular#[kube(kind = "Foo")]
which we sometimes inferred earlier, despite documenting the contrary)
- bug:
kube-derive
'sDefault
derive now sets typemeta correctly - #315 - feat:
ListParams
now supportscontinue_token
andlimit
- #320
- yanked release. failed publish.
DynamicResource::from_api_resource
added to allow apiserver returned resources - #305 via #301Client::list_api_groups
addedClient::list_ap_group_resources
addedClient::list_core_api_versions
addedClient::list_core_api_resources
addedkube::DynamicResource
exposed at top level- Bug:
PatchParams::default_apply()
now requires a manager and renamed toPatchParams::apply(manager: &str)
for #300 - Bug:
DeleteParams
no longer missing forApi::delete_collection
- #53 - Removed paramter
ListParams::include_uninitialized
deprecated since 1.14 - Added optional
PostParams::field_manager
was missing forApi::create
case
- Bug:
ObjectRef
tweak inkube-runtime
to allow controllers triggering across cluster and namespace scopes - #293 via #294 - Feature:
kube
now has aderive
feature which will re-exportkube::CustomResource
fromkube-derive::CustomResource
. - Examples: revamp examples for
kube-runtime
- #201
- Marked
kube::runtime
module as deprecated - #281 Config::timeout
can now be overridden toNone
(with caveats) #280- Bug: reflector stores could have multiple copies inside datastore - #286
dashmap
backend Store driver downgraded - #286Store::iter
temporarily removed
- Bug: Specialize WatchEvent::Bookmark so they can be deserialized - #285
- Docs: Tons of docs for kube-runtime
- Bump
k8s-openapi
to0.9.0
- All runtime components now require
Sync
objects - reflector/watcher/Controller streams can be shared in threaded environments
- https://gitlab.com/teozkr/kube-rt/ merged in for a new
kube-runtime
crate #258 Controller<K>
added (#148 via #258)Reflector
api redesigned (#102 via #258)- Migration release for
Informer
->watcher
+Reflector
->reflector
kube::api::CustomResource
removed in favour ofkube::api::Resource::dynamic
CrBuilder
removed in favour ofDynamicResource
(with new error handling)- support level bumped to beta
- Fix in-cluster Client when using having multiple certs in the chain - #251
Config::proxy
support added - #246PartialEq
can be derived withkube-derive
- #242- Windows builds no longer clashes with runtime - #240
- Rancher hosts (with path specifiers) now works - #244
- Bump
k8s-openapi
to0.8.0
Config::from_cluster_env
<- renamed fromConfig::new_from_cluster_env
Config::from_kubeconfig
<- renamed fromConfig::new_from_kubeconfig
Config::from_custom_kubeconfig
added - #236- Majorly overhauled error handlind in config module - #237
- add missing tokio
signal
feature as a dependency - upgrade all dependencies, including minor bumps to rustls and base64
- Major
config
+client
module refactor Config
is the newConfiguration
structClient
is now just a configuredreqwest::Client
plus areqwest::Url
- implement
From<Config> for reqwest::ClientBuilder
- implement
TryFrom<Config> for Client
Client::try_default
orClient::new
now recommended constructors- People parsing
~/.kube/config
must use theKubeConfig
struct instead Reflector<K>
now only takes anApi<K>
to construct (.params method)Informer<K>
now only takes anApi<K>
to construct (.params method)Informer::init_from
->Informer::set_version
Reflector
now self-polls #151 + handles signals #152Reflector::poll
made private in favour ofReflector::run
Api::watch
no longer filters out error events (next
->try_next
)Api::watch
returnsResult<WatchEvent>
rather thanWatchEvent
WatchEvent::Bookmark
added to enumListParams::allow_bookmarks
addedPatchParams::default_apply
ctor addedPatchParams
builder mutators:::force
and::dry_run
added
- Expose
config::Configuration
at root level - Add
Configuration::infer
as a recommended constructor - Rename
client::APIClient
toclient::Client
- Expose
client::Client
at root level Client
now implementsFrom<Configuration>
- Added comprehensive documentation on
Api
- Rename
config::KubeConfigLoader
->config::ConfigLoader
- removed
futures-timer
dependency fortokio
(feature=timer)
- Fix
#[kube(printcolumn)]
when#[kube(apiextensions = "v1beta1")]
- Fix
#[kube(status)]
causing serializes of empty optional statuses
Api::log
->Api::logs
(now matchesResource::logs
)Object<FooSpec, FooStatus>
back for ad-hoc ser/de- kube-derive now derives
Debug
(requiresDebug
on spec struct) - kube-derive now allows multiple derives per file
Api::create
now takes dataK
rather than bytesApi::replace
now takes dataK
rather than bytes- (note that
Resource::create
andResource::replace
still takes bytes)
- (note that
#[derive(CustomResource)]
now implements::new
on the generatedKind
- derived
Kind
now properly containsTypeMeta
- #170
RawApi
removed ->Resource
addedResource
implementsk8s_openapi::Resource
- ALL OBJECTS REMOVED -> Depening on light version of
k8s-openapi
now- NB: should generally just mean a few import changes (+casings / unwraps)
openapi
feature removed (light dependency mandatory now)- LIBRARY WORKS WITH ALL
k8s_openapi
KUBERNETES OBJECTS KubeObject
trait removed in favour ofMeta
traitObject<FooSpec, FooStatus>
removed -> types implementingk8s_openapi::Resource
required insteadkube-derive
crate added to derive this trait + other kubebuilder like codegen
Reflector
+Informer
moved fromkube::api
tokube::runtime
Informer
now resets the version to 0 rather than dropping events - #134- Removed
Informer::init
, since it is now a no-op when building theInformer
- Removed
- Downgrade spurious log message when using service account auth
- Fix a large percentage of EOFs from watches #146
- => default timeout down to 290s from 300s
- =>
Reflector
now re-lists a lot less #146 - Fix decoder panic with async-compression (probably) #144
Informer::poll
can now be used withTryStream
- Exposed
Config::read
andConfig::read_from
- #124 - Fix typo on
Api::StatefulSet
- Fix typo on
Api::Endpoints
- Add
Api::v1CustomResourceDefinition
when on k8s >= 1.17 - Renamed
Void
toNotUsed
- initial rustls support #114 (some local kube config issues know #120)
- crate does better version checking against openapi features - #106
- initial
log_stream
support - #109
- Add support for ServiceAccount, Role, ClusterRole, RoleBinding, Endpoint - #113 + #111
- Upgrade k8s-openapi to 0.7 => breaking changes: https://github.com/Arnavion/k8s-openapi/blob/master/CHANGELOG.md#v070-2020-01-23
- Bump tokio and reqwest to 0.2 and 0.10
- Fix bug in
log
fetcher - #107 - Temporarily allow invalid certs when testing on macosx - #105
- Allow sharing Reflectors between threads - #97
- Fix Reflector pararall lock issue (
poll
no longer blocksstate
)
- Improve Reflector reset algorithm (clear history less)
- Default watch timeouts changed to 300s everywhere
- This increases efficiency of Informers and Reflectors by keeping the connection open longer.
- However, if your Reflector relies on frequent polling you can set
timeout
or hide thepoll()
in a different context so it doesn't block your main work - Internal
RwLock
changed to afutures::Mutex
for soundness / proper non-blocking - #94 - blocking
Reflector::read()
renamed toasync Reflector::state()
- Expose
metadata.creation_timestamp
and.deletion_timestamp
(behind openapi flag) - #93
- ObjectList now implements Iterator - #91
- openapi feature no longer accidentally hardcoded to v1.15 feature - #90
- kube::Error is now a proper error enum and not a Fail impl (thiserror)
- soft-tokio dependency removed for futures-timer
- gzip re-introduced
- Fix unpinned gzip dependency breakage - #87
- api converted to use async/await with 1.39.0 (primitively)
- hyper upgraded to 0.10-alpha
- synchronous sleep replaced with tokio timer
Log
trait removed in favour of internal marker trait
- Add support for oidc providerss with
auth-provider
w/oaccess-token
- #70 - Bump most dependencies to more recent versions
- Expose custom client creation
- Added support for
v1beta1Ingress
- Expose incluster_config::load_default_ns - #74
- Add missing
uid
field onObjectMeta::ownerReferences
- Add
Reflector::get
andReflector::get_within
as cheaper getters - Add support for OpenShift kube configs with multiple CAs - via #64
- Add missing
ObjectMeta::ownerReferences
- Reduced memory consumption during compile with
[email protected]
- #62
- Fix compile issue on
1.37.0
withUtc
serialization - Fix
Void
not havingSerialize
derive
- Added support for
v1Job
resources - via #58 - Added support for
v1Namespace
,v1DaemonSet
,v1ReplicaSet
,v1PersistentVolumeClaim
,v1PersistentVolume
,v1ResourceQuota
,v1HorizontalPodAutoscaler
- via #59 - Added support for
v1beta1CronJob
,v1ReplicationController
,v1VolumeAttachment
,v1NetworkPolicy
- via #60 k8s-openapi
optional dependency bumped to0.5.0
(for kube 1.14 structs)
Reflector::read
now returns aVec<K>`` rather than a
Vec<(name, K)>`: This fixes an unsoundness bug internally - #56 via @gnieto
- Experimental oauth2 support for some providers - via #44 :
- a big cherry-pick from various prs upstream originally for GCP
- EKS works with setup in kube-rs#20 (comment)
- Added support for
Log
subresource - via #50 - Added support for
v1ConfigMap
with example - via #49 - Demoted some spammy info messages from Reflector
- Added
PatchParams
withPatchStrategy
to allow arbitrary patch types - #24 via @ragne Event
renamed tov1Event
to match non-slowflake type namesv1Service
support added- Added
v1Secret
snowflake type and asecret_reflector
example
-
Api<P, U>
is nowApi<K>
for someKubeObject
K:- Big change to allow snowflake objects (#35) - but also slightly nicer
- You want aliases
type Pod = Object<PodSpec, PodStatus>
- This gives you the required
KubeObject
trait impl for free
-
Added
Event
native type to prove snowflakes can be handled - #35 -
ApiStatus
renamed toStatus
to match kube api conventions #36 -
Rename
Metadata
toObjectMeta
#36 -
Added
ListMeta
forObjectList
andStatus
#36 -
Added
TypeMeta
object which is flattened ontoObject
, so:o.types.kind
rather thano.kind
o.types.version
rather thano.version
- Status subresource api commands added to
Api
:patch_status
get_status
replace_status
^ Seecrd_openapi
orcrd_api
examples
- Scale subresource commands added to
Api
:patch_scale
get_scale
replace_scale
^ Seecrd_openapi
example
- Typed
Api
variant calledOpenApi
introduced (see crd_openapi example) - Revert
client.request
return type change (back to response only from pre-0.7.0 #28) delete
now returns `Either<Object<P, U>, ApiStatus> - for bug#32delete_collection
now returns `Either<ObjectList<Object<P, U>>, ApiStatus> - for bug#32Informer::new
renamed toInformer::raw
Reflector::new
renamed toReflector::raw
Reflector::new
+Informer::new
added for "openapi" compile time feature (does not require specifying the generic types)
- Expose list/watch parameters #11
- Many API struct renames:
ResourceMap
->Cache
Resource
->Object
ResourceList
->ObjectList
ApiResource
->Api
ResourceType
has been removed in favour ofApi::v1Pod()
sayObject::status
now wrapped in anOption
(not present everywhere)ObjectList
exposed- Major API overhaul to support generic operations on
Object
- Api can be used to perform generic actions on resources:
create
get
delete
watch
list
patch
replace
get_scale
(when scale subresource exists)patch_scale
(ditto)replace_scale
(ditto)get_status
(when status subresource exists)patch_status
(ditto)replace_status
(ditto)
- crd_api example added to track the action api
- Bunch of generic parameter structs exposed for common operations:
ListParams
exposedDeleteParams
exposedPostParams
exposed
- Errors from
Api
exposed inkube::Error
:Error::api_error -> Option<ApiError>
exposed- Various other error types also in there (but awkward setup atm)
client.request
now returns a tuple(T, StatusCode)
(before onlyT
)
- Expose getter
Informer::version
- Exose ctor
Informer::from_version
- Expose more attributes in
Metadata
Informer::reset
convenience method addedInformer::poll
no longer returns events straight- an
Informer
now cachesWatchEvent
elements into an internal queue Informer::pop
pops a single element from its internal queueReflector::refresh
renamed toReflector::reset
(matchesInformer
)Void
type added so we can useReflector<ActualSpec, Void>
- removes need for Spec/Status structs:
ReflectorSpec
,ReflectorStatus
removedInformerSpec
,InformerStatus
removedResourceSpecMap
,ResourceStatusMap
removed
WatchEvents
removedWatchEvent
exposed, and now wraps `Resource<T, U>``
- added
Informer
struct dedicated to handling events - Reflectors no longer cache
events
- see #6
- ResourceMap now contains the full Resource<T,U> struct rather than a tuple as the value. =>
value.metadata
is available in the cache. - Reflectors now also cache
events
to allow apps to handle them
Named
trait removed (inferring from metadata.name now)- Reflectors now take two type parameters (unless you use
ReflectorSpec
orReflectorStatus
) - see examples for usage - Native kube types supported via
ApiResource
- Some native kube resources have easy converters to
ApiResource