0.68.0

Interface Changes

To reduce the amount of allocation done inside the runtime by reflectors and controllers, the following change via #786 is needed on the signature of your reconcile functions:

-async fn reconcile(myobj: MyK, ctx: Context<Data>) -> Result<ReconcilerAction>
+async fn reconcile(myobj: Arc<MyK>, ctx: Context<Data>) -> Result<ReconcilerAction>

This also affects the finalizer helper.

Port-forwarding

As one of the last steps toward gold level client requirements, port-forwarding landed in #446. There are 3 new examples (port_forward*.rs) that showcases how to use this websocket based functionality.

What's Changed

Added

• Add a VS Code devcontainer configuration by @olix0r in #788
• Add support for user impersonation by @teozkr in #797
• Add port forward by @kazk in #446

Changed

• runtime: Store resources in an Arc by @olix0r in #786
• Propagate Arc through the finalizer reconciler helper by @teozkr in #792
• Disable unused default features of chrono crate by @dreamer in #801

Fixed

• Use absolute path to Result in derives by @teozkr in #795
• core: add missing reason to Display on Error::Validation in Request by @clux in #798

New Contributors

• @dreamer made their first contribution in #801

Full Changelog: 0.67.0...0.68.0

0.67.0

What's Changed

Changed

• runtime: Replace DashMap with a locked AHashMap by @olix0r in #785
• update k8s-openapi for kubernetes 1.23 support by @clux in #789

Full Changelog: 0.66.0...0.67.0

0.66.0

News

Tons of small feature additions, and 3 new contributors in this milestone.
Highlighted first is the 3 most discussed changes:

Support for auto-generating schemas for enums in kube-derive

It is now possible to embed complex enums inside structs that use #[derive(CustomResource)].

This has been a highly requested feature since the inception of auto-generated schemas. It does not work for all cases, and has certain ergonomics caveats, but represents a huge step forwards.

Note that if you depend on kube-derive directly rather than via kube then you must now add the schema feature to kube-core

New StreamBackoff mechanism in kube-runtime

To avoid spamming the apiserver when on certain watch errors cases, it's now possible to stream wrap the watcher to set backoffs. The new default_backoff follows existing client-go conventions of being kind to the apiserver.

Initially, this is default-enabled in Controller watches (configurable via Controller::trigger_backoff) and avoids spam errors when crds are not installed.

New version priority parser in kube-core

To aid users picking the most appropriate version of a kind from api discovery or through a CRD, two new sort orders have been exposed on the new kube_core::Version

• Version::priority implementing kubernetes version priority
• Version::generation implementing a more traditional; generational sort (highest version)

What's Changed

Added

• Add DeleteParams constructors for easily setting PropagationPolicy by @kate-goldenring in #757
• Add Serialize to ObjecList and add field-selector and jsonpath example by @ChinYing-Li in #760
• Implement cordon/uncordon for Node by @ChinYing-Li in #762
• Export Version priority parser with Ord impls in kube_core by @clux in #764
• Add Api fns for arbitrary subresources and approval subresource for CertificateSigningRequest by @ChinYing-Li in #773
• Support complex enums in CRDs by @teozkr in #779

Changed

• Add backoff handling for watcher and Controller by @clux in #703
• Remove crate private identity_pem field from Config by @kazk in #771
• Use SecretString in AuthInfo to avoid credential leaking by @ChinYing-Li in #766

New Contributors

• @kate-goldenring made their first contribution in #757
• @ChinYing-Li made their first contribution in #760
• @LyleScott made their first contribution in #775

Full Changelog: 0.65.0...0.66.0

0.65.0

• BREAKING: Removed kube::Error::OpenSslError - #716 by @kazk
• BREAKING: Removed kube::Error::SslError - #704 and #716 by @kazk
• BREAKING: Added kube::Error::NativeTls(kube::client::NativeTlsError) for errors from Native TLS - #716 by @kazk
• BREAKING: Added kube::Error::RustlsTls(kube::client::RustlsTlsError) for errors from Rustls TLS - #704 by @kazk
• Modified Kubeconfig parsing - allow empty kubeconfigs as per kubectl - #721 by @kazk
• Added Kubeconfig::from_yaml - #718 via #719 by @imp
• Updated rustls to 0.20.1 - #704 by @clux and @kazk
• BREAKING: Added ObjectRef to the object that failed to be reconciled to kube::runtime::controller::Error::ReconcileFailed - #733 by @teozkr
• BREAKING: Removed api_version and kind fields from kind structs generated by kube::CustomResource - #739 by @teozkr
• Updated tokio-tungstenite to 0.16 - #750 by @dependabot
• Updated tower-http to 0.2.0 - #748 by @kazk
• BREAKING: kube-client: replace RefreshTokenLayer with AsyncFilterLayer in AuthLayer - #752 by @kazk

0.64.0

• BREAKING: Replaced feature kube-derive/schema with attribute #[kube(schema)] - #690
  • If you currently disable default kube-derive default features to avoid automatic schema generation, add #[kube(schema = "disabled")] to your spec struct instead
• BREAKING: Moved CustomResource derive crate overrides into subattribute #[kube(crates(...))] - #690
  • Replace #[kube(kube_core = .., k8s_openapi = .., schema = .., serde = .., serde_json = ..)] with #[kube(crates(kube_core = .., k8s_openapi = .., schema = .., serde = .., serde_json = ..))]
• Added openssl-tls feature to use openssl for TLS on all platforms. Note that, even though native-tls uses a platform specific TLS, kube requires openssl on all platforms because native-tls only allows PKCS12 input to load certificates and private key at the moment, and creating PKCS12 requires openssl. - #700
• BREAKING: Changed to fail loading configurations with PEM-encoded certificates containing invalid sections instead of ignoring them. Updated pem to 1.0.1. - #702
• oauth: Updated tame-oauth to 0.6.0 which supports the same default credentials flow as the Go oauth2 for Google OAuth. In addition to reading the service account information from JSON file specified with GOOGLE_APPLICATION_CREDENTIALS environment variable, Application Default Credentials from gcloud, and obtaining OAuth tokens from local metadata server when running inside GCP are now supported. - #701

Refining Errors

We started working on improving error ergonomics. See the tracking issue #688 for more details.

The following is the summary of changes to kube::Error included in this release:

• Added Error::Auth(kube::client::AuthError) (errors related to client auth, some of them were previously in Error::Kubeconfig)
• Added Error::BuildRequest(kube::core::request::Error) (errors building request from kube::core)
• Added Error::InferConfig(kube::config::InferConfigError) (for Client::try_default)
• Added Error::OpensslTls(kube::client::OpensslTlsError) (new openssl-tls feature) - #700
• Added Error::UpgradeConnection(kube::client::UpgradeConnectinError) (ws feature, errors from upgrading a connection)
• Removed Error::Connection (was unused)
• Removed Error::RequestBuild (was unused)
• Removed Error::RequestSend (was unused)
• Removed Error::RequestParse (was unused)
• Removed Error::InvalidUri (replaced by variants of errors in kube::config errors)
• Removed Error::RequestValidation (replaced by a variant of Error::BuildRequest)
• Removed Error::Kubeconfig (replaced by Error::InferConfig, and Error::Auth)
• Removed Error::ProtocolSwitch (ws only, replaced by Error::UpgradeConnection)
• Removed Error::MissingUpgradeWebSocketHeader (ws only, replaced by Error::UpgradeConnection)
• Removed Error::MissingConnectionUpgradeHeader (ws only, replaced by Error::UpgradeConnection)
• Removed Error::SecWebSocketAcceptKeyMismatch (ws only, replaced by Error::UpgradeConnection)
• Removed Error::SecWebSocketProtocolMismatch (ws only, replaced by Error::UpgradeConnection)
• Removed impl From<T> for Error

Expand for more details

The following breaking changes were made as a part of an effort to refine errors (the list is large, but most of them are lower level, and shouldn't require much change in most cases):

• Removed impl From<E> for kube::Error - #686
• Removed unused error variants in kube::Error: Connection, RequestBuild, RequestSend, RequestParse - #689
• Removed unused error variant kube::error::ConfigError::LoadConfigFile - #689
• Changed kube::Error::RequestValidation(String) to kube::Error::BuildRequest(kube::core::request::Error). Includes possible errors from building an HTTP request, and contains some errors from kube::core that was previously grouped under kube::Error::SerdeError and kube::Error::HttpError. kube::core::request::Error is described below. - #686
• Removed kube::core::Error and kube::core::Result. kube::core::Error was replaced by more specific errors. - #686
  • Replaced kube::core::Error::InvalidGroupVersion with kube::core::gvk::ParseGroupVersionError
  • Changed the error returned from kube::core::admission::AdmissionRequest::with_patch to kube::core::admission::SerializePatchError (was kube::core::Error::SerdeError)
  • Changed the error associated with TryInto<AdmissionRequest<T>> to kube::core::admission::ConvertAdmissionReviewError (was kube::core::Error::RequestValidation)
  • Changed the error returned from methods of kube::core::Request to kube::core::request::Error (was kube::core::Error). kube::core::request::Error represents possible errors when building an HTTP request. The removed kube::core::Error had RequestValidation(String), SerdeError(serde_json::Error), and HttpError(http::Error) variants. They are now Validation(String), SerializeBody(serde_json::Error), and BuildRequest(http::Error) respectively in kube::core::request::Error.
• Changed variants of error enums in kube::runtime to tuples. Replaced snafu with thiserror. - #686
• Removed kube::error::ConfigError and kube::Error::Kubeconfig(ConfigError) - #696
  • Error variants related to client auth were moved to a new error kube::client::AuthError as described below
  • Remaining variants were split into kube::config::{InferConfigError, InClusterError, KubeconfigError} as described below
• Added kube::client::AuthError by extracting error variants related to client auth from kube::ConfigError and adding more variants to preserve context - #696
• Moved kube::error::OAuthError to kube::client::OAuthError - #696
• Changed all errors in kube::client::auth to kube::client::AuthError - #696
• Added kube::Error::Auth(kube::client::AuthError) - #696
• Added kube::config::InferConfigError which is an error from Config::infer() and kube::Error::InferConfig(kube::config::InferConfigError) - #696
• Added kube::config::InClusterError for errors related to loading in-cluster configuration by splitting kube::ConfigError and adding more variants to preserve context. - #696
• Added kube::config::KubeconfigError for errors related to loading kubeconfig by splitting kube::ConfigError and adding more variants to preserve context. - #696
• Changed methods of kube::Config to return these erorrs instead of kube::Error - #696
• Removed kube::Error::InvalidUri which was replaced by error variants preserving context, such as KubeconfigError::ParseProxyUrl - #696
• Moved all errors from upgrading to a WebSocket connection into kube::Error::UpgradeConnection(kube::client::UpgradeConnectionError) - #696

0.63.2

• kube::runtime::events: fix build and hide module on kubernetes < 1.19 (events/v1 missing there) - #685

0.63.1

• fix docs.rs build - #682
• kube::runtime::wait::Condition added boolean combinators (not/and/or) - #678

0.63.0

• rust edition bumped to 2021 - #664, #666, #667
• kube::CustomResource derive can now take arbitrary #[kube(k8s_openapi)] style-paths for k8s_openapi, schemars, serde, and serde_json - #675
• kube: fix native-tls included when only rustls-tls feature is selected - #673 via #674

0.62.0

• kube now re-exports kube-runtime under runtime feature - #651 via #652
  • no need to keep both kube and kube_runtime in Cargo.toml anymore
  • fixes issues with dependabot / lock-step upgrading
  • change kube_runtime::X import paths to kube::runtime::X when moving to the feature
• kube::runtime added events module with an event Recorder - #249 via #653 + #662 + #663
• kube::runtime::wait::conditions added is_crd_established helper - #659
• kube::CustomResource derive can now take an arbitrary #[kube_core] path for kube::core - #658
• kube::core consistently re-exported across crates
• docs: major overhaul + architecture.md - #416 via #652

0.61.0

• kube-core: BREAKING: extend CustomResourceExt trait with ::shortnames method (impl in kube-derive) - #641
• kube-runtime: add wait module to await_condition, and added watch_object to watcher - #632 via #633
• kube: add Restart marker trait to allow Api::restart on core workloads - #630 via #635
• bump dependencies: tokio-tungstenite, k8s-openapi, schemars, tokio in particular - #643 + #645