v0.3.0

The team behind the kcp-operator is happy to announce the availability of version 0.3.0. This release is focussing on bringing the operator closer to production readiness by allowing to configure more advanced PKIs and tweak the kcp components in a more fine-grained matter.

Changes since 0.2.0

Features

• #115: Add extraArgs to (Root)Shard and FrontProxy spec to allow additional customizations (by @mjudeikis)
• #109: Add spec.caBundleSecretRef to enable users to provide additional CA trust for shards and front-proxy (by @mjudeikis)
• #108: Allow to override issuer when configuring CertificateTemplate on shards (by @mjudeikis)
• #107: Allow to customize (Root)Shard baseURL by setting it to spec.shardBaseURL (by @mjudeikis)
• #116: Add logging settings to (Root)Shards and FrontProxy to control the logging verbosity (by @olamilekan000 & @xrstf)

Deprecations

• #113: Deprecate FrontProxySpec.ExternalHostname in favor of structured External configuration with support for separate internal/external hostnames and ports (by @mjudeikis)

Misc

• #114: kcp-operator is built with Go 1.24.9 (by @embik)
• #97: Update default kcp version to v0.28.3 (by @embik)

v0.2.1

Changes since v0.2.0

Features

• #98: Update default kcp tag to v0.28.3 (by @embik)

v0.2.0

The team behind the kcp-operator is happy to announce the availability of version 0.2.0. This brings with it support for kcp 0.28 and a bunch of bugfixes. Every user is encouraged to upgrade to this new release.

Changes since 0.1.0

Features

• #93: Update default kcp version to 0.28.1 (by @xrstf)
• #87: The kcp-operator now deploys an internal front-proxy for each RootShard. This proxy must not be exposed to the internet and is only meant to be used by the kcp-operator itself to provision resources inside workspaces. (by @xrstf)
• #89: Add the ability to configure a custom CA for the OIDC issuer as described in the --oidc-ca-file flag (by @aaronschweig)
• #72: Set up necessary logical-cluster-admin kubeconfigs for additional shards (by @embik)
• #68: Add OIDC configuration support for all components (by @mjudeikis)
• #83: The serving cert for front-proxies now includes the namespaced (serviceName.namespace) fully-qualified (serviceName.namespace.svc.cluster.local) names of the front-proxy Service (by @xrstf)
• #81: Set --service-account-lookup=false on shards and root shards to allow cross-shard ServiceAcount tokens (by @mjudeikis)
• #78: Validation has been added to prevent misconfiguration of FrontProxy authN methods (by @embik)
• #74: Do not set --service-account-key-file on front-proxy to allow individual shards to authenticate tokens (by @embik)

Bugfixes

• #92: Fix etcd TLS configuration breaking shard reconciling (by @xrstf)
• #88: Fix an issue where volumes have not been properly set for authorization webhooks (by @nexus49)
• #75: Fix ServiceAccount resolution & authentication in sharded model (by @mjudeikis)

Misc

• #85: Remove Ginkgo from unit tests, use fakeclient instead of envtest (by @xrstf)

v0.1.0

Initial release.