Releases: kubernetes-retired/multi-tenancy
HNC v0.5.2 RC2
HNC v0.5.2 RC2 includes several usability simplifications for subnamespaces relative to HNC v0.4, and maintains full backwards compatibility with the v1alpha1
API.
To install this release on your cluster, run the following commands:
HNC_VERSION=v0.5.2-rc2
kubectl apply -f https://github.com/kubernetes-sigs/multi-tenancy/releases/download/hnc-${HNC_VERSION}/hnc-manager.yaml
To install the kubectl plugin on your workstation, switch to any directory in your PATH
(e.g. ~/bin
) and run the following commands:
HNC_VERSION=v0.5.2-rc2
HNC_PLATFORM=linux_amd64 # also supported: darwin_amd64
curl -L https://github.com/kubernetes-sigs/multi-tenancy/releases/download/hnc-${HNC_VERSION}/kubectl-hns_${HNC_PLATFORM} -o ./kubectl-hns
chmod +x ./kubectl-hns
# Ensure the plugin is working
kubectl hns
# The help text should be displayed
For more instructions, see the user guide.
Changelog
Since HNC v0.5.1
- HNC's timeout on the object validator is too long (#1023)
- Distribute the kubectl plugin for MacOS (#1029)
- HNC supports server-side dry-run (#1056)
Since HNC v0.5.0
This release fixes the following bugs:
- HNC does not prevent propagated objects from being deleted (#845)
Since HNC v0.4
Key new/changed features in this release include:
- You can delete a leaf subnamespace by deleting its anchor without first setting
allowCascadingDelete
. That is, you're allowed to delete any namespace or subnamespace as long as this will not trigger the deletion of any other subnamespaces (#716). - The behaviour of
allowCascadingDelete
has been simplified - it now takes effect if any ancestor has it set (#730). - HNC startup time has been reduced from >90s to ~15s when it is first installed (#765)
- All finalizers are removed from HNC resources if the CRDs are deleted, making uninstallation easier (#824).
In addition, the following known issues from HNC v0.4 were fixed in this release:
- If you managed to create a subnamespace anchor to an existing namespace (by bypassing the webhook, or due to an extremely unlucky race condition), and if that subnamespace had
allowCascadingDelete
set (which is not the default), then you could delete that namespace. In HNC v0.5, deleting a conflicting anchor does not affect the subnamespace (#797). - The object validators were set up correctly and did not respond to changes in
HNCConfiguration
. That is, if you overwrote or deleted an object managed by HNC, it would appear to succeed, but HNC would immediately overwrite it. In HNC v0.5, attempting to modify a propagated object will result in a validation error (#761).
Known issues
These issues are being (or have been) fixed in a future release of HNC, but are considered to be sufficiently rare or low-impact that we are not currently planning on backporting them to HNC v0.5. Please contact aludwin@google.com if you are affected by these changes and require a backport.
- If a RoleBinding is quickly deleted and recreated with a new Role, HNC may fail to update it (#798)
Testing signoff
Target | Tests | Result |
---|---|---|
GKE 1.15 (stable channel) | make e2e-test |
Passed |
HNC v0.5.2 RC1
HNC v0.5.2 RC1 includes several usability simplifications for subnamespaces relative to HNC v0.4, and maintains full backwards compatibility with the v1alpha1
API.
To install this release on your cluster, run the following commands:
HNC_VERSION=v0.5.2-rc1
kubectl apply -f https://github.com/kubernetes-sigs/multi-tenancy/releases/download/hnc-${HNC_VERSION}/hnc-manager.yaml
To install the kubectl plugin on your workstation, switch to any directory in your PATH
(e.g. ~/bin
) and run the following commands:
HNC_VERSION=v0.5.2-rc1
HNC_PLATFORM=linux_amd64 # also supported: darwin_amd64
curl -L https://github.com/kubernetes-sigs/multi-tenancy/releases/download/hnc-${HNC_VERSION}/kubectl-hns_${HNC_PLATFORM} -o ./kubectl-hns
chmod +x ./kubectl-hns
# Ensure the plugin is working
kubectl hns
# The help text should be displayed
For more instructions, see the user guide.
Changelog
Since HNC v0.5.1
- HNC's timeout on the object validator is too long (#1023)
- Distribute the kubectl plugin for MacOS (#1029)
Since HNC v0.5.0
This release fixes the following bugs:
- HNC does not prevent propagated objects from being deleted (#845)
Since HNC v0.4
Key new/changed features in this release include:
- You can delete a leaf subnamespace by deleting its anchor without first setting
allowCascadingDelete
. That is, you're allowed to delete any namespace or subnamespace as long as this will not trigger the deletion of any other subnamespaces (#716). - The behaviour of
allowCascadingDelete
has been simplified - it now takes effect if any ancestor has it set (#730). - HNC startup time has been reduced from >90s to ~15s when it is first installed (#765)
- All finalizers are removed from HNC resources if the CRDs are deleted, making uninstallation easier (#824).
In addition, the following known issues from HNC v0.4 were fixed in this release:
- If you managed to create a subnamespace anchor to an existing namespace (by bypassing the webhook, or due to an extremely unlucky race condition), and if that subnamespace had
allowCascadingDelete
set (which is not the default), then you could delete that namespace. In HNC v0.5, deleting a conflicting anchor does not affect the subnamespace (#797). - The object validators were set up correctly and did not respond to changes in
HNCConfiguration
. That is, if you overwrote or deleted an object managed by HNC, it would appear to succeed, but HNC would immediately overwrite it. In HNC v0.5, attempting to modify a propagated object will result in a validation error (#761).
Known issues
These issues are being (or have been) fixed in a future release of HNC, but are considered to be sufficiently rare or low-impact that we are not currently planning on backporting them to HNC v0.5. Please contact aludwin@google.com if you are affected by these changes and require a backport.
- If a RoleBinding is quickly deleted and recreated with a new Role, HNC may fail to update it (#798)
Testing signoff
Target | Tests | Description |
---|---|---|
GKE 1.17 (rapid channel) | make test-e2e |
To come |
GKE 1.16 (regular channel) | " | To come |
GKE 1.15 (stable channel) | " | To come |
HNC v0.5.1
HNC v0.5.1 includes several usability simplifications for subnamespaces relative to HNC v0.4, and maintains full backwards compatibility with the v1alpha1
API.
To install this release on your cluster, run the following commands:
HNC_VERSION=v0.5.1
kubectl apply -f https://github.com/kubernetes-sigs/multi-tenancy/releases/download/hnc-${HNC_VERSION}/hnc-manager.yaml
To install the kubectl plugin on your workstation, switch to any directory in your PATH
(e.g. ~/bin
) and run the following commands:
HNC_VERSION=v0.5.1
curl -L https://github.com/kubernetes-sigs/multi-tenancy/releases/download/hnc-${HNC_VERSION}/kubectl-hns -o ./kubectl-hns
chmod +x ./kubectl-hns
# Ensure the plugin is working
kubectl hns
# The help text should be displayed
For more instructions, see the user guide.
Changelog
A complete list of changes since HNC v0.4 is available here.
Since HNC v0.5.0
This release fixes the following bugs:
- HNC does not prevent propagated objects from being deleted (#845)
Since HNC v0.4
Key new/changed features in this release include:
- You can delete a leaf subnamespace by deleting its anchor without first setting
allowCascadingDelete
. That is, you're allowed to delete any namespace or subnamespace as long as this will not trigger the deletion of any other subnamespaces (#716). - The behaviour of
allowCascadingDelete
has been simplified - it now takes effect if any ancestor has it set (#730). - HNC startup time has been reduced from >90s to ~15s when it is first installed (#765)
- All finalizers are removed from HNC resources if the CRDs are deleted, making uninstallation easier (#824).
In addition, the following known issues from HNC v0.4 were fixed in this release:
- If you managed to create a subnamespace anchor to an existing namespace (by bypassing the webhook, or due to an extremely unlucky race condition), and if that subnamespace had
allowCascadingDelete
set (which is not the default), then you could delete that namespace. In HNC v0.5, deleting a conflicting anchor does not affect the subnamespace (#797). - The object validators were set up correctly and did not respond to changes in
HNCConfiguration
. That is, if you overwrote or deleted an object managed by HNC, it would appear to succeed, but HNC would immediately overwrite it. In HNC v0.5, attempting to modify a propagated object will result in a validation error (#761).
Known issues
These issues are being (or have been) fixed in a future release of HNC, but are considered to be sufficiently rare or low-impact that we are not currently planning on backporting them to HNC v0.5. Please contact aludwin@google.com if you are affected by these changes and require a backport.
- If a RoleBinding is quickly deleted and recreated with a new Role, HNC may fail to update it (#798)
Testing signoff
Target | Tests | Description |
---|---|---|
GKE 1.17 (rapid channel) | go test ./test/... on master branch since tests aren't available in 0.5 branch yet |
All passed except for a flake (#950). Retried by hand and it passed. |
GKE 1.16 (regular channel) | " | All passed |
GKE 1.14 | " | All passed except for tests for #716 as expected (K8s 1.14 doesn't support webhooks to stop deletion) |
HNC v0.5.1 RC1
HNC v0.5 includes several usability simplifications for subnamespaces relative to HNC v0.4, and maintains full backwards compatibility with the v1alpha1
API.
To install this release on your cluster, run the following commands:
HNC_VERSION=v0.5.1-rc1
kubectl apply -f https://github.com/kubernetes-sigs/multi-tenancy/releases/download/hnc-${HNC_VERSION}/hnc-manager.yaml
To install the kubectl plugin on your workstation, switch to any directory in your PATH
(e.g. ~/bin
) and run the following commands:
HNC_VERSION=v0.5.1-rc1
curl -L https://github.com/kubernetes-sigs/multi-tenancy/releases/download/hnc-${HNC_VERSION}/kubectl-hns -o ./kubectl-hns
chmod +x ./kubectl-hns
# Ensure the plugin is working
kubectl hns
# The help text should be displayed
For more instructions, see the user guide.
Changelog
A complete list of changes since HNC v0.4 is available here.
Since HNC v0.5.0
This release fixes the following bugs:
- HNC does not prevent propagated objects from being deleted (#845)
Since HNC v0.4
Key new/changed features in this release include:
- You can delete a leaf subnamespace by deleting its anchor without first setting
allowCascadingDelete
. That is, you're allowed to delete any namespace or subnamespace as long as this will not trigger the deletion of any other subnamespaces (#716). - The behaviour of
allowCascadingDelete
has been simplified - it now takes effect if any ancestor has it set (#730). - HNC startup time has been reduced from >90s to ~15s when it is first installed (#765)
- All finalizers are removed from HNC resources if the CRDs are deleted, making uninstallation easier (#824).
In addition, the following known issues from HNC v0.4 were fixed in this release:
- If you managed to create a subnamespace anchor to an existing namespace (by bypassing the webhook, or due to an extremely unlucky race condition), and if that subnamespace had
allowCascadingDelete
set (which is not the default), then you could delete that namespace. In HNC v0.5, deleting a conflicting anchor does not affect the subnamespace (#797). - The object validators were set up correctly and did not respond to changes in
HNCConfiguration
. That is, if you overwrote or deleted an object managed by HNC, it would appear to succeed, but HNC would immediately overwrite it. In HNC v0.5, attempting to modify a propagated object will result in a validation error (#761).
Known issues
These issues are being (or have been) fixed in a future release of HNC, but are considered to be sufficiently rare or low-impact that we are not currently planning on backporting them to HNC v0.5. Please contact aludwin@google.com if you are affected by these changes and require a backport.
- If a RoleBinding is quickly deleted and recreated with a new Role, HNC may fail to update it (#798)
Testing signoff
Target | Tests | Description |
---|---|---|
GKE 1.17 (rapid channel) | go test ./test/... on master branch since tests aren't available in 0.5 branch yet |
All passed except for a flake (#950). Retried by hand and it passed. |
GKE 1.16 (regular channel) | " | All passed |
GKE 1.14 | " | All passed except for tests for #716 as expected (K8s 1.14 doesn't support webhooks to stop deletion) |
HNC v0.5.0
HNC v0.5 includes several usability simplifications for subnamespaces relative to HNC v0.4, and maintains full backwards compatibility with the v1alpha1
API.
To install this release on your cluster, run the following commands:
HNC_VERSION=v0.5.0
kubectl apply -f https://github.com/kubernetes-sigs/multi-tenancy/releases/download/hnc-${HNC_VERSION}/hnc-manager.yaml
To install the kubectl plugin on your workstation, switch to any directory in your PATH
(e.g. ~/bin
) and run the following commands:
HNC_VERSION=v0.5.0
curl -L https://github.com/kubernetes-sigs/multi-tenancy/releases/download/hnc-${HNC_VERSION}/kubectl-hns -o ./kubectl-hns
chmod +x ./kubectl-hns
# Ensure the plugin is working
kubectl hns
# The help text should be displayed
For more instructions, see the user guide.
Changelog
A complete list of changes since HNC v0.4 is available here.
Since HNC v0.4
Key new/changed features in this release include:
- You can delete a leaf subnamespace by deleting its anchor without first setting
allowCascadingDelete
. That is, you're allowed to delete any namespace or subnamespace as long as this will not trigger the deletion of any other subnamespaces (#716). - The behaviour of
allowCascadingDelete
has been simplified - it now takes effect if any ancestor has it set (#730). - HNC startup time has been reduced from >90s to ~15s when it is first installed (#765)
- All finalizers are removed from HNC resources if the CRDs are deleted, making uninstallation easier (#824).
In addition, the following known issues from HNC v0.4 were fixed in this release:
- If you managed to create a subnamespace anchor to an existing namespace (by bypassing the webhook, or due to an extremely unlucky race condition), and if that subnamespace had
allowCascadingDelete
set (which is not the default), then you could delete that namespace. In HNC v0.5, deleting a conflicting anchor does not affect the subnamespace (#797). - The object validators were set up correctly and did not respond to changes in
HNCConfiguration
. That is, if you overwrote or deleted an object managed by HNC, it would appear to succeed, but HNC would immediately overwrite it. In HNC v0.5, attempting to modify a propagated object will result in a validation error (#761).
Known issues
These issues are being (or have been) fixed in a future release of HNC, but are considered to be sufficiently rare or low-impact that we are not currently planning on backporting them to HNC v0.5. Please contact aludwin@google.com if you are affected by these changes and require a backport.
HNC v0.5.0 RC1
HNC v0.5 includes several usability simplifications relative to HNC v0.4, and maintains full backwards compatibility with the v1alpha1
API.
To install this release on your cluster, run the following commands:
HNC_VERSION=v0.5.0-rc1
kubectl apply -f https://github.com/kubernetes-sigs/multi-tenancy/releases/download/hnc-${HNC_VERSION}/hnc-manager.yaml
To install the kubectl plugin on your workstation, switch to any directory in your PATH
(e.g. ~/bin
) and run the following commands:
HNC_VERSION=v0.5.0-rc1
curl -L https://github.com/kubernetes-sigs/multi-tenancy/releases/download/hnc-${HNC_VERSION}/kubectl-hns -o ./kubectl-hns
chmod +x ./kubectl-hns
# Ensure the plugin is working
kubectl hns
# The help text should be displayed
For more instructions, see the user guide.
Changelog
A complete list of changes since HNC v0.4 is available here.
Since HNC v0.4
Key new/changed features in this release include:
- You can delete a leaf subnamespace by deleting its anchor without first setting
allowCascadingDelete
. That is, you're allowed to delete any namespace or subnamespace as long as this will not trigger the deletion of any other subnamespaces (#716). - The behaviour of
allowCascadingDelete
has been simplified - it now takes effect if any ancestor has it set (#730). - HNC startup time has been reduced from >90s to ~15s when it is first installed (#765)
- All finalizers are removed from HNC resources if the CRDs are deleted, making uninstallation easier (#824).
In addition, the following known issues from HNC v0.4 were fixed in this release:
- If you managed to create a subnamespace anchor to an existing namespace (by bypassing the webhook, or due to an extremely unlucky race condition), and if that subnamespace had
allowCascadingDelete
set (which is not the default), then you could delete that namespace. In HNC v0.5, deleting a conflicting anchor does not affect the subnamespace (#797). - The object validators were set up correctly and did not respond to changes in
HNCConfiguration
. That is, if you overwrote or deleted an object managed by HNC, it would appear to succeed, but HNC would immediately overwrite it. In HNC v0.5, attempting to modify a propagated object will result in a validation error (#761).
Known issues
These issues are being (or have been) fixed in a future release of HNC, but are considered to be sufficiently rare or low-impact that we are not currently planning on backporting them to HNC v0.5. Please contact aludwin@google.com if you are affected by these changes and require a backport.
HNC v0.4.0
HNC v0.4 goal is to stabilize HNC's UX. From now on, we will not make backwards-incompatible changes to the v1alpha1
API; we will either maintain compatibility or introduce a new API version after a suitable deprecation period.
To install this release on your cluster, run the following commands:
HNC_VERSION=v0.4.0
kubectl apply -f https://github.com/kubernetes-sigs/multi-tenancy/releases/download/hnc-${HNC_VERSION}/hnc-manager.yaml
To install the kubectl plugin on your workstation, switch to any directory in your PATH
(e.g. ~/bin
) and run the following commands:
HNC_VERSION=v0.4.0
curl -L https://github.com/kubernetes-sigs/multi-tenancy/releases/download/hnc-${HNC_VERSION}/kubectl-hns -o ./kubectl-hns
chmod +x ./kubectl-hns
# Ensure the plugin is working
kubectl hns
# The help text should be displayed
For more instructions, see the user guide.
Changelog
A complete list of changes since HNC v0.3 is available here.
Since HNC v0.4.0 rc2
None
Since HNC v0.4.0 rc1
Fixed:
- Allow HNC to work without Stackdriver (#770)
Since HNC v0.3
Key new/changed features in this release include:
- The user interface for creating subnamespaces has changed - rather than creating a
HierarchicalNamespace
object, you now create aSubnamespaceAnchor
object. Otherwise, the UX is identical (issue #704 plus doc updates) - HNC no longer requires
cert-manager
to run (#653) - The
CritCycle
condition is now applied to all namespaces involved in a cycle, not just one randomly-selected one (#666) - Tree labels are updated even in the presence of critical conditions (#660)
- Namespace conditions are now available as a metric (#736)
Known issues
These issues are being (or have been) fixed in HNC v0.5, but are considered to be sufficiently rare or low-impact that we are not currently planning on backporting them to HNC v0.4. Please contact aludwin@google.com if you are affected by these changes and require a backport.
- The object validators are not all set up correctly and do not respond to changes in
HNCConfiguration
. That is, if you overwrite or delete an object managed by HNC, it may appear to succeed, but HNC will immediately overwrite it (#761) - If a RoleBinding is quickly deleted and recreated with a new Role, HNC may fail to update it (#798)
- If you manage to create a subnamespace anchor to an existing namespace (by bypassing the webhook, or due to an extremely unlucky race condition), and if that subnamespace has
allowCascadingDelete
set (which is not the default), then you can delete that namespace (#797).
HNC v0.4.0 RC2
HNC v0.4 is intended to stabilize HNC's UX. From now on, we will not make backwards-incompatible changes to the v1alpha1
API; we will either maintain compatibility or introduce a new API version after a suitable deprecation period.
To install this release, run the following commands:
HNC_VERSION=v0.4.0-rc2
kubectl apply -f https://github.com/kubernetes-sigs/multi-tenancy/releases/download/hnc-${HNC_VERSION}/hnc-manager.yaml
For more instructions, see the user guide.
Changelog
A complete list of changes since HNC v0.3 is available here.
Since HNC v0.4.0 rc1
Fixed:
- Allow HNC to work without Stackdriver (#770)
Since HNC v0.3
Key new/changed features in this release include:
- The user interface for creating subnamespaces has changed - rather than creating a
HierarchicalNamespace
object, you now create aSubnamespaceAnchor
object. Otherwise, the UX is identical (issue #704 plus doc updates) - HNC no longer requires
cert-manager
to run (#653) - The
CritCycle
condition is now applied to all namespaces involved in a cycle, not just one randomly-selected one (#666) - Tree labels are updated even in the presence of critical conditions (#660)
- Namespace conditions are now available as a metric (#736)
Known issues
- The object validators are not all set up correctly and do not respond to changes in
HNCConfiguration
. That is, if you overwrite or delete an object managed by HNC, it may appear to succeed, but HNC will immediately overwrite it (#761)
HNC v0.4.0 RC1
HNC v0.4 is intended to stabilize HNC's UX. From now on, we will not make backwards-incompatible changes to the v1alpha1
API; we will either maintain compatibility or introduce a new API version after a suitable deprecation period.
To install HNC v0.4.0 rc1, follow the instructions in the user guide, with the following environment variable set:
HNC_VERSION=v0.4.0-rc1
Key new/changed features in this release include:
- The user interface for creating subnamespaces has changed - rather than creating a
HierarchicalNamespace
object, you now create aSubnamespaceAnchor
object. Otherwise, the UX is identical (issue #704 plus doc updates) - HNC no longer requires
cert-manager
to run (#653) - The
CritCycle
condition is now applied to all namespaces involved in a cycle, not just one randomly-selected one (#666) - Tree labels are updated even in the presence of critical conditions (#660)
- Namespace conditions are now available as a metric (#736)
A complete list of changes is available here.
The only known issue is #761 - the object validators are not all set up correctly and do not respond to changes in HNCConfiguration
. That is, if you overwrite or delete an object managed by HNC, it may appear to succeed, but HNC will immediately overwrite it.
HNC v0.3.0
This release is the "MVP" of HNC - that is, the minimum number of features required to be usable in a real usecase. It's still not suitable for prod workloads, but it should be usable in a dev cluster. See the user guide for instructions of how to use it.
The major features since v0.2 are:
- A new self-service namespace UX that includes dedicated objects (and permissions) for self-service namespace creation, as well as cascading deletion of all namespaces created through this method (with appropriate safety controls). Design: http://bit.ly/hnc-self-serve-ux. Tracking bug: #457
- Type configuration. Only propagate RBAC objects by default, but allow other builtin types (e.g. Secrets) or CRDs to be propagated as well. Design: http://bit.ly/hnc-type-configuration. Tracking bug: #411
Many other issues have also been fixed, especially regarding the reliability of conditions displayed on namespaces to alert users to errors. See https://github.com/kubernetes-sigs/multi-tenancy/milestone/10 for more details.
Please note that the API in v0.3 is not backwards-compatible with the API in v0.2. In particular, the .spec.requiredChild
field of the HierarchyConfiguration
has been removed and replaced by the HierarchicalNamespace
objects, as described below. We will try to avoid breaking changes to the API in v0.4 but are not yet committing to do so.
Installation instructions:
# Set the desired release:
HNC_VERSION=v0.3.0
# Install prerequisites on your cluster
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v0.11.0/cert-manager.yaml
# WAIT for the cert-manager deployments to all become healthy. This can take a
# minute or two.
# Install HNC on your cluster. If this fails due to the cert-manager webhook not
# being ready yet, wait for the webhook to become ready, then re-run it. Usually the cert-manager webhook takes five minutes to be ready.
kubectl apply -f https://github.com/kubernetes-sigs/multi-tenancy/releases/download/hnc-${HNC_VERSION}/hnc-manager.yaml
# Download kubectl plugin (Linux only) - will move to Krew soon
PLUGIN_DIR=<directory where you keep your plugins - just has to be on your PATH>
curl -L https://github.com/kubernetes-sigs/multi-tenancy/releases/download/hnc-${HNC_VERSION}/kubectl-hns -o ${PLUGIN_DIR}/kubectl-hns
chmod +x ${PLUGIN_DIR}/kubectl-hns