github kalmhq/kalm v0.1.0-rc.10
Kalm 0.1.0

New features

  • Supports the creation and auto renewal of wildcard SSL certificates via "Let's encrypt".
  • Support added for allocating user and group permissions. Kalm administrators can now create, manage, and impersonate permissions for Kalm users. Much of the client manager logic was refactored to support this feature. Kalm implements its own RBAC and authentication logic instead of using Kubernetes's. Read more at
  • Support added for OAuth Refresh Tokens. When the id_token is expired but the refresh_token is still valid, Auth Proxy supports refreshing id_token when requests come. This allows Kalm administrators to set a shorter id_token validity time, useful for quickly expiring user accounts that have lost permissions.
  • An access tab was added to the component form, which can manage authentication and authorization.
  • Support added for configuring Cross-Origin Resource Sharing (CORS) in http route form



  • Upgraded Istio from version 1.6.1 to version 1.7.3


  • Fixed excessively strict incidental resource restrictions #138
  • Fixed an error involving https redirection that changed the original route matching path to "/"
  • Fixed a dashboard error that displayed an incorrect UI status in the volumes tab of the component form

Migration Guide

Compared with the alpha5 version, this version has a lot of changes, including CRD changes. Therefore, it is not recommended to upgrade directly from alpha5 to v0.1.0. If there is not too much workload within your cluster, it is recommended that you install 0.1.0 directly on a new cluster.

However, you can still try to upgrade manually. Here are the steps:

1. Update to the new version

# update operator deployment to new version
kubectl edit deploy -n kalm-operator kalm-operator

# change image tag to v0.1.0
image: kalmhq/kalm-operator:v0.1.0

# save and exit

# update operator-config to the new version
kubectl patch kalmoperatorconfigs -n kalm-operator $(kubectl get -n kalm-operator -o jsonpath="{.items[0]}") --type json -p='[{"op": "replace", "path": "/spec/kalmVersion", "value": "v0.1.0"}]'

2. Recreate the deployment key

Due to the refactor of the Kalm authentication system, the underlying permission logic of the Deploy key has been changed. Therefore, there is no suitable way to automatically migrate. All Deploy Keys created before will become invalid, so you need to recreate the deploy token(deploy key was renamed deploy token) with the corresponding permissions in the Kalm dashboard, then modify the value of the token in your CI pipeline.

After all deploy keys have been migrated to deploy tokens, the old deploy keys can be deleted via kubectl delete crd

latest releases: v0.2.0, v-0.0.19-psp-test, v0.1.0-rc.12...
4 months ago