github kubernetes-retired/multi-tenancy hnc-v0.5.1
HNC v0.5.1
on GitHub

latest releases: hnc-v0.8.0, hnc-v0.8.0-rc1, hnc-v0.7.1-test1...
4 years ago

HNC v0.5.1 includes several usability simplifications for subnamespaces relative to HNC v0.4, and maintains full backwards compatibility with the v1alpha1 API.

To install this release on your cluster, run the following commands: 

HNC_VERSION=v0.5.1
kubectl apply -f https://github.com/kubernetes-sigs/multi-tenancy/releases/download/hnc-${HNC_VERSION}/hnc-manager.yaml

To install the kubectl plugin on your workstation, switch to any directory in your PATH (e.g. ~/bin) and run the following commands: 

HNC_VERSION=v0.5.1
curl -L https://github.com/kubernetes-sigs/multi-tenancy/releases/download/hnc-${HNC_VERSION}/kubectl-hns -o ./kubectl-hns
chmod +x ./kubectl-hns

# Ensure the plugin is working
kubectl hns
# The help text should be displayed

For more instructions, see the user guide.

Changelog

A complete list of changes since HNC v0.4 is available here.

Since HNC v0.5.0

This release fixes the following bugs:

  • HNC does not prevent propagated objects from being deleted (#845)

Since HNC v0.4

Key new/changed features in this release include:

  • You can delete a leaf subnamespace by deleting its anchor without first setting allowCascadingDelete. That is, you're allowed to delete any namespace or subnamespace as long as this will not trigger the deletion of any other subnamespaces (#716).
  • The behaviour of allowCascadingDelete has been simplified - it now takes effect if any ancestor has it set (#730).
  • HNC startup time has been reduced from >90s to ~15s when it is first installed (#765)
  • All finalizers are removed from HNC resources if the CRDs are deleted, making uninstallation easier (#824).

In addition, the following known issues from HNC v0.4 were fixed in this release:

  • If you managed to create a subnamespace anchor to an existing namespace (by bypassing the webhook, or due to an extremely unlucky race condition), and if that subnamespace had allowCascadingDelete set (which is not the default), then you could delete that namespace. In HNC v0.5, deleting a conflicting anchor does not affect the subnamespace (#797).
  • The object validators were set up correctly and did not respond to changes in HNCConfiguration. That is, if you overwrote or deleted an object managed by HNC, it would appear to succeed, but HNC would immediately overwrite it. In HNC v0.5, attempting to modify a propagated object will result in a validation error (#761).

Known issues

These issues are being (or have been) fixed in a future release of HNC, but are considered to be sufficiently rare or low-impact that we are not currently planning on backporting them to HNC v0.5. Please contact aludwin@google.com if you are affected by these changes and require a backport.

  • If a RoleBinding is quickly deleted and recreated with a new Role, HNC may fail to update it (#798)

Testing signoff

Target Tests Description
GKE 1.17 (rapid channel) go test ./test/... on master branch since tests aren't available in 0.5 branch yet All passed except for a flake (#950). Retried by hand and it passed.
GKE 1.16 (regular channel) " All passed
GKE 1.14 " All passed except for tests for #716 as expected (K8s 1.14 doesn't support webhooks to stop deletion)
Check out latest releases or
releases around kubernetes-retired/multi-tenancy hnc-v0.5.1

Don't miss a new multi-tenancy release

NewReleases is sending notifications on new releases.

Get notifications