github kubernetes-retired/multi-tenancy hnc-v0.8.0-rc1
HNC v0.8.0 RC1

latest release: hnc-v0.8.0
pre-release3 years ago

HNC v0.8.0 fixes some minor issues with Exceptions, improves the stability of your cluster by protecting critical system namespaces, and adds support for the latest versions of Kubernetes.

Installing

WARNING: if your cluster already has HNC installed, please ensure you are using HNC v0.7.0 or later.

You can install or upgrade HNC on your cluster using the following commands (admin privileges required):

# Select the latest version of HNC
HNC_VERSION=v0.8.0-rc1

# Forbid HNC from modifying system namespaces
kubectl label ns kube-system hnc.x-k8s.io/excluded-namespace=true --overwrite
kubectl label ns kube-public hnc.x-k8s.io/excluded-namespace=true --overwrite
kubectl label ns kube-node-lease hnc.x-k8s.io/excluded-namespace=true --overwrite

# Install HNC. Afterwards, wait up to 30s for HNC to refresh the certificates on its webhooks.
kubectl apply -f https://github.com/kubernetes-sigs/multi-tenancy/releases/download/hnc-${HNC_VERSION}/hnc-manager.yaml 

To install the kubectl plugin on your workstation, either use Krew or install manually:

  • Via Krew (NOT APPLICABLE FOR RELEASE CANDIDATES): Install Krew if you don't have it already, then run the command kubectl krew install hns.

  • Manually: Switch to any directory in your PATH (e.g. ~/bin) and run the following commands:

    HNC_VERSION=v0.8.0-rc1
    HNC_PLATFORM=linux_amd64 # also supported: darwin_amd64
    curl -L https://github.com/kubernetes-sigs/multi-tenancy/releases/download/hnc-${HNC_VERSION}/kubectl-hns_${HNC_PLATFORM} -o ./kubectl-hns
    chmod +x ./kubectl-hns
    
    # Ensure the plugin is working
    kubectl hns
    # The help text should be displayed
    

For more instructions, see the user guide.

Known issues

  • Tree labels can be briefly modified before HNC resets them (#1494)
  • Annotations can be added to propagated objects (#1500)

Changelog

Since HNC v0.7

  • Exceptions were not correctly reapplied if the labels were changed on a namespace (#1448)
  • Updated all dependencies to use v1 CRD and v1 webhooks to support newer version of Kubernetes (#1270, #1371)
  • Exclude HNC from critical system namespaces (#1023)
  • Built-in admin clusterrole now includes permissions to modify all HNC objects, including subnamespace anchors and hierarchy configs (#1341)
  • HNC can now propagate cluster-admin rolebindings in namespaces (#1311)

See full list of changes

Testing signoff

Target Tests By When Result
KIND 1.20 make test-e2e @adrianludwin apr 29 passed
GKE 1.19 (rapid channel) " @adrianludwin apr 29 passed
GKE 1.18 (regular channel) " @adrianludwin apr 29 passed
GKE 1.17 (stable channel) " @adrianludwin apr 29 passed
GKE 1.19 (rapid channel) Upgrade from v0.7.0 @adrianludwin apr 29 subns creation worked before and after; verified admin cluster role includes HNC permissions

Don't miss a new multi-tenancy release

NewReleases is sending notifications on new releases.