kubernetes-sigs/kro v0.5.0

on GitHub

🔆 Highlights

ApplySets (Server-Side Apply)

• kro now uses ApplySets with Server-Side Apply (SSA) as the default method for managing resources created by instance reconcilers. This is a major architectural improvement that replaces client-side apply and solves several long-standing issues: proper resource pruning, elimination of never-ending reconciliation loops on ConfigMaps and Secrets, and better handling of server-transformed resources. ApplySets provide superior conflict resolution and field ownership tracking, with concurrent operations support for improved performance. (#561, #712). If you see any issues with this feature, do not hesitate to reach out to us!

Enhanced Validation

• Improved error messages for type mismatches in parser. (#698)
• CRD ownership verification to prevent conflicts when multiple ResourceGraphDefinitions try to manage the same CRD. (#562)
• New schema validation markers: pattern, minLength, maxLength, uniqueItems, maxItems, and minItems in SimpleSchema. (#661)

Performance Optimizations

• Concurrent applyset operations: Enabled parallel processing for apply and prune operations using configurable concurrency that defaults to the number of objects in the applyset, speeding up reconciliation for multi-resource instances. (#712)
• Controller optimizations: Watch CRDs as metadata only, use shared HTTP client with cached REST mappings, and RESTMapper optimizations (#725)
• Schema resolver caching: Added TTL/LRU-based caching (5-minute TTL, 500-entry cap) to reduce repeated API calls and client-side throttling. Uses singleflight deduplication to prevent redundant requests when multiple workers fetch the same schema. (#690)

Versioned documentation site

• Added versioned documentation to the kro.run website, allowing users to view docs for specific releases (v0.1.0 through v0.5.0) and navigate between versions. (#717)

⚠️ Breaking Changes

Controller Shutdown Configuration

Changed shutdown timeout flags: --dynamic-controller-default-shutdown-timeout → --graceful-shutdown-timeout (same for env vars). The timeout now applies globally to all controllers instead of just the dynamic controller. Using the v0.5.0 helm chart should help with the migration. (#616)

Leader Election ID

Changed kro leader election Lease name to controller.kro.run. Update monitoring or operational tooling that relies on the previous leader election ID. (#694, #699)

Service Account Impersonation Removed

Removed service account spec and impersonation features as we were uncertain about the feature design and UX. We'll work on a proper design for this capability in the future. (#704)

New Reserved Keywords

Added item, items, self, this, root, and resourceGraphDefinition as reserved keywords. Rename these if used in your ResourceGraphDefinitions. (#691, #705, #734)

✨ Features

• expose leader election namespace in args by @michaelhtm in #664
• feat: add immutable marker by @Soumya-Vaidya in #660
• feat(simpleschema): add support for pattern, minLength, maxLengt, uniqueItems, maxItems and minItems markers by @simonfuhrer in #661
• feat: Create applyset for use by instance reconciler by @barney-s in #561
• fix: improve error messages for type mismatches in parser by @a-hilaly in #698
• !feat: Reserve item and items as keywords for collections by @ellistarn in #705
• feat: add concurrency support in applyset operations by @jakobmoellerdev in #712
• feat: Add TTL/LRU based caching to schema resolver by @a-hilaly in #690
• LSP Setup by @HeeManSu in #612
• Add moar reserved keywords to validation list by @a-hilaly in #734

🐛 Bugfixes

• bug: verify existing ownership of CRD managed by ResourceGraphDefinition to prevent conflict by @a-buck in #562
• fix: various controller optimizations for improved performance by @jakobmoellerdev in #725

📖 Documentation

• fix: update version label from 'latest' to 'main' in docusaurus configuration by @jakobmoellerdev in #719
• docs: add versioned documentation site for v0.1.0 through v0.4.1 by @a-hilaly in #717
• Update(01-Installation.md):latest release version url by @tzahimizrahi in #689
• docs: Update FAQ with instructions for using KRO with ArgoCD by @RafPe in #651
• refactor: update all imports and URLs from github.com/kro-run to kubernetes-sigs by @a-hilaly in #675
• chore: docusaurus bump to 3.9.1, update image paths and dependencies in website by @jakobmoellerdev in #716
• ci: upgrade Node.js from 18 to 20 in docs deployment workflow by @a-hilaly in #718
• Remove out-dated governance page from docs site by @jlbutler in #723
• Remove reference for S3 bucket, not used in this example by @petrokashlikov in #733

Testing

• test(core): RGDs all the way down by @a-hilaly in #264
• Revert "test(core): RGDs all the way down" by @a-hilaly in #701
• chore(tests): properly use SpecContext from Ginkgo by @jakobmoellerdev in #700

🌱 Other

• Update image repository to registry.k8s.io by @a-hilaly in #737
• chore: create scripts to build and push images by @justinsb in #730
• chore: push helm chart alongside image by @justinsb in #731
• chore: dropped ATTRIBUTION.md as part of migration to SIG by @ellistarn in #709
• chore: Hydrate goproxy after each push by @ellistarn in #710
• chore: Tidy up lack of parity on dynamic controller interface by @ellistarn in #706
• fix: Use controllerruntime's namespaced name correctly by @ellistarn in #708
• chore: Make dynamic controller logging object-type agnostic. by @ellistarn in #707
• fix license headers by @barney-s in #647
• Switching to the Kubernetes code of conduct by @bridgetkromhout in #649
• Remove some defaulting fields in deployment spec for tests by @barney-s in #650
• Updates for K8s onboarding by @bridgetkromhout in #665
• project file updates for SIG subproject requirements by @jlbutler in #667
• update owners files to text by @jlbutler in #669
• Update copyright to Kubernetes Authors by @bridgetkromhout in #670
• Add NOTICE file by @bridgetkromhout in #671
• Adding SIG leads by @bridgetkromhout in #672
• Adding required security contact files by @bridgetkromhout in #673
• Update NOTICE by @a-hilaly in #676
• chore: remove GitHub Actions stale bot workflow in favor of Prow by @a-hilaly in #674
• Updating NOTICE to remove people who signed CLA by @bridgetkromhout in #678
• Mv hack under scripts to reduce Top level folders by @barney-s in #682
• chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates by @dependabot[bot] in #677
• Chore: refactor logic out of GHA by @justinsb in #681
• Removing after signing CLA by @bridgetkromhout in #684
• Another CLA signing by @bridgetkromhout in #686
• List the SIG and K8s on the website footer. by @bridgetkromhout in #688
• CLA signed - removing from NOTICE by @bridgetkromhout in #687
• Removing michaelhtm from NOTICE - signed CLA by @bridgetkromhout in #703
• Update NOTICE with removal of completed signed agreement by @Rakhmanov in #728
• chore: bump gcb-docker-gcloud to latest version by @justinsb in #735
• chore: run helm using go run by @justinsb in #736

New Contributors

• @simonfuhrer made their first contribution in #661
• @RafPe made their first contribution in #651
• @a-buck made their first contribution in #562
• @petrokashlikov made their first contribution in #733

Full Changelog: v0.4.1...v0.5.0