Changes made since: v0.18.1
vCluster.Pro Changes
Embedded Etcd for EKS, K0s & K8s
We previously released embedded etcd for K3s and have now added support for the EKS, K0s and K8s distributions. When enabled, vCluster will start managing an embedded etcd cluster within the syncer container. vCluster will automatically add or remove peers based on new replicas of the statefulset. This makes using HA a lot easier.
For more information, refer to the doc
Centralized Admission Control
The Centralized Admission Control feature allows platform admins to enforce webhook configurations (both validating and mutating) referencing the host cluster or external policy services from within the vCluster.
These configurations will be read-only within the vCluster and can only be set from the vCluster CLI or Helm values upon creation. This provides assurance to platform admins that vCluster admins will not be able to bypass or alter the hooks they set for a vCluster.
For more information, refer to the doc
Other Changes
- Allow node port service for remote vCluster by @FabianKramm
- Added offline license support by @FabianKramm
- Added OSS license report automation by @ThomasK33
- Bumped k8s version by @FabianKramm
- Added Kyverno guide to docs by @facchettos
- Removed enableHA field by @facchettos
- Added migration support for etcd by @facchettos
- Fix remote vCluster kubeconfig creation by @FabianKramm
vCluster OSS Changes
Plugin API v2
We refactored how plugins in vCluster work and moved from a sidecar pattern to an init container pattern, where plugin binaries are copied through an init container into the syncer container.
This allows us to reuse go-plugin, which is one of the most used plugin frameworks out there. This makes logging easier as there is only a single container as well as allows you to directly package the plugin binary into the syncer image if needed.
Besides changing the architecture of plugins we also now allow specifying plugin configuration through a config Helm value:
plugin:
my-plugin:
version: v2
image: ...
config:
my-plugin-config: my-value
other-plugin-config: other-value
This config will be passed to the plugin and can easily be used within the plugin to unmarshal into a config struct. We also got rid of a lot of tech debt with this refactoring and added a new example plugin to sync secrets from the host cluster to the virtual cluster.
For more information about plugins, refer to the doc
Merged K8s Api-Server and Controller-Manager into Syncer
vClusters are now even more streamlined with only 1 Pod instead of 3+ Pods. Similar to how we refactored K3s and K0s in the earlier version, we have now refactored the K8s and EKS distros to copy the api-server and controller-manager binary directly into the syncer container to reduce complexity and to make the different vCluster distributions more similar and streamline certain features, such as metrics-server proxying.
Other Changes
- Added basic comparison matrix for vCluster distro versions by @ishankhare07 in #1411
- Disabled dualstack for k0s by @facchettos in #1413
- Added
connect clustercommand by @ThomasK33 in #1415 - Now writes the config to disk to avoid race condition with secret update by @facchettos in #1418
- Added the cp subcommand by @facchettos in #1423
- Feat: add node port config by @FabianKramm in #1426
- Added initial Generic Sync Example for Traefik by @MarkTurney in #1431
- Added how to eneable-ssl-passthrough so users can avoid leaving the docs by @mpetason in #1441
- Merged k8s api-server, controller-manager, scheduler into syncer container by @facchettos in #1440
- Removed special cases for setup with k8s by @facchettos in #1443
- Added OSS license report action by @ThomasK33 in #1447
- Changed distro detection by @facchettos in #1451
- Added field to specify dedicated loadbalancer annotations by @ThomasK33 in #1450
- Use external package to manage values & fix imports by @FabianKramm in #1452
- Adde plugin v2 by @FabianKramm in #1455
- Adde hint about wildcard support for sync-labels field in docs by @neogopher in #1461
- Added
cli infocommand by @facchettos in #1462 - Added loft crds to scheme by @FabianKramm in #1470
- Added ignore-not-found flag by @mariuskimmina in #1458
- Removed unused
syncer.noargsby @facchettos in #1475 - Improved startup by @FabianKramm in #1479
- Now handles both deprecated
replicasandsyncer.replicasby @facchettos in #1474 - Added embedded etcd in k8s by @facchettos in #1459
- Added volume mount by @facchettos in #1482
- Migrated all replicas to new format by @facchettos in #1485
- Sync endpoint updates for service mappings of headless services by @neogopher in #1481
- Changed the default to not delete the persistent volume claim by @facchettos in #1488
- Removed unused values since the merge into a single container by @facchettos in #1476
- Show vCluster output only in debug by @FabianKramm in #1495
- Changed migrate arguments by @facchettos in #1494
- Renamed kubelet-config to worker-config as it is removed in k0s 1.29 by @facchettos in #1516
- Updated analytics client lib by @facchettos in #1520
- Bumped k3s to 1.29 by @ishankhare07 in #1442
- Bumped k8s dependencies by @FabianKramm in #1471
- Bumped k8s to 1.29 and kind to 1.28 by @ishankhare07 in #1410
- Refactor: add syncer watch on host by @FabianKramm in #1493
- Refactor: enqueue host events by @FabianKramm in #1497
- Refactor: events controller by @FabianKramm in #1510
- Refactor: add isRemote to WriteKubeConfigToSecret by @FabianKramm in #1433
- Refactor: allow extra sans by @FabianKramm in #1434
- Fix: issue where vcluster would fallback to 8.8.8.8 in isolated mode without any way to configure it by @facchettos in #1511
- Fix: show pro vclusters if not logged in by @FabianKramm in #1416
- Fix: increase limits for init containers by @FabianKramm in #1422
- Fix: wrong volumes check by @FabianKramm in #1432
- Fix: metrics server proxying by @FabianKramm in #1480
- Fix: serviceCIDR bug by @facchettos in #1477
- Fix: issue where vcluster would create pvcs even with persistence disabled by @facchettos in #1492
- Fix: failing Conformance test - evicts pods with minTolerationSeconds by @neogopher in #1506
- Fix: issue where emptyDir data volume never gets created regardless of .Values.syncer.storage.persistence value by @Guent4 in #1513
- Fix: Resolved an issue where running applications in vCluster on ARM64 nodes were encountering architecture label mismatches by @yeahdongcn in #1514
New Contributors
- @MarkTurney made their first contribution in #1431
- @mariuskimmina made their first contribution in #1458
- @Guent4 made their first contribution in #1513
- @yeahdongcn made their first contribution in #1514
Full Changelog: v0.18.1...v0.19.0