The team behind the kcp-operator is happy to announce the availability of version 0.2.0. This brings with it support for kcp 0.28 and a bunch of bugfixes. Every user is encouraged to upgrade to this new release.

Changes since 0.1.0

Features

• #93: Update default kcp version to 0.28.1 (by @xrstf)
• #87: The kcp-operator now deploys an internal front-proxy for each RootShard. This proxy must not be exposed to the internet and is only meant to be used by the kcp-operator itself to provision resources inside workspaces. (by @xrstf)
• #89: Add the ability to configure a custom CA for the OIDC issuer as described in the --oidc-ca-file flag (by @aaronschweig)
• #72: Set up necessary logical-cluster-admin kubeconfigs for additional shards (by @embik)
• #68: Add OIDC configuration support for all components (by @mjudeikis)
• #83: The serving cert for front-proxies now includes the namespaced (serviceName.namespace) fully-qualified (serviceName.namespace.svc.cluster.local) names of the front-proxy Service (by @xrstf)
• #81: Set --service-account-lookup=false on shards and root shards to allow cross-shard ServiceAcount tokens (by @mjudeikis)
• #78: Validation has been added to prevent misconfiguration of FrontProxy authN methods (by @embik)
• #74: Do not set --service-account-key-file on front-proxy to allow individual shards to authenticate tokens (by @embik)

Bugfixes

• #92: Fix etcd TLS configuration breaking shard reconciling (by @xrstf)
• #88: Fix an issue where volumes have not been properly set for authorization webhooks (by @nexus49)
• #75: Fix ServiceAccount resolution & authentication in sharded model (by @mjudeikis)

Misc

• #85: Remove Ginkgo from unit tests, use fakeclient instead of envtest (by @xrstf)