You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[DEVELOPER][BREAKING] The behavior of the library in lib/clusteraccess has changed slightly: Before, the Reconcile method would wait for some other controller to create the namespace and requeue the reconciliation until it existed. Now, it will instead create the namespace itself.
[DEVELOPER][FEATURE] The lib/clusteraccess/advanced package now contains a highly flexible library for generating access to clusters during a controller's reconciliation loop. See the documentation for further information.
[USER][BUGFIX] Fixed a bug that caused an MCPv2 to not be requeued for reconciliation despite not being Ready yet, causing it to be stuck in Progressing until a reconciliation was triggered externally.
allow the user to specify its own template input data #88
[USER][FEATURE] The bootsrapper configuration now has an additional field called templateInput which can hold arbitrary data that is passed to the template during command Β΄managed-deployment-repo`.
wait with cluster deletion until foreign finalizers are removed #132
[USER][FEATURE] The ClusterProvider Gardener will not trigger the shoot deletion anymore if the Cluster contains other finalizers than its own one. This allows other controllers with finalizers on the Cluster - likely because they deployed something on the cluster - to cleanup first before the cluster is deleted, thereby potentially preventing leaked/orphaned resources.
[USER][FEATURE] For subjects with kind Group or User in an AccessRequest's spec. oidc.roleBindings[*].subjects entry, it is now possible to prefix the name with ::. This will cause the ClusterProvider to just remove this prefix instead of applying the oidc provider name when creating (Cluster)RoleBindings out of this configuration. By using this method, it is now possible to bind to k8s-predefined Groups such as system:authenticated by specifying ::system:authenticated as subject name, for example.
[USER][BREAKING] The secrets created for AccessRequest resources are now named <access-request-name>.kubeconfig. Before, they were just named like the owning AccessRequest itself. Existing secrets with the old name will continue to exist until the AccessRequest is removed, but they will not be updated anymore.
[OPERATOR][BREAKING] The structure of the DNSServiceConfig CRD changed slightly: spec.secretsToCopy was an array before, now it is a struct with the toPlatformCluster and toTargetCluster fields that contain the array which was on the top-level field before.
[OPERATOR][BUGFIX] Fixed some bugs related to the validation of the DNSServiceConfig CRD.
[OPERATOR][BUGFIX] Fixed a bug where the HelmRelease manifest was generated incorrectly if a helm chart in an OCI registry was referenced.
[OPERATOR][FEATURE] In addition to copying secrets from the provider namespace (on the platform cluster) into the cluster namespace (also on the platform cluster), it is now also possible to copy secrets into the namespace on the target cluster where the external-dns helm chart is deployed into.
