Releases: admiraltyio/admiralty
v0.17.0
This release makes Admiralty compatible with Kueue, without needing MultiKueue, and fixes logs/exec on EKS. We welcome 3 new contributors.
Kubernetes Features Support
Admiralty aims to transparently support most Kubernetes features. We are aware of some unsupported ones, and sometimes discover some more. Each release fills some of the gaps.
- b704bb7 node resource (e.g., GPU) scaling from zero, thanks @marwanad
- b856e0c candidate pod scheduling gates, esp. for compatibility with Kueue, thanks @marwanad
- 6882784 custom CSR signer name, esp. for logs/exec on EKS, thanks @rdvencioneck
- 30c40d2 delegate pod ephemeral containers (don't report status to proxy pod), thanks @liggitt
New Admiralty Features
Breaking Changes
Internals
v0.16.0
This release adds support for Kubernetes 1.27 and 1.28, and drops support for 1.23 and older.
Among the various new features and bug fixes, we'd like to call out several improvements around cross-cluster garbage collection.
We also welcome 4 new contributors.
New Features
- 3081591 add support for k8s 1.27 and 1.28
- 0730b87 add support for webhook reinvocation policy in chart, thanks @kirillmakhonin-brt
- 408855e label virtual nodes with
node.kubernetes.io/exclude-from-external-load-balancers
in addition to the deprecatedalpha.service-controller.kubernetes.io/exclude-balancer
, thanks @bcarlock-emerge - fa81d34 support different default priority in target cluster
- 01688ea delete proxy pod when pod chaperon is deleted
- 7116f41 recreate delegate pod if pod chaperon not deleted after a minute (if cluster connection lost)
- 7116f41 webhook readiness, for high availability
Bugfixes
- a2e557e fix cross-cluster garbage collection after parent deletion
- ccc3899 fix use-constraints-from-spec-for-proxy-pod-scheduling when webhook is reinvocated
Breaking Changes
- 3081591 drop support for k8s 1.23 and older
Internals
- distribute container images and Helm chart (as OCI artifact) on ECR public registry
- fixed flaky e2e tests
- per-k8s-version e2e test failure cluster dump
- bumping dependencies with dependabot, thanks @Rajpratik71
- speed up GH Actions by not installing Docker because it's already installed
- migrating away from deprecated functions in the
wait
package, thanks @Parthiba-Hazra
v0.16.0-alpha.0
Release notes to be compiled for v0.16.0.
v0.15.1
v0.15.0
This release mainly adds support for Kubernetes 1.22+ (and OpenShift 4.9+), while dropping support for 1.20-.
New Features
- bbbf347 add support for Kubernetes 1.22 and newer
- b5d8d8e (@hfwen0502, thanks!) RBAC for OpenShift, or any distribution with the OwnerReferencesPermissionEnforcement admission controller enabled
Bugfixes
- e30ba9f fix recreate delegate pod when deleted
- e23bf9b fix retry without candidate scheduler
- e97a695 fix "more than one candidate" error with self targets in multiple namespaces, and, in general, for targets using identities authorized (sometimes by mistake) in multiple namespaces
- d7d5aca fix finalizer length limit overflow for long namespace/target names
Breaking Changes
- bbbf347 drop support for Kubernetes 1.20 and older
v0.15.0-alpha.0
This release mainly adds support for newer Kubernetes versions, while dropping support for older versions.
It supports Kubernetes 1.21 through 1.23. Previous releases supported Kubernetes 1.17 through 1.21.
New Features
- bbbf347 add support for Kubernetes 1.22 and 1.23 (and likely future versions, until something breaks)
Bugfixes
- d7d5aca fix finalizer length limit overflow for long namespace/target names
Breaking Changes
- bbbf347 drop support for Kubernetes 1.20 and older
v0.14.1
Bugfixes
- 88f12af start VK server asynchronously and time out if CSR is not signed after 30s, instead of blocking before controllers could start: fixes Admiralty on EKS 1.19+, but with remote logs/exec disabled, until we upgrade dependencies to use certificates.k8s.io/v1, cf. #120
- 9af2bab add resource quota in release namespace for system-cluster-critical priority class: 0.14.0 added
priorityClassName: system-cluster-critical
to Admiralty pods to control evictions, but GKE and possibly other distributions limit its consumption by default outside the kube-system namespace; a ResourceQuota fixes that (#124)
v0.14.0
New Features
Bugfixes
- 28ba9d2 by refactoring cross-cluster controllers from fan-out to 1-on-1, if a target is unavailable at startup, it
no longer breaks other targets while the corresponding controller is waiting for the target cache to sync (fixed #106) - 28c126f and e99ecee allow excluding labels from aggregation on virtual nodes, especially useful on AKS to exclude
^kubernetes\.azure\.com/cluster=
, so kube-proxy and azure-ip-masq-agent DaemonSet don't create pods for Admiralty
virtual nodes (the manifest of those DaemonSets is reconciled by the add-on manager so adding a node anti-affinity
wasn't an option) (fixed #114)
Internals
- 9fbada6 e2e tests for k8s versions 1.17 through 1.21 in CI; we don't support 1.22 yet, still working on its long
list of dropped API versions: https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-22