Releases: utilitywarehouse/kube-applier
2.3.9
2.3.8
- Adds a new annotation,
kube-applier.io/prune-whitelist, which can overwrite the default list of pruned resources (2ed0880) - Fixes a bug where
:in kubectl output wasn't being parsed correctly (6ca40c3) - Fixes an issue where kustomize zombie processes were left for every run of every namespace (4233bc9)
- Tweaks the logging when waiting for the source directory to exist (0f73c5e)
2.3.7
2.3.6
2.3.5
- fix kustomize manifests version
2.3.4
- kubectl 1.15.3
2.3.3
remove v from versions
2.3.2
- git-sync 3.1.2
v2.3.1
- support for ssh cloning for remote bases in kustomize
- fix the bug there keep spawning zombie ssh procs
v2.3.0
Release notes for v2.3.0
Configuration moved from labels to annotations
The annotation name is now static. New supported annotations for the
Namespace are:
kube-applier.io/enabled: 'true'
kube-applier.io/dry-run: 'false'
kube-applier.io/prune: 'true'
Delegate accounts removed
Previously one of the ways to authorise kube-applier to managed namespaces was
to create a new ServiceAccount for every Namespace managed by the instance of
kube-applier. You then bound the SA that kube-applier runs with to allow "get
Secrets" of these delegate SAs to "assume them" and local namespaces SAs would
have "local admin" permissons.
Thats confusing and not needed for "kube-applier per team" model. Now you have
a single ServiceAccount thats bound to the kube-applier instance. And for every
managed namespace, you have a RoleBinging with subject being this SA and Role
being a namespace admin. Example:
https://github.com/utilitywarehouse/kube-applier/blob/master/manifests/example/rbac.yaml
Full run filter and interval
kube-applier now only does a run when there is a new commit in one of the
watched directories. Previously it would kick off an apply run for any
commit to the repository.
Full run interval duration defualt is now 1 hour. New commits are still being
watched every 5s, but manual changes will now only be cleaned up every 1h.