ENHANCEMENTS:
kubernetes/kubernetes_deployment_v1: Add support forHugePagesinemptyDir.medium[GH-2395]resource/kubernetes_job_v1: add new attributespec.pod_failure_policyto job spec [GH-2394]
NOTES:
- Bump Kubernetes dependencies from x.27.8 to x.28.6. [GH-2404]
BUG FIXES:
resource/kubernetes_cron_job_v1: fix an issue when the provider forces a resource recreation after upgrading to2.25.0and2.25.1due to changes in the resource schema. [GH-2387]resource/kubernetes_cron_job: fix an issue when the provider forces a resource recreation after upgrading to2.25.0and2.25.1due to changes in the resource schema. [GH-2387]resource/kubernetes_daemon_set_v1: fix an issue when the provider forces a resource recreation after upgrading to2.25.0and2.25.1due to changes in the resource schema. [GH-2387]resource/kubernetes_daemonset: fix an issue when the provider forces a resource recreation after upgrading to2.25.0and2.25.1due to changes in the resource schema. [GH-2387]resource/kubernetes_stateful_set_v1: fix an issue when the provider forces a resource recreation after upgrading to2.25.0and2.25.1due to changes in the resource schema. [GH-2387]resource/kubernetes_stateful_set: fix an issue when the provider forces a resource recreation after upgrading to2.25.0and2.25.1due to changes in the resource schema. [GH-2387]
NOTES:
- Resources
kubernetes_cron_job_v1andkubernetes_cron_jobgot a new attributespec.job_template.metadata.namespace. It is a stub attribute that does not affect the namespace in which the Pod will be created. The Pod will be created in the same namespace as the main resource. However, modifying this field will force the resource recreation. [GH-2387] - Resources
kubernetes_stateful_set_v1,kubernetes_stateful_set,kubernetes_daemon_set_v1, andkubernetes_daemonsetgot a new attributespec.template.metadata.namespace. It is a stub attribute that does not affect the namespace in which the Pod will be created. The Pod will be created in the same namespace as the main resource. However, modifying this field will force the resource recreation. [GH-2387]
HOTFIX:
kubernetes_manifest: Implement response for GetMetadata protocol function [GH-2384]
ENHANCEMENTS:
- Add terraform-plugin-framework provider [GH-2347]
data_source/kubernetes_persistent_volume_claim_v1: add a new attributespec.volume_mode. [GH-2353]data_source/kubernetes_persistent_volume_claim: add a new attributespec.volume_mode. [GH-2353]kubernetes/schema_stateful_set_spec.go: Addspec.persistentVolumeClaimRetentionPolicyinkubernetes_stateful_set[GH-2333]resource/kubernetes_persistent_volume_claim_v1: add a new attributespec.volume_mode. [GH-2353]resource/kubernetes_persistent_volume_claim: add a new attributespec.volume_mode. [GH-2353]resource/kubernetes_stateful_set_v1: add a new attributespec.volume_claim_template.spec.volume_mode. [GH-2353]resource/kubernetes_stateful_set: add a new attributespec.volume_claim_template.spec.volume_mode. [GH-2353]
BUG FIXES:
resource/kubernetes_cron_job_v1: Change the schema to include a namespace injobTemplateresource/kubernetes_stateful_set_v1: Change the schema to include a namespace intemplate[GH-2362]resource/kubernetes_ingress_v1: Fix an issue where the emptytlsattribute in the configuration does not generate the corresponding Ingress object without any TLS configuration. [GH-2344]resource/kubernetes_ingress: Fix an issue where the emptytlsattribute in the configuration does not generate the corresponding Ingress object without any TLS configuration. [GH-2344]
NOTES:
- We have updated the logic of data sources and now the provider will return all annotations and labels attached to the object, regardless of the
ignore_annotationsandignore_labelsprovider settings. In addition to that, a list of ignored labels when they are attached tokubernetes_job(_v1)andkubernetes_cron_job(_v1)resources were extended with labelsbatch.kubernetes.io/controller-uidandbatch.kubernetes.io/job-namesince they aim to replacecontroller-uidandjob-namein the future Kubernetes releases. [GH-2345]
A special and warm welcome to the first contribution from our teammate @SarahFrench! 🚀
- @tbobm made their contribution in hashicorp#2348
- @andremarianiello made their contribution in hashicorp#2344
- @adinhodovic made their contribution in hashicorp#2333
- @wonko made their contribution in hashicorp#2362
ENHANCEMENTS:
kubernetes/schema_affinity_spec.go: Add match_fields to nodeAffinity [GH-2296]
kubernetes/schema_pod_spec.go: Add os to podSpecFields [GH-2290]
resource/kubernetes_config_map_v1_data: improve error handling while validating the existence of the target ConfigMap. [GH-2230]
BUG FIXES:
resource/kubernetes_labels: Add ["f:metadata"] check in kubernetes_labels to prevent crash with kubernetes_node_taints [GH-2246]
DOCS:
- Add example module for configuring OIDC authentication on EKS [GH-2287]
- Add example module for configuring OIDC authentication on GKE [GH-2319]
NOTES:
- Bump Go version from 1.20 to 1.21. [GH-2337]
- Bump Kubernetes dependencies from x.25.11 to x.27.8.
FEATURES:
resource/kubernetes_cron_job_v1: add a new volume typeephemeraltospec.job_template.spec.template.spec.volumeto support generic ephemeral volumes. [GH-2199]resource/kubernetes_cron_job: add a new volume typeephemeraltospec.job_template.spec.template.spec.volumeto support generic ephemeral volumes. [GH-2199]resource/kubernetes_daemon_set_v1: add a new volume typeephemeraltospec.template.spec.volumeto support generic ephemeral volumes. [GH-2199]resource/kubernetes_daemonset: add a new volume typeephemeraltospec.template.spec..volumeto support generic ephemeral volumes. [GH-2199]resource/kubernetes_deployment_v1: add a new volume typeephemeraltospec.template.spec.volumeto support generic ephemeral volumes. [GH-2199]resource/kubernetes_deployment: add a new volume typeephemeraltospec.template.spec.volumeto support generic ephemeral volumes. [GH-2199]resource/kubernetes_job_v1: add a new volume typeephemeraltospec.template.spec.volumeto support generic ephemeral volumes. [GH-2199]resource/kubernetes_job: add a new volume typeephemeraltospec.template.spec.volumeto support generic ephemeral volumes. [GH-2199]resource/kubernetes_pod_v1: add a new volume typeephemeraltospec.volumeto support generic ephemeral volumes. [GH-2199]resource/kubernetes_pod: add a new volume typeephemeraltospec.volumeto support generic ephemeral volumes. [GH-2199]
ENHANCEMENTS:
resource/kubernetes_endpoint_slice_v1: make attributeendpoint.conditionoptional. If you had previously included an empty blockcondition {}in your configuration, we request you to remove it. Doing so will prevent receiving continuous "update in-place" messages while performing the plan and apply operations. [GH-2208]resource/kubernetes_pod_v1: add a new attributetarget_stateto specify the Pod phase(s) that indicate whether it was successfully created. [GH-2200]resource/kubernetes_pod: add a new attributetarget_stateto specify the Pod phase(s) that indicate whether it was successfully created. [GH-2200]
BUG FIXES:
resource/kubernetes_manifest: update flow inwaitblock to fix timeout bug within tf apply where the resource is created and appears in Kubernetes but does not appear in TF state file after deadline. The fix would ensure that the resource has been created in the state file while also tainting the resource requiring the user to make the necessary changes in order for their to not be another timeout error. [GH-2163]
DOCS:
- Fix external broken links in the documentation. [GH-2221]
- @JHeilCoveo made their contribution in hashicorp#2183
- @baumandm made their contribution in hashicorp#1026
- @vastep made their contribution in hashicorp#2193
- @rafed made their contribution in hashicorp#2214, hashicorp#2225
FEATURES:
kubernetes/data_source_kubernetes_persistent_volume.go: Add data source for Kubernetes Persistent Volume Resource [GH-2118]kubernetes/resource_kubernetes_namespace.go: Add attributewait_for_default_service_accountto namespaces which will force Terraform to wait until the default service account has been created by Kubernetes on namespace creation. [GH-2119]kubernetes/resource_kubernetes_endpointslice.go: Add kubernetes_endpoint_slice resource [GH-2086]
ENHANCEMENTS:
kubernetes/provider.go: Addtls_server_namekubernetes provider options. [GH-1638]
BUG FIXES:
resource/kubernetes_manifest: fix an issue in thekubernetes_manifestresource when it panics if tuple attributes within an object have a different number of elements. This leads to the situation when all types of end tuples are getting the same type. [GH-2164]resource/kubernetes_manifest: fix an issue with thekubernetes_manifestresource, where an object fails to update correctly when employing wait conditions and thus some attributes are not available for the reference after creation. [GH-2173]
- @SRodi made their contribution in hashicorp#2096
- @kschoche made their contribution in hashicorp#2119
- @sbocinec made their contribution in hashicorp#2138
- @bartoszj made their contribution in hashicorp#1638
- @mpriscella made their contribution in hashicorp#2169
- @axcosta made their contribution in hashicorp#2137
- @thevilledev made their outstanding contribution in hashicorp#2158, hashicorp#2154, hashicorp#2159, hashicorp#2161 🚀
HOTFIX:
- Revert add "conflictsWith" to provider block schema. [GH-2131]
FEATURES:
resource/kubernetes_runtime_class_v1: Add a new resourcekubernetes_runtime_class_v1. [GH-2080]
ENHANCEMENTS:
kubernetes/provider.go: addconflictsWithrules to provider configuration schema [GH-2084]kubernetes/resource_kubernetes_service_account.go: Removedefault_secret_namewarning [GH-2085]resource/kubernetes_node_taintUpdate import documentation GH-2094
BUG FIXES:
resource/kubernetes_node_taint: Don't fail when there is a taint in the state file for a node that no longer exists. [GH-2099]resource/kubernetes_job: Fixed a bug where settingbackoff_limitto 6 would reset it to 0
ENHANCEMENTS:
kubernetes/resource_kubernetes_env.go: add support for initContainers [GH-2067]
kubernetes/resource_kubernetes_node_taint.go: Remove MaxItems from taint attribute [GH-2046]
BUG FIXES:
- Fix diff after import when importing resources containing volume_mount [GH-2061]
resource/kubernetes_node_taint: Fix an issue when updating taint does not update the ID in the state file. [GH-2077]
FEATURES:
New Resource: kubernetes_token_request_v1. [GH-2024]
BUG FIXES:
data_source/kubernetes_secret_v1: Fix an issue where data_source cannot read secret created with generate_name. [GH-2028]data_source/kubernetes_secret: Fix an issue where data_source cannot read secret created with generate_name. [GH-2028]kubernetes/schema_pod_spec.go: Fix unexpected volumes appearing on plan [GH-2006]resource/kubernetes_cron_job_v1: Fix annotation logic to prevent internalkeys from being removed in templates [GH-1983]resource/kubernetes_manifest: Fix a panic when constructing the diagnostic message about incompatible attribute types [GH-2054]resource/kubernetes_manifest: Fix crash when manifest config contains unknown values of unknown type (DynamicPseudoType) [GH-2055]
HOTFIX:
- kubernetes_manifest: fix crash when waiting on conditions that are not yet present [GH-2008]
FEATURES:
- New data source:
data_source/kubernetes_nodes. [GH-1921] - New data source:
data_source/kubernetes_resources. [GH-1967] - New resource:
resource/kubernetes_node_taint. [GH-1921]
ENHANCEMENT:
resource/kubernetes_annotations: Add a new attributetemplate_annotationsthat allows adding annotations to resources with pod templates. [GH-1972]resource/kubernetes_cron_job_v1: Add a new attributespec.timezone. [GH-1971]
BUG FIXES:
resource/kubernetes_mutating_webhook_configuration: Fix an issue when the delete operation may not be idempotent. [GH-1999]resource/kubernetes_network_policy_v1: Fix an issue when the delete operation may not be idempotent. [GH-1999]resource/kubernetes_network_policy: Fix an issue when the delete operation may not be idempotent. [GH-1999]resource/kubernetes_persistent_volume_claim_v1: Fix an issue when the delete operation may not be idempotent. [GH-1999]resource/kubernetes_persistent_volume_claim: Fix an issue when the delete operation may not be idempotent. [GH-1999]resource/kubernetes_storage_class_v1: Fix an issue when changing the value of the attributeallow_volume_expansiondoes not alter Kubernetes resource. [GH-1519]resource/kubernetes_storage_class: Fix an issue when changing the value of the attributeallow_volume_expansiondoes not alter Kubernetes resource. [GH-1519]
DOCS:
- New data source:
data_source/kubernetes_nodes. [GH-1921] - New data source:
data_source/kubernetes_resources. [GH-1967] - New resource:
resource/kubernetes_node_taint. [GH-1921] provider: Add a note regarding theKUBECONFIGenvironment variable. [GH-1989]resource/kubernetes_annotations: Add a new attributetemplate_annotations. [GH-1972]resource/kubernetes_job_v1: Add documentation for the attributespec.completion_mode. [GH-1997]resource/kubernetes_job: Add documentation for the attributespec.completion_mode. [GH-1997]resource/resource_kubernetes_cron_job_v1: Add a new attributespec.timezone. [GH-1971]
- @AnisimoffNikita made their contribution in hashicorp#1519
- @partcyborg made their contribution in hashicorp#1921
ENHANCEMENT:
- Add a new optional attribute
grpctopod.spec.container.liveness_probe,pod.spec.container.readiness_probe, andpod.spec.container.startup_probe. That affects all resources and data sources that use mentionedpod.spec.containerprobes directly or as a template. [GH-1915] resource/kubernetes_cluster_role_binding_v1: add attributegenerate_nameto produce a unique random name [GH-1899]resource/kubernetes_cluster_role_binding: add attributegenerate_nameto produce a unique random name [GH-1899]resource/kubernetes_cluster_role_v1: add attributegenerate_nameto produce a unique random name [GH-1899]resource/kubernetes_cluster_role: add attributegenerate_nameto produce a unique random name [GH-1899]resource/kubernetes_ingress_v1: add create and delete timeouts [GH-1936]resource/kubernetes_ingress_v1: make the attributespec.ingress_class_namecomputed [GH-1947]resource/kubernetes_persistent_volume_v1: add additional validation on the delete operation to make it idempotent [GH-1935]resource/kubernetes_persistent_volume: add additional validation on the delete operation to make it idempotent [GH-1935]resource/kubernetes_role_binding_v1: add attributegenerate_nameto produce a unique random name [GH-1899]resource/kubernetes_role_binding: add attributegenerate_nameto produce a unique random name [GH-1899]
- @AmandaHassoun made their contribution in hashicorp#1944
- @shihai1991 made their contribution in hashicorp#1922
- @Tensho made their contribution in hashicorp#1936
- @multani made their contribution in hashicorp#1899
- @sherifabdlnaby made their contribution in hashicorp#1935
- @dgnemo made their contribution in hashicorp#1915
ENHANCEMENTS:
- Add additional validation on the delete operation to make it idempotent. [GH-1914], [GH-1919], [GH-1898]
This affects the following resources:
kubernetes_api_servicekubernetes_api_service_v1kubernetes_cluster_rolekubernetes_cluster_role_v1kubernetes_cluster_role_bindingkubernetes_cluster_role_binding_v1kubernetes_config_mapkubernetes_config_map_v1kubernetes_daemonsetkubernetes_daemon_set_v1kubernetes_deploymentkubernetes_deployment_v1kubernetes_endpointskubernetes_endpoints_v1kubernetes_horizontal_pod_autoscalerkubernetes_horizontal_pod_autoscaler_v1kubernetes_horizontal_pod_autoscaler_v2beta2kubernetes_horizontal_pod_autoscaler_v2kubernetes_mutating_webhook_configurationkubernetes_mutating_webhook_configuration_v1kubernetes_network_policykubernetes_network_policy_v1kubernetes_persistent_volume_claimkubernetes_persistent_volume_claim_v1kubernetes_podkubernetes_pod_v1kubernetes_pod_disruption_budgetkubernetes_pod_disruption_budget_v1kubernetes_pod_security_policykubernetes_pod_security_policy_v1beta1kubernetes_priority_classkubernetes_replication_controllerkubernetes_resource_quotakubernetes_rolekubernetes_role_bindingkubernetes_secretkubernetes_namespacekubernetes_servicekubernetes_service_accountkubernetes_stateful_setkubernetes_storage_classkubernetes_validating_webhook_configurationkubernetes_validating_webhook_configuration_v1
Special thanks to @sheneska for making these changes as part of her internship @hashicorp! 🚀
FEATURES:
- New data source:
kubernetes_endpoints_v1[GH-1805]
ENHANCEMENT:
- Add a new optional attribute
runtime_class_nametopod.spec. That affects all resources and data sources that usepod.specdirectly or as a template. [GH-1895] - Add a new optional attribute
fs_group_change_policytopod.spec.security_context. That affects all resources and data sources that usepod.specdirectly or as a template. [GH-1892] - The kubernetes status field is now available in the
kubernetes_resourcedatasource [GH-1802] r/kubernetes_pod_v1: changing values ofspec.container.resources.limitsorspec.container.resources.requestswill force resource recreation. [GH-1889]r/kubernetes_pod: changing values ofspec.container.resources.limitsorspec.container.resources.requestswill force resource recreation. [GH-1889]
BUG FIXES:
- Fix an issue when changing values of
spec.container.resources.limitsorspec.container.resources.requestsdoes not update appropriate Kubernetes resources. Affected resources:kubernetes_pod,kubernetes_pod_v1. [GH-1889] - Fix an issue when empty values of
spec.container.resources.limitsorspec.container.resources.requestsproduce continuous diff output duringplanalthough no real changes were made. Affected resources:kubernetes_pod,kubernetes_pod_v1,kubernetes_daemonset,kubernetes_daemon_set_v1,kubernetes_deployment,kubernetes_deployment_v1. [GH-1889] - Fix an issue with timeouts for
StatefulSet,Deployment, andDaemonSetresources when in some cases changes ofUpdateorCreatetimeout doesn't affect related actions. [GH-1902]
DOCS:
resource/kubernetes_service_account_v1: mark attributedefault_secret_nameas deprecated [GH-1883]resource/kubernetes_service_account: mark attributedefault_secret_nameas deprecated [GH-1883]
Thanks to all our contributors! 🎉
- @Dudesons made their contribution in hashicorp#1805
- @St0rmingBr4in made their contribution in hashicorp#1802
- @kylecarbs made their contribution in hashicorp#1895
ENHANCEMENT:
- Add new resource resource_kubernetes_env [GH-1838]
- Add "field_manager" attribute to kubernetes_labels, kubernetes_annotations, kubernetes_config_map_v1_data [GH-1831]
- r/kubernetes_horizontal_pod_autoscaler_v2: make attribute
spec.behavior.scale_downcomputed [GH-1853] - r/kubernetes_horizontal_pod_autoscaler_v2: make attribute
spec.behavior.scale_upcomputed [GH-1853] - r/kubernetes_horizontal_pod_autoscaler_v2: make attribute
spec.behaviorcomputed [GH-1853] - r/kubernetes_horizontal_pod_autoscaler_v2beta2: make attribute
spec.behavior.scale_downcomputed [GH-1853] - r/kubernetes_horizontal_pod_autoscaler_v2beta2: make attribute
spec.behavior.scale_upcomputed [GH-1853] - r/kubernetes_horizontal_pod_autoscaler_v2beta2: make attribute
spec.behaviorcomputed [GH-1853]
ENHANCEMENT:
- Added "preemption_policy" attribute to the priority_class resource. [GH-1846]
- new attribute: Add immutable attribute to resource_config_map [GH-1849]
- resource/kubernetes_secret: Add a new attribute
wait_for_service_account_tokenand correspondingcreatetimeout resource/kubernetes_secret_v1: Add a new attributewait_for_service_account_tokenand correspondingcreatetimeout [GH-1833]
DOCS:
- r/kubernetes_service: make
spec.portblock optional [GH-1856] - r/kubernetes_service_v1: make
spec.portblock optional [GH-1856]
BUG FIXES:
- [TK-78009] Fix propagation of non-fatal Diagnostics in the type morphing logic
BUG FIXES:
- Starting from Kubernetes 1.24.0 service account token is not automatically generated, thus it has to create separately. The following resources were updated to handle this change:
d/kubernetes_service_account,r/kubernetes_default_service_account,r/kubernetes_service_account. For Kubernetes clusters running v1.24+default_secret_namewill be empty. A warning message will be printed once any of the above resources are in use. (#1792)
IMPROVEMENTS:
r/kubernetes_manifest: Better error messages from OpenAPI schema transformations (#1780)- Update documentation and correct some errors (#1768, #1786)
- Update acceptance tests infrastructure code for GKE and AKE and related GitHub Actions
IMPROVEMENTS:
- Update documentation and correct some errors (#1759)
BUG FIXES:
- Fix type morphing of nested tuples that causes
Failed to morpherrors (#1756) - Fix an issue when provider crashes intermittently in version
v2.12.0(#1762)
NEW:
- Attribute
ignore_annotationsofprovider(#746) - Attribute
ignore_labelsofprovider(#746) - Attribute
conditiontowaitblock ofkubernetes_manifest(#1595) - Attribute
allocate_load_balancer_node_portsofkubernetes_service(_v1)(#1683) - Attribute
cluster_ipsofkubernetes_service(_v1)(#1683) - Attribute
internal_traffic_policyofkubernetes_service(_v1)(#1683) - Attribute
load_balancer_classofkubernetes_service(_v1)(#1683) - Attribute
session_affinity_configofkubernetes_service(_v1)(#1683)
IMPROVEMENTS:
- Update documentation and correct some errors (#1706, #1708)
- Fix security scan alerts (#1727, #1730, #1731)
- Attribute
topology_keyofkubernetes_deployment(_v1)marked asRequired(#1736)
BUG FIXES:
- Fix
kubernetes_default_service_accountdoesn't set theautomount_service_account_tokentofalse(#1247) - Fix an issue when the imported
kubernetes_manifestresource is replaced instead of getting updated (#1712) - Fix provider crash when
image_pull_secretofkubernetes_service_account(_v1)isnull
NEW:
- Add a new resource
kubernetes_horizontal_pod_autoscaler_v2(#1674)
IMPROVEMENTS:
- Add
ip_familiesandip_family_policyattributes tokubernetes_service(#1662) - Handle
x-kubernetes-preserve-unknown-fieldstype annotation from OpenAPI: changes to attributes of this type trigger whole resource recreation. (#1646) - Upgrade terraform-plugin-mux to v0.6.0 (#1686)
- Add GitHub action for EKS acceptance tests (#1656)
- Add github action for acceptance tests using kind (#1691)
BUG FIXES:
- Fix conversion of big.Float to float64 in
kubernetes_manifest(#1661) - Fix identification of
int-or-stringtype attributes to include 3rd party types defined by aggregated APIs (#1640) - Fix not handling multiple
cluster_role_selectorsofkubernetes_cluster_role(_v1)(#1360)
NEW:
- Resource
kubernetes_labels(#692) - Resource
kubernetes_annotations(#692) - Resource
kubernetes_config_map_v1_data(#723) - Block
waitwith attributerolloutofkubernetes_manifest(#1549) - Data source and resource attributes
app_protocolofkubernetes_service(#1554) - Attribute
container_resourceof resourcekubernetes_horizontal_pod_autoscaler_v2beta2(#1637)
IMPROVEMENTS:
- Deprecate
wait_forattribute in favor ofwaitblock inkubernetes_manifest(#1549) - Make attribute
ruleoptional ofkubernetes_validating_webhook_configuration(_v1)andkubernetes_mutating_webhook_configuration(_v1)(#1618, #1643) - Update documentation and correct some errors (#1622, #1628, #1657, #1681)
BUG FIXES:
- Fix crash when multiple
match_expressionare used inkubernetes_resource_quota(#1561) - Fix issue when in some circumstances changes of
seLinuxOptions.Typedoesn't reflect in the state file (#1650) - Ignore service account volumes with
kube-api-accessprefix (#1663)
IMPROVEMENTS:
- Add attribute
csito pod spec (#1092) - Add
kubernetes_resourcedata source (#1548) kubernetes_manifestresource force the re-creation of the resource when eitherapiVersionorkindattributes change (#1593)- Make attribute
httpof resourcekubernetes_ingress_v1optional (#1613) - Add a new attribute
seccomp_profileto pod and container spec (#1617) - Add additional check to resource
kubernetes_job_v1when attributeswait_for_completionandttl_seconds_after_finishedare used together (#1619) - Update documentation examples and correct some errors (#1597, #1611, #1612, #1626)
BUG FIXES:
- Fix logic of
wait_for_rolloutattribute ofkubernetes_deployment(#1405) - Fix fail when the provider cannot determine
default_secret_name(#1634)
IMPROVEMENTS:
- Add mutating_webhook_configuration_v1 data source (#1423)
- Remove enabling experiment section (#1564)
- Update kubernetes dependencies (#1574)
- Update terraform-plugin-go and terraform-plugin-sdk (#1551)
BUG FIXES:
- Fix
panic: lists must only contain one type of elementerrors onkubernetes_manifest - Attribute
backend.service.port.nameinkubernetes_ingress_v1should be type String (#1541)
BUG FIXES:
- Fix type-morphing of Map into Map (#1521)
IMPROVEMENTS:
- Add support for storage/v1
- Add support for certificates/v1
- Add support for networking/v1
- Add support for policy/v1
- Add
completion_modeto job spec - Improve performance of
kubernetes_manifestby reducing amount of API calls
BUG FIXES:
- Fix crash when container env block is empty
- Fix invalid allowedHostPaths PodSecurityPolicy patch
- Fix handling of "null" values on fields of
kubernetes_manifest(#1478)
This release introduces version suffixes to the names of resources and datasources. See our documentation page for more details on this convention and the motivation behind it.
BUG FIXES:
- Fix import ID syntax in manifest import docs
- Tolerate unknown values in "env" and "exec" provider attributes
- Remove "beta" designation of the kubernetes_manifest from documentation
IMPROVEMENTS:
- kubernetes_manifest is now GA and enabled by default
BUG FIXES:
- kubernetes_manifest now correctly handles empty blocks as attribute values (#1352)
- kubernetes_manifest now correctly handles multiple CRDs with different number of schema versions (#1460)
IMPROVEMENTS:
- Allow setting kubernetes_job parallelism to zero (#1334)
- Add kubernetes_ingress_class resource (#1236)
- Add immutable field to kubernetes_secret (#1280)
- Add behavior field to horizontal_pod_autoscaler (#1030)
- Add proxy_url attribute to provider configuration block (#1441)
BUG FIXES:
- Always generate standard ObjectMeta for CRD types (#1418)
- Fix importing kubernetes_manifest resources (#1440)
- Fix documentation example for field_manager block (#1410)
- Fix kubernetes_job "No waiting" documentation example (#1383)
- Fix docs formatting for kubernetes_secret (#1434)
IMPROVEMENTS:
- Timeouts block on
kubernetes_manifest kubernetes_manifestsupports setting field_manager name and "force" modekubernetes_manifestchecks that resource exists before trying to createkubernetes_manifestsupports "computed" attributteskubernetes_manifestsupports import operations
BUG FIXES:
- Fix typo in kubernetes_manifest documentation
- Document that kubernetes_manifest must be enabled in the provider block.
- Docs for ingress_class_name in kubernetes_ingress
HOTFIX:
- Fix kubernetes_manifest Terraform version constraint causing error on 0.12/0.13 (#1345)
IMPROVEMENTS:
- Add
kubernetes_manifestresource as experimental feature - Upgrade Terraform SDK to v2.7.0
BUG FIXES:
- Revert "Filter well known labels and annotations" (#1298)
IMPROVEMENTS:
- docs/stateful_set: add import section (#1287)
BUG FIXES:
cluster_ipforkubernetes_serviceshould support valueNone(#1291)- Remove
self_linkfrom metadata (#1294) - Add missing labels to fix "
kubernetes.io/metadata.namealways in plan" (#1293)
BUG FIXES:
- Add missing annotations (#1289)
IMPROVEMENTS:
- Datasource:
kubernetes_secret: addbinary_dataattribute (#1285) - Add validations to
validating_webhook_configuration(#1279) - Add validations to
mutating_webhook_configuration(#1278) - Add validations to
storage_class(#1276) - Add validations to container PodSpec (#1275)
- Add validations to
service(#1273) - Update EKS example to use two applies (#1260)
- Resource
kubernetes_deployment: allow changing strategy fromrollingtorecreate(#1255) - Filter well known labels and annotations (#1253)
- Resource
kubernetes_resource_quota: suppress diff for no-op changes (#1251) - Resource
kubernetes_deployment: allow removing volume mount (#1246)
IMPROVEMENTS:
- Match specific tolerations to prevent diffs (#978)
- Update all go modules (#1240)
- Docs: fix broken links (#1041)
- Docs: fix typo in getting started guide (#1262)
BUG FIXES:
- Fix
kubernetes_cron_jobForceNew when modifyingjob_template(#1212) - Fix error returned by Create CSR (#1206)
- Fix
kubernetes_pod_disruption_budget:100%now is a valid value (#1107) - Fix perpetual diff in persistent volume claimRef (#1227)
IMPROVEMENTS:
- Add
binary_datafield tokubernetes_secret(#1228) - Add support for setting the persistent volume claimRef (#1020)
- Add
secret_namespacetovolume_sourceazure_file(#1204) - Docs: fix grammar in Network Policy (#1210)
- Docs:
kubernetes_cron_jobadd link to Kubernetes reference (#1200)
BUG FIXES:
- Fix resource_field_ref schema for projected_volume (#1189)
- Add diff suppression to persistent_volume and persistent_volume_claim (#1145)
- Remove error for missing kubeconfig, to allow generating it at apply time (#1142)
IMPROVEMENTS:
- Support topologySpreadConstraint in pod spec schema (#1022)
- Wait for kubernetes_ingress to be deleted (#1143)
- Improve docs for configuring the provider (#1132)
- Update docs to reflect Kubernetes service status attribute (#1148)
BUG FIXES:
- Read operation should set resource id to null if not found (#1136)
IMPROVEMENTS:
- Add service timeouts docs (#963)
BUG FIXES:
- Resources state migration should migrate empty array (#1124)
IMPROVEMENTS:
- Update docs to reflect new schema for
load_balancer_ingress(#1123)
BREAKING CHANGES:
- Replace support for
KUBECONFIGenvironment variable withKUBE_CONFIG_PATH(#1052) - Remove
load_config_fileattribute from provider block (#1052) - Remove default of
~/.kube/configforconfig_path(#1052) - Update Terraform SDK to v2 (#1027)
- Restructure service and ingress to match K8s API (#1071)
- Normalize
automount_service_account_tokento be in line with the K8s API (#1054) - Normalize
enable_service_linksto be in line with the K8s API (#1074) - Normalize wait defaults across Deployment, DaemonSet, StatefulSet, Service, Ingress, and Job (#1053)
- Change resources requests and limits to TypeMap (#1065)
FEATURES:
- Add timeout argument to kubernetes_stateful_set (#1047)
- Add divisor to resource_field_ref (#1063)
- Add ingressClassName as field in Ingress manifest (#1057)
BUG FIXES:
- Fix typo in Job error message (#1048)
- Fix assertion in TestAccKubernetesPersistentVolume_hostPath_nodeAffinty (#1067)
- Fix service load balancer crash (#1070)
- Fix
cronJob.ttl_seconds_after_finishedcausing requests to fail even without value specified (#929) - Fix perpetual diff when using Pod resource with
automount_service_account_token=true(#1085) - Fix perpetual diff in StatefulSet when
update_strategyis not specified (#1088) - Fix delete/recreate when updating
init_containers(#951) - Fix delete/recreate of Jobs when updating mutable fields (#1074)
IMPROVEMENTS:
- Add upgrade test for daemonset (#1064)
- Add
kube_config_pathsto provider block (#1052)
FEATURES:
- Add support for readiness_gate on Pod spec (#811)
- Add Azure Managed disk to PV resource (#202)
- Add support for enable_service_links to the pod specification (#975)
BUG FIXES:
- Fix annotation diffs on affinity tests (#993)
- Fix api_group requirement in cluster_role_binding and role_binding (#1024)
- Fix service test leaking ELBs (#947)
- Fix annotation diffs on affinity tests (#993)
- Fix job documentation
- Fix build on macOS (#1045) and windows/386
IMPROVEMENTS:
- Update Go dependencies (#968)
- Update acceptance tests for tfproviderlint (#887)
- Refactor Typhoon test configuration to allow selection of Kubernetes version (#992)
- Update Pull Request Lifecycle docs (#1032)
- CI checks for docs website (registry migration) (#953)
BUG FIXES:
- Fix spurious forced replacement in empty_dir volume (#985)
- Fix reported replica count when waiting for Deployment rollout (#998)
- health_check_port_node should force replacement (#986)
- Don't force replacement StatefulSet / Deployment when affinity rule selectors change (#755)
IMPROVEMENTS:
- Wait for
kubernetes_serviceto be deleted - Updates to CONTRIBUTING.md and PULL_REQUESTS.md
BUG FIXES:
- Fix crash when size_limit is not present on empty_dir volume (#983)
FEATURES:
- Add resource
CertificateSigningRequest(#922) - Add resource
default_service_account(#876)
IMPROVEMENTS:
- Allow in-place update of PVC's storage request (#957)
- Add sysctl support to pod spec (#938)
- Add ability to wait for deployment to delete (#937)
- Add support for
aggregation_ruletocluster_roleresource (#911) - Add
health_check_node_portto Service resource (#908) - Add support for
size_limitforempty_dirblock (#912) - Add support for volume mode (#939)
- Add projected volumes in pod_spec (#907)
- Add termination_message_policy to container schema (#847)
BUG FIXES:
- Recreate Storage Class on VolumeBindingMode update (#757)
- Fix url attribute in admissionregistration client_config.service block (#959)
- Fix crash when deferencing nil pointer in v1beta1.IngressRule (#967)
BUG FIXES:
- Fix crash in
resource_kubernetes_pod_security_policyattributehost_ports(#931)
IMPROVEMENTS:
- Add
wait_for_rollouttokubernetes_deploymentresource (#863) - Add
wait_for_rollouttokubernetes_stateful_setresource (#605)
IMPROVEMENTS:
- Add resource for CSIDriver (#825)
- Add resource for Pod Security Policies (#861)
- Add data source for Pod and PVC (#786)
- Add support for CSI volume type in persistent_volume resource (#817)
- Add Kubernetes Job
wait_for_completionfunctionality (#625) - Support
optionalflag for ConfigMap mounted as volume (#823) - Add specific error message when failing to load provider config (#780)
- Support
optionalon env valueFrom for secret key/configmap key (#824) - Skip tests for CSIDriver if cluster version is less than 1.16
- Allow
ttl_seconds_after_finished = 0inkubernetes_jobresource (#849) - Set service block to
optionalfor webhook configurations (#902)
IMPROVEMENTS:
- Add data source for ingress (#514)
- Add data sources for namespaces (#613)
IMPROVEMENTS:
- Add data source for config map (#76)
- Add data source for service account (#523)
- Add resource for ValidatingWebHookConfiguration and MutatingWebhookConfiguration (#791)
BUG FIXES:
- Update Go module versions to work with Go 1.13
IMPROVEMENTS:
- Bump provider SDK to v1.7.0
BUG FIXES:
- Defer client initialization to improve resilience (#759)
IMPROVEMENTS:
- Add
mount_optionsattribute tokubernetes_persistent_volumeandkubernetes_storage_class - Refactor client config initialization and fix in-cluster config (#679) (#497)
BUG FIXES:
- Do not force base64 encoding for the
ca_bundleonkubernetes_api_service(#679) - Allow 3s age gap between
service accountandsecret(issue) - Add
load_config_file = falseto documented provider configurations - Add support for
startup_probeon container spec - Fix (cluster-)role bindings and rules updates (#713)
- Fix namespacing issues on kubernetes_priority_class (#680) See comment on backward compatibility
- Documentation fixes
FEATURES:
- New resource:
kubernetes_pod_disruption_budget(#644 / PR #338) - New resource:
kubernetes_priority_class(PR #495)
IMPROVEMENTS:
- Add
mount_propagationattribute to container volume mount - Add support for
.spec.service.porttokubernetes_api_service(#665) - Update
k8s.io/client-goto v12 - Set option to cascade delete job resources (#534 / PR #635)
- Support in-cluster configuration with service accounts (PR #497)
- Parametrize all existing timeout values (PR #607)
- Enable HTTP requests/responses tracing in debug mode (PR #630)
BUG FIXES:
- Do not set default namespace for replication controller and deployment pod templates (#275)
- Updated host_alias property name to host_aliases (PR #670)
- Docs - updated all broken and commit-specific Kubernetes links to point to master branch (PR #626)
- Allow 0 for
backoff_limitonkubernetes_job(PR #632)
FEATURES:
- New resource:
kubernetes_api_service(PR #487)
IMPROVEMENTS:
- Add
typeattribute to volume hostPath (#358) - Configurable delete timeout for
kubernetes_namespaceresource
BUG FIXES:
- Allow all values for deployment rolling update config (PR #587)
- Align validation of
role_bindingandcluster_role_bindingnames to Kubernetes rules (PR #583)
FEATURES:
- Add support for tolerations to Pod and Pod template (PR #448).
IMPROVEMENTS:
- Update getting started guide to Terraform 0.12 syntax (PR #544).
BUG FIXES:
- Align validation rules for names of Role and ClusterRole to Kubernetes (PR #551).
- Allow non-negative replicas in kubernetes_stateful_set (PR #527).
- Fix 'working_dir' attribute on Pod containers (PR #539).
FEATURES:
- New resources:
kubernetes_jobandkubernetes_cron_job
IMPROVEMENTS:
- Add
automount_service_account_tokenattribute to the Pod spec (PR #261) - Add
share_process_namespaceattribute to the Pod spec (PR #516) - Update Terraform SDK to v0.12.3
- Enable Renovate to keep package dependencies up to date.
BUG FIXES:
- Fix waiting for Deployments to finish (PR #502)
- Adapt examples to Terraform 0.12 syntax
- Documentation updates and fixes
FEATURES:
- Add support of client-go credential plugins in auth (#396)
- Add kubernetes_ingress resource (closes #14) (#417)
IMPROVEMENTS:
- Add
affinity(Pod affinity rules) attribute to Pod and PodTemplate spec - Add support for
binary_datato kubernetes_config_map (#400) - Add
run_as_groupto container security context attribute (#414) - Add
localattributepersistent_volume_sourcedocs - Add
external_traffic_policytokubernetes_service - Allow
max_unavailableandmax_surgeto be 0 onkubernetes_deployment
BUG FIXES:
- Fix docs typo:
kubernetes_servicetakestarget_portnottargetPort(#409) - Fix links to timeouts documentation for terraform 0.12+ (#406)
- Link Endpoints resource into sidebar (#431)
- Add doc examples for container health probes.
- Don’t prevent use of kubernetes.io annotation keys
BUG FIXES:
- Fix to release metadata to register the provider as compatible with Terraform 0.12.
IMPROVEMENTS:
- Updated the Terraform SDK to support the upcoming Terraform version 0.12.
UPGRADE NOTES:
- On volume source blocks, the
modeanddefault_modeattributes are now of type string and will produce a diff on the first run with state coming from Terraform 0.11.x and lower. Also,default_modenow defaults to 0644 when not set, in accordance with Kubernetes API docs. This will also produce a diff when applied against state from Terraform 0.11.x and lower (where it was implicitly 0). Subsequent applies should behave as expected.
FEATURES:
- New resource:
kubernetes_endpoints(#167)
IMPROVEMENTS:
- Add support for importing
kubernetes_service_accountresources. - Add validation for
strategyattribute onkubernetes_daemonsetandkubernetes_deployment - Add
allow_volume_expansionattribute tokubernetes_storage_classresource. - Add
host_aliasesattribute to Pod spec and Pod templates. - Add support for
dns_configattribute on Pods and Pod templates. - Mark
node_affinityattribute on PV as Computed to support server populated values. - Wait for PVs to finish deleting.
- Documentation now mentions acceptance of beta Kubernetes resources.
BUG FIXES:
- Fix detection of default token secret (#349)
- Fix unexpected diffs on
kubernetes_network_policywhennamespace_selectoris empty (#310) - Fix crashes on empty node_affinity / node_selector_term / match_expressions (#394)
- Make entire Pod template updatable (#384)
BUG FIXES:
- Fix
api_groupattribute attribute of RBAC subjects. (#331)
FEATURES:
- New resources: DaemonSet and ClusterRole (#229)
IMPROVEMENTS:
- Add test infrastructure for AKS and EKS (#291)
- Add
publish_not_ready_addressestokubernetes_service(#306) - Populate
default_secretfor Service Account when multiple secrets are present (#281)
BUG FIXES:
- Declare
envargument type correctly in Pod config (#304) - Fix service datasource after #306 broke it (#313)
- Fix docs correcting
automount_service_account_tokenlocation for Service Acount (#278) - Fix docs typo (#279)
FEATURES:
- New Resource:
kubernetes_network_policy(#118) - New Resource:
kubernetes_role - New Resource:
kubernetes_role_binding - New Datasource:
kubernetes_secret datasource(#241)
IMPROVEMENTS:
resource/kubernetes_deployment,resource/kubernetes_pod,resource/kubernetes_replication_controller,resource/kubernetes_stateful_set: Addallow_privilege_escalationto container security contexts attributes (#249)- Add pod metadata to replication controller spec template (#193)
- Add support for
volume_binding_modeattribute inkubernetes_storage_class - Add
node_affinityattribute to persistent volumes. - Add support for
localtype persistent volumes. - Upgrade to Go 1.11 + Go modules
BUG FIXES:
resource/kubernetes_stateful_set: Fix updates of stateful set images (#252)
FEATURES:
- New Resource:
kubernetes_stateful_set(#100)
IMPROVEMENTS:
resource/kubernetes_storage_class: Add ReclaimPolicy attributeresource/kubernetes_service_account: Allow automount service account token
BUG FIXES:
- Fix waiting for Deployment rollout status (#210)
FEATURES:
IMPROVEMENTS:
- Update Kubernetes client library to 1.10 (#162)
- Add support for
env_fromon container definitions (#82)
IMPROVEMENTS:
- resource/kubernetes_pod: Add timeout to pod resource create and delete (#151)
- resource/kubernetes_pod: Add support for init containers (#156)
BUG FIXES:
- name label: All name labels will now allow DNS1123 subdomain format ex:
my.label123(#152) - resource/kubernetes_service: Switch targetPort to string (#154)
- data/kubernetes_service: Switch targetPort to string (#159)
- resource/kubernetes_pod: env var value change forces new pod (#155)
- Fix example in docs for an image pull secret (#165)
NOTES:
- provider: Client library updated to support Kubernetes
1.7
IMPROVEMENTS:
- resource/kubernetes_persistent_volume_claim: Improve event log polling for warnings (#125)
- resource/kubernetes_persistent_volume: Add support for
storage_class_name(#111)
BUG FIXES:
- resource/kubernetes_secret: Prevent binary data corruption (#103)
- resource/kubernetes_persistent_volume: Update
persistent_volume_reclaim_policycorrectly (#111) - resource/kubernetes_service: Update external_ips correctly on K8S 1.8+ (#127)
- resource/kubernetes_*: Fix adding labels/annotations to resources when those were empty (#116)
- resource/kubernetes_*: Treat non-string label values as invalid (#135)
- resource/kubernetes_config_map: Fix adding
datawhen it was empty (#116) - resource/kubernetes_secret: Fix adding
datawhen it was empty (#116) - resource/kubernetes_limit_range: Avoid spurious diff when spec is empty (#132)
- resource/kubernetes_persistent_volume: Use correct operation when updating
persistent_volume_source(1.8) (#133) - resource/kubernetes_persistent_volume: Mark persistent_volume_source as ForceNew on
1.9+(#139) - resource/kubernetes_pod: Bump deletion timeout to 5 mins (#136)
BUG FIXES:
- resource/pod: Avoid crash in reading
spec.container.security_contextcapability(#53) - resource/replication_controller: Avoid crash in reading
template.container.security_contextcapability(#53) - resource/service: Make spec.port.target_port optional (#69)
- resource/pod: Fix
modeconversion inconfig_mapvolume items (#83) - resource/replication_controller: Fix
modeconversion inconfig_mapvolume items (#83)
IMPROVEMENTS:
- resource/kubernetes_pod: Add support for
default_mode,itemsandoptionalin Secret Volume (#44) - resource/kubernetes_replication_controller: Add support for
default_mode,itemsandoptionalin Secret Volume (#44)
BUG FIXES:
- resource/kubernetes_pod: Respect previously ignored
node_selectorsfield (#42) - resource/kubernetes_pod: Represent update-ability of spec correctly (#49)
- resource/kubernetes_replication_controller: Respect previously ignored
node_selectorsfield (#42) - all namespaced resources: Avoid crash when importing invalid ID (#46)
- meta: Treat internal k8s annotations as invalid #50
FEATURES:
- New Resource:
kubernetes_storage_class(#22) - New Data Source:
kubernetes_service(#23) - New Data Source:
kubernetes_storage_class(#33)
IMPROVEMENTS:
- provider: Add support of token in auth (#35)
- provider: Add switch to disable loading file config (
load_config_file) (#36)
BUG FIXES:
- resource/kubernetes_service: Make port field optional (#27)
- all resources: Escape '/' in JSON Patch path correctly (#40)
FEATURES:
IMPROVEMENTS:
- resource/kubernetes_service: Wait for LoadBalancer ingress (#12)
- resource/persistent_volume_claim: Expose last warnings from the eventlog (#16)
- resource/pod: Expose last warnings from the eventlog (#16)
- resource/service: Expose last warnings from the eventlog (#16)
BUG FIXES:
- Register auth plugins (gcp, oidc) automatically (#6)
- resource/pod: Fix a crash caused by wrong field name (config map volume source) (#19)
- resource/pod: Add validation for
default_mode(mode bits) (#19)
FEATURES:
- New Resource:
kubernetes_pod[#13571](hashicorp/terraform#13571)