v0.4.0-rc.1

Changelog

Thanks to all the contributors!

Full Changelog: ...v0.4.0-rc.1

Docker Images

• ghcr.io/projectcapsule/capsule:v0.4.0-rc.1
• ghcr.io/projectcapsule/capsule:latest

v0.3.3

Hotfixes

• Go version update to 1.19.10 #779 @prometherion @meetdpv
• Unable to create PVC for pre-provisioned PV #783 @MaxFedotov
• Dropping ownerReference for {Global}TenantResource namespacedItems #781 @MaxFedotov

v0.3.2

Enhancements

• Updating kubernetes-sigs/[email protected] #766 @prometherion
• Updating support to Kubernetes 1.27 #762 @prometherion
• Updating to Ginkgo v2 #765 @prometherion

Hotfixes

• Go 1.19 upgrade for security reasons #759 @slimm609
• Missing ConversionReviewVersions in updateTenantCustomResourceDefinition function #752 @MaxFedotov

v0.3.1

Docker images are hosted on docker.io and can be pulled with the following command:

docker pull clastix/capsule:v0.3.1

Helm chart tested with the following version is v0.4.1, remember to update your Helm Charts locally.

helm repo add clastix https://clastix.github.io/charts
helm repo update

Enhancements

• Prevent replicated resources by TenantResource to get deleted by the Tenant Owner #732 @prometherion

Hotfixes

• CRD URLs in the upgrade guide are invalid #730 @jwilkicki @prometherion
• Webhook cannot mutate Pods generated from Deployment with Rancher #741 @maxgio92 @prometherion
• Unable to patch the namespace not managed by Capsule #733 @sagar-jadhav

v0.3.0

⚠️ This is a Capsule minor release that requires a manual patch of the CRDs introduced with 9f184d7. No new API types have been introduced.

Hotfixes

• Add PersistentVolumes kind as a new ProxyServiceKind enum #706 @prometherion
• Rancher integration for the cattle-cluster agent #716 @maxgio92 @prometherion
• Template support in rawItems for (Global) Tenant resources #688 @h4wkmoon @prometherion

Dependencies

• golang.org/x/net #714
• github.com/emicklei/go-restful #700

Enhancements

• Configurable webhook port #715 @meetdpv @aslafy-z @prometherion
• Enhancing local development #705 @zvlb

v0.2.2

This is a Capsule patch release, addressing the following bug(s).

Dependencies

• CVE-2022-1996 #710 by @JacekLakis-TomTom @prometherion

v0.2.1

This is a Capsule patch release, addressing the following bug(s).

Hotfixes

• No update is possible when resources are replicated using GlobalTenantResource #687
• Tenant status conversion between v1beta1 and v1beta2 is broken #691

Thanks

Thanks to @h4wkmoon and @aslafy-z for spotting the bugs! 🙌🏻

v0.2.0

Enhancements

• Replicating resources across Tenant Namespaces using GlobalTenantResource and TenantResource APIs (#525 #222 #416)
• Support for labelling of Namespace by Tenant owners in v1beta2 API version (#431)
• Tenant v1beta2 API version (#426 #436 #633 #610)
• Support up to Kubernetes 1.26 (#665)
• Labelling PV and avoiding cross-tenant mount (#682)

Hotfix

• Tenant owner is unable to label namespaces (#663)
• Enforcing container registry also upon Pod update (#674)
• Wrong LimitRange reference in the documentation (#630)

Breaking changes

• Deprecation of Tenant API version v1alpha1 (#657)

Thanks

This awesome release has been made possible thanks to @oliverbaehler, @MaxFedotov, @bsctl, @YvosOnTheHub, @smileisak. Capsule v0.2.0 is implementing terrific new features and this is possible to you all, by opening issues, feature requests, bugs, and using it for your projects!

Per Aspera, ad Astra! 🚀

v0.1.3

🚨 This is a critical release as a patch for the CVE-2022-46167.

Enhancements

• Include gosec in CI pipeline #621 (@alegrey91)
• Added makefile command to autogen CRDs documentation #629 (@mastrogiovanni)
• Chart Linting (Dry Install) / Github Config #635 (@oliverbaehler)
• Update documentation on integration with Flux v2 #636 (@maxgio92)
• Clarify ServiceAccount as Tenant Owner documentation #645 (@lalyos)
• Improve local development experience #650 (@oliverbaehler)
• Typo in the Velero guide #661 (@prometherion)

Fix

• Privilege escalation by ServiceAccount deployed in a Tenant Namespace - 75525ac
• Service controller doesn't skip sentinel error #653 (@prometherion)

v0.1.2

v0.1.2 (2022-07-26)

Docker images are hosted on docker.io and can be pulled with the following command:

docker pull clastix/capsule:v0.1.2

Enhancements

• Integration and support with cert-manager (#613, #554)
• Integration with FluxCD (#528, requires capsule-proxy v0.3.0)
• Support with GCP IAM (#583)
• Enhanced Helm Chart documentation and generation (#592)
• Support for Kubernetes 1.24 (#590)
• Granting PATCH rights to Tenant Owners (#582)
• Annotation preventing accidental Tenant deletion (#563)
• Upgrade to Go 1.18 (#543)
• Dynamic cluster roles to Tenant owner (#524)
• Tolerations for pre and post job hooks used by Helm (#538)

Hotfixes

• Tenant owners can edit Namespace labels or annotations although these are forbidden (#617)
• Wrong Helm examples (#589)
• Test fixes (#586)
• Unrequired PATCH verb for deleter cluster-role (#587)
• Removing unused struct memebers (#556)
• Ensuring limit error upon Custom Resource Definitions Tenant quota (#564)
• Idempotent Helm upgrade for the generated CA (#546)
• Wrong CA name referenced in Helm charts (#521)
• Validation of forbidden regex patterns (#510)
• Sanitizing name for CRD Tenant quota (#510)
• Installation on AWS EKS (#500)

What's next?

Capsule is going to consolidate APIs with a new version, both for Tenant and CapsuleConfiguration resources.

Thanks

As usual, the community around Capsule is growing, many kudos to all the people using it and contributing with feature requests, bug reports, or by using it!

To the maintainers that contributed to this release, @slushysnowman, @MaxFedotov, @oliverbaehler, @fierman333, @gkarthiks, @bsctl, @viveksyngh, @TinySong, @titansmc, @pramodsetlur, cheers and thanks for your effort in shaping this new release! 🥂