Fleet Management
- Update some role descriptions.
- Enhance log messages in the bootstrapping part, remove unneeded messages.
Added
- Add
externalresources
resource that binds read-default-catalogs
and read-releases
roles for any subject with org-namespace access. - Add creation of
read-default-catalogs
Role. - Add creation of
read-releases
ClusterRole. - Improve logging for the
orgpermissions
, clusternamespace
, and rbac
controllers.
Added
- Add cluster-namespace controller which ensures that RBAC resources to access resources in cluster namespaces can be granted to those with access to the clusters organization
- Add bootstrapping for the
read-cluster-apps
and write-cluster-apps
clusterRoles. - Add update option for
orgReadClusterRoleBinding
resource.
Changed
- The
write_all_group
configuration key is now optional.
Removed
- Remove
Cluster
CRD from KVM installations.
Fixed
- Bump go module major version to v5.
Added
Fixed
- Fix naming of VPA deployments in workload clusters.
Fixed
login
command: Try logging in again if token renewal fails.- Add
security
API group to scheme in order to get organizations
during login
.
Changed
- Enable logging into clusters in all versions and namespaces if
--insecure-namespace
flag is active. - Simplify log in with context name
Added
- Add support for self-contained kubeconfig creation for management cluster context.
- Add
--keep-context
flag to login
.
Added
- Create RBAC for customer-facing Flux to access organization namespaces.
- Add
automation
ServiceAccount to organization namespaces with permissions to handle Flux resources in that namespace by default.
Changed
- Upgrade CAPI / CAPZ CRDs to
v1beta1
on Azure.