Skip to content

v2.3.0
Compare
Choose a tag to compare
@george-angel george-angel released this 24 Jun 13:01
· 752 commits to master since this release
v2.3.0
33ab329

Release notes for v2.3.0

Configuration moved from labels to annotations

The annotation name is now static. New supported annotations for the
Namespace are:

kube-applier.io/enabled: 'true'
kube-applier.io/dry-run: 'false'
kube-applier.io/prune: 'true'

Delegate accounts removed

Previously one of the ways to authorise kube-applier to managed namespaces was
to create a new ServiceAccount for every Namespace managed by the instance of
kube-applier. You then bound the SA that kube-applier runs with to allow "get
Secrets" of these delegate SAs to "assume them" and local namespaces SAs would
have "local admin" permissons.

Thats confusing and not needed for "kube-applier per team" model. Now you have
a single ServiceAccount thats bound to the kube-applier instance. And for every
managed namespace, you have a RoleBinging with subject being this SA and Role
being a namespace admin. Example:
https://github.com/utilitywarehouse/kube-applier/blob/master/manifests/example/rbac.yaml

Full run filter and interval

kube-applier now only does a run when there is a new commit in one of the
watched directories. Previously it would kick off an apply run for any
commit to the repository.

Full run interval duration defualt is now 1 hour. New commits are still being
watched every 5s, but manual changes will now only be cleaned up every 1h.

Assets 2
Loading