ENHANCEMENTS:
resource/kubernetes_pod_v1
: add missingtopology_spread_constraints
:node_affinity_policy
,node_taints_policy
,match_label_keys
,min_domains
[GH-2429]
ENHANCEMENTS:
kubernetes/kubernetes_deployment_v1
: Add support forHugePages
inemptyDir.medium
[GH-2395]resource/kubernetes_job_v1
: add new attributespec.pod_failure_policy
to job spec [GH-2394]
NOTES:
- Bump Kubernetes dependencies from x.27.8 to x.28.6. [GH-2404]
BUG FIXES:
resource/kubernetes_cron_job_v1
: fix an issue when the provider forces a resource recreation after upgrading to2.25.0
and2.25.1
due to changes in the resource schema. [GH-2387]resource/kubernetes_cron_job
: fix an issue when the provider forces a resource recreation after upgrading to2.25.0
and2.25.1
due to changes in the resource schema. [GH-2387]resource/kubernetes_daemon_set_v1
: fix an issue when the provider forces a resource recreation after upgrading to2.25.0
and2.25.1
due to changes in the resource schema. [GH-2387]resource/kubernetes_daemonset
: fix an issue when the provider forces a resource recreation after upgrading to2.25.0
and2.25.1
due to changes in the resource schema. [GH-2387]resource/kubernetes_stateful_set_v1
: fix an issue when the provider forces a resource recreation after upgrading to2.25.0
and2.25.1
due to changes in the resource schema. [GH-2387]resource/kubernetes_stateful_set
: fix an issue when the provider forces a resource recreation after upgrading to2.25.0
and2.25.1
due to changes in the resource schema. [GH-2387]
NOTES:
- Resources
kubernetes_cron_job_v1
andkubernetes_cron_job
got a new attributespec.job_template.metadata.namespace
. It is a stub attribute that does not affect the namespace in which the Pod will be created. The Pod will be created in the same namespace as the main resource. However, modifying this field will force the resource recreation. [GH-2387] - Resources
kubernetes_stateful_set_v1
,kubernetes_stateful_set
,kubernetes_daemon_set_v1
, andkubernetes_daemonset
got a new attributespec.template.metadata.namespace
. It is a stub attribute that does not affect the namespace in which the Pod will be created. The Pod will be created in the same namespace as the main resource. However, modifying this field will force the resource recreation. [GH-2387]
HOTFIX:
kubernetes_manifest
: Implement response for GetMetadata protocol function [GH-2384]
ENHANCEMENTS:
- Add terraform-plugin-framework provider [GH-2347]
data_source/kubernetes_persistent_volume_claim_v1
: add a new attributespec.volume_mode
. [GH-2353]data_source/kubernetes_persistent_volume_claim
: add a new attributespec.volume_mode
. [GH-2353]kubernetes/schema_stateful_set_spec.go
: Addspec.persistentVolumeClaimRetentionPolicy
inkubernetes_stateful_set
[GH-2333]resource/kubernetes_persistent_volume_claim_v1
: add a new attributespec.volume_mode
. [GH-2353]resource/kubernetes_persistent_volume_claim
: add a new attributespec.volume_mode
. [GH-2353]resource/kubernetes_stateful_set_v1
: add a new attributespec.volume_claim_template.spec.volume_mode
. [GH-2353]resource/kubernetes_stateful_set
: add a new attributespec.volume_claim_template.spec.volume_mode
. [GH-2353]
BUG FIXES:
resource/kubernetes_cron_job_v1
: Change the schema to include a namespace injobTemplate
resource/kubernetes_stateful_set_v1
: Change the schema to include a namespace intemplate
[GH-2362]resource/kubernetes_ingress_v1
: Fix an issue where the emptytls
attribute in the configuration does not generate the corresponding Ingress object without any TLS configuration. [GH-2344]resource/kubernetes_ingress
: Fix an issue where the emptytls
attribute in the configuration does not generate the corresponding Ingress object without any TLS configuration. [GH-2344]
NOTES:
- We have updated the logic of data sources and now the provider will return all annotations and labels attached to the object, regardless of the
ignore_annotations
andignore_labels
provider settings. In addition to that, a list of ignored labels when they are attached tokubernetes_job(_v1)
andkubernetes_cron_job(_v1)
resources were extended with labelsbatch.kubernetes.io/controller-uid
andbatch.kubernetes.io/job-name
since they aim to replacecontroller-uid
andjob-name
in the future Kubernetes releases. [GH-2345]
A special and warm welcome to the first contribution from our teammate @SarahFrench! 🚀
- @tbobm made their contribution in hashicorp#2348
- @andremarianiello made their contribution in hashicorp#2344
- @adinhodovic made their contribution in hashicorp#2333
- @wonko made their contribution in hashicorp#2362
ENHANCEMENTS:
kubernetes/schema_affinity_spec.go
: Add match_fields
to nodeAffinity [GH-2296]
kubernetes/schema_pod_spec.go
: Add os
to podSpecFields [GH-2290]
resource/kubernetes_config_map_v1_data
: improve error handling while validating the existence of the target ConfigMap. [GH-2230]
BUG FIXES:
resource/kubernetes_labels
: Add ["f:metadata"] check in kubernetes_labels to prevent crash with kubernetes_node_taints [GH-2246]
DOCS:
- Add example module for configuring OIDC authentication on EKS [GH-2287]
- Add example module for configuring OIDC authentication on GKE [GH-2319]
NOTES:
- Bump Go version from 1.20 to 1.21. [GH-2337]
- Bump Kubernetes dependencies from x.25.11 to x.27.8.
FEATURES:
resource/kubernetes_cron_job_v1
: add a new volume typeephemeral
tospec.job_template.spec.template.spec.volume
to support generic ephemeral volumes. [GH-2199]resource/kubernetes_cron_job
: add a new volume typeephemeral
tospec.job_template.spec.template.spec.volume
to support generic ephemeral volumes. [GH-2199]resource/kubernetes_daemon_set_v1
: add a new volume typeephemeral
tospec.template.spec.volume
to support generic ephemeral volumes. [GH-2199]resource/kubernetes_daemonset
: add a new volume typeephemeral
tospec.template.spec..volume
to support generic ephemeral volumes. [GH-2199]resource/kubernetes_deployment_v1
: add a new volume typeephemeral
tospec.template.spec.volume
to support generic ephemeral volumes. [GH-2199]resource/kubernetes_deployment
: add a new volume typeephemeral
tospec.template.spec.volume
to support generic ephemeral volumes. [GH-2199]resource/kubernetes_job_v1
: add a new volume typeephemeral
tospec.template.spec.volume
to support generic ephemeral volumes. [GH-2199]resource/kubernetes_job
: add a new volume typeephemeral
tospec.template.spec.volume
to support generic ephemeral volumes. [GH-2199]resource/kubernetes_pod_v1
: add a new volume typeephemeral
tospec.volume
to support generic ephemeral volumes. [GH-2199]resource/kubernetes_pod
: add a new volume typeephemeral
tospec.volume
to support generic ephemeral volumes. [GH-2199]
ENHANCEMENTS:
resource/kubernetes_endpoint_slice_v1
: make attributeendpoint.condition
optional. If you had previously included an empty blockcondition {}
in your configuration, we request you to remove it. Doing so will prevent receiving continuous "update in-place" messages while performing the plan and apply operations. [GH-2208]resource/kubernetes_pod_v1
: add a new attributetarget_state
to specify the Pod phase(s) that indicate whether it was successfully created. [GH-2200]resource/kubernetes_pod
: add a new attributetarget_state
to specify the Pod phase(s) that indicate whether it was successfully created. [GH-2200]
BUG FIXES:
resource/kubernetes_manifest
: update flow inwait
block to fix timeout bug within tf apply where the resource is created and appears in Kubernetes but does not appear in TF state file after deadline. The fix would ensure that the resource has been created in the state file while also tainting the resource requiring the user to make the necessary changes in order for their to not be another timeout error. [GH-2163]
DOCS:
- Fix external broken links in the documentation. [GH-2221]
- @JHeilCoveo made their contribution in hashicorp#2183
- @baumandm made their contribution in hashicorp#1026
- @vastep made their contribution in hashicorp#2193
- @rafed made their contribution in hashicorp#2214, hashicorp#2225
FEATURES:
kubernetes/data_source_kubernetes_persistent_volume.go
: Add data source for Kubernetes Persistent Volume Resource [GH-2118]kubernetes/resource_kubernetes_namespace.go
: Add attributewait_for_default_service_account
to namespaces which will force Terraform to wait until the default service account has been created by Kubernetes on namespace creation. [GH-2119]kubernetes/resource_kubernetes_endpointslice.go
: Add kubernetes_endpoint_slice resource [GH-2086]
ENHANCEMENTS:
kubernetes/provider.go
: Addtls_server_name
kubernetes provider options. [GH-1638]
BUG FIXES:
resource/kubernetes_manifest
: fix an issue in thekubernetes_manifest
resource when it panics if tuple attributes within an object have a different number of elements. This leads to the situation when all types of end tuples are getting the same type. [GH-2164]resource/kubernetes_manifest
: fix an issue with thekubernetes_manifest
resource, where an object fails to update correctly when employing wait conditions and thus some attributes are not available for the reference after creation. [GH-2173]
- @SRodi made their contribution in hashicorp#2096
- @kschoche made their contribution in hashicorp#2119
- @sbocinec made their contribution in hashicorp#2138
- @bartoszj made their contribution in hashicorp#1638
- @mpriscella made their contribution in hashicorp#2169
- @axcosta made their contribution in hashicorp#2137
- @thevilledev made their outstanding contribution in hashicorp#2158, hashicorp#2154, hashicorp#2159, hashicorp#2161 🚀
HOTFIX:
- Revert add "conflictsWith" to provider block schema. [GH-2131]
FEATURES:
resource/kubernetes_runtime_class_v1
: Add a new resourcekubernetes_runtime_class_v1
. [GH-2080]
ENHANCEMENTS:
kubernetes/provider.go
: addconflictsWith
rules to provider configuration schema [GH-2084]kubernetes/resource_kubernetes_service_account.go
: Removedefault_secret_name
warning [GH-2085]resource/kubernetes_node_taint
Update import documentation GH-2094
BUG FIXES:
resource/kubernetes_node_taint
: Don't fail when there is a taint in the state file for a node that no longer exists. [GH-2099]resource/kubernetes_job
: Fixed a bug where settingbackoff_limit
to 6 would reset it to 0
ENHANCEMENTS:
kubernetes/resource_kubernetes_env.go
: add support for initContainers [GH-2067]
kubernetes/resource_kubernetes_node_taint.go
: Remove MaxItems from taint attribute [GH-2046]
BUG FIXES:
- Fix diff after import when importing resources containing volume_mount [GH-2061]
resource/kubernetes_node_taint
: Fix an issue when updating taint does not update the ID in the state file. [GH-2077]
FEATURES:
New Resource: kubernetes_token_request_v1
. [GH-2024]
BUG FIXES:
data_source/kubernetes_secret_v1
: Fix an issue where data_source cannot read secret created with generate_name. [GH-2028]data_source/kubernetes_secret
: Fix an issue where data_source cannot read secret created with generate_name. [GH-2028]kubernetes/schema_pod_spec.go
: Fix unexpected volumes appearing on plan [GH-2006]resource/kubernetes_cron_job_v1
: Fix annotation logic to prevent internalkeys from being removed in templates [GH-1983]resource/kubernetes_manifest
: Fix a panic when constructing the diagnostic message about incompatible attribute types [GH-2054]resource/kubernetes_manifest
: Fix crash when manifest config contains unknown values of unknown type (DynamicPseudoType) [GH-2055]
HOTFIX:
- kubernetes_manifest: fix crash when waiting on conditions that are not yet present [GH-2008]
FEATURES:
- New data source:
data_source/kubernetes_nodes
. [GH-1921] - New data source:
data_source/kubernetes_resources
. [GH-1967] - New resource:
resource/kubernetes_node_taint
. [GH-1921]
ENHANCEMENT:
resource/kubernetes_annotations
: Add a new attributetemplate_annotations
that allows adding annotations to resources with pod templates. [GH-1972]resource/kubernetes_cron_job_v1
: Add a new attributespec.timezone
. [GH-1971]
BUG FIXES:
resource/kubernetes_mutating_webhook_configuration
: Fix an issue when the delete operation may not be idempotent. [GH-1999]resource/kubernetes_network_policy_v1
: Fix an issue when the delete operation may not be idempotent. [GH-1999]resource/kubernetes_network_policy
: Fix an issue when the delete operation may not be idempotent. [GH-1999]resource/kubernetes_persistent_volume_claim_v1
: Fix an issue when the delete operation may not be idempotent. [GH-1999]resource/kubernetes_persistent_volume_claim
: Fix an issue when the delete operation may not be idempotent. [GH-1999]resource/kubernetes_storage_class_v1
: Fix an issue when changing the value of the attributeallow_volume_expansion
does not alter Kubernetes resource. [GH-1519]resource/kubernetes_storage_class
: Fix an issue when changing the value of the attributeallow_volume_expansion
does not alter Kubernetes resource. [GH-1519]
DOCS:
- New data source:
data_source/kubernetes_nodes
. [GH-1921] - New data source:
data_source/kubernetes_resources
. [GH-1967] - New resource:
resource/kubernetes_node_taint
. [GH-1921] provider
: Add a note regarding theKUBECONFIG
environment variable. [GH-1989]resource/kubernetes_annotations
: Add a new attributetemplate_annotations
. [GH-1972]resource/kubernetes_job_v1
: Add documentation for the attributespec.completion_mode
. [GH-1997]resource/kubernetes_job
: Add documentation for the attributespec.completion_mode
. [GH-1997]resource/resource_kubernetes_cron_job_v1
: Add a new attributespec.timezone
. [GH-1971]
- @AnisimoffNikita made their contribution in hashicorp#1519
- @partcyborg made their contribution in hashicorp#1921
ENHANCEMENT:
- Add a new optional attribute
grpc
topod.spec.container.liveness_probe
,pod.spec.container.readiness_probe
, andpod.spec.container.startup_probe
. That affects all resources and data sources that use mentionedpod.spec.container
probes directly or as a template. [GH-1915] resource/kubernetes_cluster_role_binding_v1
: add attributegenerate_name
to produce a unique random name [GH-1899]resource/kubernetes_cluster_role_binding
: add attributegenerate_name
to produce a unique random name [GH-1899]resource/kubernetes_cluster_role_v1
: add attributegenerate_name
to produce a unique random name [GH-1899]resource/kubernetes_cluster_role
: add attributegenerate_name
to produce a unique random name [GH-1899]resource/kubernetes_ingress_v1
: add create and delete timeouts [GH-1936]resource/kubernetes_ingress_v1
: make the attributespec.ingress_class_name
computed [GH-1947]resource/kubernetes_persistent_volume_v1
: add additional validation on the delete operation to make it idempotent [GH-1935]resource/kubernetes_persistent_volume
: add additional validation on the delete operation to make it idempotent [GH-1935]resource/kubernetes_role_binding_v1
: add attributegenerate_name
to produce a unique random name [GH-1899]resource/kubernetes_role_binding
: add attributegenerate_name
to produce a unique random name [GH-1899]
- @AmandaHassoun made their contribution in hashicorp#1944
- @shihai1991 made their contribution in hashicorp#1922
- @Tensho made their contribution in hashicorp#1936
- @multani made their contribution in hashicorp#1899
- @sherifabdlnaby made their contribution in hashicorp#1935
- @dgnemo made their contribution in hashicorp#1915
ENHANCEMENTS:
- Add additional validation on the delete operation to make it idempotent. [GH-1914], [GH-1919], [GH-1898]
This affects the following resources:
kubernetes_api_service
kubernetes_api_service_v1
kubernetes_cluster_role
kubernetes_cluster_role_v1
kubernetes_cluster_role_binding
kubernetes_cluster_role_binding_v1
kubernetes_config_map
kubernetes_config_map_v1
kubernetes_daemonset
kubernetes_daemon_set_v1
kubernetes_deployment
kubernetes_deployment_v1
kubernetes_endpoints
kubernetes_endpoints_v1
kubernetes_horizontal_pod_autoscaler
kubernetes_horizontal_pod_autoscaler_v1
kubernetes_horizontal_pod_autoscaler_v2beta2
kubernetes_horizontal_pod_autoscaler_v2
kubernetes_mutating_webhook_configuration
kubernetes_mutating_webhook_configuration_v1
kubernetes_network_policy
kubernetes_network_policy_v1
kubernetes_persistent_volume_claim
kubernetes_persistent_volume_claim_v1
kubernetes_pod
kubernetes_pod_v1
kubernetes_pod_disruption_budget
kubernetes_pod_disruption_budget_v1
kubernetes_pod_security_policy
kubernetes_pod_security_policy_v1beta1
kubernetes_priority_class
kubernetes_replication_controller
kubernetes_resource_quota
kubernetes_role
kubernetes_role_binding
kubernetes_secret
kubernetes_namespace
kubernetes_service
kubernetes_service_account
kubernetes_stateful_set
kubernetes_storage_class
kubernetes_validating_webhook_configuration
kubernetes_validating_webhook_configuration_v1
Special thanks to @sheneska for making these changes as part of her internship @hashicorp! 🚀
FEATURES:
- New data source:
kubernetes_endpoints_v1
[GH-1805]
ENHANCEMENT:
- Add a new optional attribute
runtime_class_name
topod.spec
. That affects all resources and data sources that usepod.spec
directly or as a template. [GH-1895] - Add a new optional attribute
fs_group_change_policy
topod.spec.security_context
. That affects all resources and data sources that usepod.spec
directly or as a template. [GH-1892] - The kubernetes status field is now available in the
kubernetes_resource
datasource [GH-1802] r/kubernetes_pod_v1
: changing values ofspec.container.resources.limits
orspec.container.resources.requests
will force resource recreation. [GH-1889]r/kubernetes_pod
: changing values ofspec.container.resources.limits
orspec.container.resources.requests
will force resource recreation. [GH-1889]
BUG FIXES:
- Fix an issue when changing values of
spec.container.resources.limits
orspec.container.resources.requests
does not update appropriate Kubernetes resources. Affected resources:kubernetes_pod
,kubernetes_pod_v1
. [GH-1889] - Fix an issue when empty values of
spec.container.resources.limits
orspec.container.resources.requests
produce continuous diff output duringplan
although no real changes were made. Affected resources:kubernetes_pod
,kubernetes_pod_v1
,kubernetes_daemonset
,kubernetes_daemon_set_v1
,kubernetes_deployment
,kubernetes_deployment_v1
. [GH-1889] - Fix an issue with timeouts for
StatefulSet
,Deployment
, andDaemonSet
resources when in some cases changes ofUpdate
orCreate
timeout doesn't affect related actions. [GH-1902]
DOCS:
resource/kubernetes_service_account_v1
: mark attributedefault_secret_name
as deprecated [GH-1883]resource/kubernetes_service_account
: mark attributedefault_secret_name
as deprecated [GH-1883]
Thanks to all our contributors! 🎉
- @Dudesons made their contribution in hashicorp#1805
- @St0rmingBr4in made their contribution in hashicorp#1802
- @kylecarbs made their contribution in hashicorp#1895
ENHANCEMENT:
- Add new resource resource_kubernetes_env [GH-1838]
- Add "field_manager" attribute to kubernetes_labels, kubernetes_annotations, kubernetes_config_map_v1_data [GH-1831]
- r/kubernetes_horizontal_pod_autoscaler_v2: make attribute
spec.behavior.scale_down
computed [GH-1853] - r/kubernetes_horizontal_pod_autoscaler_v2: make attribute
spec.behavior.scale_up
computed [GH-1853] - r/kubernetes_horizontal_pod_autoscaler_v2: make attribute
spec.behavior
computed [GH-1853] - r/kubernetes_horizontal_pod_autoscaler_v2beta2: make attribute
spec.behavior.scale_down
computed [GH-1853] - r/kubernetes_horizontal_pod_autoscaler_v2beta2: make attribute
spec.behavior.scale_up
computed [GH-1853] - r/kubernetes_horizontal_pod_autoscaler_v2beta2: make attribute
spec.behavior
computed [GH-1853]
ENHANCEMENT:
- Added "preemption_policy" attribute to the priority_class resource. [GH-1846]
- new attribute: Add immutable attribute to resource_config_map [GH-1849]
- resource/kubernetes_secret: Add a new attribute
wait_for_service_account_token
and correspondingcreate
timeout resource/kubernetes_secret_v1: Add a new attributewait_for_service_account_token
and correspondingcreate
timeout [GH-1833]
DOCS:
- r/kubernetes_service: make
spec.port
block optional [GH-1856] - r/kubernetes_service_v1: make
spec.port
block optional [GH-1856]
BUG FIXES:
- [TK-78009] Fix propagation of non-fatal Diagnostics in the type morphing logic
BUG FIXES:
- Starting from Kubernetes 1.24.0 service account token is not automatically generated, thus it has to create separately. The following resources were updated to handle this change:
d/kubernetes_service_account
,r/kubernetes_default_service_account
,r/kubernetes_service_account
. For Kubernetes clusters running v1.24+default_secret_name
will be empty. A warning message will be printed once any of the above resources are in use. (#1792)
IMPROVEMENTS:
r/kubernetes_manifest
: Better error messages from OpenAPI schema transformations (#1780)- Update documentation and correct some errors (#1768, #1786)
- Update acceptance tests infrastructure code for GKE and AKE and related GitHub Actions
IMPROVEMENTS:
- Update documentation and correct some errors (#1759)
BUG FIXES:
- Fix type morphing of nested tuples that causes
Failed to morph
errors (#1756) - Fix an issue when provider crashes intermittently in version
v2.12.0
(#1762)
NEW:
- Attribute
ignore_annotations
ofprovider
(#746) - Attribute
ignore_labels
ofprovider
(#746) - Attribute
condition
towait
block ofkubernetes_manifest
(#1595) - Attribute
allocate_load_balancer_node_ports
ofkubernetes_service(_v1)
(#1683) - Attribute
cluster_ips
ofkubernetes_service(_v1)
(#1683) - Attribute
internal_traffic_policy
ofkubernetes_service(_v1)
(#1683) - Attribute
load_balancer_class
ofkubernetes_service(_v1)
(#1683) - Attribute
session_affinity_config
ofkubernetes_service(_v1)
(#1683)
IMPROVEMENTS:
- Update documentation and correct some errors (#1706, #1708)
- Fix security scan alerts (#1727, #1730, #1731)
- Attribute
topology_key
ofkubernetes_deployment(_v1)
marked asRequired
(#1736)
BUG FIXES:
- Fix
kubernetes_default_service_account
doesn't set theautomount_service_account_token
tofalse
(#1247) - Fix an issue when the imported
kubernetes_manifest
resource is replaced instead of getting updated (#1712) - Fix provider crash when
image_pull_secret
ofkubernetes_service_account(_v1)
isnull
NEW:
- Add a new resource
kubernetes_horizontal_pod_autoscaler_v2
(#1674)
IMPROVEMENTS:
- Add
ip_families
andip_family_policy
attributes tokubernetes_service
(#1662) - Handle
x-kubernetes-preserve-unknown-fields
type annotation from OpenAPI: changes to attributes of this type trigger whole resource recreation. (#1646) - Upgrade terraform-plugin-mux to v0.6.0 (#1686)
- Add GitHub action for EKS acceptance tests (#1656)
- Add github action for acceptance tests using kind (#1691)
BUG FIXES:
- Fix conversion of big.Float to float64 in
kubernetes_manifest
(#1661) - Fix identification of
int-or-string
type attributes to include 3rd party types defined by aggregated APIs (#1640) - Fix not handling multiple
cluster_role_selectors
ofkubernetes_cluster_role(_v1)
(#1360)
NEW:
- Resource
kubernetes_labels
(#692) - Resource
kubernetes_annotations
(#692) - Resource
kubernetes_config_map_v1_data
(#723) - Block
wait
with attributerollout
ofkubernetes_manifest
(#1549) - Data source and resource attributes
app_protocol
ofkubernetes_service
(#1554) - Attribute
container_resource
of resourcekubernetes_horizontal_pod_autoscaler_v2beta2
(#1637)
IMPROVEMENTS:
- Deprecate
wait_for
attribute in favor ofwait
block inkubernetes_manifest
(#1549) - Make attribute
rule
optional ofkubernetes_validating_webhook_configuration(_v1)
andkubernetes_mutating_webhook_configuration(_v1)
(#1618, #1643) - Update documentation and correct some errors (#1622, #1628, #1657, #1681)
BUG FIXES:
- Fix crash when multiple
match_expression
are used inkubernetes_resource_quota
(#1561) - Fix issue when in some circumstances changes of
seLinuxOptions.Type
doesn't reflect in the state file (#1650) - Ignore service account volumes with
kube-api-access
prefix (#1663)
IMPROVEMENTS:
- Add attribute
csi
to pod spec (#1092) - Add
kubernetes_resource
data source (#1548) kubernetes_manifest
resource force the re-creation of the resource when eitherapiVersion
orkind
attributes change (#1593)- Make attribute
http
of resourcekubernetes_ingress_v1
optional (#1613) - Add a new attribute
seccomp_profile
to pod and container spec (#1617) - Add additional check to resource
kubernetes_job_v1
when attributeswait_for_completion
andttl_seconds_after_finished
are used together (#1619) - Update documentation examples and correct some errors (#1597, #1611, #1612, #1626)
BUG FIXES:
- Fix logic of
wait_for_rollout
attribute ofkubernetes_deployment
(#1405) - Fix fail when the provider cannot determine
default_secret_name
(#1634)
IMPROVEMENTS:
- Add mutating_webhook_configuration_v1 data source (#1423)
- Remove enabling experiment section (#1564)
- Update kubernetes dependencies (#1574)
- Update terraform-plugin-go and terraform-plugin-sdk (#1551)
BUG FIXES:
- Fix
panic: lists must only contain one type of element
errors onkubernetes_manifest
- Attribute
backend.service.port.name
inkubernetes_ingress_v1
should be type String (#1541)
BUG FIXES:
- Fix type-morphing of Map into Map (#1521)
IMPROVEMENTS:
- Add support for storage/v1
- Add support for certificates/v1
- Add support for networking/v1
- Add support for policy/v1
- Add
completion_mode
to job spec - Improve performance of
kubernetes_manifest
by reducing amount of API calls
BUG FIXES:
- Fix crash when container env block is empty
- Fix invalid allowedHostPaths PodSecurityPolicy patch
- Fix handling of "null" values on fields of
kubernetes_manifest
(#1478)
This release introduces version suffixes to the names of resources and datasources. See our documentation page for more details on this convention and the motivation behind it.
BUG FIXES:
- Fix import ID syntax in manifest import docs
- Tolerate unknown values in "env" and "exec" provider attributes
- Remove "beta" designation of the kubernetes_manifest from documentation
IMPROVEMENTS:
- kubernetes_manifest is now GA and enabled by default
BUG FIXES:
- kubernetes_manifest now correctly handles empty blocks as attribute values (#1352)
- kubernetes_manifest now correctly handles multiple CRDs with different number of schema versions (#1460)
IMPROVEMENTS:
- Allow setting kubernetes_job parallelism to zero (#1334)
- Add kubernetes_ingress_class resource (#1236)
- Add immutable field to kubernetes_secret (#1280)
- Add behavior field to horizontal_pod_autoscaler (#1030)
- Add proxy_url attribute to provider configuration block (#1441)
BUG FIXES:
- Always generate standard ObjectMeta for CRD types (#1418)
- Fix importing kubernetes_manifest resources (#1440)
- Fix documentation example for field_manager block (#1410)
- Fix kubernetes_job "No waiting" documentation example (#1383)
- Fix docs formatting for kubernetes_secret (#1434)
IMPROVEMENTS:
- Timeouts block on
kubernetes_manifest
kubernetes_manifest
supports setting field_manager name and "force" modekubernetes_manifest
checks that resource exists before trying to createkubernetes_manifest
supports "computed" attributteskubernetes_manifest
supports import operations
BUG FIXES:
- Fix typo in kubernetes_manifest documentation
- Document that kubernetes_manifest must be enabled in the provider block.
- Docs for ingress_class_name in kubernetes_ingress
HOTFIX:
- Fix kubernetes_manifest Terraform version constraint causing error on 0.12/0.13 (#1345)
IMPROVEMENTS:
- Add
kubernetes_manifest
resource as experimental feature - Upgrade Terraform SDK to v2.7.0
BUG FIXES:
- Revert "Filter well known labels and annotations" (#1298)
IMPROVEMENTS:
- docs/stateful_set: add import section (#1287)
BUG FIXES:
cluster_ip
forkubernetes_service
should support valueNone
(#1291)- Remove
self_link
from metadata (#1294) - Add missing labels to fix "
kubernetes.io/metadata.name
always in plan" (#1293)
BUG FIXES:
- Add missing annotations (#1289)
IMPROVEMENTS:
- Datasource:
kubernetes_secret
: addbinary_data
attribute (#1285) - Add validations to
validating_webhook_configuration
(#1279) - Add validations to
mutating_webhook_configuration
(#1278) - Add validations to
storage_class
(#1276) - Add validations to container PodSpec (#1275)
- Add validations to
service
(#1273) - Update EKS example to use two applies (#1260)
- Resource
kubernetes_deployment
: allow changing strategy fromrolling
torecreate
(#1255) - Filter well known labels and annotations (#1253)
- Resource
kubernetes_resource_quota
: suppress diff for no-op changes (#1251) - Resource
kubernetes_deployment
: allow removing volume mount (#1246)
IMPROVEMENTS:
- Match specific tolerations to prevent diffs (#978)
- Update all go modules (#1240)
- Docs: fix broken links (#1041)
- Docs: fix typo in getting started guide (#1262)
BUG FIXES:
- Fix
kubernetes_cron_job
ForceNew when modifyingjob_template
(#1212) - Fix error returned by Create CSR (#1206)
- Fix
kubernetes_pod_disruption_budget
:100%
now is a valid value (#1107) - Fix perpetual diff in persistent volume claimRef (#1227)
IMPROVEMENTS:
- Add
binary_data
field tokubernetes_secret
(#1228) - Add support for setting the persistent volume claimRef (#1020)
- Add
secret_namespace
tovolume_source
azure_file
(#1204) - Docs: fix grammar in Network Policy (#1210)
- Docs:
kubernetes_cron_job
add link to Kubernetes reference (#1200)
BUG FIXES:
- Fix resource_field_ref schema for projected_volume (#1189)
- Add diff suppression to persistent_volume and persistent_volume_claim (#1145)
- Remove error for missing kubeconfig, to allow generating it at apply time (#1142)
IMPROVEMENTS:
- Support topologySpreadConstraint in pod spec schema (#1022)
- Wait for kubernetes_ingress to be deleted (#1143)
- Improve docs for configuring the provider (#1132)
- Update docs to reflect Kubernetes service status attribute (#1148)
BUG FIXES:
- Read operation should set resource id to null if not found (#1136)
IMPROVEMENTS:
- Add service timeouts docs (#963)
BUG FIXES:
- Resources state migration should migrate empty array (#1124)
IMPROVEMENTS:
- Update docs to reflect new schema for
load_balancer_ingress
(#1123)
BREAKING CHANGES:
- Replace support for
KUBECONFIG
environment variable withKUBE_CONFIG_PATH
(#1052) - Remove
load_config_file
attribute from provider block (#1052) - Remove default of
~/.kube/config
forconfig_path
(#1052) - Update Terraform SDK to v2 (#1027)
- Restructure service and ingress to match K8s API (#1071)
- Normalize
automount_service_account_token
to be in line with the K8s API (#1054) - Normalize
enable_service_links
to be in line with the K8s API (#1074) - Normalize wait defaults across Deployment, DaemonSet, StatefulSet, Service, Ingress, and Job (#1053)
- Change resources requests and limits to TypeMap (#1065)
FEATURES:
- Add timeout argument to kubernetes_stateful_set (#1047)
- Add divisor to resource_field_ref (#1063)
- Add ingressClassName as field in Ingress manifest (#1057)
BUG FIXES:
- Fix typo in Job error message (#1048)
- Fix assertion in TestAccKubernetesPersistentVolume_hostPath_nodeAffinty (#1067)
- Fix service load balancer crash (#1070)
- Fix
cronJob.ttl_seconds_after_finished
causing requests to fail even without value specified (#929) - Fix perpetual diff when using Pod resource with
automount_service_account_token=true
(#1085) - Fix perpetual diff in StatefulSet when
update_strategy
is not specified (#1088) - Fix delete/recreate when updating
init_containers
(#951) - Fix delete/recreate of Jobs when updating mutable fields (#1074)
IMPROVEMENTS:
- Add upgrade test for daemonset (#1064)
- Add
kube_config_paths
to provider block (#1052)
FEATURES:
- Add support for readiness_gate on Pod spec (#811)
- Add Azure Managed disk to PV resource (#202)
- Add support for enable_service_links to the pod specification (#975)
BUG FIXES:
- Fix annotation diffs on affinity tests (#993)
- Fix api_group requirement in cluster_role_binding and role_binding (#1024)
- Fix service test leaking ELBs (#947)
- Fix annotation diffs on affinity tests (#993)
- Fix job documentation
- Fix build on macOS (#1045) and windows/386
IMPROVEMENTS:
- Update Go dependencies (#968)
- Update acceptance tests for tfproviderlint (#887)
- Refactor Typhoon test configuration to allow selection of Kubernetes version (#992)
- Update Pull Request Lifecycle docs (#1032)
- CI checks for docs website (registry migration) (#953)
BUG FIXES:
- Fix spurious forced replacement in empty_dir volume (#985)
- Fix reported replica count when waiting for Deployment rollout (#998)
- health_check_port_node should force replacement (#986)
- Don't force replacement StatefulSet / Deployment when affinity rule selectors change (#755)
IMPROVEMENTS:
- Wait for
kubernetes_service
to be deleted - Updates to CONTRIBUTING.md and PULL_REQUESTS.md
BUG FIXES:
- Fix crash when size_limit is not present on empty_dir volume (#983)
FEATURES:
- Add resource
CertificateSigningRequest
(#922) - Add resource
default_service_account
(#876)
IMPROVEMENTS:
- Allow in-place update of PVC's storage request (#957)
- Add sysctl support to pod spec (#938)
- Add ability to wait for deployment to delete (#937)
- Add support for
aggregation_rule
tocluster_role
resource (#911) - Add
health_check_node_port
to Service resource (#908) - Add support for
size_limit
forempty_dir
block (#912) - Add support for volume mode (#939)
- Add projected volumes in pod_spec (#907)
- Add termination_message_policy to container schema (#847)
BUG FIXES:
- Recreate Storage Class on VolumeBindingMode update (#757)
- Fix url attribute in admissionregistration client_config.service block (#959)
- Fix crash when deferencing nil pointer in v1beta1.IngressRule (#967)
BUG FIXES:
- Fix crash in
resource_kubernetes_pod_security_policy
attributehost_ports
(#931)
IMPROVEMENTS:
- Add
wait_for_rollout
tokubernetes_deployment
resource (#863) - Add
wait_for_rollout
tokubernetes_stateful_set
resource (#605)
IMPROVEMENTS:
- Add resource for CSIDriver (#825)
- Add resource for Pod Security Policies (#861)
- Add data source for Pod and PVC (#786)
- Add support for CSI volume type in persistent_volume resource (#817)
- Add Kubernetes Job
wait_for_completion
functionality (#625) - Support
optional
flag for ConfigMap mounted as volume (#823) - Add specific error message when failing to load provider config (#780)
- Support
optional
on env valueFrom for secret key/configmap key (#824) - Skip tests for CSIDriver if cluster version is less than 1.16
- Allow
ttl_seconds_after_finished = 0
inkubernetes_job
resource (#849) - Set service block to
optional
for webhook configurations (#902)
IMPROVEMENTS:
- Add data source for ingress (#514)
- Add data sources for namespaces (#613)
IMPROVEMENTS:
- Add data source for config map (#76)
- Add data source for service account (#523)
- Add resource for ValidatingWebHookConfiguration and MutatingWebhookConfiguration (#791)
BUG FIXES:
- Update Go module versions to work with Go 1.13
IMPROVEMENTS:
- Bump provider SDK to v1.7.0
BUG FIXES:
- Defer client initialization to improve resilience (#759)
IMPROVEMENTS:
- Add
mount_options
attribute tokubernetes_persistent_volume
andkubernetes_storage_class
- Refactor client config initialization and fix in-cluster config (#679) (#497)
BUG FIXES:
- Do not force base64 encoding for the
ca_bundle
onkubernetes_api_service
(#679) - Allow 3s age gap between
service account
andsecret
(issue) - Add
load_config_file = false
to documented provider configurations - Add support for
startup_probe
on container spec - Fix (cluster-)role bindings and rules updates (#713)
- Fix namespacing issues on kubernetes_priority_class (#680) See comment on backward compatibility
- Documentation fixes
FEATURES:
- New resource:
kubernetes_pod_disruption_budget
(#644 / PR #338) - New resource:
kubernetes_priority_class
(PR #495)
IMPROVEMENTS:
- Add
mount_propagation
attribute to container volume mount - Add support for
.spec.service.port
tokubernetes_api_service
(#665) - Update
k8s.io/client-go
to v12 - Set option to cascade delete job resources (#534 / PR #635)
- Support in-cluster configuration with service accounts (PR #497)
- Parametrize all existing timeout values (PR #607)
- Enable HTTP requests/responses tracing in debug mode (PR #630)
BUG FIXES:
- Do not set default namespace for replication controller and deployment pod templates (#275)
- Updated host_alias property name to host_aliases (PR #670)
- Docs - updated all broken and commit-specific Kubernetes links to point to master branch (PR #626)
- Allow 0 for
backoff_limit
onkubernetes_job
(PR #632)
FEATURES:
- New resource:
kubernetes_api_service
(PR #487)
IMPROVEMENTS:
- Add
type
attribute to volume hostPath (#358) - Configurable delete timeout for
kubernetes_namespace
resource
BUG FIXES:
- Allow all values for deployment rolling update config (PR #587)
- Align validation of
role_binding
andcluster_role_binding
names to Kubernetes rules (PR #583)
FEATURES:
- Add support for tolerations to Pod and Pod template (PR #448).
IMPROVEMENTS:
- Update getting started guide to Terraform 0.12 syntax (PR #544).
BUG FIXES:
- Align validation rules for names of Role and ClusterRole to Kubernetes (PR #551).
- Allow non-negative replicas in kubernetes_stateful_set (PR #527).
- Fix 'working_dir' attribute on Pod containers (PR #539).
FEATURES:
- New resources:
kubernetes_job
andkubernetes_cron_job
IMPROVEMENTS:
- Add
automount_service_account_token
attribute to the Pod spec (PR #261) - Add
share_process_namespace
attribute to the Pod spec (PR #516) - Update Terraform SDK to v0.12.3
- Enable Renovate to keep package dependencies up to date.
BUG FIXES:
- Fix waiting for Deployments to finish (PR #502)
- Adapt examples to Terraform 0.12 syntax
- Documentation updates and fixes
FEATURES:
- Add support of client-go credential plugins in auth (#396)
- Add kubernetes_ingress resource (closes #14) (#417)
IMPROVEMENTS:
- Add
affinity
(Pod affinity rules) attribute to Pod and PodTemplate spec - Add support for
binary_data
to kubernetes_config_map (#400) - Add
run_as_group
to container security context attribute (#414) - Add
local
attributepersistent_volume_source
docs - Add
external_traffic_policy
tokubernetes_service
- Allow
max_unavailable
andmax_surge
to be 0 onkubernetes_deployment
BUG FIXES:
- Fix docs typo:
kubernetes_service
takestarget_port
nottargetPort
(#409) - Fix links to timeouts documentation for terraform 0.12+ (#406)
- Link Endpoints resource into sidebar (#431)
- Add doc examples for container health probes.
- Don’t prevent use of kubernetes.io annotation keys
BUG FIXES:
- Fix to release metadata to register the provider as compatible with Terraform 0.12.
IMPROVEMENTS:
- Updated the Terraform SDK to support the upcoming Terraform version 0.12.
UPGRADE NOTES:
- On volume source blocks, the
mode
anddefault_mode
attributes are now of type string and will produce a diff on the first run with state coming from Terraform 0.11.x and lower. Also,default_mode
now defaults to 0644 when not set, in accordance with Kubernetes API docs. This will also produce a diff when applied against state from Terraform 0.11.x and lower (where it was implicitly 0). Subsequent applies should behave as expected.
FEATURES:
- New resource:
kubernetes_endpoints
(#167)
IMPROVEMENTS:
- Add support for importing
kubernetes_service_account
resources. - Add validation for
strategy
attribute onkubernetes_daemonset
andkubernetes_deployment
- Add
allow_volume_expansion
attribute tokubernetes_storage_class
resource. - Add
host_aliases
attribute to Pod spec and Pod templates. - Add support for
dns_config
attribute on Pods and Pod templates. - Mark
node_affinity
attribute on PV as Computed to support server populated values. - Wait for PVs to finish deleting.
- Documentation now mentions acceptance of beta Kubernetes resources.
BUG FIXES:
- Fix detection of default token secret (#349)
- Fix unexpected diffs on
kubernetes_network_policy
whennamespace_selector
is empty (#310) - Fix crashes on empty node_affinity / node_selector_term / match_expressions (#394)
- Make entire Pod template updatable (#384)
BUG FIXES:
- Fix
api_group
attribute attribute of RBAC subjects. (#331)
FEATURES:
- New resources: DaemonSet and ClusterRole (#229)
IMPROVEMENTS:
- Add test infrastructure for AKS and EKS (#291)
- Add
publish_not_ready_addresses
tokubernetes_service
(#306) - Populate
default_secret
for Service Account when multiple secrets are present (#281)
BUG FIXES:
- Declare
env
argument type correctly in Pod config (#304) - Fix service datasource after #306 broke it (#313)
- Fix docs correcting
automount_service_account_token
location for Service Acount (#278) - Fix docs typo (#279)
FEATURES:
- New Resource:
kubernetes_network_policy
(#118) - New Resource:
kubernetes_role
- New Resource:
kubernetes_role_binding
- New Datasource:
kubernetes_secret datasource
(#241)
IMPROVEMENTS:
resource/kubernetes_deployment
,resource/kubernetes_pod
,resource/kubernetes_replication_controller
,resource/kubernetes_stateful_set
: Addallow_privilege_escalation
to container security contexts attributes (#249)- Add pod metadata to replication controller spec template (#193)
- Add support for
volume_binding_mode
attribute inkubernetes_storage_class
- Add
node_affinity
attribute to persistent volumes. - Add support for
local
type persistent volumes. - Upgrade to Go 1.11 + Go modules
BUG FIXES:
resource/kubernetes_stateful_set
: Fix updates of stateful set images (#252)
FEATURES:
- New Resource:
kubernetes_stateful_set
(#100)
IMPROVEMENTS:
resource/kubernetes_storage_class
: Add ReclaimPolicy attributeresource/kubernetes_service_account
: Allow automount service account token
BUG FIXES:
- Fix waiting for Deployment rollout status (#210)
FEATURES:
IMPROVEMENTS:
- Update Kubernetes client library to 1.10 (#162)
- Add support for
env_from
on container definitions (#82)
IMPROVEMENTS:
- resource/kubernetes_pod: Add timeout to pod resource create and delete (#151)
- resource/kubernetes_pod: Add support for init containers (#156)
BUG FIXES:
- name label: All name labels will now allow DNS1123 subdomain format ex:
my.label123
(#152) - resource/kubernetes_service: Switch targetPort to string (#154)
- data/kubernetes_service: Switch targetPort to string (#159)
- resource/kubernetes_pod: env var value change forces new pod (#155)
- Fix example in docs for an image pull secret (#165)
NOTES:
- provider: Client library updated to support Kubernetes
1.7
IMPROVEMENTS:
- resource/kubernetes_persistent_volume_claim: Improve event log polling for warnings (#125)
- resource/kubernetes_persistent_volume: Add support for
storage_class_name
(#111)
BUG FIXES:
- resource/kubernetes_secret: Prevent binary data corruption (#103)
- resource/kubernetes_persistent_volume: Update
persistent_volume_reclaim_policy
correctly (#111) - resource/kubernetes_service: Update external_ips correctly on K8S 1.8+ (#127)
- resource/kubernetes_*: Fix adding labels/annotations to resources when those were empty (#116)
- resource/kubernetes_*: Treat non-string label values as invalid (#135)
- resource/kubernetes_config_map: Fix adding
data
when it was empty (#116) - resource/kubernetes_secret: Fix adding
data
when it was empty (#116) - resource/kubernetes_limit_range: Avoid spurious diff when spec is empty (#132)
- resource/kubernetes_persistent_volume: Use correct operation when updating
persistent_volume_source
(1.8
) (#133) - resource/kubernetes_persistent_volume: Mark persistent_volume_source as ForceNew on
1.9+
(#139) - resource/kubernetes_pod: Bump deletion timeout to 5 mins (#136)
BUG FIXES:
- resource/pod: Avoid crash in reading
spec.container.security_context
capability
(#53) - resource/replication_controller: Avoid crash in reading
template.container.security_context
capability
(#53) - resource/service: Make spec.port.target_port optional (#69)
- resource/pod: Fix
mode
conversion inconfig_map
volume items (#83) - resource/replication_controller: Fix
mode
conversion inconfig_map
volume items (#83)
IMPROVEMENTS:
- resource/kubernetes_pod: Add support for
default_mode
,items
andoptional
in Secret Volume (#44) - resource/kubernetes_replication_controller: Add support for
default_mode
,items
andoptional
in Secret Volume (#44)
BUG FIXES:
- resource/kubernetes_pod: Respect previously ignored
node_selectors
field (#42) - resource/kubernetes_pod: Represent update-ability of spec correctly (#49)
- resource/kubernetes_replication_controller: Respect previously ignored
node_selectors
field (#42) - all namespaced resources: Avoid crash when importing invalid ID (#46)
- meta: Treat internal k8s annotations as invalid #50
FEATURES:
- New Resource:
kubernetes_storage_class
(#22) - New Data Source:
kubernetes_service
(#23) - New Data Source:
kubernetes_storage_class
(#33)
IMPROVEMENTS:
- provider: Add support of token in auth (#35)
- provider: Add switch to disable loading file config (
load_config_file
) (#36)
BUG FIXES:
- resource/kubernetes_service: Make port field optional (#27)
- all resources: Escape '/' in JSON Patch path correctly (#40)
FEATURES:
IMPROVEMENTS:
- resource/kubernetes_service: Wait for LoadBalancer ingress (#12)
- resource/persistent_volume_claim: Expose last warnings from the eventlog (#16)
- resource/pod: Expose last warnings from the eventlog (#16)
- resource/service: Expose last warnings from the eventlog (#16)
BUG FIXES:
- Register auth plugins (gcp, oidc) automatically (#6)
- resource/pod: Fix a crash caused by wrong field name (config map volume source) (#19)
- resource/pod: Add validation for
default_mode
(mode bits) (#19)
FEATURES:
- New Resource:
kubernetes_pod
[#13571](hashicorp/terraform#13571)