Skip to content
This repository has been archived by the owner on Jun 26, 2023. It is now read-only.

HNC v0.8.0

Latest
Compare
Choose a tag to compare
@adrianludwin adrianludwin released this 30 Apr 13:35
c794725

Note: HNC v0.9.0 and later are now available from our new repo. This repo will no longer be updated with the latest HNC releases.

HNC v0.8.0 fixes some minor issues with Exceptions, improves the stability of your cluster by protecting critical system namespaces, and adds support for the latest versions of Kubernetes.

Installing

WARNING: if your cluster already has HNC installed, please ensure you are using HNC v0.7.0 or later.

You can install or upgrade HNC on your cluster using the following commands (admin privileges required):

# Select the latest version of HNC
HNC_VERSION=v0.8.0

# Forbid HNC from modifying system namespaces
kubectl label ns kube-system hnc.x-k8s.io/excluded-namespace=true --overwrite
kubectl label ns kube-public hnc.x-k8s.io/excluded-namespace=true --overwrite
kubectl label ns kube-node-lease hnc.x-k8s.io/excluded-namespace=true --overwrite

# Install HNC. Afterwards, wait up to 30s for HNC to refresh the certificates on its webhooks.
kubectl apply -f https://github.com/kubernetes-sigs/multi-tenancy/releases/download/hnc-${HNC_VERSION}/hnc-manager.yaml 

To install the kubectl plugin on your workstation, either use Krew or install manually:

  • Via Krew: Install Krew if you don't have it already, then run the command kubectl krew install hns. Krew now installs HNC v0.9.0 or later

  • Manually: Switch to any directory in your PATH (e.g. ~/bin) and run the following commands:

    HNC_VERSION=v0.8.0
    HNC_PLATFORM=linux_amd64 # also supported: darwin_amd64
    curl -L https://github.com/kubernetes-sigs/multi-tenancy/releases/download/hnc-${HNC_VERSION}/kubectl-hns_${HNC_PLATFORM} -o ./kubectl-hns
    chmod +x ./kubectl-hns
    
    # Ensure the plugin is working
    kubectl hns
    # The help text should be displayed
    

For more instructions, see the user guide.

Known issues

Changelog

Since HNC v0.7

  • Exceptions were not correctly reapplied if the labels were changed on a namespace (#1448)
  • Updated all dependencies to use v1 CRD and v1 webhooks to support newer version of Kubernetes (#1270, #1371)
  • Exclude HNC from critical system namespaces (#1023)
  • Built-in admin clusterrole now includes permissions to modify all HNC objects, including subnamespace anchors and hierarchy configs (#1341)
  • HNC can now propagate cluster-admin rolebindings in namespaces (#1311)

See full list of changes

Testing signoff

Target Tests By When Result
KIND 1.20 make test-e2e @adrianludwin apr 29 passed (as RC1)
GKE 1.19 (rapid channel) " @adrianludwin apr 30 passed
GKE 1.18 (regular channel) " @adrianludwin apr 29 passed (as RC1)
GKE 1.17 (stable channel) " @adrianludwin apr 29 passed (as RC1)
GKE 1.19 (rapid channel) Upgrade from v0.7.0 @adrianludwin apr 29 subns creation worked before and after; verified admin cluster role includes HNC permissions (as RC1)