kopf

New features:

• Rudimentary authentication from kubeconfig/serviceaccount with no pykube-ng/kubernetes libraries. #771

Bugfixes:

• Restore specific groups for peering selectors to prevent whole-cluster API group scanning. #741
• Fix an issue with Click 8.0.0 for custom type double-conversion. #769

Improvements:

• Better typing for memos in strictly typed operators (no Union is needed). #747 #753
• Better typing for daemon stopping flags in strictly typed operators. #757 #760
• Actionable suggestions on 401 "Unauthenticated" API errors. #770
• Expose Kopf's version in user-agent & in logs. #777

Contributor experience:

• Remove leading zeros from IPv4 in tests (broken CI for Python >= 3.9.5). #750
• Document the layered code architecture (with a picture). #766
• Proper badge URL for README. #749
• Lint the source code with pre-commit. #776 #778

Internal refactoring:

• Rebalance the classes & modules massively — for cohesion and decoupling. #765 #766 #752 #761 #759 #763 #764 #751
• Hide all internal modules & packages from users (via underscore-naming). #765
• Rename internal entities to not mention "resource(s)" explicitly. #756
• Fix the documentation cross-linking. #773
• Correct some code-formatting and linting issues. #775
• Parse E2E flags/configs with AST instead of RegExps. #733
• Use only pure f-strings for logs, avoid %s/%r formatting. #772

New features:

• Rudimentary authentication from kubeconfig/serviceaccount with no pykube-ng/kubernetes libraries. #771

Improvements:

• Actionable suggestions on 401 "Unauthenticated" API errors. #770
• Expose Kopf's version in user-agent & in logs. #777

Contributor experience:

• Lint the source code with pre-commit. #776 #778

Internal refactoring:

• Fix the documentation cross-linking. #773
• Correct some code-formatting and linting issues. #775
• Parse E2E flags/configs with AST instead of RegExps. #733
• Use only pure f-strings for logs, avoid %s/%r formatting. #772

Bugfixes:

• Restore specific groups for peering selectors to prevent whole-cluster API group scanning. #741
• Fix an issue with Click 8.0.0 for custom type double-conversion. #769

Improvements:

• Better typing for memos in strictly typed operators (no Union is needed). #747 #753
• Better typing for daemon stopping flags in strictly typed operators. #757 #760

Internal refactoring:

• Rebalance the classes & modules massively — for cohesion and decoupling. #765 #766 #752 #761 #759 #763 #764 #751
• Hide all internal modules & packages from users (via underscore-naming). #765
• Rename internal entities to not mention "resource(s)" explicitly. #756

Contributor experience:

• Remove leading zeros from IPv4 in tests (broken CI for Python >= 3.9.5). #750
• Document the layered code architecture (with a picture). #766
• Proper badge URL for README. #749

New features:

• Validating/mutating admission webhooks: #708 #724 #721 #736
  • With a built-in server.
  • With self-signed certificates for dev-mode.
  • With tunnelling via external systems (now: ngrok).
  • With auto-detection of the best server/tunnel for the cluster.
  • With automatic management of webhook configurations in the cluster.
  • Documentation: https://kopf.readthedocs.io/en/stable/admission/

Improvements:

• Kopf exports types for type-checking. Thanks to @SergeyTsaplin #704 #720 #722

Bugfix:

• Solved K8s API flooding with endless dummy-patching in certain conditions. Many thanks to @paxbit! #731 #728 #686
• Fix absent namespaces for cluster-scoped resources in hierarchies. #726 #727
• Extra characters are properly encoded in annotations. Thanks to @silveryfu. #713

Contributor experience:

• Drop Kubernetes 1.14 support. #723
• Add Kubernetes 1.21 support. #737
• Examples are now type-checked too (non-strict). #704

Bugfixes:

• Solved K8s API flooding with endless dummy-patching in certain conditions. Many thanks to @paxbit! #731 #728 #686

Bugfix:

• Fix absent namespaces for cluster-scoped resources in hierarchies. #726 #727

Bugfix:

• Fix absent namespaces for cluster-scoped resources in hierarchies. #726

New features:

• Validating/mutating admission webhooks: #708 #724 #721
  • With a built-in server.
  • With self-signed certificates for dev-mode.
  • With tunnelling via external systems (now: ngrok).
  • With auto-detection of the best server/tunnel for the cluster.
  • With automatic management of webhook configurations in the cluster.
  • Documentation: https://kopf.readthedocs.io/en/latest/admission/

Improvements:

• Kopf exports types for type-checking. Thanks to @SergeyTsaplin #704 #720 #722

Contributor experience:

• Drop Kubernetes 1.14 support. #723
• Examples are now type-checked too (non-strict). #704

Documentation only (to rebuild ReadTheDocs):

• Grammar and style fixes in the documentation. #717

Bugfixes:

• Hotfix an "unexpected kwarg" error for indexing when peering is enabled. #712

Contribution workflow:

• The master branch is renamed to main. #711
• Kubernetes 1.13 is disabled (not supported by Minikube, broke the CI). #709
• Kubernetes 1.20 is enabled, others are upgraded on micro-versions. #709

New features:

• In-memory indexing & caching for faster lookup/listing of resources from all handlers. #661
• Global memo with keys available throughout all operator- & resource-level handlers. #667
• Embedded operators accept memo= with arbitrary values to be used as a context. #667
• Custom memo classes for embedded operators instead of the default kopf.Memo. #667

Improvements:

• Better documentation on the hierarchies toolkit, with detailed examples. #671 #672
• 3rd-party (pykube-ng & kubernetes) objects/models are now supported for hierarchies. #672
• Other tiny improvements for the hierarchies toolkit:
  • Relabelling of the target resources with labels of the current owner.
  • forced= flag in all functions, incl. names/namespaces.
  • nested= now accepts a single string too: nested="spec.jobTemplate".
  • adopt() has got forced & strict options (in addition to nested).
  • And others: see #671

Bugfixes:

• Stop daemons & timers while the operator is on peering freeze. #675
• Use 0.0.0.0 for liveness probes in docs. #665 by @brennerm

Contributors experience:

• DCO is now mandatory for all contributions. #660
• Log spill is removed for pytest. #670
• Kopf's compatibility with 3rd-party clients is now tested. #669
• Better error highlighting in tests when happened under throttled code. #696
• Newer mypy. #677

Refactorings:

• Missing kwargs added to protocols (seems, they have no effect). #666
• Code moves and name changes with no behaviour affected. #679 #680 #681 #695

New features:

• In-memory indexing & caching for faster lookup/listing of resources from all handlers. #661
• Global memo with keys available throughout all operator- & resource-level handlers. #667
• Embedded operators accept memo= with arbitrary values to be used as a context. #667
• Custom memo classes for embedded operators instead of the default kopf.Memo. #667

Improvements:

• Better documentation on the hierarchies toolkit, with detailed examples. #671 #672
• 3rd-party (pykube-ng & kubernetes) objects/models are now supported for hierarchies. #672
• Other tiny improvements for the hierarchies toolkit:
  • Relabelling of the target resources with labels of the current owner.
  • forced= flag in all functions, incl. names/namespaces.
  • nested= now accepts a single string too: nested="spec.jobTemplate".
  • adopt() has got forced & strict options (in addition to nested).
  • And others: see #671

Bugfixes:

• Stop daemons & timers while the operator is on peering freeze. #675
• Use 0.0.0.0 for liveness probes in docs. #665 by @brennerm

Contributors experience:

• DCO is now mandatory for all contributions. #660
• Log spill is removed for pytest. #670
• Kopf's compatibility with 3rd-party clients is now tested. #669
• Better error highlighting in tests when happened under throttled code. #696
• Newer mypy. #677

Refactorings:

• Missing kwargs added to protocols (seems, they have no effect). #666
• Code moves and name changes with no behaviour affected. #679 #680 #681 #695

Slightly BREAKING in cases assumed to be extremely rare (see #674 for details):

• When 2+ decorators are used for the same function BUT with different ids explicitly overridden via id=.
• When field filters (field=) are used on resume/create/update/delete handlers AND the resource is in the handling cycle at the moment of the upgrade, these handlers will be re-executed;
  • Upgrades from older Kopf versions (<1.29) are not affected.
  • Other handlers/daemons/timers are not affected.
  • Idle resources are not affected.

Bugfixes:

• Invoke handlers with the same function but different fields separately for every field. #674

New features:

• Handlers parametrization with the param option & param kwarg. #659

Bugfixes:

• resource kwarg is added to replace cause.resource (forgotten by mistake). #658

BREAKING CHANGES! The major version increase (0.x → 1.x) means that there are changes in the public interface with no backwards compatibility. Pay attention when upgrading — most of them have quick replacements.

Most of these legacies are extremely old and it is highly unlikely that they were used in any existing operators. The DeprecationWarnings were issued for all these features (except namespaces). See #511.

Dropped features with replacements:

Dropped features without replacements:

• Public fields & methods of OperatorRegistry — use it only as an object for the registry= kwarg. #625 #611
• All internal sub-registries: Resource[Watching|Spawning|Changing]Registry, ActivityRegistry. #625 #611
• All legacy registries: SimpleRegistry, GlobalRegistry, etc. #625

Deprecated features:

• operator(namespace='…') → operator(namespaces=['…']). #600
• operator(namespace=None) → operator(clusterwide=True). #600
• pykube-ng is not installed implicitly as a dependency (install explicitly or via kopf[full-auth]). #655

New features:

• Namespace serving:
  • Multiple namespaces: e.g. -n default -n myapp. #500
  • Namespace globs: e.g. --namespace myapp-*,!*-pr-*. #500
  • Namespace pre-compiled regexps (only in embedded mode). #500
• Resource serving:
  • Resources specified partially with/without versions: @kopf.on.event('kopf.dev', 'kex'). #500
  • Resources specified by secondary names (short, singular, kind): @kopf.on.event(kind='Pod'). #500
  • Resources specified by minimally sufficient auto-guess names: @kopf.on.event('pods'). #500
  • Handling of whole categories of resources: @kopf.on.event(category='all'). #500
  • Handling of all resources (do not try on real clusters): @kopf.on.event(kopf.EVERYTHING). #500
• Field filters:
  • Fields' presence/absence filters: e.g. @kopf.on.event(…, field='spec.field', value=kopf.PRESENT). #573
  • Fields' value filters: e.g. @kopf.on.event(…, field='spec.field', value='value'); callbacks are supported. #573
  • Fields' diff filters (only for update): @kopf.on.update(…, field='spec.field', old=1, new=2); callbacks are supported. #573
  • Fields' filters are now applicable to all handlers: creation/update/deletion/resuming, daemons, timers, events. #573
• Peering behaviour is now configurable via settings. #572

Improvements of existing features:

• Better identifiers of peers in IPv6 networks: for easier identification. #569
• Better log messages in change-detecting processing: #605
• Faster (near-instant) unfreezing when peers are gone/expire. #581

Documentation improvements:

• More notes on x-kubernetes-preserve-unknown-fields in the docs. #612
• Document optional RBAC permissions needed for runtime cluster observation. #630
• Switch documentation, examples, and peering from kopf.zalando.org/v1 to kopf.dev/v1 (but not annotations and finalizers). #643 #644

Bugfixes:

• Resources with no uids are now supported too. #596
• CLI for freezing/resuming was failing due to missing authentication. #568
• Ignore irrelevant handlers in superseding causes (e.g. deletion-during-creation). #606
• Fixed configuration of the official Kubernetes library, if used for auth piggybacking. #567
• Guaranteed finalisation of watchers & workers. #628
• Give the simulated script-module a name — to make it visible for other libraries (e.g. Pydantic). #634
• Exclude kind: Event from EVERYTHING to avoid "resource explosion". #636
• Evade collisions of annotations of ReplicaSets and Deployments. #652

Contributor experience:

• Switched to GitHub Actions for CI. #582 #586
• Async timeouts used in the tests, some asyncio tests are time-limited. #608
• Tests are now limited by time (5-10 minutes instead of 6 hours). #651
• Coveralls.io uploads are fixed. #651

Internal refactorings:

• The operator's core ("reactor") is fully reworked for dynamic detection of resources and namespaces. #600 #629 #650
• API errors are wrapped into our own classes, to prevent abstraction leakage of an HTTP client. #575
• Stricter typing on resources & namespaces. #623 #624
• Squashed per-resource registries into combined ones. #622
• Re-adjust tests to a newer pytest-mock with asynctest. #645
• Make the tests shorter and cleaner. #639
• Validate the resource scope against requested namespace. #638
• Some other refactorings for code clarity: #577 #576 #578 #597 #598 #609 #610 #626 #627 #637

Internal:

• kubernetes is removed from e2e dependencies. #655
• pykube-ng is removed from implicit dependencies. #655
• both pykube-ng & kubernetes are re-exposed via the kopf[full-auth] extra. #655

Bugfix:

• Evade collisions of annotations of ReplicaSets and Deployments. #652

Bugfixes:

• Filtering callbacks (when=, values, labels, annotations) were called for apriori mismatching resources/selectors. #650

Internal:

• Tests are now limited by time (5-10 minutes instead of 6 hours). #651
• Coveralls.io uploads are fixed. #651

Bugfixes:

• Assume a singular name is a lowercased kind for builtins (API returns empty names). #629
• Give the simulated script-module a name — to make it visible for other libraries (e.g. Pydantic). #634
• Exclude kind: Event from EVERYTHING to avoid "resource explosion". #636

Documentation:

• Document optional RBAC permissions needed for runtime cluster observation. #630
• Switch documentation, examples, and peering from kopf.zalando.org/v1 to kopf.dev/v1 (but not annotations and finalizers). #643 #644

Other internal changes:

• Use Python's defaults instead of our own simulated dicts. #637
• Validate the resource scope against requested namespace. #638
• Make the tests shorter and cleaner. #639
• Re-adjust tests to a newer pytest-mock with asynctest. #645

BREAKING CHANGES! The major version increase (0.x → 1.x) means that there are changes in the public interface with no backwards compatibility. Pay attention when upgrading — most of them have quick replacements.

Most of these legacies are extremely old and it is highly unlikely that they were used in any existing operators. The DeprecationWarnings were issued for all these features (except namespaces). See #511.

Dropped without replacements:

• Public fields & methods of OperatorRegistry — use it only as an object for the registry= kwarg. #625 #611
• All internal sub-registries: Resource[Watching|Spawning|Changing]Registry, ActivityRegistry. #625 #611
• All legacy registries: SimpleRegistry, GlobalRegistry, etc. #625

Deprecated:

• operator(namespace='…') → operator(namespaces=['…']). #600
• operator(namespace=None) → operator(clusterwide=True). #600

New features:

• Namespace serving:
  • Multiple namespaces: e.g. -n default -n myapp. #500
  • Namespace globs: e.g. --namespace myapp-*,!*-pr-*. #500
  • Namespace precompiled regexps (only in embedded mode). #500
• Resource serving:
  • Resources specified partially with/without versions: @kopf.on.event('kopf.dev', 'kex'). #500
  • Resources specified by secondary names (short, singular, kind): @kopf.on.event(kind='Pod'). #500
  • Resources specified by minimally sufficient auto-guess names: @kopf.on.event('pods'). #500
  • Handling of whole categories of resources: @kopf.on.event(category='all'). #500
  • Handling of all resources (do not try on real clusters): @kopf.on.event(kopf.EVERYTHING). #500
• Field filters:
  • Fields' presence/absence filters: e.g. @kopf.on.event(…, field='spec.field', value=kopf.PRESENT). #573
  • Fields' value filters: e.g. @kopf.on.event(…, field='spec.field', value='value'); callbacks are supported. #573
  • Fields' diff filters (only for update): @kopf.on.update(…, field='spec.field', old=1, new=2); callbacks are supported. #573
  • Fields' filters are now applicable to all handlers: creation/update/deletion/resuming, daemons, timers, events. #573
• Peering behaviour is now configurable via settings. #572

Improvements:

• The operator's core ("reactor") is full reworked for dynamic detection of resources and namespaces. #600
• Better identifiers of peers in IPv6 networks: for easier identification. #569
• Better log messages in change-detecting processing: #605
• Faster (near-instant) unfreezing when peers are gone/expire. #581
• More notes on x-kubernetes-preserve-unknown-fields in the docs. #612

Bugfixes:

• Resources with no uids are now supported too. #596
• CLI for freezing/resuming was failing due to missing authentication. #568
• Ignore irrelevant handlers in superseding causes (e.g. deletion-during-creation). #606
• Fixed configuration of the official Kubernetes library, if used for auth piggybacking. #567
• Guaranteed finalisation of watchers & workers. #628

Contributor experience:

• Switched to GitHub Actions for CI. #582 #586
• API errors are wrapped into our own classes, to prevent abstraction leakage of an HTTP client. #575
• Async timeouts used in the tests, some asyncio tests are time-limited. #608
• Stricter typing on resources & namespaces. #623 #624
• Squashed per-resource registries into combined ones. #622
• Some other refactorings for code clarity: #577 #576 #578 #597 #598 #609 #610 #626 #627