Enhancements
- Officially support Kubernetes 1.15 (#546)
- Make sure that we only declare a Service of type LoadBalancer as deployed after its IP address is published. #547
- Add more validations to
RunnerTask
. #554
Bug Fixes
- Fix a bug in rendering where we failed to add a yaml doc separator (
---
) to an implicit document if there are multiple documents in the file. (#551)
Other
- Kubernetes 1.10 is no longer officially supported as of this version (#546)
- We've added a new Krane cli. This code is in alpha. We are providing no warranty at this time and reserve the right to make major breaking changes including removing it entirely at any time. (#256)
- Deprecate
kubernetes-deploy.shopify.io
annotations in favour ofkrane.shopify.io
.
Enhancements
- (alpha) Introduce a new
-f
flag forkubernetes-deploy
. Allows passing in of multiple directories and/or filenames. Currently only usable bykubernetes-deploy
, notkubernetes-render
. #514 - Initial implementation of shared task validation objects. #533
- Restructure
require
s so that requiring a given task actually gives you the dependencies you need, and doesn't give what you don't need. #487 - [Breaking change] Added ServiceAccount, PodTemplate, ReplicaSet, Role, and RoleBinding to the prune whitelist.
- To see what resources may be affected, run
kubectl get $RESOURCE -o jsonpath='{ range .items[*] }{.metadata.namespace}{ "\t" }{.metadata.name}{ "\t" }{.metadata.annotations}{ "\n" }{ end }' --all-namespaces | grep "last-applied"
- To exclude a resource from kubernetes-deploy (and kubectl apply) management, remove the last-applied annotation
kubectl annotate $RESOURCE $SECRET_NAME kubectl.kubernetes.io/last-applied-configuration-
.
- To see what resources may be affected, run
Bug Fixes
- StatefulSets with 0 replicas explicitly specified don't fail deploy. #540
- Search all workloads if a Pod selector doesn't match any workloads when deploying a Service. #541
Other
EjsonSecretProvisioner#new
signature has changed.EjsonSecretProvisioner
objects no longer have access tokubectl
. Rather, theejson-keys
secret used for decryption is now passed in via the calling task. Note that we only consider thenew
andrun(!)
methods of tasks (render, deploy, etc) to have inviolable APIs, so we do not consider this change breaking. #514
Other
- Bump
googleauth
dependency. (#512)
Bug Fixes
- Re-enable support for YAML aliases when using YAML.safe_load #510
Bug Fixes
- Support 'volumeBindingMode: WaitForFirstConsumer' condition in StorageClass. #479
- Fix: Undefined method "merge" on LabelSelector. #488
Enhancements
- Officially support Kubernetes 1.14. #461
- Allow customising which custom resources are deployed in the pre-deploy phase. #505
Other
- Removes special treatment of GCP authentication by upgrading to
kubeclient
4.3. #465
Bug fixes
- Adds several additional safeguards against the content of Secret resources being logged. #474
Enhancements
- Improves scalability by removing a check that caused recoverable registry problems to fail deploys. #477
Other
- Relaxes our dependency on the OJ gem. #471
Bug fixes
- Fixes a bug introduced in 0.26.0 where listing multiple files in the $KUBECONFIG environment variable would throw an error (#468)
- Fixes a bug introduced in 0.26.2 where kubernetes-render started adding YAML headers to empty render results (#467)
Enhancements
- kubernetes-render outputs results of rendering yml.erb files without passing them through a yaml parser. (#454)
Bug fixes
- Remove use of deprecated feature preventing use with Kubernetes 1.14 (#460)
Bug fixes
- Fixes a bug where
config/deploy/$ENVIRONMENT
would be used unconditionally if theENVIRONMENT
environment variable is set, ignoring any--template-dir
argument passed.
Enhancements
- Add support for NetworkPolicies (#422)
- Setting the REVISION environment variable is now optional (#429)
- Defaults KUBECONFIG to
~/.kube/config
(#429) - Uses
TASK_ID
environment variable as thedeployment_id
when rendering resource templates for better Shipit integration. (#430) - Arguments to
--bindings
will now be deep merged. (#419) kubernetes-deploy
andkubernetes-render
now support reading templates from STDIN. (#415)- Support for specifying a
--selector
, a label with which all deployed resources are expected to have, and by which prunable resources will be filtered. This permits sharing a namespace with resources managed by third-parties, including other kubernetes-deploy deployments. (#439) - Lists of resources printed during deployments will now be sorted alphabetically. (#441)
- Bare / unmanaged pods run as pre-deployment tasks will now stream logs if there is only one of them. (#436)
Features
- [Breaking change] Support for deploying Secrets from templates (#424). Non-ejson secrets are now fully supported and therefore subject to pruning like any other resource. As a result:
- If you previously manually
kubectl apply
'd secrets that are not passed to kubernetes-deploy, your first deploy using this version is going to delete them. - If you previously passed secrets manifests to kubernetes-deploy and they are no longer in the set you pass to the first deploy using this version, it will delete them.
- To identify potentially affected secrets in your cluster, run:
kubectl get secrets -o jsonpath='{ range .items[*] }{.metadata.namespace}{ "\t" }{.metadata.name}{ "\t" }{.metadata.annotations}{ "\n" }{ end }' --context=$YOUR_CONTEXT_HERE --all-namespaces | grep -v "kubernetes-deploy.shopify.io/ejson-secret" | grep "last-applied" | cut -f 1,2
. To exclude a secret from kubernetes-deploy (and kubectl apply) management, remove the last-applied annotationkubectl annotate secret $SECRET_NAME kubectl.kubernetes.io/last-applied-configuration-
. - The secret
ejson-keys
will never be pruned by kubernetes-deploy. Instead, it will fail the deploy at the validation stage (unless--no-prune
is set). (#447)
- If you previously manually
This version contains an error for handling the --template-dir
argument. If the ENVIRONMENT
environment variable is set, the template directory will be forcefully set to config/deploy/$ENVIRONMENT
. This has been fixed in version 0.26.1
Features
- Support timeout overrides on deployments (#414)
Bug fixes
- Attempting to deploy from a directory that only contains
secrets.ejson
will no longer fail deploy (#416) - Remove the risk of sending decrypted EJSON secrets to output(#431)
Other
- Update kubeclient gem to 4.2.2. Note this replaces the
KubeclientBuilder::GoogleFriendlyConfig
class withKubeclientBuilder::KubeConfig
(#418). This resolves #396 and should allow us to support more authentication methods (e.g.exec
for EKS). - Invalid context when using
kubernetes-run
gives more descriptive error(#423) - When resources are not found, instead of being
Unknown
, they are now labelled asNot Found
(#427)
Features
- Add support for specifying pass/fail conditions of Custom Resources (#376).
- Add support for custom timeouts for Custom Resources(#376)
Enhancements
- Officially support Kubernetes 1.13 (#409)
Bug fixes
- Fixed bug that caused
NameError: wrong constant name
if custom resources had kind with a lowercase first letter. (#413)
Other
- Kubernetes 1.9 is no longer officially supported as of this version
Features
- New command:
kubernetes-render
is a tool for rendering ERB templates to raw Kubernetes YAML. It's useful for seeing whatkubernetes-deploy
does before actually invokingkubectl
on the rendered YAML. It's also useful for outputting YAML that can be passed to other tools, for validation or introspection purposes. (#375) - [Breaking change] This release completes the conversion of
kubernetes-deploy
StatsD metrics todistribution
s, which was done forkubernetes-restart
andkubernetes-run
in v0.22.0. - Several new distribution metrics are available to give insight into the timing of each step of the deploy process:
KubernetesDeploy.validate_configuration.duration
,KubernetesDeploy.discover_resources.duration
,KubernetesDeploy.validate_resources.duration
,KubernetesDeploy.initial_status.duration
,KubernetesDeploy.create_ejson_secrets.duration
,KubernetesDeploy.apply_all.duration
,KubernetesDeploy.sync.duration
- [Breaking change]
KubernetesDeploy.resource.duration
no longer includessha
orresource
tags. (#392)
Enhancements
- Roles are now predeployed before RoleBindings (#380)
- Several performance enhancements for deploys to namespaces with hundreds of resources.
- KubernetesDeploy no longer modifies the global StatsD configuration when used as a gem (#384)
Bug fixes
- Handle out-of-order arrival of entries from different streams when processing logs (#401)
Features
- [Breaking change]
kubernetes-restart
now produces StatsDdistribution
instead ofmetric
. Dashboards that used these metrics will need to be updated. (#374) kubernetes-run
now produces StatsDdistribution
to aid in tracking usage (#374)
Enhancements
- Predeploy RoleBinding before unmanaged pods (#354)
Bug Fixes
- Fixed bug in
kubernetes-restart
that caused "Pod spec does not contain a template container called 'task-runner'" error message to not be printed (#371)
Other
- Kubernetes 1.8 is no longer officially supported as of this version
Enhancements
- Improved failure detection for job resources. (#355)
- Unmanaged pods are now immediately identified as failed if they are evicted, preempted or deleted out of band. This is especially important to
kubernetes-run
. (#353)
Other
- Relaxed our
googleauth
dependency. (#333)
Features
- [Breaking change]
kubernetes-run
now streams container logs and waits for the pod to succeed or fail by default. You can disable this using--skip-wait
, or you can use--max-watch-seconds=seconds
to set a time limit on the watch. (#337)
Other
- Kubernetes 1.7 is no longer officially supported as of this version
Enhancements
- All resources marked as prunable will now be added to the prune whitelist (#326)
- Improve deploy status detection by ensuring we examine the correct generation (#325)
Enhancements
- Add Job resource class (#295)
- Add CustomResourceDefinition resource class (#306)
- Officially support Kubernetes 1.10 (#308)
- SyncMediator will only batch fetch resources when there is a sufficiently large enough set of resources being tracked (#316)
- Allow CRs to be pruned based on
kubernetes-deploy.shopify.io/prunable
annotation on the custom resource definitions (312) - Add HorizontalPodAutoscaler resource class (#305)
Bug Fixes
- Prevent crash when STATSD_IMPLEMENTATION isn't set. (#3242)
Enhancements
- Don't consider pod preempting a failure (#317)
Enhancements
- Evictions are recoverable so prevent them from triggering fast failure detection (#293).
- Use YAML.safe_load over YAML.load_file (#295).
Bug Fixes
- Default rollout strategy is compatible required-rollout annotation (#289).
Enhancements
- Emit data dog events when deploys succeed, time out or fail (#292).
Bug Fixes
- Display a nice error instead of crashing when a YAML document is missing 'Kind' (#280)
- Prevent DaemonSet from succeeding before rollout finishes (#288)
Enhancements
- Merge multiple
--bindings
arguments, to allow a composite bindings map (multiple arguments or files)
Features
- Automatically add all Kubernetes namespace labels to StatsD tags (#278)
Bug Fixes
- Prevent calling sleep with a negative value (#273)
- Prevent no-op redeploys of bad code from hanging forever (#262)
Enhancements
- Improve output for rendering errors (#253)
Features
- Added
--max-watch-seconds=seconds
to kubernetes-restart and kubernetes-deploy. When set a timeout error is raised if it takes longer than seconds for any resource to deploy. - Adds YAML and JSON file reference support to the kubernetes-deploy
--bindings
argument (#269)
Enhancements
- Prune resource quotas (#264)
Bug Fixes
- Update gemspec to reflect need for ActiveSupport >= 5.0(#270)
Enhancements
- Change the way the resource watcher fetches resources to make it more efficient for large deploys. Deploys with hundreds of resources are expected to see a measurable performance improvement from this change. (#251)
Features
- kubernetes-restart and kubernetes-deploy use exit code 70 when a deploy fails due to one or more resources failing to deploy in time. (#244)
Bug Fixes
- Handle deploying thousands of resources at a time, previously kubernetes-deploy would fail with
Argument list too long - kubectl (Errno::E2BIG)
. (#257)
Enhancements
- Add the
--cascade
flag when we force replace a resource. (#250)
Important: This release changes the officially supported Kubernetes versions to v1.7 through v1.9. Other versions may continue to work, but we are no longer running our test suite against them.
Features
- Support partials to reduce duplication in yaml files (#207)
Bug Fixes
- Handle podless deamon sets properly (#242)
Enhancements
- Print warnings if kubernetes server version is not supported (#237).
- Possible via env var to disable fetching logs and/or events on deployment failure (#239).
- The
kubernetes-deploy.shopify.io/required-rollout
annotation now takes a percent (e.g. 90%) (#240).
Enhancements
- Fetch debug events and logs for failed resources in parallel (#238)
Bug Fixes
- None
Enhancements
- Support for cronjob resource (#206).
- Make it possible to override the tool's hard timeout for one specific resource via the
kubernetes-deploy.shopify.io/timeout-override
annotation (#232). - Make it possible to modify how many replicas need to be updated and available before a deployment is considered
successful via the
kubernetes-deploy.shopify.io/required-rollout
annotation (#208).
Bug Fixes
- Make deployments whose pods crash because of CreateContainerConfigError fail fast in 1.8+ too (they would previously time out).
- Fix crashes when deploying ExternalName services or services without selectors (#211)
- Predeploy ServiceAccount resources (#221)
Enhancements
- Make it possible to pass bindings (via the --bindings flag) for which the value contains commas or is a JSON encoded hash (#219)
- Support KUBECONFIG referencing multiple files (#222)
Bug Fixes
- Fix incorrect timeouts occasionally observed on deployments using progressDeadlineSeconds in Kubernetes <1.7.7
Enhancements
- Renamed
KubernetesDeploy::Runner
(which powersexe/kubernetes-deploy
) toKubernetesDeploy::DeployTask
. This increases consistency between our primary class names and avoids confusion withKubernetesDeploy::RunnerTask
(which powersexe/kubernetes-run
). - Improved output related to timeouts. For deployments, both failure and timeout output now mentions the referenced replica set.
- Small improvements to the reliability of the success polling.
- EjsonSecretProvisioner no longer logs kubectl command output (which may contain secret data) when debug-level logging is enabled.
Features
- Added support for StatefulSets for kubernetes 1.7+ using RollingUpdate
Bug Fixes
- Explicitly require the minimum rest-client version required by kubeclient (#202)
Enhancements
Bug Fixes
- Fix an issue deploying Shopify's internal custom resources.
Bug Fixes
- Stop appending newlines to the base64-encoded values of secrets created from ejson. These extra newlines were preventing the ejson->k8s secret feature from working with v1.8 (Shopify#196).
Enhancement
- Log reason if deploy times out due to
progressDeadlineSeconds
being exceeded
Bug Fixes
- Retry discovering namespace and kubernetes context
- Expose real error during namespace discovery
Bug Fixes
- Force deployment to use its own hard timeout instead of relying on the replica set