Change log since v1.7.1
- Support specified-delete in AdvancedStatefulSet and handle specified deleted pod under maxUnavailable constrain. (#1734, @ABNER-1)
Change log since v1.6.3
- Support specified-delete in AdvancedStatefulSet and handle specified deleted pod under maxUnavailable constrain. (#1734, @ABNER-1)
Chang log since v1.5.4
- Support specified-delete in AdvancedStatefulSet and handle specified deleted pod under maxUnavailable constrain. (#1734, @ABNER-1)
- Advanced StatefulSet maxUnavailable now counts unavailable pods with smaller ordinal in the update order during rolling upgrade. (#1480, @Yesphet)
Change log since v1.7.0
- When update crd webhook caBundle, if caBundle does not change, do not update crd again. (#1717, @zmberg)
- Remove normal init container in pod's sidecarSet in-place update annotation. (#1719, @zmberg)
Change log since v1.6.3
- When CloneSet volumeClaimTemplates changed, always recreate pods and related volumes. (#1561, @ABNER-1)
- Bump K8s dependency to 1.28, and OpenKruise still works with Kubernetes Version >= 1.18. (#1598, @ABNER-1)
- SidecarSet support k8s 1.28 Sidecar Containers(initContainers[x].restartPolicy=Always), and significantly improves the lifecycle management of Sidecar containers, refer to the community documentation for details. (#1613, @zmberg)
- ImagePullJob support for credential provider plugin, e.g. aws. (#1383, @Kuromesi)
- Advanced StatefulSet support start ordinal. (#1643, @ABNER-1)
- Support webhook CA injection using external certification management tool, e.g. cert-manager. (#1665, @Kuromesi)
- Kruise-daemon support cri-docker.sock for kubernetes clusters that use docker runtime. (#1631, @BraceCY)
- Advanced StatefulSet add pod index label
statefulset.kubernetes.io/pod-index
. (#1667, @cr7258) - Add Structured logging support. (#1565, @MajLuu); (#1629, @jairuigou); (#1669, @AiRanthem)
- Optimizing Pod SidecarSet webhook and controller performance when lots of namespace scoped sidecarSet exists (#1547, @ls-2018)
- Pod readiness controller use Patch instead of Update, thus reducing updating conflict when creating a large number of Pods. (#1560, @BruceAko)
- Multi-domain Management
- Application Protection
- Sidecar Container
- Advanced Workload
- Optimized Advanced StatefulSet code structure based on upstream community code(k8s 1.28). (#1648, @ABNER-1)
- Reduce github workflow action permission. (#1523, @furykerry)
- Bug fix for Makefile envtest failed. (#1548, @BH4AWS)
- Fix UT TestRevisionManage. (#1555, @furykerry)
- Upgrade opencontainers/runc (1.1.12) and controller-gen (0.14.0). (#1562, @ppbits)
- Remove vendor directory. (#1554, @liangyuanpeng)
- Add dependabot config for auto-update github-actions. (#1570, @liangyuanpeng)
- Add permission of security-events write for ghaction golangci-lint. (#1582, @liangyuanpeng)
- Fix vendor error while running command make docker-multiarch. (#1601, @MichaelRren)
- Change e2e centos image from 6.7 to 7, then e2e can work on arm node. (#1623, @Colvin-Y)
- Fix slice declarations that are not initialized with zero length. (#1628, @alingse)
- Fix UT TestMatchRegistryAuths failed. (#1583, @ABNER-1)
- Changes the scorecard badge link from old format to the Standard human-readable OpenSSF Scorecard Report. (#1657, @harshitasao)
Change log since v1.6.2
Change log since v1.6.1
- Fix new version of Pods released by cloneSet that doesn't match spec.updateStrategy.partition. (#1549, @qswksp)
Chang log since v1.5.3
- Fix new version of Pods released by cloneSet that doesn't match spec.updateStrategy.partition. (#1549, @qswksp)
Change log since v1.4.1
- Fix new version of Pods released by cloneSet that doesn't match spec.updateStrategy.partition. (#1549, @qswksp)
Change log since v1.6.0
- FeatureGate PodWebhook=false will not disable ResourcesDeletionProtection. (#1526, @zmberg)
- Update go.mod require k8s version from 1.29 to 1.26, and remove go mod replace. (#1527, KaiShi)
- Fix when StatefulSet reserveOrdinals exist and whenScaled=Delete, scale down pvc failed. (#1531, @zmberg)
Chang log since v1.5.2
- Fix when StatefulSet reserveOrdinals exist and whenScaled=Delete, scale down pvc failed. (#1531, @zmberg)
Change log since v1.5.2
No, really, you must read this before you upgrade
- OpenKruise no longer supports Kubernetes versions 1.16, 1.17. However it's still possible to use OpenKruise with Kubernetes versions 1.16 and 1.17 as long as KruiseDaemon is not enabled(install/upgrade kruise charts with featureGates="KruiseDaemon=false")
- Kruise-Daemon will no longer support v1alpha2 CRI runtimes. However it's still possible to use OpenKruise on Kubernetes with nodes that only support v1alpha2 CRI as long as KruiseDaemon is not enabled(install/upgrade kruise charts with featureGates="KruiseDaemon=false")
- OpenKruise leader election default to use leases mode. (#1407, dsxing) For users with OpenKruise version 1.3.0 or lower, please first upgrade your OpenKruise to version 1.4 or 1.5 before upgrading to 1.6.0, so as to avoid unexpected multiple leader problem during the installation.
- Bump Kubernetes dependency to 1.26.10. (#1511, KaiShi)
- To avoid potential circular dependency problem, features rely on webhook will no longer work for resources under kube-system, e.g. SidecarSet, WorkloadSpread, PodUnavailableBudget, ContainerLaunchPriority and PersistentPodState. (#92, @hantmac)
- Fix WorkloadSpread incorrect subset allocation after workload rolling updating. (#1197, veophi)
- ImagePullJob support force image pulling for images with the name as previous one. (#1384, ls-2018)
- Job Sidecar Terminator reports correct pod phase for sidecar containers with non-zero exit code. (#1303, @diannaowa)
- Support the deletion protection of service and ingress resources. (#1269, @kevin1689-cloud)
- Optimize PodProbeMarker performance. (#1430, ls-2018)
- Optimize container launch priority performance. (#1490, FillZpp)
-
Enhanced Operation
- PodProbeMarker: Container probe support Tcp probing. (#1474, KaiShi)
- PodProbeMarker: Sync podCondition when probe message of probeStates changed. (#1479, chrisliu1995)
- PersistentPodState: Fix the problem that PersistentPodState can't get spec.replicas from unstructured object. (#1462, 0xgj)
- Fix PodProbeMarker feature gate dependency . (#1429, ls-2018)
-
Advanced Workload
-
Sidecar Container
- Fix pod annotations injection abnormal for SidecarSet. (#1453, @a932846905)
-
Application Protection
-
Others
- Replace 'github.com/pkg/errors' with the standard Go library 'errors'. (#1518, dongjiang1989)
- Upgrade minimum docker api version from 1.23 to 1.24. (#1510, hantmac)
- Add UT in controller_revision_test file. (#1457, xiangpingjiang)
- BroadcastJob controller define some parameters as Constant. (#1414, lilongfeng0902)
- Kruise-daemon enable pprof. (#1416, dsxing)
- Remove deprecated 'io/ioutil' pkg. (#1404, testwill)
- Fix unnecessary use of fmt.Sprintf. (#1403, testwill)
Chang log since v1.5.1
We start kruise-manger with a non-root user to further enhance the security of kruise-manager. (#1491, @zmberg)
Chang log since v1.5.0
In version 1.5.1, the focus was on enhancing UnitedDeployment and addressing various bug fixes:
-
Add the ability to plan the lower and upper bound of capacity to the subsets in UnitedDeployment (#1428, @veophi)
-
Fix unexpected job recreation by adding controller-revision-hash label for ImageListPullJob. (#1441, @veophi)
-
Add prometheus metrics for pub and deletion protection to enhance observability for pub & deletion protection (#1398, @zmberg)
-
Add enable pprof flag for kruise daemon, now you can disable the pprof of kruise daemon (#1416, @chengjoey)
-
Fix SidecarSet upgrade exception for UpdateExpectations to solve the problem of updating the image of the sidecar container (#1435, @zmberg])
-
add audit log for pub and deletion protection to enhance observability for pub & deletion protection (#1438, @zmberg])
Change log since v1.4.0
No, really, you must read this before you upgrade
- Disable following feature-gates by default: PreDownloadImageForInPlaceUpdate(#1244, @zmberg), ImagePullJobGate(#1357, @zmberg), DeletionProtectionForCRDCascadingGate(#1365, @zmberg), and ResourceDistributionGate(#1360, @zmberg)
- Bump Kubernetes dependency to 1.24.16, Golang version to 1.19(#1354, Kuromesi)
- WorkloadSpread:
- UnitedDeployment:
- ImageListPullJob:
- Many users have the need for batch pre-download images, and the current approach, i.e., ImagePullJob, has a relatively high threshold for use, We added a new CRD ImageListPullJob to batch pre-download images. You just write a range of images in one ImageListPullJob CR, its controller will generate corresponding ImagePullJob CR for each image automatically. (1222, @diannaowa)
- ImagePullJob:
- SidecarSet:
- Add condition and event for not upgradable pods when updating. (#1309, MarkLux)
- Take effect of shareVolumePolicy on initContainers. (#1229, y-ykcir)
- Allow sidecar containers to mount serviceAccountToken type volume. (#1238, y-ykcir)
- SidecarSet updateStrategy support priorityStrategy. (#1325, y-ykcir)
- BroadcastJob:
- Make OnFailure as default restartPolicy. (#1149, Shubhamurkade)
- Fix BroadcastJob doesn't make pod on node that has erased taint. (#1204, weldonlwz)
- CloneSet & StatefulSet:
- Regard the pod at preparing update state as update revision when scaling. (#1290, veophi)
- Add
updatedAvailableReplicas
field in status. (#1317, nitishchauhan0022)
- Connecting to Pouch runtime via CRI interface. (#1232, @zmberg)
- Compatible with v1 and v1alpha2 CRI API version. (#1354, veophi)
- Reject Namespace deletion when PVCs are included under NS. (#1228, kevin1689-cloud)
And some bugs were fixed by (#1238, y-ykcir), (#1335, ls-2018), (#1301, wangwu50), (#1395, ywdxz), (#1304, kevin1689-cloud), (#1348, #1343, Colvin-Y), thanks!
Change log since v1.4.0
Change log since v1.3.0
No, really, you must read this before you upgrade
- Enable following feature-gates by default: ResourcesDeletionProtection, WorkloadSpread, PodUnavailableBudgetDeleteGate, InPlaceUpdateEnvFromMetadata, StatefulSetAutoDeletePVC, PodProbeMarkerGate. (#1214, @zmberg)
- Change Kruise leader election from configmap to configmapsleases, this is a smooth upgrade with no disruption to OpenKruise service. (#1184, @YTGhost)
In the Kubernetes world, it is challenging to use long-running sidecar containers for short-term job because there is no straightforward way to terminate the sidecar containers when the main container exits. For instance, when the main container in a Pod finishes its task and exits, it is expected that accompanying sidecars, such as a log collection sidecar, will also exit actively, so the Job Controller can accurately determine the completion status of the Pod. However most sidecar containers lack the ability to discovery the exit of main container.
For this scenario OpenKruise provides the JobSidecarTerminator capability, which can terminate sidecar containers once the main containers exit.
For more detail, please refer to its proposal.
- Optimized CloneSet Event handler to reduce unnecessary reconciliation. The feature is off by default and controlled by CloneSetEventHandlerOptimization feature-gate. (#1219, @veophi)
- Avoid pod hang in PreparingUpdate state when rollback before update hook. (#1157, @shiyan2016)
- Fix cloneSet update blocking when spec.scaleStrategy.maxUnavailable is not empty. (#1136, @ivanszl)
- Add 'disablePVCReuse' field to enable recreation of PVCs when rebuilding pods, which can avoid Pod creation failure due to Node exceptions. (#1113, @willise)
- CloneSet 'partition' field support float percent to improve precision. (#1124, @shiyan2016)
- Add PreNormal Lifecycle Hook for CloneSet. (#1071, @veophi)
- Allow to mutate PVCTemplate of Advanced StatefulSet & CloneSet. Note, Only works for new Pods, not for existing Pods. (#1118, @veophi)
- Make ephemeralJob compatible with k8s version 1.20 & 1.21. (#1127, @veophi)
- UnitedDeployment support advanced StatefulSet 'persistentVolumeClaimRetentionPolicy' field. (#1110, @yuexian1234)
- Add 'forceRecreate' field to ensure the immediate recreation of the container even if the container is starting at that point. (#1182, @BH4AWS)
- Support attach metadata in PullImage CRI interface during ImagePullJob. (#1190, @diannaowa)
- Simplify some code, mainly comparison and variable declaration. (#1209, @hezhizhen)
- Update k8s registry references from k8s.gcr.io to registry.k8s.io. (#1208, @asa3311)
- Fix config/samples/apps_v1alpha1_uniteddeployment.yaml invalid image. (#1198, @chengleqi)
- Change kruise base image to alpine. (#1166, @fengshunli)
- PersistentPodState support custom workload (like statefulSet). (#1063, @baxiaoshi)
Change log since v1.3.0
Change log since v1.2.0
Kubernetes provides three Pod lifecycle management:
- Readiness Probe Used to determine whether the business container is ready to respond to user requests. If the probe fails, the Pod will be removed from Service Endpoints.
- Liveness Probe Used to determine the health status of the container. If the probe fails, the kubelet will restart the container.
- Startup Probe Used to know when a container application has started. If such a probe is configured, it disables liveness and readiness checks until it succeeds.
So the Probe capabilities provided in Kubernetes have defined specific semantics and related behaviors. In addition, there is actually a need to customize Probe semantics and related behaviors, such as:
- GameServer defines Idle Probe to determine whether the Pod currently has a game match, if not, from the perspective of cost optimization, the Pod can be scaled down.
- K8S Operator defines the main-secondary probe to determine the role of the current Pod (main or secondary). When upgrading, the secondary can be upgraded first, so as to achieve the behavior of selecting the main only once during the upgrade process, reducing the service interruption time during the upgrade process.
So we provides the ability to customize the Probe and return the result to the Pod yaml.
For more detail, please refer to its documentation and proposal.
- SidecarSet support to inject pods under kube-system,kube-public namespace. (#1084, @zmberg)
- SidecarSet support to inject specific history sidecar container to Pods. (#1021, @veophi)
- SidecarSet support to inject pod annotations.(#992, @zmberg)
- CloneSet supports to calculate scale number excluding Pods in PreparingDelete. (#1024, @FillZpp)
- Optimize CloneSet queuing when cache has just synced. (#1026, @FillZpp)
- Allow optional filed max unavilable in ads, and set default value 1. (#1007, @ABNER-1)
- Fix DaemonSet surging with minReadySeconds. (#1014, @FillZpp)
- Optimize Advanced DaemonSet internal new pod for imitating scheduling. (#1011, @FillZpp)
- Advanced DaemonSet support pre-download image. (#1057, @ABNER-1)
- Optimize performance of LabelSelector conversion. (#1068, @FillZpp)
- Reduce kruise-manager memory allocation. (#1015, @FillZpp)
- Pod state from updating to Normal should all hooked. (#1022, @shiyan2016)
- Fix go get in Makefile with go 1.18. (#1036, @astraw99)
- Fix EphemeralJob spec.replicas nil panic bug. (#1016, @hellolijj)
- Fix UnitedDeployment reconcile don't return err bug. (#991, @huiwq1990)
Change log since v1.1.0
With the development of cloud native, more and more companies start to deploy stateful services (e.g., Etcd, MQ) using Kubernetes. K8S StatefulSet is a workload for managing stateful services, and it considers the deployment characteristics of stateful services in many aspects. However, StatefulSet persistent only limited pod state, such as Pod Name is ordered and unchanging, PVC persistence, and can not cover other states, e.g. Pod IP retention, priority scheduling to previously deployed Nodes.
So we provide PersistentPodState
CRD to persistent other states of the Pod, such as "IP Retention".
For more detail, please refer to its documentation and proposal.
- Ensure at least one pod is upgraded if CloneSet has
partition < 100%
(Behavior Change). (#954, @veophi) - Add
expectedUpdatedReplicas
field into CloneSet status. (#954 & #963, @veophi) - Add
markPodNotReady
field into lifecycle hook to support marking Pod as NotReady during preparingDelete or preparingUpdate. (#979, @veophi)
- Add
markPodNotReady
field into lifecycle hook to support marking Pod as NotReady during preparingDelete or preparingUpdate. (#979, @veophi)
- Support to protect any custom workloads with scale subresource. (#982, @zmberg)
- Optimize performance in large-scale clusters by avoiding DeepCopy list. (#955, @zmberg)
- Remove some commented code and simplify some. (#983, @hezhizhen)
- Sidecarset forbid updating of sidecar container name. (#937, @adairxie)
- Optimize the logic of listNamespacesForDistributor func. (#952, @hantmac)
Change log since v1.0.1
- Bump Kubernetes dependencies to 1.22 and controller-runtime to v0.10.2. (#915, @FillZpp)
- Disable DeepCopy for some specific cache list. (#916, @FillZpp)
- Support in-place update containers with launch priority, for workloads that supported in-place update, e.g., CloneSet, Advanced StatefulSet. (#909, @FillZpp)
- Add
pod-template-hash
label into Pods, which will always be the short hash. (#931, @FillZpp) - Support pre-download image after a number of updated pods has been ready. (#904, @shiyan2016)
- Make maxUnavailable also limited to pods in new revision. (#899, @FillZpp)
- Refactor daemonset controller and fetch upstream codebase. (#883, @FillZpp)
- Support preDelete lifecycle for both scale down and recreate update. (#923, @FillZpp)
- Fix node event handler that should compare update selector matching changed. (#920, @LastNight1997)
- Optimize
dedupCurHistories
func in ReconcileDaemonSet. (#912, @LastNight1997)
- Support shared volumes in init containers. (#929, @outgnaY)
- Support transferEnv in init containers. (#897, @pigletfly)
- Optimize the injection for pod webhook that checks container exists. (#927, @zmberg)
- Fix validateSidecarConflict to avoid a same sidecar container exists in multiple sidecarsets. (#884, @pigletfly)
- Support CRI-O and any other common CRI types. (#930, @diannaowa) & (#936, @FillZpp)
Change log since v1.0.0
- Fix panic when SidecarSet manages Pods with sidecar containers that have different update type. (#850, @veophi)
- Fix log error when extract container from fieldpath failed. (#860, @pigletfly)
- Optimization logic of determining whether the pod state is consistent logic. (#854, @dafu-wu)
- Replace reflect with generation in event handler. (#885, @zouyee)
- Store history revisions for sidecarset. (#715, @veophi)
- Allow updating asts RevisionHistoryLimit. (#864, @shiyan2016)
- StatefulSet considers non-available pods when deleting pods. (#880, @hzyfox)
- Break the loop when it finds the current revision. (#887, @shiyan2016)
- Remove duplicate register fieldindexes in cloneset controller. (#888 & #889, @shiyan2016)
- CloneSet refresh pod states before skipping update when paused (Behavior Change). (#893, @FillZpp)
Change log since v0.10.1
- Add SourceContainerNameFrom and EnvNames in sidecarset transferenv.
- Fix update expectation to be increased when a pod updated.
- Fix bug: read conditions from nil old subset status.
- Do not set timeout for webhook ready.
Change log since v0.10.1
- Bump CustomResourceDefinition(CRD) from v1beta1 to v1
- Bump ValidatingWebhookConfiguration/MutatingWebhookConfiguration from v1beta1 to v1
- Bump dependencies: k8s v1.18 -> v1.20, controller-runtime v0.6.5 -> v0.8.3
- Generate CRDs with original controller-tools and markers
So that Kruise can install into Kubernetes 1.22 and no longer support Kubernetes < 1.16.
When update spec.template.metadata.labels/annotations
in CloneSet or Advanced StatefulSet and there exists container env from the changed labels/annotations,
Kruise will in-place update them to renew the env value in containers.
Container Launch Priority provides a way to help users control the sequence of containers start in a Pod.
It works for Pod, no matter what kind of owner it belongs to, which means Deployment, CloneSet or any other Workloads are all supported.
For the scenario, where the namespace-scoped resources such as Secret and ConfigMap need to be distributed or synchronized to different namespaces, the native k8s currently only supports manual distribution and synchronization by users one-by-one, which is very inconvenient.
Therefore, in the face of these scenarios that require the resource distribution and continuously synchronization across namespaces, we provide a tool, namely ResourceDistribution, to do this automatically.
Currently, ResourceDistribution supports the two kind resources --- Secret & ConfigMap.
- Add
maxUnavailable
field inscaleStrategy
to support rate limiting of scaling up. - Mark revision stable as
currentRevision
when all pods updated to it, won't wait all pods to be ready (Behavior Change).
- Manage the pods that were created before WorkloadSpread.
- Optimize webhook update and retry during injection.
- Add pod no pub-protection annotation.
- PUB controller watch workload replicas changed.
- Support in-place update daemon pod.
- Support progressive annotation to control if pods creation should be limited by partition.
- Fix SidecarSet filter active pods.
- Fix pod NodeSelectorTerms length 0 when UnitedDeployment NodeSelectorTerms is nil.
- Add
--nodeimage-creation-delay
flag to delay NodeImage creation after Node ready.
- Kruise-daemon watch pods using protobuf.
- Export resync seconds args.
- Fix http checker reload ca.cert.
- Fix E2E for WorkloadSpread, ImagePulling, ContainerLaunchPriority.
Change log since v1.0.0-alpha.2
For the scenario, where the namespace-scoped resources such as Secret and ConfigMap need to be distributed or synchronized to different namespaces, the native k8s currently only supports manual distribution and synchronization by users one-by-one, which is very inconvenient.
Therefore, in the face of these scenarios that require the resource distribution and continuously synchronization across namespaces, we provide a tool, namely ResourceDistribution, to do this automatically.
Currently, ResourceDistribution supports the two kind resources --- Secret & ConfigMap.
- Add
maxUnavailable
field inscaleStrategy
to support rate limiting of scaling up. - Mark revision stable when all pods updated to it, won't wait all pods to be ready.
- Support progressive annotation to control if pods creation should be limited by partition.
- Fix pod NodeSelectorTerms length 0 when UnitedDeployment NodeSelectorTerms is nil.
Change log since v1.0.0-alpha.1
- Generate CRDs with original controller-tools and markers
- Add discoveryGVK for WorkloadSpread
- Add
--nodeimage-creation-delay
flag to delay NodeImage creation after Node ready
- Fix E2E for WorkloadSpread, ImagePulling, ContainerLaunchPriority
Change log since v0.10.0
- Add discoveryGVK for WorkloadSpread
- Optimize webhook injection
- Setup generic kubeClient with Protobuf
- Fix E2E for WorkloadSpread, ImagePulling
Change log since v0.10.0
- Bump CustomResourceDefinition(CRD) from v1beta1 to v1
- Bump ValidatingWebhookConfiguration/MutatingWebhookConfiguration from v1beta1 to v1
- Bump dependencies: k8s v1.18 -> v1.20, controller-runtime v0.6.5 -> v0.8.3
So that Kruise can install into Kubernetes 1.22 and no longer support Kubernetes < 1.16.
When update spec.template.metadata.labels/annotations
in CloneSet or Advanced StatefulSet and there exists container env from the changed labels/annotations,
Kruise will in-place update them to renew the env value in containers.
Container Launch Priority provides a way to help users control the sequence of containers start in a Pod.
It works for Pod, no matter what kind of owner it belongs to, which means Deployment, CloneSet or any other Workloads are all supported.
- Manage the pods that were created before WorkloadSpread.
- Optimize webhook update and retry during injection.
- Add pod no pub-protection annotation.
- PUB controller watch workload replicas changed.
- Support in-place update daemon pod.
- Fix SidecarSet filter active pods.
- Kruise-daemon watch pods using protobuf.
- Export resync seconds args.
- Fix http checker reload ca.cert.
Kubernetes offers Pod Disruption Budget (PDB) to help you run highly available applications even when you introduce frequent voluntary disruptions. PDB limits the number of Pods of a replicated application that are down simultaneously from voluntary disruptions. However, it can only constrain the voluntary disruption triggered by the Eviction API. For example, when you run kubectl drain, the tool tries to evict all of the Pods on the Node you're taking out of service.
PodUnavailableBudget can achieve the effect of preventing ALL application disruption or SLA degradation, including pod eviction, deletion, inplace-update, ...
WorkloadSpread supports to constrain the spread of stateless workload, which empowers single workload the abilities for multi-domain and elastic deployment.
It can be used with those stateless workloads, such as CloneSet, Deployment, ReplicaSet and even Job.
- Scale-down supports topology spread constraints. doc
- Fix in-place update pods in Updated state.
- Add imagePullSecrets field to support pull secrets for the sidecar images. doc
- Add injectionStrategy.paused to stop injection temporarily. doc
- Support image pre-download for in-place update, which can accelerate the progress of applications upgrade. doc
- Support scaling with rate limit. doc
- Fix rolling update stuck caused by deleting terminating pods.
- Bump to Kubernetes dependency to 1.18
- Add pod informer for kruise-daemon
- More
kubectl ... -o wide
fields for kruise resources
[doc]
ContainerRecreateRequest provides a way to let users restart/recreate one or more containers in an existing Pod.
[doc]
This feature provides a safety policy which could help users protect Kubernetes resources and applications' availability from the cascading deletion mechanism.
- Support
pod-deletion-cost
to let users set the priority of pods deletion. [doc] - Support image pre-download for in-place update, which can accelerate the progress of applications upgrade. [doc]
- Add
CloneSetShortHash
feature-gate, which solves the length limit of CloneSet name. [doc] - Make
maxUnavailable
andmaxSurge
effective for specified deletion. [doc] - Support efficient update and rollback using
partition
. [doc]
- Support sidecar container hot upgrade. [doc]
- Add
podSelector
to pull image on nodes of the specific pods.
- Optimize cri-runtime for kruise-daemon
- Fix broadcastjob expectation observed when node assigned by scheduler
- The flags for kruise-manager must start with
--
instead of-
. If you install Kruise with helm chart, ignore this. - SidecarSet has been refactored. Make sure there is no SidecarSet being upgrading when you upgrade Kruise, and read the latest doc for SidecarSet.
- A new component named
kruise-daemon
comes in. It is deployed in kruise-system using DaemonSet, defaults on every Node.
Now Kruise includes two components:
- kruise-controller-manager: contains multiple controllers and webhooks, deployed using Deployment.
- kruise-daemon: contains bypass features like image pre-download and container restart in the future, deployed using DaemonSet.
Kruise will create a NodeImage for each Node, and its spec
contains the images that should be downloaded on this Node.
Also, users can create an ImagePullJob CR to declare an image should be downloaded on which nodes.
apiVersion: apps.kruise.io/v1alpha1
kind: ImagePullJob
metadata:
name: test-imagepulljob
spec:
image: nginx:latest
completionPolicy:
type: Always
parallelism: 10
pullPolicy:
backoffLimit: 3
timeoutSeconds: 300
selector:
matchLabels:
node-label: xxx
- Refactor the controller and webhook for SidecarSet:
- For
spec
:- Add
namespace
: indicates this SidecarSet will only inject for Pods in this namespace. - For
spec.containers
:- Add
podInjectPolicy
: indicates this sidecar container should be injected in the front or end ofcontainers
list. - Add
upgradeStrategy
: indicates the upgrade strategy of this sidecar container (currently it only supportsColdUpgrade
) - Add
shareVolumePolicy
: indicates whether to share other containers' VolumeMounts in the Pod. - Add
transferEnv
: can transfer the names of env shared from other containers.
- Add
- For
spec.updateStrategy
:- Add
type
: containsNotUpdate
orRollingUpdate
. - Add
selector
: indicates only update Pods that matched this selector. - Add
partition
: indicates the desired number of Pods in old revisions. - Add
scatterStrategy
: defines the scatter rules to make pods been scattered during updating.
- Add
- Add
- For
- Add
currentRevision
field in status. - Optimize CloneSet scale sequence.
- Fix condition for pod lifecycle state from Updated to Normal.
- Change annotations
inplace-update-state
=>apps.kruise.io/inplace-update-state
,inplace-update-grace
=>apps.kruise.io/inplace-update-grace
. - Fix
maxSurge
calculation when partition > replicas.
- Support Deployment as template in UnitedDeployment.
- Support lifecycle hook for in-place update and pre-delete.
- Add PodFitsResources predicates.
- Add
--assign-bcj-pods-by-scheduler
flag to control whether to use scheduler to assign BroadcastJob's Pods.
- Add feature-gate to replace the CUSTOM_RESOURCE_ENABLE env.
- Add GetScale/UpdateScale into clientsets for scalable resources.
- Support multi-platform build in Makefile.
- Set different user-agent for controllers.
Since v0.7.0:
- OpenKruise requires Kubernetes 1.13+ because of CRD conversion.
Note that for Kubernetes 1.13 and 1.14, users must enable
CustomResourceWebhookConversion
feature-gate in kube-apiserver before install or upgrade Kruise. - OpenKruise official image supports multi-arch, by default including linux/amd64, linux/arm64, and linux/arm platforms.
Thanks for @rishi-anand contributing!
An enhanced version of CronJob, it supports multiple kind in a template:
apiVersion: apps.kruise.io/v1alpha1
kind: AdvancedCronJob
spec:
template:
# Option 1: use jobTemplate, which is equivalent to original CronJob
jobTemplate:
# ...
# Option 2: use broadcastJobTemplate, which will create a BroadcastJob object when cron schedule triggers
broadcastJobTemplate:
# ...
# Options 3(future): ...
- Partition support intOrStr format
- Warning log for expectation timeout
- Remove ownerRef when pod's labels not matched CloneSet's selector
- Allow updating revisionHistoryLimit in validation
- Fix resourceVersionExpectation race condition
- Fix overwrite gracePeriod update
- Fix webhook checking podsToDelete
- Promote Advanced StatefulSet to v1beta1
- A conversion webhook will help users to transfer existing and new
v1alpha1
advanced statefulsets tov1beta1
automatically - Even all advanced statefulsets have been converted to
v1beta1
, users can still get them throughv1alpha1
client and api
- A conversion webhook will help users to transfer existing and new
- Support reserveOrdinal for Advanced StatefulSet
- Add validation webhook for DaemonSet
- Fix pending pods created by controller
- Optimize the way to calculate parallelism
- Check ownerReference for filtered pods
- Add pod label validation
- Add ScaleExpectation for BroadcastJob
- Initializing capabilities if allowPrivileged is true
- Support secret cert for webhook with vip
- Add rate limiter config
- Fix in-place rollback when spec image no latest tag
- Support lifecycle hooks for pre-delete and in-place update
- Fix map concurrent write
- Fix current revision during rollback
- Fix update expectation for pod deletion
- Support initContainers definition and injection
- Support to define CloneSet as UnitedDeployment's subset
- Support minReadySeconds strategy
- Add webhook controller to optimize certs and configurations generation
- Add pprof server and flag
- Optimize discovery logic in custom resource gate
- Update dependencies: k8s v1.13 -> v1.16, controller-runtime v0.1.10 -> v0.5.7
- Support multiple active webhooks
- Fix CRDs using openkruise/controller-tools
An enhanced version of default DaemonSet with extra functionalities such as:
- inplace update and surging update
- node selector for update
- partial update
- Not create excessive pods when updating with maxSurge
- Round down maxUnavaliable when maxSurge > 0
- Skip recreate when inplace update failed
- Fix scale panic when replicas < partition
- Fix CloneSet blocked by terminating PVC
- Support
maxSurge
strategy which could work well withmaxUnavailable
andpartition
- Add CloneSet core interface to support multiple implementations
- Fix in-place update for metadata in template
- Make sure
maxUnavailable
should not be less than 1 - Fix in-place update for metadata in template
- Merge volumes during injecting sidecars into Pod
- Expose
CUSTOM_RESOURCE_ENABLE
env by chart set option
- Add
labelSelector
to optimize scale subresource for HPA - Add
minReadySeconds
,availableReplicas
fields for CloneSet - Add
gracePeriodSeconds
for graceful in-place update
- Support label selector in scale for HPA
- Add
gracePeriodSeconds
for graceful in-place update
- Fix StatefulSet default update sequence
- Fix ControllerRevision adoption
- Fix
check_for_installation.sh
script for k8s 1.11 to 1.13
Mainly focuses on managing stateless applications. (Concept for CloneSet)
It provides full features for more efficient, deterministic and controlled deployment, such as:
- inplace update
- specified pod deletion
- configurable priority/scatter update
- preUpdate/postUpdate hooks
- UnitedDeployment supports both StatefulSet and AdvancedStatefulSet.
- UnitedDeployment supports toleration config in subset.
- Fix statefulset inplace update fields in pod metadata such as labels/annotations.
- Simplify installation with helm charts, one simple command to install kruise charts, instead of downloading and executing scripts.
- Support priority update, which allows users to configure the sequence for Pods updating.
- Fix maxUnavailable calculation, which should not be less than 1.
- Fix BroadcastJob cleaning up after TTL.
- Provide a script to check if the K8s cluster has enabled MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission plugins before installing Kruise.
- Users can now install specific controllers if they only need some of the Kruise CRD/controllers.
- Fix a jsonpatch bug by updating the vendor code.
- Add condition report in
status
to indicate the scaling or rollout results.
- Define a set of APIs for UnitedDeployment workload which manages multiple workloads spread over multiple domains in one cluster.
- Create one workload for each
Subset
inTopology
. - Manage Pod replica distribution across subset workloads.
- Rollout all subset workloads by specifying a new workload template.
- Manually manage the rollout of subset workloads by specifying the
Partition
of each workload.
- Three blog posts are added in Kruise website, titled:
- Kruise Controller Classification Guidance.
- Learning Concurrent Reconciling.
- UnitedDeploymemt - Supporting Multi-domain Workload Management.
- New documents are added for UnitedDeployment, including a tutorial.
- Revise main README.md.
- Provide a script to generate helm charts for Kruise. User can specify the release version.
- Automatically install kubebuilder if it does not exist in the machine.
- Add Kruise uninstall script.
- Fix a potential controller crash problem when APIServer disables MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission plugins.
- Change the type of
Parallelism
field in BroadcastJob from*int32
tointOrString
. - Support
Pause
in BroadcastJob. - Add
FailurePolicy
in BroadcastJob, supportingContinue
,FastFailed
, andPause
polices. - Add
Phase
in BroadcastJobstatus
.
- Allow parallelly upgrading SidecarSet Pods by specifying
MaxUnavailable
. - Support sidecar volumes so that user can specify volume mount in sidecar containers.
- Support to run kruise-controller-manager locally
- Allow selectively install required CRDs for kruise controllers
- Remove
sideEffects
in kruise-manager all-in-one YAML file to avoid start failure
- Add MaxUnavailable rolling upgrade strategy
- Add In-Place pod update strategy
- Add paused functionality during rolling upgrade
- Add BroadcastJob that runs pods on all nodes to completion
- Add
Never
termination policy to have job running after it finishes all pods - Add
ttlSecondsAfterFinished
to delete the job after it finishes in x seconds.
- Make broadcastjob honor node unschedulable condition
- Add SidecarSet that automatically injects sidecar container into selected pods
- Support sidecar update functionality for SidecarSet