February 11th 2024

New

Improved

Fixed

vCluster v0.19.0

Changes made since: v0.18.1

vCluster.Pro Changes

Embedded Etcd for EKS, K0s & K8s

We previously released embedded etcd for K3s and have now added support for the EKS, K0s and K8s distributions. When enabled, vCluster will start managing an embedded etcd cluster within the Syncer container. vCluster will automatically add or remove peers based on new replicas of the statefulset. This makes using HA a lot easier.

For more information, refer to the doc

Centralized Admission Control

The Centralized Admission Control feature allows platform admins to enforce webhook configurations (both validating and mutating) referencing the host cluster or external policy services from within the vCluster.

These configurations will be read-only within the vCluster and can only be set from the vCluster CLI or Helm values upon creation. This provides assurance to platform admins that vCluster admins will not be able to bypass or alter the hooks they set for a vCluster.

For more information, refer to the doc

Other Changes

  • Allow node port service for remote vCluster by @FabianKramm

  • Added offline license support by @FabianKramm

  • Added OSS license report automation by @ThomasK33

  • Bumped k8s version by @FabianKramm

  • Added Kyverno guide to docs by @facchettos

  • Removed enableHA field by @facchettos

  • Added migration support for etcd by @facchettos

  • Fix remote vCluster kubeconfig creation by @FabianKramm

vCluster OSS Changes

Merged K8s Api-Server and Controller-Manager into Syncer

vClusters are now even more streamlined with only 1 Pod instead of 3+ Pods. Similar to how we refactored K3s and K0s in the earlier version, we have now refactored the K8s and EKS distros to copy the api-server and controller-manager binary directly into the Syncer container to reduce complexity and to make the different vCluster distributions more similar and streamline certain features, such as metrics-server proxying.

Plugin API v2

We refactored how plugins in vCluster work and moved from a sidecar pattern to an init container pattern, where plugin binaries are copied through an init container into the syncer container.
This allows us to reuse go-plugin, which is one of the most used plugin frameworks out there. This makes logging easier as there is only a single container as well as allows you to directly package the plugin binary into the syncer image if needed.

Besides changing the architecture of plugins we also now allow specifying plugin configuration through a config Helm value:

plugin:
  my-plugin:
    version: v2
    image: ...
    config:
      my-plugin-config: my-value
      other-plugin-config: other-value

This config will be passed to the plugin and can easily be used within the plugin to unmarshal into a config struct. We also got rid of a lot of tech debt with this refactoring and added a new example plugin to sync secrets from the host cluster to the virtual cluster.

For more information about plugins, refer to the doc

Other Changes

New Contributors

Full Changelog: https://github.com/loft-sh/vcluster/compare/v0.18.1...v0.19.0