v0.7.4

What's Changed

• Forbid system:masters access to kcp-front-proxy, make tests shard aware by @s-urbaniak in #1448
• server/home: create home workspace with final URL on ~ access by @sttts in #1530
• cli: require absolute type with --ignore-existing by @sttts in #1533
• Fix typos in APIExport bootstrapped ClusterRoleBindings by @davidfestal in #1540
• Add KCP CLI arguments to enable home workspaces as well as specific options, especially the groups bound to the get/create ~ permissions by @davidfestal in #1539
• server: add --shard-external-url by @ncdc in #1542
• ddsif: fix lost event handlers by @sttts in #1550
• Add shortName ws for workspace by @xingxingxia in #1524
• reconciler/apiexport: switch from rsa4096 to 256 bit cryptographic random string by @sttts in #1548
• cli: take URL from Workspace also in absolute references by @sttts in #1554
• ddsif: replace discovery polling by @ncdc in #1473
• sharded-test-server: set shard external URL to front-proxy by @sttts in #1552
• Part 2: Scoping controllers in pkg/server by @varshaprasad96 in #1504
• Part 3: Make APIResource controller client calls scoped by @varshaprasad96 in #1558
• server/home: improve log output by @sttts in #1549
• server/home: check owner properly by @sttts in #1493
• Part 4: Wrap client calls in API Binding and Heartbeat controller by @varshaprasad96 in #1569
• apis/tenancy: rename tenancy.kcp.dev/owner -> experimental.tenancy.kcp.dev/owner by @sttts in #1565
• introduce system:shard logical cluster by @p0lyn0mial in #1573
• e2e/clusterworkspacedeletion: deflake by @ncdc in #1576
• syncer/namespace-locator: Rename path to workspace by @jmprusi in #1566
• Adding CEL Validation for Permission Claim by @shawn-hurley in #1529
• e2e: reduce client-side throttling by @ncdc in #1543
• kcp server: introduce root-shard-kubeconfig-file flag by @p0lyn0mial in #1575
• Syncer: Refactors KCPClusterName to SyncTargetWorkspace. by @jmprusi in #1574
• docs: tweaks to the Location concept description by @markmc in #1586
• remove unused apiResourceSchemaIndexer from the apibinding controller by @p0lyn0mial in #1589
• Add workspaces overview to README by @MikeSpreitzer in #1584
• Don't add /clusters/ prefix to /services/ requests by @kylape in #1590
• e2e/clusterworkspacedeletion: use correct root shard system:master client for deletion checks by @sttts in #1570
• e2e: use a better helper for waiting for readiness by @stevekuznetsov in #1588
• Part 5: Wrap controllers in scheduling/tenancy pkgs by @varshaprasad96 in #1578
• Part 6: Scope workload controllers by @varshaprasad96 in #1595
• Extend README with introduction to workspaces by @MikeSpreitzer in #1594
• bootstrap the root workspace only on the root shard by @p0lyn0mial in #1587
• run the clusterworkspaceshard controller only on the root shard by @p0lyn0mial in #1597
• enable ExperimentalWatchProgressNotifyInterval for etcd by @p0lyn0mial in #1596
• clusterworkspace scheduling: default to assigning to the root shard by @p0lyn0mial in #1585
• Makefile improvements by @sttts in #1606
• apis/apis: split out CEL test helper into pkg/apis/test by @sttts in #1603
• clusterworkspacetypes: simplify system types by @sttts in #1607
• k8s 1.24 rebase by @stevekuznetsov in #1568
• cli/sync: create service account secret in advance to trigger token creation by @sttts in #1613
• embeddedetcd: restructure with options/config/server pattern by @sttts in #1608
• make: explicitly list build deps by @stevekuznetsov in #1612
• apibinding controller with root shard informers by @p0lyn0mial in #1598
• server/embeddedetcd: fix npe by @sttts in #1619
• server: restructure with options/config/server pattern by @sttts in #1609
• Documentation: Add Home, Homebucket, and Homeroot workspace info by @pweil- in #1561
• add exports to synctarget API for location workspace by @qiujian16 in #1571
• logging: move clusterworkspaceshard reconciler to structured logging by @stevekuznetsov in #1614
• Add owners files and notes on review/approver role to CONTRIBUTING.md by @pweil- in #1601
• home workspaces: handle slow bootstrapping by @ncdc in #1633
• build(deps): bump imjasonh/setup-ko from 0.4 to 0.5 by @dependabot in #1630
• Fix print column on location labels by @qiujian16 in #1638
• webhook: fix npe by @ncdc in #1639
• Refactor ns scheduler for location workspace by @qiujian16 in #1618
• Enable avoiding using podman by @davidfestal in #1628
• move Config to separate file by @deitch in #1637
• Add initial per-workspace quota support by @ncdc in #1236
• Part 8: Wrap clients in test/e2e/apibinding by @varshaprasad96 in #1640
• e2e: reduce global, trivial Sheriff fixture by @sttts in #1642
• server: keep retrying bootstrapping by @sttts in #1641
• remove deprecated command from use description by @ReToCode in #1645
• virtual: give VWs an order in order to control precedence by @sttts in #1643
• Update minimum Go version in CONTRIBUTING.md doc to 1.18 by @dseapy in #1651
• Misc syncer e2e cleanups and fixes by @sttts in #1652
• wire TemporaryRootShardKcpSharedInformerFactory by @p0lyn0mial in #1572
• Cleanup Syncer to prepare for Syncer Virtual Workspace transformations by @davidfestal in #1629
• syncer: move namespace locator normalization to indexer by @sttts in #1656
• Fix flaky informers by @ncdc in #1649
• Makefile: allow WAIT=1 to keep server running in test-e2e-{sharded,shared} targets by @sttts in #1659
• SyncTarget Uniqueness by @jmprusi in #1600
• apis: add age column where it makes sense by @sttts in #1658
• Part 9: Scope client calls in test/e2e by @varshaprasad96 in #1648
• reconciler/workload/resource: remove syncer finalizer when SyncTarget is gone by @sttts in #1293
• apis/workload/v1alpha1: Fix comment as the value of InternalSyncTargetPlacementAnnotationKey changed by @jmprusi in #1660
• e2e: undo ForeverTestTimeout/30 by @ncdc in #1662
• e2e/apibinding: improve log output and workspace names by @sttts in #1664
• apis/scheduling: remove unused PlacementState struct and constants by @sttts in #1655
• e2e: fix long api groups exhausting label value length by @sttts in #1663
• apis/workload: remove unused func by @sttts in #1668
• api change: adds VirtualWorkspaceURL to ClusterWorkspaceShard by @p0lyn0mial in #1669
• Switch to cluster name annotation by @ncdc in #1673
• Labels sync targets with the SyncTargetKey for reverse lookup by @jmprusi in #1672
• Part 12: Scope syncer and workspacetype tests by @varshaprasad96 in #1678
• use ClusterWorkspaceShard.VirtualWorkspaceURL by @p0lyn0mial in #1670
• apiexport controller: assigns ClusterWorkspaceShard.VirtualWorkspaceURL by @p0lyn0mial in #1681
• runs e2e-sharded with two shards by @p0lyn0mial in #1653
• Part 10: scope cross_logical_cluster tests by @varshaprasad96 in #1667
• Part 11: Scope test/e2e/reconcilers by @varshaprasad96 in #1677
• [release-0.7] VW: Fix permission checking in root by @openshift-cherrypick-robot in #1691
• [release-0.7] make internal apis available for apiexport permission claims by @openshift-cherrypick-robot in #1698
• [release-0.7] Syncer: refuse to work on sync target UID discrepancy. by @openshift-cherrypick-robot in #1703
• [release-0.7] exclude authn/authz apis from claimable list by @openshift-cherrypick-robot in #1717
• 0.7: Add goreleaser by @sttts in #1728
• [release-0.7] goreleaser: increase timeout and reduce archs by @openshift-cherrypick-robot in #1733
• [release-0.7] goreleaser: add write permissions to GITHUB_TOKEN by @openshift-cherrypick-robot in #1736

New Contributors

• @xingxingxia made their first contribution in #1524
• @deitch made their first contribution in #1637
• @dseapy made their first contribution in #1651

Full Changelog: v0.6.4...v0.7.4

What's Changed

• [release-0.7] goreleaser: add write permissions to GITHUB_TOKEN by @openshift-cherrypick-robot in #1736

Full Changelog: v0.7.3...v0.7.4